proxmox-mirrors/systemd
1
0
Fork 0
mirror of https://git.proxmox.com/git/systemd synced 2025-05-28 18:36:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

New upstream version 248

Browse Source
This commit is contained in:
Balint Reczey 2021-03-31 15:25:31 +02:00
parent 1ce460ce8d
commit 3a6ce6777f
1628 changed files with 91110 additions and 30960 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitattributes vendored
View File

@ -1 +1,2 @@
*.[ch] whitespace=tab-in-indent,trailing-space
test/dmidecode-dumps/*.bin binary

23
.github/ISSUE_TEMPLATE/Bug_report.md vendored
View File

@ -7,15 +7,20 @@ about: A report of an error in a recent systemd version
**systemd version the issue has been seen with**
> …
<!-- **NOTE:** Do not submit bug reports about anything but the two most recently released (non-rc) systemd versions upstream! -->
<!-- See https://github.com/systemd/systemd/releases for the list of most recent releases. -->
<!-- **NOTE:** Do not submit bug reports about anything but the two most recently released *major* systemd versions upstream! -->
<!-- If there have been multiple stable releases for that major version, please consider updating to a recent one before reporting an issue. -->
<!-- When using a distro package, please make sure that the version reported is meaningful for upstream. -->
<!-- See https://github.com/systemd/systemd-stable/releases for the list of most recent releases. -->
<!-- For older version please use distribution trackers (see https://systemd.io/CONTRIBUTING#filing-issues). -->
**Used distribution**
> …
**Linux kernel version used** (`uname -a`)
> …
<!-- Make sure to enclose the pasted kernel version in `backticks`, so that
GitHub doesn't convert the `#` character typically included in it into a
reference to old GitHub issues. -->
> `…`
**CPU architecture issue was seen on**
> …
@ -28,3 +33,15 @@ about: A report of an error in a recent systemd version
**Steps to reproduce the problem**
> …
**Additional program output to the terminal or log subsystem illustrating the issue**
<!-- Please paste relevant program terminal or journal output here, ideally
when generated in debug mode (try setting the SYSTEMD_LOG_LEVEL=debug
environment variable). For very long copy/pasted data consider using a
service like https://gist.github.com/. Where copy/paste is not possible
(for example early boot or late shutdown), a photo of the screen might do
too, but text is always much preferred. -->
```text
```

3
.github/ISSUE_TEMPLATE/Feature_request.md vendored
View File

@ -12,3 +12,6 @@ A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**The systemd version you checked that didn't have the feature you are asking for**
<!-- If this is not the most recently released upstream version, then please check first if it has that feature already. -->

38
.github/labeler.yml vendored Normal file
View File

@ -0,0 +1,38 @@
hwdb:
- hwdb.d/**/*
units:
- units/**/*
documentation:
- NEWS
- docs/*
network:
- src/libsystemd-network/**/*
- src/network/**/*
udev:
- src/udev/**/*
- src/libudev/*
selinux:
- '**/*selinux*'
apparmor:
- '**/*apparmor*'
meson:
- meson_option.txt
mkosi:
- .mkosi/*
- mkosi.build
busctl:
- src/busctl/*
systemctl:
- src/systemctl/*
journal:
- src/journal/*
journal-remote:
- src/journal-remote/*
portable:
- src/portable/**/*
resolve:
- src/resolve/*
timedate:
- src/timedate/*
timesync:
- src/timesync/*

11
.github/workflows/ubuntu-build-check.sh → .github/workflows/build_test.sh vendored
View File

@ -12,6 +12,7 @@ ARGS=(
"--optimization=s"
"--optimization=3 -Db_lto=true"
"--optimization=3 -Db_lto=false"
"--optimization=3 -Ddns-over-tls=openssl"
"-Db_ndebug=true"
)
PACKAGES=(
@ -37,6 +38,7 @@ PACKAGES=(
libpwquality-dev
libqrencode-dev
libssl-dev
libtss2-dev
libxkbcommon-dev
libxtables-dev
libzstd-dev
@ -79,7 +81,7 @@ elif [[ "$COMPILER" == gcc ]]; then
AR="gcc-ar-$COMPILER_VERSION"
# Latest gcc stack deb packages provided by
# https://launchpad.net/~ubuntu-toolchain-r/+archive/ubuntu/test
sudo add-apt-repository -y ppa:ubuntu-toolchain-r/test
add-apt-repository -y ppa:ubuntu-toolchain-r/test
PACKAGES+=(gcc-$COMPILER_VERSION)
else
fatal "Unknown compiler: $COMPILER"
@ -98,6 +100,8 @@ pip3 install --user -U meson ninja
export PATH="$HOME/.local/bin:$PATH"
$CC --version
meson --version
ninja --version
for args in "${ARGS[@]}"; do
SECONDS=0
@ -107,9 +111,8 @@ for args in "${ARGS[@]}"; do
fatal "meson failed with $args"
fi
ninja --version
if ! ninja -C build; then
fatal "ninja failed with $args"
if ! meson compile -C build; then
fatal "'meson compile' failed with $args"
fi
git clean -dxf

3
.github/workflows/build_test.yml vendored
View File

@ -21,9 +21,10 @@ jobs:
- { COMPILER: "gcc", COMPILER_VERSION: "10" }
- { COMPILER: "clang", COMPILER_VERSION: "10" }
- { COMPILER: "clang", COMPILER_VERSION: "11" }
- { COMPILER: "clang", COMPILER_VERSION: "12" }
env: ${{ matrix.env }}
steps:
- name: Repository checkout
uses: actions/checkout@v1
- name: Build check (${{ env.COMPILER }}-${{ env.COMPILER_VERSION }})
run: sudo -E .github/workflows/ubuntu-build-check.sh
run: sudo -E .github/workflows/build_test.sh

2
.github/workflows/cifuzz.yml vendored
View File

@ -14,7 +14,7 @@ on:
- 'tools/oss-fuzz.sh'
push:
branches:
- master
- main
jobs:
Fuzzing:
runs-on: ubuntu-latest

39
.github/workflows/coverity.yml vendored Normal file
View File

@ -0,0 +1,39 @@
---
# vi: ts=2 sw=2 et:
#
name: Coverity
on:
schedule:
# Run Coverity daily at midnight
- cron: '0 0 * * *'
jobs:
build:
runs-on: ubuntu-20.04
if: github.repository == 'systemd/systemd'
env:
COVERITY_SCAN_BRANCH_PATTERN: "${{ github.ref}}"
COVERITY_SCAN_NOTIFICATION_EMAIL: ""
COVERITY_SCAN_PROJECT_NAME: "${{ github.repository }}"
# Set in repo settings -> secrets -> repository secrets
COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}"
CURRENT_REF: "${{ github.ref }}"
steps:
- name: Repository checkout
uses: actions/checkout@v1
# https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable
- name: Set the $COVERITY_SCAN_NOTIFICATION_EMAIL env variable
run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> $GITHUB_ENV
- name: Install Coverity tools
run: tools/get-coverity.sh
# Reuse the setup phase of the unit test script to avoid code duplication
- name: Install build dependencies
run: sudo -E .github/workflows/unit_tests.sh SETUP
# Preconfigure with meson to prevent Coverity from capturing meson metadata
- name: Preconfigure the build directory
run: meson cov-build -Dman=false
- name: Build
run: tools/coverity.sh build
- name: Upload the results
run: tools/coverity.sh upload

13
.github/workflows/labeler.yml vendored Normal file
View File

@ -0,0 +1,13 @@
name: "Pull Request Labeler"
on:
- pull_request_target
jobs:
triage:
runs-on: ubuntu-latest
steps:
- uses: actions/labeler@main
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
configuration-path: .github/labeler.yml
sync-labels: "" # This is a workaround for issue 18671

55
.github/workflows/mkosi.yml vendored Normal file
View File

@ -0,0 +1,55 @@
name: mkosi
# Simple boot tests that build and boot the mkosi images generated by the mkosi config files in .mkosi.
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
ci:
runs-on: ubuntu-20.04
strategy:
fail-fast: false
matrix:
distro:
- arch
- debian
- ubuntu
- fedora
steps:
- uses: actions/checkout@v2
- uses: systemd/mkosi@v9
- name: Install
run: sudo apt-get update && sudo apt-get install --no-install-recommends python3-pexpect
- name: Symlink
run: ln -s .mkosi/mkosi.${{ matrix.distro }} mkosi.default
# Ubuntu's systemd-nspawn doesn't support faccessat2() syscall, which is
# required, since current Arch's glibc implements faccessat() via faccessat2().
- name: Update systemd-nspawn
if: ${{ matrix.distro == 'arch' }}
run: |
echo "deb-src http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs) main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list
sudo apt update
sudo apt build-dep systemd
meson build
ninja -C build
sudo ln -svf $PWD/build/systemd-nspawn `which systemd-nspawn`
systemd-nspawn --version
- name: Build ${{ matrix.distro }}
run: sudo python3 -m mkosi --password= --qemu-headless build
- name: Boot ${{ matrix.distro }} systemd-nspawn
run: sudo ./.github/workflows/test_mkosi_boot.py python3 -m mkosi --password= --qemu-headless boot
- name: Boot ${{ matrix.distro }} QEMU
run: sudo ./.github/workflows/test_mkosi_boot.py python3 -m mkosi --password= --qemu-headless qemu

27
.github/workflows/test_mkosi_boot.py vendored Executable file
View File

@ -0,0 +1,27 @@
#!/usr/bin/env python3
# SPDX-License-Identifier: LGPL-2.1-or-later
import pexpect
import sys
def run() -> None:
p = pexpect.spawnu(" ".join(sys.argv[1:]), logfile=sys.stdout, timeout=300)
p.expect("login:")
p.sendline("root")
p.expect("#")
p.sendline("systemctl poweroff")
p.expect(pexpect.EOF)
try:
run()
except pexpect.EOF:
print("UNEXPECTED EOF")
sys.exit(1)
except pexpect.TIMEOUT:
print("TIMED OUT")
sys.exit(1)

85
.github/workflows/unit_tests.sh vendored Executable file
View File

@ -0,0 +1,85 @@
#!/bin/bash
PHASES=(${@:-SETUP RUN RUN_ASAN_UBSAN CLEANUP})
RELEASE="$(lsb_release -cs)"
ADDITIONAL_DEPS=(
clang
expect
fdisk
libfdisk-dev
libfido2-dev
libp11-kit-dev
libpwquality-dev
libqrencode-dev
libssl-dev
libtss2-dev
libzstd-dev
perl
python3-libevdev
python3-pyparsing
zstd
)
function info() {
echo -e "\033[33;1m$1\033[0m"
}
set -ex
for phase in "${PHASES[@]}"; do
case $phase in
SETUP)
info "Setup phase"
bash -c "echo 'deb-src http://archive.ubuntu.com/ubuntu/ $RELEASE main restricted universe multiverse' >>/etc/apt/sources.list"
# PPA with some newer build dependencies
add-apt-repository -y ppa:upstream-systemd-ci/systemd-ci
apt-get -y update
apt-get -y build-dep systemd
apt-get -y install "${ADDITIONAL_DEPS[@]}"
;;
RUN|RUN_GCC|RUN_CLANG)
if [[ "$phase" = "RUN_CLANG" ]]; then
export CC=clang
export CXX=clang++
fi
meson --werror -Dtests=unsafe -Dslow-tests=true -Dfuzz-tests=true -Dman=true build
ninja -C build -v
meson test -C build --print-errorlogs
;;
RUN_ASAN_UBSAN|RUN_GCC_ASAN_UBSAN|RUN_CLANG_ASAN_UBSAN)
MESON_ARGS=(--optimization=1)
if [[ "$phase" = "RUN_CLANG_ASAN_UBSAN" ]]; then
export CC=clang
export CXX=clang++
# Build fuzzer regression tests only with clang (for now),
# see: https://github.com/systemd/systemd/pull/15886#issuecomment-632689604
# -Db_lundef=false: See https://github.com/mesonbuild/meson/issues/764
MESON_ARGS+=(-Db_lundef=false -Dfuzz-tests=true)
fi
meson --werror -Dtests=unsafe -Db_sanitize=address,undefined "${MESON_ARGS[@]}" build
ninja -C build -v
export ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1
# Never remove halt_on_error from UBSAN_OPTIONS. See https://github.com/systemd/systemd/commit/2614d83aa06592aedb.
export UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1
# FIXME
# For some strange reason the GH Actions VM stops responding after
# executing first ~150 tests, _unless_ there's something producing
# output (either running `meson test` in verbose mode, or something
# else in background). Despite my efforts so far I haven't been able
# to identify the culprit (since the issue is not reproducible
# during debugging, wonderful), so let's at least keep a workaround
# here to make the builds stable for the time being.
(set +x; while :; do echo -ne "\n[WATCHDOG] $(date)\n"; sleep 30; done) &
meson test --timeout-multiplier=3 -C build --print-errorlogs
;;
CLEANUP)
info "Cleanup phase"
;;
*)
echo >&2 "Unknown phase '$phase'"
exit 1
esac
done

23
.github/workflows/unit_tests.yml vendored Normal file
View File

@ -0,0 +1,23 @@
---
# vi: ts=2 sw=2 et:
#
name: Unit tests
on:
pull_request:
branches:
- main
jobs:
build:
runs-on: ubuntu-20.04
strategy:
fail-fast: false
matrix:
run_phase: [GCC, GCC_ASAN_UBSAN, CLANG, CLANG_ASAN_UBSAN]
steps:
- name: Repository checkout
uses: actions/checkout@v1
- name: Install build dependencies
run: sudo -E .github/workflows/unit_tests.sh SETUP
- name: Build & test (${{ matrix.run_phase }})
run: sudo -E .github/workflows/unit_tests.sh RUN_${{ matrix.run_phase }}

2
.gitignore vendored
View File

@ -36,4 +36,6 @@ __pycache__/
/mkosi.builddir/
/mkosi.output/
/mkosi.default
mkosi.default.d/*
!mkosi.default.d/10-systemd.conf
/tags

3
.mailmap
View File

@ -115,12 +115,14 @@ Michael Biebl <biebl@debian.org> <mbiebl@gmail.com>
Michael Buesch <mbuesch@freenet.de>
Michael Hoy <rimmington@gmail.com>
Michael Olbrich <m.olbrich@pengutronix.de>
Michael Trapp <michael.trapp@sap.com>
Michal Soltys <soltys@ziu.info> <nozo@ziu.info>
Michal Suchanek <msuchanek@suse.de>
Michal Suchanek <msuchanek@suse.de> <hramrach@gmail.com>
Michal Sekletár <msekleta@redhat.com>
Michał Szczepański <skrzatu@hotmail.com> <skrzatu@gmail.com>
Michel Kraus <github@demonsphere.de> <27o@users.noreply.github.com>
Michele Guerini Rocco <rnhmjoj@inventati.org>
Miklos Vajna <vmiklos@frugalware.org> <vmiklos@gmail.com>
Milan Pässler <me@petabyteboy.de>
Neil Brown <neil@brown.name>
@ -209,3 +211,4 @@ Andrey Yashkin <38919268+AndreyYashkin@users.noreply.github.com>
Ronald Tschalär <ronald@innovation.ch>
Jay Burger <jay.burger@fujitsu.com> <root@new-host-3.home>
Yi Gao <ymuemc@163.com>
Weblate <noreply@weblate.org>

12
.mkosi/mkosi.arch
View File

@ -8,15 +8,7 @@
[Distribution]
Distribution=arch
[Output]
Format=raw_btrfs
Bootable=yes
[Partitions]
RootSize=3G
[Packages]
Cache=/var/cache/pacman/pkg/
BuildPackages=
acl
bzip2
@ -54,5 +46,9 @@ BuildPackages=
zstd
Packages=
gdb
libidn2
nano
qrencode
strace
vi

26
.mkosi/mkosi.debian
View File

@ -7,13 +7,6 @@
Distribution=debian
Release=unstable
[Output]
Format=raw_btrfs
Bootable=yes
[Partitions]
RootSize=2G
[Packages]
BuildPackages=
acl
@ -24,7 +17,6 @@ BuildPackages=
git
gnu-efi
gperf
libiptc-dev
libacl1-dev
libaudit-dev
libblkid-dev
@ -35,19 +27,23 @@ BuildPackages=
libdbus-1-dev
libdw-dev
libfdisk-dev
libfido2-dev
libgcrypt20-dev
libgnutls28-dev
libidn2-0-dev
libiptc-dev
libkmod-dev
liblzma-dev
liblz4-dev
liblz4-tool
liblzma-dev
libmicrohttpd-dev
libmount-dev
libpam0g-dev
libqrencode-dev
libseccomp-dev
libsmartcols-dev
libssl-dev
libtss2-dev
libxkbcommon-dev
libzstd-dev
m4
@ -62,6 +58,14 @@ BuildPackages=
zstd
Packages=
libqrencode4
locales
gdb
libfdisk1
libfido2-1
libidn2-0
libqrencode4
# We pull in the -dev package here, since the binary ones appear to change names too often, and the -dev package pulls the right deps in automatically
libtss2-dev
locales
nano
strace
vim-tiny

16
.mkosi/mkosi.fedora
View File

@ -7,13 +7,6 @@
Distribution=fedora
Release=33
[Output]
Format=gpt_ext4
Bootable=yes
[Partitions]
RootSize=3G
[Packages]
BuildPackages=
audit-libs-devel
@ -66,17 +59,20 @@ BuildPackages=
python3-lxml
qrencode-devel
rpm
tpm2-tss-devel
tree
valgrind-devel
xz-devel
zstd
Packages=
gdb
# libfido2 + libzstd can be dropped once the Fedora RPM gets a dependency on them
libfido2
libzstd
nano
# procps-ng provides a set of useful utilies (ps, free, etc)
procps-ng
BuildDirectory=mkosi.builddir
Cache=mkosi.cache
strace
tpm2-tss
vi

14
.mkosi/mkosi.opensuse
View File

@ -7,17 +7,7 @@
Distribution=opensuse
Release=tumbleweed
[Output]
Format=raw_btrfs
Bootable=yes
[Partitions]
RootSize=3G
[Packages]
# Uncomment to share system RPM cache (works only with Tumbleweed)
#Cache=/var/cache/zypp/packages
BuildDirectory=mkosi.builddir
BuildPackages=
docbook-xsl-stylesheets
fdupes
@ -62,6 +52,7 @@ BuildPackages=
timezone
Packages=
gdb
# brought in via meson->python3
libp11-kit0
# --bootable=no
@ -75,4 +66,7 @@ Packages=
libqrencode4
libseccomp2
pam
nano
strace
util-linux
vi

21
.mkosi/mkosi.ubuntu
View File

@ -8,13 +8,6 @@ Distribution=ubuntu
Release=focal
Repositories=main,universe
[Output]
Format=raw_btrfs
Bootable=no
[Partitions]
RootSize=2G
[Packages]
BuildPackages=
acl
@ -35,6 +28,7 @@ BuildPackages=
libdbus-1-dev
libdw-dev
libfdisk-dev
libfido2-dev
libgcrypt20-dev
libgnutls28-dev
libidn2-0-dev
@ -50,6 +44,8 @@ BuildPackages=
libqrencode-dev
libseccomp-dev
libsmartcols-dev
libssl-dev
libtss2-dev
libxkbcommon-dev
libxtables-dev
libzstd-dev
@ -66,6 +62,13 @@ BuildPackages=
zstd
Packages=
libqrencode4
locales
gdb
libfido2-1
libidn2-0
libqrencode4
# We pull in the -dev package here, since the binary ones appear to change names too often, and the -dev package pulls the right deps in automatically
libtss2-dev
locales
nano
strace
vim-tiny

40
.packit.yml Normal file
View File

@ -0,0 +1,40 @@
---
# vi:ts=2 sw=2 et:
#
# Docs: https://packit.dev/docs/
specfile_path: .packit_rpm/systemd.spec
synced_files:
- .packit.yaml
- src: .packit_rpm/systemd.spec
dest: systemd.spec
upstream_package_name: systemd
downstream_package_name: systemd
# `git describe` returns in systemd's case 'v245-xxx' which breaks RPM version
# detection (that expects 245-xxxx'). Let's tweak the version string accordingly
upstream_tag_template: "v{version}"
actions:
post-upstream-clone:
# Use the Fedora Rawhide specfile
- "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1"
# Drop backported patches from the specfile, but keep the downstream-only ones
# - Patch0000-0499: backported patches from upstream
# - Patch0500-9999: downstream-only patches
- "sed -ri '/^Patch0[0-4]?[0-9]{0,2}\\:.+\\.patch/d' .packit_rpm/systemd.spec"
# Build the RPM with --werror. Even though --werror doesn't work in all
# cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the
# RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]).
#
# [0] https://github.com/mesonbuild/meson/issues/7360
# [1] https://github.com/systemd/systemd/pull/18908#issuecomment-792250110
- 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec'
jobs:
- job: copr_build
trigger: pull_request
metadata:
targets:
- fedora-rawhide-aarch64
- fedora-rawhide-i386
- fedora-rawhide-x86_64

0
semaphoreci/semaphore-runner.sh → .semaphore/semaphore-runner.sh
View File

27
.semaphore/semaphore.yml Normal file
View File

@ -0,0 +1,27 @@
---
# vi: ts=2 sw=2 et:
version: v1.0
name: Debian autopkgtest (LXC)
agent:
machine:
type: e1-standard-2
os_image: ubuntu1804
# Cancel any running or queued job for the same ref
auto_cancel:
running:
when: "true"
execution_time_limit:
hours: 1
blocks:
- name: "Setup & test"
task:
jobs:
- name: "Install dependencies & run the Debian autopkgtest"
commands:
- checkout --use-cache
- .semaphore/semaphore-runner.sh SETUP
- .semaphore/semaphore-runner.sh RUN

84
.travis.yml
View File

@ -1,84 +0,0 @@
---
# vi: ts=2 sw=2 et:
language: bash
dist: bionic
services:
- docker
env:
global:
- AUTHOR_EMAIL="$(git log -1 $TRAVIS_COMMIT --pretty=\"%aE\")"
- CI_MANAGERS="$TRAVIS_BUILD_DIR/travis-ci/managers"
- CI_TOOLS="$TRAVIS_BUILD_DIR/travis-ci/tools"
- REPO_ROOT="$TRAVIS_BUILD_DIR"
jobs:
- DEBIAN_RELEASE=testing PHASE="RUN_GCC"
- DEBIAN_RELEASE=testing PHASE="RUN_GCC_ASAN_UBSAN"
- DEBIAN_RELEASE=testing PHASE="RUN_CLANG"
- DEBIAN_RELEASE=testing PHASE="RUN_CLANG_ASAN_UBSAN"
stages:
# 'Test' is the default stage (for matrix jobs)
- name: Test
if: type != cron
# Run Coverity periodically instead of for each commit/PR
- name: Coverity
if: type = cron
# Matrix job definition - this is run for each combination of env variables
# from the env.jobs array above
before_install:
- sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
- docker --version
install:
- $CI_MANAGERS/debian.sh SETUP
script:
- $CI_MANAGERS/debian.sh $PHASE || travis_terminate 1
after_script:
- $CI_MANAGERS/debian.sh CLEANUP
# Inject another (single) job into the matrix for Coverity
jobs:
include:
- stage: Coverity
language: bash
env:
- FEDORA_RELEASE="31"
- TOOL_BASE="/var/tmp/coverity-scan-analysis"
- CONT_NAME="coverity-fedora-$FEDORA_RELEASE"
- DOCKER_EXEC="docker exec -ti $CONT_NAME"
- DOCKER_RUN="docker run -v $TOOL_BASE:$TOOL_BASE:rw --env-file .cov-env"
# Coverity env variables
- PLATFORM="$(uname)"
- TOOL_ARCHIVE="/var/tmp/cov-analysis-$PLATFORM.tgz"
- SCAN_URL="https://scan.coverity.com"
- UPLOAD_URL="https://scan.coverity.com/builds"
- COVERITY_SCAN_PROJECT_NAME="$TRAVIS_REPO_SLUG"
- COVERITY_SCAN_NOTIFICATION_EMAIL="${AUTHOR_EMAIL}"
- COVERITY_SCAN_BRANCH_PATTERN="$TRAVIS_BRANCH"
# Encrypted COVERITY_SCAN_TOKEN env variable
# Generated using `travis encrypt -r systemd/systemd COVERITY_SCAN_TOKEN=xxxx`
- secure: "jKSz+Y1Mv8xMpQHh7g5lzW7E6HQGndFz/vKDJQ1CVShwFoyjV3Zu+MFS3UYKlh1236zL0Z4dvsYFx/b3Hq8nxZWCrWeZs2NdXgy/wh8LZhxwzcGYigp3sIA/cYdP5rDjFJO0MasNkl25/rml8+eZWz+8/xQic98UQHjSco/EOWtssoRcg0J0c4eDM7bGLfIQWE73NNY1Q1UtWjKmx1kekVrM8dPmHXJ9aERka7bmcbJAcKd6vabs6DQ5AfWccUPIn/EsRYqIJTRxJrFYU6XizANZ1a7Vwk/DWHZUEn2msxcZw5BbAMDTMx0TbfrNkKSHMHuvQUCu6KCBAq414i+LgkMfmQ2SWwKiIUsud1kxXX3ZPl9bxDv1HkvVdcniC/EM7lNEEVwm4meOnjuhI2lhOyOjmP3FTSlMHGP7xlK8DS2k9fqL58vn0BaSjwWgd+2+HuL2+nJmxcK1eLGzKqaostFxrk2Xs2vPZkUdV2nWY/asUrcWHml6YlWDn2eP83pfwxHYsMiEHY/rTKvxeVY+iirO/AphoO+eaYu7LvjKZU1Yx5Z4u/SnGWAiCH0yhMis0bWmgi7SCbw+sDd2uya+aoiLIGiB2ChW7hXHXCue/dif6/gLU7b+L8R00pQwnWdvKUPoIJCmZJYCluTeib4jpW+EmARB2+nR8wms2K9FGKM="
before_install:
- sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
- docker --version
install:
# Install Coverity on the host
- $CI_TOOLS/get-coverity.sh
# Export necessary env variables for Coverity
- env | grep -E "TRAVIS|COV|TOOL|URL" > .cov-env
# Pull a Docker image and start a new container
- $CI_MANAGERS/fedora.sh SETUP
script:
- set -e
# Preconfigure with meson to prevent Coverity from capturing meson metadata
- $DOCKER_EXEC meson cov-build -Dman=false
# Run Coverity
- $DOCKER_EXEC tools/coverity.sh build
- $DOCKER_EXEC tools/coverity.sh upload
- set +e
after_script:
- $CI_MANAGERS/fedora.sh CLEANUP

2
Makefile
View File

@ -1,3 +1,5 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
all:
ninja -C build

