From aedd5488becf13b2fbb7ceb4bc147531bb95c0e4 Mon Sep 17 00:00:00 2001 From: Alessandro Astone Date: Thu, 1 Jun 2023 23:17:44 +0200 Subject: [PATCH 001/327] Increase vm.max_map_count https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount --- 10-map-count.conf | 3 +++ systemd.spec | 4 ++++ 2 files changed, 7 insertions(+) create mode 100644 10-map-count.conf diff --git a/10-map-count.conf b/10-map-count.conf new file mode 100644 index 0000000..5cf5677 --- /dev/null +++ b/10-map-count.conf @@ -0,0 +1,3 @@ +# Increase the number of virtual memory areas that one process may request +# https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount +vm.max_map_count=1048576 diff --git a/systemd.spec b/systemd.spec index 2c6b59f..2610741 100644 --- a/systemd.spec +++ b/systemd.spec @@ -71,6 +71,7 @@ Source13: libsystemd-shared.abignore Source14: 10-oomd-defaults.conf Source15: 10-oomd-per-slice-defaults.conf Source16: 10-timeout-abort.conf +Source17: 10-map-count.conf Source21: macros.sysusers Source22: sysusers.attr @@ -776,6 +777,9 @@ install -Dm0644 -t %{buildroot}%{user_unit_dir}/slice.d/ %{SOURCE15} install -Dm0644 -t %{buildroot}%{system_unit_dir}/service.d/ %{SOURCE16} install -Dm0644 10-timeout-abort.conf.user %{buildroot}%{user_unit_dir}/service.d/10-timeout-abort.conf +# https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount +install -Dm0644 -t %{buildroot}%{_prefix}/lib/sysctl.d/ %{SOURCE17} + sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/macros.d/ %{SOURCE21} From 4980b39c441babc2c858e76acb6b8064a57370b7 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Sun, 4 Jun 2023 23:42:45 -0400 Subject: [PATCH 002/327] Avoid qrencode dependency in RHEL builds Based on c9s: https://gitlab.com/redhat/centos-stream/rpms/systemd/-/commit/c7784e658433844e056b6cab5bf3186f093b9f79 --- systemd.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 2610741..68f2539 100644 --- a/systemd.spec +++ b/systemd.spec @@ -141,7 +141,9 @@ BuildRequires: kmod-devel BuildRequires: elfutils-devel BuildRequires: openssl-devel BuildRequires: gnutls-devel +%if %{undefined rhel} BuildRequires: qrencode-devel +%endif BuildRequires: libmicrohttpd-devel BuildRequires: libxkbcommon-devel BuildRequires: iptables-devel @@ -236,7 +238,9 @@ Recommends: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} Recommends: libpcre2-8.so.0%{?elf_suffix} Recommends: libpwquality.so.1%{?elf_suffix} Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits} +%if %{undefined rhel} Recommends: libqrencode.so.4%{?elf_suffix} +%endif Recommends: libbpf.so.0%{?elf_suffix} Recommends: libbpf.so.0(LIBBPF_0.4.0)%{?elf_bits} @@ -589,7 +593,7 @@ CONFIGURE_OPTS=( -Dlibcryptsetup=%[%{with bootstrap}?"false":"true"] -Delfutils=true -Dpwquality=true - -Dqrencode=true + -Dqrencode=%[%{defined rhel}?"false":"true"] -Dgnutls=true -Dmicrohttpd=true -Dlibidn2=true From 5982ae9504c8f2697a839c6ce2a82287a60c1043 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Mon, 5 Jun 2023 12:49:57 -0400 Subject: [PATCH 003/327] Avoid pillow and pyflakes in RHEL builds These test dependencies are unwanted in RHEL. --- systemd.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 68f2539..fa69615 100644 --- a/systemd.spec +++ b/systemd.spec @@ -165,9 +165,11 @@ BuildRequires: python3-devel BuildRequires: python3dist(jinja2) BuildRequires: python3dist(lxml) BuildRequires: python3dist(pefile) +%if %{undefined rhel} BuildRequires: python3dist(pillow) -BuildRequires: python3dist(pytest) BuildRequires: python3dist(pytest-flakes) +%endif +BuildRequires: python3dist(pytest) BuildRequires: python3dist(zstd) # gzip and lzma are provided by the stdlib BuildRequires: firewalld-filesystem From d64ddbaa83ecee18431b8415829e35434e919a39 Mon Sep 17 00:00:00 2001 From: Anita Zhang Date: Wed, 21 Jun 2023 15:59:07 +0100 Subject: [PATCH 004/327] fix typos in standalone package provides --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index fa69615..e48e5e6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -498,7 +498,7 @@ useful to test systemd internals. %package standalone-repart Summary: Standalone systemd-repart binary for use on systems without systemd -Provides: %{name}-tmpfiles = %{version}-%{release} +Provides: %{name}-repart = %{version}-%{release} RemovePathPostfixes: .standalone %description standalone-repart @@ -528,7 +528,7 @@ package and is meant for use on systems without systemd. %package standalone-shutdown Summary: Standalone systemd-shutdown binary for use on systems without systemd -Provides: %{name}-sysusers = %{version}-%{release} +Provides: %{name}-shutdown = %{version}-%{release} RemovePathPostfixes: .standalone %description standalone-shutdown From dce828f1677bb5e197e2edffcff7e43dba204750 Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Wed, 21 Jun 2023 12:28:48 +0300 Subject: [PATCH 005/327] Use rpm's sysuser provide generation on Fedora >= 39 Rpm >= 4.19 has native sysusers integration and generates similar user() and group() provides but encodes additional information into them, information that is required for the rpm integration to work. Besides additional data, one noteworthy difference in the rpm generated provides is there are no provides generated for m(ember) directives. This is because users and groups possibly created by that directive are a too implicit for dependency resolution and install ordering purposes in the case where the user/group is actually owned by some other package. --- systemd.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systemd.spec b/systemd.spec index e48e5e6..158ef06 100644 --- a/systemd.spec +++ b/systemd.spec @@ -789,8 +789,11 @@ install -Dm0644 -t %{buildroot}%{_prefix}/lib/sysctl.d/ %{SOURCE17} sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/macros.d/ %{SOURCE21} +# Use rpm's own sysusers provides where available +%if 0%{?fedora} < 39 install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/fileattrs/ %{SOURCE22} install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE23} +%endif install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24} # https://bugzilla.redhat.com/show_bug.cgi?id=2107754 From 9c05b44a4b8922cdd4671298107e067302509afc Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Mon, 26 Jun 2023 10:39:41 -0400 Subject: [PATCH 006/327] Use rpm sysuser provide generation on RHEL >= 10 ELN, and as a result the future RHEL 10, also just got the new rpm version with these files. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 158ef06..ccb75b6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -790,7 +790,7 @@ sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/t install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/macros.d/ %{SOURCE21} # Use rpm's own sysusers provides where available -%if 0%{?fedora} < 39 +%if ! (0%{?fedora} >= 39 || 0%{?rhel} >= 10) install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/fileattrs/ %{SOURCE22} install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE23} %endif From d80a45533db738147b5def10874f0b84d97b8b64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 10 Jul 2023 18:52:26 +0200 Subject: [PATCH 007/327] Version 254~rc1 - Way too many changes to list. See https://raw.githubusercontent.com/systemd/systemd/v254-rc1/NEWS - Fix regression in socket activation of services (rhbz#2213660). --- fedora-use-system-auth-in-pam-systemd-user.patch | 12 ++++++------ sources | 2 +- systemd.spec | 4 ++-- use-bfq-scheduler.patch | 12 ++++++------ 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/fedora-use-system-auth-in-pam-systemd-user.patch b/fedora-use-system-auth-in-pam-systemd-user.patch index 3b7c10d..df820e2 100644 --- a/fedora-use-system-auth-in-pam-systemd-user.patch +++ b/fedora-use-system-auth-in-pam-systemd-user.patch @@ -1,14 +1,14 @@ -From 4e6479054ae2090b99a50d6ae954d22efc8340a0 Mon Sep 17 00:00:00 2001 +From c4b803dc60b63a35c977d39610b7872175ec03bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 14 Dec 2022 22:24:53 +0100 -Subject: [PATCH 4/4] fedora: use system-auth in pam systemd-user +Subject: [PATCH] fedora: use system-auth in pam systemd-user --- src/login/systemd-user.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in -index 9a665bd959..703a4b3174 100644 +index 8a3c9e0165..74ef5f2552 100644 --- a/src/login/systemd-user.in +++ b/src/login/systemd-user.in @@ -7,7 +7,7 @@ @@ -20,12 +20,12 @@ index 9a665bd959..703a4b3174 100644 {% if HAVE_SELINUX %} session required pam_selinux.so close -@@ -19,4 +19,4 @@ session required pam_namespace.so - {% if ENABLE_HOMED %} +@@ -20,4 +20,4 @@ session required pam_namespace.so -session optional pam_systemd_home.so {% endif %} + session optional pam_umask.so silent -session optional pam_systemd.so +session include system-auth -- -2.38.1 +2.41.0 diff --git a/sources b/sources index b97b829..704ea14 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-253.5.tar.gz) = 39709b485cd9287e26ac8e973fa1692b280bec3b96e1da6667e4a4f2ac2228aa072b22802720a254698d32c82f5306d7feb32229e4b6d54cc0e2b1e2caa4cc2e +SHA512 (systemd-254-rc1.tar.gz) = 84124f4f861e17734bb07e235135cb20d8a2092de6f779ff71dccf93844e7b972304660193aa14834b74a64e29af9b3f70b342aac645aa36230e5cc2462d6d77 diff --git a/systemd.spec b/systemd.spec index ccb75b6..6444e58 100644 --- a/systemd.spec +++ b/systemd.spec @@ -28,7 +28,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 253.5 +Version: 254~rc1 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -537,7 +537,7 @@ other libraries from systemd-libs. This package conflicts with the main systemd package and is meant for use in exitrds. %prep -%autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1 +%autosetup -n %{?commit:%{name}%[%stable?"-stable":""]-%{commit}}%{!?commit:%{name}%[%stable?"-stable":""]-%{version_no_tilde}} -p1 # We want to update sd-boot from packaging scriptlets after package update. # Let's disable the service. diff --git a/use-bfq-scheduler.patch b/use-bfq-scheduler.patch index 59e642a..6ad5e5d 100644 --- a/use-bfq-scheduler.patch +++ b/use-bfq-scheduler.patch @@ -27,17 +27,17 @@ index 0000000000..850b64540e + KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \ + ATTR{queue/scheduler}="bfq" diff --git a/rules.d/meson.build b/rules.d/meson.build -index 8d2878a36d..a3b395c9ce 100644 +index 20fca222da..94fee9d7c0 100644 --- a/rules.d/meson.build +++ b/rules.d/meson.build -@@ -8,6 +8,7 @@ rules = [ +@@ -7,6 +7,7 @@ install_data( + rules = [ [files('60-autosuspend.rules', '60-block.rules', - '60-cdrom_id.rules', + '60-block-scheduler.rules', + '60-cdrom_id.rules', + '60-dmi-id.rules', '60-drm.rules', - '60-evdev.rules', - '60-fido-id.rules', -- -2.37.2 +2.41.0 From c50dc7ccda56fc15f1e5532997d305deb1c3af20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 15 Jul 2023 15:40:24 +0200 Subject: [PATCH 008/327] Version 254~rc2 - Various bug fixes, in particular kernel-install should again work without /proc. