Re: [systemd-devel] systemd efi boot and default entry
2016-03-30 18:49 GMT+03:00 Michal Sekletar: > > I don't believe this is currently possible. I've tried to implement > similar scheme in the past. I should probably resurrect that effort, > > https://github.com/systemd/systemd/pull/1894 > > In the meantime, you can change default boot entry manually by > selecting it in the menu and pressing 'd' key. If you have time for this - i'll be very happy. -- Vasiliy Tolstov, e-mail: v.tols...@selfip.ru ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Different behavior when OpenVPN is started as a service through systemd
Am 31.03.2016 um 23:07 schrieb Piotr Dobrogost: When I start OpenVPN as a deamon from command line like this: `sudo OPENSSL_ENABLE_MD5_VERIFY=1 openvpn --daemon --config /etc/openvpn/xxx.conf` the tunnel comes up with no problem. However, when I start it as a systemd service I get this error: Mar 23 21:59:40 demon openvpn[10065]: VERIFY OK: depth=2, C=PL, L=Warszawa, O=xxx, OU=xxx CA, CN=xxx Root CA Mar 23 21:59:40 demon openvpn[10065]: VERIFY ERROR: depth=1, error=certificate signature failure: C=PL, O=xxx, OU=xxx CA, CN=xxx VPN CA I've been getting the same error when starting OpenVPN as a deamon from command line before I added "OPENSSL_ENABLE_MD5_VERIFY=1". That's why I thought the reason for error is that when starting OpenVPN as a systemd service OPENSSL_ENABLE_MD5_VERIFY does not get set. However I verified it gets set by adding "ExecStartPre=/usr/bin/env" to the service template file. Please help get rid of MD5 and SHA1 certs in 2016 openvpn works pretty fine with systemd we connect 6 different networks in all directions with openvpn and systemd signature.asc Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd efi boot and default entry
On Thu, Mar 31, 2016 at 11:10 AM, Jóhann B. Guðmundssonwrote: > > > On 03/30/2016 03:49 PM, Michal Sekletar wrote: >> >> On Mon, Mar 21, 2016 at 1:42 PM, Vasiliy Tolstov >> wrote: >> >>> Now i want to have two entries and assign priority to it via systemd, >>> in my use-case i want to know last succeseful boot entry and use it. >>> After upgrade i want to boot from new antry and if it fails - change >>> priority to lower level... >> >> I don't believe this is currently possible. I've tried to implement >> similar scheme in the past. I should probably resurrect that effort, >> > > Had you finished writing the kernel driver that implements some kind of ( > sysfs? ) boot counting scheme? > ( There is no point in implementing something in systemd until that is in > place ) We don't need to extend the kernel in order to implement this particular mechanism. After new kernel is installed, you make it default and mark as "tentative". Then, after first successful boot of newly added bootloader entry you just remove the flag, because it is known to work. I withdrew my PR because we discussed this with Kay and we were not sure we liked proposed scheme which uses file on disk as "tentative" marker. Michal ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Different behavior when OpenVPN is started as a service through systemd
Hi! When I start OpenVPN as a deamon from command line like this: `sudo OPENSSL_ENABLE_MD5_VERIFY=1 openvpn --daemon --config /etc/openvpn/xxx.conf` the tunnel comes up with no problem. However, when I start it as a systemd service I get this error: Mar 23 21:59:40 demon openvpn[10065]: VERIFY OK: depth=2, C=PL, L=Warszawa, O=xxx, OU=xxx CA, CN=xxx Root CA Mar 23 21:59:40 demon openvpn[10065]: VERIFY ERROR: depth=1, error=certificate signature failure: C=PL, O=xxx, OU=xxx CA, CN=xxx VPN CA I've been getting the same error when starting OpenVPN as a deamon from command line before I added "OPENSSL_ENABLE_MD5_VERIFY=1". That's why I thought the reason for error is that when starting OpenVPN as a systemd service OPENSSL_ENABLE_MD5_VERIFY does not get set. However I verified it gets set by adding "ExecStartPre=/usr/bin/env" to the service template file. Please help. Regards, Piotr Dobrogost Below is content of relevant files: == /usr/lib/systemd/system/openvpn@.service [Unit] Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I After=network.target [Service] PrivateTmp=true Type=forking PIDFile=/var/run/openvpn/%i.pid ExecStartPre=/usr/bin/env ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf [Install] WantedBy=multi-user.target == /etc/systemd/system/openvpn xxx.service.d/env.conf [Service] Environment=OPENSSL_ENABLE_MD5_VERIFY=1 Thanky you in advance. Regards, Piotr Dobrogost ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel