morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 16:37:19 +09:00
Code Issues Packages Projects Releases Wiki Activity
77,356 Commits 1 Branch 0 Tags
eac5336c27e2c8a0024fedcde87f9bb26dec49aa
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Daan De Meyer eac5336c27 openssl-util: Query engine/provider pin via ask-password 
In mkosi, we want to support signing via a hardware token. We already
support this in systemd-repart and systemd-measure. However, if the
hardware token is protected by a pin, the pin is asked as many as 20
times when building an image as the pin is not cached and thus requested
again for every operation.

Let's introduce a custom openssl ui when we use engines and providers
and plug systemd-ask-password into the process. With systemd-ask-password,
the pin can be cached in the kernel keyring, allowing us to reuse it without
querying the user again every time to enter the pin.

We use the private key URI as the keyring identifier so that the cached pin
can be shared across multiple tools.

Note that if the private key is pin protected, openssl will prompt both when
loading the private key using the pkcs11 engine and when actually signing the
roothash. To make sure our custom UI is used when signing the roothash, we have
to also configure it with ENGINE_ctrl() which takes a non-owning pointer to
the UI_METHOD object and its userdata object which we have to keep alive so we
introduce a new AskPasswordUserInterface struct which we use to keep both objects
alive together with the EVP_PKEY object.