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 704ea14..ed2d364 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-254-rc1.tar.gz) = 84124f4f861e17734bb07e235135cb20d8a2092de6f779ff71dccf93844e7b972304660193aa14834b74a64e29af9b3f70b342aac645aa36230e5cc2462d6d77 +SHA512 (systemd-254-rc2.tar.gz) = d19f6f709536475f200925d0a0711422878ecfebfd351a989bda98505926c0646cf18b00fb158249b51e8476b2e01754e0ed7f30fbbf775c3a99e819bcd16579 diff --git a/systemd.spec b/systemd.spec index 6444e58..1c92b17 100644 --- a/systemd.spec +++ b/systemd.spec @@ -28,7 +28,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 254~rc1 +Version: 254~rc2 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 379f9bfba1876f6e91d2acdc439cbd57e433675a Mon Sep 17 00:00:00 2001 From: Stewart Smith Date: Thu, 23 Jun 2022 01:13:02 +0000 Subject: [PATCH 009/327] Move gnutls, zlib, bzip2, lz4, xz, and zstd to bconds --- systemd.spec | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/systemd.spec b/systemd.spec index 1c92b17..6fc338e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -15,6 +15,13 @@ %global elf_suffix ()%{elf_bits} %endif +%bcond bzip2 1 +%bcond gnutls 1 +%bcond lz4 1 +%bcond xz 1 +%bcond zlib 1 +%bcond zstd 1 + # Bootstrap may be needed to break circular dependencies with cryptsetup, # e.g. when re-building cryptsetup on a json-c SONAME-bump. %bcond_with bootstrap @@ -129,18 +136,28 @@ BuildRequires: /usr/bin/getfacl BuildRequires: libacl-devel BuildRequires: gobject-introspection-devel BuildRequires: libblkid-devel +%if %{with xz} BuildRequires: xz-devel BuildRequires: xz +%endif +%if %{with lz4} BuildRequires: lz4-devel BuildRequires: lz4 +%endif +%if %{with bzip2} BuildRequires: bzip2-devel +%endif +%if %{with zstd} BuildRequires: libzstd-devel +%endif BuildRequires: libidn2-devel BuildRequires: libcurl-devel BuildRequires: kmod-devel BuildRequires: elfutils-devel BuildRequires: openssl-devel +%if %{with gnutls} BuildRequires: gnutls-devel +%endif %if %{undefined rhel} BuildRequires: qrencode-devel %endif @@ -578,11 +595,11 @@ CONFIGURE_OPTS=( -Dbpf-framework=%[0%{?have_bpf}?"true":"false"] -Dapparmor=false -Dpolkit=true - -Dxz=true - -Dzlib=true - -Dbzip2=true - -Dlz4=true - -Dzstd=true + -Dxz=%[%{with xz}?"true":"false"] + -Dzlib=%[%{with zlib}?"true":"false"] + -Dbzip2=%[%{with bzip2}?"true":"false"] + -Dlz4=%[%{with lz4}?"true":"false"] + -Dzstd=%[%{with zstd}?"true":"false"] -Dpam=true -Dacl=true -Dsmack=true @@ -596,7 +613,7 @@ CONFIGURE_OPTS=( -Delfutils=true -Dpwquality=true -Dqrencode=%[%{defined rhel}?"false":"true"] - -Dgnutls=true + -Dgnutls=%[%{with gnutls}?"true":"false"] -Dmicrohttpd=true -Dlibidn2=true -Dlibiptc=false From 5c840a72b50cdba5280a3afc1ad6363da9ad8188 Mon Sep 17 00:00:00 2001 From: Stewart Smith Date: Sun, 16 Jul 2023 16:12:46 -0700 Subject: [PATCH 010/327] Convert existing bcond_with[out] to plain bcond --- systemd.spec | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index 6fc338e..e7e279d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -24,13 +24,13 @@ # Bootstrap may be needed to break circular dependencies with cryptsetup, # e.g. when re-building cryptsetup on a json-c SONAME-bump. -%bcond_with bootstrap -%bcond_without tests -%bcond_without lto +%bcond bootstrap 0 +%bcond tests 1 +%bcond lto 1 # Support for quick builds with rpmbuild --build-in-place. # See README.build-in-place. -%bcond_with inplace +%bcond inplace 0 Name: systemd Url: https://systemd.io From 219083fc04c8a67e5360e5eade2342c4f7f3aae6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 17 Jul 2023 14:42:12 +0200 Subject: [PATCH 011/327] Fix scriptlets for various services and remote-cryptsetup.target ... (rhbz#2217997) systemd-homed.service and systemd-portabled.service are in systemd-udev but the scriptlet was attached to main subpackage, so it wouldn't work because the unit file wasn't installed yet when it was invoked. systemd-pstore.service and remote-cryptsetup.target were forgotten, so they wouldn't get enabled on installation. --- systemd.spec | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index e7e279d..0b74f82 100644 --- a/systemd.spec +++ b/systemd.spec @@ -932,7 +932,7 @@ if [ $1 -eq 1 ]; then systemd-tmpfiles --create &>/dev/null || : fi -%systemd_postun_with_restart systemd-timedated.service systemd-portabled.service systemd-homed.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-oomd.service +%systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-oomd.service # FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558) # FIXME: user@*.service needs to be restarted, but using systemctl --user daemon-reexec @@ -964,8 +964,7 @@ systemctl --no-reload preset systemd-oomd.service &>/dev/null || : # a different package version. systemctl --no-reload preset systemd-journald-audit.socket &>/dev/null || : - -%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service %{?have_gnu_efi:systemd-boot-update.service} +%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-homed.service systemd-timesyncd.service %{?have_gnu_efi:systemd-boot-update.service} systemd-portabled.service systemd-pstore.service remote-cryptsetup.target %post udev # Move old stuff around in /var/lib From 8e1134ffe72fd1b6228214d1a03732317df0566f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 22 Jul 2023 03:05:22 +0000 Subject: [PATCH 012/327] Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering From 1edbd6746621ed0d6908da13292afadb54a48fdf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 24 Jul 2023 15:14:33 +0200 Subject: [PATCH 013/327] Version 254~rc3 - A bunch of fixes, e.g. rhbz#2223795. Also a bunch of reverts of commits which were found to cause problems. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index ed2d364..a247182 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-254-rc2.tar.gz) = d19f6f709536475f200925d0a0711422878ecfebfd351a989bda98505926c0646cf18b00fb158249b51e8476b2e01754e0ed7f30fbbf775c3a99e819bcd16579 +SHA512 (systemd-254-rc3.tar.gz) = b4d0385b4e25bc3895f37480afea6a5e17dd900379e6c5f8882b8b3db26c56305642f270c139c8396fcc41d87e1a8c97b963d945cd3deb43c58f4eb2196cb0a3 diff --git a/systemd.spec b/systemd.spec index 0b74f82..5f8ad79 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 254~rc2 +Version: 254~rc3 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From d9fe7ec0439c0fcdf6b1c1d7dbd8ec17d9dd9994 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 28 Jul 2023 13:23:03 +0200 Subject: [PATCH 014/327] Version 254 ... (just a bunch of bugfixes, mostly for unusual architectures, since rc3) - rhbz#2226908 - See https://raw.githubusercontent.com/systemd/systemd/v254-rc1/NEWS for the full changeset. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index a247182..e5ebb36 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-254-rc3.tar.gz) = b4d0385b4e25bc3895f37480afea6a5e17dd900379e6c5f8882b8b3db26c56305642f270c139c8396fcc41d87e1a8c97b963d945cd3deb43c58f4eb2196cb0a3 +SHA512 (systemd-254.tar.gz) = 84b4d16980fe2e64d5c3c95b9b4fbaad1076f368f493fdd745cbafbe7ce825293384f5fa0b6360ba8188da23c4575e87402fb666a3b71f84ff8b323aba0c07ff diff --git a/systemd.spec b/systemd.spec index 5f8ad79..81bd3ae 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 254~rc3 +Version: 254 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 6775af66c5afdce348038ad3d79a23cd57b97972 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 3 Aug 2023 23:13:03 +0200 Subject: [PATCH 015/327] Update libbpf soname The libbpf package now ships the libbpf.so.1 soname, so update our spec to match that. --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 81bd3ae..af22e4b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -260,8 +260,8 @@ Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits} %if %{undefined rhel} Recommends: libqrencode.so.4%{?elf_suffix} %endif -Recommends: libbpf.so.0%{?elf_suffix} -Recommends: libbpf.so.0(LIBBPF_0.4.0)%{?elf_bits} +Recommends: libbpf.so.1%{?elf_suffix} +Recommends: libbpf.so.1(LIBBPF_0.4.0)%{?elf_bits} # used by systemd-coredump and systemd-analyze Recommends: libdw.so.1%{?elf_suffix} From 2b6870dbdccd7950db705b32998980bd8a77dc63 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 3 Aug 2023 23:13:40 +0200 Subject: [PATCH 016/327] Add a custom %clean implementation Let's make sure we clean up after ourselves. We have to remove the generated timeout user config file, the file list files and the generated .lang file. --- systemd.spec | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/systemd.spec b/systemd.spec index af22e4b..18b7b18 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1166,5 +1166,11 @@ fi %files standalone-shutdown -f .file-list-standalone-shutdown +%clean +rm -rf $RPM_BUILD_ROOT +rm -f 10-timeout-abort.conf.user +rm -f .file-list-* +rm -f %{name}.lang + %changelog %autochangelog From 993f682ecc7f09ab3a6c61349f3b4311f90bb627 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 7 Aug 2023 13:59:52 +0200 Subject: [PATCH 017/327] Revert "Supress errors on selinux systems" The selinux policy was modified in https://github.com/fedora-selinux/selinux-policy/pull/944 to allow the reload to happen, so let's revert the silencing of the logging. This reverts commit 1d712f8acf96060d022b215d51aee4a13d9f84ca. --- triggers.systemd | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) diff --git a/triggers.systemd b/triggers.systemd index 719789b..f8bb078 100644 --- a/triggers.systemd +++ b/triggers.systemd @@ -17,11 +17,7 @@ /usr/lib/systemd/systemd-update-helper system-reload-restart || : %transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user -if selinuxenabled &>/dev/null; then - /usr/lib/systemd/systemd-update-helper user-reload-restart 2>/dev/null || : -else - /usr/lib/systemd/systemd-update-helper user-reload-restart || : -fi +/usr/lib/systemd/systemd-update-helper user-reload-restart || : %transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system # On removal, we need to run daemon-reload after any units have been @@ -33,11 +29,7 @@ fi %transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user # Execute daemon-reload in user managers. -if selinuxenabled &>/dev/null; then - /usr/lib/systemd/systemd-update-helper user-reload 2>/dev/null || : -else - /usr/lib/systemd/systemd-update-helper user-reload || : -fi +/usr/lib/systemd/systemd-update-helper user-reload || : %transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system # We restart remaining system services that should be restarted here. @@ -45,11 +37,7 @@ fi %transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user /etc/systemd/user # We restart remaining user services that should be restarted here. -if selinuxenabled &>/dev/null; then - /usr/lib/systemd/systemd-update-helper user-restart 2>/dev/null || : -else - /usr/lib/systemd/systemd-update-helper user-restart || : -fi +/usr/lib/systemd/systemd-update-helper user-restart || : %transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d # This script will process files installed in /usr/lib/sysusers.d to create From c4c8de9e3ebdabf1bbc2fdf1dd1a1ef89daf459f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 28 Jul 2023 19:30:34 +0200 Subject: [PATCH 018/327] Do daemon-reexec of user managers after package upgrade --- systemd.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 18b7b18..3a41bdb 100644 --- a/systemd.spec +++ b/systemd.spec @@ -935,7 +935,8 @@ fi %systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-oomd.service # FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558) -# FIXME: user@*.service needs to be restarted, but using systemctl --user daemon-reexec + +%systemd_user_daemon_reexec %triggerun resolved -- systemd < 246.1-1 # This is for upgrades from previous versions before systemd-resolved became the default. From 453f57749fa091e8ee540dcc765ccc92ce9e4ed9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 9 Aug 2023 16:13:46 +0200 Subject: [PATCH 019/327] Version 254.1 ... (rhbz#2228089, possibly partial fix for rhbz#2229524) --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 3a41bdb..ebc2601 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 254 +Version: 254.1 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 3c4a463e490047facd3d2fc3bc9223dac95ee00b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 9 Aug 2023 17:35:10 +0200 Subject: [PATCH 020/327] Upload sources [skip changelog] --- sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources b/sources index e5ebb36..f061a52 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-254.tar.gz) = 84b4d16980fe2e64d5c3c95b9b4fbaad1076f368f493fdd745cbafbe7ce825293384f5fa0b6360ba8188da23c4575e87402fb666a3b71f84ff8b323aba0c07ff +SHA512 (systemd-254.1.tar.gz) = eb2f4a95c890792fe11080e8dafc1eb4588ee98a3084d28083c4dd1f97962f56188c41641708c23267d01f1431821e823e1b89012f90d6ede80a12a0ce11a6d7 From f5162af2a6aabbcb1d564672510dd9627d8c1acc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 10 Aug 2023 16:57:19 +0200 Subject: [PATCH 021/327] rpminspect: adjust disablement for badfuncs We had something, but apparently it stopped working. Let's try with a new format: https://github.com/rpminspect/rpminspect/issues/1229#issuecomment-1673327657 [skip changelog] --- rpminspect.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/rpminspect.yaml b/rpminspect.yaml index 174fbd2..9843e40 100644 --- a/rpminspect.yaml +++ b/rpminspect.yaml @@ -1,6 +1,9 @@ # Disable badfuncs check that has tons of false positives. badfuncs: - exclude_path: .