[systemd-devel] [PATCH 3/3] gnome-ask-password-agent: do not send password when user hits "Cancel"
When the user hits the Cancel button no action should be triggered. --- src/gnome-ask-password-agent.vala | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/gnome-ask-password-agent.vala b/src/gnome-ask-password-agent.vala index ea43b08..571cd94 100644 --- a/src/gnome-ask-password-agent.vala +++ b/src/gnome-ask-password-agent.vala @@ -213,7 +213,8 @@ public class MyStatusIcon : StatusIcon { password_dialog = null; if (result == ResponseType.REJECT || -result == ResponseType.DELETE_EVENT) +result == ResponseType.DELETE_EVENT || +result == ResponseType.CANCEL) return; Pid child_pid; -- 1.8.3.4 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 1/3] gnome-ask-password-agent: make icon visible _after_ notification was closed
This fixes an issue where the tray icon disappears after the notification is closed, though no action has been triggered and there is still a password to enter. --- src/gnome-ask-password-agent.vala | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/gnome-ask-password-agent.vala b/src/gnome-ask-password-agent.vala index 8a5346d..4d852c2 100644 --- a/src/gnome-ask-password-agent.vala +++ b/src/gnome-ask-password-agent.vala @@ -80,6 +80,7 @@ public class MyStatusIcon : StatusIcon { string socket; PasswordDialog password_dialog; +Notification n; public MyStatusIcon() throws GLib.Error { GLib.Object(icon_name : "dialog-password"); @@ -182,10 +183,11 @@ public class MyStatusIcon : StatusIcon { } set_from_icon_name(icon); -set_visible(true); - -Notification n = new Notification(title, message, icon); +n = new Notification(title, message, icon); n.set_timeout(5000); +n.closed.connect(() => { +set_visible(true); +}); n.show(); return true; -- 1.8.3.4 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 2/3] gnome-ask-password-agent: allow user to answer directly to notification
Add a button "Enter password" to the notification, so that the user can directly react to the notification and does not have to use the tray icon. --- src/gnome-ask-password-agent.vala | 1 + 1 file changed, 1 insertion(+) diff --git a/src/gnome-ask-password-agent.vala b/src/gnome-ask-password-agent.vala index 4d852c2..ea43b08 100644 --- a/src/gnome-ask-password-agent.vala +++ b/src/gnome-ask-password-agent.vala @@ -188,6 +188,7 @@ public class MyStatusIcon : StatusIcon { n.closed.connect(() => { set_visible(true); }); +n.add_action("enter_pw", "Enter password", status_icon_activate); n.show(); return true; -- 1.8.3.4 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 0/3] gnome-ask-password-agent: improve user interaction
These three patches should improve the usability of gnome-ask-password-agent. Especially the first patch is needed to make it usable on a recent gnome-shell. At the moment the user can just close the notification which causes the tray icon to vanish so that the user has no chance to enter a password. This was also reported downstream: https://bugzilla.novell.com/show_bug.cgi?id=789655 I'm not sure though if this is intended behavior or a bug in gnome-shell. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] cryptsetup: Retry indefinitely if tries=0 option has been set.
