[systemd-devel] [PATCH 3/3] gnome-ask-password-agent: do not send password when user hits "Cancel"
When the user hits the Cancel button no action should be triggered.
---
src/gnome-ask-password-agent.vala | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/gnome-ask-password-agent.vala
b/src/gnome-ask-password-agent.vala
index ea43b08..571cd94 100644
--- a/src/gnome-ask-password-agent.vala
+++ b/src/gnome-ask-password-agent.vala
@@ -213,7 +213,8 @@ public class MyStatusIcon : StatusIcon {
password_dialog = null;
if (result == ResponseType.REJECT ||
-result == ResponseType.DELETE_EVENT)
+result == ResponseType.DELETE_EVENT ||
+result == ResponseType.CANCEL)
return;
Pid child_pid;
--
1.8.3.4
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 1/3] gnome-ask-password-agent: make icon visible _after_ notification was closed
This fixes an issue where the tray icon disappears after the notification is
closed, though no action has been triggered and there is still a password to
enter.
---
src/gnome-ask-password-agent.vala | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/gnome-ask-password-agent.vala
b/src/gnome-ask-password-agent.vala
index 8a5346d..4d852c2 100644
--- a/src/gnome-ask-password-agent.vala
+++ b/src/gnome-ask-password-agent.vala
@@ -80,6 +80,7 @@ public class MyStatusIcon : StatusIcon {
string socket;
PasswordDialog password_dialog;
+Notification n;
public MyStatusIcon() throws GLib.Error {
GLib.Object(icon_name : "dialog-password");
@@ -182,10 +183,11 @@ public class MyStatusIcon : StatusIcon {
}
set_from_icon_name(icon);
-set_visible(true);
-
-Notification n = new Notification(title, message, icon);
+n = new Notification(title, message, icon);
n.set_timeout(5000);
+n.closed.connect(() => {
+set_visible(true);
+});
n.show();
return true;
--
1.8.3.4
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 2/3] gnome-ask-password-agent: allow user to answer directly to notification
Add a button "Enter password" to the notification, so that the user can
directly react to the notification and does not have to use the tray icon.
---
src/gnome-ask-password-agent.vala | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/gnome-ask-password-agent.vala
b/src/gnome-ask-password-agent.vala
index 4d852c2..ea43b08 100644
--- a/src/gnome-ask-password-agent.vala
+++ b/src/gnome-ask-password-agent.vala
@@ -188,6 +188,7 @@ public class MyStatusIcon : StatusIcon {
n.closed.connect(() => {
set_visible(true);
});
+n.add_action("enter_pw", "Enter password",
status_icon_activate);
n.show();
return true;
--
1.8.3.4
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 0/3] gnome-ask-password-agent: improve user interaction
These three patches should improve the usability of gnome-ask-password-agent. Especially the first patch is needed to make it usable on a recent gnome-shell. At the moment the user can just close the notification which causes the tray icon to vanish so that the user has no chance to enter a password. This was also reported downstream: https://bugzilla.novell.com/show_bug.cgi?id=789655 I'm not sure though if this is intended behavior or a bug in gnome-shell. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] cryptsetup: Retry indefinitely if tries=0 option has been set.
When running from initrd, entering a wrong passphrase usually means that
you cannot boot. Therefore, we allow trying indefinitely.
---
This is useful together with Tom's latest patch. On my system, I use
rd.luks.options=allow-discards,tries=0
so unless booting succeeds, I will be prompted for a passphrase
indefinitely.
man/crypttab.xml| 4 +++-
src/cryptsetup/cryptsetup.c | 7 +++
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/man/crypttab.xml b/man/crypttab.xml
index 15c86d3..90d8ce9 100644
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -330,7 +330,9 @@
tries=
Specifies the maximum number of
-times the user is queried for a
password.
+times the user is queried for a password.
+The default is 3. If set to 0, the user is
+queried for a password
indefinitely.
