We'll soon have three different kind of interactive "wizard"-like console
UIs: systemd-firstboot, homectl firstboot and soon systemd-sysinstall.
Let's give them a limited, recognizable visual identity, to distinguish
them from the usual console output: let's add a bit of "chrome" to the
top and bottom of the screen, that we show during ther wizards, but hide
again afterwards.
This makes use of the DECSTBM sequence that reduces the scrolling area
by chopping off blocks from the top or bottom of the screen. The
sequence is quite standard, given it has been part of VT100 already.
xterm, vte, Linux console all support it just fine.
Current methods take a numeric PID, but we know that is unreliable for
the usual reasons. Add variants that take a PIDFD instead, or a
PID + PIDFDID combination for remote users.
let's place the cursor at the beginning of the line before/after, so we
know it's the first char we overwrite, and we return to the front again
right after.
So, UEFI's color texting is a bit weird. It translates everything to
ANSI sequences, but unlike ANSI sequences it has no understanding of a
distinct "default" bg/fg color, it assumes the ansi color "0" is always
equal to white on black, but that's of course not really true, most
terminal emulators at the very least support white background too.
tianocore then also tries to be smart and suppresses ANSI color changes
from a color to itself. But if the understanding of the color is wrong
in the first place, then any color change suppression like this hurts
more than it helps.
Then in addition there are certain terminal tools that will reset the bg
color on every line break ("less" for example) to the default.
Let's deal with that and improve the situation on all fronts:
1. force out color changes by doing two color changes whenever we really
want it.
2. on every newline force out the color change again.
with this in place, using sd-boot on a terminal emulator is a lot nicer.
This also drops space between number and 's', like we do in format_timespan(),
and fixes spurious type mismatch between timeout_sec and timeout_remain.
Let's never bother with old TPM 1.x structures, they are not mentioned
in the TCG for TPM2 spec at all. However, the spec does say we should
check the Size field of the relevant structs, before accessing them,
hence do that.
Use that to determine the version of the protocol, before accessing
GetActiveBanks().
Alternative to: #39034Fixes: #38932
Follow-up to: 6eab4cd44c
Add support for generating names like wldN based on DeviceTree aliases.
DeviceTree alias names follow de facto conventions. As of writing, there
are so far two ways WLAN devices are represented in DeviceTree aliases
in upstream Linux DTS files:
- Firstly, as wifi0, used for example in t600x-j314-j316.dtsi
- Secondly, as ethernet0 or ethernet1, used for example in
sun8i-q8-common.dtsi, with a comment saying the reason is to "Make
u-boot set mac-address for wifi without an eeprom"
So we need to handle both while generating names. Refactor most of the
logic in names_devicetree() into a helper
names_devicetree_alias_prefix() that takes an alias_prefix instead of
hardcoding "ethernet", and, in the new names_devicetree():
- For prefix "en", use alias_prefix "ethernet"
- For prefix "wl", try alias_prefix "wifi" first, and if that was not
found, fall back to alias_prefix "ethernet"
Since this is a naming scheme change, also gate this behind
NAMING_DEVICETREE_ALIASES_WLAN and NAMING_V259, and document this
change.
I initially didn't think it would be worth doing this, but I changed my
mind. People out there quite successfully build systemd without ACL
support, and that suggests life without it is quite possible. Moreover
we only use it as very specific places:
1. in udev/logind for "uaccess" mgmt
2. in tmpfiles to implement explicitly configured acl changes
3. in journald/coredump/pstore to manage access to unpriv users
4. in pid1 to manage access to credential files
5. when shifting UIDs of container trees
I specific container environments it should be entirely fine to live without all
of these, hence let's pull this in on demand only.
test-shift-uid.c doesn't actually use anything from libacl. It all goes
through shared/, and the dep there is enough.
Same for the coredump stuffi, logind and core/.
And pstore doesn't use it at all, neither directly or indirectly.
Let's never bother with old TPM 1.x structures, they are not mentioned
in the TCG for TPM2 spec at all. However, the spec does say we should
check the Size field of the relevant structs, before accessing them,
hence do that.
Add support for generating names like wldN based on DeviceTree aliases.
DeviceTree alias names follow de facto conventions. As of writing, there
are so far two ways WLAN devices are represented in DeviceTree aliases
in upstream Linux DTS files:
- Firstly, as wifi0, used for example in t600x-j314-j316.dtsi
- Secondly, as ethernet0 or ethernet1, used for example in
sun8i-q8-common.dtsi, with a comment saying the reason is to "Make
u-boot set mac-address for wifi without an eeprom"
Therefore for prefix "wl", try alias_prefix "wifi" first, and if that
was not found, fall back to alias_prefix "ethernet"
Since this is a naming scheme change, also gate this behind
NAMING_DEVICETREE_ALIASES_WLAN and NAMING_V259, and document this
change.
Refactor most of the logic in names_devicetree() into a helper
names_devicetree_alias_prefix() that takes an alias_prefix instead of
hardcoding "ethernet".
The return value names_devicetree_alias_prefix() will be used in further
commits to allow for alias_prefix fallback.
This also makes shebang always use env command, and drops unnecessary
'bash -c' or 'sh -c' when a signle command is invoked in the shell,
like sleep or echo.
In the commit c960ca2be1, the logic of
updating ACL on device node was moved from logind to udevd, but at that
time, mistakenly removed the logic for static nodes.
Fixes a regression caused by c960ca2be1 (v258).
Fixes#39043.
Currently, a 15-second timeout is hardcoded for the key enrollment
process while waiting for user confirmation. Make this value configurable
to allow the option of disabling user input, such as during automatic key
provisioning at the factory.
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
This is split out of https://github.com/systemd/systemd/pull/38764.
It adds a very basic Varlink API to repart. Not the actual
repartitioning APIs, but simply a call to get a list of candidate
devices.
A very basic test case is added too.
Other commits from #38764 add the repartitioning API, but let's do that
in a separate PR.
Block devices with removable media (e.g. SD card readers) indicate a
missing medium with a zero size. Optionally ignore such block devices
that carry no medium currently.
Follow-up for 882c9ce040
Prompted by #39077
Note that HAVE_PAM ifdeffery in pam-util.c is removed,
since its build as a whole is conditioned out if
!HAVE_PAM in shared/meson.build.