When running from initrd, entering a wrong passphrase usually means that you cannot boot. Therefore, we allow trying indefinitely. --- This is useful together with Tom's latest patch. On my system, I use rd.luks.options=allow-discards,tries=0 so unless booting succeeds, I will be prompted for a passphrase indefinitely. man/crypttab.xml| 4 +++- src/cryptsetup/cryptsetup.c | 7 +++ 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/man/crypttab.xml b/man/crypttab.xml index 15c86d3..90d8ce9 100644 --- a/man/crypttab.xml +++ b/man/crypttab.xml @@ -330,7 +330,9 @@ tries= Specifies the maximum number of -times the user is queried for a password. +times the user is queried for a password. +The default is 3. If set to 0, the user is +queried for a password indefinitely. diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index ba0fdbc..22b5eea 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -41,7 +41,7 @@ static unsigned opt_key_size = 0; static unsigned opt_keyfile_size = 0; static unsigned opt_keyfile_offset = 0; static char *opt_hash = NULL; -static unsigned opt_tries = 0; +static unsigned opt_tries = 3; static bool opt_readonly = false; static bool opt_verify = false; static bool opt_discards = false; @@ -576,7 +576,6 @@ int main(int argc, char *argv[]) { else until = 0; -opt_tries = opt_tries > 0 ? opt_tries : 3; opt_key_size = (opt_key_size > 0 ? opt_key_size : 256); if (key_file) { @@ -588,7 +587,7 @@ int main(int argc, char *argv[]) { log_warning("Key file %s is world-readable. This is not a good idea!", key_file); } -for (tries = 0; tries < opt_tries; tries++) { +for (tries = 0; opt_tries == 0 || tries < opt_tries; tries++) { _cleanup_strv_free_ char **passwords = NULL; if (!key_file) { @@ -616,7 +615,7 @@ int main(int argc, char *argv[]) { log_warning("Invalid passphrase."); } -if (tries >= opt_tries) { +if (opt_tries != 0 && tries >= opt_tries) { log_error("Too many attempts; giving up."); r = EXIT_FAILURE; goto finish; -- 1.8.3.4 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] arch bootstrapping
Am 17.08.2013 17:27, schrieb Zbigniew Jędrzejewski-Szmek: > Hi, > > I was trying to get the arch installation example in systemd-spawn > to work on Fedora. My intent is to package pacman and pacstrap for > Fedora, to make it easy to play with distributions. Fedora already > has alien and dpkg/apt-get, so adding pacman seems kind of nice. > > The packaging process is going well, but the intallation is not > as easy, because of gpg key issues. It's possible that I made some > error, I tried both to add SigLevel=TrustAll in (host's) /etc/pacman.conf, > and to to import gpg keys with 'pacman-key --populate archlinux'. > The second solution didn't seem to work, and both have downsides: > - disabling checking is bad because of security issues, > and it also seems to mess up the trust database inside the container, > - importing the trust database in the host (assuming that I'd get it > to work), would require either also packaging the keys for Fedora, > or telling the user to trust keys blindly and download them from > the internet... pacstrap assumes that you have a working key database on the host (which is the case for our live CD and bootstrap tarball). To work around that, you need to 1) set up a keyring in /instroot/etc/pacman.d/gnupg 2) call pacstrap with the -G option This will set up a keyring in /instroot without the need for one in the host. For 1), simply run pacman-key --gpgdir /instroot/etc/pacman.d/gnupg --init pacman-key --gpgdir /instroot/etc/pacman.d/gnupg --populate archlinux For that, you must have the keyring available in /usr/share/pacman/keyrings/. Get the keyring from https://projects.archlinux.org/archlinux-keyring.git/ - you need the archlinux.gpg, archlinux-revoked and archlinux-trusted files. The only thing that is critical for security is the archlinux-trusted file - the fingerprints in there must match the ones from https://www.archlinux.org/master-keys/. The rest of the files are just there for convenience. signature.asc Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] cryptsetup-generator: allow specifying options in /proc/cmdline
