In order to verify a pulled container or disk image, importd only supports
SHA256SUMS files with the detached signature in SHA256SUMS.gpg.
SUSE is using an inline signed file with the name of the image itself and the
suffix .sha256 instead.
This commit adds support for this type of signature files.
It is first attempted to pull the .sha256 file.
If this fails with error 404, the SHA256SUMS and SHA256SUMS.gpg files are
pulled and used for verification.
When caller invokes sd_journal_open() we usually open at least one
directory with journal files. add_root_directory() function increments
current_invalidate_counter. After sd_journal_open() returns
current_invalidate_counter != last_invalidate_counter.
After caller waits for journal events (e.g. waits for new messages in
journal) then it usually calls sd_journal_process(). However, on first
call to sd_journal_process(), function determine_change() returns
SD_JOURNAL_INVALIDATE even though no journal files were
deleted/moved. This is because current_invalidate_counter !=
last_invalidate_counter.
After the fix we make sure counters has the same value before we begin
processing inotify events.
--new-id works because it’s an unambiguous prefix, but the full option
name is --new-id128.
(#5381 did the same in one other manpage, but I didn’t check for other
manpages using the abbreviated version back then.)
This was exposed by the previous commit. This could be potentially
unpleasant, but we are saved by the fact that this code path was only
taken for journald crashes, where we control COMM and know that it doesn't
contain any special characters. Use log_dispatch which does not do any
format processing to push the message out.
This is useful when we want to avoid printf formatting on the message.
It's nicer than using log_struct with "%s" as the format, because printf
is slow and with a large message (like from a backtrace) this would require
extra unnecessary memory.
I'm not exposing all the fields in the wrapper: only level and errno.
Those are the most likely to be useful.
log_struct takes multiple format strings, each one followed by arguments.
The _printf_ annotation is not sufficiently flexible to express this,
but we can still annotate the first format string, though not its
arguments (because their number is unknown).
With the annotation, the places which specified the message id or similar
as the first pattern cause a warning from -Wformat-nonliteral. This can
be trivially fixed by putting the MESSAGE= first.
This change will help find issues where a non-literal is erroneously used
as the pattern.
This is our own header, we should include use the local-include syntax
("" not <>), to make it clear we are including the one from the build tree.
All other includes of files from src/systemd/ use this scheme.
