The upstream default, DNSSEC=allow-downgrade can lead to compatibility
issues with certain network access points. Previously, DNSSEC support
was only turned off when built for a stable Debian release, but it is
safer and more consistent to just generally change the default to
DNSSEC=no.
Closes: #959996
The block device rules were split out from 60-persistent-storage.rules
into its own rules file in v220. Those rules ensure that change events
are emitted and the udev db is updated after metadata changes.
Closes: #958397
Thanks: Pascal Hambourg
- network: add a flag to ignore gateway provided by DHCP server
- userdb: when doing client-side NSS look-ups optionally avoid shadow look-ups
- nss-systemd: don't synthesize root/nobody when iterating
- core: make sure we don't get confused when setting TERM for a tty fd
- core: make sure to restore the control command id, too
If the /{etc,lib}/systemd/network directory itself is a symlink, the find
command will not actually find any of the files in the dir it links to.
Use the find -L param to follow symlinks.
Note that the -L does not need to be provided to the cp command, as when
using only the -p parameter symlinks are followed by default. Also,
the [ -d ] test follows symlinks by default, and does not need changing.
LP: #1868892
This reworks the user validation infrastructure. There are now two
modes. In regular mode we are strict and test against a strict set of
valid chars. And in "relaxed" mode we just filter out some really
obvious, dangerous stuff. i.e. strict is whitelisting what is OK, but
"relaxed" is blacklisting what is really not OK.
The idea is that we use strict mode whenever we allocate a new user,
while "relaxed" mode is used when we process users registered elsewhere.
Closes: #955541
The new systemd-timesyncd package conflicting with other NTP-related
packages resolves the problems arising when installing systemd-timesyncd
and other NTP servers on the same system.
Co-authored-by: Michael Biebl <biebl@debian.org>
LP: #1849156Closes: #805927, #947936
This requires further changes to the source code and a newer, not yet
officially released, libseccomp. Since this complicates backports revert
this change for the time being.
Some kernels in Ubuntu (e.g. linux-kvm) do not enable CONFIG_PM, which
results in stderr output when the logind test tries to grep the power
state file, causing the test to fail. The test already handles skipping
the test if suspend isn't supported, so just use -s to suppress grep
from printing to stderr if the file doesn't exist.
This change negatively affects plymouth which was no longer properly
stopped after the system has completed booting. The running plymouth
daemon can trigger a VT switch (to tty1).
Closes: #953670
