dasharo/systemd
0
0
Fork 0
mirror of https://github.com/Dasharo/systemd.git synced 2026-03-06 15:02:31 -08:00
Code Issues Packages Projects Releases Wiki Activity
66,034 Commits 1 Branch 0 Tags
224029fcaa4fd7733d5432336f2e976d7bf6bf80
Commit Graph

66034 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Luca Boccassi
224029fcaa Merge pull request #28097 from goenkam/maanya/dissect-tool-support-for-confext 
systemd-confext: image-based systemd-wide config update including dm-verity support​
 2023-07-14 23:01:26 +01:00
Luca Boccassi
ef32125c65 Merge pull request #28387 from yuwata/network-route-table-name 
network: cleanups for route table name
 2023-07-14 22:57:31 +01:00
Yu Watanabe
92ab8058ed po: update Japanese translation 2023-07-14 22:56:41 +01:00
Dan Streetman
730d6ab930 tpm2: handle older tpm enrollments without a saved pcr bank 
Older code did not save the pcr bank (i.e. pcr hash algorithm), and instead let
tpm2_unseal() find the best pcr bank to use. In commit
2cd9d57548 we changed tpm2_unseal() to no longer
handle an unset pcr bank. This adds back in the handling of an unset pcr_bank
so older sealed data should continue to work.
 2023-07-14 22:55:51 +01:00
Dan Streetman
4916cc4750 test: reduce the number of loops in tpm2 test_tpms_pcr_selection_mask_and_hash() 
This test loops through masks, but is a relatively long test due to the
increment size between loops; this slightly increases the increment size (from
3->5) which greatly speeds up the test.
 2023-07-14 22:54:58 +01:00
Frantisek Sumsal
be492020ec tree-wide: a bunch of Coccinelle-suggested tweaks 
rc2 edition
 2023-07-14 22:49:01 +01:00
Luca Boccassi
a4333be63a Merge pull request #28370 from ldv-alt/cname 
resolved: fix canonical names returned by hosts lookups
 2023-07-14 22:48:23 +01:00
Luca Boccassi
d3634ac46b Merge pull request #28301 from berrange/cvm-lockdown 
Avoid using SMBIOS for kernel cmdline injection in sd-stub in confidential VMs
 2023-07-14 22:47:37 +01:00
Yu Watanabe
8ced74d76b compare: fix typo 2023-07-15 05:11:30 +09:00
Yu Watanabe
e8e91a81ee network: refuse to override predefined route table name 2023-07-15 02:56:25 +09:00
Yu Watanabe
f4defbdc5d network: do not append table number in TableString field in json output 
The json output already contains table number, hence, it is not
necessary to include number in the string.
 2023-07-15 02:56:20 +09:00
Maanya Goenka
f92256ace5 confext: test image wide systemd support for confext 2023-07-14 16:59:42 +00:00
Maanya Goenka
484d26dac1 confext: add dissect tool support for confext images 
Allow image wide systemd tool support for confext images by adding dissect
tool support for these images
 2023-07-14 16:59:34 +00:00
Maanya Goenka
8a324d1648 sysext: change the table lookup string to be more verbose 2023-07-14 16:50:33 +00:00
Piotr Drąg
c62d616d8c catalog: update Polish translation 2023-07-14 18:22:00 +02:00
Luca Boccassi
a9273824d8 Merge pull request #28355 from yuwata/unit-skip-battery-check-by-kernel-command-line 
unit: skip battery check when systemd.skip-battery-check specified on boot
 2023-07-14 15:57:13 +01:00
Yu Watanabe
7cfef4bb48 battery-check: allow to skip by passing systemd.battery-check=0 2023-07-14 15:56:29 +01:00
Daan De Meyer
726f105e6c Merge pull request #28397 from DaanDeMeyer/python-stuff 
mkosi: Stop using python3.9 on CentOS 8
 2023-07-14 16:21:50 +02:00
Daniel P. Berrangé
4b1153cfcc efi: don't pull kernel cmdline from SMBIOS in a confidential VM 
In a confidential VM, the SMBIOS data is not trusted, as it is under the
control of the host OS/admin and not covered by attestation of the machine.

Fixes: https://github.com/systemd/systemd/issues/27604
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
 2023-07-14 14:18:09 +01:00
Daniel P. Berrangé
b354a2cafc efi: add helper API for detecting confidential virtualization 
This helper is a simplified version of detect_confidential_virtualization()
that merely returns a boolean status flag reflecting whether we are believed
to be running inside a confidential VM.

This flag can be used for turning off features that are inappropriate to
use from a CVM, but must not be used for releasing sensitive data. The
latter must only be done in response to an attestation for the environment.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
 2023-07-14 14:18:09 +01:00
Dmitry V. Levin
1ddc2f7fbc resolved: fix the canonical name returned by hosts lookup by name 
In etc_hosts_lookup_by_name(), return the canonical name of the resolved
address instead of the name used to obtain that address.

Resolves: #20158
 2023-07-14 13:13:53 +00:00
Luca Boccassi
0865c465ca Merge pull request #26365 from dtardon/multiple-polkit-calls 
Allow D-Bus methods to auth. for more than one polkit action
 2023-07-14 14:13:53 +01:00
Dmitry V. Levin
0ff8f2a33a resolved: fix the canonical name returned by hosts lookup by address 
In etc_hosts_lookup_by_address(), make sure the canonical name of the given
address is returned first in the list of names that address resolves to.

Resolves: #25088
 2023-07-14 13:13:53 +00:00
Dmitry V. Levin
1bd76a6217 resolved: keep track of first names listed for each address in /etc/hosts 
These names will be used later in responses as canonical names.
 2023-07-14 13:13:53 +00:00
Daniel P. Berrangé
129b9e3f42 fundamental: share constants for confidential virt detection 
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
 2023-07-14 14:06:51 +01:00