514
NEWS
View File

@ -1,5 +1,485 @@
systemd System and Service Manager
CHANGES WITH 248:
* A concept of system extension images is introduced. Such images may
be used to extend the /usr/ and /opt/ directory hierarchies at
runtime with additional files (even if the file system is read-only).
When a system extension image is activated, its /usr/ and /opt/
hierarchies and os-release information are combined via overlayfs
with the file system hierarchy of the host OS.
A new systemd-sysext tool can be used to merge, unmerge, list, and
refresh system extension hierarchies. See
https://www.freedesktop.org/software/systemd/man/systemd-sysext.html.
The systemd-sysext.service automatically merges installed system
extensions during boot (before basic.target, but not in very early
boot, since various file systems have to be mounted first).
The SYSEXT_LEVEL= field in os-release(5) may be used to specify the
supported system extension level.
* A new ExtensionImages= unit setting can be used to apply the same
system extension image concept from systemd-sysext to the namespaced
file hierarchy of specific services, following the same rules and
constraints.
* Support for a new special "root=tmpfs" kernel command-line option has
been added. When specified, a tmpfs is mounted on /, and mount.usr=
should be used to point to the operating system implementation.
* A new configuration file /etc/veritytab may be used to configure
dm-verity integrity protection for block devices. Each line is in the
format "volume-name data-device hash-device roothash options",
similar to /etc/crypttab.
* A new kernel command-line option systemd.verity.root_options= may be
used to configure dm-verity behaviour for the root device.
* The key file specified in /etc/crypttab (the third field) may now
refer to an AF_UNIX/SOCK_STREAM socket in the file system. The key is
acquired by connecting to that socket and reading from it. This
allows the implementation of a service to provide key information
dynamically, at the moment when it is needed.
* When the hostname is set explicitly to "localhost", systemd-hostnamed
will respect this. Previously such a setting would be mostly silently
ignored. The goal is to honour configuration as specified by the
user.
* The fallback hostname that will be used by the system manager and
systemd-hostnamed can now be configured in two new ways: by setting
DEFAULT_HOSTNAME= in os-release(5), or by setting
$SYSTEMD_DEFAULT_HOSTNAME in the environment block. As before, it can
also be configured during compilation. The environment variable is
intended for testing and local overrides, the os-release(5) field is
intended to allow customization by different variants of a
distribution that share the same compiled packages.
* The environment block of the manager itself may be configured through
a new ManagerEnvironment= setting in system.conf or user.conf. This
complements existing ways to set the environment block (the kernel
command line for the system manager, the inherited environment and
user@.service unit file settings for the user manager).
* systemd-hostnamed now exports the default hostname and the source of
the configured hostname ("static", "transient", or "default") as
D-Bus properties.
* systemd-hostnamed now exports the "HardwareVendor" and
"HardwareModel" D-Bus properties, which are supposed to contain a
pair of cleaned up, human readable strings describing the system's
vendor and model. It's typically sourced from the firmware's DMI
tables, but may be augmented from a new hwdb database. hostnamectl
shows this in the status output.
* Support has been added to systemd-cryptsetup for extracting the
PKCS#11 token URI and encrypted key from the LUKS2 JSON embedded
metadata header. This allows the information how to open the
encrypted device to be embedded directly in the device and obviates
the need for configuration in an external file.
* systemd-cryptsetup gained support for unlocking LUKS2 volumes using
TPM2 hardware, as well as FIDO2 security tokens (in addition to the
pre-existing support for PKCS#11 security tokens).
* systemd-repart may enroll encrypted partitions using TPM2
hardware. This may be useful for example to create an encrypted /var
partition bound to the machine on first boot.
* A new systemd-cryptenroll tool has been added to enroll TPM2, FIDO2
and PKCS#11 security tokens to LUKS volumes, list and destroy
them. See:
http://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
It also supports enrolling "recovery keys" and regular passphrases.
* The libfido2 dependency is now based on dlopen(), so that the library
is used at runtime when installed, but is not a hard runtime
dependency.
* systemd-cryptsetup gained support for two new options in
/etc/crypttab: "no-write-workqueue" and "no-read-workqueue" which
request synchronous processing of encryption/decryption IO.
* The manager may be configured at compile time to use the fexecve()
instead of the execve() system call when spawning processes. Using
fexecve() closes a window between checking the security context of an
executable and spawning it, but unfortunately the kernel displays
stale information in the process' "comm" field, which impacts ps
output and such.
* The configuration option -Dcompat-gateway-hostname has been dropped.
"_gateway" is now the only supported name.
* The ConditionSecurity=tpm2 unit file setting may be used to check if
the system has at least one TPM2 (tpmrm class) device.
* A new ConditionCPUFeature= has been added that may be used to
conditionalize units based on CPU features. For example,
ConditionCPUFeature=rdrand will condition a unit so that it is only
run when the system CPU supports the RDRAND opcode.
* The existing ConditionControlGroupController= setting has been
extended with two new values "v1" and "v2". "v2" means that the
unified v2 cgroup hierarchy is used, and "v1" means that legacy v1
hierarchy or the hybrid hierarchy are used.
* A new PrivateIPC= setting on a unit file allows executed processes to
be moved into a private IPC namespace, with separate System V IPC
identifiers and POSIX message queues.
A new IPCNamespacePath= allows the unit to be joined to an existing
IPC namespace.
* The tables of system calls in seccomp filters are now automatically
generated from kernel lists exported on
https://fedora.juszkiewicz.com.pl/syscalls.html.
The following architectures should now have complete lists:
alpha, arc, arm64, arm, i386, ia64, m68k, mips64n32, mips64, mipso32,
powerpc, powerpc64, s390, s390x, tilegx, sparc, x86_64, x32.
* The MountAPIVFS= service file setting now additionally mounts a tmpfs
on /run/ if it is not already a mount point. A writable /run/ has
always been a requirement for a functioning system, but this was not
guaranteed when using a read-only image.
Users can always specify BindPaths= or InaccessiblePaths= as
overrides, and they will take precedence. If the host's root mount
point is used, there is no change in behaviour.
* New bind mounts and file system image mounts may be injected into the
mount namespace of a service (without restarting it). This is exposed
respectively as 'systemctl bind <unit> <path>…' and
'systemctl mount-image <unit> <image>…'.
* The StandardOutput= and StandardError= settings can now specify files
to be truncated for output (as "truncate:<path>").
* The ExecPaths= and NoExecPaths= settings may be used to specify
noexec for parts of the file system.
* sd-bus has a new function sd_bus_open_user_machine() to open a
connection to the session bus of a specific user in a local container
or on the local host. This is exposed in the existing -M switch to
systemctl and similar tools:
systemctl --user -M lennart@foobar start foo
This will connect to the user bus of a user "lennart" in container
"foobar". If no container name is specified, the specified user on
the host itself is connected to
systemctl --user -M lennart@ start quux
* sd-bus also gained a convenience function sd_bus_message_send() to
simplify invocations of sd_bus_send(), taking only a single
parameter: the message to send.
* sd-event allows rate limits to be set on event sources, for dealing
with high-priority event sources that might starve out others. See
the new man page sd_event_source_set_ratelimit(3) for details.
* systemd.link files gained a [Link] Promiscuous= switch, which allows
the device to be raised in promiscuous mode.
New [Link] TransmitQueues= and ReceiveQueues= settings allow the
number of TX and RX queues to be configured.
New [Link] TransmitQueueLength= setting allows the size of the TX
queue to be configured.
New [Link] GenericSegmentOffloadMaxBytes= and
GenericSegmentOffloadMaxSegments= allow capping the packet size and
the number of segments accepted in Generic Segment Offload.
* systemd-networkd gained support for the "B.A.T.M.A.N. advanced"
wireless routing protocol that operates on ISO/OSI Layer 2 only and
uses ethernet frames to route/bridge packets. This encompasses a new
"batadv" netdev Type=, a new [BatmanAdvanced] section with a bunch of
new settings in .netdev files, and a new BatmanAdvanced= setting in
.network files.
* systemd.network files gained a [Network] RouteTable= configuration
switch to select the routing policy table.
systemd.network files gained a [RoutingPolicyRule] Type=
configuration switch (one of "blackhole, "unreachable", "prohibit").
systemd.network files gained a [IPv6AcceptRA] RouteDenyList= and
RouteAllowList= settings to ignore/accept route advertisements from
routers matching specified prefixes. The DenyList= setting has been
renamed to PrefixDenyList= and a new PrefixAllowList= option has been
added.
systemd.network files gained a [DHCPv6] UseAddress= setting to
optionally ignore the address provided in the lease.
systemd.network files gained a [DHCPv6PrefixDelegation]
ManageTemporaryAddress= switch.
systemd.network files gained a new ActivationPolicy= setting which
allows configuring how the UP state of an interface shall be managed,
i.e. whether the interface is always upped, always downed, or may be
upped/downed by the user using "ip link set dev".
* The default for the Broadcast= setting in .network files has slightly
changed: the broadcast address will not be configured for wireguard
devices.
* systemd.netdev files gained a [VLAN] Protocol=, IngressQOSMaps=,
EgressQOSMaps=, and [MACVLAN] BroadcastMulticastQueueLength=
configuration options for VLAN packet handling.
* udev rules may now set log_level= option. This allows debug logs to
be enabled for select events, e.g. just for a specific subsystem or
even a single device.
* udev now exports the VOLUME_ID, LOGICAL_VOLUME_ID, VOLUME_SET_ID, and
DATA_PREPARED_ID properties for block devices with ISO9660 file
systems.
* udev now exports decoded DMI information about installed memory slots
as device properties under the /sys/class/dmi/id/ pseudo device.
* /dev/ is not mounted noexec anymore. This didn't provide any
significant security benefits and would conflict with the executable
mappings used with /dev/sgx device nodes. The previous behaviour can
be restored for individual services with NoExecPaths=/dev (or by allow-
listing and excluding /dev from ExecPaths=).
* Permissions for /dev/vsock are now set to 0o666, and /dev/vhost-vsock
and /dev/vhost-net are owned by the kvm group.
* The hardware database has been extended with a list of fingerprint
readers that correctly support USB auto-suspend using data from
libfprint.
* systemd-resolved can now answer DNSSEC questions through the stub
resolver interface in a way that allows local clients to do DNSSEC
validation themselves. For a question with DO+CD set, it'll proxy the
DNS query and respond with a mostly unmodified packet received from
the upstream server.
* systemd-resolved learnt a new boolean option CacheFromLocalhost= in
resolved.conf. If true the service will provide caching even for DNS
lookups made to an upstream DNS server on the 127.0.0.1/::1
addresses. By default (and when the option is false) systemd-resolved
will not cache such lookups, in order to avoid duplicate local
caching, under the assumption the local upstream server caches
anyway.
* systemd-resolved now implements RFC5001 NSID in its local DNS
stub. This may be used by local clients to determine whether they are
talking to the DNS resolver stub or a different DNS server.
* When resolving host names and other records resolvectl will now
report where the data was acquired from (i.e. the local cache, the
network, locally synthesized, …) and whether the network traffic it
effected was encrypted or not. Moreover the tool acquired a number of
new options --cache=, --synthesize=, --network=, --zone=,
--trust-anchor=, --validate= that take booleans and may be used to
tweak a lookup, i.e. whether it may be answered from cached
information, locally synthesized information, information acquired
through the network, the local mDNS/LLMNR zone, the DNSSEC trust
anchor, and whether DNSSEC validation shall be executed for the
lookup.
* systemd-nspawn gained a new --ambient-capability= setting
(AmbientCapability= in .nspawn files) to configure ambient
capabilities passed to the container payload.
* systemd-nspawn gained the ability to configure the firewall using the
nftables subsystem (in addition to the existing iptables
support). Similarly, systemd-networkd's IPMasquerade= option now
supports nftables as back-end, too. In both cases NAT on IPv6 is now
supported too, in addition to IPv4 (the iptables back-end still is
IPv4-only).
"IPMasquerade=yes", which was the same as "IPMasquerade=ipv4" before,
retains its meaning, but has been deprecated. Please switch to either
"ivp4" or "both" (if covering IPv6 is desired).
* systemd-importd will now download .verity and .roothash.p7s files
along with the machine image (as exposed via machinectl pull-raw).
* systemd-oomd now gained a new DefaultMemoryPressureDurationSec=
setting to configure the time a unit's cgroup needs to exceed memory
pressure limits before action will be taken, and a new
ManagedOOMPreference=none|avoid|omit setting to avoid killing certain
units.
systemd-oomd is now considered fully supported (the usual
backwards-compatiblity promises apply). Swap is not required for
operation, but it is still recommended.
* systemd-timesyncd gained a new ConnectionRetrySec= setting which
configures the retry delay when trying to contact servers.
* systemd-stdio-bridge gained --system/--user options to connect to the
system bus (previous default) or the user session bus.
* systemd-localed may now call locale-gen to generate missing locales
on-demand (UTF-8-only). This improves integration with Debian-based
distributions (Debian/Ubuntu/PureOS/Tanglu/...) and Arch Linux.
* systemctl --check-inhibitors=true may now be used to obey inhibitors
even when invoked non-interactively. The old --ignore-inhibitors
switch is now deprecated and replaced by --check-inhibitors=false.
* systemctl import-environment will now emit a warning when called
without any arguments (i.e. to import the full environment block of
the called program). This command will usually be invoked from a
shell, which means that it'll inherit a bunch of variables which are
specific to that shell, and usually to the TTY the shell is connected
to, and don't have any meaning in the global context of the system or
user service manager. Instead, only specific variables should be
imported into the manager environment block.
Similarly, programs which update the manager environment block by
directly calling the D-Bus API of the manager, should also push
specific variables, and not the full inherited environment.
* systemctl's status output now shows unit state with a more careful
choice of Unicode characters: units in maintenance show a "○" symbol
instead of the usual "●", failed units show "×", and services being
reloaded "↻".
* coredumpctl gained a --debugger-arguments= switch to pass arguments
to the debugger. It also gained support for showing coredump info in
a simple JSON format.
* systemctl/loginctl/machinectl's --signal= option now accept a special
value "list", which may be used to show a brief table with known
process signals and their numbers.
* networkctl now shows the link activation policy in status.
* Various tools gained --pager/--no-pager/--json= switches to
enable/disable the pager and provide JSON output.
* Various tools now accept two new values for the SYSTEMD_COLORS
environment variable: "16" and "256", to configure how many terminal
colors are used in output.
* less 568 or newer is now required for the auto-paging logic of the
various tools. Hyperlink ANSI sequences in terminal output are now
used even if a pager is used, and older versions of less are not able
to display these sequences correctly. SYSTEMD_URLIFY=0 may be used to
disable this output again.
* Builds with support for separate / and /usr/ hierarchies ("split-usr"
builds, non-merged-usr builds) are now officially deprecated. A
warning is emitted during build. Support is slated to be removed in
about a year (when the Debian Bookworm release development starts).
* Systems with the legacy cgroup v1 hierarchy are now marked as
"tainted", to make it clearer that using the legacy hierarchy is not
recommended.
* systemd-localed will now refuse to configure a keymap which is not
installed in the file system. This is intended as a bug fix, but
could break cases where systemd-localed was used to configure the
keymap in advanced of it being installed. It is necessary to install
the keymap file first.
* The main git development branch has been renamed to 'main'.
* mmcblk[0-9]boot[0-9] devices will no longer be probed automatically
for partitions, as in the vast majority of cases they contain none
and are used internally by the bootloader (eg: uboot).
* systemd will now set the $SYSTEMD_EXEC_PID environment variable for
spawned processes to the PID of the process itself. This may be used
by programs for detecting whether they were forked off by the service
manager itself or are a process forked off further down the tree.
* The sd-device API gained four new calls: sd_device_get_action() to
determine the uevent add/remove/change/… action the device object has
been seen for, sd_device_get_seqno() to determine the uevent sequence
number, sd_device_new_from_stat_rdev() to allocate a new sd_device
object from stat(2) data of a device node, and sd_device_trigger() to
write to the 'uevent' attribute of a device.
* For most tools the --no-legend= switch has been replaced by
--legend=no and --legend=yes, to force whether tables are shown with
headers/legends.
* Units acquired a new property "Markers" that takes a list of zero,
one or two of the following strings: "needs-reload" and
"needs-restart". These markers may be set via "systemctl
set-property". Once a marker is set, "systemctl reload-or-restart
--marked" may be invoked to execute the operation the units are
marked for. This is useful for package managers that want to mark
units for restart/reload while updating, but effect the actual
operations at a later step at once.
* The sd_bus_message_read_strv() API call of sd-bus may now also be
used to parse arrays of D-Bus signatures and D-Bus paths, in addition
to regular strings.
* bootctl will now report whether the UEFI firmware used a TPM2 device
and measured the boot process into it.
* systemd-tmpfiles learnt support for a new environment variable
$SYSTEMD_TMPFILES_FORCE_SUBVOL which takes a boolean value. If true
the v/q/Q lines in tmpfiles.d/ snippets will create btrfs subvolumes
even if the root fs of the system is not itself a btrfs volume.
* systemd-detect-virt/ConditionVirtualization= will now explicitly
detect Docker/Podman environments where possible. Moreover, they
should be able to generically detect any container manager as long as
it assigns the container a cgroup.
* portablectl gained a new "reattach" verb for detaching/reattaching a
portable service image, useful for updating images on-the-fly.
* Intel SGX enclave device nodes (which expose a security feature of
newer Intel CPUs) will now be owned by a new system group "sgx".
Contributions from: Adam Nielsen, Adrian Vovk, AJ Jordan, Alan Perry,
Alastair Pharo, Alexander Batischev, Ali Abdallah, Andrew Balmos,
Anita Zhang, Annika Wickert, Ansgar Burchardt, Antonio Terceiro,
Antonius Frie, Ardy, Arian van Putten, Ariel Fermani, Arnaud T,
A S Alam, Bastien Nocera, Benjamin Berg, Benjamin Robin, Björn Daase,
caoxia, Carlo Wood, Charles Lee, ChopperRob, chri2, Christian Ehrhardt,
Christian Hesse, Christopher Obbard, clayton craft, corvusnix, cprn,
Daan De Meyer, Daniele Medri, Daniel Rusek, Dan Sanders, Dan Streetman,
Darren Ng, David Edmundson, David Tardon, Deepak Rawat, Devon Pringle,
Dmitry Borodaenko, dropsignal, Einsler Lee, Endre Szabo,
Evgeny Vereshchagin, Fabian Affolter, Fangrui Song, Felipe Borges,
feliperodriguesfr, Felix Stupp, Florian Hülsmann, Florian Klink,
Florian Westphal, Franck Bui, Frantisek Sumsal, Gablegritule,
Gaël PORTAY, Gaurav, Giedrius Statkevičius, Greg Depoire-Ferrer,
Gustavo Costa, Hans de Goede, Hela Basa, heretoenhance, hide,
Iago López Galeiras, igo95862, Ilya Dmitrichenko, Jameer Pathan,
Jan Tojnar, Jiehong, Jinyuan Si, Joerg Behrmann, John Slade,
Jonathan G. Underwood, Jonathan McDowell, Josh Triplett, Joshua Watt,
Julia Cartwright, Julien Humbert, Kairui Song, Karel Zak,
Kevin Backhouse, Kevin P. Fleming, Khem Raj, Konomi, krissgjeng,
l4gfcm, Lajos Veres, Lennart Poettering, Lincoln Ramsay, Luca Boccassi,
Luca BRUNO, Lucas Werkmeister, Luka Kudra, Luna Jernberg,
Marc-André Lureau, Martin Wilck, Matthias Klumpp, Matt Turner,
Michael Gisbers, Michael Marley, Michael Trapp, Michal Fabik,
Michał Kopeć, Michal Koutný, Michal Sekletár, Michele Guerini Rocco,
Mike Gilbert, milovlad, moson-mo, Nick, nihilix-melix, Oğuz Ersen,
Ondrej Mosnacek, pali, Pavel Hrdina, Pavel Sapezhko, Perry Yuan,
Peter Hutterer, Pierre Dubouilh, Piotr Drąg, Pjotr Vertaalt,
Richard Laager, RussianNeuroMancer, Sam Lunt, Sebastiaan van Stijn,
Sergey Bugaev, shenyangyang4, simmon, Simonas Kazlauskas,
Slimane Selyan Amiri, Stefan Agner, Steve Ramage, Susant Sahani,
Sven Mueller, Tad Fisher, Takashi Iwai, Thomas Haller, Tom Shield,
Topi Miettinen, Torsten Hilbrich, tpgxyz, Tyler Hicks, ulf-f,
Ulrich Ölmann, Vincent Pelletier, Vinnie Magro, Vito Caputo, Vlad,
walbit-de, Whired Planck, wouter bolsterlee, X Ruoyao, Yangyang Shen,
Yuri Chornoivan, Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek,
Zmicer Turok, Дамјан Георгиевски
— Berlin, 2021-03-30
CHANGES WITH 247:
* KERNEL API INCOMPATIBILITY: Linux 4.14 introduced two new uevents
@ -3809,7 +4289,7 @@ CHANGES WITH 237:
by default even when owned by root and read-only. This behaviour was
inherited from older tools, but there have been requests to remove
it, and it's not obvious why this restriction was made in the first
place. Please speak up now, if you are aware of software that reqires
place. Please speak up now, if you are aware of software that requires
this behaviour, otherwise we'll remove the restriction in v238.
* A new environment variable $SYSTEMD_OFFLINE is now understood by
@ -5049,7 +5529,7 @@ CHANGES WITH 232:
* Support for dynamically creating users for the lifetime of a service
has been added. If DynamicUser=yes is specified, user and group IDs
will be allocated from the range 61184..65519 for the lifetime of the
will be allocated from the range 6118465519 for the lifetime of the
service. They can be resolved using the new nss-systemd.so NSS
module. The module must be enabled in /etc/nsswitch.conf. Services
started in this way have PrivateTmp= and RemoveIPC= enabled, so that
@ -5791,7 +6271,7 @@ CHANGES WITH 230:
* The LimitNICE= setting now optionally takes normal UNIX nice values
in addition to the raw integer limit value. If the specified
parameter is prefixed with "+" or "-" and is in the range -20..19 the
parameter is prefixed with "+" or "-" and is in the range -2019 the
value is understood as UNIX nice value. If not prefixed like this it
is understood as raw RLIMIT_NICE limit.
@ -6129,10 +6609,10 @@ CHANGES WITH 228:
individual indexes.
* The various memory-related resource limit settings (such as
LimitAS=) now understand the usual K, M, G, ... suffixes to
LimitAS=) now understand the usual K, M, G, suffixes to
the base of 1024 (IEC). Similar, the time-related resource
limit settings understand the usual min, h, day, ...
suffixes now.
limit settings understand the usual min, h, day, … suffixes
now.
* There's a new system.conf setting DefaultTasksMax= to
control the default TasksMax= setting for services and
@ -6907,7 +7387,7 @@ CHANGES WITH 220:
* New /etc/fstab options x-systemd.requires= and
x-systemd.requires-mounts-for= are now supported to express
additional dependencies for mounts. This is useful for
journalling file systems that support external journal
journaling file systems that support external journal
devices or overlay file systems that require underlying file
systems to be mounted.
@ -7066,7 +7546,7 @@ CHANGES WITH 220:
* /usr/lib/os-release gained a new optional field VARIANT= for
distributions that support multiple variants (such as a
desktop edition, a server edition, ...)
desktop edition, a server edition, )
Contributions from: Aaro Koskinen, Adam Goode, Alban Crequy,
Alberto Fanjul Alonso, Alexander Sverdlin, Alex Puchades, Alin
@ -7521,7 +8001,7 @@ CHANGES WITH 218:
* nspawn's --link-journal= switch gained two new values
"try-guest" and "try-host" that work like "guest" and
"host", but do not fail if the host has no persistent
journalling enabled. -j is now equivalent to
journaling enabled. -j is now equivalent to
--link-journal=try-guest.
* macvlan network devices created by nspawn will now have
@ -7565,7 +8045,7 @@ CHANGES WITH 218:
into account when storing rfkill state on disk, as the name
might be dynamically assigned and not stable. Instead, the
ID_PATH udev variable combined with the rfkill type (wlan,
bluetooth, ...) is used.
bluetooth, ) is used.
* A new service systemd-machine-id-commit.service has been
added. When used on systems where /etc is read-only during
@ -7795,7 +8275,7 @@ CHANGES WITH 217:
* Calendar time specifications in .timer units now also
understand the strings "semi-annually", "quarterly" and
"minutely" as shortcuts (in addition to the preexisting
"annually", "hourly", ...).
"annually", "hourly", ).
* systemd-tmpfiles will now correctly create files in /dev
at boot which are marked for creation only at boot. It is
@ -9015,7 +9495,7 @@ CHANGES WITH 209:
match against MAC address, device path, driver name and type,
and will apply attributes like the naming policy, link speed,
MTU, duplex settings, Wake-on-LAN settings, MAC address, MAC
address assignment policy (randomized, ...).
address assignment policy (randomized, ).
* The configuration of network interface naming rules for
"permanent interface names" has changed: a new NamePolicy=
@ -9092,7 +9572,7 @@ CHANGES WITH 209:
recent boots with their times and boot IDs.
* The various tools like systemctl, loginctl, timedatectl,
busctl, systemd-run, ... have gained a new switch "-M" to
busctl, systemd-run, have gained a new switch "-M" to
connect to a specific, local OS container (as direct
connection, without requiring SSH). This works on any
container that is registered with machined, such as those
@ -9841,7 +10321,7 @@ CHANGES WITH 205:
* If a privileged process logs a journal message with the
OBJECT_PID= field set, then journald will automatically
augment this with additional OBJECT_UID=, OBJECT_GID=,
OBJECT_COMM=, OBJECT_EXE=, ... fields. This is useful if
OBJECT_COMM=, OBJECT_EXE=, fields. This is useful if
system services want to log events about specific client
processes. journactl/systemctl has been updated to make use
of this information if all log messages regarding a specific
@ -10045,7 +10525,7 @@ CHANGES WITH 201:
* 'systemctl status' will also shown information about any
drop-in configuration file for units. (Drop-In configuration
files in this context are files such as
/etc/systemd/systemd/foobar.service.d/*.conf)
/etc/systemd/system/foobar.service.d/*.conf)
* systemd-cgtop now optionally shows summed up CPU times of
cgroups. Press '%' while running cgtop to switch between
@ -10981,7 +11461,7 @@ CHANGES WITH 190:
inhibitors during their runtime. A simple way to achieve
that is to invoke the DE wrapped in an invocation of:
systemd-inhibit --what=handle-power-key:handle-sleep-key:handle-lid-switch ...
systemd-inhibit --what=handle-power-key:handle-sleep-key:handle-lid-switch
* Access to unit operations is now checked via SELinux taking
the unit file label and client process label into account.
@ -11388,7 +11868,7 @@ CHANGES WITH 183:
should be used to create dead device nodes as workarounds for broken
subsystems.
* udev: RUN+="socket:..." and udev_monitor_new_from_socket() is
* udev: RUN+="socket:" and udev_monitor_new_from_socket() is
no longer supported. udev_monitor_new_from_netlink() needs to be
used to subscribe to events.

24
README
View File

@ -44,7 +44,7 @@ REQUIREMENTS:
CONFIG_SIGNALFD
CONFIG_TIMERFD
CONFIG_EPOLL
CONFIG_NET
CONFIG_UNIX (it requires CONFIG_NET, but every other flag in it is not necessary)
CONFIG_SYSFS
CONFIG_PROC_FS
CONFIG_FHANDLE (libudev, mount and bind mount handling)
@ -126,6 +126,9 @@ REQUIREMENTS:
Required for systemd-nspawn:
CONFIG_DEVPTS_MULTIPLE_INSTANCES or Linux kernel >= 4.7
Required for systemd-oomd:
CONFIG_PSI
Note that kernel auditing is broken when used with systemd's
container code. When using systemd in conjunction with
containers, please make sure to either turn off auditing at
@ -187,7 +190,7 @@ REQUIREMENTS:
polkit (optional)
To build in directory build/:
meson build/ && ninja -C build
meson setup build/ && meson compile -C build/
Any configuration options can be specified as -Darg=value... arguments
to meson. After the build directory is initially configured, meson will
@ -197,10 +200,10 @@ REQUIREMENTS:
their current values.
Useful commands:
ninja -v some/target
ninja test
sudo ninja install
DESTDIR=... ninja install
meson compile -v -C build/ some/target
meson test -C build/
sudo meson install -C build/
DESTDIR=... meson install -C build/
A tarball can be created with:
git archive --format=tar --prefix=systemd-222/ v222 | xz > systemd-222.tar.xz
@ -219,9 +222,10 @@ REQUIREMENTS:
Note that the build prefix for systemd must be /usr. (Moreover,
packages systemd relies on — such as D-Bus — really should use the same
prefix, otherwise you are on your own.) -Dsplit-usr=false (which is the
default and does not need to be specified) is the recommended setting,
and -Dsplit-usr=true should be used on systems which have /usr on a
separate partition.
default and does not need to be specified) is the recommended setting.
-Dsplit-usr=true can be used to give a semblance of support for systems
with programs installed split between / and /usr. Moving everything
under /usr is strongly encouraged.
Additional packages are necessary to run some tests:
- busybox (used by test/TEST-13-NSPAWN-SMOKE)
@ -273,7 +277,7 @@ NSS:
with machined to their respective IP addresses.
nss-systemd enables resolution of users/group registered via the
User/Group Record Lookup API (https://systemd.io/USER_GROUP_API/),
User/Group Record Lookup API (https://systemd.io/USER_GROUP_API),
including all dynamically allocated service users. (See the
DynamicUser= setting in unit files.)

6
README.md
View File

@ -4,18 +4,16 @@ System and Service Manager
<a href="https://in.waw.pl/systemd-github-state/systemd-systemd-issues.svg"><img align="right" src="https://in.waw.pl/systemd-github-state/systemd-systemd-issues-small.svg" alt="Count of open issues over time"></a>
<a href="https://in.waw.pl/systemd-github-state/systemd-systemd-pull-requests.svg"><img align="right" src="https://in.waw.pl/systemd-github-state/systemd-systemd-pull-requests-small.svg" alt="Count of open pull requests over time"></a>
[![Semaphore CI Build Status](https://semaphoreci.com/api/v1/projects/28a5a3ca-3c56-4078-8b5e-7ed6ef912e14/443470/shields_badge.svg)](https://semaphoreci.com/systemd/systemd)<br/>
[![Semaphore CI 2.0 Build Status](https://the-real-systemd.semaphoreci.com/badges/systemd/branches/main.svg?style=shields)](https://the-real-systemd.semaphoreci.com/projects/systemd)<br/>
[![Coverity Scan Status](https://scan.coverity.com/projects/350/badge.svg)](https://scan.coverity.com/projects/350)<br/>
[![OSS-Fuzz Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/systemd.svg)](https://oss-fuzz-build-logs.storage.googleapis.com/index.html#systemd)<br/>
[![CIFuzz](https://github.com/systemd/systemd/workflows/CIFuzz/badge.svg)](https://github.com/systemd/systemd/actions)<br/>
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1369/badge)](https://bestpractices.coreinfrastructure.org/projects/1369)<br/>
[![Travis CI Build Status](https://travis-ci.org/systemd/systemd.svg?branch=master)](https://travis-ci.org/systemd/systemd)<br/>
[![Language Grade: C/C++](https://img.shields.io/lgtm/grade/cpp/g/systemd/systemd.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/systemd/systemd/context:cpp)<br/>
[![CentOS CI - CentOS 7](https://jenkins-systemd.apps.ocp.ci.centos.org/buildStatus/icon?subject=CentOS%20CI%20-%20CentOS%207&job=upstream-centos7)](https://jenkins-systemd.apps.ocp.ci.centos.org/job/upstream-centos7/)<br/>
[![CentOS CI - Arch](https://jenkins-systemd.apps.ocp.ci.centos.org/buildStatus/icon?subject=CentOS%20CI%20-%20Arch&job=upstream-vagrant-archlinux)](https://jenkins-systemd.apps.ocp.ci.centos.org/job/upstream-vagrant-archlinux/)<br/>
[![CentOS CI - Arch (sanitizers)](https://jenkins-systemd.apps.ocp.ci.centos.org/buildStatus/icon?subject=CentOS%20CI%20-%20Arch%20(sanitizers)&job=upstream-vagrant-archlinux-sanitizers)](https://jenkins-systemd.apps.ocp.ci.centos.org/job/upstream-vagrant-archlinux-sanitizers/)<br/>
[![Build Status](https://dev.azure.com/evvers/systemd-systemd/_apis/build/status/systemd.systemd?branchName=master)](https://dev.azure.com/evvers/systemd-systemd/_build/latest?definitionId=1&branchName=master)<br/>
[![Fossies codespell report](https://fossies.org/linux/test/systemd-master.tar.gz/codespell.svg)](https://fossies.org/linux/test/systemd-master.tar.gz/codespell.html)</br>
[![Fossies codespell report](https://fossies.org/linux/test/systemd-main.tar.gz/codespell.svg)](https://fossies.org/linux/test/systemd-main.tar.gz/codespell.html)</br>
[![Packaging status](https://repology.org/badge/tiny-repos/systemd.svg)](https://repology.org/project/systemd/versions)
## Details

166
TODO
View File

@ -7,6 +7,8 @@ Bugfixes:
* userdbctl: "Password OK: yes" is shown even when there are no passwords
or the password is locked.
* Get rid of nftw(). We should refuse to use such useless APIs on principle.
External:
* Fedora: add an rpmlint check that verifies that all unit files in the RPM are listed in %systemd_post macros.
@ -20,8 +22,139 @@ Janitorial Clean-ups:
Features:
* maybe add a tool that displays most recent journal logs as QR code to scan
off screen and run it automatically on boot failures, emergency logs and
such. Use DRM APIs directly, see
https://github.com/dvdhrm/docs/blob/master/drm-howto/modeset.c for an example
for doing that.
* pass systemd-detect-virt result to generators as env var. Modifying behaviour
based on whether we are virtualized or not is a pretty common thing, hence
maybe just pass that info along for free in an env var. We cache the result
anyway, so it's basically free.
* systemd-repart: read LUKS encryption key from $CREDENTIALS_PATH
* introduce /dev/disk/root/* symlinks that allow referencing partitions on the
disk the rootfs is on in a reasonably secure way.
* systemd-repart: add a switch to factory reset the partition table without
immediately applying the new configuration again. i.e. --factory-reset=leave
or so. (this is useful to factory reset an image, then putting it into
another machine, ensuring that luks key is generated on new machine, not old)
* move logind udev rules to top-level rule.d/ directory
* move multiseat vid/pid matches from logind udev rule to hwdb
* nspawn: default to 1:1 userns
* Provide a reasonably bespoke solution for mounting host $HOME directories
into containers:
• add new option --mount-user=$USER for mounting $HOME of the user into the
container at the same place
• check /etc/passwd for UID or user name clashes. If UID clash pick a different
UID in container, and map via userns. If user name clash, refuse. If
matching user already exists use that.
• otherwise: write user record of specified user into /run/host/passwd or so
• in nss-systemd pick up user record from there and make available to system
With all that in place if nspawn host and container payload are up-to-date
enough we have a very simple way to make host users available in containers.
* systemd-sysusers: pick up passwords from credentials logic, so that users can
easily set root user pw. enable cred inheriting for root user from PID 1, so
that for containers we can configure the root pw automatically via nspawn's
--set-credential= switch. (Also do this for systemd-firstboot)
* whenever we receive fds via SCM_RIGHTS make sure none got dropped due to the
reception limit the kernel silently enforces.
* add an Open= setting to service unit files that can open arbitrary file
system paths at service startup time and pass them to the service process via
our usual socket activation protocol. If passed path refers to AF_UNIX
socket: connect() to it.
* add a ConnectSocket= setting to service unit files, that may reference a
socket unit, and which will connect to the socket defined therein, and pass
the resulting fd to the service program via socket activation proto.
* Add a concept of ListenStream=anonymous to socket units: listen on a socket
that is deleted in the fs. Usecase would be with ConnectSocket= above.
* Hook up journald's FSS logic with TPM2: seal the verification disk by
time-based policy, so that the verification key can remain on host and ve
validated via TPM.
* sd-boot: define a drop-in dir in the ESP that may contain X.509
certificates. If the firmware is detected to be in setup mode, automatically
enroll them as PK/KEK/db, turn off setup mode and proceed. Optionally,
instead of auto-enrolling them add them to the sd-boot menu, giving the user
the option to manually enroll them, after selecting the menu entry. This way,
installer images can just drop the certfiicates in the ESP, and on first boot
can easily enroll the keys without ever booting up.
* efi stub: optionally, load initrd from disk as a separate file, HMAC check it
with key from TPM, bound to PCR, refusing if failing. This would then allow
traditional distros that generate initrds locally to secure them with TPM:
after generating the initrd, do the HMAC calculation, put result in initrd
filename, done. This would then bind the validity of the initrd to the local
host, and used kernel, and means people cannot change initrd or kernel
without booting the kernel + initrd.
* importd: add ability download images for portabled + sysext
* importd: support image signature verification with PKCS#7 + OpenBSD signify
logic, as alternative to crummy gpg
* sd-boot: add service that automatically runs "bootctl update" on every boot,
in a graceful way, so that updated /usr trees automatically propagate into
updated boot loaders on reboot.
* sysext: optionally, if the merged trees allow it use bind mounts instead of
overlayfs
* nspawn: add support for sysext extensions, too. i.e. a new --extension=
switch that takes one or more arguments, and applies the extensions already
during startup.
* add "systemd-analyze debug" + AttachDebugger= in unit files: The former
specifies a command to execute; the latter specifies that an already running
"systemd-analyze debug" instance shall be contacted and execution paused
until it gives an OK. That way, tools like gdb or strace can be safely be
invoked on processes forked off PID 1.
* expose MS_NOSYMFOLLOW in various places
* tpm2: support a PIN policy, i.e. allowing windows-style short authentication
passwords by using the TPM2 to enforce ratelimiting and such, use for
cryptsetup and homed
* Add concept for upgrading TPM2 enrollments, maybe a new switch
--pcrs=4:<hash> or so, i.e. select a PCR to include in the hash, and then
override its hash
* homed: store PKCS#11 + FIDO2 token info in LUKS2 header, compatible with
systemd-cryptsetup, so that it can unlock homed volumes
* cryptenroll: politely refuse enrolling new keys to homed volumes, since we
we cannot update identity info
* TPM2: auto-reenroll in cryptsetup, as fallback for hosed firmware upgrades
and such
* cryptsetup: if only recovery keys are registered and no regular passphrases,
ask user for "recovery key", not "passphrase"
* cyptsetup: add option for automatically removing empty password slot on boot
* cryptsetup: optionally, when run during boot-up and password is never
entered, and we are on AC power (or so), power off machine again
entered, and we are on battery power (or so), power off machine again
* cryptsetup: when FIDO2/PKCS#11/TPM2 token/chip didn't show up after some
time, abort the attempt, fallback to asking for pw
* cryptsetup: when waiting for FIDO2/PKCS#11 token, tell plymouth that, and
allow plymouth to abort the waiting and enter pw instead
* when configuring loopback netif, and it fails due to EPERM, eat up error if
it happens to be set up alright already.
@ -76,9 +209,6 @@ Features:
* make use of new glibc 2.32 APIs sigabbrev_np() and strerrorname_np().
* cryptsetup: if keyfile specified in crypttab is AF_UNIX socket, connect to it
and read from it (like we do elsewhere with READ_FULL_FILE_CONNECT_SOCKET)
* when main nspawn supervisor process gets suspended due to SIGSTOP/SIGTTOU or
so, freeze the payload too.
@ -107,17 +237,11 @@ Features:
client UID, so that synthetic hash table collisions can slow down a specific
user's journal stream down but not the others.
* add "throttling" to sd-event event sources: optionally, when we wake up too
often for one, let's turn it off entirely for a while. Use that for the
/proc/self/mountinfo logic.
* nspawn: support time namespaces
* systemd-firstboot: make sure to always use chase_symlinks() before
reading/writing files
* add ConditionSecurity=tpm2
* Remove any support for booting without /usr pre-mounted in the initrd entirely.
Update INITRD_INTERFACE.md accordingly.
@ -140,10 +264,6 @@ Features:
o move into separate libsystemd-shared-iptables.so .so
- iptables-libs (only used by nspawn + networkd)
* seccomp: when SystemCallArchitectures=native is set then don't install any
other seccomp filters for any of the other archs, in order to reduce the
number of seccomp filters we install needlessly.
* seccomp: maybe use seccomp_merge() to merge our filters per-arch if we can.
Apparently kernel performance is much better with fewer larger seccomp
filters than with more smaller seccomp filters.
@ -207,9 +327,6 @@ Features:
thus allows defining OS images which can be A/B updated and we default to the
newest version automatically, both in nspawn and in sd-boot
* cryptsetup: support FIDO2 tokens for deriving keys (i.e. do what homed can do
also in plain cryptsetup)
* systemd-gpt-auto should probably set x-systemd.growfs on the mounts it
creates
@ -248,12 +365,6 @@ Features:
* add growvol and makevol options for /etc/crypttab, similar to
x-systemd.growfs and x-systemd-makefs.
* hook up the TPM to /etc/crypttab, with a new option that is similar to the
new PKCS#11 option in crypttab, and allows unlocking a LUKS volume via a key
unsealed from the TPM. Optionally, if TPM is not available fall back to
TPM-less mode, and set up linear DM mapping instead (inspired by kpartx), so
that the device paths stay the same, regardless if crypto is used or not.
* systemd-repart: by default generate minimized partition tables (i.e. tables
that only cover the space actually used, excluding any free space at the
end), in order to maximize dd'ability. Requires libfdisk work, see
@ -304,7 +415,7 @@ Features:
initrd had set.
* sd-event: add native support for P_ALL waitid() watching, then move PID 1 to
it fo reaping assigned but unknown children. This needs to some special care
it for reaping assigned but unknown children. This needs to some special care
to operate somewhat sensibly in light of priorities: P_ALL will return
arbitrary processes, regardless of the priority we want to watch them with,
hence on each event loop iteration check all processes which we shall watch
@ -800,9 +911,6 @@ Features:
picked up by systemd unless they contain a medium. This would mirror
the behaviour we already have for CD drives.
* networkd/udev: implement SR_IOV configuration in .link files:
http://lists.freedesktop.org/archives/systemd-devel/2015-January/027451.html
* hostnamectl: show root image uuid
* Find a solution for SMACK capabilities stuff:
@ -1017,7 +1125,7 @@ Features:
- logind: when the power button is pressed short, just popup a
logout dialog. If it is pressed for 1s, do the usual
shutdown. Inspiration are Macs here.
- expose "Locked" property on logind sesison objects
- expose "Locked" property on logind session objects
- maybe allow configuration of the StopTimeout for session scopes
- rename session scope so that it includes the UID. THat way
the session scope can be arranged freely in slices and we don't have
@ -1210,6 +1318,7 @@ Features:
- creating new directories/subvolumes/fifos/device nodes
should not follow symlinks. None of the other adjustment or creation
calls follow symlinks.
- add --test mode
* make sure systemd-ask-password-wall does not shutdown systemd-ask-password-console too early
@ -1311,7 +1420,6 @@ Features:
for all routes to it. possibly a second default for DHCP routes.
- allow Name= to be specified repeatedly in the [Match] section. Maybe also
support Name=foo*|bar*|baz ?
- duplicate address check for static IPs (like ARPCHECK in network-scripts)
- whenever uplink info changes, make DHCP server send out FORCERENEW
* Figure out how to do unittests of networkd's state serialization