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index ba0fdbc..22b5eea 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -41,7 +41,7 @@ static unsigned opt_key_size = 0;
static unsigned opt_keyfile_size = 0;
static unsigned opt_keyfile_offset = 0;
static char *opt_hash = NULL;
-static unsigned opt_tries = 0;
+static unsigned opt_tries = 3;
static bool opt_readonly = false;
static bool opt_verify = false;
static bool opt_discards = false;
@@ -576,7 +576,6 @@ int main(int argc, char *argv[]) {
else
until = 0;
-opt_tries = opt_tries > 0 ? opt_tries : 3;
opt_key_size = (opt_key_size > 0 ? opt_key_size : 256);
if (key_file) {
@@ -588,7 +587,7 @@ int main(int argc, char *argv[]) {
log_warning("Key file %s is world-readable.
This is not a good idea!", key_file);
}
-for (tries = 0; tries < opt_tries; tries++) {
+for (tries = 0; opt_tries == 0 || tries < opt_tries; tries++) {
_cleanup_strv_free_ char **passwords = NULL;
if (!key_file) {
@@ -616,7 +615,7 @@ int main(int argc, char *argv[]) {
log_warning("Invalid passphrase.");
}
-if (tries >= opt_tries) {
+if (opt_tries != 0 && tries >= opt_tries) {
log_error("Too many attempts; giving up.");
r = EXIT_FAILURE;
goto finish;
--
1.8.3.4
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] arch bootstrapping
Am 17.08.2013 17:27, schrieb Zbigniew Jędrzejewski-Szmek: > Hi, > > I was trying to get the arch installation example in systemd-spawn > to work on Fedora. My intent is to package pacman and pacstrap for > Fedora, to make it easy to play with distributions. Fedora already > has alien and dpkg/apt-get, so adding pacman seems kind of nice. > > The packaging process is going well, but the intallation is not > as easy, because of gpg key issues. It's possible that I made some > error, I tried both to add SigLevel=TrustAll in (host's) /etc/pacman.conf, > and to to import gpg keys with 'pacman-key --populate archlinux'. > The second solution didn't seem to work, and both have downsides: > - disabling checking is bad because of security issues, > and it also seems to mess up the trust database inside the container, > - importing the trust database in the host (assuming that I'd get it > to work), would require either also packaging the keys for Fedora, > or telling the user to trust keys blindly and download them from > the internet... pacstrap assumes that you have a working key database on the host (which is the case for our live CD and bootstrap tarball). To work around that, you need to 1) set up a keyring in /instroot/etc/pacman.d/gnupg 2) call pacstrap with the -G option This will set up a keyring in /instroot without the need for one in the host. For 1), simply run pacman-key --gpgdir /instroot/etc/pacman.d/gnupg --init pacman-key --gpgdir /instroot/etc/pacman.d/gnupg --populate archlinux For that, you must have the keyring available in /usr/share/pacman/keyrings/. Get the keyring from https://projects.archlinux.org/archlinux-keyring.git/ - you need the archlinux.gpg, archlinux-revoked and archlinux-trusted files. The only thing that is critical for security is the archlinux-trusted file - the fingerprints in there must match the ones from https://www.archlinux.org/master-keys/. The rest of the files are just there for convenience. signature.asc Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] cryptsetup-generator: allow specifying options in /proc/cmdline
The main usecase for this is to make it possible to use cryptsetup in
the initrd without it having to include a host-specific /etc/crypttab.
Cc: Harald Hoyer
Tested-by: Thomas Bächler
---
Hi guys,
This allows us to use systemd in the initrd for encrypted root in Arch. I
didn't look much into how this is done in dracut, so comments on whether
or not this will work for you would be welcome.
Cheers,
Tom
man/systemd-cryptsetup-generator.xml | 23 ++
src/cryptsetup/cryptsetup-generator.c | 79 +--
2 files changed, 98 insertions(+), 4 deletions(-)
diff --git a/man/systemd-cryptsetup-generator.xml
b/man/systemd-cryptsetup-generator.xml
index 7950032..3fab17b 100644
--- a/man/systemd-cryptsetup-generator.xml
+++ b/man/systemd-cryptsetup-generator.xml
@@ -137,6 +137,29 @@
will be activated in the initrd or the real
root.
+
+
+luks.options=
+
rd.luks.options=
+
+Takes a LUKS super
+block UUID followed by an '=' and a string
+of options separated by commas as argument.
+This will override the options for the given
+UUID.