The main usecase for this is to make it possible to use cryptsetup in the initrd without it having to include a host-specific /etc/crypttab. Cc: Harald Hoyer Tested-by: Thomas Bächler --- Hi guys, This allows us to use systemd in the initrd for encrypted root in Arch. I didn't look much into how this is done in dracut, so comments on whether or not this will work for you would be welcome. Cheers, Tom man/systemd-cryptsetup-generator.xml | 23 ++ src/cryptsetup/cryptsetup-generator.c | 79 +-- 2 files changed, 98 insertions(+), 4 deletions(-) diff --git a/man/systemd-cryptsetup-generator.xml b/man/systemd-cryptsetup-generator.xml index 7950032..3fab17b 100644 --- a/man/systemd-cryptsetup-generator.xml +++ b/man/systemd-cryptsetup-generator.xml @@ -137,6 +137,29 @@ will be activated in the initrd or the real root. + + +luks.options= + rd.luks.options= + +Takes a LUKS super +block UUID followed by an '=' and a string +of options separated by commas as argument. +This will override the options for the given +UUID. +If only a list of options, without an +UUID, is specified, they apply to any UUIDs not +specified elsewhere, and without an entry in +/etc/crypttab. +rd.luks.options= +is honored only by initial RAM disk +(initrd) while +luks.options= is +honored by both the main system and +the initrd. + + + luks.key= rd.luks.key= diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c index 81b7708..b140f0d 100644 --- a/src/cryptsetup/cryptsetup-generator.c +++ b/src/cryptsetup/cryptsetup-generator.c @@ -233,7 +233,7 @@ static int create_disk( return 0; } -static int parse_proc_cmdline(char ***arg_proc_cmdline_disks, char **arg_proc_cmdline_keyfile) { +static int parse_proc_cmdline(char ***arg_proc_cmdline_disks, char ***arg_proc_cmdline_options, char **arg_proc_cmdline_keyfile) { _cleanup_free_ char *line = NULL; char *w = NULL, *state = NULL; int r; @@ -300,7 +300,20 @@ static int parse_proc_cmdline(char ***arg_proc_cmdline_disks, char **arg_proc_cm return log_oom(); } +} else if (startswith(word, "luks.options=")) { +if (strv_extend(arg_proc_cmdline_options, word + 13) < 0) +return log_oom(); + +} else if (startswith(word, "rd.luks.options=")) { + +if (in_initrd()) { +if (strv_extend(arg_proc_cmdline_options, word + 16) < 0) +return log_oom(); +} + } else if (startswith(word, "luks.key=")) { +if (*arg_proc_cmdline_keyfile) +free(*arg_proc_cmdline_keyfile); *arg_proc_cmdline_keyfile = strdup(word + 9); if (!*arg_proc_cmdline_keyfile) return log_oom(); @@ -330,6 +343,7 @@ static int parse_proc_cmdline(char ***arg_proc_cmdline_disks, char **arg_proc_cm int main(int argc, char *argv[]) { _cleanup_strv_free_ char **arg_proc_cmdline_disks_done = NULL; _cleanup_strv_free_ char **arg_proc_cmdline_disks = NULL; +_cleanup_strv_free_ char **arg_proc_cmdline_options = NULL; _cleanup_free_ char *arg_proc_cmdline_keyfile = NULL; _cleanup_fclose_ FILE *f = NULL; unsigned n = 0; @@ -350,7 +364,7 @@ int main(int argc, char *argv[]) { umask(0022); -if (parse_proc_cmdline(&arg_proc_cmdline_disks, &arg_proc_cmdline_keyfile) < 0) +if (parse_proc_cmdline(&arg_proc_cmdline_disks, &arg_proc_cmdline_options, &arg_proc_cmdline_keyfile) < 0) return EXIT_FAILURE; if (!arg_enabled) @@ -405,6 +419,26 @@ int main(int argc, char *argv[]) { continue; } +if (arg_proc_cmdline_options) { +/* + If options are specified on the kernel commandl
Re: [systemd-devel] [PATCHv4] core: notify triggered by socket of a service