15
azure-pipelines.yml
View File

@ -1,15 +0,0 @@
trigger:
- master
jobs:
- job: FuzzBuzz
displayName: FuzzBuzz
pool:
vmImage: 'ubuntu-latest'
steps:
- script: |
set -e
./travis-ci/managers/fuzzbuzz.sh
displayName: 'This is where it gets darker'

61
coccinelle/errno.cocci
View File

@ -25,6 +25,13 @@ expression e;
- return r;
@@
identifier log_LEVEL_errno =~ "^log_(debug|info|notice|warning|error|emergency)_errno$";
local idexpression r;
@@
+ return
log_LEVEL_errno(r, ...);
- return r;
@@
identifier log_LEVEL_errno =~ "^log_(debug|info|notice|warning|error|emergency)_errno$";
expression e;
@@
+ return
@ -39,3 +46,57 @@ local idexpression r;
- log_LEVEL_errno(e, args);
- r = e;
+ r = log_LEVEL_errno(e, args);
@@
identifier log_UNIT_LEVEL_errno =~ "^log_(unit|link|netdev|device|token)_(debug|info|notice|warning|error|emergency)_errno$";
local idexpression r;
expression e;
expression u;
@@
- r = -e;
+ r =
log_UNIT_LEVEL_errno(u, e, ...);
@@
identifier log_UNIT_LEVEL_errno =~ "^log_(unit|link|netdev|device|token)_(debug|info|notice|warning|error|emergency)_errno$";
local idexpression r;
expression e;
expression u;
@@
+ r =
log_UNIT_LEVEL_errno(u, e, ...);
- r = -e;
@@
identifier log_UNIT_LEVEL_errno =~ "^log_(unit|link|netdev|device|token)_(debug|info|notice|warning|error|emergency)_errno$";
local idexpression r;
expression e;
expression u;
@@
- r =
+ return
log_UNIT_LEVEL_errno(u, e, ...);
- return r;
@@
identifier log_UNIT_LEVEL_errno =~ "^log_(unit|link|netdev|device|token)_(debug|info|notice|warning|error|emergency)_errno$";
local idexpression r;
expression u;
@@
+ return
log_UNIT_LEVEL_errno(u, r, ...);
- return r;
@@
identifier log_UNIT_LEVEL_errno =~ "^log_(unit|link|netdev|device|token)_(debug|info|notice|warning|error|emergency)_errno$";
expression e;
expression u;
@@
+ return
log_UNIT_LEVEL_errno(u, e, ...);
- return -e;
@@
identifier log_UNIT_LEVEL_errno =~ "^log_(unit|link|netdev|device|token)_(debug|info|notice|warning|error|emergency)_errno$";
expression list args;
expression e;
expression u;
local idexpression r;
@@
- log_UNIT_LEVEL_errno(u, e, args);
- r = e;
+ r = log_UNIT_LEVEL_errno(u, e, args);

3
coccinelle/flags-set.cocci
View File

@ -8,7 +8,8 @@ position p : script:python() {
p[0].current_element == "log_set_max_level_realm" or
p[0].current_element == "unichar_is_valid")
};
expression x, y;
expression x;
constant y;
@@
(
- ((x@p) & (y)) == (y)

1
coccinelle/run-coccinelle.sh
View File

@ -7,6 +7,7 @@ EXCLUDED_PATHS=(
"src/basic/linux/*"
# Symlinked to test-bus-vtable-cc.cc, which causes issues with the IN_SET macro
"src/libsystemd/sd-bus/test-bus-vtable.c"
"src/libsystemd/sd-journal/lookup3.c"
)
top="$(git rev-parse --show-toplevel)"

3
coccinelle/strjoina.cocci
View File

@ -1,6 +1,7 @@
@@
position p : script:python() { p[0].current_element != "test_strjoina" };
expression n, m;
expression list s;
@@
- n = strjoina(m, s, NULL);
- n = strjoina@p(m, s, NULL);
+ n = strjoina(m, s);

214
coccinelle/synthetic-errno.cocci
View File

@ -15,9 +15,15 @@ log_debug("Found no default boot entry :(");
expression e;
expression list args;
@@
(
/* Ignore specific cases in src/import/{export,import,pull}.c where we want to return positive value on success. */
log_info("Exiting.");
return -r;
|
- log_info(args);
- return -e;
+ return log_info_errno(SYNTHETIC_ERRNO(e), args);
)
@@
expression e;
expression list args;
@ -46,3 +52,211 @@ expression list args;
@@
- log_LEVEL_errno(ERRNO, args);
+ log_LEVEL_errno(SYNTHETIC_ERRNO(ERRNO), args);
@@
identifier log_UNIT_LEVEL_errno =~ "^log_(unit|link|device|token)_(debug|info|notice|warning|error|emergency)_errno$";
identifier ERRNO =~ "^E[A-Z]+$";
expression u;
expression list args;
@@
- log_UNIT_LEVEL_errno(u, ERRNO, args);
+ log_UNIT_LEVEL_errno(u, SYNTHETIC_ERRNO(ERRNO), args);
@@
expression e;
expression u;
expression list args;
@@
- log_unit_debug(u, args);
- return -e;
+ return log_unit_debug_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_unit_info(u, args);
- return -e;
+ return log_unit_info_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_unit_notice(u, args);
- return -e;
+ return log_unit_notice_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_unit_error(u, args);
- return -e;
+ return log_unit_error_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_unit_emergency(u, args);
- return -e;
+ return log_unit_emergency_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_link_debug(u, args);
- return -e;
+ return log_link_debug_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_link_info(u, args);
- return -e;
+ return log_link_info_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_link_notice(u, args);
- return -e;
+ return log_link_notice_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_link_error(u, args);
- return -e;
+ return log_link_error_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_link_emergency(u, args);
- return -e;
+ return log_link_emergency_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_netdev_debug(u, args);
- return -e;
+ return log_netdev_debug_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_netdev_info(u, args);
- return -e;
+ return log_netdev_info_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_netdev_notice(u, args);
- return -e;
+ return log_netdev_notice_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_netdev_error(u, args);
- return -e;
+ return log_netdev_error_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_netdev_emergency(u, args);
- return -e;
+ return log_netdev_emergency_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_device_debug(u, args);
- return -e;
+ return log_device_debug_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_device_info(u, args);
- return -e;
+ return log_device_info_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_device_notice(u, args);
- return -e;
+ return log_device_notice_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_device_error(u, args);
- return -e;
+ return log_device_error_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_device_emergency(u, args);
- return -e;
+ return log_device_emergency_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_token_debug(u, args);
- return -e;
+ return log_token_debug_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_token_info(u, args);
- return -e;
+ return log_token_info_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_token_notice(u, args);
- return -e;
+ return log_token_notice_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_token_error(u, args);
- return -e;
+ return log_token_error_errno(u, SYNTHETIC_ERRNO(e), args);
@@
expression e;
expression u;
expression list args;
@@
- log_token_emergency(u, args);
- return -e;
+ return log_token_emergency_errno(u, SYNTHETIC_ERRNO(e), args);

1
configure vendored
View File

@ -1,4 +1,5 @@
#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
cflags=CFLAGS="$CFLAGS"

18
docs/CODE_QUALITY.md
View File

@ -10,13 +10,15 @@ The systemd project has a number of code quality tools set up in the source
tree and on the github infrastructure. Here's an incomprehensive list of the
available functionality:
1. Use `ninja -C build test` to run the unit tests. Some tests are skipped if
1. Use `meson test -C build` to run the unit tests. Some tests are skipped if
no privileges are available, hence consider also running them with `sudo
ninja -C build test`. A couple of unit tests are considered "unsafe" (as
they change system state); to run those too, build with `meson
meson test -C build`. A couple of unit tests are considered "unsafe" (as
they change system state); to run those too, build with `meson setup
-Dtests=unsafe`. Finally, some unit tests are considered to be very slow,
build them too with `meson -Dslow-tests=true`. (Note that there are a couple
of manual tests in addition to these unit tests.)
build them too with `meson setup -Dslow-tests=true`. (Note that there are a
couple of manual tests in addition to these unit tests.) (Also note: you can
change these flags for an already set up build tree, too, with "meson
configure -C build -D…".)
2. Use `./test/run-integration-tests.sh` to run the full integration test
suite. This will build OS images with a number of integration tests and run
@ -35,14 +37,14 @@ available functionality:
`./tools/find-tabs.sh recpatch` to fix them. (Again, grain of salt, foreign
headers should usually be left unmodified.)
6. Use `ninja -C build check-api-docs` to compare the list of exported
6. Use `meson compile -C build check-api-docs` to compare the list of exported
symbols of `libsystemd.so` and `libudev.so` with the list of man pages. Symbols
lacking documentation are highlighted.
7. Use `ninja -C build hwdb-update` to automatically download and import the
7. Use `meson compile -C build update-hwdb` to automatically download and import the
PCI, USB and OUI databases into hwdb.
8. Use `ninja -C build man/update-man-rules` to update the meson rules for
8. Use `meson compile -C build update-man-rules` to update the meson rules for
building man pages automatically from the docbook XML files included in
`man/`.

6
docs/CODING_STYLE.md
View File

@ -587,6 +587,12 @@ layout: default
time you need that please immediately undefine `basename()`, and add a
comment about it, so that no code ever ends up using the POSIX version!
- Never use `FILENAME_MAX`. Use `PATH_MAX` instead (for checking maximum size
of paths) and `NAME_MAX` (for checking maximum size of filenames).
`FILENAME_MAX` is not POSIX, and is a confusingly named alias for `PATH_MAX`
on Linux. Note the `NAME_MAX` does not include space for a trailing `NUL`,
but `PATH_MAX` does. UNIX FTW!
## Committing to git
- Commit message subject lines should be prefixed with an appropriate component

18
docs/DISCOVERABLE_PARTITIONS.md
View File

@ -99,7 +99,7 @@ partitions, the partition flag bit 63 ("*no-auto*") may be used to turn off
auto-discovery for the specific partition. If set, the partition will not be
automatically mounted or enabled.
For the root, `/usr/` server data, home, variable data and temporary data
For the root, `/usr/`, server data, home, variable data and temporary data
partitions, the partition flag bit 60 ("*read-only*") may be used to mark a
partition for read-only mounts only. If set, the partition will be mounted
read-only instead of read-write. Note that the variable data partition and the
@ -225,10 +225,12 @@ appliance-like installations.
### What partitioning tools will create a DPS-compliant partition table?
As of util-linux 2.25.2, the fdisk tool provides type codes to create the root,
home, and swap partitions that the DPS expects, but the gdisk tool (version
0.8.10) and its variants do not support creation of a root file system with a
matching type code. By default, fdisk will create an old-style MBR, not a GPT,
so typing 'l' to list partition types will not show the choices that the root
partition with the correct UUID. You must first create an empty GPT and then
type 'l' in order for the DPS-compliant type codes to be available.
As of util-linux 2.25.2, the `fdisk` tool provides type codes to create the
root, home, and swap partitions that the DPS expects. By default, `fdisk` will
create an old-style MBR, not a GPT, so typing `l` to list partition types will
not show the choices to let you set the correct UUID. Make sure to first create
an empty GPT, then type `l` in order for the DPS-compliant type codes to be
available.
The `gdisk` tool (from version 1.0.5 onward) and its variants (`sgdisk`,
`cgdisk`) also support creation of partitions with a matching type code.

219
docs/ENVIRONMENT.md
View File

@ -19,18 +19,17 @@ documented in the proper man pages.
All tools:
* `$SYSTEMD_OFFLINE=[0|1]` — if set to `1`, then `systemctl` will
refrain from talking to PID 1; this has the same effect as the historical
detection of `chroot()`. Setting this variable to `0` instead has a similar
effect as `SYSTEMD_IGNORE_CHROOT=1`; i.e. tools will try to
communicate with PID 1 even if a `chroot()` environment is detected.
You almost certainly want to set this to `1` if you maintain a package build system
or similar and are trying to use a modern container system and not plain
`chroot()`.
* `$SYSTEMD_OFFLINE=[0|1]` — if set to `1`, then `systemctl` will refrain from
talking to PID 1; this has the same effect as the historical detection of
`chroot()`. Setting this variable to `0` instead has a similar effect as
`SYSTEMD_IGNORE_CHROOT=1`; i.e. tools will try to communicate with PID 1 even
if a `chroot()` environment is detected. You almost certainly want to set
this to `1` if you maintain a package build system or similar and are trying
to use a modern container system and not plain `chroot()`.
* `$SYSTEMD_IGNORE_CHROOT=1` — if set, don't check whether being invoked in a
`chroot()` environment. This is particularly relevant for systemctl, as it
will not alter its behaviour for `chroot()` environments if set. Normally it
will not alter its behaviour for `chroot()` environments if set. Normally it
refrains from talking to PID 1 in such a case; turning most operations such
as `start` into no-ops. If that's what's explicitly desired, you might
consider setting `SYSTEMD_OFFLINE=1`.
@ -39,22 +38,35 @@ All tools:
will print latency information at runtime.
* `$SYSTEMD_PROC_CMDLINE` — if set, the contents are used as the kernel command
line instead of the actual one in /proc/cmdline. This is useful for
line instead of the actual one in `/proc/cmdline`. This is useful for
debugging, in order to test generators and other code against specific kernel
command lines.
* `$SYSTEMD_FSTAB` — if set, use this path instead of /etc/fstab. Only useful
* `$SYSTEMD_FSTAB` — if set, use this path instead of `/etc/fstab`. Only useful
for debugging.
* `$SYSTEMD_CRYPTTAB` — if set, use this path instead of /etc/crypttab. Only
useful for debugging. Currently only supported by systemd-cryptsetup-generator.
* `$SYSTEMD_CRYPTTAB` — if set, use this path instead of `/etc/crypttab`. Only
useful for debugging. Currently only supported by
`systemd-cryptsetup-generator`.
* `$SYSTEMD_VERITYTAB` — if set, use this path instead of
`/etc/veritytab`. Only useful for debugging. Currently only supported by
`systemd-veritysetup-generator`.
* `$SYSTEMD_EFI_OPTIONS` — if set, used instead of the string in the
SystemdOptions EFI variable. Analogous to `$SYSTEMD_PROC_CMDLINE`.
`SystemdOptions` EFI variable. Analogous to `$SYSTEMD_PROC_CMDLINE`.
* `$SYSTEMD_IN_INITRD` — takes a boolean. If set, overrides initrd detection.
This is useful for debugging and testing initrd-only programs in the main
system.
* `$SYSTEMD_DEFAULT_HOSTNAME` — override the compiled-in fallback hostname
(relevant in particular for the system manager and `systemd-hostnamed`).
Must be a valid hostname (either a single label or a FQDN).
* `$SYSTEMD_IN_INITRD=[auto|lenient|0|1]` — if set, specifies initrd detection
method. Defaults to `auto`. Behavior is defined as follows:
`auto`: Checks if `/etc/initrd-release` exists, and a temporary fs is mounted
on `/`. If both conditions meet, then it's in initrd.
`lenient`: Similar to `auto`, but the rootfs check is skipped.
`0|1`: Simply overrides initrd detection. This is useful for debugging and
testing initrd-only programs in the main system.
* `$SYSTEMD_BUS_TIMEOUT=SECS` — specifies the maximum time to wait for method call
completion. If no time unit is specified, assumes seconds. The usual other units
@ -62,23 +74,23 @@ All tools:
to 0, then the built-in default is used.
* `$SYSTEMD_MEMPOOL=0` — if set, the internal memory caching logic employed by
hash tables is turned off, and libc malloc() is used for all allocations.
hash tables is turned off, and libc `malloc()` is used for all allocations.
* `$SYSTEMD_EMOJI=0` — if set, tools such as "systemd-analyze security" will
* `$SYSTEMD_EMOJI=0` — if set, tools such as `systemd-analyze security` will
not output graphical smiley emojis, but ASCII alternatives instead. Note that
this only controls use of Unicode emoji glyphs, and has no effect on other
Unicode glyphs.
* `$RUNTIME_DIRECTORY` — various tools use this variable to locate the
appropriate path under /run. This variable is also set by the manager when
RuntimeDirectory= is used, see systemd.exec(5).
appropriate path under `/run/`. This variable is also set by the manager when
`RuntimeDirectory=` is used, see systemd.exec(5).
* `$SYSTEMD_CRYPT_PREFIX` — if set configures the hash method prefix to use for
UNIX crypt() when generating passwords. By default the system's "preferred
method" is used, but this can be overridden with this environment
variable. Takes a prefix such as `$6$` or `$y$`. (Note that this is only
honoured on systems built with libxcrypt and is ignored on systems using
glibc's original, internal crypt() implementation.)
UNIX `crypt()` when generating passwords. By default the system's "preferred
method" is used, but this can be overridden with this environment variable.
Takes a prefix such as `$6$` or `$y$`. (Note that this is only honoured on
systems built with libxcrypt and is ignored on systems using glibc's
original, internal `crypt()` implementation.)
* `$SYSTEMD_RDRAND=0` — if set, the RDRAND instruction will never be used,
even if the CPU supports it.
@ -87,10 +99,10 @@ All tools:
support for it is compiled in and available in the kernel.
* `$SYSTEMD_LOG_SECCOMP=1` — if set, system calls blocked by seccomp filtering,
for example in systemd-nspawn, will be logged to the audit log, if the current
kernel version supports this.
for example in `systemd-nspawn`, will be logged to the audit log, if the
kernel supports this.
systemctl:
`systemctl`:
* `$SYSTEMCTL_FORCE_BUS=1` — if set, do not connect to PID1's private D-Bus
listener, and instead always connect through the dbus-daemon D-bus broker.
@ -98,16 +110,16 @@ systemctl:
* `$SYSTEMCTL_INSTALL_CLIENT_SIDE=1` — if set, enable or disable unit files on
the client side, instead of asking PID 1 to do this.
* `$SYSTEMCTL_SKIP_SYSV=1` — if set, do not call out to SysV compatibility hooks.
* `$SYSTEMCTL_SKIP_SYSV=1` — if set, do not call SysV compatibility hooks.
systemd-nspawn:
`systemd-nspawn`:
* `$SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=1` — if set, force nspawn into unified
cgroup hierarchy mode.
* `$SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=1` — if set, force `systemd-nspawn` into
unified cgroup hierarchy mode.
* `$SYSTEMD_NSPAWN_API_VFS_WRITABLE=1` — if set, make /sys and /proc/sys and
friends writable in the container. If set to "network", leave only
/proc/sys/net writable.
* `$SYSTEMD_NSPAWN_API_VFS_WRITABLE=1` — if set, make `/sys/`, `/proc/sys/`,
and friends writable in the container. If set to "network", leave only
`/proc/sys/net/` writable.
* `$SYSTEMD_NSPAWN_CONTAINER_SERVICE=…` — override the "service" name nspawn
uses to register with machined. If unset defaults to "nspawn", but with this
@ -118,52 +130,41 @@ systemd-nspawn:
* `$SYSTEMD_NSPAWN_LOCK=0` — if set, do not lock container images when running.
* `$SYSTEMD_NSPAWN_TMPFS_TMP=0` — if set, do not overmount /tmp in the
* `$SYSTEMD_NSPAWN_TMPFS_TMP=0` — if set, do not overmount `/tmp/` in the
container with a tmpfs, but leave the directory from the image in place.
systemd-logind:
`systemd-logind`:
* `$SYSTEMD_BYPASS_HIBERNATION_MEMORY_CHECK=1` — if set, report that
hibernation is available even if the swap devices do not provide enough room
for it.
systemd-udevd:
* `$NET_NAMING_SCHEME=` if set, takes a network naming scheme (i.e. one of
"v238", "v239", "v240"…, or the special value "latest") as parameter. If
specified udev's net_id builtin will follow the specified naming scheme when
determining stable network interface names. This may be used to revert to
naming schemes of older udev versions, in order to provide more stable naming
across updates. This environment variable takes precedence over the kernel
command line option `net.naming-scheme=`, except if the value is prefixed
with `:` in which case the kernel command line option takes precedence, if it
is specified as well.
* `$SYSTEMD_REBOOT_TO_FIRMWARE_SETUP` — if set overrides systemd-logind's
built-in EFI logic of requesting a reboot into the firmware. Takes a
boolean. If set to false the functionality is turned off entirely. If set to
true instead of requesting a reboot into the firmware setup UI through EFI a
file `/run/systemd/reboot-to-firmware-setup` is created whenever this is
* `$SYSTEMD_REBOOT_TO_FIRMWARE_SETUP` — if set, overrides `systemd-logind`'s
built-in EFI logic of requesting a reboot into the firmware. Takes a boolean.
If set to false, the functionality is turned off entirely. If set to true,
instead of requesting a reboot into the firmware setup UI through EFI a file,
`/run/systemd/reboot-to-firmware-setup` is created whenever this is
requested. This file may be checked for by services run during system
shutdown in order to request the appropriate operation from the firmware in
an alternative fashion.
* `$SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU` — similar to the above, allows
overriding of systemd-logind's built-in EFI logic of requesting a reboot into
the boot loader menu. Takes a boolean. If set to false the functionality is
turned off entirely. If set to true instead of requesting a reboot into the
boot loader menu through EFI a file `/run/systemd/reboot-to-boot-loader-menu`
is created whenever this is requested. The file contains the requested boot
loader menu timeout in µs, formatted in ASCII decimals, or zero in case no
timeout is requested. This file may be checked for by services run during
system shutdown in order to request the appropriate operation from the boot
loader in an alternative fashion.
overriding of `systemd-logind`'s built-in EFI logic of requesting a reboot
into the boot loader menu. Takes a boolean. If set to false, the
functionality is turned off entirely. If set to true, instead of requesting a
reboot into the boot loader menu through EFI, the file
`/run/systemd/reboot-to-boot-loader-menu` is created whenever this is
requested. The file contains the requested boot loader menu timeout in µs,
formatted in ASCII decimals, or zero in case no timeout is requested. This
file may be checked for by services run during system shutdown in order to
request the appropriate operation from the boot loader in an alternative
fashion.
* `$SYSTEMD_REBOOT_TO_BOOT_LOADER_ENTRY` — similar to the above, allows
overriding of systemd-logind's built-in EFI logic of requesting a reboot into
a specific boot loader entry. Takes a boolean. If set to false the
functionality is turned off entirely. If set to true instead of requesting a
reboot into a specific boot loader entry through EFI a file
overriding of `systemd-logind`'s built-in EFI logic of requesting a reboot
into a specific boot loader entry. Takes a boolean. If set to false, the
functionality is turned off entirely. If set to true, instead of requesting a
reboot into a specific boot loader entry through EFI, the file
`/run/systemd/reboot-to-boot-loader-entry` is created whenever this is
requested. The file contains the requested boot loader entry identifier. This
file may be checked for by services run during system shutdown in order to
@ -178,18 +179,31 @@ systemd-udevd:
`/run/boot-loader-entries/loader/entries/*.conf`, and the files referenced by
the drop-ins (including the kernels and initrds) somewhere else below
`/run/boot-loader-entries/`. Note that all these files may be (and are
supposed to be) symlinks. systemd-logind will load these files on-demand,
supposed to be) symlinks. `systemd-logind` will load these files on-demand,
these files can hence be updated (ideally atomically) whenever the boot
loader configuration changes. A foreign boot loader installer script should
hence synthesize drop-in snippets and symlinks for all boot entries at boot
or whenever they change if it wants to integrate with systemd-logind's APIs.
or whenever they change if it wants to integrate with `systemd-logind`'s
APIs.
`systemd-udevd`:
* `$NET_NAMING_SCHEME=` if set, takes a network naming scheme (i.e. one of
"v238", "v239", "v240"…, or the special value "latest") as parameter. If
specified udev's `net_id` builtin will follow the specified naming scheme
when determining stable network interface names. This may be used to revert
to naming schemes of older udev versions, in order to provide more stable
naming across updates. This environment variable takes precedence over the
kernel command line option `net.naming-scheme=`, except if the value is
prefixed with `:` in which case the kernel command line option takes
precedence, if it is specified as well.
installed systemd tests:
* `$SYSTEMD_TEST_DATA` — override the location of test data. This is useful if
a test executable is moved to an arbitrary location.
nss-systemd:
`nss-systemd`:
* `$SYSTEMD_NSS_BYPASS_SYNTHETIC=1` — if set, `nss-systemd` won't synthesize
user/group records for the `root` and `nobody` users if they are missing from
@ -203,20 +217,20 @@ nss-systemd:
dynamic user lookups. This is primarily useful to make `nss-systemd` work
safely from within `dbus-daemon`.
systemd-timedated:
`systemd-timedated`:
* `$SYSTEMD_TIMEDATED_NTP_SERVICES=…` — colon-separated list of unit names of
NTP client services. If set, `timedatectl set-ntp on` enables and starts the
first existing unit listed in the environment variable, and
`timedatectl set-ntp off` disables and stops all listed units.
systemd-sulogin-shell:
`systemd-sulogin-shell`:
* `$SYSTEMD_SULOGIN_FORCE=1` — This skips asking for the root password if the
root password is not available (such as when the root account is locked).
See `sulogin(8)` for more details.
bootctl and other tools that access the EFI System Partition (ESP):
`bootctl` and other tools that access the EFI System Partition (ESP):
* `$SYSTEMD_RELAX_ESP_CHECKS=1` — if set, the ESP validation checks are
relaxed. Specifically, validation checks that ensure the specified ESP path
@ -225,11 +239,11 @@ bootctl and other tools that access the EFI System Partition (ESP):
* `$SYSTEMD_ESP_PATH=…` — override the path to the EFI System Partition. This
may be used to override ESP path auto detection, and redirect any accesses to
the ESP to the specified directory. Not that unlike with bootctl's --path=
switch only very superficial validation of the specified path is done when
this environment variable is used.
the ESP to the specified directory. Note that unlike with `bootctl`'s
`--path=` switch only very superficial validation of the specified path is
done when this environment variable is used.
systemd itself:
`systemd` itself:
* `$SYSTEMD_ACTIVATION_UNIT` — set for all NSS and PAM module invocations that
are done by the service manager on behalf of a specific unit, in child
@ -247,16 +261,55 @@ systemd itself:
it is either set to `system` or `user` depending on whether the NSS/PAM
module is called by systemd in `--system` or `--user` mode.
systemd-remount-fs:
`systemd-remount-fs`:
* `$SYSTEMD_REMOUNT_ROOT_RW=1` — if set and no entry for the root directory
exists in /etc/fstab (this file always takes precedence), then the root
exists in `/etc/fstab` (this file always takes precedence), then the root
directory is remounted writable. This is primarily used by
systemd-gpt-auto-generator to ensure the root partition is mounted writable
`systemd-gpt-auto-generator` to ensure the root partition is mounted writable
in accordance to the GPT partition flags.
systemd-firstboot and localectl:
`systemd-firstboot` and `localectl`:
* `SYSTEMD_LIST_NON_UTF8_LOCALES=1` if set non-UTF-8 locales are listed among
* `SYSTEMD_LIST_NON_UTF8_LOCALES=1` if set, non-UTF-8 locales are listed among
the installed ones. By default non-UTF-8 locales are suppressed from the
selection, since we are living in the 21st century.
`systemd-sysext`:
* `SYSTEMD_SYSEXT_HIERARCHIES` this variable may be used to override which
hierarchies are managed by `systemd-sysext`. By default only `/usr/` and
`/opt/` are managed, and directories may be added or removed to that list by
setting this environment variable to a colon-separated list of absolute
paths. Only "real" file systems and directories that only contain "real" file
systems as submounts should be used. Do not specify API file systems such as
`/proc/` or `/sys/` here, or hierarchies that have them as submounts. In
particular, do not specify the root directory `/` here.
`systemd-tmpfiles`:
* `SYSTEMD_TMPFILES_FORCE_SUBVOL` — if unset, `v`/`q`/`Q` lines will create
subvolumes only if the OS itself is installed into a subvolume. If set to `1`
(or another value interpreted as true), these lines will always create
subvolumes if the backing filesystem supports them. If set to `0`, these
lines will always create directories.
`systemd-sysv-generator`:
* `$SYSTEMD_SYSVINIT_PATH` — Controls where `systemd-sysv-generator` looks for
SysV init scripts.
* `$SYSTEMD_SYSVRCND_PATH` — Controls where `systemd-sysv-generator` looks for
SysV init script runlevel link farms.
fuzzers:
* `$SYSTEMD_FUZZ_OUTPUT` — A boolean that specifies whether to write output to
stdout. Setting to true is useful in manual invocations, since all output is
suppressed by default.
* `$SYSTEMD_FUZZ_RUNS` — The number of times execution should be repeated in
manual invocations.
Note that is may be also useful to set `$SYSTEMD_LOG_LEVEL`, since all logging
is suppressed by default.