* + allowed: + /usr/lib/systemd/tests/unit-tests/*: + - inet_addr + - inet_aton # don't report changed content of compiled files # that is expected with every update From 49575fa6eddcbbbd7da2f0a28fbdc6573207b2dd Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sun, 13 Aug 2023 19:52:15 +0900 Subject: [PATCH 022/327] spec: explicitly enable/disable xen support For upstream packit builds with https://github.com/systemd/systemd/pull/24175. --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index ebc2601..41fd40c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -207,6 +207,7 @@ BuildRequires: bpftool %if 0%{?fedora} %ifarch x86_64 aarch64 +%global have_xen 1 # That package is only built for those two architectures BuildRequires: xen-devel %endif @@ -619,6 +620,7 @@ CONFIGURE_OPTS=( -Dlibiptc=false -Dlibcurl=true -Dlibfido2=true + -Dxenctrl=%[0%{?have_xen}?"true":"false"] -Defi=true -Dtpm=true -Dtpm2=true From 45fc64ccd0a08b62c4b43a053a6365b39c0b545e Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sun, 20 Aug 2023 10:20:41 +0900 Subject: [PATCH 023/327] spec: also explicitly enable/disable ukify support For upstream packit builds with https://github.com/systemd/systemd/pull/24175. --- systemd.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 41fd40c..16cc089 100644 --- a/systemd.spec +++ b/systemd.spec @@ -685,7 +685,12 @@ else # For now, let's build the bootloader in the same places where we # built with gnu-efi. Later on, we might want to extend coverage, but # considering that that support is untested, let's not do this now. - CONFIGURE_OPTS+=( -Dbootloader=%[%{?have_gnu_efi}?"true":"false"] ) + # Note, ukify requires bootloader, let's also explicitly enable/disable it + # here for https://github.com/systemd/systemd/pull/24175. + CONFIGURE_OPTS+=( + -Dbootloader=%[%{?have_gnu_efi}?"true":"false"] + -Dukify=%[%{?have_gnu_efi}?"true":"false"] + ) fi %if %{without lto} From 46dc8f5060d66792cfbb0966471dbadc5bf9aaa2 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sat, 2 Sep 2023 18:11:39 +0200 Subject: [PATCH 024/327] Add missing ukify dependency on python-cryptography --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index 16cc089..531f3f7 100644 --- a/systemd.spec +++ b/systemd.spec @@ -401,6 +401,7 @@ Recommends: llvm Requires: python3dist(pefile) Requires: python3dist(zstd) +Requires: python3dist(cryptography) Recommends: python3dist(pillow) BuildArch: noarch From c4232bef968fefa676077480128fc2599c07adb4 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sat, 2 Sep 2023 18:12:59 +0200 Subject: [PATCH 025/327] ukify: Drop obsolete dependency on objcopy --- systemd.spec | 4 ---- 1 file changed, 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index 531f3f7..37545e2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -395,10 +395,6 @@ machine, and to create or grow partitions and make file systems automatically. Summary: Tool to build Unified Kernel Images Requires: %{name} = %{version}-%{release} -# We prefer llvm-objcopy over objcopy. -Requires: (llvm or binutils) -Recommends: llvm - Requires: python3dist(pefile) Requires: python3dist(zstd) Requires: python3dist(cryptography) From 11c465372ac03d7729bf546ec00bb6196dbf3468 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 23 Aug 2023 09:12:42 +0200 Subject: [PATCH 026/327] Actually reload user managers and backport unit reload macros The macro expansions would only work when compiled with a recent version of systemd. We don't want to create a dependency loop like this, let's just expand the string manually. Also backport the patch adding %systemd_postun_with_reload and %systemd_user_postun_with_reload so a FPC documentation change can be filed. --- ...2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch | 94 +++++++++++++++++++ systemd.spec | 11 ++- 2 files changed, 103 insertions(+), 2 deletions(-) create mode 100644 631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch diff --git a/631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch b/631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch new file mode 100644 index 0000000..81de92f --- /dev/null +++ b/631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch @@ -0,0 +1,94 @@ +From 631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 26 Jul 2023 09:02:04 +0200 +Subject: [PATCH] rpm: add %systemd_postun_with_reload and + %systemd_user_postun_with_reload + +For some units, the package would like to issue a reload. The machinery was +already in place since c9615f73521986b3607b852c139036d58973043c: + + systemctl reload-or-restart --marked + + Enqueues restart jobs for all units that have the 'needs-restart' + mark, and reload jobs for units that have the 'needs-reload' mark. + When a unit marked for reload does not support reload, restart will + be queued. + +The new macros allow a reload to be issued instead of a restart. + +Based on the discussion on fedora-devel: +https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/IJSUGIEJNYZZRE53FF4YFUEBRHRAVIXR/ + +Tested using dummy package https://github.com/keszybz/rpm-test-reload. +--- + src/rpm/macros.systemd.in | 16 ++++++++++++++++ + src/rpm/systemd-update-helper.in | 22 ++++++++++++++++++++++ + 2 files changed, 38 insertions(+) + +diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in +index c07541c7286c..f05553f557e9 100644 +--- a/src/rpm/macros.systemd.in ++++ b/src/rpm/macros.systemd.in +@@ -101,6 +101,22 @@ if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ + fi \ + %{nil} + ++%systemd_postun_with_reload() \ ++%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_reload}} \ ++if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ ++ # Package upgrade, not uninstall \ ++ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-reload-system-units %{?*} || : \ ++fi \ ++%{nil} ++ ++%systemd_user_postun_with_reload() \ ++%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_postun_with_reload}} \ ++if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ ++ # Package upgrade, not uninstall \ ++ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-reload-user-units %{?*} || : \ ++fi \ ++%{nil} ++ + %udev_hwdb_update() %{nil} + + %udev_rules_update() %{nil} +diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in +index c623a5ea1722..c81e16c3d3ff 100755 +--- a/src/rpm/systemd-update-helper.in ++++ b/src/rpm/systemd-update-helper.in +@@ -47,6 +47,15 @@ case "$command" in + wait + ;; + ++ mark-reload-system-units) ++ [ -d /run/systemd/system ] || exit 0 ++ ++ for unit in "$@"; do ++ systemctl set-property "$unit" Markers=+needs-reload & ++ done ++ wait ++ ;; ++ + mark-restart-user-units) + [ -d /run/systemd/system ] || exit 0 + +@@ -60,6 +69,19 @@ case "$command" in + wait + ;; + ++ mark-reload-user-units) ++ [ -d /run/systemd/system ] || exit 0 ++ ++ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') ++ for user in $users; do ++ for unit in "$@"; do ++ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ ++ systemctl --user -M "$user@" set-property "$unit" Markers=+needs-reload & ++ done ++ done ++ wait ++ ;; ++ + system-reload-restart|system-reload|system-restart) + if [ -n "$*" ]; then + echo "Unexpected arguments for '$command': $*" diff --git a/systemd.spec b/systemd.spec index 37545e2..f3c19c3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -99,10 +99,12 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. -# https://github.com/systemd/systemd/issues/26488 +# Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 Patch0001: https://github.com/systemd/systemd/pull/26494.patch +# Backport of patches that allow reloading of units +Patch0002: https://github.com/systemd/systemd/pull/28521/commits/631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -940,7 +942,12 @@ fi # FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558) -%systemd_user_daemon_reexec +# This is the explanded form of %%systemd_user_daemon_reexec. We +# can't use the macro because we define it ourselves. +if [ $1 -ge 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then + # Package upgrade, not uninstall + /usr/lib/systemd/systemd-update-helper user-reexec || : +fi %triggerun resolved -- systemd < 246.1-1 # This is for upgrades from previous versions before systemd-resolved became the default. From c95e750cfb5ca0733178260cb5ee55293299363b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 7 Sep 2023 09:49:11 +0200 Subject: [PATCH 027/327] Version 254.2 - A bunch of fixes in various areas: manager, coredump, sysupdate, hibernation, journal. - Should fix rhbz#2234653. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index f061a52..5e5cc91 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-254.1.tar.gz) = eb2f4a95c890792fe11080e8dafc1eb4588ee98a3084d28083c4dd1f97962f56188c41641708c23267d01f1431821e823e1b89012f90d6ede80a12a0ce11a6d7 +SHA512 (systemd-254.2.tar.gz) = 4c71dc0a9b23eac03b1c3f22a77b5a5aeb5b7c7577b1d90582852fe7da43ff6a8e2e9c06bd7951827bc07e34ab2710b4793e784e49820f2d09db9a0209ec08dd diff --git a/systemd.spec b/systemd.spec index f3c19c3..8b755a4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 254.1 +Version: 254.2 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 14701a7bc8e3f75116e63e035c4204a6188b359f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 7 Sep 2023 12:17:02 +0200 Subject: [PATCH 028/327] Make inter-subpackage dependencies archful Prompted by the discussion in https://github.com/rpminspect/rpminspect/issues/1231. --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 8b755a4..d8b4fd3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -220,9 +220,9 @@ Requires(post): grep # systemd-machine-id-setup requires libssl Requires(post): openssl-libs Requires: dbus >= 1.9.18 -Requires: %{name}-pam = %{version}-%{release} +Requires: %{name}-pam%{_isa} = %{version}-%{release} Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) -Requires: %{name}-libs = %{version}-%{release} +Requires: %{name}-libs%{_isa} = %{version}-%{release} %{?fedora:Recommends: %{name}-networkd = %{version}-%{release}} %{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} Recommends: diffutils From 8365e8181dd91d648e9718a2709e4bb8f90bc31b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 11 Sep 2023 16:58:03 +0200 Subject: [PATCH 029/327] README.build-in-place: fix example command [skip changelog] --- README.build-in-place.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.build-in-place.md b/README.build-in-place.md index 057c103..8c444c5 100644 --- a/README.build-in-place.md +++ b/README.build-in-place.md @@ -7,7 +7,7 @@ and his [talk during ASG2019](https://www.youtube.com/watch?v=fVM1kJrymRM). git clone https://github.com/systemd/systemd fedpkg clone systemd fedora-systemd cd systemd -rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with inplace ../systemd.spec +rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with inplace ../fedora-systemd/systemd.spec sudo dnf upgrade --setopt install_weak_deps=False rpms/*/*.rpm ``` From 6674346bfd734f486c517f400d5037ee75f4e92f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 11 Sep 2023 17:13:58 +0200 Subject: [PATCH 030/327] Revert "Disable systemd-boot-update.service in presets" This reverts commit 8eea43e7149ba2f23062995d3bf83ebab0271274. Fedora already ships 'disable systemd-boot-update.service' in /usr/lib/systemd/system-preset/90-default.preset, so we don't need this. [skip changelog] --- systemd.spec | 4 ---- 1 file changed, 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index d8b4fd3..6cb0774 100644 --- a/systemd.spec +++ b/systemd.spec @@ -556,10 +556,6 @@ package and is meant for use in exitrds. %prep %autosetup -n %{?commit:%{name}%[%stable?"-stable":""]-%{commit}}%{!?commit:%{name}%[%stable?"-stable":""]-%{version_no_tilde}} -p1 -# We want to update sd-boot from packaging scriptlets after package update. -# Let's disable the service. -sed -r -i '/^enable systemd-boot-update.service/d' presets/90-systemd.preset - sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user %generate_buildrequires From 32656b2b877cd089c38a8df4118f7d3120a56f67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 11 Sep 2023 17:16:11 +0200 Subject: [PATCH 031/327] Move file manipulation to %build Without this, in-place builds are broken: they don't execute %prep, so %install fails. [skip changelog] --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 6cb0774..d63ebce 100644 --- a/systemd.spec +++ b/systemd.spec @@ -556,8 +556,6 @@ package and is meant for use in exitrds. %prep %autosetup -n %{?commit:%{name}%[%stable?"