When testing build reproducibility, we got the following result:
+ rpmdiff cache/rpms/systemd-257.6-1.fc43/systemd-257.6-1.fc43.x86_64.rpm \
cache/build/systemd-257.6-1.fc43/rebuild/systemd-257.6-1.fc43.x86_64.rpm
......V..F. /etc/xdg/systemd/user
This is because we'd apply %ghost to a symlink to a directory, if the directory
stat reported 0 blocks. It seems that this depends on the filesystem type or
something and didn't pop up in previous rebuilds.
The first chunk is a noop to increase clarity.
The resulting difference from this patch in the file list:
$ diff -u systemd-257.6-build/systemd-257.6/.file-list-main{.0,}
-%config(noreplace) %ghost /etc/xdg/systemd/user
+%config(noreplace) /etc/xdg/systemd/user
(cherry picked from commit 7de88c66bd)
- Fix for local information disclosure in systemd-coredump (CVE-2025-4598)
- Fixes for systemd itself, run0, systemd-networkd, "secure" pager,
man pages, shell completions, sd-boot, sd-varlink
- Hardware database update
(cherry picked from commit ed6b885327)
This breaks suspend on my machine as of Linux 6.14, furthermore both
linked issues in rhbz#2321268 are closed and fixed in Linux upstream.
This reverts commit 6162965002.
(cherry picked from commit 451184cbea)
Both work and if we do full sha we can retrieve the full sha from the
source filename in the source rpm later on which is useful for various
use cases.
[skip changelog]
(cherry picked from commit 1126a7c6b8)
In OBS, noarch packages are shared between all architectures and
independent architectures can be rebuilt automatically without all
the other architectures getting rebuilt. This can result in the noarch
packages being newer than the archful packages for some architectures,
which means our current strict deps from the noarch packages on the
archful packages can't be satisfied.
To address this problem, let's relax the dependencies from the noarch
packages on the archful packages for OBS builds. Let's only do this for
OBS builds because this isn't an issue on Fedora as it's impossible to
build a package for only some of the architectures.
(cherry picked from commit 13d523f84d)
Noticed in https://bugzilla.redhat.com/show_bug.cgi?id=2348669#c25.
Most of those units listed don't have an [Install] section, and of those that
have, almost all were disabled by default. This might be something to fix, e.g.
we might want to enable systemd-udev-load-credentials.service, this is
something to consider. But it's clearer if we list all the units that those
packages ship. In priciple somebody might ship a preset to enable them.
Anyway, the impact of this change is much smaller than might seem at first.
But systemd-network-generator.service has an [Install] section and is preset
to true, so not listing it in the scriptlets was a visible bug.
There's the additional caveat that systemd-network-generator.service is coowned
by two packages. The current system does not have a way of handling this
properly, because unit enablement is tied to the package install state. Let's
just call the scriptlet for this unit twice for now. I think that's not going
to cause any real problem.
(cherry picked from commit d1380dc114)
I noticed that systemd-sysusers creates accounts with /usr/bin/nologin.
On merged systems is fine, but would not work for systems where
/usr/sbin is still a separate directory and /usr/bin/nologin does not
exist. This problem occurs because the meson configuration script discovers
the location using $PATH, which on recent builds results in /usr/bin always.
Just specify all the paths so that we don't depend on the presence and
order of paths in $PATH.
(cherry picked from commit 6f0d03443d)
And in non-Fedora builds, undo the neutering of sysusers macros.
Downstreams like CentosStream did not go through the same changes
as Fedora but they may use packages built from the rawhide branch.
We had a bunch of Obsolets on self. This is useful when a subpackage
is split out to make it optional, and we want to install both the
original subpackage and the subpackage on ugprades. If both new
subpackages have Obsoletes on the old name, dnf will install both. But
we don't need to keep this infinitely, it's mostly useful for the
duration of a single stable release.
Apparatenly, those Obsoletes cause problems with downgrades.
The most recently added case is for the split of systemd-sysusers. But
we have an alternative mechanism in place: systemd Requires
/usr/bin/systemd-sysusers, and this path is provided by systemd-sysusers
and systemd-standalone-sysusers, with a bias towards systemd-sysusers.
So we should be able to drop the self-Obsoletes without a change in
functionality.
Also, drop some old Provides where 'dnf repoquery' indicates it is not
used by anything. Actually, only 'timedatex'. All the other ones are
used by one spec or another.
We don't need 1.5.0 to avoid the libbpf crash, the latest libbpf 1.4
patch release (1.4.7) also has the necessary fixes, so relax the
requirement a little to allow builds on Fedora 41 to succeed.
In CI builds we have %version that it smaller than 257.3-4 when the split
happened, and this causes problems when the packages are installed:
Failed to resolve the transaction:
Problem: package
systemd-sysusers-257-1.20250225060108317145.pr36507.1659.g4635c37946.fc43.x86_64
from @commandline
obsoletes
systemd < 257.3-4 provided by
systemd-257-1.20250225060108317145.pr36507.1659.g4635c37946.fc43.x86_64
from @commandline
- conflicting requests
I'm not sure if we even need the self-Obsoletes. We have a Requires and
Recommends in the main systemd package that will cause on of the providers of
/usr/bin/systemd-sysusers to be installed, and the non-standalone version is
preferred. But it's possible that if recommends are disabled, the
non-standalone package could be installed for some reason. So let's keep the
self-Obsoletes for now.
Another caveat is that it's not clear if v-string comparisons require %[] as a
wrapper. Some chat in #fedora-devel suggested that that's the case, but things
seem to work without it.
None of the systemd git tags have tildes in them, so there's no need
to use version_no_tilde for these.
This is another change to make packit work as the archive it sets up
for us based on the systemd upstream packit config file does have a
tilde in its name which then makes %prep fail as we transform the tilde
to a hyphen and then fail to find the systemd source directory.
"""
+ /usr/lib/rpm/rpmuncompress -x /builddir/build/SOURCES/systemd-258~devel.tar.gz
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd systemd-258-devel
/var/tmp/rpm-tmp.gw7KSw: line 42: cd: systemd-258-devel: No such file or directory
"""
Previously, /usr/bin/systemd-sysusers was provided by both systemd and
systemd-standalone-sysusers, creating a file conflict, and the packages
declared Conflicts. This changed when systemd-sysusers was split out to a
separate subpackage. So we don't need the Conflicts and can allow a "cross
installation" of systemd-sysusers-standalone and and the other "normal"
systemd subpackages.
This should solve https://bugzilla.redhat.com/show_bug.cgi?id=2344322 without
requiring changes in the container definitions. (Though those changes probably
should be made anyway. If we end up installing systemd, we probably want to use
shared systemd-sysusers, to avoid wasting space.)
... (rhbz#2344322)
rpm-libs has Requires:/usr/bin/systemd-sysusers.
We split split out /usr/bin/systemd-sysusers (the normal version) to a
subpackage, and the shared library
/usr/lib64/systemd/libsystemd-shared-257.2-14.fc42.so to a second subpackage.
(In preparation for maybe making further splits later.)
systemd-sysusers+libsystemd-shared.so is 4.8MB, but libsystemd-shared.so also
pulls in a bunch of libraries. We'll find out what the actual change in
installation footprint (compared to systemd-standalone-sysusers) really is when
we build some images with the new split.
- systemd-ac-power is moved to systemd-udev
- portablectl and importctl are moved to systemd-container (rhbz#2345551)
ac-power clearly is only useful for real hardware. portablectl
and importctl are niche tools that don't need to be in the main package
(even though they could theoretically be used not for containers).