2
docs/GROUP_RECORD.md
View File

@ -7,7 +7,7 @@ layout: default
# JSON Group Records
Long story short: JSON Group Records are to `struct group` what [JSON User
Records](https://systemd.io/USER_RECORD.md) are to `struct passwd`.
Records](https://systemd.io/USER_RECORD) are to `struct passwd`.
Conceptually, much of what applies to JSON user records also applies to JSON
group records. They also consist of seven sections, with similar properties and

9
src/libsystemd/sd-bus/GVARIANT-SERIALIZATION → docs/GVARIANT-SERIALIZATION.md
View File

@ -1,5 +1,10 @@
How we use GVariant for serializing D-Bus messages
--------------------------------------------------
---
title: GVariant D-Bus Message Serialization
category: Interfaces
layout: default
---
# GVariant D-Bus Message Serialization
We stay close to the original dbus1 framing as possible, but make
certain changes to adapt for GVariant. dbus1 has the following

120
docs/HACKING.md
View File

@ -44,28 +44,37 @@ generate a disk image `image.raw` you can boot either in `systemd-nspawn` or in
an UEFI-capable VM:
```
# systemd-nspawn -bi image.raw
# mkosi boot
```
or:
```
# qemu-system-x86_64 -enable-kvm -m 512 -smp 2 -bios /usr/share/edk2/ovmf/OVMF_CODE.fd -hda image.raw
# mkosi qemu
```
Every time you rerun the `mkosi` command a fresh image is built, incorporating
all current changes you made to the project tree.
all current changes you made to the project tree. To save time when rebuilding,
you can use mkosi's incremental mode (`-i`). This instructs mkosi to build a set
of cache images that make future builds a lot faster. Note that the `-i` flag
both instructs mkosi to build cached images if they don't exist yet and to use
cached images if they already exist so make sure to always specify `-i` if you
want mkosi to use the cached images.
Alternatively, you may install the systemd version from your git check-out
directly on top of your host system's directory tree. This mostly works fine,
but of course you should know what you are doing as you might make your system
unbootable in case of a bug in your changes. Also, you might step into your
package manager's territory with this. Be careful!
If you're going to build mkosi images that use the same distribution and release
that you're currently using, you can speed up the initial mkosi run by having it
reuse the host's package cache. To do this, create a mkosi override file in
mkosi.default.d/ (e.g 20-local.conf) and add the following contents:
And never forget: most distributions provide very simple and convenient ways to
install all development packages necessary to build systemd. For example, on
Fedora the following command line should be sufficient to install all of
systemd's build dependencies:
```
[Packages]
Cache=<full-path-to-package-manager-cache> # (e.g. /var/cache/dnf)
```
If you want to do a local build without mkosi, most distributions also provide
very simple and convenient ways to install all development packages necessary
to build systemd. For example, on Fedora the following command line should be
sufficient to install all of systemd's build dependencies:
```
# dnf builddep systemd
@ -81,12 +90,11 @@ $ git clone https://github.com/systemd/systemd.git
$ cd systemd
$ vim src/core/main.c # or wherever you'd like to make your changes
$ meson build # configure the build
$ ninja -C build # build it locally, see if everything compiles fine
$ ninja -C build test # run some simple regression tests
$ meson compile -C build # build it locally, see if everything compiles fine
$ meson test -C build # run some simple regression tests
$ ln -s .mkosi/mkosi.fedora mkosi.default # Configure mkosi to build a fedora image
$ (umask 077; echo 123 > mkosi.rootpw) # set root password used by mkosi
$ sudo mkosi # build a test image
$ sudo systemd-nspawn -bi image.raw # boot up the test image
$ sudo mkosi boot # boot up the test image
$ git add -p # interactively put together your patch
$ git commit # commit it
$ git push REMOTE HEAD:refs/heads/BRANCH
@ -136,3 +144,83 @@ For more details on building fuzzers and integrating with OSS-Fuzz, visit:
- [Setting up a new project - OSS-Fuzz](https://google.github.io/oss-fuzz/getting-started/new-project-guide/)
- [Tutorials - OSS-Fuzz](https://google.github.io/oss-fuzz/reference/useful-links/#tutorials)
## mkosi + clangd
[clangd](https://clangd.llvm.org/) is a language server that provides code completion, diagnostics and more
right in your editor of choice (with the right plugin installed). When using mkosi, we can run clangd in the
mkosi build container to avoid needing to build systemd on the host machine just to make clangd work. To
achieve this, create a script with the following contents in systemd's project directory on the host:
```sh
#!/usr/bin/env sh
tee mkosi-clangd.build > /dev/null << EOF
#!/usr/bin/env sh
exec clangd \\
--compile-commands-dir=/root/build \\
--path-mappings=\\
"\\
$(pwd)=/root/src,\\
$(pwd)/mkosi.builddir=/root/build,\\
$(pwd)/mkosi.includedir=/usr/include,\\
$(pwd)/mkosi.installdir=/root/dest\\
" \\
--header-insertion=never
EOF
chmod +x mkosi-clangd.build
exec sudo mkosi --source-file-transfer=mount --incremental --skip-final-phase --build-script mkosi-clangd.build build
```
Next, mark the script as executable and point your editor plugin to use this script to start clangd. For
vscode's clangd extension, this is done via setting the `clangd.path` option to the path of the
mkosi-clangd.sh script.
To be able to navigate to include files of systemd's dependencies, we need to make the /usr/include folder of
the build image available on the host. mkosi supports this by setting the `IncludeDirectory` option in
mkosi's config. The easiest way to set the option is to create a file 20-local.conf in mkosi.default.d/ and
add the following contents:
```
[Packages]
IncludeDirectory=mkosi.includedir
```
This will make the contents of /usr/include available in mkosi.includedir in the systemd project directory.
We already configured clangd to map any paths in /usr/include in the build image to mkosi.includedir/ on the
host in the mkosi-clangd.sh script.
We also need to make sure clangd is installed in the build image. To have mkosi install clangd in the build
image, edit the 20-local.conf file we created earlier and add the following contents under the `[Packages]`
section:
```
BuildPackages=<clangd-package>
```
Note that the exact package containing clangd will differ depending on the distribution used. Some
distributions have a separate clangd package, others put the clangd binary in a clang-tools-extra package and
some bundle clangd in the clang package.
Because mkosi needs to run as root, we also need to make sure we can enter the root password when the editor
plugin tries to run the mkosi-clangd.sh script. To be able to enter the root password in non-interactive
scripts, we use an askpass provider. This is a program that sudo will launch if it detects it's being
executed from a non-interactive shell so that the root password can still be entered. There are multiple
implementations such as gnome askpass and KDE askpass. Install one of the askpass packages your distro
provides and set the `SUDO_ASKPASS` environment variable to the path of the askpass binary you want to use.
If configured correctly, a window will appear when your editor plugin tries to run the mkosi-clangd.sh script
allowing you to enter the root password.
Due to a bug in btrfs, it's currently impossible to mount two mkosi btrfs images at the same time. Because of
this, trying to do a regular build while the clangd image is running will fail. To circumvent this, use ext4
instead of btrfs for the images by adding the following contents to 20-local.conf:
```
[Output]
Format=gpt_ext4
```
Finally, to ensure clangd starts up quickly in the editor, run an incremental build with mkosi to make sure
the cached images are initialized (`mkosi -i`).
Now, your editor will start clangd in the mkosi build image and all of clangd's features will work as
expected.

8
docs/PORTABILITY_AND_STABILITY.md
View File

@ -82,7 +82,7 @@ And now, here's the list of (hopefully) all APIs that we have introduced with sy
| [hostnamed](https://www.freedesktop.org/wiki/Software/systemd/hostnamed) | D-Bus | yes | yes | GNOME | yes | [Ubuntu](https://launchpad.net/ubuntu/+source/ubuntu-system-service), [Gentoo](http://www.gentoo.org/proj/en/desktop/gnome/openrc-settingsd.xml), [BSD](http://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systembsd.git;a=summary) | partially |
| [localed](https://www.freedesktop.org/wiki/Software/systemd/localed) | D-Bus | yes | yes | GNOME | yes | [Ubuntu](https://launchpad.net/ubuntu/+source/ubuntu-system-service), [Gentoo](http://www.gentoo.org/proj/en/desktop/gnome/openrc-settingsd.xml), [BSD](http://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systembsd.git;a=summary) | partially |
| [timedated](https://www.freedesktop.org/wiki/Software/systemd/timedated) | D-Bus | yes | yes | GNOME | yes | [Gentoo](http://www.gentoo.org/proj/en/desktop/gnome/openrc-settingsd.xml), [BSD](http://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systembsd.git;a=summary) | partially |
| [initrd interface](https://systemd.io/INITRD_INTERFACE/) | Environment, flag files | yes | yes | dracut, ArchLinux | yes | ArchLinux | no |
| [initrd interface](https://systemd.io/INITRD_INTERFACE) | Environment, flag files | yes | yes | dracut, ArchLinux | yes | ArchLinux | no |
| [Container interface](https://systemd.io/CONTAINER_INTERFACE) | Environment, Mounts | yes | yes | libvirt/LXC | yes | - | no |
| [Boot Loader interface](https://systemd.io/BOOT_LOADER_INTERFACE) | EFI variables | yes | yes | gummiboot | yes | - | no |
| [Service bus API](https://www.freedesktop.org/wiki/Software/systemd/dbus) | D-Bus | yes | yes | system-config-services | no | - | no |
@ -94,14 +94,14 @@ And now, here's the list of (hopefully) all APIs that we have introduced with sy
| [$XDG_RUNTIME_DIR](https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html) | Environment | yes | yes | glib, GNOME | yes | - | no |
| [$LISTEN_FDS $LISTEN_PID FD Passing](https://www.freedesktop.org/software/systemd/man/sd_listen_fds.html) | Environment | yes | yes | numerous (via sd-daemon.h) | yes | - | no |
| [$NOTIFY_SOCKET Daemon Notifications](https://www.freedesktop.org/software/systemd/man/sd_notify.html) | Environment | yes | yes | a few, including udev | yes | - | no |
| [argv&#91;0&#93;&#91;0&#93;='@' Logic](https://systemd.io/ROOT_STORAGE_DAEMONS/) | `/proc` marking | yes | yes | mdadm | yes | - | no |
| [argv&#91;0&#93;&#91;0&#93;='@' Logic](https://systemd.io/ROOT_STORAGE_DAEMONS) | `/proc` marking | yes | yes | mdadm | yes | - | no |
| [Unit file format](https://www.freedesktop.org/software/systemd/man/systemd.unit.html) | File format | yes | yes | numerous | no | - | no |
| [Network](https://www.freedesktop.org/software/systemd/man/systemd.network.html) & [Netdev file format](https://www.freedesktop.org/software/systemd/man/systemd.netdev.html) | File format | yes | yes | no | no | - | no |
| [Link file format](https://www.freedesktop.org/software/systemd/man/systemd.link.html) | File format | yes | yes | no | no | - | no |
| [Journal File Format](https://systemd.io/JOURNAL_FILE_FORMAT) | File format | yes | yes | - | maybe | - | no |
| [Journal Export Format](https://www.freedesktop.org/wiki/Software/systemd/export) | File format | yes | yes | - | yes | - | no |
| [Cooperation in cgroup tree](https://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups) | Treaty | yes | yes | libvirt | yes | libvirt | no |
| [Password Agents](https://systemd.io/PASSWORD_AGENTS/) | Socket+Files | yes | yes | - | yes | - | no |
| [Password Agents](https://systemd.io/PASSWORD_AGENTS) | Socket+Files | yes | yes | - | yes | - | no |
| [udev multi-seat properties](https://www.freedesktop.org/software/systemd/man/sd-login.html) | udev Property | yes | yes | X11, gdm | no | - | no |
| udev session switch ACL properties | udev Property | no | no | - | no | - | no |
| [CLI of systemctl,...](https://www.freedesktop.org/software/systemd/man/systemctl.html) | CLI | yes | yes | numerous | no | - | no |
@ -120,7 +120,7 @@ And now, here's the list of (hopefully) all APIs that we have introduced with sy
| `/run` | File hierarchy change | yes | yes | numerous | yes | OpenSUSE, Debian, ArchLinux | no |
| [Generators](https://www.freedesktop.org/software/systemd/man/systemd.generator.html) | Subprocess | yes | yes | - | no | - | no |
| [System Updates](https://www.freedesktop.org/software/systemd/man/systemd.offline-updates.html) | System Mode | yes | yes | - | no | - | no |
| [Presets](https://freedesktop.org/wiki/Software/systemd/Preset) | File format | yes | yes | - | no | - | no |
| [Presets](https://www.freedesktop.org/software/systemd/man/systemd.preset.html) | File format | yes | yes | - | no | - | no |
| Udev rules | File format | yes | yes | numerous | no | no | partially |

25
docs/RELEASE.md
View File

@ -7,16 +7,17 @@ layout: default
# Steps to a Successful Release
1. Add all items to NEWS
2. Update the contributors list in NEWS (`ninja -C build git-contrib`)
2. Update the contributors list in NEWS (`meson compile -C build git-contrib`)
3. Update the time and place in NEWS
4. [RC1] Update version and library numbers in `meson.build`
5. Check dbus docs with `ninja -C build man/update-dbus-docs`
6. Tag the release: `version=vXXX-rcY && git tag -s "${version}" -m "systemd ${version}"`
7. Do `ninja -C build`
8. Make sure that the version string and package string match: `build/systemctl --version`
9. Upload the documentation: `ninja -C build doc-sync`
10. [FINAL] Close the github milestone and open a new one (https://github.com/systemd/systemd/milestones)
11. "Draft" a new release on github (https://github.com/systemd/systemd/releases/new), mark "This is a pre-release" if appropriate.
12. Check that announcement to systemd-devel, with a copy&paste from NEWS, was sent. This should happen automatically.
13. Update IRC topic (`/msg chanserv TOPIC #systemd Version NNN released`)
14. [FINAL] Push commits to stable, create an empty -stable branch: `git push systemd-stable origin/master:master origin/master:refs/heads/${version}-stable`, and change the default branch to latest release (https://github.com/systemd/systemd-stable/settings/branches).
4. Update hwb (`meson compile -C build update-hwdb update-hwdb-autosuspend`)
5. [RC1] Update version and library numbers in `meson.build`
6. Check dbus docs with `meson compile -C build update-dbus-docs`
7. Tag the release: `version=vXXX-rcY && git tag -s "${version}" -m "systemd ${version}"`
8. Do `meson compile -C build`
9. Make sure that the version string and package string match: `build/systemctl --version`
10. Upload the documentation: `meson compile -C build doc-sync`
11. [FINAL] Close the github milestone and open a new one (https://github.com/systemd/systemd/milestones)
12. "Draft" a new release on github (https://github.com/systemd/systemd/releases/new), mark "This is a pre-release" if appropriate.
13. Check that announcement to systemd-devel, with a copy&paste from NEWS, was sent. This should happen automatically.
14. Update IRC topic (`/msg chanserv TOPIC #systemd Version NNN released`)
15. [FINAL] Push commits to stable, create an empty -stable branch: `git push systemd-stable origin/master:master origin/master:refs/heads/${version}-stable`, and change the default branch to latest release (https://github.com/systemd/systemd-stable/settings/branches).

4
docs/ROOT_STORAGE_DAEMONS.md
View File

@ -108,7 +108,7 @@ to find a different solution to your problem._
The recommended way to distinguish between run-from-initrd and run-from-rootfs
for a daemon is to check for `/etc/initrd-release` (which exists on all modern
initrd implementations, see the [initrd
Interface](https://systemd.io/INITRD_INTERFACE/) for details) which when exists
Interface](https://systemd.io/INITRD_INTERFACE) for details) which when exists
results in `argv[0][0]` being set to `@`, and otherwise doesn't. Something like
this:
@ -190,4 +190,4 @@ few additional notes for supporting these setups:
program consult this blog story: [Socket
Activation](http://0pointer.de/blog/projects/socket-activation.html)
* Consider having a look at the [initrd Interface of systemd](https://systemd.io/INITRD_INTERFACE/).
* Consider having a look at the [initrd Interface of systemd](https://systemd.io/INITRD_INTERFACE).

3
docs/TRANSIENT-SETTINGS.md
View File

@ -272,7 +272,8 @@ All cgroup/resource control settings are available for transient units
✓ IPAddressDeny=
✓ ManagedOOMSwap=
✓ ManagedOOMMemoryPressure=
✓ ManagedOOMMemoryPressureLimitPercent=
✓ ManagedOOMMemoryPressureLimit=
✓ ManagedOOMPreference=
```
## Process Killing Settings

6
docs/TRANSLATORS.md
View File

@ -26,7 +26,7 @@ To create a translation to a language not yet available, start by creating the
initial template:
```
$ ninja -C build/ systemd-pot
$ meson compile -C build/ systemd-pot
```
This will generate file `po/systemd.pot` in the source tree.
@ -50,7 +50,7 @@ using the `poedit` GUI editor.)
Start by updating the `*.po` files from the latest template:
```
$ ninja -C build/ systemd-update-po
$ meson compile -C build/ systemd-update-po
```
This will touch all the `*.po` files, so you'll want to pay attention when
@ -74,7 +74,7 @@ using `git checkout -- po/` after you commit the changes you do want to keep.)
You can recompile the `*.po` files using the following command:
```
$ ninja -C build/ systemd-gmo
$ meson compile -C build/ systemd-gmo
```
The resulting files will be saved in the `build/po/` directory.

2
docs/USER_GROUP_API.md
View File

@ -247,7 +247,7 @@ user is a member of the group. If both arguments are specified the specified
membership will be tested for, but no others, and the pair is returned if it is
defined. Unless both arguments are specified the method call needs to be made
with `more` set, so that multiple replies can be returned (since typically
there are are multiple members per group and also multiple groups a user is
there are multiple members per group and also multiple groups a user is
member of). As with `GetUserRecord` and `GetGroupRecord` the `service`
parameter needs to contain the name of the service being talked to, in order to
allow implementation of multiple service within the same IPC socket. In case no

4
docs/USER_NAMES.md
View File

@ -87,8 +87,8 @@ hyphen. A size limit is enforced: the minimum of `sysconf(_SC_LOGIN_NAME_MAX)`
(typically 256 on Linux; rationale: this is how POSIX suggests to detect the
limit), `UT_NAMESIZE-1` (typically 31 on Linux; rationale: names longer than
this cannot correctly appear in `utmp`/`wtmp` and create ambiguity with login
accounting) and `FILENAME_MAX` (4096 on Linux; rationale: user names typically
appear in directory names, i.e. the home directory), thus MIN(256, 31, 4096) =
accounting) and `NAME_MAX` (255 on Linux; rationale: user names typically
appear in directory names, i.e. the home directory), thus MIN(256, 31, 255) =
31.
Note that these rules are both more strict and more relaxed than all of the

4
docs/_includes/footer.html
View File

@ -1,5 +1,5 @@
<footer class="site-footer">
<p>&copy; systemd, 2020</p>
<p>&copy; systemd, 2021</p>
<p><a href="https://github.com/systemd/systemd">Website source</a></p>
<p><a href="https://github.com/systemd/systemd/tree/main/docs">Website source</a></p>
</footer>

5
docs/style.css
View File

@ -116,6 +116,11 @@ footer {
margin-top: 4rem;
}
/* Make tables vertically aligned to the top */
tbody td {
vertical-align: top;
}
/* Github Code Highlighting */
.highlight table td { padding: 5px; }
.highlight table pre { margin: 0; }

3363
hwdb.d/20-OUI.hwdb
View File

File diff suppressed because it is too large Load Diff

42
hwdb.d/20-acpi-vendor.hwdb
View File

@ -51,6 +51,9 @@ acpi:ATML*:
acpi:AUTH*:
ID_VENDOR_FROM_DATABASE=AuthenTec
acpi:BABA*:
ID_VENDOR_FROM_DATABASE=Alibaba Co., Ltd.
acpi:BOOT*:
ID_VENDOR_FROM_DATABASE=Coreboot Project
@ -93,6 +96,9 @@ acpi:ESSX*:
acpi:EXAR*:
ID_VENDOR_FROM_DATABASE=Exar Corporation
acpi:FRMW*:
ID_VENDOR_FROM_DATABASE=Framework Computer LLC
acpi:FRSC*:
ID_VENDOR_FROM_DATABASE=Freescale, Inc
@ -168,6 +174,9 @@ acpi:IP3T*:
acpi:IPHI*:
ID_VENDOR_FROM_DATABASE=Inphi Corporation
acpi:JSYS*:
ID_VENDOR_FROM_DATABASE=Juniper Systems, Inc.
acpi:KIOX*:
ID_VENDOR_FROM_DATABASE=Kionix, Inc.
@ -228,6 +237,9 @@ acpi:PHYT*:
acpi:PIXA*:
ID_VENDOR_FROM_DATABASE=PixArt imaging inc.
acpi:PNSO*:
ID_VENDOR_FROM_DATABASE=Pensando Systems, Inc.
acpi:QCOM*:
ID_VENDOR_FROM_DATABASE=Qualcomm Inc
@ -243,6 +255,9 @@ acpi:RKCP*:
acpi:RZSN*:
ID_VENDOR_FROM_DATABASE=Rozsnyó, s.r.o.
acpi:SECC*:
ID_VENDOR_FROM_DATABASE=Seiko Epson Corporation
acpi:SHRP*:
ID_VENDOR_FROM_DATABASE=Sharp Corporation
@ -592,7 +607,7 @@ acpi:ALO*:
ID_VENDOR_FROM_DATABASE=Algolith Inc.
acpi:ALP*:
ID_VENDOR_FROM_DATABASE=Alps Electric Company Ltd
ID_VENDOR_FROM_DATABASE=ALPS ALPINE CO., LTD.
acpi:ALR*:
ID_VENDOR_FROM_DATABASE=Advanced Logic
@ -718,7 +733,7 @@ acpi:APD*:
ID_VENDOR_FROM_DATABASE=AppliAdata
acpi:APE*:
ID_VENDOR_FROM_DATABASE=Alpine Electronics, Inc.
ID_VENDOR_FROM_DATABASE=ALPS ALPINE CO., LTD.
acpi:APG*:
ID_VENDOR_FROM_DATABASE=Horner Electric Inc
@ -883,7 +898,7 @@ acpi:AUG*:
ID_VENDOR_FROM_DATABASE=August Home, Inc.
acpi:AUI*:
ID_VENDOR_FROM_DATABASE=Alps Electric Inc
ID_VENDOR_FROM_DATABASE=ALPS ALPINE CO., LTD.
acpi:AUO*:
ID_VENDOR_FROM_DATABASE=AU Optronics
@ -1473,6 +1488,9 @@ acpi:CLM*:
acpi:CLO*:
ID_VENDOR_FROM_DATABASE=Clone Computers
acpi:CLR*:
ID_VENDOR_FROM_DATABASE=Clover Electronics
acpi:CLT*:
ID_VENDOR_FROM_DATABASE=automated computer control systems
@ -1521,6 +1539,9 @@ acpi:CNB*:
acpi:CNC*:
ID_VENDOR_FROM_DATABASE=Alvedon Computers Ltd
acpi:CND*:
ID_VENDOR_FROM_DATABASE=Micro-Star Int'l Co., Ltd.
acpi:CNE*:
ID_VENDOR_FROM_DATABASE=Cine-tal
@ -1620,6 +1641,9 @@ acpi:CRI*:
acpi:CRL*:
ID_VENDOR_FROM_DATABASE=Creative Logic
acpi:CRM*:
ID_VENDOR_FROM_DATABASE=CORSAIR MEMORY Inc.
acpi:CRN*:
ID_VENDOR_FROM_DATABASE=Cornerstone Imaging
@ -3891,6 +3915,9 @@ acpi:KTK*:
acpi:KTN*:
ID_VENDOR_FROM_DATABASE=Katron Tech Inc
acpi:KTS*:
ID_VENDOR_FROM_DATABASE=Kyokko Communication System Co., Ltd.
acpi:KUR*:
ID_VENDOR_FROM_DATABASE=Kurta Corporation
@ -4986,6 +5013,9 @@ acpi:NVT*:
acpi:NWC*:
ID_VENDOR_FROM_DATABASE=NW Computer Engineering
acpi:NWL*:
ID_VENDOR_FROM_DATABASE=Newline Interactive Inc.
acpi:NWP*:
ID_VENDOR_FROM_DATABASE=NovaWeb Technologies Inc
@ -6732,6 +6762,9 @@ acpi:TGS*:
acpi:TGV*:
ID_VENDOR_FROM_DATABASE=Grass Valley Germany GmbH
acpi:TGW*:
ID_VENDOR_FROM_DATABASE=TECHNOGYM S.p.A.
acpi:THN*:
ID_VENDOR_FROM_DATABASE=Thundercom Holdings Sdn. Bhd.
@ -6813,6 +6846,9 @@ acpi:TMI*:
acpi:TMM*:
ID_VENDOR_FROM_DATABASE=Time Management, Inc.
acpi:TMO*:
ID_VENDOR_FROM_DATABASE=Terumo Corporation
acpi:TMR*:
ID_VENDOR_FROM_DATABASE=Taicom International Inc

100
hwdb.d/20-acpi-vendor.hwdb.patch
View File

@ -1,5 +1,5 @@
--- 20-acpi-vendor.hwdb.base 2020-11-26 13:49:35.243482590 +0100
+++ 20-acpi-vendor.hwdb 2020-11-26 13:49:35.260482675 +0100
--- 20-acpi-vendor.hwdb.base 2021-03-30 13:03:54.632421502 +0200
+++ 20-acpi-vendor.hwdb 2021-03-30 13:03:54.650421692 +0200
@@ -3,6 +3,8 @@
# Data imported from:
# https://uefi.org/uefi-pnp-export
@ -19,7 +19,7 @@
acpi:AMDI*:
ID_VENDOR_FROM_DATABASE=AMD
@@ -295,6 +294,9 @@
@@ -310,6 +309,9 @@
acpi:AAA*:
ID_VENDOR_FROM_DATABASE=Avolites Ltd
@ -29,7 +29,7 @@
acpi:AAE*:
ID_VENDOR_FROM_DATABASE=Anatek Electronics Inc.
@@ -322,6 +324,9 @@
@@ -337,6 +339,9 @@
acpi:ABO*:
ID_VENDOR_FROM_DATABASE=D-Link Systems Inc
@ -39,7 +39,7 @@
acpi:ABS*:
ID_VENDOR_FROM_DATABASE=Abaco Systems, Inc.
@@ -367,7 +372,7 @@
@@ -382,7 +387,7 @@
acpi:ACO*:
ID_VENDOR_FROM_DATABASE=Allion Computer Inc.
@ -48,7 +48,7 @@
ID_VENDOR_FROM_DATABASE=Aspen Tech Inc
acpi:ACR*:
@@ -640,6 +645,9 @@
@@ -655,6 +660,9 @@
acpi:AMT*:
ID_VENDOR_FROM_DATABASE=AMT International Industry
@ -58,7 +58,7 @@
acpi:AMX*:
ID_VENDOR_FROM_DATABASE=AMX LLC
@@ -688,6 +696,9 @@
@@ -703,6 +711,9 @@
acpi:AOA*:
ID_VENDOR_FROM_DATABASE=AOpen Inc.
@ -68,7 +68,7 @@
acpi:AOE*:
ID_VENDOR_FROM_DATABASE=Advanced Optics Electronics, Inc.
@@ -697,6 +708,9 @@
@@ -712,6 +723,9 @@
acpi:AOT*:
ID_VENDOR_FROM_DATABASE=Alcatel
@ -78,8 +78,8 @@
acpi:APC*:
ID_VENDOR_FROM_DATABASE=American Power Conversion
@@ -872,7 +886,7 @@
ID_VENDOR_FROM_DATABASE=Alps Electric Inc
@@ -887,7 +901,7 @@
ID_VENDOR_FROM_DATABASE=ALPS ALPINE CO., LTD.
acpi:AUO*:
- ID_VENDOR_FROM_DATABASE=DO NOT USE - AUO
@ -87,7 +87,7 @@
acpi:AUR*:
ID_VENDOR_FROM_DATABASE=Aureal Semiconductor
@@ -952,6 +966,9 @@
@@ -967,6 +981,9 @@
acpi:AXE*:
ID_VENDOR_FROM_DATABASE=Axell Corporation
@ -97,7 +97,7 @@
acpi:AXI*:
ID_VENDOR_FROM_DATABASE=American Magnetics
@@ -1102,6 +1119,9 @@
@@ -1117,6 +1134,9 @@
acpi:BML*:
ID_VENDOR_FROM_DATABASE=BIOMED Lab
@ -107,7 +107,7 @@
acpi:BMS*:
ID_VENDOR_FROM_DATABASE=BIOMEDISYS
@@ -1114,6 +1134,9 @@
@@ -1129,6 +1149,9 @@
acpi:BNO*:
ID_VENDOR_FROM_DATABASE=Bang & Olufsen
@ -117,7 +117,7 @@
acpi:BNS*:
ID_VENDOR_FROM_DATABASE=Boulder Nonlinear Systems
@@ -1357,6 +1380,9 @@
@@ -1372,6 +1395,9 @@
acpi:CHA*:
ID_VENDOR_FROM_DATABASE=Chase Research PLC
@ -127,7 +127,7 @@
acpi:CHD*:
ID_VENDOR_FROM_DATABASE=ChangHong Electric Co.,Ltd
@@ -1513,6 +1539,9 @@
@@ -1534,6 +1560,9 @@
acpi:COD*:
ID_VENDOR_FROM_DATABASE=CODAN Pty. Ltd.
@ -137,7 +137,7 @@
acpi:COI*:
ID_VENDOR_FROM_DATABASE=Codec Inc.
@@ -1919,7 +1948,7 @@
@@ -1943,7 +1972,7 @@
ID_VENDOR_FROM_DATABASE=Dragon Information Technology
acpi:DJE*:
@ -146,7 +146,7 @@
acpi:DJP*:
ID_VENDOR_FROM_DATABASE=Maygay Machines, Ltd
@@ -2251,6 +2280,9 @@
@@ -2275,6 +2304,9 @@
acpi:EIN*:
ID_VENDOR_FROM_DATABASE=Elegant Invention
@ -156,7 +156,7 @@
acpi:EKA*:
ID_VENDOR_FROM_DATABASE=MagTek Inc.
@@ -2512,6 +2544,9 @@
@@ -2536,6 +2568,9 @@
acpi:FCG*:
ID_VENDOR_FROM_DATABASE=First International Computer Ltd
@ -166,7 +166,7 @@
acpi:FCS*:
ID_VENDOR_FROM_DATABASE=Focus Enhancements, Inc.
@@ -2885,7 +2920,7 @@
@@ -2909,7 +2944,7 @@
ID_VENDOR_FROM_DATABASE=General Standards Corporation
acpi:GSM*:
@ -175,7 +175,7 @@
acpi:GSN*:
ID_VENDOR_FROM_DATABASE=Grandstream Networks, Inc.
@@ -2986,6 +3021,9 @@
@@ -3010,6 +3045,9 @@
acpi:HEC*:
ID_VENDOR_FROM_DATABASE=Hisense Electric Co., Ltd.
@ -185,7 +185,7 @@
acpi:HEL*:
ID_VENDOR_FROM_DATABASE=Hitachi Micro Systems Europe Ltd
@@ -3115,6 +3153,9 @@
@@ -3139,6 +3177,9 @@
acpi:HSD*:
ID_VENDOR_FROM_DATABASE=HannStar Display Corp
@ -195,7 +195,7 @@
acpi:HSM*:
ID_VENDOR_FROM_DATABASE=AT&T Microelectronics
@@ -3238,6 +3279,9 @@
@@ -3262,6 +3303,9 @@
acpi:ICI*:
ID_VENDOR_FROM_DATABASE=Infotek Communication Inc
@ -205,7 +205,7 @@
acpi:ICM*:
ID_VENDOR_FROM_DATABASE=Intracom SA
@@ -3334,6 +3378,9 @@
@@ -3358,6 +3402,9 @@
acpi:IKE*:
ID_VENDOR_FROM_DATABASE=Ikegami Tsushinki Co. Ltd.
@ -215,7 +215,7 @@
acpi:IKS*:
ID_VENDOR_FROM_DATABASE=Ikos Systems Inc
@@ -3379,6 +3426,9 @@
@@ -3403,6 +3450,9 @@
acpi:IMT*:
ID_VENDOR_FROM_DATABASE=Inmax Technology Corporation
@ -225,7 +225,7 @@
acpi:INA*:
ID_VENDOR_FROM_DATABASE=Inventec Corporation
@@ -3886,6 +3936,9 @@
@@ -3913,6 +3963,9 @@
acpi:LAN*:
ID_VENDOR_FROM_DATABASE=Sodeman Lancom Inc
@ -235,7 +235,7 @@
acpi:LAS*:
ID_VENDOR_FROM_DATABASE=LASAT Comm. A/S
@@ -3931,6 +3984,9 @@
@@ -3958,6 +4011,9 @@
acpi:LED*:
ID_VENDOR_FROM_DATABASE=Long Engineering Design Inc
@ -245,7 +245,7 @@
acpi:LEG*:
ID_VENDOR_FROM_DATABASE=Legerity, Inc
@@ -3946,6 +4002,9 @@
@@ -3973,6 +4029,9 @@
acpi:LGC*:
ID_VENDOR_FROM_DATABASE=Logic Ltd
@ -255,7 +255,7 @@
acpi:LGI*:
ID_VENDOR_FROM_DATABASE=Logitech Inc
@@ -4000,6 +4059,9 @@
@@ -4027,6 +4086,9 @@
acpi:LND*:
ID_VENDOR_FROM_DATABASE=Land Computer Company Ltd
@ -265,7 +265,7 @@
acpi:LNK*:
ID_VENDOR_FROM_DATABASE=Link Tech Inc
@@ -4034,7 +4096,7 @@
@@ -4061,7 +4123,7 @@
ID_VENDOR_FROM_DATABASE=Design Technology
acpi:LPL*:
@ -274,7 +274,7 @@
acpi:LSC*:
ID_VENDOR_FROM_DATABASE=LifeSize Communications
@@ -4210,6 +4272,9 @@
@@ -4237,6 +4299,9 @@
acpi:MCX*:
ID_VENDOR_FROM_DATABASE=Millson Custom Solutions Inc.
@ -284,7 +284,7 @@
acpi:MDA*:
ID_VENDOR_FROM_DATABASE=Media4 Inc
@@ -4450,6 +4515,9 @@
@@ -4477,6 +4542,9 @@
acpi:MOM*:
ID_VENDOR_FROM_DATABASE=Momentum Data Systems
@ -294,7 +294,7 @@
acpi:MOS*:
ID_VENDOR_FROM_DATABASE=Moses Corporation
@@ -4678,6 +4746,9 @@
@@ -4705,6 +4773,9 @@
acpi:NAL*:
ID_VENDOR_FROM_DATABASE=Network Alchemy
@ -304,7 +304,7 @@
acpi:NAT*:
ID_VENDOR_FROM_DATABASE=NaturalPoint Inc.
@@ -5185,6 +5256,9 @@
@@ -5215,6 +5286,9 @@
acpi:PCX*:
ID_VENDOR_FROM_DATABASE=PC Xperten
@ -314,7 +314,7 @@
acpi:PDM*:
ID_VENDOR_FROM_DATABASE=Psion Dacom Plc.
@@ -5248,9 +5322,6 @@
@@ -5278,9 +5352,6 @@
acpi:PHE*:
ID_VENDOR_FROM_DATABASE=Philips Medical Systems Boeblingen GmbH
@ -324,7 +324,7 @@
acpi:PHL*:
ID_VENDOR_FROM_DATABASE=Philips Consumer Electronics Company
@@ -5338,9 +5409,6 @@
@@ -5368,9 +5439,6 @@
acpi:PNL*:
ID_VENDOR_FROM_DATABASE=Panelview, Inc.
@ -334,7 +334,7 @@
acpi:PNR*:
ID_VENDOR_FROM_DATABASE=Planar Systems, Inc.
@@ -5476,15 +5544,9 @@
@@ -5506,15 +5574,9 @@
acpi:PTS*:
ID_VENDOR_FROM_DATABASE=Plain Tree Systems Inc
@ -350,7 +350,7 @@
acpi:PVG*:
ID_VENDOR_FROM_DATABASE=Proview Global Co., Ltd
@@ -5800,9 +5862,6 @@
@@ -5830,9 +5892,6 @@
acpi:RTI*:
ID_VENDOR_FROM_DATABASE=Rancho Tech Inc
@ -360,7 +360,7 @@
acpi:RTL*:
ID_VENDOR_FROM_DATABASE=Realtek Semiconductor Company Ltd
@@ -5968,9 +6027,6 @@
@@ -5998,9 +6057,6 @@
acpi:SEE*:
ID_VENDOR_FROM_DATABASE=SeeColor Corporation
@ -370,7 +370,7 @@
acpi:SEI*:
ID_VENDOR_FROM_DATABASE=Seitz & Associates Inc
@@ -6430,6 +6486,9 @@
@@ -6460,6 +6516,9 @@
acpi:SVD*:
ID_VENDOR_FROM_DATABASE=SVD Computer
@ -380,7 +380,7 @@
acpi:SVI*:
ID_VENDOR_FROM_DATABASE=Sun Microsystems
@@ -6514,6 +6573,9 @@
@@ -6544,6 +6603,9 @@
acpi:SZM*:
ID_VENDOR_FROM_DATABASE=Shenzhen MTC Co., Ltd
@ -390,7 +390,7 @@
acpi:TAA*:
ID_VENDOR_FROM_DATABASE=Tandberg
@@ -6604,6 +6666,9 @@
@@ -6634,6 +6696,9 @@
acpi:TDG*:
ID_VENDOR_FROM_DATABASE=Six15 Technologies
@ -400,7 +400,7 @@
acpi:TDM*:
ID_VENDOR_FROM_DATABASE=Tandem Computer Europe Inc
@@ -6646,6 +6711,9 @@
@@ -6676,6 +6741,9 @@
acpi:TEV*:
ID_VENDOR_FROM_DATABASE=Televés, S.A.
@ -410,7 +410,7 @@
acpi:TEZ*:
ID_VENDOR_FROM_DATABASE=Tech Source Inc.
@@ -6760,9 +6828,6 @@
@@ -6796,9 +6864,6 @@
acpi:TNC*:
ID_VENDOR_FROM_DATABASE=TNC Industrial Company Ltd
@ -420,7 +420,7 @@
acpi:TNM*:
ID_VENDOR_FROM_DATABASE=TECNIMAGEN SA
@@ -7069,14 +7134,14 @@
@@ -7105,14 +7170,14 @@
acpi:UNC*:
ID_VENDOR_FROM_DATABASE=Unisys Corporation
@ -441,7 +441,7 @@
acpi:UNI*:
ID_VENDOR_FROM_DATABASE=Uniform Industry Corp.
@@ -7111,6 +7176,9 @@
@@ -7147,6 +7212,9 @@
acpi:USA*:
ID_VENDOR_FROM_DATABASE=Utimaco Safeware AG
@ -451,7 +451,7 @@
acpi:USD*:
ID_VENDOR_FROM_DATABASE=U.S. Digital Corporation
@@ -7357,9 +7425,6 @@
@@ -7393,9 +7461,6 @@
acpi:WAL*:
ID_VENDOR_FROM_DATABASE=Wave Access
@ -461,7 +461,7 @@
acpi:WAV*:
ID_VENDOR_FROM_DATABASE=Wavephore
@@ -7484,7 +7549,7 @@
@@ -7520,7 +7585,7 @@
ID_VENDOR_FROM_DATABASE=WyreStorm Technologies LLC
acpi:WYS*:
@ -470,7 +470,7 @@
acpi:WYT*:
ID_VENDOR_FROM_DATABASE=Wooyoung Image & Information Co.,Ltd.
@@ -7498,9 +7563,6 @@
@@ -7534,9 +7599,6 @@
acpi:XDM*:
ID_VENDOR_FROM_DATABASE=XDM Ltd.
@ -480,7 +480,7 @@
acpi:XES*:
ID_VENDOR_FROM_DATABASE=Extreme Engineering Solutions, Inc.
@@ -7531,9 +7593,6 @@
@@ -7567,9 +7629,6 @@
acpi:XNT*:
ID_VENDOR_FROM_DATABASE=XN Technologies, Inc.
@ -490,7 +490,7 @@
acpi:XQU*:
ID_VENDOR_FROM_DATABASE=SHANGHAI SVA-DAV ELECTRONICS CO., LTD
@@ -7600,6 +7659,9 @@
@@ -7636,6 +7695,9 @@
acpi:ZBX*:
ID_VENDOR_FROM_DATABASE=Zebax Technologies

