Michael Biebl [Fri, 10 Apr 2020 08:52:45 +0000 (10:52 +0200)]
user-util: rework how we validate user names
This reworks the user validation infrastructure. There are now two
modes. In regular mode we are strict and test against a strict set of
valid chars. And in "relaxed" mode we just filter out some really
obvious, dangerous stuff. i.e. strict is whitelisting what is OK, but
"relaxed" is blacklisting what is really not OK.
The idea is that we use strict mode whenever we allocate a new user,
while "relaxed" mode is used when we process users registered elsewhere.
Balint Reczey [Tue, 19 Nov 2019 15:12:22 +0000 (16:12 +0100)]
Ship systemd-timesyncd in a separate package
The new systemd-timesyncd package conflicting with other NTP-related
packages resolves the problems arising when installing systemd-timesyncd
and other NTP servers on the same system.
Co-authored-by: Michael Biebl <biebl@debian.org>
LP: #1849156 Closes: #805927, #947936
Michael Biebl [Thu, 2 Apr 2020 09:51:20 +0000 (11:51 +0200)]
Revert "Enable seccomp support on riscv64"
This requires further changes to the source code and a newer, not yet
officially released, libseccomp. Since this complicates backports revert
this change for the time being.
Dan Streetman [Mon, 10 Feb 2020 16:49:04 +0000 (11:49 -0500)]
d/t/logind: use grep -s when checking /sys/power/state
Some kernels in Ubuntu (e.g. linux-kvm) do not enable CONFIG_PM, which
results in stderr output when the logind test tries to grep the power
state file, causing the test to fail. The test already handles skipping
the test if suspend isn't supported, so just use -s to suppress grep
from printing to stderr if the file doesn't exist.
Michael Biebl [Thu, 12 Mar 2020 12:40:15 +0000 (13:40 +0100)]
Revert "job: Don't mark as redundant if deps are relevant"
This change negatively affects plymouth which was no longer properly
stopped after the system has completed booting. The running plymouth
daemon can trigger a VT switch (to tty1).
Michael Biebl [Fri, 7 Feb 2020 17:56:53 +0000 (18:56 +0100)]
Bump Standards-Version to 4.5.0
While systemd is creating new user accounts, upstream has no plans to
follow the new policy recommendation to use a leading underscore for
user names/groups. We won't be diverging from upstream here.
Document that 73-usb-net-by-mac.link needs to be masked together with
99-default.link to disable the systemd naming scheme and keep the
kernel-provided interface names.
Michael Biebl [Fri, 31 Jan 2020 09:37:48 +0000 (10:37 +0100)]
Fix processing of dpkg triggers in systemd
We need to use $@ instead of "$@" so we can iterate through the
individual trigger names which are passed as a space separated list in
the second argument.
Helmut Grohne [Sat, 11 Jan 2020 20:09:45 +0000 (21:09 +0100)]
Annotate dbus build dependency with <!noinsttest>
The dbus library is needed for building tests. As such it must be
present unless we disable both build time and installed tests.
Previously, building with the nocheck profile worked, but it didn't
reproduce a regular build.
Michael Biebl [Mon, 2 Dec 2019 16:24:28 +0000 (17:24 +0100)]
Move libpam-systemd Recommends from systemd to systemd-sysv
libpam-systemd is only really useful if systemd is PID 1 and the systemd
package should be installable without affecting another installed init
system.
Michael Biebl [Mon, 2 Dec 2019 16:15:23 +0000 (17:15 +0100)]
Make it easier to override MAC based name policy for USB network adapters
Replace 73-usb-net-by-mac.rules with 73-usb-net-by-mac.link. The .link
file provides the same functionality but makes it easier to set a custom
name for USB network adapters via the systemd.link mechanism.
Michael Biebl [Sun, 1 Dec 2019 13:23:31 +0000 (14:23 +0100)]
Add lintian override for systemd-container
systemd-nspawn@.service triggers a
systemd-service-file-refers-to-unusual-wantedby-target warning but
nspawn containers are supposed to be started via machines.target.
Michael Biebl [Sun, 1 Dec 2019 13:20:36 +0000 (14:20 +0100)]
Add lintian override for udev
60-autosuspend-chromiumos.rules triggers a udev-rule-missing-subsystem
warning. This is a false positive, as SUBSYSTEM is tested at the
beginning of the rules file.
Michael Biebl [Tue, 19 Nov 2019 08:16:27 +0000 (09:16 +0100)]
udev: drop SystemCallArchitectures=native from systemd-udevd.service
We can't really control what helper programs are run from other udev
rules. E.g. running i386 binaries under amd64 is a valid use case and
should not trigger a SIGSYS failure.
projects / systemd.git / log