-stable":""]-%{commit}}%{!?commit:%{name}%[%stable?"-stable":""]-%{version_no_tilde}} -p1 -sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user - %generate_buildrequires %if 0%{?have_gnu_efi} if grep -q gnu-efi meson_options.txt; then @@ -711,6 +709,8 @@ if ! diff -u %{SOURCE1} ${new_triggers}; then sleep 5 fi +sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user + %install %meson_install From f66faf9fa13555fe0936733159d30ba026f497fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 15 Sep 2023 10:57:19 +0200 Subject: [PATCH 032/327] Provide /usr/sbin/installkernel ... (rhbz#2239008). --- split-files.py | 1 + systemd.spec | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/split-files.py b/split-files.py index dff50cc..6ab2832 100644 --- a/split-files.py +++ b/split-files.py @@ -123,6 +123,7 @@ for file in files(buildroot): bless-boot| boot-system-token| kernel-install| + installkernel| vconsole| backlight| rfkill| diff --git a/systemd.spec b/systemd.spec index d63ebce..6cac1a2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -351,6 +351,8 @@ Obsoletes: systemd < 245.6-1 Provides: udev = %{version} Provides: udev%{_isa} = %{version} Obsoletes: udev < 183 +Conflicts: grubby < 8.40-72 +Conflicts: sdubby < 1.0-3 # Recommends to replace normal Requires deps for stuff that is dlopen()ed # used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home @@ -818,6 +820,8 @@ install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24} # https://bugzilla.redhat.com/show_bug.cgi?id=2107754 install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25} +ln -s --relative kernel-install %{buildroot}%{_sbindir}/installkernel + %find_lang %{name} # Split files in build root into rpms. See split-files.py for the From 360975c08bae5218d91d30620ccb52cd287ce514 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 18 Sep 2023 21:43:20 +0200 Subject: [PATCH 033/327] Fix creation of installkernel symlink --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 6cac1a2..01f003c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -820,7 +820,7 @@ install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24} # https://bugzilla.redhat.com/show_bug.cgi?id=2107754 install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25} -ln -s --relative kernel-install %{buildroot}%{_sbindir}/installkernel +ln -s --relative %{buildroot}%{_bindir}/kernel-install %{buildroot}%{_sbindir}/installkernel %find_lang %{name} From 3f414333026b3a356a816e431fbeecb510052f31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 19 Sep 2023 08:56:24 +0200 Subject: [PATCH 034/327] rpminspect: rename config file for rpminspect According to https://fedoraproject.org/wiki/How_to_filter_libabigail_reports and https://github.com/rpminspect/rpminspect/issues/739#issuecomment-1125258249, the name must be just the extension. [skip changelog] --- libsystemd-shared.abignore => .abignore | 0 systemd.spec | 3 ++- 2 files changed, 2 insertions(+), 1 deletion(-) rename libsystemd-shared.abignore => .abignore (100%) diff --git a/libsystemd-shared.abignore b/.abignore similarity index 100% rename from libsystemd-shared.abignore rename to .abignore diff --git a/systemd.spec b/systemd.spec index 01f003c..0a9dca5 100644 --- a/systemd.spec +++ b/systemd.spec @@ -73,7 +73,8 @@ Source7: systemd-journal-remote.xml Source8: systemd-journal-gatewayd.xml Source9: 20-yama-ptrace.conf Source10: systemd-udev-trigger-no-reload.conf -Source13: libsystemd-shared.abignore +# https://fedoraproject.org/wiki/How_to_filter_libabigail_reports +Source13: .abignore Source14: 10-oomd-defaults.conf Source15: 10-oomd-per-slice-defaults.conf From 5dfe4c64c5ae3092434dd278b6ce1c8f439b3908 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 19 Sep 2023 09:05:23 +0200 Subject: [PATCH 035/327] rpminspect: suppress complain about inet_aton in /usr/bin/networkctl [skip changelog] --- rpminspect.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/rpminspect.yaml b/rpminspect.yaml index 9843e40..7261213 100644 --- a/rpminspect.yaml +++ b/rpminspect.yaml @@ -4,6 +4,9 @@ badfuncs: /usr/lib/systemd/tests/unit-tests/*: - inet_addr - inet_aton + /usr/bin/networkctl: + - inet_addr + - inet_aton # don't report changed content of compiled files # that is expected with every update From bd2499ee336841ffb35b5508db583776eb012700 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 19 Sep 2023 09:06:15 +0200 Subject: [PATCH 036/327] rpminspect: add duplicate dependency to appease rpmispect [skip changelog] --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index 0a9dca5..e1420f8 100644 --- a/systemd.spec +++ b/systemd.spec @@ -510,6 +510,10 @@ a userspace out-of-memory (OOM) killer. %package tests Summary: Internal unit tests for systemd Requires: %{name}%{_isa} = %{version}-%{release} +# This dependency is provided transitively. Also add it explicitly to +# appease rpminspect, https://github.com/rpminspect/rpminspect/issues/1231: +Requires: %{name}-libs%{_isa} = %{version}-%{release} + License: LGPL-2.1-or-later %description tests From 592d710bfdcc627b74b1e3f2d9f580eaf4d1ae25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 19 Sep 2023 09:26:56 +0200 Subject: [PATCH 037/327] zuul: adjust config Though apparently this will not work without further work in other places, see https://pagure.io/fedora-project-config/issue/292. [skip changelog] --- .zuul.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.zuul.yaml b/.zuul.yaml index 591bb8a..b2e0850 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -1,5 +1,7 @@ - project: vars: install_repo_exclude: + - systemd-standalone-repart + - systemd-standalone-shutdown + - systemd-standalone-sysusers - systemd-standalone-tmpfiles - - systemd-standalone-sysuser From 18e1ed3201dfc35692b778c6e807d38a2d105e41 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Tue, 19 Sep 2023 14:52:46 -0700 Subject: [PATCH 038/327] Backport PR #29215 to improve keyboard layout matching This lays the ground for simplifying anaconda's keyboard layout handling while improving results from where they are currently. --- ...cy_keymap-fix-empty-variant-matching.patch | 58 +++++++++ ...ap-try-matching-with-layout-order-re.patch | 117 ++++++++++++++++++ systemd.spec | 6 + 3 files changed, 181 insertions(+) create mode 100644 0001-find_legacy_keymap-fix-empty-variant-matching.patch create mode 100644 0002-find_legacy_keymap-try-matching-with-layout-order-re.patch diff --git a/0001-find_legacy_keymap-fix-empty-variant-matching.patch b/0001-find_legacy_keymap-fix-empty-variant-matching.patch new file mode 100644 index 0000000..c15a017 --- /dev/null +++ b/0001-find_legacy_keymap-fix-empty-variant-matching.patch @@ -0,0 +1,58 @@ +From a30ae31351ffa701ca860779495d4f52db4c462c Mon Sep 17 00:00:00 2001 +From: Adam Williamson +Date: Fri, 15 Sep 2023 15:35:36 -0700 +Subject: [PATCH 1/2] find_legacy_keymap: fix empty variant matching + +We should give a match bonus if the X context variant is empty +and the xvariant column in kbd-model-map is "-" (which means +none). Currently, we don't, which means that if you call this +on a context with layouts bg,us and no variant, you get the +console layout bg_pho-utf8 instead of bg_bds-utf8 (because both +score the same, and the bg_pho-utf8 row comes first). You should +get bg_bds-utf8 in this case. + +Signed-off-by: Adam Williamson +--- + src/locale/localed-util.c | 2 +- + src/locale/test-localed-util.c | 12 ++++++++++++ + 2 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c +index 02fac9786b..6a05b50a31 100644 +--- a/src/locale/localed-util.c ++++ b/src/locale/localed-util.c +@@ -825,7 +825,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) { + if (isempty(xc->model) || streq_ptr(xc->model, a[2])) { + matching++; + +- if (streq_ptr(xc->variant, a[3])) { ++ if (streq_ptr(xc->variant, a[3]) || (isempty(xc->variant) && streq(a[3], "-"))) { + matching++; + + if (streq_ptr(xc->options, a[4])) +diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c +index cb66dffd48..a19d80a967 100644 +--- a/src/locale/test-localed-util.c ++++ b/src/locale/test-localed-util.c +@@ -173,6 +173,18 @@ TEST(x11_convert_to_vconsole) { + assert_se(streq(vc.keymap, "es-dvorak")); + vc_context_clear(&vc); + ++ /* es no-variant test is not very good as the desired match ++ comes first in the list so will win if both candidates score ++ the same. in this case the desired match comes second so will ++ not win unless we correctly give the no-variant match a bonus ++ */ ++ log_info("/* test without variant, desired match second (bg,us:) */"); ++ assert_se(free_and_strdup(&xc.layout, "bg,us") >= 0); ++ assert_se(free_and_strdup(&xc.variant, NULL) >= 0); ++ assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0); ++ assert_se(streq(vc.keymap, "bg_bds-utf8")); ++ vc_context_clear(&vc); ++ + log_info("/* test with old mapping (fr:latin9) */"); + assert_se(free_and_strdup(&xc.layout, "fr") >= 0); + assert_se(free_and_strdup(&xc.variant, "latin9") >= 0); +-- +2.41.0 + diff --git a/0002-find_legacy_keymap-try-matching-with-layout-order-re.patch b/0002-find_legacy_keymap-try-matching-with-layout-order-re.patch new file mode 100644 index 0000000..d0eb7d0 --- /dev/null +++ b/0002-find_legacy_keymap-try-matching-with-layout-order-re.patch @@ -0,0 +1,117 @@ +From cf649cc21bf997b90606db664d74726fcaf002de Mon Sep 17 00:00:00 2001 +From: Adam Williamson +Date: Fri, 15 Sep 2023 16:02:29 -0700 +Subject: [PATCH 2/2] find_legacy_keymap: try matching with layout order + reversed + +The lines in kbd-model-map date back to ye olde times (RH's old +system-config-keyboard), and I think predate this bug: + +https://bugzilla.redhat.com/show_bug.cgi?id=1039185 + +where we got strong feedback that, for 'switched' layout setups +like Russian, US English should be the *first* layout and the +native layout the *second* one. This is how anaconda and, as of +recently, gnome-initial-setup configure such cases - but that +means, if we try to use localed to convert these configurations +using kbd-model-map, we get the wrong result (we get "us" as the +console layout). See also: + +https://bugzilla.redhat.com/show_bug.cgi?id=1912609 + +where we first noticed this wasn't working right, but sadly, we +'fixed' it with a not-really-correct bodge in anaconda instead +of doing it properly. + +Signed-off-by: Adam Williamson +--- + src/locale/localed-util.c | 44 ++++++++++++++++++++++------------ + src/locale/test-localed-util.c | 5 +++- + 2 files changed, 33 insertions(+), 16 deletions(-) + +diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c +index 6a05b50a31..eba13a2ac3 100644 +--- a/src/locale/localed-util.c ++++ b/src/locale/localed-util.c +@@ -803,21 +803,35 @@ int find_legacy_keymap(const X11Context *xc, char **ret) { + /* If we got an exact match, this is the best */ + matching = 10; + else { +- /* We have multiple X layouts, look for an +- * entry that matches our key with everything +- * but the first layout stripped off. */ +- if (startswith_comma(xc->layout, a[1])) +- matching = 5; ++ /* see if we get an exact match with the order reversed */ ++ _cleanup_strv_free_ char **b = NULL; ++ _cleanup_free_ char *c = NULL; ++ r = strv_split_full(&b, a[1], ",", 0); ++ if (r < 0) ++ return r; ++ strv_reverse(b); ++ c = strv_join(b, ","); ++ if (!c) ++ return log_oom(); ++ if (streq(xc->layout, c)) ++ matching = 9; + else { +- _cleanup_free_ char *x = NULL; +- +- /* If that didn't work, strip off the +- * other layouts from the entry, too */ +- x = strdupcspn(a[1], ","); +- if (!x) +- return -ENOMEM; +- if (startswith_comma(xc->layout, x)) +- matching = 1; ++ /* We have multiple X layouts, look for an ++ * entry that matches our key with everything ++ * but the first layout stripped off. */ ++ if (startswith_comma(xc->layout, a[1])) ++ matching = 5; ++ else { ++ _cleanup_free_ char *x = NULL; ++ ++ /* If that didn't work, strip off the ++ * other layouts from the entry, too */ ++ x = strdupcspn(a[1], ","); ++ if (!x) ++ return -ENOMEM; ++ if (startswith_comma(xc->layout, x)) ++ matching = 