6
hwdb.d/20-dmi-id.hwdb Normal file
View File

@ -0,0 +1,6 @@
# This file is part of systemd
# Fix "Lenovo" capitalization in /sys/class/dmi/id/sys_vendor
dmi:bvnLENOVO*
ID_SYSFS_ATTRIBUTE_MODEL=product_version
ID_VENDOR_FROM_DATABASE=Lenovo

2060
hwdb.d/20-pci-vendor-model.hwdb
View File

File diff suppressed because it is too large Load Diff

41
hwdb.d/20-usb-vendor-model.hwdb
View File

@ -4511,6 +4511,9 @@ usb:v0421p0156*
usb:v0421p0157*
ID_MODEL_FROM_DATABASE=5800 XpressMusic (Imaging mode)
usb:v0421p0189*
ID_MODEL_FROM_DATABASE=N810 Internet Tablet WiMAX
usb:v0421p0199*
ID_MODEL_FROM_DATABASE=6700 Classic (msc)
@ -4533,7 +4536,7 @@ usb:v0421p01C7*
ID_MODEL_FROM_DATABASE=N900 (Storage Mode)
usb:v0421p01C8*
ID_MODEL_FROM_DATABASE=N900 (PC-Suite Mode)
ID_MODEL_FROM_DATABASE=N900/N950 (PC-Suite Mode)
usb:v0421p0228*
ID_MODEL_FROM_DATABASE=5530 XpressMusic
@ -4593,7 +4596,10 @@ usb:v0421p03CD*
ID_MODEL_FROM_DATABASE=C7-00 (Nokia Suite mode)
usb:v0421p03D1*
ID_MODEL_FROM_DATABASE=N950
ID_MODEL_FROM_DATABASE=N950 (Storage Mode)
usb:v0421p03D2*
ID_MODEL_FROM_DATABASE=N950 (PC Suite mode)
usb:v0421p0400*
ID_MODEL_FROM_DATABASE=7600 Phone Parent
@ -4686,7 +4692,7 @@ usb:v0421p0429*
ID_MODEL_FROM_DATABASE=6230i MultiMedia Card
usb:v0421p0431*
ID_MODEL_FROM_DATABASE=770 Internet Tablet
ID_MODEL_FROM_DATABASE=770/N800 Internet Tablet
usb:v0421p0432*
ID_MODEL_FROM_DATABASE=N90 Phone Parent
@ -4788,7 +4794,13 @@ usb:v0421p0509*
ID_MODEL_FROM_DATABASE=E65 (Storage mode)
usb:v0421p0518*
ID_MODEL_FROM_DATABASE=N9 Phone
ID_MODEL_FROM_DATABASE=N9 (Storage mode)
usb:v0421p0519*
ID_MODEL_FROM_DATABASE=N9 (RNDIS/Ethernet mode)
usb:v0421p051A*
ID_MODEL_FROM_DATABASE=N9 (PC Suite mode)
usb:v0421p054D*
ID_MODEL_FROM_DATABASE=C2-01
@ -26198,6 +26210,9 @@ usb:v05FCp0001*
usb:v05FCp0010*
ID_MODEL_FROM_DATABASE=Soundcraft Si MADI combo card
usb:v05FCp0021*
ID_MODEL_FROM_DATABASE=Soundcraft Signature 12 MTK
usb:v05FCp7849*
ID_MODEL_FROM_DATABASE=Harman/Kardon SoundSticks
@ -67280,6 +67295,15 @@ usb:v32B3pD1A6*
usb:v32B3pD1A7*
ID_MODEL_FROM_DATABASE=TXT Multihub
usb:v3310*
ID_VENDOR_FROM_DATABASE=MUDITA Sp. z o.o.
usb:v3310p0100*
ID_MODEL_FROM_DATABASE=Pure
usb:v3310p0101*
ID_MODEL_FROM_DATABASE=Pure tethering
usb:v3333*
ID_VENDOR_FROM_DATABASE=InLine
@ -67313,6 +67337,15 @@ usb:v3344*
usb:v3344p3744*
ID_MODEL_FROM_DATABASE=OEM PC Remote
usb:v3384*
ID_VENDOR_FROM_DATABASE=System76
usb:v3384p0000*
ID_MODEL_FROM_DATABASE=Thelio Io (thelio-io)
usb:v3384p0001*
ID_MODEL_FROM_DATABASE=Launch Configurable Keyboard (launch_1)
usb:v348F*
ID_VENDOR_FROM_DATABASE=ISY

277
hwdb.d/60-autosuspend-fingerprint-reader.hwdb Normal file
View File

@ -0,0 +1,277 @@
# This file is part of systemd.
#
# Rules to autosuspend known fingerprint readers (pulled from libfprint).
#
# SPDX-License-Identifier: LGPL-2.1-or-later
# This file has been generated using fprint-list-udev-hwdb with all drivers enabled
# Supported by libfprint driver aes1610
usb:v08FFp1600*
ID_AUTOSUSPEND=1
# Supported by libfprint driver aes1660
usb:v08FFp1660*
usb:v08FFp1680*
usb:v08FFp1681*
usb:v08FFp1682*
usb:v08FFp1683*
usb:v08FFp1684*
usb:v08FFp1685*
usb:v08FFp1686*
usb:v08FFp1687*
usb:v08FFp1688*
usb:v08FFp1689*
usb:v08FFp168A*
usb:v08FFp168B*
usb:v08FFp168C*
usb:v08FFp168D*
usb:v08FFp168E*
usb:v08FFp168F*
ID_AUTOSUSPEND=1
# Supported by libfprint driver aes2501
usb:v08FFp2500*
usb:v08FFp2580*
ID_AUTOSUSPEND=1
# Supported by libfprint driver aes2550
usb:v08FFp2550*
usb:v08FFp2810*
ID_AUTOSUSPEND=1
# Supported by libfprint driver aes2660
usb:v08FFp2660*
usb:v08FFp2680*
usb:v08FFp2681*
usb:v08FFp2682*
usb:v08FFp2683*
usb:v08FFp2684*
usb:v08FFp2685*
usb:v08FFp2686*
usb:v08FFp2687*
usb:v08FFp2688*
usb:v08FFp2689*
usb:v08FFp268A*
usb:v08FFp268B*
usb:v08FFp268C*
usb:v08FFp268D*
usb:v08FFp268E*
usb:v08FFp268F*
usb:v08FFp2691*
ID_AUTOSUSPEND=1
# Supported by libfprint driver aes3500
usb:v08FFp5731*
ID_AUTOSUSPEND=1
# Supported by libfprint driver aes4000
usb:v5501p08FF*
ID_AUTOSUSPEND=1
# Supported by libfprint driver elan
usb:v04F3p0903*
usb:v04F3p0907*
usb:v04F3p0C01*
usb:v04F3p0C02*
usb:v04F3p0C03*
usb:v04F3p0C04*
usb:v04F3p0C05*
usb:v04F3p0C06*
usb:v04F3p0C07*
usb:v04F3p0C08*
usb:v04F3p0C09*
usb:v04F3p0C0A*
usb:v04F3p0C0B*
usb:v04F3p0C0C*
usb:v04F3p0C0D*
usb:v04F3p0C0E*
usb:v04F3p0C0F*
usb:v04F3p0C10*
usb:v04F3p0C11*
usb:v04F3p0C12*
usb:v04F3p0C13*
usb:v04F3p0C14*
usb:v04F3p0C15*
usb:v04F3p0C16*
usb:v04F3p0C17*
usb:v04F3p0C18*
usb:v04F3p0C19*
usb:v04F3p0C1A*
usb:v04F3p0C1B*
usb:v04F3p0C1C*
usb:v04F3p0C1D*
usb:v04F3p0C1E*
usb:v04F3p0C1F*
usb:v04F3p0C20*
usb:v04F3p0C21*
usb:v04F3p0C22*
usb:v04F3p0C23*
usb:v04F3p0C24*
usb:v04F3p0C25*
usb:v04F3p0C26*
usb:v04F3p0C27*
usb:v04F3p0C28*
usb:v04F3p0C29*
usb:v04F3p0C2A*
usb:v04F3p0C2B*
usb:v04F3p0C2C*
usb:v04F3p0C2D*
usb:v04F3p0C2E*
usb:v04F3p0C2F*
usb:v04F3p0C30*
usb:v04F3p0C31*
usb:v04F3p0C32*
usb:v04F3p0C33*
usb:v04F3p0C42*
usb:v04F3p0C4D*
ID_AUTOSUSPEND=1
# Supported by libfprint driver etes603
usb:v1C7Ap0603*
ID_AUTOSUSPEND=1
# Supported by libfprint driver goodixmoc
usb:v27C6p5840*
usb:v27C6p6496*
usb:v27C6p60A2*
usb:v27C6p63AC*
usb:v27C6p639C*
usb:v27C6p6594*
ID_AUTOSUSPEND=1
# Supported by libfprint driver synaptics
usb:v06CBp00BD*
usb:v06CBp00E9*
usb:v06CBp00DF*
usb:v06CBp00F9*
usb:v06CBp00FC*
usb:v06CBp00C2*
usb:v06CBp00C9*
usb:v06CBp0100*
ID_AUTOSUSPEND=1
# Supported by libfprint driver upeksonly
usb:v147Ep2016*
usb:v147Ep1000*
usb:v147Ep1001*
ID_AUTOSUSPEND=1
# Supported by libfprint driver upektc
usb:v0483p2015*
usb:v147Ep3001*
ID_AUTOSUSPEND=1
# Supported by libfprint driver upektc_img
usb:v147Ep2020*
ID_AUTOSUSPEND=1
# Supported by libfprint driver uru4000
usb:v045Ep00BC*
usb:v045Ep00BD*
usb:v045Ep00CA*
usb:v05BAp0007*
usb:v05BAp0008*
usb:v05BAp000A*
ID_AUTOSUSPEND=1
# Supported by libfprint driver vcom5s
usb:v061Ap0110*
ID_AUTOSUSPEND=1
# Supported by libfprint driver vfs0050
usb:v138Ap0050*
ID_AUTOSUSPEND=1
# Supported by libfprint driver vfs101
usb:v138Ap0001*
ID_AUTOSUSPEND=1
# Supported by libfprint driver vfs301
usb:v138Ap0005*
usb:v138Ap0008*
ID_AUTOSUSPEND=1
# Supported by libfprint driver vfs5011
usb:v138Ap0010*
usb:v138Ap0011*
usb:v138Ap0015*
usb:v138Ap0017*
usb:v138Ap0018*
ID_AUTOSUSPEND=1
# Supported by libfprint driver vfs7552
usb:v138Ap0091*
ID_AUTOSUSPEND=1
# Known unsupported devices
usb:v04F3p036B*
usb:v04F3p0C00*
usb:v04F3p0C4B*
usb:v04F3p0C4C*
usb:v04F3p0C4F*
usb:v04F3p0C57*
usb:v04F3p0C5E*
usb:v04F3p2706*
usb:v06CBp0081*
usb:v06CBp0088*
usb:v06CBp008A*
usb:v06CBp009A*
usb:v06CBp009B*
usb:v06CBp00A2*
usb:v06CBp00B7*
usb:v06CBp00BB*
usb:v06CBp00BE*
usb:v06CBp00C4*
usb:v06CBp00CB*
usb:v06CBp00D8*
usb:v06CBp00DA*
usb:v0A5Cp5801*
usb:v0A5Cp5805*
usb:v0A5Cp5834*
usb:v0A5Cp5840*
usb:v0A5Cp5841*
usb:v0A5Cp5842*
usb:v0A5Cp5843*
usb:v0A5Cp5845*
usb:v10A5p0007*
usb:v1188p9545*
usb:v138Ap0007*
usb:v138Ap003A*
usb:v138Ap003C*
usb:v138Ap003D*
usb:v138Ap003F*
usb:v138Ap0090*
usb:v138Ap0092*
usb:v138Ap0094*
usb:v138Ap0097*
usb:v138Ap009D*
usb:v138Ap00AB*
usb:v147Ep1002*
usb:v1491p0088*
usb:v16D1p1027*
usb:v1C7Ap0300*
usb:v1C7Ap0570*
usb:v1C7Ap0575*
usb:v27C6p5042*
usb:v27C6p5110*
usb:v27C6p5117*
usb:v27C6p5201*
usb:v27C6p521D*
usb:v27C6p5301*
usb:v27C6p530C*
usb:v27C6p532D*
usb:v27C6p533C*
usb:v27C6p5381*
usb:v27C6p5385*
usb:v27C6p538C*
usb:v27C6p538D*
usb:v27C6p5395*
usb:v27C6p5584*
usb:v27C6p55A2*
usb:v27C6p55A4*
usb:v27C6p55B4*
usb:v27C6p5740*
usb:v2808p9338*
usb:v298Dp2033*
usb:v3538p0930*
ID_AUTOSUSPEND=1

43
hwdb.d/60-evdev.hwdb
View File

@ -38,6 +38,15 @@
# Sort by brand, model
#########################################
# ACECAD
#########################################
# Acecad Flair / Pentagram Quadpen
evdev:input:b0003v0460p0004*
EVDEV_ABS_00=::40
EVDEV_ABS_01=::40
#########################################
# AIPTEK
#########################################
@ -226,6 +235,13 @@ evdev:name:SynPS/2 Synaptics TouchPad:dmi:*bvn*:bvr*:bd*:svnDellInc.:pnMM061:*
EVDEV_ABS_00=1008:5793:66
EVDEV_ABS_01=687:5176:107
# Dell Latitude E5510
evdev:name:AlpsPS/2 ALPS GlidePoint:dmi:*svnDellInc.:pnLatitudeE5510:*
EVDEV_ABS_00=73:1828:26
EVDEV_ABS_01=101:1319:27
EVDEV_ABS_35=73:1828:26
EVDEV_ABS_36=101:1319:27
# Dell Latitude E6220
evdev:name:AlpsPS/2 ALPS DualPoint TouchPad:dmi:bvn*:bvr*:bd*:svnDellInc.:pnLatitudeE6220:*
EVDEV_ABS_00=76:1815:22
@ -249,10 +265,10 @@ evdev:name:AlpsPS/2 ALPS GlidePoint:dmi:bvn*:bvr*:bd*:svnDellInc.:pnLatitudeE725
# Dell Latitude E7470
evdev:name:AlpsPS/2 ALPS DualPoint TouchPad:dmi:bvn*:bvr*:bd*:svnDellInc.:pnLatitudeE7470:*
EVDEV_ABS_00=29:2930:30
EVDEV_ABS_01=26:1533:29
EVDEV_ABS_35=29:2930:30
EVDEV_ABS_36=26:1533:29
EVDEV_ABS_00=29:2930:30:16
EVDEV_ABS_01=26:1533:29:16
EVDEV_ABS_35=29:2930:30:16
EVDEV_ABS_36=26:1533:29:16
# Dell Precision 5510
evdev:name:SynPS/2 Synaptics TouchPad:dmi:bvn*:bvr*:bd*:svnDellInc.:pnPrecision5510:*
@ -544,8 +560,9 @@ evdev:name:AlpsPS/2 ALPS GlidePoint:dmi:*svnLENOVO:*pvrLenovoYoga500-14IBD:*
EVDEV_ABS_35=117:3952:36
EVDEV_ABS_36=105:1960:26
# Lenovo Thinkpad T490
# Lenovo Thinkpad T490 and T14 Gen1
evdev:name:SynPS/2 Synaptics TouchPad:dmi:*:svnLENOVO:*pvrThinkPadT490:*
evdev:name:SynPS/2 Synaptics TouchPad:dmi:*:svnLENOVO:*pvrThinkPadT14Gen1:*
EVDEV_ABS_00=::44
EVDEV_ABS_01=::52
EVDEV_ABS_35=::44
@ -558,6 +575,15 @@ evdev:name:MSFT0001:02 04F3:304B Touchpad:dmi:*svnLENOVO:*pvrLenovoLegionY9000X2
EVDEV_ABS_35=::31
EVDEV_ABS_36=::30
#########################################
# NEWYES
#########################################
# NEWYES 10" LCD writing tablet
evdev:input:b0003v6161p4D15*
EVDEV_ABS_00=::152
EVDEV_ABS_01=::244
#########################################
# Razer
#########################################
@ -657,7 +683,12 @@ evdev:input:b0003v172Fp0031*
EVDEV_ABS_00=0:10000:400
EVDEV_ABS_01=0:6250:400
#WALTOP International Corp. Graphics Tablet
# WALTOP International Corp. Graphics Tablet
evdev:input:b0003v172Fp0047*
EVDEV_ABS_00=0:20000:80
EVDEV_ABS_01=0:12500:80
# WALTOP International Corp. Batteryless Tablet
evdev:input:b0003v172Fp0505*
EVDEV_ABS_00=::160
EVDEV_ABS_01=::160

4
hwdb.d/60-input-id.hwdb
View File

@ -72,3 +72,7 @@ id-input:modalias:input:b0003v04B3p301Ee0100-e0,1,2,4*
# Logitech Ultrathin Touch Mouse
id-input:modalias:input:b0005v046DpB00De0700*
ID_INPUT_MOUSE=1
# Logitech MX Keys
id-input:modalias:input:b0003v046Dp408Ae0111*
ID_INPUT_MOUSE=0

93
hwdb.d/60-keyboard.hwdb
View File

@ -323,6 +323,13 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pnInspiron*1110:*
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pnInspiron*1210:*
KEYBOARD_KEY_84=wlan
# Dell Inspiron 11 3168
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pnInspiron11-3168:pvr*
KEYBOARD_KEY_c7=!home # Fn-LeftArrow
KEYBOARD_KEY_cf=!end # Fn-RightArrow
KEYBOARD_KEY_c9=!pageup # Fn-UpArrow
KEYBOARD_KEY_d1=!pagedown # Fn-DownArrow
# Dell Inspiron 1520 and Latitude 2110
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pnInspiron*1520:*
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pnLatitude*2110:*
@ -376,7 +383,7 @@ evdev:name:Dell WMI hotkeys:dmi:bvn*:bvr*:bd*:svnDell*:pnPrecision*:*
KEYBOARD_KEY_100150=f20 # Mic mute toggle, should be micmute
# Dell Latitude privacy microphone mute
evdev:name:Dell Privacy Driver:dmi:bvn*:bvr*:bd*:svnDell*:pnLatitude*:sku0A3E:*
evdev:name:Dell Privacy Driver:dmi:bvn*:bvr*:bd*:svnDell*:pnLatitude*:*
KEYBOARD_KEY_12001=f20 # Mic mute toggle, should be micmute
###########################################################
@ -540,19 +547,21 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pn*[sS][pP][eE][cC][tT][rR][eE]*x360Convert
# Spectre x360 13
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHPSpectrex360Convertible13*:*
KEYBOARD_KEY_82=f20 # Fn+F12; Microphone mute button, should be micmute
# ENVY x360 13
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHPENVYx360Convertible13*:*
KEYBOARD_KEY_82=f20 # Microphone mute button, should be micmute
# HP Elite x2 1013 G3
evdev:atkbd:dmi:bvn*:bvr*:svnHP*:pnHPElitex21013G3:*
KEYBOARD_KEY_f8=unknown # rfkill is also reported by HP Wireless hotkeys
KEYBOARD_KEY_64=calendar
KEYBOARD_KEY_81=f20 # Microphone mute button
KEYBOARD_KEY_ee=switchvideomode # Switch display outputs
KEYBOARD_KEY_92=brightnessdown
KEYBOARD_KEY_97=brightnessup
KEYBOARD_KEY_f8=unknown # rfkill is also reported by HP Wireless hotkeys
KEYBOARD_KEY_64=calendar
KEYBOARD_KEY_81=f20 # Microphone mute button
KEYBOARD_KEY_ee=switchvideomode # Switch display outputs
KEYBOARD_KEY_92=brightnessdown
KEYBOARD_KEY_97=brightnessup
evdev:name:Intel HID events:dmi:bvn*:bvr*:svnHP*:pnHPElitex21013G3:*
KEYBOARD_KEY_08=unknown # rfkill is also reported by HP Wireless hotkeys
KEYBOARD_KEY_08=unknown # rfkill is also reported by HP Wireless hotkeys
# Elitebook
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pn*Compaq*:*
@ -653,7 +662,7 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHPEliteBookFolio1040G2:*
# HP EliteBook Folio G1
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP:pnHPEliteBookFolioG1:*
KEYBOARD_KEY_64=calendar
KEYBOARD_KEY_81=micmute
KEYBOARD_KEY_81=f20
# HP ProBook 650
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHP*ProBook*650*:*
@ -691,12 +700,14 @@ evdev:name:gpio-keys:phys:gpio-keys/input0:ev:23:dmi:*:svnHewlett-Packard:pnHPSt
evdev:name:Huawei WMI hotkeys:dmi:bvn*:bvr*:bd*:svnHUAWEI:*
KEYBOARD_KEY_287=f20 # Microphone mute button, should be micmute
# Huawei MACH-WX9
# Huawei MACH-WX9 and EUL-WX9
evdev:atkbd:dmi:bvn*:bvr*:svnHUAWEI*:pnMACH-WX9:*
evdev:atkbd:dmi:bvn*:bvr*:svnHUAWEI*:pnEUL-WX9:*
KEYBOARD_KEY_f7=unknown
KEYBOARD_KEY_f8=fn
evdev:name:Huawei WMI hotkeys:dmi:bvn*:bvr*:bd*:svnHUAWEI*:pnMACH-WX9:*
evdev:name:Huawei WMI hotkeys:dmi:bvn*:bvr*:bd*:svnHUAWEI*:pnEUL-WX9:*
KEYBOARD_KEY_281=unknown # Brightness Down, also emitted by acpi-video, ignore
KEYBOARD_KEY_282=unknown # Brightness Up, also emitted by acpi-video, ignore
@ -1269,6 +1280,16 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnMicro-Star*:pn*A10SC*:*
KEYBOARD_KEY_f1=f20
KEYBOARD_KEY_f2=f21
# MSI Modern series
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnMicro-StarInternational*:pnModern*:*
KEYBOARD_KEY_f1=f20 # Fn+F5 micmute
KEYBOARD_KEY_76=f21 # Fn+F4 touchpad, becomes meta+ctrl+toggle
KEYBOARD_KEY_91=prog1 # Fn+F7 Creation Center, sometime F7
KEYBOARD_KEY_f2=prog2 # Fn+F12 screen rotation
KEYBOARD_KEY_97=unknown # lid close
KEYBOARD_KEY_98=unknown # lid open
#Fn+PrntScr sends meta+shif+s
###########################################################
# MSI
###########################################################
@ -1442,17 +1463,29 @@ evdev:input:b0003v047FpC006*
# Purism
###########################################################
# Purism Librem 13 V2
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnPurism*:pn*Librem13v2*:*
KEYBOARD_KEY_56=backslash
# Purism Librem 13 V3
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnPurism*:pn*Librem13v3*:*
KEYBOARD_KEY_56=backslash
# Purism Librem 13 V4
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnPurism*:pn*Librem13v4*:*
KEYBOARD_KEY_56=backslash
# If you're using an us layout keyboard in one of the below models of
# Purism Librem 13 consider copying this file to /etc/systemd/hwdb.d/
# to enable the following rule acording to your model.
#
# There's a bug in the keyboards firmware and the additional rule
# will make your keyboard behave as expected.
#
# More info:
# - https://github.com/systemd/systemd/issues/15360
# - https://github.com/systemd/systemd/pull/11516
# - https://tracker.pureos.net/T888
#
# # Purism Librem 13 V2
# evdev:atkbd:dmi:bvn*:bvr*:bd*:svnPurism*:pn*Librem13v2*:*
# KEYBOARD_KEY_56=backslash
#
# # Purism Librem 13 V3
# evdev:atkbd:dmi:bvn*:bvr*:bd*:svnPurism*:pn*Librem13v3*:*
# KEYBOARD_KEY_56=backslash
#
# # Purism Librem 13 V4
# evdev:atkbd:dmi:bvn*:bvr*:bd*:svnPurism*:pn*Librem13v4*:*
# KEYBOARD_KEY_56=backslash
###########################################################
# Quanta
@ -1488,6 +1521,20 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svn[sS][aA][mM][sS][uU][nN][gG]*:pn*300E[457]*:*
evdev:atkbd:dmi:bvn*:bvr*:bd*:svn[sS][aA][mM][sS][uU][nN][gG]*:pn*200E[45]*:*
KEYBOARD_KEY_ce=! # Fn+F1 launch control setting
evdev:atkbd:dmi:bvn*:bvr*:bd*:svn[sS][aA][mM][sS][uU][nN][gG]*:pn*356V[45]*:pvr*
evdev:atkbd:dmi:bvn*:bvr*:bd*:svn[sS][aA][mM][sS][uU][nN][gG]*:pn*355V[45]*:pvr*
KEYBOARD_KEY_ce=!prog1 # Fn+F1 launch control setting
KEYBOARD_KEY_89=!brightnessdown # Fn+F2 brightness down
KEYBOARD_KEY_88=!brightnessup # Fn+F3 brightness up
KEYBOARD_KEY_82=!switchvideomode # Fn+F4 display toggle
KEYBOARD_KEY_f7=!f22 # Fn+F5 touchpad on
KEYBOARD_KEY_f9=!f23 # Fn+F5 touchpad off
KEYBOARD_KEY_a0=!mute # Fn+F6 mute
KEYBOARD_KEY_ae=!volumedown # Fn+F7 volume down
KEYBOARD_KEY_b0=!volumeup # Fn+F8 volume up
KEYBOARD_KEY_b3=!prog2 # Fn+F11 toggle fan/cool mode
KEYBOARD_KEY_d5=!wlan # Fn+F12 toggle wifi
# Series 5
evdev:atkbd:dmi:bvn*:bvr*:bd*:svn[sS][aA][mM][sS][uU][nN][gG]*:pn*530U*:*
KEYBOARD_KEY_ce=!prog1 # Fn+F1 launch settings
@ -1514,7 +1561,7 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svn[sS][aA][mM][sS][uU][nN][gG]*:pn*940X3G*:*
KEYBOARD_KEY_96=!kbdillumup # Fn+F10 keyboard backlight up
KEYBOARD_KEY_b3=!prog3 # Fn+F11 fan/cooling mode changer
evdev:atkbd:dmi:bvn*:bvr*:bd*:svn[sS][aA][mM][sS][uU][nN][gG]*:pn*900X[34][AB]*:*
evdev:atkbd:dmi:bvn*:bvr*:bd*:svn[sS][aA][mM][sS][uU][nN][gG]*:pn*900X3A*:*
KEYBOARD_KEY_ce=! # Fn+F8 keyboard backlight up
KEYBOARD_KEY_8d=! # Fn+F7 keyboard backlight down
KEYBOARD_KEY_96=! # Fn+F1 performance mode (?)