Because the AskPasswordRequest struct stores non-owning pointers to its fields,
we change repart to store the private key URI as a global variable again instead
of the EVP_PKEY object so that we can use the private key argument as the keyring
field of the AskPasswordRequest instance without running into lifetime issues.
2024-11-03 10:46:14 +01:00
.clusterfuzzlite
.github
build(deps): bump systemd/mkosi
2024-11-02 23:18:12 +01:00
.semaphore
semaphore: do not build docs
2024-10-07 19:40:58 +01:00
catalog
catalog: beef up new sysctl message
2024-09-13 07:29:04 +02:00
coccinelle
introduce FOREACH_ELEMENT
2024-04-18 17:39:34 +02:00
docs
ask-password: Add $SYSTEMD_ASK_PASSWORD_KEYRING_TYPE
2024-11-02 23:20:57 +01:00
factory
man: don't suggest using pam_unix.so's use_authtok switch
2024-01-17 23:59:05 +00:00
hwdb.d
update hwdb
2024-11-01 12:32:06 +00:00
LICENSES
fundamental: Import SHA1 implementation from libxcrypt
2024-10-11 23:10:21 +03:00
man
core: add id-mapped mount support for Exec directories
2024-11-01 18:45:28 +00:00
mime
creds-util: add a concept of "user-scoped" credentials
2024-01-30 17:07:47 +01:00
mkosi.conf.d
mkosi: Add extra tools tree packages required to run integration tests
2024-11-02 23:18:41 +01:00
mkosi.extra
mkosi: Fix up ownership of testuser home directory on first boot
2024-10-11 11:35:02 +02:00
mkosi.images
mkosi: Install gdb in centos/fedora build image
2024-10-31 13:44:13 +00:00
mkosi.repart
mkosi: Switch back to btrfs
2024-08-05 15:00:24 +02:00
mkosi.sanitizers
mkosi: Don't create sanitizer wrappers for every mkfs binary
2024-09-03 08:48:34 +02:00
mkosi.uki-profiles
Rework TEST-86-MULTI-PROFILE-UKI
2024-10-21 17:24:14 +02:00
modprobe.d
modprobe: set 'ifb numifbs=0' to avoid autocreating ifb0
2024-01-12 23:24:54 +00:00
network
network: request non-NULL SSID when a wlan interface is configured as station
2024-07-31 10:06:04 +09:00
po
po: Translated using Weblate (Czech)
2024-10-29 01:50:01 +09:00
presets
presets: Don't enable systemd-homed-firstboot.service by default
2024-06-08 11:29:55 +01:00
profile.d
shell: define three system credentials we can propagate into shell prompts and welcome messages
2024-09-09 19:03:48 +02:00
rules.d
udev: consider serial ports as unconfigured only if both port and iomem_base sysattr is zero
2024-10-17 18:59:38 +09:00
shell-completion
busctl: various bugfixes + tweaks (#34928)
2024-10-29 18:15:16 +00:00
src
openssl-util: Query engine/provider pin via ask-password
2024-11-03 10:46:14 +01:00
sysctl.d
sysctl.d: Fix pid_max comment
2023-10-31 13:07:49 +01:00
sysusers.d
sysusers.d: lock all system users defined by us
2024-10-29 11:00:13 +01:00
test
TEST-64-UDEV-STORAGE: Don't hardcode device name in long-sysfs-path test
2024-11-02 20:43:22 +01:00
tmpfiles.d
tmpfiles.d: Remove purge flag from lines that don't support it
2024-09-17 23:02:01 +02:00
tools
hwdb: import newest autosuspend rules from chromeos
2024-11-01 12:32:06 +00:00
units
meson: add separate option for sysupdated, disable in release builds
2024-10-31 21:08:08 +00:00
xorg
.clang-format
Improve the formatting by adding AlignArrayOfStructures and setting it to Right(right justify)
2024-03-06 15:24:23 +01:00
.ctags
.dir-locals.el
.editorconfig
editorconfig: add NEWS whitespace configuration
2023-10-26 22:41:03 +01:00
.gitattributes
Mark all base64 files as generated
2023-08-16 12:49:45 +02:00
.gitignore
gitignore: Ignore /pkg/ instead of pkg/ (#33119)
2024-05-31 14:06:07 +08:00
.gitmodules
mkosi: Replace submodules with our own thing
2024-05-30 19:31:32 +02:00
.mailmap
.packit.yml
Revert "packit: temporarily build systemd without BPF stuff"
2024-02-11 16:45:03 +01:00
.pylintrc
.vimrc
vimrc: explicitly set shiftwidth for the C file type
2023-09-18 13:11:45 +02:00
.ycm_extra_conf.py
LICENSE.GPL2
LICENSE.LGPL2.1
meson_options.txt
meson: add separate option for sysupdated, disable in release builds
2024-10-31 21:08:08 +00:00
meson.build
meson: add separate option for sysupdated, disable in release builds
2024-10-31 21:08:08 +00:00
meson.version
meson: update version to 257~devel
2024-06-11 22:55:29 +01:00
mkosi.clangd
mkosi: Set BuildSourcesEphemeral=no in mkosi.clangd
2024-11-01 13:30:45 +01:00
mkosi.clean
mkosi: Add missing SPDX line
2024-09-22 15:23:08 +02:00
mkosi.conf
Rework TEST-86-MULTI-PROFILE-UKI
2024-10-21 17:24:14 +02:00
mkosi.coredump-journal-storage.conf
mkosi: Adapt configuration to take into account configuration rework
2024-07-09 08:07:09 +02:00
mkosi.functions
mkosi: Move copying packages to the output directory to the postinst script
2024-10-29 11:28:47 +01:00
mkosi.leak-sanitizer-suppressions
mkosi: Adapt configuration to take into account configuration rework
2024-07-09 08:07:09 +02:00
mkosi.postinst.chroot
mkosi: Move copying packages to the output directory to the postinst script
2024-10-29 11:28:47 +01:00
NEWS
Update NEWS
2024-11-01 11:39:26 +00:00
README
Bump kernel recommended baseline to v5.4
2024-10-16 18:06:11 +02:00
README.md
README.md: link bug bounty program
2024-04-11 12:58:53 +02:00
TODO
update TODO
2024-10-31 23:07:48 +01:00

README.md

Systemd

System and Service Manager

Semaphore CI 2.0 Build Status
Coverity Scan Status
OSS-Fuzz Status
CIFuzz
CII Best Practices
CentOS CI - CentOS 9
CentOS CI - Arch
CentOS CI - Arch (sanitizers)
Fossies codespell report
Weblate
Coverage Status
Packaging status
OpenSSF Scorecard

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Code Map for information about this repository's layout and content.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list, join our IRC channel #systemd on libera.chat or Matrix channel

Stable branches with backported patches are available in the stable repo.

We have a security bug bounty program sponsored by the Sovereign Tech Fund hosted on YesWeHack

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 321 MiB
Languages
C 89%
Python 5.1%
Shell 4.5%
Meson 1.2%