1; ++ } + } + } + +@@ -848,7 +862,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) { + } + } + +- if (best_matching < 10 && !isempty(xc->layout)) { ++ if (best_matching < 9 && !isempty(xc->layout)) { + _cleanup_free_ char *l = NULL, *v = NULL, *converted = NULL; + + /* The best match is only the first part of the X11 +diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c +index a19d80a967..f702ff29b0 100644 +--- a/src/locale/test-localed-util.c ++++ b/src/locale/test-localed-util.c +@@ -192,11 +192,14 @@ TEST(x11_convert_to_vconsole) { + assert_se(streq(vc.keymap, "fr-latin9")); + vc_context_clear(&vc); + ++ /* https://bugzilla.redhat.com/show_bug.cgi?id=1039185 */ ++ /* us,ru is the x config users want, but they still want ru ++ as the console layout in this case */ + log_info("/* test with a compound mapping (us,ru:) */"); + assert_se(free_and_strdup(&xc.layout, "us,ru") >= 0); + assert_se(free_and_strdup(&xc.variant, NULL) >= 0); + assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0); +- assert_se(streq(vc.keymap, "us")); ++ assert_se(streq(vc.keymap, "ru")); + vc_context_clear(&vc); + + log_info("/* test with a compound mapping (ru,us:) */"); +-- +2.41.0 + diff --git a/systemd.spec b/systemd.spec index e1420f8..cf86d44 100644 --- a/systemd.spec +++ b/systemd.spec @@ -107,6 +107,12 @@ Patch0001: https://github.com/systemd/systemd/pull/26494.patch # Backport of patches that allow reloading of units Patch0002: https://github.com/systemd/systemd/pull/28521/commits/631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch +# Backport of improvements to console keyboard layout guessing +# https://github.com/systemd/systemd/pull/29215 +# https://bugzilla.redhat.com/show_bug.cgi?id=1912609 +Patch0003: 0001-find_legacy_keymap-fix-empty-variant-matching.patch +Patch0004: 0002-find_legacy_keymap-try-matching-with-layout-order-re.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0490: use-bfq-scheduler.patch From 9a522c2a5ad910bfc93dcd6e41d79f42dbabe953 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 27 Sep 2023 11:04:10 +0200 Subject: [PATCH 039/327] Change versioned Conflicts to rich Requires ... (rhbz#2240828) We currently have grubby-8.40-72.fc39 and sdubby-1.0-3.fc39. systemd had 'Conflicts: grubby < 8.40-72', which is satisfied by grubby. But sdubby has 'Provides: grubby' (with no version), which prevented installation: $ sudo rpm -i ./sdubby-1.0-3.fc39.noarch.rpm error: Failed dependencies: grubby < 8.40-72 conflicts with (installed) systemd-udev-254.2-7.fc39.x86_64 The rpm docs don't actually say what the meaning of the 'if' is: is it only satisfied by actual package names, or also by Provides. But experiments suggest that Provides are not used. The rich dependency seems to avoid the issue. --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index cf86d44..9a9f1f6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -358,8 +358,8 @@ Obsoletes: systemd < 245.6-1 Provides: udev = %{version} Provides: udev%{_isa} = %{version} Obsoletes: udev < 183 -Conflicts: grubby < 8.40-72 -Conflicts: sdubby < 1.0-3 +Requires: (grubby > 8.40-72 if grubby) +Requires: (sdubby > 1.0-3 if sdubby) # Recommends to replace normal Requires deps for stuff that is dlopen()ed # used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home From bb2f5f0fab6fa663f5584ee152a235d7c0ec42c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 27 Sep 2023 14:05:12 +0200 Subject: [PATCH 040/327] Pull in patches to add PollLimit setting --- ...-PollLimit-settings-to-.socket-units.patch | 243 ++++++++++++++++++ ...-new-PollLimitIntervalSec-PollLimitB.patch | 80 ++++++ 0003-ci-add-test-for-poll-limit.patch | 79 ++++++ systemd.spec | 5 + 4 files changed, 407 insertions(+) create mode 100644 0001-core-add-new-PollLimit-settings-to-.socket-units.patch create mode 100644 0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch create mode 100644 0003-ci-add-test-for-poll-limit.patch diff --git a/0001-core-add-new-PollLimit-settings-to-.socket-units.patch b/0001-core-add-new-PollLimit-settings-to-.socket-units.patch new file mode 100644 index 0000000..351f413 --- /dev/null +++ b/0001-core-add-new-PollLimit-settings-to-.socket-units.patch @@ -0,0 +1,243 @@ +From df25afd2cf5527fe1bb542bb146fef1be8d9a489 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Sat, 9 Sep 2023 14:46:32 +0200 +Subject: [PATCH 1/3] core: add new "PollLimit" settings to .socket units + +This adds a new "PollLimit" pair of settings to .socket units, very +similar to existing "TriggerLimit" logic. The differences are: + +* PollLimit focusses on the polling on the sockets, and pauses that + temporarily if a ratelimit on that is reached. TriggerLimit otoh + focusses on the triggering effect of socket units, and stops + triggering once the ratelimit is hit. + +* While the trigger limit being hit is an action that causes the socket + unit to fail the polling limit being reached will just temporarily + disable polling on the socket fd, and it is resumed once the ratelimit + interval is over. + +* When a socket unit operates on multiple socket fds (e,g, ListenStream= + on both some ipv6 and an ipv4 address or so). Then the PollLimit will + be specific to each fd, while the trigger limit is specific to the + whole unit. + +Implementation-wise this is mostly a wrapper around sd-event's +sd_event_source_set_ratelimit(), which exposes the desired behaviour +directly. + +Usecase for all of this: socket services which when overloaded with +connections should just slow down reception of it, but not fail +persistently. + +(cherry picked from commit 2bec84e7a5bf3687ae65205753ba3d8067cf2f0e) +--- + man/org.freedesktop.systemd1.xml | 12 ++++++++++ + src/core/dbus-socket.c | 8 +++++++ + src/core/load-fragment-gperf.gperf.in | 2 ++ + src/core/socket.c | 32 +++++++++++++++++++-------- + src/core/socket.h | 2 ++ + src/shared/bus-unit-util.c | 10 +++++---- + 6 files changed, 53 insertions(+), 13 deletions(-) + +diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml +index 56906e2f3b..0557dc2379 100644 +--- a/man/org.freedesktop.systemd1.xml ++++ b/man/org.freedesktop.systemd1.xml +@@ -4727,6 +4727,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { + readonly t TriggerLimitIntervalUSec = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("const") + readonly u TriggerLimitBurst = ...; ++ @org.freedesktop.DBus.Property.EmitsChangedSignal("const") ++ readonly t PollLimitIntervalUSec = ...; ++ @org.freedesktop.DBus.Property.EmitsChangedSignal("const") ++ readonly u PollLimitBurst = ...; + readonly u UID = ...; + readonly u GID = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates") +@@ -5961,6 +5965,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { + + + ++ ++ ++ ++ + + + +@@ -6497,6 +6505,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { + + + ++ PollLimitIntervalUSec/PollLimitBurst properties configure the ++ polling limit for the socket unit. Expects a time in µs, resp. an unsigned integer. If either is set to ++ zero the limiting feature is turned off. ++ + + Properties + +diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c +index 09a3a9502b..04552b7c60 100644 +--- a/src/core/dbus-socket.c ++++ b/src/core/dbus-socket.c +@@ -129,6 +129,8 @@ const sd_bus_vtable bus_socket_vtable[] = { + SD_BUS_PROPERTY("SocketProtocol", "i", bus_property_get_int, offsetof(Socket, socket_protocol), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("TriggerLimitIntervalUSec", "t", bus_property_get_usec, offsetof(Socket, trigger_limit.interval), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("TriggerLimitBurst", "u", bus_property_get_unsigned, offsetof(Socket, trigger_limit.burst), SD_BUS_VTABLE_PROPERTY_CONST), ++ SD_BUS_PROPERTY("PollLimitIntervalUSec", "t", bus_property_get_usec, offsetof(Socket, poll_limit_interval), SD_BUS_VTABLE_PROPERTY_CONST), ++ SD_BUS_PROPERTY("PollLimitBurst", "u", bus_property_get_unsigned, offsetof(Socket, poll_limit_burst), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("UID", "u", bus_property_get_uid, offsetof(Unit, ref_uid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), + SD_BUS_PROPERTY("GID", "u", bus_property_get_gid, offsetof(Unit, ref_gid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), + BUS_EXEC_COMMAND_LIST_VTABLE("ExecStartPre", offsetof(Socket, exec_command[SOCKET_EXEC_START_PRE]), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION), +@@ -248,6 +250,9 @@ static int bus_socket_set_transient_property( + if (streq(name, "TriggerLimitBurst")) + return bus_set_transient_unsigned(u, name, &s->trigger_limit.burst, message, flags, error); + ++ if (streq(name, "PollLimitBurst")) ++ return bus_set_transient_unsigned(u, name, &s->poll_limit_burst, message, flags, error); ++ + if (streq(name, "SocketMode")) + return bus_set_transient_mode_t(u, name, &s->socket_mode, message, flags, error); + +@@ -275,6 +280,9 @@ static int bus_socket_set_transient_property( + if (streq(name, "TriggerLimitIntervalUSec")) + return bus_set_transient_usec(u, name, &s->trigger_limit.interval, message, flags, error); + ++ if (streq(name, "PollLimitIntervalUSec")) ++ return bus_set_transient_usec(u, name, &s->poll_limit_interval, message, flags, error); ++ + if (streq(name, "SmackLabel")) + return bus_set_transient_string(u, name, &s->smack, message, flags, error); + +diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in +index b66adf2811..0d1ee9c231 100644 +--- a/src/core/load-fragment-gperf.gperf.in ++++ b/src/core/load-fragment-gperf.gperf.in +@@ -507,6 +507,8 @@ Socket.FileDescriptorName, config_parse_fdname, + Socket.Service, config_parse_socket_service, 0, 0 + Socket.TriggerLimitIntervalSec, config_parse_sec, 0, offsetof(Socket, trigger_limit.interval) + Socket.TriggerLimitBurst, config_parse_unsigned, 0, offsetof(Socket, trigger_limit.burst) ++Socket.PollLimitIntervalSec, config_parse_sec, 0, offsetof(Socket, poll_limit_interval) ++Socket.PollLimitBurst, config_parse_unsigned, 0, offsetof(Socket, poll_limit_burst) + {% if ENABLE_SMACK %} + Socket.SmackLabel, config_parse_unit_string_printf, 0, offsetof(Socket, smack) + Socket.SmackLabelIPIn, config_parse_unit_string_printf, 0, offsetof(Socket, smack_ip_in) +diff --git a/src/core/socket.c b/src/core/socket.c +index 75034ac357..dc18744f54 100644 +--- a/src/core/socket.c ++++ b/src/core/socket.c +@@ -101,6 +101,9 @@ static void socket_init(Unit *u) { + + s->trigger_limit.interval = USEC_INFINITY; + s->trigger_limit.burst = UINT_MAX; ++ ++ s->poll_limit_interval = USEC_INFINITY; ++ s->poll_limit_burst = UINT_MAX; + } + + static void socket_unwatch_control_pid(Socket *s) { +@@ -310,17 +313,20 @@ static int socket_add_extras(Socket *s) { + * off the queues, which it might not necessarily do. Moreover, while Accept=no services are supposed to + * process whatever is queued in one go, and thus should normally never have to be started frequently. This is + * different for Accept=yes where each connection is processed by a new service instance, and thus frequent +- * service starts are typical. */ ++ * service starts are typical. ++ * ++ * For the poll limit we follow a similar rule, but use 3/4th of the trigger limit parameters, to ++ * trigger this earlier. */ + + if (s->trigger_limit.interval == USEC_INFINITY) + s->trigger_limit.interval = 2 * USEC_PER_SEC; ++ if (s->trigger_limit.burst == UINT_MAX) ++ s->trigger_limit.burst = s->accept ? 200 : 20; + +- if (s->trigger_limit.burst == UINT_MAX) { +- if (s->accept) +- s->trigger_limit.burst = 200; +- else +- s->trigger_limit.burst = 20; +- } ++ if (s->poll_limit_interval == USEC_INFINITY) ++ s->poll_limit_interval = 2 * USEC_PER_SEC; ++ if (s->poll_limit_burst == UINT_MAX) ++ s->poll_limit_burst = s->accept ? 