59
hwdb.d/60-sensor.hwdb
View File

@ -251,16 +251,11 @@ sensor:modalias:acpi:KIOX000A*:dmi:*:svncube:pni1-TF:*
sensor:modalias:acpi:SMO8500*:dmi:*:svncube:pni7:*
ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
# Cube i7 Stylus
# Cube i7 Stylus, i7 Stylus I8L Model, i7 Book (i16) and Mix Plus (i18B)
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni7Stylus:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
# Cube i7 Book (i16)
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni16:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
# Cube i7 Stylus I8L Model
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni8-L:*
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni16:*
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni18B:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
# Cube iWork 10 Flagship
@ -307,6 +302,14 @@ sensor:modalias:acpi:INVN6500*:dmi:*svnDell*:pnVenue10Pro5055:*
sensor:modalias:acpi:SMO8500*:dmi:*svn*DEXP*:*pn*DEXPOEM:*
ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1
#########################################
# Digibras
#########################################
# Digibras F10-30
sensor:modalias:acpi:SMO8500*:dmi:*:svnDigibras:pnF10-30:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
#########################################
# DIGMA
#########################################
@ -321,6 +324,12 @@ sensor:modalias:acpi:BOSC0200*:dmi:*:svnDigma:pnCITIE203ES2010EW:*
sensor:modalias:acpi:ACCE0001*:dmi:*svnEndless*:*pnELT-NL3:*
ACCEL_MOUNT_MATRIX=0, 1, 0; 0, 0, -1; -1, 0, 0
#########################################
# Estar
#########################################
sensor:modalias:acpi:SMO8500*:dmi:*:svnEstar:pneSTARBEAUTYHDIntelQuadcore:*
ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
#########################################
# Eve Technology
#########################################
@ -445,6 +454,10 @@ sensor:modalias:acpi:BOSC0200*:dmi:bvnINSYDECorp.:bvrjumperx.T87.KFBNEE:*
sensor:modalias:acpi:BOSC0200*:dmi:*:svnJumper:pnEZpad:*:rvr.A006:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, -1, 0; 0, 0, 1
# EZpad 7
sensor:modalias:acpi:KIOX0009*:dmi:*:bvrJumper12x.WJ2012.bsBKRCP*:svnJumper:pnEZpad:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
# EZpad Go
sensor:modalias:acpi:KIOX000A*:dmi:bvnAmericanMegatrendsInc.:*:svnjumper:pnEZpad:*:ct31:*
ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
@ -484,8 +497,9 @@ sensor:modalias:acpi:BMA250E*:dmi:bvnLENOVO:*:pvrLenovoMIIX3-1030:*
sensor:modalias:acpi:SMO8500*:dmi:bvnLENOVO:*:pvrLenovoMIIX3-830:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
# IdeaPad D330
# IdeaPad D330 and D330-10IGM
sensor:modalias:acpi:BOSC0200*:dmi:*:svnLENOVO:pn81H3:*
sensor:modalias:acpi:BOSC0200*:dmi:*:svnLENOVO:*:cvrLenovoideapadD330-10IGM:*
ACCEL_MOUNT_MATRIX=0, 1, 0; -1, 0, 0; 0, 0, 1
# IdeaPad Miix 300
@ -517,13 +531,18 @@ sensor:modalias:acpi:*BOSC0200*:dmi:*:svnLENOVO*:pn80U1:*
sensor:modalias:acpi:BOSC0200*:dmi:*:svnLINX*:pnLINX1010B:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, -1
# Linx 12X64 and 12V64
# Linx 12X64, 12V64 and Vision 8
sensor:modalias:acpi:KIOX000A*:dmi:*:svnLINX*:pnLINX12*64:*
sensor:modalias:acpi:KIOX000A*:dmi:*:svnLINX:pnVISION004:*
ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1
#########################################
# Medion
#########################################
# Medion Akoya E2228T MD61900
sensor:modalias:acpi:KIOX020A*:dmi:*:svnMEDION:pnE2228TMD61900:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, -1, 0; 0, 0, -1
ACCEL_LOCATION=base
# Medion Akoya E1239T MD60568
sensor:modalias:acpi:KIOX0009*:dmi:*:svnMEDION:pnE1239TMD60568:*
@ -580,6 +599,10 @@ sensor:modalias:acpi:SMO8500*:dmi:*:svnMicro-StarInternationalCo.,Ltd.:pnS100:*
sensor:modalias:acpi:BOSC0200*:dmi:*:svnCompletElectroServ:pnMY8307:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
# MY8312
sensor:modalias:acpi:KIOX010A*:dmi:*:svnCompletElectroServSA:pnMY8312:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, -1, 0; 0, 0, 1
#########################################
# Nuvision (TMax)
#########################################
@ -680,6 +703,14 @@ sensor:modalias:acpi:BOSC0200*:dmi:bvnINSYDECorp.:bvrMx.WT107.KUBNGEA*svnInsyde:
sensor:modalias:acpi:SMO8500*:dmi:*:svnProwise:pnPT301:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
#########################################
# Reeder
#########################################
# A8iW-Rev.A
sensor:modalias:acpi:SMO8500*:dmi:*:rvnReeder:rnA8iW-Rev.A:*
ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
#########################################
# Schneider
#########################################
@ -747,6 +778,10 @@ sensor:modalias:acpi:BMA250*:dmi:*:bvrTREK.G.WI71C.JGBMRBA*:*:svnInsyde:pnST7041
sensor:modalias:acpi:BMA250*:dmi:*:bvrTREK.G.WI71C.JGBMRBA*:*:svnTrekStor:pnSurfTabwintron7.0ST70416-6:*
ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1
# SurfTab Wintron 10.1 ST10432-3, generic DMI string, use partial BIOS version match
sensor:modalias:acpi:SMO8500*:dmi:*:bvrWintron.R25M.02.0*:*:svnInsyde:pnBayTrail:*
ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1
sensor:modalias:acpi:KIOX000A*:dmi:*:svnTrekStor:pnSurfTabtwin10.1:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
@ -761,11 +796,15 @@ sensor:modalias:acpi:BOSC0200*:dmi:*:bvrTP15-VT5.2.1.3:*:svnTrekStor*:pnSurfTabt
sensor:modalias:acpi:KIOX010A*:dmi:*:svnTREKSTOR:pnPrimebookC11B:*
sensor:modalias:acpi:KIOX010A*:dmi:*:svnTREKSTOR:pnPRIMEBOOKC11B:*
sensor:modalias:acpi:KIOX010A*:dmi:*:svnTREKSTOR:pnYourbookC11B:*
sensor:modalias:acpi:KIOX010A*:dmi:*:svnTREKSTOR:pnYOURBOOKC11B:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, -1, 0; 0, 0, -1
ACCEL_LOCATION=display
sensor:modalias:acpi:KIOX020A*:dmi:*:svnTREKSTOR:pnPrimebookC11B:*
sensor:modalias:acpi:KIOX020A*:dmi:*:svnTREKSTOR:pnPRIMEBOOKC11B:*
sensor:modalias:acpi:KIOX020A*:dmi:*:svnTREKSTOR:pnYourbookC11B:*
sensor:modalias:acpi:KIOX020A*:dmi:*:svnTREKSTOR:pnYOURBOOKC11B:*
ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1
ACCEL_LOCATION=base

17
hwdb.d/70-mouse.hwdb
View File

@ -190,6 +190,14 @@ mouse:usb:v413cp301a:name:PixArt Dell MS116 USB Optical Mouse:*
mouse:usb:v0461p4d46:name:USB Optical Mouse:*
MOUSE_DPI=1000@125
##########################################
# Elecom
#########################################
# Elecom HUGE TrackBall (M-HT1DR)
mouse:usb:v056ep010d:name:ELECOM TrackBall Mouse HUGE TrackBall:*
MOUSE_DPI=500@125 *1000@125 1500@125
##########################################
# Fujitsu Siemens
##########################################
@ -267,6 +275,7 @@ mouse:usb:v04b3p3107:name:*
# Kensington Expert Mouse trackball
mouse:usb:v047dp1020:*Kensington Expert Mouse*:*
ID_INPUT_TRACKBALL=1
MOUSE_DPI=400@125
##########################################
# Lenovo
@ -424,6 +433,10 @@ mouse:usb:v046dpc51a:name:Logitech USB Receiver:*
mouse:usb:v046dpc01e:name:Logitech USB-PS/2 Optical Mouse:*
MOUSE_DPI=400@125 *800@125 1600@125
# Logitech MX 518 Legendary (HERO sensor)
mouse:usb:v046dpc08e:name:Logitech MX518 Gaming Mouse:*
MOUSE_DPI=400@1000 *800@1000 1600@1000 3200@1000 6400@1000
# Logitech MX1000 Laser Cordless Mouse
mouse:bluetooth:v046dpb003:name:Logitech MX1000 mouse:*
MOUSE_DPI=800@80
@ -478,7 +491,9 @@ mouse:bluetooth:v046dpb019:name:MX Master 2S Mouse:*
MOUSE_WHEEL_CLICK_COUNT=24
MOUSE_WHEEL_CLICK_COUNT_HORIZONTAL=14
# Logitech MX Ergo (via Bluetooth)
# Logitech MX Ergo
mouse:usb:v046dp406f:name:Logitech MX Ergo:*
mouse:usb:v046dpc52b:name:Logitech Unifying Device. Wireless PID:406f:*
mouse:bluetooth:v046dpb01d:name:MX Ergo Mouse:*
ID_INPUT_TRACKBALL=1

11
hwdb.d/README Normal file
View File

@ -0,0 +1,11 @@
Files in this directory specify a description of hardware devices, in the form
of mappings from modalias-like keys (which identify specific hardware devices)
to udev properties.
Files in this directory are not read by udev directly. Instead,
man:systemd-hwdb(8) compiles them into a binary database.
See man:hwdb(7) for an overview of the configuration file format, and
man:systemd-udevd.service(8) for a description of the udev daemon.
Use 'systemd-analyze cat-config udev/hwdb.d' to display the effective config.

5
hwdb.d/acpi_id_registry.html
View File

@ -100,6 +100,11 @@
<tr class="even"><td>CHENGDU HAIGUANG IC DESIGN CO., LTD</td><td>HYGO</td><td>07/15/2020</td> </tr>
<tr class="odd"><td>PixArt imaging inc.</td><td>PIXA</td><td>07/15/2020</td> </tr>
<tr class="even"><td>Loongson Technology Corporation Limited</td><td>LOON</td><td>09/10/2020</td> </tr>
<tr class="odd"><td>Seiko Epson Corporation</td><td>SECC</td><td>02/16/2021</td> </tr>
<tr class="even"><td>Alibaba Co., Ltd.</td><td>BABA</td><td>02/02/2021</td> </tr>
<tr class="odd"><td>Juniper Systems, Inc.</td><td>JSYS</td><td>03/18/2021</td> </tr>
<tr class="even"><td>Framework Computer LLC</td><td>FRMW</td><td>03/22/2021</td> </tr>
<tr class="odd"><td>Pensando Systems, Inc.</td><td>PNSO</td><td>03/24/2021</td> </tr>
</tbody>
</table>
</body>

5280
hwdb.d/ma-large.txt
View File

File diff suppressed because it is too large Load Diff

1302
hwdb.d/ma-medium.txt
View File

File diff suppressed because it is too large Load Diff

1274
hwdb.d/ma-small.txt
View File

File diff suppressed because it is too large Load Diff

11
hwdb.d/meson.build
View File

@ -4,6 +4,8 @@
# they are very long but quite repetitive and the parser is not very fast.
# So we don't "test" them.
hwdb_files_notest = files('''
README
20-dmi-id.hwdb
20-pci-vendor-model.hwdb
20-pci-classes.hwdb
20-usb-vendor-model.hwdb
@ -19,6 +21,7 @@ hwdb_files_notest = files('''
hwdb_files_test = files('''
60-autosuspend.hwdb
60-autosuspend-fingerprint-reader.hwdb
60-evdev.hwdb
60-input-id.hwdb
60-keyboard.hwdb
@ -64,9 +67,9 @@ endif
############################################################
run_target(
'hwdb-update',
command : [hwdb_update_sh, meson.current_source_dir()])
'update-hwdb',
command : [update_hwdb_sh, meson.current_source_dir()])
run_target(
'autosuspend-update',
command : [autosuspend_update_sh, project_source_root + '/tools/chromiumos'])
'update-hwdb-autosuspend',
command : [update_hwdb_autosuspend_sh, project_source_root])

57
hwdb.d/parse_hwdb.py
View File

@ -33,7 +33,7 @@ try:
OneOrMore, Combine, Or, Optional, Suppress, Group,
nums, alphanums, printables,
stringEnd, pythonStyleComment,
ParseBaseException)
ParseBaseException, __diag__)
except ImportError:
print('pyparsing is not available')
sys.exit(77)
@ -50,6 +50,12 @@ except ImportError:
# don't do caching on old python
lru_cache = lambda: (lambda f: f)
__diag__.warn_multiple_tokens_in_named_alternation = True
__diag__.warn_ungrouped_named_tokens_in_collection = True
__diag__.warn_name_set_on_empty_Forward = True
__diag__.warn_on_multiple_string_args_to_oneof = True
__diag__.enable_debug_on_named_expressions = True
EOL = LineEnd().suppress()
EMPTYLINE = LineEnd()
COMMENTLINE = pythonStyleComment + EOL
@ -111,9 +117,9 @@ def hwdb_grammar():
def property_grammar():
ParserElement.setDefaultWhitespaceChars(' ')
dpi_setting = (Optional('*')('DEFAULT') + INTEGER('DPI') + Suppress('@') + INTEGER('HZ'))('SETTINGS*')
dpi_setting = Group(Optional('*')('DEFAULT') + INTEGER('DPI') + Suppress('@') + INTEGER('HZ'))('SETTINGS*')
mount_matrix_row = SIGNED_REAL + ',' + SIGNED_REAL + ',' + SIGNED_REAL
mount_matrix = (mount_matrix_row + ';' + mount_matrix_row + ';' + mount_matrix_row)('MOUNT_MATRIX')
mount_matrix = Group(mount_matrix_row + ';' + mount_matrix_row + ';' + mount_matrix_row)('MOUNT_MATRIX')
xkb_setting = Optional(Word(alphanums + '+-/@._'))
props = (('MOUSE_DPI', Group(OneOrMore(dpi_setting))),
@ -121,20 +127,20 @@ def property_grammar():
('MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL', INTEGER),
('MOUSE_WHEEL_CLICK_COUNT', INTEGER),
('MOUSE_WHEEL_CLICK_COUNT_HORIZONTAL', INTEGER),
('ID_AUTOSUSPEND', Literal('1')),
('ID_INPUT', Literal('1')),
('ID_INPUT_ACCELEROMETER', Literal('1')),
('ID_INPUT_JOYSTICK', Literal('1')),
('ID_INPUT_KEY', Literal('1')),
('ID_INPUT_KEYBOARD', Literal('1')),
('ID_INPUT_MOUSE', Literal('1')),
('ID_INPUT_POINTINGSTICK', Literal('1')),
('ID_INPUT_SWITCH', Literal('1')),
('ID_INPUT_TABLET', Literal('1')),
('ID_INPUT_TABLET_PAD', Literal('1')),
('ID_INPUT_TOUCHPAD', Literal('1')),
('ID_INPUT_TOUCHSCREEN', Literal('1')),
('ID_INPUT_TRACKBALL', Literal('1')),
('ID_AUTOSUSPEND', Or((Literal('0'), Literal('1')))),
('ID_INPUT', Or((Literal('0'), Literal('1')))),
('ID_INPUT_ACCELEROMETER', Or((Literal('0'), Literal('1')))),
('ID_INPUT_JOYSTICK', Or((Literal('0'), Literal('1')))),
('ID_INPUT_KEY', Or((Literal('0'), Literal('1')))),
('ID_INPUT_KEYBOARD', Or((Literal('0'), Literal('1')))),
('ID_INPUT_MOUSE', Or((Literal('0'), Literal('1')))),
('ID_INPUT_POINTINGSTICK', Or((Literal('0'), Literal('1')))),
('ID_INPUT_SWITCH', Or((Literal('0'), Literal('1')))),
('ID_INPUT_TABLET', Or((Literal('0'), Literal('1')))),
('ID_INPUT_TABLET_PAD', Or((Literal('0'), Literal('1')))),
('ID_INPUT_TOUCHPAD', Or((Literal('0'), Literal('1')))),
('ID_INPUT_TOUCHSCREEN', Or((Literal('0'), Literal('1')))),
('ID_INPUT_TRACKBALL', Or((Literal('0'), Literal('1')))),
('POINTINGSTICK_SENSITIVITY', INTEGER),
('POINTINGSTICK_CONST_ACCEL', REAL),
('ID_INPUT_JOYSTICK_INTEGRATION', Or(('internal', 'external'))),
@ -240,10 +246,19 @@ def check_one_keycode(prop, value):
'KBD_LCD_MENU' in key):
error('Keycode {} unknown', key)
def check_wheel_clicks(properties):
pairs = (('MOUSE_WHEEL_CLICK_COUNT_HORIZONTAL', 'MOUSE_WHEEL_CLICK_COUNT'),
('MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL', 'MOUSE_WHEEL_CLICK_ANGLE'),
('MOUSE_WHEEL_CLICK_COUNT_HORIZONTAL', 'MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL'),
('MOUSE_WHEEL_CLICK_COUNT', 'MOUSE_WHEEL_CLICK_ANGLE'))
for pair in pairs:
if pair[0] in properties and pair[1] not in properties:
error('{} requires {} to be specified', *pair)
def check_properties(groups):
grammar = property_grammar()
for matches, props in groups:
prop_names = set()
seen_props = {}
for prop in props:
# print('--', prop)
prop = prop.partition('#')[0].rstrip()
@ -253,9 +268,9 @@ def check_properties(groups):
error('Failed to parse: {!r}', prop)
continue
# print('{!r}'.format(parsed))
if parsed.NAME in prop_names:
if parsed.NAME in seen_props:
error('Property {} is duplicated', parsed.NAME)
prop_names.add(parsed.NAME)
seen_props[parsed.NAME] = parsed.VALUE
if parsed.NAME == 'MOUSE_DPI':
check_one_default(prop, parsed.VALUE.SETTINGS)
elif parsed.NAME == 'ACCEL_MOUNT_MATRIX':
@ -264,6 +279,8 @@ def check_properties(groups):
val = parsed.VALUE if isinstance(parsed.VALUE, str) else parsed.VALUE[0]
check_one_keycode(prop, val)
check_wheel_clicks(seen_props)
def print_summary(fname, groups):
n_matches = sum(len(matches) for matches, props in groups)
n_props = sum(len(props) for matches, props in groups)

841
hwdb.d/pci.ids
View File

File diff suppressed because it is too large Load Diff

13
hwdb.d/pnp_id_registry.html
View File

@ -108,9 +108,9 @@
<tr class="even"><td>Alpha Telecom Inc</td><td>ATD</td><td>09/26/1997</td> </tr>
<tr class="odd"><td>Alpha-Top Corporation</td><td>ATP</td><td>12/04/1996</td> </tr>
<tr class="even"><td>AlphaView LCD</td><td>ALV</td><td>11/01/2008</td> </tr>
<tr class="odd"><td>Alpine Electronics, Inc.</td><td>APE</td><td>01/22/2013</td> </tr>
<tr class="even"><td>Alps Electric Company Ltd</td><td>ALP</td><td>11/29/1996</td> </tr>
<tr class="odd"><td>Alps Electric Inc</td><td>AUI</td><td>11/29/1996</td> </tr>
<tr class="odd"><td>ALPS ALPINE CO., LTD.</td><td>APE</td><td>01/22/2013</td> </tr>
<tr class="even"><td>ALPS ALPINE CO., LTD.</td><td>ALP</td><td>11/29/1996</td> </tr>
<tr class="odd"><td>ALPS ALPINE CO., LTD.</td><td>AUI</td><td>11/29/1996</td> </tr>
<tr class="even"><td>Alta Research Corporation</td><td>ARC</td><td>11/29/1996</td> </tr>
<tr class="odd"><td>Altec Corporation</td><td>ALC</td><td>08/04/1998</td> </tr>
<tr class="even"><td>Altec Lansing</td><td>ALJ</td><td>01/13/2000</td> </tr>
@ -2465,6 +2465,13 @@
<tr class="odd"><td>MILCOTS</td><td>MLC</td><td>07/15/2020</td> </tr>
<tr class="even"><td>NZXT (PNP same EDID)_</td><td>NXT</td><td>07/15/2020</td> </tr>
<tr class="odd"><td>Unicompute Technology Co., Ltd.</td><td>UTC</td><td>10/19/2020</td> </tr>
<tr class="even"><td>TECHNOGYM S.p.A.</td><td>TGW</td><td>01/08/2021</td> </tr>
<tr class="odd"><td>Clover Electronics</td><td>CLR</td><td>02/02/2021</td> </tr>
<tr class="even"><td>Kyokko Communication System Co., Ltd.</td><td>KTS</td><td>02/18/2021</td> </tr>
<tr class="odd"><td>Terumo Corporation</td><td>TMO</td><td>02/02/2021</td> </tr>
<tr class="even"><td>Micro-Star Int&#039;l Co., Ltd.</td><td>CND</td><td>02/17/2021</td> </tr>
<tr class="odd"><td>Newline Interactive Inc.</td><td>NWL</td><td>12/03/2020</td> </tr>
<tr class="even"><td>CORSAIR MEMORY Inc.</td><td>CRM</td><td>02/05/2021</td> </tr>
</tbody>
</table>
</body>

23
hwdb.d/usb.ids
View File

@ -9,8 +9,8 @@
# The latest version can be obtained from
# http://www.linux-usb.org/usb.ids
#
# Version: 2020.08.26
# Date: 2020-08-26 20:34:09
# Version: 2021.02.19
# Date: 2021-02-19 20:34:10
#
# Vendors, devices and interfaces. Please keep sorted.
@ -1523,6 +1523,7 @@
0155 5800 XpressMusic (Multimedia mode)
0156 5800 XpressMusic (Storage mode)
0157 5800 XpressMusic (Imaging mode)
0189 N810 Internet Tablet WiMAX
0199 6700 Classic (msc)
019a 6700 Classic (PC Suite)
019b 6700 Classic (mtp)
@ -1530,7 +1531,7 @@
01b1 6303 classic Phone (Mass storage mode)
01b2 6303 classic Phone (Printing and media mode)
01c7 N900 (Storage Mode)
01c8 N900 (PC-Suite Mode)
01c8 N900/N950 (PC-Suite Mode)
0228 5530 XpressMusic
023a 6730 Classic
026a N97 (mass storage)
@ -1550,7 +1551,8 @@
03c1 C7-00 (Media transfer mode)
03c2 Sim
03cd C7-00 (Nokia Suite mode)
03d1 N950
03d1 N950 (Storage Mode)
03d2 N950 (PC Suite mode)
0400 7600 Phone Parent
0401 6650 GSM Phone
0402 6255 Phone Parent
@ -1581,7 +1583,7 @@
0423 6682 Phone Parent
0428 6230i Modem
0429 6230i MultiMedia Card
0431 770 Internet Tablet
0431 770/N800 Internet Tablet
0432 N90 Phone Parent
0435 E70 (IP Passthrough/RNDIS mode)
0436 E60 (IP Passthrough/RNDIS mode)
@ -1615,7 +1617,9 @@
04f9 6300 (PC Suite mode)
0508 E65 (PC Suite mode)
0509 E65 (Storage mode)
0518 N9 Phone
0518 N9 (Storage mode)
0519 N9 (RNDIS/Ethernet mode)
051a N9 (PC Suite mode)
054d C2-01
0600 Digital Pen SU-1B
0610 CS-15 (Internet Stick 3G modem)
@ -8752,6 +8756,7 @@
05fc Harman
0001 Soundcraft Si Multi Digital Card
0010 Soundcraft Si MADI combo card
0021 Soundcraft Signature 12 MTK
7849 Harman/Kardon SoundSticks
05fd InterAct, Inc.
0239 SV-239 HammerHead Digital
@ -22447,6 +22452,9 @@
32b3 TEXA
d1a6 TXT Multihub
d1a7 TXT Multihub
3310 MUDITA Sp. z o.o.
0100 Pure
0101 Pure tethering
3333 InLine
3333 2 port KVM switch model 60652K
3334 AEI
@ -22458,6 +22466,9 @@
ffff Mio DigiWalker Sync
3344 Leaguer Microelectronics (LME)
3744 OEM PC Remote
3384 System76
0000 Thelio Io (thelio-io)
0001 Launch Configurable Keyboard (launch_1)
348f ISY
2322 Wireless Presenter
3504 Micro Star

9
man/bootup.xml
View File

@ -92,10 +92,10 @@
<!-- note: do not use unicode ellipsis here, because docbook will replace that
with three dots anyway, messing up alignment -->
<programlisting> cryptsetup-pre.target
<programlisting> cryptsetup-pre.target veritysetup-pre.target
|
(various low-level v
API VFS mounts: (various cryptsetup devices...)
API VFS mounts: (various cryptsetup/veritysetup devices...)
mqueue, configfs, | |
debugfs, ...) v |
| cryptsetup.target |
@ -105,7 +105,7 @@
| v local-fs-pre.target | | | (network file systems)
| swap.target | | v v |
| | v | remote-cryptsetup.target |
| | (various low-level (various mounts and | | |
| | (various low-level (various mounts and | remote-veritysetup.target |
| | services: udevd, fsck services...) | | remote-fs.target
| | tmpfiles, random | | | /
| | seed, sysctl, ...) v | | /
@ -303,7 +303,8 @@ emergency.service | | |
<programlisting> (conflicts with (conflicts with
all system all file system
services) mounts, swaps,
| cryptsetup
| cryptsetup/
| veritysetup
| devices, ...)
| |
v v

93
man/less-variables.xml → man/common-variables.xml
View File

@ -7,6 +7,80 @@
<title>Environment</title>
<variablelist class='environment-variables'>
<varlistentry id='log-level'>
<term><varname>$SYSTEMD_LOG_LEVEL</varname></term>
<listitem><para id='log-level-body'>The maximum log level of emitted messages (messages with a higher
log level, i.e. less important ones, will be suppressed). Either one of (in order of decreasing
importance) <constant>emerg</constant>, <constant>alert</constant>, <constant>crit</constant>,
<constant>err</constant>, <constant>warning</constant>, <constant>notice</constant>,
<constant>info</constant>, <constant>debug</constant>, or an integer in the range 0…7. See
<citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
for more information.</para>
</listitem>
</varlistentry>
<varlistentry id='log-color'>
<term><varname>$SYSTEMD_LOG_COLOR</varname></term>
<listitem><para id='log-color-body'>A boolean. If true, messages written to the tty will be colored
according to priority.</para>
<para>This setting is only useful when messages are written directly to the terminal, because
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> and
other tools that display logs will color messages based on the log level on their own.</para>
</listitem>
</varlistentry>
<varlistentry id='log-time'>
<term><varname>$SYSTEMD_LOG_TIME</varname></term>
<listitem><para id='log-time-body'>A boolean. If true, log messages will be prefixed with a
timestamp.</para>
<para>This setting is only useful when messages are written directly to the terminal or a file, because
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> and
other tools that display logs will attach timestamps based on the entry metadata on their own.</para>
</listitem>
</varlistentry>
<varlistentry id='log-location'>
<term><varname>$SYSTEMD_LOG_LOCATION</varname></term>
<listitem><para id='log-location-body'>A boolean. If true, messages will be prefixed with a filename
and line number in the source code where the message originates.</para>
<para>Note that the log location is often attached as metadata to journal entries anyway. Including it
directly in the message text can nevertheless be convenient when debugging programs.</para>
</listitem>
</varlistentry>
<varlistentry id='log-tid'>
<term><varname>$SYSTEMD_LOG_TID</varname></term>
<listitem><para id='log-tid-body'>A boolean. If true, messages will be prefixed with the current
numerical thread ID (TID).</para>
<para>Note that the this information is attached as metadata to journal entries anyway. Including it
directly in the message text can nevertheless be convenient when debugging programs.</para>
</listitem>
</varlistentry>
<varlistentry id='log-target'>
<term><varname>$SYSTEMD_LOG_TARGET</varname></term>
<listitem><para id='log-target-body'>The destination for log messages. One of
<constant>console</constant> (log to the attached tty), <constant>console-prefixed</constant> (log to
the attached tty but with prefixes encoding the log level and "facility", see <citerefentry
project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<constant>kmsg</constant> (log to the kernel circular log buffer), <constant>journal</constant> (log to
the journal), <constant>journal-or-kmsg</constant> (log to the journal if available, and to kmsg
otherwise), <constant>auto</constant> (determine the appropriate log target automatically, the default),
<constant>null</constant> (disable log output).</para>
<!-- <constant>syslog</constant>, <constant>syslog-or-kmsg</constant> are deprecated -->
</listitem>
</varlistentry>
<varlistentry id='pager'>
<term><varname>$SYSTEMD_PAGER</varname></term>
@ -69,15 +143,15 @@
<listitem><para>Takes a boolean argument. When true, the "secure" mode of the pager is enabled; if
false, disabled. If <varname>$SYSTEMD_PAGERSECURE</varname> is not set at all, secure mode is enabled
if the effective UID is not the same as the owner of the login session, see <citerefentry
project='man-pages'><refentrytitle>geteuid</refentrytitle><manvolnum>2</manvolnum></citerefentry> and
<citerefentry><refentrytitle>sd_pid_get_owner_uid</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
if the effective UID is not the same as the owner of the login session, see
<citerefentry project='man-pages'><refentrytitle>geteuid</refentrytitle><manvolnum>2</manvolnum></citerefentry>
and <citerefentry><refentrytitle>sd_pid_get_owner_uid</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
In secure mode, <option>LESSSECURE=1</option> will be set when invoking the pager, and the pager shall
disable commands that open or create new files or start new subprocesses. When
<varname>$SYSTEMD_PAGERSECURE</varname> is not set at all, pagers which are not known to implement
secure mode will not be used. (Currently only
<citerefentry><refentrytitle>less</refentrytitle><manvolnum>1</manvolnum></citerefentry> implements
secure mode.)</para>
<citerefentry project='man-pages'><refentrytitle>less</refentrytitle><manvolnum>1</manvolnum></citerefentry>
implements secure mode.)</para>
<para>Note: when commands are invoked with elevated privileges, for example under <citerefentry
project='man-pages'><refentrytitle>sudo</refentrytitle><manvolnum>8</manvolnum></citerefentry> or
@ -94,10 +168,11 @@
<varlistentry id='colors'>
<term><varname>$SYSTEMD_COLORS</varname></term>
<listitem><para>The value must be a boolean. Controls whether colorized output should be
generated. This can be specified to override the decision that <command>systemd</command> makes based
on <varname>$TERM</varname> and what the console is connected to.</para>
</listitem>
<listitem><para>Takes a boolean argument. When true, <command>systemd</command> and related utilities
will use colors in their output, otherwise the output will be monochrome. Additionally, the variable can
take one of the following special values: <literal>16</literal>, <literal>256</literal> to restrict the use
of colors to the base 16 or 256 ANSI colors, respectively. This can be specified to override the automatic
decision based on <varname>$TERM</varname> and what the console is connected to.</para></listitem>
</varlistentry>
<!-- This is not documented on purpose, because it is not clear if $NO_COLOR will become supported

62
man/coredumpctl.xml
View File

@ -137,7 +137,8 @@
<citerefentry project='man-pages'><refentrytitle>gdb</refentrytitle><manvolnum>1</manvolnum></citerefentry>
will be used. This may be changed using the <option>--debugger=</option>
option or the <varname>$SYSTEMD_DEBUGGER</varname> environment
variable.</para></listitem>
variable. Use the <option>--debugger-arguments=</option> option to pass extra
command line arguments to the debugger.</para></listitem>
</varlistentry>
</variablelist>
@ -153,20 +154,22 @@
<xi:include href="standard-options.xml" xpointer="help" />
<xi:include href="standard-options.xml" xpointer="version" />
<varlistentry>
<term><option>--no-legend</option></term>
<listitem><para>Do not print column headers.</para></listitem>
</varlistentry>
<xi:include href="standard-options.xml" xpointer="no-pager" />
<xi:include href="standard-options.xml" xpointer="no-legend" />
<xi:include href="standard-options.xml" xpointer="json" />
<varlistentry>
<term><option>-1</option></term>
<listitem><para>Show information of a single core dump only, instead of listing
all known core dumps.</para></listitem>
<listitem><para>Show information of the most recent core dump only, instead of listing all known core
dumps. (Equivalent to <option>--reverse -n 1</option></para></listitem>
</varlistentry>
<varlistentry>
<term><option>-n</option> <replaceable>INT</replaceable></term>
<listitem><para>Show at most the specified number of entries. The specified parameter must be an
integer greater or equal to 1.</para></listitem>
</varlistentry>
<varlistentry>
@ -217,6 +220,15 @@
will be used. </para></listitem>
</varlistentry>
<varlistentry>
<term><option>-A</option> <replaceable>ARGS</replaceable></term>
<term><option>--debugger-arguments=</option><replaceable>ARGS</replaceable></term>
<listitem><para>Pass the given <replaceable>ARGS</replaceable> as extra command line arguments
to the debugger. Quote as appropriate when <replaceable>ARGS</replaceable> contain whitespace.
(See Examples.)</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--file=<replaceable>GLOB</replaceable></option></term>
@ -312,29 +324,47 @@
<title>Examples</title>
<example>
<title>List all the core dumps of a program named foo</title>
<title>List all the core dumps of a program</title>
<programlisting># coredumpctl list foo</programlisting>
<programlisting>$ coredumpctl list /usr/lib64/firefox/firefox
TIME PID UID GID SIG COREFILE EXE SIZE
Tue … 8018 1000 1000 SIGSEGV missing /usr/lib64/firefox/firefox n/a
Wed … 251609 1000 1000 SIGTRAP missing /usr/lib64/firefox/firefox n/a
Fri … 552351 1000 1000 SIGSEGV present /usr/lib64/firefox/firefox 28.7M
</programlisting>
<para>The journal has three entries pertaining to <filename>/usr/lib64/firefox/firefox</filename>, and
only the last entry still has an available core file (in external storage on disk).</para>
<para>Note that <filename>coredumpctl</filename> needs access to the journal files to retrieve the
relevant entries from the journal. Thus, an unprivileged user will normally only see information about
crashing programs of this user.</para>
</example>
<example>
<title>Invoke gdb on the last core dump</title>
<title>Invoke <command>gdb</command> on the last core dump</title>
<programlisting># coredumpctl debug</programlisting>
<programlisting>$ coredumpctl debug</programlisting>
</example>
<example>
<title>Use <command>gdb</command> to display full register info from the last core dump</title>
<programlisting>$ coredumpctl debug --debugger-arguments="-batch -ex 'info all-registers'"</programlisting>
</example>
<example>
<title>Show information about a process that dumped core,
matching by its PID 6654</title>
<programlisting># coredumpctl info 6654</programlisting>
<programlisting>$ coredumpctl info 6654</programlisting>
</example>
<example>
<title>Extract the last core dump of /usr/bin/bar to a file named
<filename index="false">bar.coredump</filename></title>
<programlisting># coredumpctl -o bar.coredump dump /usr/bin/bar</programlisting>
<programlisting>$ coredumpctl -o bar.coredump dump /usr/bin/bar</programlisting>
</example>
</refsect1>

