dasharo/systemd - systemd - ProxGit

dasharo/systemd

mirror of https://github.com/Dasharo/systemd.git synced 2026-03-06 15:02:31 -08:00

Go to file

Lennart Poettering c2fa92e7e8 dissect-image: optionally, validate dm-verity signatures in userspace

Getting certificates for dm-verity roothash signing into the trusted
kernel keychain is a royal PITA (means recompiling or rebooting with
shim), hence let's add a minimal userspace PKCS7 validation as well.

The mechanism is really simple and compatible with the verification the
kernel does. The only difference is that the certificates are searched
in /etc/verity.d/*.crt (and similar dirs in /usr/lib/, …).

We'll first try validation by passing the PKCS#7 data to the kernel, but
if that doesn't work we'll see if one of the certificates found that way
works and then attempt to attach the image without passing the PKCS#7
data to the kernel.

This makes it very easy to have fully validated GPT disk images. For
example, just copy the 'mkosi.secure-boot.crt' file you have in your
mkosi build dir to /etc/verity.d/ and things should just work.

2021-09-28 17:03:31 +02:00

CI: do manpages build only on the clang unit test run

2021-09-27 12:24:48 +01:00

.lgtm/cpp-queries

lgtm: complain about accept() [people should use accept4() instead, due to O_CLOEXEC]

2019-04-10 20:03:38 +02:00

ci: drop py2 lxml, pull in jinja2

2021-05-19 10:25:26 +09:00

units: added factory-reset.target

2021-08-10 17:08:00 +02:00

coccinelle: filter out a couple of 'false-positive' transformations

2021-03-18 11:59:53 +01:00

core: implement RuntimeMaxDeltaSec directive

2021-09-28 16:46:20 +02:00

pam: fix typo try_authtok → use_authtok

2021-05-12 12:14:17 +02:00

hwbd: 60-sensor.hwdb: Add Lenovo ThinkPad Yoga 11e 5th Gen (Type: 20LN, Gemini Lake)

2021-09-27 12:09:16 +02:00

core: implement RuntimeMaxDeltaSec directive

2021-09-28 16:46:20 +02:00

mkosi.default.d

Revert "mkosi: turn off qemu headless mode"

2021-09-24 14:20:40 +02:00

meson: install the right README file in modprobe.d

2021-07-07 14:52:05 +02:00

network: add 80-container-vb.network

2021-09-04 08:15:34 +09:00

po: Translated using Weblate (Indonesian)

2021-09-24 20:41:09 +09:00

boot: optionally update sd-boot on boot

2021-07-30 17:19:55 +02:00

hwdb: Permit unsetting power/persist for USB devices

2021-09-21 20:28:10 +02:00

shell-completion

boot: don't build bootctl when -Dgnu-efi=false is set

2021-09-20 17:41:23 +02:00

dissect-image: optionally, validate dm-verity signatures in userspace

2021-09-28 17:03:31 +02:00

meson: use a/b instead of join_paths(a,b)

2021-07-27 19:32:35 +02:00

meson: allow "soft-static" allocations for uids and gids in the initrd

2021-06-17 09:48:28 +02:00

core: implement RuntimeMaxDeltaSec directive

2021-09-28 16:46:20 +02:00

tmpfiles.d: remove .Test-unix, it's obsolete

2021-08-31 10:57:37 +02:00

git-contrib: copypaste-friendly output

2021-07-19 15:39:26 +09:00

unit: install the systemd-bless-boot.service only if we have gnu-efi

2021-09-22 08:47:59 +09:00

scripts: use 4 space indentation

2019-04-12 08:30:31 +02:00

.clang-format

clang-format: set SpaceBeforeParens to ControlStatementsExceptForEachMacros

2020-11-16 16:57:51 +09:00

.ctags

editors: Prevent ctags from following symlinks

2019-02-15 11:01:20 -08:00

.dir-locals.el

scripts: use 4 space indentation

2019-04-12 08:30:31 +02:00

.editorconfig

editorconfig: add man configuration

2020-05-26 15:37:05 +02:00

.gitattributes

udev: Extract RAM properties from DMI information

2020-12-16 18:32:29 +01:00

.gitignore

gitignore: only ignore *local*.conf" under mkosi.default.d/

2021-09-03 13:15:52 +02:00

.lgtm.yml

ci: bump meson version in LGTM

2021-07-28 11:26:10 +02:00

.mailmap

mailmap: two more names

2021-03-30 13:17:58 +02:00

.packit.yml

ci: temporarily set -Wno-deprecated-declarations in Packit

2021-09-17 12:07:02 +01:00

.vimrc

scripts: use 4 space indentation

2019-04-12 08:30:31 +02:00

.ycm_extra_conf.py

ycm: add doc string for all the functions in configuration file

2017-11-29 13:21:49 -07:00

configure

tree-wide: add spdx header on all scripts and helpers

2021-01-28 09:55:35 +01:00

LICENSE.GPL2

relicense to LGPLv2.1 (with exceptions)

2012-04-12 00:24:39 +02:00

LICENSE.LGPL2.1

licence: remove references to old FSF address

2012-12-17 11:41:31 +01:00

Makefile

tree-wide: add spdx header on all scripts and helpers

2021-01-28 09:55:35 +01:00

meson_options.txt

Add remaining supported schemes as options for default-net-naming-scheme

2021-09-27 11:12:22 -06:00

meson.build

meson: refuse implicit int <-> pointer conversion

2021-09-25 07:11:13 +09:00

mkosi.build

mkosi: Remove build script umask workaround

2021-09-28 23:09:11 +09:00

NEWS

NEWS: net.ipv4.tcp_ecn = 1 was reverted at v240

2021-08-25 09:08:23 +01:00

README

README: add requirements for RestrictNetworkInterfaces=

2021-08-19 07:25:01 -05:00

README.md

CI: add code coverage reports via lcov and coveralls.io

2021-09-27 12:22:22 +01:00

TODO

update TODO

2021-09-23 17:07:25 +02:00

README.md

System and Service Manager

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Code Map for information about this repository's layout and content.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list or join our IRC channel.

Stable branches with backported patches are available in the stable repo.