150 : 15; + + if (have_non_accept_socket(s)) { + +@@ -770,9 +776,13 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) { + + fprintf(f, + "%sTriggerLimitIntervalSec: %s\n" +- "%sTriggerLimitBurst: %u\n", ++ "%sTriggerLimitBurst: %u\n" ++ "%sPollLimitIntervalSec: %s\n" ++ "%sPollLimitBurst: %u\n", + prefix, FORMAT_TIMESPAN(s->trigger_limit.interval, USEC_PER_SEC), +- prefix, s->trigger_limit.burst); ++ prefix, s->trigger_limit.burst, ++ prefix, FORMAT_TIMESPAN(s->poll_limit_interval, USEC_PER_SEC), ++ prefix, s->poll_limit_burst); + + str = ip_protocol_to_name(s->socket_protocol); + if (str) +@@ -1765,6 +1775,10 @@ static int socket_watch_fds(Socket *s) { + + (void) sd_event_source_set_description(p->event_source, "socket-port-io"); + } ++ ++ r = sd_event_source_set_ratelimit(p->event_source, s->poll_limit_interval, s->poll_limit_burst); ++ if (r < 0) ++ log_unit_debug_errno(UNIT(s), r, "Failed to set poll limit on I/O event source, ignoring: %m"); + } + + return 0; +diff --git a/src/core/socket.h b/src/core/socket.h +index 191d27f46d..b03a291e4a 100644 +--- a/src/core/socket.h ++++ b/src/core/socket.h +@@ -158,6 +158,8 @@ struct Socket { + char *fdname; + + RateLimit trigger_limit; ++ usec_t poll_limit_interval; ++ unsigned poll_limit_burst; + }; + + SocketPeer *socket_peer_ref(SocketPeer *p); +diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c +index e7b44cc39b..9f0f37488d 100644 +--- a/src/shared/bus-unit-util.c ++++ b/src/shared/bus-unit-util.c +@@ -2170,10 +2170,10 @@ static int bus_append_path_property(sd_bus_message *m, const char *field, const + return 1; + } + +- if (streq(field, "TriggerLimitBurst")) ++ if (STR_IN_SET(field, "TriggerLimitBurst", "PollLimitBurst")) + return bus_append_safe_atou(m, field, eq); + +- if (streq(field, "TriggerLimitIntervalSec")) ++ if (STR_IN_SET(field, "TriggerLimitIntervalSec", "PollLimitIntervalSec")) + return bus_append_parse_sec_rename(m, field, eq); + + return 0; +@@ -2382,7 +2382,8 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons + "MaxConnections", + "MaxConnectionsPerSource", + "KeepAliveProbes", +- "TriggerLimitBurst")) ++ "TriggerLimitBurst", ++ "PollLimitBurst")) + return bus_append_safe_atou(m, field, eq); + + if (STR_IN_SET(field, "SocketMode", +@@ -2397,7 +2398,8 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons + "KeepAliveTimeSec", + "KeepAliveIntervalSec", + "DeferAcceptSec", +- "TriggerLimitIntervalSec")) ++ "TriggerLimitIntervalSec", ++ "PollLimitIntervalSec")) + return bus_append_parse_sec_rename(m, field, eq); + + if (STR_IN_SET(field, "ReceiveBuffer", diff --git a/0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch b/0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch new file mode 100644 index 0000000..e2e80e9 --- /dev/null +++ b/0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch @@ -0,0 +1,80 @@ +From f6b09a2ed646f0a0b54605d4c19a898ab2bbf192 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 18 Sep 2023 17:51:49 +0200 +Subject: [PATCH 2/3] man: document the new + PollLimitIntervalSec=/PollLimitBurst= settings + +(cherry picked from commit 9373fce68de183a615d44fe100dcf22e3c9b8c3e) +--- + man/systemd.socket.xml | 58 ++++++++++++++++++++++++++++++++++-------- + 1 file changed, 47 insertions(+), 11 deletions(-) + +diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml +index 45555302f1..462978d438 100644 +--- a/man/systemd.socket.xml ++++ b/man/systemd.socket.xml +@@ -830,17 +830,53 @@ + TriggerLimitIntervalSec= + TriggerLimitBurst= + +- Configures a limit on how often this socket unit may be activated within a specific time +- interval. The TriggerLimitIntervalSec= may be used to configure the length of the time +- interval in the usual time units us, ms, s, +- min, h, … and defaults to 2s (See +- systemd.time7 for details on +- the various time units understood). The TriggerLimitBurst= setting takes a positive integer +- value and specifies the number of permitted activations per time interval, and defaults to 200 for +- Accept=yes sockets (thus by default permitting 200 activations per 2s), and 20 otherwise (20 +- activations per 2s). Set either to 0 to disable any form of trigger rate limiting. If the limit is hit, the +- socket unit is placed into a failure mode, and will not be connectible anymore until restarted. Note that this +- limit is enforced before the service activation is enqueued. ++ Configures a limit on how often this socket unit may be activated within a specific ++ time interval. The TriggerLimitIntervalSec= setting may be used to configure the ++ length of the time interval in the usual time units us, ms, ++ s, min, h, … and defaults to 2s (See ++ systemd.time7 for ++ details on the various time units understood). The TriggerLimitBurst= setting ++ takes a positive integer value and specifies the number of permitted activations per time interval, ++ and defaults to 200 for Accept=yes sockets (thus by default permitting 200 ++ activations per 2s), and 20 otherwise (20 activations per 2s). Set either to 0 to disable any form of ++ trigger rate limiting. ++ ++ If the limit is hit, the socket unit is placed into a failure mode, and will not be connectible ++ anymore until restarted. Note that this limit is enforced before the service activation is ++ enqueued. ++ ++ Compare with PollLimitIntervalSec=/PollLimitBurst= ++ described below, which implements a temporary slowdown if a socket unit is flooded with incoming ++ traffic, as opposed to the permanent failure state ++ TriggerLimitIntervalSec=/TriggerLimitBurst= results in. ++ ++ ++ ++ ++ PollLimitIntervalSec= ++ PollLimitBurst= ++ ++ Configures a limit on how often polling events on the file descriptors backing this ++ socket unit will be considered. This pair of settings is similar to ++ TriggerLimitIntervalSec=/TriggerLimitBurst= but instead of ++ putting a (fatal) limit on the activation frequency puts a (transient) limit on the polling ++ frequency. The expected parameter syntax and range are identical to that of the aforementioned ++ options, and can be disabled the same way. ++ ++ If the polling limit is hit polling is temporarily disabled on it until the specified time ++ window passes. The polling limit hence slows down connection attempts if hit, but unlike the trigger ++ limit won't cause permanent failures. It's the recommended mechanism to deal with DoS attempts ++ through packet flooding. ++ ++ The polling limit is enforced per file descriptor to listen on, as opposed to the trigger limit ++ which is enforced for the entire socket unit. This distinction matters for socket units that listen ++ on multiple file descriptors (i.e. have multiple ListenXYZ= stanzas). ++ ++ These setting defaults to 150 (in case of Accept=yes) and 15 (otherwise) ++ polling events per 2s. This is considerably lower than the default values for the trigger limit (see ++ above) and means that the polling limit should typically ensure the trigger limit is never hit, ++ unless one of them is reconfigured or disabled. ++ + + + diff --git a/0003-ci-add-test-for-poll-limit.patch b/0003-ci-add-test-for-poll-limit.patch new file mode 100644 index 0000000..33e2178 --- /dev/null +++ b/0003-ci-add-test-for-poll-limit.patch @@ -0,0 +1,79 @@ +From ae92a9714744bbf92fe69ffe276a668b031a6d26 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 18 Sep 2023 18:05:27 +0200 +Subject: [PATCH 3/3] ci: add test for poll limit + +(cherry picked from commit 065e478a4a8cc8e41a6e87756c081396f253e853) +--- + test/TEST-07-PID1/test.sh | 2 ++ + test/units/testsuite-07.poll-limit.sh | 48 +++++++++++++++++++++++++++ + 2 files changed, 50 insertions(+) + create mode 100755 test/units/testsuite-07.poll-limit.sh + +diff --git a/test/TEST-07-PID1/test.sh b/test/TEST-07-PID1/test.sh +index 1c3d7137fe..d0e35d870f 100755 +--- a/test/TEST-07-PID1/test.sh ++++ b/test/TEST-07-PID1/test.sh +@@ -32,6 +32,8 @@ Alias=issue2730-alias.mount + EOF + "${SYSTEMCTL:?}" enable --root="$workspace" issue2730.mount + ln -svrf "$workspace/etc/systemd/system/issue2730.mount" "$workspace/etc/systemd/system/issue2730-alias.mount" ++ ++ image_install logger + } + + do_test "$@" +diff --git a/test/units/testsuite-07.poll-limit.sh b/test/units/testsuite-07.poll-limit.sh +new file mode 100755 +index 0000000000..480d7ee8df +--- /dev/null ++++ b/test/units/testsuite-07.poll-limit.sh +@@ -0,0 +1,48 @@ ++#!/usr/bin/env bash ++# SPDX-License-Identifier: LGPL-2.1-or-later ++set -eux ++set -o pipefail ++ ++systemd-analyze log-level debug ++ ++cat > /run/systemd/system/floodme@.service < /run/systemd/system/floodme.socket < Date: Wed, 27 Sep 2023 14:10:51 +0200 Subject: [PATCH 041/327] Version 254.5 - Resolves rhbz#29216. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 5e5cc91..1482dea 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-254.2.tar.gz) = 4c71dc0a9b23eac03b1c3f22a77b5a5aeb5b7c7577b1d90582852fe7da43ff6a8e2e9c06bd7951827bc07e34ab2710b4793e784e49820f2d09db9a0209ec08dd +SHA512 (systemd-254.5.tar.gz) = 8e9b4f802c4da2a0dea6028df78d20de5d96802d8f614d0392e89dea605cdd8d9c1724ce3ea382378d582402646f8bea2ffcd55a84262461721ee3f691105b7a diff --git a/systemd.spec b/systemd.spec index 3d32cb9..dd6664b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 254.2 +Version: 254.5 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From a9b4725785936940a78c2e89dfd9ced2573094cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 27 Sep 2023 18:02:52 +0200 Subject: [PATCH 042/327] Pull in more patches for keyboard layout matching --- ...map-extend-variant-match-bonus-again.patch | 50 +++++++++++++++++++ ...rd-model-map-correct-sk-qwerty-entry.patch | 25 ++++++++++ systemd.spec | 8 +-- 3 files changed, 80 insertions(+), 3 deletions(-) create mode 100644 0001-find_legacy_keymap-extend-variant-match-bonus-again.patch create mode 100644 0001-keyboard-model-map-correct-sk-qwerty-entry.patch diff --git a/0001-find_legacy_keymap-extend-variant-match-bonus-again.patch b/0001-find_legacy_keymap-extend-variant-match-bonus-again.patch new file mode 100644 index 0000000..02f6fc0 --- /dev/null +++ b/0001-find_legacy_keymap-extend-variant-match-bonus-again.patch @@ -0,0 +1,50 @@ +From 537c00c984910f417a2f2d4aad997f822060d4d1 Mon Sep 17 00:00:00 2001 +From: Adam Williamson +Date: Tue, 19 Sep 2023 16:06:26 -0700 +Subject: [PATCH] find_legacy_keymap: extend variant match bonus again + +If the column is "-" and the X context variant specifer only +contains commas, we should also give the match bonus. The variant +string is supposed to be a comma-separated list as long as the +list of layouts, so it's quite natural for consumers to be written +in such a way that they pass a string only containing commas if +there are multiple layouts and no variants. anaconda is a real +world case that does this. + +Signed-off-by: Adam Williamson +--- + src/locale/localed-util.c | 2 +- + src/locale/test-localed-util.c | 7 +++++++ + 2 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c +index eba13a2ac3..9b6949e14d 100644 +--- a/src/locale/localed-util.c ++++ b/src/locale/localed-util.c +@@ -839,7 +839,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) { + if (isempty(xc->model) || streq_ptr(xc->model, a[2])) { + matching++; + +- if (streq_ptr(xc->variant, a[3]) || (isempty(xc->variant) && streq(a[3], "-"))) { ++ if (streq_ptr(xc->variant, a[3]) || ((isempty(xc->variant) || streq_skip_trailing_chars(xc->variant, "", ",")) && streq(a[3], "-"))) { + matching++; + + if (streq_ptr(xc->options, a[4])) +diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c +index f702ff29b0..e92c178a98 100644 +--- a/src/locale/test-localed-util.c ++++ b/src/locale/test-localed-util.c +@@ -185,6 +185,13 @@ TEST(x11_convert_to_vconsole) { + assert_se(streq(vc.keymap, "bg_bds-utf8")); + vc_context_clear(&vc); + ++ /* same, but with variant specified as "," */ ++ log_info("/* test with variant as ',', desired match second (bg,us:) */"); ++ assert_se(free_and_strdup(&xc.variant, ",") >= 0); ++ assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0); ++ assert_se(streq(vc.keymap, "bg_bds-utf8")); ++ vc_context_clear(&vc); ++ + log_info("/* test with old mapping (fr:latin9) */"); + assert_se(free_and_strdup(&xc.layout, "fr") >= 0); + assert_se(free_and_strdup(&xc.variant, "latin9") >= 0); diff --git a/0001-keyboard-model-map-correct-sk-qwerty-entry.patch b/0001-keyboard-model-map-correct-sk-qwerty-entry.patch new file mode 100644 index 0000000..f6a042a --- /dev/null +++ b/0001-keyboard-model-map-correct-sk-qwerty-entry.patch @@ -0,0 +1,25 @@ +From ca831de1704f4e28241df513aa89ac465a7c8ab2 Mon Sep 17 00:00:00 2001 +From: Adam Williamson +Date: Wed, 20 Sep 2023 15:14:31 -0700 +Subject: [PATCH] keyboard-model-map: correct sk-qwerty entry + +qwerty here is a variant, not an option. + +Signed-off-by: Adam Williamson +--- + src/locale/kbd-model-map | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/locale/kbd-model-map b/src/locale/kbd-model-map +index a145e13ecd..279d1a36d8 100644 +--- a/src/locale/kbd-model-map ++++ b/src/locale/kbd-model-map +@@ -52,7 +52,7 @@ es es pc105 - terminate:ctrl_alt_bksp + ro-cedilla ro pc105 cedilla terminate:ctrl_alt_bksp + ie ie pc105 - terminate:ctrl_alt_bksp + et ee pc105 - terminate:ctrl_alt_bksp +-sk-qwerty sk pc105 - terminate:ctrl_alt_bksp,qwerty ++sk-qwerty sk pc105 qwerty terminate:ctrl_alt_bksp + sk-qwertz sk pc105 - terminate:ctrl_alt_bksp + fr-latin9 fr pc105 latin9 terminate:ctrl_alt_bksp + fr_CH-latin1 ch pc105 fr terminate:ctrl_alt_bksp diff --git a/systemd.spec b/systemd.spec index dd6664b..b2d550a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -112,11 +112,13 @@ Patch0002: https://github.com/systemd/systemd/pull/28521/commits/631d2b05ec # https://bugzilla.redhat.com/show_bug.cgi?id=1912609 Patch0003: 0001-find_legacy_keymap-fix-empty-variant-matching.patch Patch0004: 0002-find_legacy_keymap-try-matching-with-layout-order-re.patch +Patch0005: 0001-find_legacy_keymap-extend-variant-match-bonus-again.patch +Patch0006: 0001-keyboard-model-map-correct-sk-qwerty-entry.patch # Requested as an alternative to https://fedoraproject.org/wiki/Changes/Drop_Sshd_Socket -Patch0005: 0001-core-add-new-PollLimit-settings-to-.socket-units.patch -Patch0006: 0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch -Patch0007: 0003-ci-add-test-for-poll-limit.patch +Patch0010: 0001-core-add-new-PollLimit-settings-to-.socket-units.patch +Patch0011: 0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch +Patch0012: 0003-ci-add-test-for-poll-limit.