339
man/crypttab.xml
View File

@ -45,33 +45,98 @@
The first two fields are mandatory, the remaining two are
optional.</para>
<para>Setting up encrypted block devices using this file supports
three encryption modes: LUKS, TrueCrypt and plain. See
<citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
for more information about each mode. When no mode is specified in
the options field and the block device contains a LUKS signature,
it is opened as a LUKS device; otherwise, it is assumed to be in
raw dm-crypt (plain mode) format.</para>
<para>Setting up encrypted block devices using this file supports four encryption modes: LUKS, TrueCrypt,
BitLocker and plain. See <citerefentry
project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry> for
more information about each mode. When no mode is specified in the options field and the block device
contains a LUKS signature, it is opened as a LUKS device; otherwise, it is assumed to be in raw dm-crypt
(plain mode) format.</para>
<para>The first field contains the name of the resulting encrypted volume; its block device is set up
below <filename>/dev/mapper/</filename>.</para>
<para>The four fields of <filename>/etc/crypttab</filename> are defined as follows:</para>
<para>The second field contains a path to the underlying block
device or file, or a specification of a block device via
<literal>UUID=</literal> followed by the UUID.</para>
<orderedlist>
<para>The third field specifies an absolute path to a file with the encryption key. Optionally,
the path may be followed by <literal>:</literal> and an fstab device specification (e.g. starting with
<literal>LABEL=</literal> or similar); in which case the path is taken relative to the device file system
root. If the field is not present or is <literal>none</literal> or <literal>-</literal>, a key file
named after the volume to unlock (i.e. the first column of the line), suffixed with
<filename>.key</filename> is automatically loaded from the <filename>/etc/cryptsetup-keys.d/</filename>
and <filename>/run/cryptsetup-keys.d/</filename> directories, if present. Otherwise, the password has to
be manually entered during system boot. For swap encryption, <filename>/dev/urandom</filename> may be
used as key file.</para>
<listitem><para>The first field contains the name of the resulting volume with decrypted data; its
block device is set up below <filename>/dev/mapper/</filename>.</para></listitem>
<para>The fourth field, if present, is a comma-delimited list of
options. The following options are recognized:</para>
<listitem><para>The second field contains a path to the underlying block
device or file, or a specification of a block device via
<literal>UUID=</literal> followed by the UUID.</para></listitem>
<listitem><para>The third field specifies an absolute path to a file with the encryption
key. Optionally, the path may be followed by <literal>:</literal> and an
<filename>/etc/fstab</filename> style device specification (e.g. starting with
<literal>LABEL=</literal> or similar); in which case the path is taken relative to the specified
device's file system root. If the field is not present or is <literal>none</literal> or
<literal>-</literal>, a key file named after the volume to unlock (i.e. the first column of the line),
suffixed with <filename>.key</filename> is automatically loaded from the
<filename>/etc/cryptsetup-keys.d/</filename> and <filename>/run/cryptsetup-keys.d/</filename>
directories, if present. Otherwise, the password has to be manually entered during system boot. For
swap encryption, <filename>/dev/urandom</filename> may be used as key file, resulting in a randomized
key.</para>
<para>If the specified key file path refers to an <constant>AF_UNIX</constant> stream socket in the
file system, the key is acquired by connecting to the socket and reading it from the connection. This
allows the implementation of a service to provide key information dynamically, at the moment when it is
needed. For details see below.</para></listitem>
<listitem><para>The fourth field, if present, is a comma-delimited list of options. The supported
options are listed below.</para></listitem>
</orderedlist>
</refsect1>
<refsect1>
<title>Key Acquisition</title>
<para>Six different mechanisms for acquiring the decryption key or passphrase unlocking the encrypted
volume are supported. Specifically:</para>
<orderedlist>
<listitem><para>Most prominently, the user may be queried interactively during volume activation
(i.e. typically at boot), asking them to type in the necessary passphrase(s).</para></listitem>
<listitem><para>The (unencrypted) key may be read from a file on disk, possibly on removable media. The third field
of each line encodes the location, for details see above.</para></listitem>
<listitem><para>The (unencrypted) key may be requested from another service, by specifying an
<constant>AF_UNIX</constant> file system socket in place of a key file in the third field. For details
see above and below.</para></listitem>
<listitem><para>The key may be acquired via a PKCS#11 compatible hardware security token or
smartcard. In this case an encrypted key is stored on disk/removable media, acquired via
<constant>AF_UNIX</constant>, or stored in the LUKS2 JSON token metadata header. The encrypted key is
then decrypted by the PKCS#11 token with an RSA key stored on it, and then used to unlock the encrypted
volume. Use the <option>pkcs11-uri=</option> option described below to use this mechanism.</para></listitem>
<listitem><para>Similar, the key may be acquired via a FIDO2 compatible hardware security token (which
must implement the "hmac-secret" extension). In this case a (during enrollment) randomly generated key
is stored on disk/removable media, acquired via <constant>AF_UNIX</constant>, or stored in the LUKS2
JSON token metadata header. The random key is hashed via a keyed hash function (HMAC) on the FIDO2
token, using a secret key stored on the token that never leaves it. The resulting hash value is then
used as key to unlock the encrypted volume. Use the <option>fido2-device=</option> option described
below to use this mechanism.</para></listitem>
<listitem><para>Similar, the key may be acquired via a TPM2 security chip. In this case a (during
enrollment) randomly generated key — encrypted by an asymmetric key derived from the TPM2 chip's seed
key — is stored on disk/removable media, acquired via <constant>AF_UNIX</constant>, or stored in the
LUKS2 JSON token metadata header. Use the <option>tpm2-device=</option> option described below to use
this mechanism.</para></listitem>
</orderedlist>
<para>For the latter five mechanisms the source for the key material used for unlocking the volume is
primarily configured in the third field of each <filename>/etc/crypttab</filename> line, but may also
configured in <filename>/etc/cryptsetup-keys.d/</filename> and
<filename>/run/cryptsetup-keys.d/</filename> (see above) or in the LUKS2 JSON token header (in case of
the latter three). Use the
<citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>
tool to enroll PKCS#11, FIDO2 and TPM2 devices in LUKS2 volumes.</para>
</refsect1>
<refsect1>
<title>Supported Options</title>
<para>The following options may be used in the fourth field of each line:</para>
<variablelist class='fstab-options'>
@ -114,10 +179,10 @@
for possible values and the default value of this
option.</para>
<para>Optionally, the path may be followed by <literal>:</literal> and an fstab device specification
(e.g. starting with <literal>UUID=</literal> or similar); in which case, the path is relative to the
device file system root. The device gets mounted automatically for LUKS device activation duration only.
</para></listitem>
<para>Optionally, the path may be followed by <literal>:</literal> and an
<filename>/etc/fstab</filename> device specification (e.g. starting with <literal>UUID=</literal> or
similar); in which case, the path is relative to the device file system root. The device gets mounted
automatically for LUKS device activation duration only.</para></listitem>
</varlistentry>
<varlistentry>
@ -187,8 +252,8 @@
<varlistentry>
<term><option>bitlk</option></term>
<listitem><para>Decrypt Bitlocker drive. Encryption parameters
are deduced by cryptsetup from Bitlocker header.</para></listitem>
<listitem><para>Decrypt BitLocker drive. Encryption parameters
are deduced by cryptsetup from BitLocker header.</para></listitem>
</varlistentry>
<varlistentry>
@ -258,7 +323,7 @@
<varlistentry>
<term><option>same-cpu-crypt</option></term>
<listitem><para>Perform encryption using the same cpu that IO was submitted on. The default is to use
<listitem><para>Perform encryption using the same CPU that IO was submitted on. The default is to use
an unbound workqueue so that encryption work is automatically balanced between available CPUs.</para>
<para>This requires kernel 4.0 or newer.</para>
@ -459,15 +524,134 @@
<varlistentry>
<term><option>pkcs11-uri=</option></term>
<listitem><para>Takes a <ulink url="https://tools.ietf.org/html/rfc7512">RFC7512 PKCS#11 URI</ulink>
pointing to a private RSA key which is used to decrypt the key specified in the third column of the
line. This is useful for unlocking encrypted volumes through security tokens or smartcards. See below
for an example how to set up this mechanism for unlocking a LUKS volume with a YubiKey security
token. The specified URI can refer directly to a private RSA key stored on a token or alternatively
<listitem><para>Takes either the special value <literal>auto</literal> or an <ulink
url="https://tools.ietf.org/html/rfc7512">RFC7512 PKCS#11 URI</ulink> pointing to a private RSA key
which is used to decrypt the encrypted key specified in the third column of the line. This is useful
for unlocking encrypted volumes through PKCS#11 compatible security tokens or smartcards. See below
for an example how to set up this mechanism for unlocking a LUKS2 volume with a YubiKey security
token.</para>
<para>If specified as <literal>auto</literal> the volume must be of type LUKS2 and must carry PKCS#11
security token metadata in its LUKS2 JSON token section. In this mode the URI and the encrypted key
are automatically read from the LUKS2 JSON token header. Use
<citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>
as simple tool for enrolling PKCS#11 security tokens or smartcards in a way compatible with
<literal>auto</literal>. In this mode the third column of the line should remain empty (that is,
specified as <literal>-</literal>).</para>
<para>The specified URI can refer directly to a private RSA key stored on a token or alternatively
just to a slot or token, in which case a search for a suitable private RSA key will be performed. In
this case if multiple suitable objects are found the token is refused. The key configured in the
third column is passed as is to RSA decryption. The resulting decrypted key is then base64 encoded
before it is used to unlock the LUKS volume.</para></listitem>
this case if multiple suitable objects are found the token is refused. The encrypted key configured
in the third column of the line is passed as is (i.e. in binary form, unprocessed) to RSA
decryption. The resulting decrypted key is then Base64 encoded before it is used to unlock the LUKS
volume.</para>
<para>Use <command>systemd-cryptenroll --pkcs11-token-uri=list</command> to list all suitable PKCS#11
security tokens currently plugged in, along with their URIs.</para>
<para>Note that many newer security tokens that may be used as PKCS#11 security token typically also
implement the newer and simpler FIDO2 standard. Consider using <option>fido2-device=</option>
(described below) to enroll it via FIDO2 instead. Note that a security token enrolled via PKCS#11
cannot be used to unlock the volume via FIDO2, unless also enrolled via FIDO2, and vice
versa.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>fido2-device=</option></term>
<listitem><para>Takes either the special value <literal>auto</literal> or the path to a
<literal>hidraw</literal> device node (e.g. <filename>/dev/hidraw1</filename>) referring to a FIDO2
security token that implements the <literal>hmac-secret</literal> extension (most current hardware
security tokens do). See below for an example how to set up this mechanism for unlocking an encrypted
volume with a FIDO2 security token.</para>
<para>If specified as <literal>auto</literal> the FIDO2 token device is automatically discovered, as
it is plugged in.</para>
<para>FIDO2 volume unlocking requires a client ID hash (CID) to be configured via
<option>fido2-cid=</option> (see below) and a key to pass to the security token's HMAC functionality
(configured in the line's third column) to operate. If not configured and the volume is of type
LUKS2, the CID and the key are read from LUKS2 JSON token metadata instead. Use
<citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>
as simple tool for enrolling FIDO2 security tokens, compatible with this automatic mode, which is
only available for LUKS2 volumes.</para>
<para>Use <command>systemd-cryptenroll --fido2-device=list</command> to list all suitable FIDO2
security tokens currently plugged in, along with their device nodes.</para>
<para>This option implements the following mechanism: the configured key is hashed via they HMAC
keyed hash function the FIDO2 device implements, keyed by a secret key embedded on the device. The
resulting hash value is Base64 encoded and used to unlock the LUKS2 volume. As it should not be
possible to extract the secret from the hardware token, it should not be possible to retrieve the
hashed key given the configured key — without possessing the hardware token.</para>
<para>Note that many security tokens that implement FIDO2 also implement PKCS#11, suitable for
unlocking volumes via the <option>pkcs11-uri=</option> option described above. Typically the newer,
simpler FIDO2 standard is preferable.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>fido2-cid=</option></term>
<listitem><para>Takes a Base64 encoded FIDO2 client ID to use for the FIDO2 unlock operation. If
specified, but <option>fido2-device=</option> is not, <option>fido2-device=auto</option> is
implied. If <option>fido2-device=</option> is used but <option>fido2-cid=</option> is not, the volume
must be of LUKS2 type, and the CID is read from the LUKS2 JSON token header. Use
<citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>
for enrolling a FIDO2 token in the LUKS2 header compatible with this automatic
mode.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>fido2-rp=</option></term>
<listitem><para>Takes a string, configuring the FIDO2 Relying Party (rp) for the FIDO2 unlock
operation. If not specified <literal>io.systemd.cryptsetup</literal> is used, except if the the LUKS2
JSON token header contains a different value. It should normally not be necessary to override
this.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>tpm2-device=</option></term>
<listitem><para>Takes either the special value <literal>auto</literal> or the path to a device node
(e.g. <filename>/dev/tpmrm0</filename>) referring to a TPM2 security chip. See below for an example
how to set up this mechanism for unlocking an encrypted volume with a TPM2 chip.</para>
<para>Use <option>tpm2-pcrs=</option> (see below) to configure the set of TPM2 PCRs to bind the
volume unlocking to. Use
<citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>
as simple tool for enrolling TPM2 security chips in LUKS2 volumes.</para>
<para>If specified as <literal>auto</literal> the TPM2 device is automatically discovered. Use
<command>systemd-cryptenroll --tpm2-device=list</command> to list all suitable TPM2 devices currently
available, along with their device nodes.</para>
<para>This option implements the following mechanism: when enrolling a TPM2 device via
<command>systemd-cryptenroll</command> on a LUKS2 volume, a randomized key unlocking the volume is
generated on the host and loaded into the TPM2 chip where it is encrypted with an asymmetric
"primary" key pair derived from the TPM2's internal "seed" key. Neither the seed key nor the primary
key are permitted to ever leave the TPM2 chip — however, the now encrypted randomized key may. It is
saved in the LUKS2 volume JSON token header. When unlocking the encrypted volume, the primary key
pair is generated on the TPM2 chip again (which works as long as the chip's seed key is correctly
maintained by the TPM2 chip), which is then used to decrypt (on the TPM2 chip) the encrypted key from
the LUKS2 volume JSON token header saved there during enrollment. The resulting decrypted key is then
used to unlock the volume. When the randomized key is encrypted the current values of the selected
PCRs (see below) are included in the operation, so that different PCR state results in different
encrypted keys and the decrypted key can only be recovered if the same PCR state is
reproduced.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>tpm2-pcrs=</option></term>
<listitem><para>Takes a comma separated list of numeric TPM2 PCR (i.e. "Platform Configuration
Register") indexes to bind the TPM2 volume unlocking to. This option is only useful when TPM2
enrollment metadata is not available in the LUKS2 JSON token header already, the way
<command>systemd-cryptenroll</command> writes it there. If not used (and no metadata in the LUKS2
JSON token header defines it), defaults to a list of a single entry: PCR 7. Assign an empty string to
encode a policy that binds the key to no PCRs, making the key accessible to local programs regardless
of the current PCR state.</para></listitem>
</varlistentry>
<varlistentry>
@ -518,6 +702,36 @@
<citerefentry><refentrytitle>systemd-cryptsetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
</refsect1>
<refsect1>
<title><constant>AF_UNIX</constant> Key Files</title>
<para>If the key file path (as specified in the third column of <filename>/etc/crypttab</filename>
entries, see above) refers to an <constant>AF_UNIX</constant> stream socket in the file system, the key
is acquired by connecting to the socket and reading the key from the connection. The connection is made
from an <constant>AF_UNIX</constant> socket name in the abstract namespace, see <citerefentry
project='man-pages'><refentrytitle>unix</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
details. The source socket name is chosen according the following format:</para>
<programlisting><constant>NUL</constant> <replaceable>RANDOM</replaceable> <literal>/cryptsetup/</literal> <replaceable>VOLUME</replaceable></programlisting>
<para>In other words: a <constant>NUL</constant> byte (as required for abstract namespace sockets),
followed by a random string (consisting of alphanumeric characters only), followed by the literal
string <literal>/cryptsetup/</literal>, followed by the name of the volume to acquire they key
for. Example (for a volume <literal>myvol</literal>):</para>
<example><programlisting>\0d7067f78d9827418/cryptsetup/myvol</programlisting></example>
<para>Services listening on the <constant>AF_UNIX</constant> stream socket may query the source socket
name with <citerefentry
project='man-pages'><refentrytitle>getpeername</refentrytitle><manvolnum>2</manvolnum></citerefentry>,
and use it to determine which key to send, allowing a single listening socket to serve keys for a
multitude of volumes. If the PKCS#11 logic is used (see above) the socket source name is picked in
identical fashion, except that the literal string <literal>/cryptsetup-pkcs11/</literal> is used (similar
for FIDO2: <literal>/cryptsetup-fido2/</literal> and TPM2: <literal>/cryptsetup-tpm2/</literal>). This is
done so that services providing key material know that not a secret key is requested but an encrypted key
that will be decrypted via the PKCS#11/FIDO2/TPM2 logic to acquire the final secret key.</para>
</refsect1>
<refsect1>
<title>Examples</title>
<example>
@ -536,26 +750,48 @@ external /dev/sda3 keyfile:LABEL=keydev keyfile-timeout=10s,cipher=xchac
</example>
<example>
<title>Yubikey-based Volume Unlocking Example</title>
<title>Yubikey-based PKCS#11 Volume Unlocking Example</title>
<para>The PKCS#11 logic allows hooking up any compatible security token that is capable of storing RSA
decryption keys. Here's an example how to set up a Yubikey security token for this purpose, using
<citerefentry project='debian'><refentrytitle>ykmap</refentrytitle><manvolnum>1</manvolnum></citerefentry>
from the yubikey-manager project:</para>
decryption keys for unlocking an encrypted volume. Here's an example how to set up a Yubikey security
token for this purpose on a LUKS2 volume, using <citerefentry
project='debian'><refentrytitle>ykmap</refentrytitle><manvolnum>1</manvolnum></citerefentry> from the
yubikey-manager project to initialize the token and
<citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>
to add it in the LUKS2 volume:</para>
<programlisting><xi:include href="yubikey-crypttab.sh" parse="text" /></programlisting>
<para>A few notes on the above:</para>
<para>A few notes on the above:</para>
<itemizedlist>
<listitem><para>We use RSA (and not ECC), since Yubikeys support PKCS#11 Decrypt() only for RSA keys</para></listitem>
<listitem><para>We use RSA2048, which is the longest key size current Yubikeys support</para></listitem>
<listitem><para>LUKS key size must be shorter than 2048bit due to RSA padding, hence we use 128 bytes</para></listitem>
<listitem><para>We use Yubikey key slot 9d, since that's apparently the keyslot to use for decryption purposes,
<ulink url="https://developers.yubico.com/PIV/Introduction/Certificate_slots.html">see
documentation</ulink>.</para></listitem>
</itemizedlist>
<itemizedlist>
<listitem><para>We use RSA2048, which is the longest key size current Yubikeys support</para></listitem>
<listitem><para>We use Yubikey key slot 9d, since that's apparently the keyslot to use for decryption purposes,
<ulink url="https://developers.yubico.com/PIV/Introduction/Certificate_slots.html">see
documentation</ulink>.</para></listitem>
</itemizedlist>
</example>
<example>
<title>FIDO2 Volume Unlocking Example</title>
<para>The FIDO2 logic allows using any compatible FIDO2 security token that implements the
<literal>hmac-secret</literal> extension for unlocking an encrypted volume. Here's an example how to
set up a FIDO2 security token for this purpose for a LUKS2 volume, using
<citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>:</para>
<programlisting><xi:include href="fido2-crypttab.sh" parse="text" /></programlisting>
</example>
<example>
<title>TPM2 Volume Unlocking Example</title>
<para>The TPM2 logic allows using any TPM2 chip supported by the Linux kernel for unlocking an
encrypted volume. Here's an example how to set up a TPM2 chip for this purpose for a LUKS2 volume,
using
<citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>:</para>
<programlisting><xi:include href="tpm2-crypttab.sh" parse="text" /></programlisting>
</example>
</refsect1>
@ -565,6 +801,7 @@ external /dev/sda3 keyfile:LABEL=keydev keyfile-timeout=10s,cipher=xchac
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-cryptsetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>mkswap</refentrytitle><manvolnum>8</manvolnum></citerefentry>,

3
man/directives-template.xml
View File

@ -94,7 +94,8 @@
</refsect1>
<refsect1>
<title><filename>/etc/crypttab</filename> and
<title><filename>/etc/crypttab</filename>,
<filename>/etc/veritytab</filename> and
<filename>/etc/fstab</filename> options</title>
<para>Options which influence mounted filesystems and encrypted volumes.</para>

10
man/fido2-crypttab.sh Normal file
View File

@ -0,0 +1,10 @@
# Enroll the security token in the LUKS2 volume. Replace /dev/sdXn by the
# partition to use (e.g. /dev/sda1).
sudo systemd-cryptenroll --fido2-device=auto /dev/sdXn
# Test: Let's run systemd-cryptsetup to test if this worked.
sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - fido2-device=auto
# If that worked, let's now add the same line persistently to /etc/crypttab,
# for the future.
sudo bash -c 'echo "mytest /dev/sdXn - fido2-device=auto" >> /etc/crypttab'

4
man/homectl.xml
View File

@ -515,7 +515,7 @@
<varlistentry>
<term><option>--tasks-max=</option><replaceable>TASKS</replaceable></term>
<listitem><para>Takes a non-zero unsigned integer as argument. Configures the maximum numer of tasks
<listitem><para>Takes a non-zero unsigned integer as argument. Configures the maximum number of tasks
(i.e. threads, where each process is at least one thread) the user may have at any given time. This
limit applies to all tasks forked off the user's sessions, even if they change user identity via
<citerefentry project='man-pages'><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry>
@ -848,7 +848,7 @@
<para>On success, 0 is returned, a non-zero failure code otherwise.</para>
</refsect1>
<xi:include href="less-variables.xml" />
<xi:include href="common-variables.xml" />
<refsect1>
<title>Examples</title>

77
man/hostname.xml
View File

@ -1,6 +1,9 @@
<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY % entities SYSTEM "custom-entities.ent" >
%entities;
]>
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="hostname">
@ -26,23 +29,65 @@
<refsect1>
<title>Description</title>
<para>The <filename>/etc/hostname</filename> file configures the
name of the local system that is set during boot using the
<citerefentry><refentrytitle>sethostname</refentrytitle><manvolnum>2</manvolnum></citerefentry>
system call. It should contain a single newline-terminated
hostname string. Comments (lines starting with a `#') are ignored.
The hostname may be a free-form string up to 64 characters in length;
however, it is recommended that it consists only of 7-bit ASCII lower-case
characters and no spaces or dots, and limits itself to the format allowed
for DNS domain name labels, even though this is not a strict
requirement.</para>
<para>The <filename>/etc/hostname</filename> file configures the name of the local system. Unless
overridden as described in the next section,
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> will set this
hostname during boot using the
<citerefentry><refentrytitle>sethostname</refentrytitle><manvolnum>2</manvolnum></citerefentry> system
call.</para>
<para>The file should contain a single newline-terminated hostname string. Comments (lines starting with
a <literal>#</literal>) are ignored. The hostname should be composed of up to 64 7-bit ASCII lower-case
alphanumeric characters or hyphens forming a valid DNS domain name. It is recommended that this name
contains only a single label, i.e. without any dots. Invalid characters will be filtered out in an
attempt to make the name valid, but obviously it is recommended to use a valid name and not rely on this
filtering.</para>
<para>You may use
<citerefentry><refentrytitle>hostnamectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
to change the value of this file during runtime from the command
line. Use
<citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>
to initialize it on mounted (but not booted) system images.</para>
<citerefentry><refentrytitle>hostnamectl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to change
the value of this file during runtime from the command line. Use
<citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry> to
initialize it on mounted (but not booted) system images.</para>
</refsect1>
<refsect1>
<title>Hostname semantics</title>
<para><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> and the
associated tools will obtain the hostname in the following ways:</para>
<itemizedlist>
<listitem><para>If the kernel commandline parameter <varname>systemd.hostname=</varname> specifies a
valid hostname,
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> will use it
to set the hostname during early boot, see
<citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
</para></listitem>
<listitem><para>Otherwise, the "static" hostname specified by <filename>/etc/hostname</filename> as
described above will be used.</para></listitem>
<listitem><para>Otherwise, a transient hostname may be set during runtime, for example based on
information in a DHCP lease, see
<citerefentry><refentrytitle>systemd-hostnamed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
Both <ulink url="https://developer.gnome.org/NetworkManager/stable/">NetworkManager</ulink> and
<citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
allow this. Note that
<citerefentry><refentrytitle>systemd-hostnamed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
gives higher priority to the static hostname, so the transient hostname will only be used if the static
hostname is not configured.</para></listitem>
<listitem><para>Otherwise, a fallback hostname configured at compilation time will be used
(<literal>&FALLBACK_HOSTNAME;</literal>).</para></listitem>
<!-- what about the "linux" fallback fallback? -->
</itemizedlist>
<para>Effectively, the static hostname has higher priority than a transient hostname, which has higher
priority than the fallback hostname. Transient hostnames are equivalent, so setting a new transient
hostname causes the previous transient hostname to be forgotten. The hostname specified on the kernel
command line is like a transient hostname, with the exception that it has higher priority when the
machine boots. Also note that those are the semantics implemented by systemd tools, but other programs
may also set the hostname.</para>
</refsect1>
<refsect1>

45
man/hostnamectl.xml
View File

@ -1,6 +1,9 @@
<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY % entities SYSTEM "custom-entities.ent" >
%entities;
]>
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="hostnamectl" conditional='ENABLE_HOSTNAMED'
@ -32,33 +35,23 @@
<refsect1>
<title>Description</title>
<para><command>hostnamectl</command> may be used to query and
change the system hostname and related settings.</para>
<para><command>hostnamectl</command> may be used to query and change the system hostname and related
settings.</para>
<para>This tool distinguishes three different hostnames: the
high-level "pretty" hostname which might include all kinds of
special characters (e.g. "Lennart's Laptop"), the static hostname
which is used to initialize the kernel hostname at boot (e.g.
"lennarts-laptop"), and the transient hostname which is a fallback
value received from network configuration. If a static hostname is
set, and is valid (something other than localhost), then the
transient hostname is not used.</para>
<para><citerefentry><refentrytitle>systemd-hostnamed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
and this tool distinguish three different hostnames: the high-level "pretty" hostname which might include
all kinds of special characters (e.g. "Lennart's Laptop"), the "static" hostname which is the
user-configured hostname (e.g. "lennarts-laptop"), and the transient hostname which is a fallback value
received from network configuration (e.g. "node12345678"). If a static hostname is set to a valid value,
then the transient hostname is not used.</para>
<para>Note that the pretty hostname has little restrictions on the characters and length used, while the static and
transient hostnames are limited to the usually accepted characters of Internet domain names, and 64 characters at
maximum (the latter being a Linux limitation).</para>
<para>The static hostname is stored in
<filename>/etc/hostname</filename>, see
<citerefentry><refentrytitle>hostname</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for more information. The pretty hostname, chassis type, and icon
name are stored in <filename>/etc/machine-info</filename>, see
<citerefentry><refentrytitle>machine-info</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
<para>Use
<citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>
to initialize the system hostname for mounted (but not booted)
system images.</para>
<citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry> to
initialize the system hostname for mounted (but not booted) system images.</para>
</refsect1>
<refsect1>
@ -86,9 +79,13 @@
still following the validity rules of the specific name. This simplification of the hostname string is not done
if only the transient and/or static hostnames are set, and the pretty hostname is left untouched.</para>
<para>Pass the empty string <literal></literal> as the
hostname to reset the selected hostnames to their default
(usually <literal>localhost</literal>).</para></listitem>
<para>The static and transient hostnames must each be either a single DNS label (a string composed of
7-bit ASCII lower-case characters and no spaces or dots, limited to the format allowed for DNS domain
name labels), or a sequence of such labels separated by single dots that forms a valid DNS FQDN. The
hostname must be at most 64 characters, which is a Linux limitation (DNS allows longer names).</para>
<para>Pass the empty string <literal></literal> as the hostname to reset the selected hostnames to
their default (usually <literal>&FALLBACK_HOSTNAME;</literal>).</para></listitem>
</varlistentry>
<varlistentry>

2
man/html.in
View File

@ -6,7 +6,7 @@ if [ -z "$1" ]; then
exit 1
fi
# make sure the rules have been regenerated (in case man/update-man-rules was just run)
# make sure the rules have been regenerated (in case update-man-rules was just run)
ninja -C "@BUILD_ROOT@" version.h
target="man/$1.html"

2
man/journalctl.xml
View File

@ -992,7 +992,7 @@
code is returned.</para>
</refsect1>
<xi:include href="less-variables.xml" />
<xi:include href="common-variables.xml" />
<refsect1>
<title>Examples</title>

8
man/journald.conf.xml
View File

@ -28,6 +28,9 @@
<para><filename>/run/systemd/journald.conf.d/*.conf</filename></para>
<para><filename>/usr/lib/systemd/journald.conf.d/*.conf</filename></para>
<para><filename>/etc/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf</filename></para>
<para><filename>/etc/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf.d/*.conf</filename></para>
<para><filename>/run/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf.d/*.conf</filename></para>
<para><filename>/usr/lib/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf.d/*.conf</filename></para>
</refsynopsisdiv>
<refsect1>
@ -41,8 +44,9 @@
<para>The <command>systemd-journald</command> instance managing the default namespace is configured by
<filename>/etc/systemd/journald.conf</filename> and associated drop-ins. Instances managing other
namespaces read <filename>/etc/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf</filename> with
the namespace identifier filled in. This allows each namespace to carry a distinct configuration. See
namespaces read <filename>/etc/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf</filename>
and associated drop-ins with the namespace identifier filled in. This allows each namespace to carry
a distinct configuration. See
<citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
for details about journal namespaces.</para>
</refsect1>

3
man/kernel-command-line.xml
View File

@ -356,11 +356,14 @@
</varlistentry>
<varlistentry>
<term><varname>veritytab=</varname></term>
<term><varname>rd.veritytab=</varname></term>
<term><varname>roothash=</varname></term>
<term><varname>systemd.verity=</varname></term>
<term><varname>rd.systemd.verity=</varname></term>
<term><varname>systemd.verity_root_data=</varname></term>
<term><varname>systemd.verity_root_hash=</varname></term>
<term><varname>systemd.verity.root_options=</varname></term>
<listitem>
<para>Configures the integrity protection root hash for the root file system, and other related
parameters. For details, see

2
man/localectl.xml
View File

@ -185,7 +185,7 @@
otherwise.</para>
</refsect1>
<xi:include href="less-variables.xml" />
<xi:include href="common-variables.xml" />
<refsect1>
<title>See Also</title>

17
man/loginctl.xml
View File

@ -334,13 +334,14 @@
<term><option>-s</option></term>
<term><option>--signal=</option></term>
<listitem><para>When used with <command>kill-session</command>
or <command>kill-user</command>, choose which signal to send
to selected processes. Must be one of the well known signal
specifiers, such as <constant>SIGTERM</constant>,
<constant>SIGINT</constant> or <constant>SIGSTOP</constant>.
If omitted, defaults to
<constant>SIGTERM</constant>.</para></listitem>
<listitem><para>When used with <command>kill-session</command> or <command>kill-user</command>,
choose which signal to send to selected processes. Must be one of the well known signal specifiers,
such as <constant>SIGTERM</constant>, <constant>SIGINT</constant> or <constant>SIGSTOP</constant>.
If omitted, defaults to <constant>SIGTERM</constant>.</para>
<para>The special value <literal>help</literal> will list the known values and the program will exit
immediately, and the special value <literal>list</literal> will list known values along with the
numerical signal numbers and the program will exit immediately.</para></listitem>
</varlistentry>
<varlistentry>
@ -414,7 +415,7 @@ Apr 09 14:40:30 laptop login[2325]: LOGIN ON tty3 BY fatima
</example>
</refsect1>
<xi:include href="less-variables.xml" />
<xi:include href="common-variables.xml" />
<refsect1>
<title>See Also</title>

22
man/machine-info.xml
View File

@ -37,12 +37,10 @@
file without implementing a shell compatible execution
engine.</para>
<para><filename>/etc/machine-info</filename> contains metadata
about the machine that is set by the user or administrator.</para>
<para>Depending on the operating system other configuration files
might be checked for machine information as well, however only as
fallback.</para>
<para><filename>/etc/machine-info</filename> contains metadata about the machine that is set by the user
or administrator. The settings configured here have the highest precedence. When not set, appropriate
values may be determined automatically, based on the information about the hardware or other
configuration files. It is thus completely fine for this file to not be present.</para>
<para>You may use
<citerefentry><refentrytitle>hostnamectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
@ -102,13 +100,11 @@
as well as the special chassis types
<literal>vm</literal> and
<literal>container</literal> for
virtualized systems that lack an immediate physical chassis.
Note that many systems allow detection of the chassis type
automatically (based on firmware information or suchlike).
This setting (if set) shall take precedence over automatically
detected information and is useful to override misdetected
configuration or to manually configure the chassis type where
automatic detection is not available.</para></listitem>
virtualized systems that lack an immediate physical chassis.</para>
<para>Note that most systems allow detection of the chassis type automatically (based on firmware
information or suchlike). This setting should only be used to override a misdetection or to manually
configure the chassis type where automatic detection is not available.</para></listitem>
</varlistentry>
<varlistentry>