+If only a list of options, without an
+UUID, is specified, they apply to any UUIDs not
+specified elsewhere, and without an entry in
+/etc/crypttab.
+rd.luks.options=
+is honored only by initial RAM disk
+(initrd) while
+luks.options= is
+honored by both the main system and
+the initrd.
+
+
+
luks.key=
rd.luks.key=
diff --git a/src/cryptsetup/cryptsetup-generator.c
b/src/cryptsetup/cryptsetup-generator.c
index 81b7708..b140f0d 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -233,7 +233,7 @@ static int create_disk(
return 0;
}
-static int parse_proc_cmdline(char ***arg_proc_cmdline_disks, char
**arg_proc_cmdline_keyfile) {
+static int parse_proc_cmdline(char ***arg_proc_cmdline_disks, char
***arg_proc_cmdline_options, char **arg_proc_cmdline_keyfile) {
_cleanup_free_ char *line = NULL;
char *w = NULL, *state = NULL;
int r;
@@ -300,7 +300,20 @@ static int parse_proc_cmdline(char
***arg_proc_cmdline_disks, char **arg_proc_cm
return log_oom();
}
+} else if (startswith(word, "luks.options=")) {
+if (strv_extend(arg_proc_cmdline_options, word + 13) <
0)
+return log_oom();
+
+} else if (startswith(word, "rd.luks.options=")) {
+
+if (in_initrd()) {
+if (strv_extend(arg_proc_cmdline_options, word
+ 16) < 0)
+return log_oom();
+}
+
} else if (startswith(word, "luks.key=")) {
+if (*arg_proc_cmdline_keyfile)
+free(*arg_proc_cmdline_keyfile);
*arg_proc_cmdline_keyfile = strdup(word + 9);
if (!*arg_proc_cmdline_keyfile)
return log_oom();
@@ -330,6 +343,7 @@ static int parse_proc_cmdline(char
***arg_proc_cmdline_disks, char **arg_proc_cm
int main(int argc, char *argv[]) {
_cleanup_strv_free_ char **arg_proc_cmdline_disks_done = NULL;
_cleanup_strv_free_ char **arg_proc_cmdline_disks = NULL;
+_cleanup_strv_free_ char **arg_proc_cmdline_options = NULL;
_cleanup_free_ char *arg_proc_cmdline_keyfile = NULL;
_cleanup_fclose_ FILE *f = NULL;
unsigned n = 0;
@@ -350,7 +364,7 @@ int main(int argc, char *argv[]) {
umask(0022);
-if (parse_proc_cmdline(&arg_proc_cmdline_disks,
&arg_proc_cmdline_keyfile) < 0)
+if (parse_proc_cmdline(&arg_proc_cmdline_disks,
&arg_proc_cmdline_options, &arg_proc_cmdline_keyfile) < 0)
return EXIT_FAILURE;
if (!arg_enabled)
@@ -405,6 +419,26 @@ int main(int argc, char *argv[]) {
continue;
}
+if (arg_proc_cmdline_options) {
+/*
+ If options are specified on the kernel
commandl
Re: [systemd-devel] [PATCHv4] core: notify triggered by socket of a service
Hi, any update on accepting this patch?
Umut
On Mon, Jul 22, 2013 at 10:52 AM, Umut Tezduyar wrote:
> ---
> TODO |3 ---
> src/core/service.c | 31 ---
> src/core/socket.c | 39 ++-
> src/core/socket.h |3 ---
> 4 files changed, 38 insertions(+), 38 deletions(-)
>
> diff --git a/TODO b/TODO
> index ba8bb8e..e0c4857 100644
> --- a/TODO
> +++ b/TODO
> @@ -115,9 +115,6 @@ Features:
>Maybe take a BSD lock at the disk device node and teach udev to
>check for that and suppress event handling.