Hi, any update on accepting this patch? Umut On Mon, Jul 22, 2013 at 10:52 AM, Umut Tezduyar wrote: > --- > TODO |3 --- > src/core/service.c | 31 --- > src/core/socket.c | 39 ++- > src/core/socket.h |3 --- > 4 files changed, 38 insertions(+), 38 deletions(-) > > diff --git a/TODO b/TODO > index ba8bb8e..e0c4857 100644 > --- a/TODO > +++ b/TODO > @@ -115,9 +115,6 @@ Features: >Maybe take a BSD lock at the disk device node and teach udev to >check for that and suppress event handling. > > -* when a service changes state make reflect that in the > - RUNNING/LISTENING states of its socket > - > * when recursively showing the cgroup hierarchy, optionally also show >the hierarchies of child processes > > diff --git a/src/core/service.c b/src/core/service.c > index b98f11a..157d614 100644 > --- a/src/core/service.c > +++ b/src/core/service.c > @@ -1481,24 +1481,6 @@ static int service_search_main_pid(Service *s) { > return 0; > } > > -static void service_notify_sockets_dead(Service *s, bool failed_permanent) { > -Iterator i; > -Unit *u; > - > -assert(s); > - > -/* Notifies all our sockets when we die */ > - > -if (s->socket_fd >= 0) > -return; > - > -SET_FOREACH(u, UNIT(s)->dependencies[UNIT_TRIGGERED_BY], i) > -if (u->type == UNIT_SOCKET) > -socket_notify_service_dead(SOCKET(u), > failed_permanent); > - > -return; > -} > - > static void service_set_state(Service *s, ServiceState state) { > ServiceState old_state; > const UnitActiveState *table; > @@ -1550,19 +1532,6 @@ static void service_set_state(Service *s, ServiceState > state) { > s->control_command_id = _SERVICE_EXEC_COMMAND_INVALID; > } > > -if (state == SERVICE_FAILED) > -service_notify_sockets_dead(s, s->result == > SERVICE_FAILURE_START_LIMIT); > - > -if (state == SERVICE_DEAD || > -state == SERVICE_STOP || > -state == SERVICE_STOP_SIGTERM || > -state == SERVICE_STOP_SIGKILL || > -state == SERVICE_STOP_POST || > -state == SERVICE_FINAL_SIGTERM || > -state == SERVICE_FINAL_SIGKILL || > -state == SERVICE_AUTO_RESTART) > -service_notify_sockets_dead(s, false); > - > if (state != SERVICE_START_PRE && > state != SERVICE_START && > state != SERVICE_START_POST && > diff --git a/src/core/socket.c b/src/core/socket.c > index cf88bae..2130e48 100644 > --- a/src/core/socket.c > +++ b/src/core/socket.c > @@ -2277,7 +2277,7 @@ int socket_collect_fds(Socket *s, int **fds, unsigned > *n_fds) { > return 0; > } > > -void socket_notify_service_dead(Socket *s, bool failed_permanent) { > +static void socket_notify_service_dead(Socket *s, bool failed_permanent) { > assert(s); > > /* The service is dead. Dang! > @@ -2322,6 +2322,41 @@ static void socket_reset_failed(Unit *u) { > s->result = SOCKET_SUCCESS; > } > > +static void socket_trigger_notify(Unit *u, Unit *other) { > +Socket *s = SOCKET(u); > +Service *se = SERVICE(other); > + > +assert(u); > +assert(other); > + > +/* Don't propagate state changes from the service if we are > + already down or accepting connections */ > +if ((s->state != SOCKET_RUNNING && > +s->state != SOCKET_LISTENING) || > +s->accept) > +return; > + > +if (other->load_state != UNIT_LOADED || > +other->type != UNIT_SERVICE) > +return; > + > +if (se->state == SERVICE_FAILED) > +socket_notify_service_dead(s, se->result == > SERVICE_FAILURE_START_LIMIT); > + > +if (se->state == SERVICE_DEAD || > +se->state == SERVICE_STOP || > +se->state == SERVICE_STOP_SIGTERM || > +se->state == SERVICE_STOP_SIGKILL || > +se->state == SERVICE_STOP_POST || > +se->state == SERVICE_FINAL_SIGTERM || > +se->state == SERVICE_FINAL_SIGKILL || > +se->state == SERVICE_AUTO_RESTART) > +socket_notify_service_dead(s, false); > + > +if (se->state == SERVICE_RUNNING) > +socket_set_state(s, SOCKET_RUNNING); > +} > + > static int socket_kill(Unit *u, KillWho who, int signo, DBusError *error) { > return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, > error); > } > @@ -2402,6 +2437,8 @@ const UnitVTable socket_vtable = { > .sigchld_event = socket_sigchld_event, > .timer_event = socket_timer_event, > > +.trigger_notify = socket_trigger_notify, > + > .reset_failed = socket_reset_failed, > > .bus_interface = "org.freedesktop.systemd1.Socket", > diff --g