14
man/machinectl.xml
View File

@ -699,17 +699,7 @@
<option>all</option>.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>-s</option></term>
<term><option>--signal=</option></term>
<listitem><para>When used with <command>kill</command>, choose
which signal to send to selected processes. Must be one of the
well-known signal specifiers, such as
<constant>SIGTERM</constant>, <constant>SIGINT</constant> or
<constant>SIGSTOP</constant>. If omitted, defaults to
<constant>SIGTERM</constant>.</para></listitem>
</varlistentry>
<xi:include href="standard-options.xml" xpointer="signal" />
<varlistentry>
<term><option>--uid=</option></term>
@ -990,7 +980,7 @@
otherwise.</para>
</refsect1>
<xi:include href="less-variables.xml" />
<xi:include href="common-variables.xml" />
<refsect1>
<title>See Also</title>

2
man/man.in
View File

@ -6,7 +6,7 @@ if [ -z "$1" ]; then
exit 1
fi
# make sure the rules have been regenerated (in case man/update-man-rules was just run)
# make sure the rules have been regenerated (in case update-man-rules was just run)
ninja -C "@BUILD_ROOT@" version.h
page="$(echo "$1" | sed 's/\./\\./')"

32
man/meson.build
View File

@ -198,38 +198,6 @@ run_target(
############################################################
if dbus_docs.length() > 0
custom_target(
'update-dbus-docs',
output : 'update-dbus-docs',
command : [update_dbus_docs_py,
'--build-dir=@0@'.format(project_build_root),
'@INPUT@'],
input : dbus_docs)
if conf.get('BUILD_MODE') == 'BUILD_MODE_DEVELOPER'
test('dbus-docs-fresh',
update_dbus_docs_py,
args : ['--build-dir=@0@'.format(project_build_root),
'--test'] + dbus_docs)
endif
endif
############################################################
if git.found()
custom_target(
'update-man-rules',
output : 'update-man-rules',
command : ['sh', '-c',
'cd @0@ && '.format(meson.build_root()) +
'python3 @0@/tools/update-man-rules.py $(git ls-files ":/man/*.xml") >t && '.format(project_source_root) +
'mv t @0@/rules/meson.build'.format(meson.current_source_dir())],
depend_files : custom_entities_ent)
endif
############################################################
configure_file(
input : 'man.in',
output : 'man',

2
man/networkctl.xml
View File

@ -104,7 +104,7 @@
<term>carrier</term>
<listitem>
<para>the link has a carrier, or for bond or bridge master, all bonding or bridge slave
network interfaces are enslaved to the master.</para>
network interfaces are enslaved to the master</para>
</listitem>
</varlistentry>
<varlistentry>

12
man/networkd.conf.xml
View File

@ -70,6 +70,18 @@
is false. Defaults to yes.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>RouteTable=</varname></term>
<listitem><para>Defines the route table name. Takes a whitespace-separated list of the pairs of
route table name and number. The route table name and number in each pair are separated with a
colon, i.e., <literal><replaceable>name</replaceable>:<replaceable>number</replaceable></literal>.
The route table name must not be <literal>default</literal>, <literal>main</literal>, or
<literal>local</literal>, as these route table names are predefined with route table number 253,
254, and 255, respectively. The route table number must be an integer in the range 1…4294967295.
This setting can be specified multiple times. If an empty string is specified, then the list
specified earlier are cleared. Defaults to unset.</para></listitem>
</varlistentry>
</variablelist>
</refsect1>

46
man/oomd.conf.xml
View File

@ -48,28 +48,40 @@
<variablelist class='config-directives'>
<varlistentry>
<term><varname>SwapUsedLimitPercent=</varname></term>
<term><varname>SwapUsedLimit=</varname></term>
<listitem><para>Sets the limit for swap usage on the system before <command>systemd-oomd</command> will
take action. If the percentage of swap used on the system is more than what is defined here,
<command>systemd-oomd</command> will act on eligible descendant cgroups, starting from the ones with the
highest swap usage to the lowest swap usage. Which cgroups are monitored and what
action gets taken depends on what the unit has configured for <varname>ManagedOOMSwap=</varname>.
Takes a percentage value between 0% and 100%, inclusive. Defaults to 90%.</para></listitem>
<listitem><para>Sets the limit for swap usage on the system before <command>systemd-oomd</command>
will take action. If the fraction of swap used on the system is more than what is defined here,
<command>systemd-oomd</command> will act on eligible descendant control groups, starting from the
ones with the highest swap usage to the lowest swap usage. Which control groups are monitored and
what action gets taken depends on what the unit has configured for
<varname>ManagedOOMSwap=</varname>. Takes a value specified in percent (when suffixed with "%"),
permille ("‰") or permyriad ("‱"), between 0% and 100%, inclusive. Defaults to 90%.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>DefaultMemoryPressureLimitPercent=</varname></term>
<term><varname>DefaultMemoryPressureLimit=</varname></term>
<listitem><para>Sets the limit for memory pressure on the unit's cgroup before <command>systemd-oomd</command>
will take action. A unit can override this value with <varname>ManagedOOMMemoryPressureLimitPercent=</varname>.
The memory pressure for this property represents the fraction of time in a 10 second window in which all tasks
in the cgroup were delayed. For each monitored cgroup, if the memory pressure on that cgroup exceeds the
limit set for more than 30 seconds, <command>systemd-oomd</command> will act on eligible descendant cgroups,
starting from the ones with the most reclaim activity to the least reclaim activity. Which cgroups are
monitored and what action gets taken depends on what the unit has configured for
<varname>ManagedOOMMemoryPressure=</varname>. Takes a percentage value between 0% and 100%, inclusive.
Defaults to 60%.</para></listitem>
<listitem><para>Sets the limit for memory pressure on the unit's control group before
<command>systemd-oomd</command> will take action. A unit can override this value with
<varname>ManagedOOMMemoryPressureLimit=</varname>. The memory pressure for this property represents
the fraction of time in a 10 second window in which all tasks in the control group were delayed. For
each monitored control group, if the memory pressure on that control group exceeds the limit set for
longer than the duration set by <varname>DefaultMemoryPressureDurationSec=</varname>,
<command>systemd-oomd</command> will act on eligible descendant control groups, starting from the
ones with the most reclaim activity to the least reclaim activity. Which control groups are monitored
and what action gets taken depends on what the unit has configured for
<varname>ManagedOOMMemoryPressure=</varname>. Takes a fraction specified in the same way as
<varname>SwapUsedLimit=</varname> above. Defaults to 60%.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>DefaultMemoryPressureDurationSec=</varname></term>
<listitem><para>Sets the amount of time a unit's control group needs to have exceeded memory pressure
limits before <command>systemd-oomd</command> will take action. Memory pressure limits are defined by
<varname>DefaultMemoryPressureLimit=</varname> and <varname>ManagedOOMMemoryPressureLimit=</varname>.
Defaults to 30 seconds when this property is unset or set to 0.</para></listitem>
</varlistentry>
</variablelist>

123
man/org.freedesktop.hostname1.xml
View File

@ -62,6 +62,9 @@ node /org/freedesktop/hostname1 {
readonly s Hostname = '...';
readonly s StaticHostname = '...';
readonly s PrettyHostname = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s DefaultHostname = '...';
readonly s HostnameSource = '...';
readonly s IconName = '...';
readonly s Chassis = '...';
readonly s Deployment = '...';
@ -78,6 +81,10 @@ node /org/freedesktop/hostname1 {
readonly s OperatingSystemCPEName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s HomeURL = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s HardwareVendor = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s HardwareModel = '...';
};
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
@ -85,6 +92,10 @@ node /org/freedesktop/hostname1 {
};
</programlisting>
<!--property HardwareVendor is not documented!-->
<!--property HardwareModel is not documented!-->
<!--Autogenerated cross-references for systemd.directives, do not edit-->
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.hostname1"/>
@ -113,6 +124,10 @@ node /org/freedesktop/hostname1 {
<variablelist class="dbus-property" generated="True" extra-ref="PrettyHostname"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultHostname"/>
<variablelist class="dbus-property" generated="True" extra-ref="HostnameSource"/>
<variablelist class="dbus-property" generated="True" extra-ref="IconName"/>
<variablelist class="dbus-property" generated="True" extra-ref="Chassis"/>
@ -133,6 +148,10 @@ node /org/freedesktop/hostname1 {
<variablelist class="dbus-property" generated="True" extra-ref="HomeURL"/>
<variablelist class="dbus-property" generated="True" extra-ref="HardwareVendor"/>
<variablelist class="dbus-property" generated="True" extra-ref="HardwareModel"/>
<!--End of Autogenerated section-->
<para>Whenever the hostname or other metadata is changed via the daemon,
@ -144,55 +163,63 @@ node /org/freedesktop/hostname1 {
<refsect1>
<title>Semantics</title>
<para>The <emphasis>static (configured) hostname</emphasis> is the one configured in
<filename>/etc/hostname</filename>. It is chosen by the local user. It is not always in sync with the
current hostname as returned by the
<para>The <varname>StaticHostname</varname> property exposes the "static" hostname configured in
<filename>/etc/hostname</filename>. It is not always in sync with the current hostname as returned by the
<citerefentry project="man-pages"><refentrytitle>gethostname</refentrytitle><manvolnum>3</manvolnum></citerefentry>
system call. If no hostname is configured this property will be the empty string. Setting this property
to the empty string will remove <filename>/etc/hostname</filename>. This property should be an
internet-style hostname, 7-bit lowercase ASCII, no special chars/spaces.</para>
system call. If no static hostname is configured this property will be the empty string.</para>
<para>The <emphasis>transient (dynamic) hostname</emphasis> is the one configured via the kernel's
<para>When <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> or
<citerefentry><refentrytitle>systemd-hostnamed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
set the hostname, this static hostname <emphasis>has the highest priority</emphasis>.</para>
<para>The <varname>Hostname</varname> property exposes the actual hostname configured in the kernel via
<citerefentry project="man-pages"><refentrytitle>sethostname</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
It can be different from the static hostname if DHCP or mDNS have been configured to change the name
based on network information. <!-- FIXME: it's not DHCP that configures this... -->
This property is never empty. If no hostname is set this will default to
<literal>&FALLBACK_HOSTNAME;</literal> (configurable at compilation time). Setting this property to the
empty string will reset the dynamic hostname to the static hostname. If no static hostname is
configured the dynamic hostname will be reset to <literal>&FALLBACK_HOSTNAME;</literal>. This property
should be an internet-style hostname, 7-bit lowercase ASCII, no special chars/spaces.</para>
It can be different from the static hostname. This property is never empty.</para>
<para>The <emphasis>pretty hostname</emphasis> is a free-form UTF-8 hostname for presentation to the
user. User interfaces should ensure that the pretty hostname and the static hostname stay in sync.
I.e. when the former is <literal>Lennarts Computer</literal> the latter should be
<literal>lennarts-computer</literal>. If no pretty hostname is set this setting will be the empty
string. Applications should then find a suitable fallback, such as the dynamic hostname.</para>
<para>The <varname>PrettyHostname</varname> property exposes the <emphasis>pretty hostname</emphasis>
which is a free-form UTF-8 hostname for presentation to the user. User interfaces should ensure that the
pretty hostname and the static hostname stay in sync. E.g. when the former is <literal>Lennarts
Computer</literal> the latter should be <literal>lennarts-computer</literal>. If no pretty hostname is
set this setting will be the empty string. Applications should then find a suitable fallback, such as the
dynamic hostname.</para>
<para>The <emphasis>icon name</emphasis> is a name following the XDG icon naming spec. If not set,
information such as the chassis type (see below) is used to find a suitable fallback icon name
(i.e. <literal>computer-laptop</literal> vs. <literal>computer-desktop</literal> is picked based on the
chassis information). If no such data is available, the empty string is returned. In that case an application
should fall back to a replacement icon, for example <literal>computer</literal>. If this property is set
to the empty string, the automatic fallback name selection is enabled again.</para>
<para>The <varname>DefaultHostname</varname> property exposes the default hostname (configured through
<citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry>, or a
fallback set at compilation time).</para>
<para>The <emphasis>chassis type</emphasis> should be one of the currently defined chassis types:
<literal>desktop</literal>, <literal>laptop</literal>, <literal>server</literal>,
<literal>tablet</literal>, <literal>handset</literal>, as well as the special chassis types
<literal>vm</literal> and <literal>container</literal> for virtualized systems. Note that in most cases
the chassis type will be determined automatically from DMI/SMBIOS/ACPI firmware information. Writing to
this setting is hence useful only to override misdetected chassis types, or to configure the chassis type if
it could not be auto-detected. Set this property to the empty string to reenable the automatic detection of
the chassis type from firmware information.</para>
<para>The <varname>HostnameSource</varname> property exposes the origin of the currently configured
hostname. One of <literal>static</literal> (set from <filename>/etc/hostname</filename>),
<literal>transient</literal> (a non-permanent hostname from an external source),
<literal>default</literal> (the value from <filename>os-release</filename> or the the compiled-in
fallback).</para>
<para>The <varname>IconName</varname> property exposes the <emphasis>icon name</emphasis> following the
XDG icon naming spec. If not set, information such as the chassis type (see below) is used to find a
suitable fallback icon name (i.e. <literal>computer-laptop</literal>
vs. <literal>computer-desktop</literal> is picked based on the chassis information). If no such data is
available, the empty string is returned. In that case an application should fall back to a replacement
icon, for example <literal>computer</literal>. If this property is set to the empty string, the automatic
fallback name selection is enabled again.</para>
<para>The <varname>Chassis</varname> property exposes a <emphasis>chassis type</emphasis>, one of the
currently defined chassis types: <literal>desktop</literal>, <literal>laptop</literal>,
<literal>server</literal>, <literal>tablet</literal>, <literal>handset</literal>, as well as the special
chassis types <literal>vm</literal> and <literal>container</literal> for virtualized systems. Note that
in most cases the chassis type will be determined automatically from DMI/SMBIOS/ACPI firmware
information. Writing to this setting is hence useful only to override misdetected chassis types, or to
configure the chassis type if it could not be auto-detected. Set this property to the empty string to
reenable the automatic detection of the chassis type from firmware information.</para>
<para>Note that <filename>systemd-hostnamed</filename> starts only on request and terminates after a
short idle period. This effectively means that <function>PropertyChanged</function> messages are not sent
out for changes made directly on the files (as in: administrator edits the files with vi). This is
the intended behavior: manual configuration changes should require manual reloading.</para>
<para>The transient (dynamic) hostname maps directly to the kernel hostname. This hostname should be
assumed to be highly dynamic, and hence should be watched directly, without depending on
<function>PropertyChanged</function> messages from <filename>systemd-hostnamed</filename>. To accomplish
this, open <filename>/proc/sys/kernel/hostname</filename> and
<para>The transient (dynamic) hostname exposed by the <varname>Hostname</varname> property maps directly
to the kernel hostname. This hostname should be assumed to be highly dynamic, and hence should be watched
directly, without depending on <function>PropertyChanged</function> messages from
<filename>systemd-hostnamed</filename>. To accomplish this, open
<filename>/proc/sys/kernel/hostname</filename> and
<citerefentry project="man-pages"><refentrytitle>poll</refentrytitle><manvolnum>3</manvolnum></citerefentry>
for <constant>SIGHUP</constant> which is triggered by the kernel every time the hostname changes. Again:
this is special for the transient (dynamic) hostname, and does not apply to the configured (fixed)
@ -206,15 +233,17 @@ node /org/freedesktop/hostname1 {
for that. For more information on these files and syscalls see the respective man pages.</para>
<refsect2>
<title>Methods and Properties</title>
<title>Methods</title>
<para><function>SetHostname()</function> sets the transient (dynamic) hostname which is exposed by the
<varname>Hostname</varname> property. If empty, the transient hostname is set to the static hostname.
</para>
<para><function>SetHostname()</function> sets the transient (dynamic) hostname, which is used if no
static hostname is set. This value must be an internet-style hostname, 7-bit lowercase ASCII, no
special chars/spaces. An empty string will unset the transient hostname.</para>
<para><function>SetStaticHostname()</function> sets the static hostname which is exposed by the
<varname>StaticHostname</varname> property. If empty, the built-in default of
<literal>&FALLBACK_HOSTNAME;</literal> is used.</para>
<varname>StaticHostname</varname> property. When called with an empty argument, the static
configuration in <filename>/etc/hostname</filename> is removed. Since the static hostname has the
highest priority, calling this function usually affects also the <varname>Hostname</varname> property
and the effective hostname configured in the kernel.</para>
<para><function>SetPrettyHostname()</function> sets the pretty hostname which is exposed by the
<varname>PrettyHostname</varname> property.</para>
@ -287,10 +316,6 @@ node /org/freedesktop/hostname1 {
with <citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
</para>
<para>A client that wants to change the local hostname for DHCP/mDNS should invoke
<code>SetHostname("newname", false)</code> as soon as the name is available and afterwards reset it via
<code>SetHostname("")</code>.</para>
<para>Here are some recommendations to follow when generating a static (internet) hostname from a pretty
name:
<itemizedlist>
@ -309,8 +334,8 @@ node /org/freedesktop/hostname1 {
<listitem><para>Limit the hostname to 63 chars, which is the length of a DNS label.</para></listitem>
<listitem><para>If after stripping special chars the empty string is the result, you can pass this
as-is to <filename>systemd-hostnamed</filename> in which case it will automatically use
<literal>&FALLBACK_HOSTNAME;</literal>.</para></listitem>
as-is to <filename>systemd-hostnamed</filename> in which case it will automatically use a suitable
fallback.</para></listitem>
<listitem><para>Uppercase charaacters should be replaced with their lowercase equivalents.
</para></listitem>

36
man/org.freedesktop.login1.xml
View File

@ -102,12 +102,19 @@ node /org/freedesktop/login1 {
in b interactive);
FlushDevices(in b interactive);
PowerOff(in b interactive);
PowerOffWithFlags(in t flags);
Reboot(in b interactive);
RebootWithFlags(in t flags);
Halt(in b interactive);
HaltWithFlags(in t flags);
Suspend(in b interactive);
SuspendWithFlags(in t flags);
Hibernate(in b interactive);
HibernateWithFlags(in t flags);
HybridSleep(in b interactive);
HybridSleepWithFlags(in t flags);
SuspendThenHibernate(in b interactive);
SuspendThenHibernateWithFlags(in t flags);
CanPowerOff(out s result);
CanReboot(out s result);
CanHalt(out s result);
@ -291,18 +298,32 @@ node /org/freedesktop/login1 {
<variablelist class="dbus-method" generated="True" extra-ref="PowerOff()"/>
<variablelist class="dbus-method" generated="True" extra-ref="PowerOffWithFlags()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Reboot()"/>
<variablelist class="dbus-method" generated="True" extra-ref="RebootWithFlags()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Halt()"/>
<variablelist class="dbus-method" generated="True" extra-ref="HaltWithFlags()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Suspend()"/>
<variablelist class="dbus-method" generated="True" extra-ref="SuspendWithFlags()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Hibernate()"/>
<variablelist class="dbus-method" generated="True" extra-ref="HibernateWithFlags()"/>
<variablelist class="dbus-method" generated="True" extra-ref="HybridSleep()"/>
<variablelist class="dbus-method" generated="True" extra-ref="HybridSleepWithFlags()"/>
<variablelist class="dbus-method" generated="True" extra-ref="SuspendThenHibernate()"/>
<variablelist class="dbus-method" generated="True" extra-ref="SuspendThenHibernateWithFlags()"/>
<variablelist class="dbus-method" generated="True" extra-ref="CanPowerOff()"/>
<variablelist class="dbus-method" generated="True" extra-ref="CanReboot()"/>
@ -525,8 +546,19 @@ node /org/freedesktop/login1 {
using an RTC timer and hibernated. The only argument is the polkit interactivity boolean
<varname>interactive</varname> (see below). The main purpose of these calls is that they enforce
polkit policy and hence allow powering off/rebooting/suspending/hibernating even by unprivileged
users. They also enforce inhibition locks. UIs should expose these calls as the primary mechanism to
poweroff/reboot/suspend/hibernate the machine.</para>
users. They also enforce inhibition locks for non-privileged users. UIs should expose these calls
as the primary mechanism to poweroff/reboot/suspend/hibernate the machine. Methods
<function>PowerOffWithFlags()</function>, <function>RebootWithFlags()</function>,
<function>HaltWithFlags()</function>, <function>SuspendWithFlags()</function>,
<function>HibernateWithFlags()</function>, <function>HybridSleepWithFlags()</function> and
<function>SuspendThenHibernateWithFlags()</function> add <varname>flags</varname> to allow for
extendability, defined as follows:</para>
<programlisting>
#define SD_LOGIND_ROOT_CHECK_INHIBITORS (UINT64_C(1) &lt;&lt; 0)
</programlisting>
<para> When the <varname>flags</varname> is 0 then these methods behave just like the versions
without flags. When <constant>SD_LOGIND_ROOT_CHECK_INHIBITORS</constant> (0x01) is set, active
inhibitors are honoured for privileged users too.</para>
<para><function>SetRebootParameter()</function> sets a parameter for a subsequent reboot operation.
See the description of <command>reboot</command> in

427
man/org.freedesktop.portable1.xml Normal file
View File

@ -0,0 +1,427 @@
<?xml version='1.0'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" >
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="org.freedesktop.portable1" conditional='ENABLE_PORTABLED'
xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>org.freedesktop.portable1</title>
<productname>systemd</productname>
</refentryinfo>
<refmeta>
<refentrytitle>org.freedesktop.portable1</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv>
<refname>org.freedesktop.portable1</refname>
<refpurpose>The D-Bus interface of systemd-portabled</refpurpose>
</refnamediv>
<refsect1>
<title>Introduction</title>
<para>
<citerefentry><refentrytitle>systemd-portabled.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
is a system service that may be used to attach, detach and inspect portable services. This page describes the
D-Bus interface.</para>
</refsect1>
<refsect1>
<title>The Manager Object</title>
<para>The service exposes the following interfaces on the Manager object on the bus:</para>
<programlisting executable="systemd-portabled" node="/org/freedesktop/portable1" interface="org.freedesktop.portable1.Manager">
node /org/freedesktop/portable1 {
interface org.freedesktop.portable1.Manager {
methods:
GetImage(in s image,
out o object);
ListImages(out a(ssbtttso) UNNAMED);
GetImageOSRelease(in s image,
out a{ss} os_release);
GetImageMetadata(in s image,
in as matches,
out s image,
out ay os_release,
out a{say} units);
GetImageState(in s image,
out s state);
AttachImage(in s image,
in as matches,
in s profile,
in b runtime,
in s copy_mode,
out a(sss) changes);
DetachImage(in s image,
in b runtime,
out a(sss) changes);
ReattachImage(in s image,
in as matches,
in s profile,
in b runtime,
in s copy_mode,
out a(sss) changes_removed,
out a(sss) changes_updated);
RemoveImage(in s image);
MarkImageReadOnly(in s image,
in b read_only);
SetImageLimit(in s image,
in t limit);
SetPoolLimit(in t limit);
properties:
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s PoolPath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t PoolUsage = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t PoolLimit = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as Profiles = ['...', ...];
};
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
};
</programlisting>
<!--Autogenerated cross-references for systemd.directives, do not edit-->
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.portable1.Manager"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.portable1.Manager"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetImage()"/>
<variablelist class="dbus-method" generated="True" extra-ref="ListImages()"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetImageOSRelease()"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetImageMetadata()"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetImageState()"/>
<variablelist class="dbus-method" generated="True" extra-ref="AttachImage()"/>
<variablelist class="dbus-method" generated="True" extra-ref="DetachImage()"/>
<variablelist class="dbus-method" generated="True" extra-ref="ReattachImage()"/>
<variablelist class="dbus-method" generated="True" extra-ref="RemoveImage()"/>
<variablelist class="dbus-method" generated="True" extra-ref="MarkImageReadOnly()"/>
<variablelist class="dbus-method" generated="True" extra-ref="SetImageLimit()"/>
<variablelist class="dbus-method" generated="True" extra-ref="SetPoolLimit()"/>
<variablelist class="dbus-property" generated="True" extra-ref="PoolPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="PoolUsage"/>
<variablelist class="dbus-property" generated="True" extra-ref="PoolLimit"/>
<variablelist class="dbus-property" generated="True" extra-ref="Profiles"/>
<!--End of Autogenerated section-->
<refsect2>
<title>Methods</title>
<para><function>GetImage()</function> may be used to get the image object path of the image with the
specified name.</para>
<para><function>ListImages()</function> returns an array of all currently known images. The
structures in the array consist of the following fields: image name, type, read-only flag, creation
time, modification time, current disk space, usage and image object path.</para>
<para><function>GetImageOSRelease()</function> retrieves the OS release information of an image.
This method returns an array of key value pairs read from the
<citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry> file in
the image and is useful to identify the operating system used in a portable service.</para>
<para><function>GetImageMetadata()</function> retrieves metadata associated with an image.
This method returns the image name, the image's <citerefentry><refentrytitle>os-release</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> content in the form of a (streamable) array of bytes,
and a list of portable units contained in the image, in the form of a string (unit name) and
an array of bytes with the content.</para>
<para><function>GetImageState()</function> retrieves the image state as one of the following
strings:
<itemizedlist>
<listitem><para>detached</para></listitem>
<listitem><para>attached</para></listitem>
<listitem><para>attached-runtime</para></listitem>
<listitem><para>enabled</para></listitem>
<listitem><para>enabled-runtime</para></listitem>
<listitem><para>running</para></listitem>
<listitem><para>running-runtime</para></listitem>
</itemizedlist></para>
<para><function>AttachImage()</function> attaches a portable image to the system.
This method takes an image path or name, a list of strings that will be used to search for
unit files inside the image (partial or complete matches), a string indicating which
portable profile to use for the image (see <varname>Profiles</varname> property for
a list of available profiles), a boolean indicating whether to attach the image only
for the current boot session, and a string representing the preferred copy mode
(whether to copy the image or to just symlink it) with the following possible values:
<itemizedlist>
<listitem><para>(null)</para></listitem>
<listitem><para>copy</para></listitem>
<listitem><para>symlink</para></listitem>
</itemizedlist>
This method returns the list of changes applied to the system (for example, which unit was
added and is now available as a system service). Each change is represented as a triplet of
strings: the type of change applied, the path on which it was applied, and the source
(if any). The type of change applied will be one of the following possible values:
<itemizedlist>
<listitem><para>copy</para></listitem>
<listitem><para>symlink</para></listitem>
<listitem><para>write</para></listitem>
<listitem><para>mkdir</para></listitem>
</itemizedlist>
Note that an image cannot be attached if a unit that it contains is already present
on the system.</para>
<para><function>DetachImage()</function> detaches a portable image from the system.
This method takes an image path or name, and a boolean indicating whether the image to
detach was attached only for the current boot session or persistently. This method
returns the list of changes applied to the system (for example, which unit was removed
and is no longer available as a system service). Each change is represented as a triplet of
strings: the type of change applied, the path on which it was applied, and the source
(if any). The type of change applied will be one of the following possible values:
<itemizedlist>
<listitem><para>unlink</para></listitem>
</itemizedlist>
Note that an image cannot be detached if a unit that it contains is running.</para>
<para><function>ReattachImage()</function> combines the effects of the
<function>AttachImage()</function> method and the <function>DetachImage()</function> method.
The difference is that it is allowed to reattach an image while one or more of its units
are running. The reattach operation will fail if no matching image is attached.
The input parameters match the <function>AttachImage()</function> method, and the return
parameters are the combination of the return parameters of the
<function>DetachImage()</function> method (first array, units that were removed) and the
<function>AttachImage()</function> method (second array, units that were updated or added).</para>
<para><function>RemoveImage()</function> removes the image with the specified name.</para>
<para><function>MarkImageReadOnly()</function> toggles the read-only flag of an image.</para>
<para><function>SetPoolLimit()</function> sets an overall quota limit on the pool of images.</para>
<para><function>SetImageLimit()</function> sets a per-image quota limit.</para>
</refsect2>
<refsect2>
<title>Properties</title>
<para><varname>PoolPath</varname> specifies the file system path where images are written to.</para>
<para><varname>PoolUsage</varname> specifies the current usage size of the image pool in bytes.</para>
<para><varname>PoolLimit</varname> specifies the size limit of the image pool in bytes.</para>
<para><varname>Profiles</varname> specifies the available runtime profiles for portable services.</para>
</refsect2>
</refsect1>
<refsect1>
<title>The Image Object</title>
<para>The service exposes the following interfaces on the Image object on the bus:</para>
<programlisting executable="systemd-portabled" node="/org/freedesktop/portable1" interface="org.freedesktop.portable1.Image">
node /org/freedesktop/portable1 {
interface org.freedesktop.portable1.Image {
methods:
GetOSRelease(out a{ss} UNNAMED);
GetMetadata(in as matches,
out s image,
out ay os_release,
out a{say} units);
GetState(out s UNNAMED);
Attach(in as matches,
in s profile,
in b runtime,
in s copy_mode,
out a(sss) changes);
Detach(in b runtime,
out a(sss) changes);
Reattach(in as matches,
in s profile,
in b runtime,
in s copy_mode,
out a(sss) changes_removed,
out a(sss) changes_updated);
Remove();
MarkReadOnly(in b read_only);
SetLimit(in t limit);
properties:
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s Name = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s Path = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s Type = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b ReadOnly = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CreationTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t ModificationTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t Usage = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t Limit = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t UsageExclusive = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t LimitExclusive = ...;
};
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
};
</programlisting>
<!--method GetOSRelease is not documented!-->
<!--method GetMetadata is not documented!-->
<!--method GetState is not documented!-->
<!--method Attach is not documented!-->
<!--method Detach is not documented!-->
<!--method Reattach is not documented!-->
<!--method Remove is not documented!-->
<!--method MarkReadOnly is not documented!-->
<!--method SetLimit is not documented!-->
<!--Autogenerated cross-references for systemd.directives, do not edit-->
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.portable1.Image"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.portable1.Image"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetOSRelease()"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetMetadata()"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetState()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Attach()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Detach()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Reattach()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Remove()"/>
<variablelist class="dbus-method" generated="True" extra-ref="MarkReadOnly()"/>
<variablelist class="dbus-method" generated="True" extra-ref="SetLimit()"/>
<variablelist class="dbus-property" generated="True" extra-ref="Name"/>
<variablelist class="dbus-property" generated="True" extra-ref="Path"/>
<variablelist class="dbus-property" generated="True" extra-ref="Type"/>
<variablelist class="dbus-property" generated="True" extra-ref="ReadOnly"/>
<variablelist class="dbus-property" generated="True" extra-ref="CreationTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="ModificationTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="Usage"/>
<variablelist class="dbus-property" generated="True" extra-ref="Limit"/>
<variablelist class="dbus-property" generated="True" extra-ref="UsageExclusive"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitExclusive"/>
<!--End of Autogenerated section-->
<refsect2>
<title>Methods</title>
<para>The following methods implement the same operation as the respective methods on the
<interfacename>Manager</interfacename> object (see above). However, these methods operate on the image
object and hence does not take an image name parameter. Invoking the methods directly on the Manager
object has the advantage of not requiring a <function>GetImage()</function> call to get the image object
for a specific image name. Calling the methods on the Manager object is hence a round trip
optimization. List of methods:
<itemizedlist>
<listitem><para>GetOSRelease()</para></listitem>
<listitem><para>GetMetadata()</para></listitem>
<listitem><para>GetState()</para></listitem>
<listitem><para>Attach()</para></listitem>
<listitem><para>Detach()</para></listitem>
<listitem><para>Reattach()</para></listitem>
<listitem><para>Remove()</para></listitem>
<listitem><para>MarkReadOnly()</para></listitem>
<listitem><para>SetLimit()</para></listitem>
</itemizedlist></para>
</refsect2>
<refsect2>
<title>Properties</title>
<para><varname>Name</varname> specifies the image name.</para>
<para><varname>Path</varname> specifies the file system path where image is stored.</para>
<para><varname>Type</varname> specifies the image type.</para>
<para><varname>ReadOnly</varname> specifies whether the image is read-only.</para>
<para><varname>CreationTimestamp</varname> specifies the image creation timestamp.</para>
<para><varname>ModificationTimestamp</varname> specifies the image modification timestamp.</para>
<para><varname>Usage</varname> specifies the image disk usage.</para>
<para><varname>Limit</varname> specifies the image disk usage limit.</para>
<para><varname>UsageExclusive</varname> specifies the image disk usage (exclusive).</para>
<para><varname>LimitExclusive</varname> specifies the image disk usage limit (exclusive).</para>
</refsect2>
</refsect1>
<refsect1>
<title>Versioning</title>
<para>These D-Bus interfaces follow <ulink url="http://0pointer.de/blog/projects/versioning-dbus.html">
the usual interface versioning guidelines</ulink>.</para>
</refsect1>
</refentry>

2
man/org.freedesktop.resolve1.xml
View File

@ -329,7 +329,7 @@ node /org/freedesktop/resolve1 {
<listitem><para>Alternatively, leave both the service name and type empty and specify the full
domain name of the SRV record (i.e. prefixed with the service type) in the domain parameter. (No IDNA
coversion is applied in this mode.)</para></listitem>
conversion is applied in this mode.)</para></listitem>
</orderedlist>
<para>The <varname>family</varname> parameter of the <function>ResolveService()</function> method encodes

Some files were not shown because too many files have changed in this diff Show More