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From e8cc280d45091673cf5d0b7d21fbfa641212b5dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 7 Nov 2023 16:27:34 +0100 Subject: [PATCH 043/327] Version 255~rc1 - See https://raw.githubusercontent.com/systemd/systemd/v255-rc1/NEWS - All the files and services related to pcrs are moved to -udev subpackage. This includes the new systemd-pcrlock binary. --- ...-PollLimit-settings-to-.socket-units.patch | 243 ------------------ ...map-extend-variant-match-bonus-again.patch | 50 ---- ...cy_keymap-fix-empty-variant-matching.patch | 58 ----- ...rd-model-map-correct-sk-qwerty-entry.patch | 25 -- ...ap-try-matching-with-layout-order-re.patch | 117 --------- ...-new-PollLimitIntervalSec-PollLimitB.patch | 80 ------ 0003-ci-add-test-for-poll-limit.patch | 79 ------ ...2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch | 94 ------- sources | 2 +- split-files.py | 2 +- systemd.spec | 126 ++++----- 11 files changed, 51 insertions(+), 825 deletions(-) delete mode 100644 0001-core-add-new-PollLimit-settings-to-.socket-units.patch delete mode 100644 0001-find_legacy_keymap-extend-variant-match-bonus-again.patch delete mode 100644 0001-find_legacy_keymap-fix-empty-variant-matching.patch delete mode 100644 0001-keyboard-model-map-correct-sk-qwerty-entry.patch delete mode 100644 0002-find_legacy_keymap-try-matching-with-layout-order-re.patch delete mode 100644 0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch delete mode 100644 0003-ci-add-test-for-poll-limit.patch delete mode 100644 631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch diff --git a/0001-core-add-new-PollLimit-settings-to-.socket-units.patch b/0001-core-add-new-PollLimit-settings-to-.socket-units.patch deleted file mode 100644 index 351f413..0000000 --- a/0001-core-add-new-PollLimit-settings-to-.socket-units.patch +++ /dev/null @@ -1,243 +0,0 @@ -From df25afd2cf5527fe1bb542bb146fef1be8d9a489 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Sat, 9 Sep 2023 14:46:32 +0200 -Subject: [PATCH 1/3] core: add new "PollLimit" settings to .socket units - -This adds a new "PollLimit" pair of settings to .socket units, very -similar to existing "TriggerLimit" logic. The differences are: - -* PollLimit focusses on the polling on the sockets, and pauses that - temporarily if a ratelimit on that is reached. TriggerLimit otoh - focusses on the triggering effect of socket units, and stops - triggering once the ratelimit is hit. - -* While the trigger limit being hit is an action that causes the socket - unit to fail the polling limit being reached will just temporarily - disable polling on the socket fd, and it is resumed once the ratelimit - interval is over. - -* When a socket unit operates on multiple socket fds (e,g, ListenStream= - on both some ipv6 and an ipv4 address or so). Then the PollLimit will - be specific to each fd, while the trigger limit is specific to the - whole unit. - -Implementation-wise this is mostly a wrapper around sd-event's -sd_event_source_set_ratelimit(), which exposes the desired behaviour -directly. - -Usecase for all of this: socket services which when overloaded with -connections should just slow down reception of it, but not fail -persistently. - -(cherry picked from commit 2bec84e7a5bf3687ae65205753ba3d8067cf2f0e) ---- - man/org.freedesktop.systemd1.xml | 12 ++++++++++ - src/core/dbus-socket.c | 8 +++++++ - src/core/load-fragment-gperf.gperf.in | 2 ++ - src/core/socket.c | 32 +++++++++++++++++++-------- - src/core/socket.h | 2 ++ - src/shared/bus-unit-util.c | 10 +++++---- - 6 files changed, 53 insertions(+), 13 deletions(-) - -diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml -index 56906e2f3b..0557dc2379 100644 ---- a/man/org.freedesktop.systemd1.xml -+++ b/man/org.freedesktop.systemd1.xml -@@ -4727,6 +4727,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { - readonly t TriggerLimitIntervalUSec = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("const") - readonly u TriggerLimitBurst = ...; -+ @org.freedesktop.DBus.Property.EmitsChangedSignal("const") -+ readonly t PollLimitIntervalUSec = ...; -+ @org.freedesktop.DBus.Property.EmitsChangedSignal("const") -+ readonly u PollLimitBurst = ...; - readonly u UID = ...; - readonly u GID = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates") -@@ -5961,6 +5965,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { - - - -+ -+ -+ -+ - - - -@@ -6497,6 +6505,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { - - - -+ PollLimitIntervalUSec/PollLimitBurst properties configure the -+ polling limit for the socket unit. Expects a time in µs, resp. an unsigned integer. If either is set to -+ zero the limiting feature is turned off. -+ - - Properties - -diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c -index 09a3a9502b..04552b7c60 100644 ---- a/src/core/dbus-socket.c -+++ b/src/core/dbus-socket.c -@@ -129,6 +129,8 @@ const sd_bus_vtable bus_socket_vtable[] = { - SD_BUS_PROPERTY("SocketProtocol", "i", bus_property_get_int, offsetof(Socket, socket_protocol), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("TriggerLimitIntervalUSec", "t", bus_property_get_usec, offsetof(Socket, trigger_limit.interval), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("TriggerLimitBurst", "u", bus_property_get_unsigned, offsetof(Socket, trigger_limit.burst), SD_BUS_VTABLE_PROPERTY_CONST), -+ SD_BUS_PROPERTY("PollLimitIntervalUSec", "t", bus_property_get_usec, offsetof(Socket, poll_limit_interval), SD_BUS_VTABLE_PROPERTY_CONST), -+ SD_BUS_PROPERTY("PollLimitBurst", "u", bus_property_get_unsigned, offsetof(Socket, poll_limit_burst), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("UID", "u", bus_property_get_uid, offsetof(Unit, ref_uid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), - SD_BUS_PROPERTY("GID", "u", bus_property_get_gid, offsetof(Unit, ref_gid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), - BUS_EXEC_COMMAND_LIST_VTABLE("ExecStartPre", offsetof(Socket, exec_command[SOCKET_EXEC_START_PRE]), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION), -@@ -248,6 +250,9 @@ static int bus_socket_set_transient_property( - if (streq(name, "TriggerLimitBurst")) - return bus_set_transient_unsigned(u, name, &s->trigger_limit.burst, message, flags, error); - -+ if (streq(name, "PollLimitBurst")) -+ return bus_set_transient_unsigned(u, name, &s->poll_limit_burst, message, flags, error); -+ - if (streq(name, "SocketMode")) - return bus_set_transient_mode_t(u, name, &s->socket_mode, message, flags, error); - -@@ -275,6 +280,9 @@ static int bus_socket_set_transient_property( - if (streq(name, "TriggerLimitIntervalUSec")) - return bus_set_transient_usec(u, name, &s->trigger_limit.interval, message, flags, error); - -+ if (streq(name, "PollLimitIntervalUSec")) -+ return bus_set_transient_usec(u, name, &s->poll_limit_interval, message, flags, error); -+ - if (streq(name, "SmackLabel")) - return bus_set_transient_string(u, name, &s->smack, message, flags, error); - -diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in -index b66adf2811..0d1ee9c231 100644 ---- a/src/core/load-fragment-gperf.gperf.in -+++ b/src/core/load-fragment-gperf.gperf.in -@@ -507,6 +507,8 @@ Socket.FileDescriptorName, config_parse_fdname, - Socket.Service, config_parse_socket_service, 0, 0 - Socket.TriggerLimitIntervalSec, config_parse_sec, 0, offsetof(Socket, trigger_limit.interval) - Socket.TriggerLimitBurst, config_parse_unsigned, 0, offsetof(Socket, trigger_limit.burst) -+Socket.PollLimitIntervalSec, config_parse_sec, 0, offsetof(Socket, poll_limit_interval) -+Socket.PollLimitBurst, config_parse_unsigned, 0, offsetof(Socket, poll_limit_burst) - {% if ENABLE_SMACK %} - Socket.SmackLabel, config_parse_unit_string_printf, 0, offsetof(Socket, smack) - Socket.SmackLabelIPIn, config_parse_unit_string_printf, 0, offsetof(Socket, smack_ip_in) -diff --git a/src/core/socket.c b/src/core/socket.c -index 75034ac357..dc18744f54 100644 ---- a/src/core/socket.c -+++ b/src/core/socket.c -@@ -101,6 +101,9 @@ static void socket_init(Unit *u) { - - s->trigger_limit.interval = USEC_INFINITY; - s->trigger_limit.burst = UINT_MAX; -+ -+ s->poll_limit_interval = USEC_INFINITY; -+ s->poll_limit_burst = UINT_MAX; - } - - static void socket_unwatch_control_pid(Socket *s) { -@@ -310,17 +313,20 @@ static int socket_add_extras(Socket *s) { - * off the queues, which it might not necessarily do. Moreover, while Accept=no services are supposed to - * process whatever is queued in one go, and thus should normally never have to be started frequently. This is - * different for Accept=yes where each connection is processed by a new service instance, and thus frequent -- * service starts are typical. */ -+ * service starts are typical. -+ * -+ * For the poll limit we follow a similar rule, but use 3/4th of the trigger limit parameters, to -+ * trigger this earlier. */ - - if (s->trigger_limit.interval == USEC_INFINITY) - s->trigger_limit.interval = 2 * USEC_PER_SEC; -+ if (s->trigger_limit.burst == UINT_MAX) -+ s->trigger_limit.burst = s->accept ? 200 : 20; - -- if (s->trigger_limit.burst == UINT_MAX) { -- if (s->accept) -- s->trigger_limit.burst = 200; -- else -- s->trigger_limit.burst = 20; -- } -+ if (s->poll_limit_interval == USEC_INFINITY) -+ s->poll_limit_interval = 2 * USEC_PER_SEC; -+ if (s->poll_limit_burst == UINT_MAX) -+ s->poll_limit_burst = s->accept ? 