>
> -* when a service changes state make reflect that in the
> - RUNNING/LISTENING states of its socket
> -
> * when recursively showing the cgroup hierarchy, optionally also show
>the hierarchies of child processes
>
> diff --git a/src/core/service.c b/src/core/service.c
> index b98f11a..157d614 100644
> --- a/src/core/service.c
> +++ b/src/core/service.c
> @@ -1481,24 +1481,6 @@ static int service_search_main_pid(Service *s) {
> return 0;
> }
>
> -static void service_notify_sockets_dead(Service *s, bool failed_permanent) {
> -Iterator i;
> -Unit *u;
> -
> -assert(s);
> -
> -/* Notifies all our sockets when we die */
> -
> -if (s->socket_fd >= 0)
> -return;
> -
> -SET_FOREACH(u, UNIT(s)->dependencies[UNIT_TRIGGERED_BY], i)
> -if (u->type == UNIT_SOCKET)
> -socket_notify_service_dead(SOCKET(u),
> failed_permanent);
> -
> -return;
> -}
> -
> static void service_set_state(Service *s, ServiceState state) {
> ServiceState old_state;
> const UnitActiveState *table;
> @@ -1550,19 +1532,6 @@ static void service_set_state(Service *s, ServiceState
> state) {
> s->control_command_id = _SERVICE_EXEC_COMMAND_INVALID;
> }
>
> -if (state == SERVICE_FAILED)
> -service_notify_sockets_dead(s, s->result ==
> SERVICE_FAILURE_START_LIMIT);
> -
> -if (state == SERVICE_DEAD ||
> -state == SERVICE_STOP ||
> -state == SERVICE_STOP_SIGTERM ||
> -state == SERVICE_STOP_SIGKILL ||
> -state == SERVICE_STOP_POST ||
> -state == SERVICE_FINAL_SIGTERM ||
> -state == SERVICE_FINAL_SIGKILL ||
> -state == SERVICE_AUTO_RESTART)
> -service_notify_sockets_dead(s, false);
> -
> if (state != SERVICE_START_PRE &&
> state != SERVICE_START &&
> state != SERVICE_START_POST &&
> diff --git a/src/core/socket.c b/src/core/socket.c
> index cf88bae..2130e48 100644
> --- a/src/core/socket.c
> +++ b/src/core/socket.c
> @@ -2277,7 +2277,7 @@ int socket_collect_fds(Socket *s, int **fds, unsigned
> *n_fds) {
> return 0;
> }
>
> -void socket_notify_service_dead(Socket *s, bool failed_permanent) {
> +static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
> assert(s);
>
> /* The service is dead. Dang!
> @@ -2322,6 +2322,41 @@ static void socket_reset_failed(Unit *u) {
> s->result = SOCKET_SUCCESS;
> }
>
> +static void socket_trigger_notify(Unit *u, Unit *other) {
> +Socket *s = SOCKET(u);
> +Service *se = SERVICE(other);
> +
> +assert(u);
> +assert(other);
> +
> +/* Don't propagate state changes from the service if we are
> + already down or accepting connections */
> +if ((s->state != SOCKET_RUNNING &&
> +s->state != SOCKET_LISTENING) ||
> +s->accept)
> +return;
> +
> +if (other->load_state != UNIT_LOADED ||
> +other->type != UNIT_SERVICE)
> +return;
> +
> +if (se->state == SERVICE_FAILED)
> +socket_notify_service_dead(s, se->result ==
> SERVICE_FAILURE_START_LIMIT);
> +
> +if (se->state == SERVICE_DEAD ||
> +se->state == SERVICE_STOP ||
> +se->state == SERVICE_STOP_SIGTERM ||
> +se->state == SERVICE_STOP_SIGKILL ||
> +se->state == SERVICE_STOP_POST ||
> +se->state == SERVICE_FINAL_SIGTERM ||
> +se->state == SERVICE_FINAL_SIGKILL ||
> +se->state == SERVICE_AUTO_RESTART)
> +socket_notify_service_dead(s, false);
> +
> +if (se->state == SERVICE_RUNNING)
> +socket_set_state(s, SOCKET_RUNNING);
> +}
> +
> static int socket_kill(Unit *u, KillWho who, int signo, DBusError *error) {
> return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid,
> error);
> }
> @@ -2402,6 +2437,8 @@ const UnitVTable socket_vtable = {
> .sigchld_event = socket_sigchld_event,
> .timer_event = socket_timer_event,
>
> +.trigger_notify = socket_trigger_notify,
> +
> .reset_failed = socket_reset_failed,
>
> .bus_interface = "org.freedesktop.systemd1.Socket",
> diff --g