150 : 15; - - if (have_non_accept_socket(s)) { - -@@ -770,9 +776,13 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) { - - fprintf(f, - "%sTriggerLimitIntervalSec: %s\n" -- "%sTriggerLimitBurst: %u\n", -+ "%sTriggerLimitBurst: %u\n" -+ "%sPollLimitIntervalSec: %s\n" -+ "%sPollLimitBurst: %u\n", - prefix, FORMAT_TIMESPAN(s->trigger_limit.interval, USEC_PER_SEC), -- prefix, s->trigger_limit.burst); -+ prefix, s->trigger_limit.burst, -+ prefix, FORMAT_TIMESPAN(s->poll_limit_interval, USEC_PER_SEC), -+ prefix, s->poll_limit_burst); - - str = ip_protocol_to_name(s->socket_protocol); - if (str) -@@ -1765,6 +1775,10 @@ static int socket_watch_fds(Socket *s) { - - (void) sd_event_source_set_description(p->event_source, "socket-port-io"); - } -+ -+ r = sd_event_source_set_ratelimit(p->event_source, s->poll_limit_interval, s->poll_limit_burst); -+ if (r < 0) -+ log_unit_debug_errno(UNIT(s), r, "Failed to set poll limit on I/O event source, ignoring: %m"); - } - - return 0; -diff --git a/src/core/socket.h b/src/core/socket.h -index 191d27f46d..b03a291e4a 100644 ---- a/src/core/socket.h -+++ b/src/core/socket.h -@@ -158,6 +158,8 @@ struct Socket { - char *fdname; - - RateLimit trigger_limit; -+ usec_t poll_limit_interval; -+ unsigned poll_limit_burst; - }; - - SocketPeer *socket_peer_ref(SocketPeer *p); -diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c -index e7b44cc39b..9f0f37488d 100644 ---- a/src/shared/bus-unit-util.c -+++ b/src/shared/bus-unit-util.c -@@ -2170,10 +2170,10 @@ static int bus_append_path_property(sd_bus_message *m, const char *field, const - return 1; - } - -- if (streq(field, "TriggerLimitBurst")) -+ if (STR_IN_SET(field, "TriggerLimitBurst", "PollLimitBurst")) - return bus_append_safe_atou(m, field, eq); - -- if (streq(field, "TriggerLimitIntervalSec")) -+ if (STR_IN_SET(field, "TriggerLimitIntervalSec", "PollLimitIntervalSec")) - return bus_append_parse_sec_rename(m, field, eq); - - return 0; -@@ -2382,7 +2382,8 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons - "MaxConnections", - "MaxConnectionsPerSource", - "KeepAliveProbes", -- "TriggerLimitBurst")) -+ "TriggerLimitBurst", -+ "PollLimitBurst")) - return bus_append_safe_atou(m, field, eq); - - if (STR_IN_SET(field, "SocketMode", -@@ -2397,7 +2398,8 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons - "KeepAliveTimeSec", - "KeepAliveIntervalSec", - "DeferAcceptSec", -- "TriggerLimitIntervalSec")) -+ "TriggerLimitIntervalSec", -+ "PollLimitIntervalSec")) - return bus_append_parse_sec_rename(m, field, eq); - - if (STR_IN_SET(field, "ReceiveBuffer", diff --git a/0001-find_legacy_keymap-extend-variant-match-bonus-again.patch b/0001-find_legacy_keymap-extend-variant-match-bonus-again.patch deleted file mode 100644 index 02f6fc0..0000000 --- a/0001-find_legacy_keymap-extend-variant-match-bonus-again.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 537c00c984910f417a2f2d4aad997f822060d4d1 Mon Sep 17 00:00:00 2001 -From: Adam Williamson -Date: Tue, 19 Sep 2023 16:06:26 -0700 -Subject: [PATCH] find_legacy_keymap: extend variant match bonus again - -If the column is "-" and the X context variant specifer only -contains commas, we should also give the match bonus. The variant -string is supposed to be a comma-separated list as long as the -list of layouts, so it's quite natural for consumers to be written -in such a way that they pass a string only containing commas if -there are multiple layouts and no variants. anaconda is a real -world case that does this. - -Signed-off-by: Adam Williamson ---- - src/locale/localed-util.c | 2 +- - src/locale/test-localed-util.c | 7 +++++++ - 2 files changed, 8 insertions(+), 1 deletion(-) - -diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c -index eba13a2ac3..9b6949e14d 100644 ---- a/src/locale/localed-util.c -+++ b/src/locale/localed-util.c -@@ -839,7 +839,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) { - if (isempty(xc->model) || streq_ptr(xc->model, a[2])) { - matching++; - -- if (streq_ptr(xc->variant, a[3]) || (isempty(xc->variant) && streq(a[3], "-"))) { -+ if (streq_ptr(xc->variant, a[3]) || ((isempty(xc->variant) || streq_skip_trailing_chars(xc->variant, "", ",")) && streq(a[3], "-"))) { - matching++; - - if (streq_ptr(xc->options, a[4])) -diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c -index f702ff29b0..e92c178a98 100644 ---- a/src/locale/test-localed-util.c -+++ b/src/locale/test-localed-util.c -@@ -185,6 +185,13 @@ TEST(x11_convert_to_vconsole) { - assert_se(streq(vc.keymap, "bg_bds-utf8")); - vc_context_clear(&vc); - -+ /* same, but with variant specified as "," */ -+ log_info("/* test with variant as ',', desired match second (bg,us:) */"); -+ assert_se(free_and_strdup(&xc.variant, ",") >= 0); -+ assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0); -+ assert_se(streq(vc.keymap, "bg_bds-utf8")); -+ vc_context_clear(&vc); -+ - log_info("/* test with old mapping (fr:latin9) */"); - assert_se(free_and_strdup(&xc.layout, "fr") >= 0); - assert_se(free_and_strdup(&xc.variant, "latin9") >= 0); diff --git a/0001-find_legacy_keymap-fix-empty-variant-matching.patch b/0001-find_legacy_keymap-fix-empty-variant-matching.patch deleted file mode 100644 index c15a017..0000000 --- a/0001-find_legacy_keymap-fix-empty-variant-matching.patch +++ /dev/null @@ -1,58 +0,0 @@ -From a30ae31351ffa701ca860779495d4f52db4c462c Mon Sep 17 00:00:00 2001 -From: Adam Williamson -Date: Fri, 15 Sep 2023 15:35:36 -0700 -Subject: [PATCH 1/2] find_legacy_keymap: fix empty variant matching - -We should give a match bonus if the X context variant is empty -and the xvariant column in kbd-model-map is "-" (which means -none). Currently, we don't, which means that if you call this -on a context with layouts bg,us and no variant, you get the -console layout bg_pho-utf8 instead of bg_bds-utf8 (because both -score the same, and the bg_pho-utf8 row comes first). You should -get bg_bds-utf8 in this case. - -Signed-off-by: Adam Williamson ---- - src/locale/localed-util.c | 2 +- - src/locale/test-localed-util.c | 12 ++++++++++++ - 2 files changed, 13 insertions(+), 1 deletion(-) - -diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c -index 02fac9786b..6a05b50a31 100644 ---- a/src/locale/localed-util.c -+++ b/src/locale/localed-util.c -@@ -825,7 +825,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) { - if (isempty(xc->model) || streq_ptr(xc->model, a[2])) { - matching++; - -- if (streq_ptr(xc->variant, a[3])) { -+ if (streq_ptr(xc->variant, a[3]) || (isempty(xc->variant) && streq(a[3], "-"))) { - matching++; - - if (streq_ptr(xc->options, a[4])) -diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c -index cb66dffd48..a19d80a967 100644 ---- a/src/locale/test-localed-util.c -+++ b/src/locale/test-localed-util.c -@@ -173,6 +173,18 @@ TEST(x11_convert_to_vconsole) { - assert_se(streq(vc.keymap, "es-dvorak")); - vc_context_clear(&vc); - -+ /* es no-variant test is not very good as the desired match -+ comes first in the list so will win if both candidates score -+ the same. in this case the desired match comes second so will -+ not win unless we correctly give the no-variant match a bonus -+ */ -+ log_info("/* test without variant, desired match second (bg,us:) */"); -+ assert_se(free_and_strdup(&xc.layout, "bg,us") >= 0); -+ assert_se(free_and_strdup(&xc.variant, NULL) >= 0); -+ assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0); -+ assert_se(streq(vc.keymap, "bg_bds-utf8")); -+ vc_context_clear(&vc); -+ - log_info("/* test with old mapping (fr:latin9) */"); - assert_se(free_and_strdup(&xc.layout, "fr") >= 0); - assert_se(free_and_strdup(&xc.variant, "latin9") >= 0); --- -2.41.0 - diff --git a/0001-keyboard-model-map-correct-sk-qwerty-entry.patch b/0001-keyboard-model-map-correct-sk-qwerty-entry.patch deleted file mode 100644 index f6a042a..0000000 --- a/0001-keyboard-model-map-correct-sk-qwerty-entry.patch +++ /dev/null @@ -1,25 +0,0 @@ -From ca831de1704f4e28241df513aa89ac465a7c8ab2 Mon Sep 17 00:00:00 2001 -From: Adam Williamson -Date: Wed, 20 Sep 2023 15:14:31 -0700 -Subject: [PATCH] keyboard-model-map: correct sk-qwerty entry - -qwerty here is a variant, not an option. - -Signed-off-by: Adam Williamson ---- - src/locale/kbd-model-map | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/locale/kbd-model-map b/src/locale/kbd-model-map -index a145e13ecd..279d1a36d8 100644 ---- a/src/locale/kbd-model-map -+++ b/src/locale/kbd-model-map -@@ -52,7 +52,7 @@ es es pc105 - terminate:ctrl_alt_bksp - ro-cedilla ro pc105 cedilla terminate:ctrl_alt_bksp - ie ie pc105 - terminate:ctrl_alt_bksp - et ee pc105 - terminate:ctrl_alt_bksp --sk-qwerty sk pc105 - terminate:ctrl_alt_bksp,qwerty -+sk-qwerty sk pc105 qwerty terminate:ctrl_alt_bksp - sk-qwertz sk pc105 - terminate:ctrl_alt_bksp - fr-latin9 fr pc105 latin9 terminate:ctrl_alt_bksp - fr_CH-latin1 ch pc105 fr terminate:ctrl_alt_bksp diff --git a/0002-find_legacy_keymap-try-matching-with-layout-order-re.patch b/0002-find_legacy_keymap-try-matching-with-layout-order-re.patch deleted file mode 100644 index d0eb7d0..0000000 --- a/0002-find_legacy_keymap-try-matching-with-layout-order-re.patch +++ /dev/null @@ -1,117 +0,0 @@ -From cf649cc21bf997b90606db664d74726fcaf002de Mon Sep 17 00:00:00 2001 -From: Adam Williamson -Date: Fri, 15 Sep 2023 16:02:29 -0700 -Subject: [PATCH 2/2] find_legacy_keymap: try matching with layout order - reversed - -The lines in kbd-model-map date back to ye olde times (RH's old -system-config-keyboard), and I think predate this bug: - -https://bugzilla.redhat.com/show_bug.cgi?id=1039185 - -where we got strong feedback that, for 'switched' layout setups -like Russian, US English should be the *first* layout and the -native layout the *second* one. This is how anaconda and, as of -recently, gnome-initial-setup configure such cases - but that -means, if we try to use localed to convert these configurations -using kbd-model-map, we get the wrong result (we get "us" as the -console layout). See also: - -https://bugzilla.redhat.com/show_bug.cgi?id=1912609 - -where we first noticed this wasn't working right, but sadly, we -'fixed' it with a not-really-correct bodge in anaconda instead -of doing it properly. - -Signed-off-by: Adam Williamson ---- - src/locale/localed-util.c | 44 ++++++++++++++++++++++------------ - src/locale/test-localed-util.c | 5 +++- - 2 files changed, 33 insertions(+), 16 deletions(-) - -diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c -index 6a05b50a31..eba13a2ac3 100644 ---- a/src/locale/localed-util.c -+++ b/src/locale/localed-util.c -@@ -803,21 +803,35 @@ int find_legacy_keymap(const X11Context *xc, char **ret) { - /* If we got an exact match, this is the best */ - matching = 10; - else { -- /* We have multiple X layouts, look for an -- * entry that matches our key with everything -- * but the first layout stripped off. */ -- if (startswith_comma(xc->layout, a[1])) -- matching = 5; -+ /* see if we get an exact match with the order reversed */ -+ _cleanup_strv_free_ char **b = NULL; -+ _cleanup_free_ char *c = NULL; -+ r = strv_split_full(&b, a[1], ",", 0); -+ if (r < 0) -+ return r; -+ strv_reverse(b); -+ c = strv_join(b, ","); -+ if (!c) -+ return log_oom(); -+ if (streq(xc->layout, c)) -+ matching = 9; - else { -- _cleanup_free_ char *x = NULL; -- -- /* If that didn't work, strip off the -- * other layouts from the entry, too */ -- x = strdupcspn(a[1], ","); -- if (!x) -- return -ENOMEM; -- if (startswith_comma(xc->layout, x)) -- matching = 1; -+ /* We have multiple X layouts, look for an -+ * entry that matches our key with everything -+ * but the first layout stripped off. */ -+ if (startswith_comma(xc->layout, a[1])) -+ matching = 5; -+ else { -+ _cleanup_free_ char *x = NULL; -+ -+ /* If that didn't work, strip off the -+ * other layouts from the entry, too */ -+ x = strdupcspn(a[1], ","); -+ if (!x) -+ return -ENOMEM; -+ if (startswith_comma(xc->layout, x)) -+ matching = 1; -+ } - } - } - -@@ -848,7 +862,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) { - } - } - -- if (best_matching < 10 && !isempty(xc->layout)) { -+ if (best_matching < 9 && !isempty(xc->layout)) { - _cleanup_free_ char *l = NULL, *v = NULL, *converted = NULL; - - /* The best match is only the first part of the X11 -diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c -index a19d80a967..f702ff29b0 100644 ---- a/src/locale/test-localed-util.c -+++ b/src/locale/test-localed-util.c -@@ -192,11 +192,14 @@ TEST(x11_convert_to_vconsole) { - assert_se(streq(vc.keymap, "fr-latin9")); - vc_context_clear(&vc); - -+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1039185 */ -+ /* us,ru is the x config users want, but they still want ru -+ as the console layout in this case */ - log_info("/* test with a compound mapping (us,ru:) */"); - assert_se(free_and_strdup(&xc.layout, "us,ru") >= 0); - assert_se(free_and_strdup(&xc.variant, NULL) >= 0); - assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0); -- assert_se(streq(vc.keymap, "us")); -+ assert_se(streq(vc.keymap, "ru")); - vc_context_clear(&vc); - - log_info("/* test with a compound mapping (ru,us:) */"); --- -2.41.0 - diff --git a/0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch b/0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch deleted file mode 100644 index e2e80e9..0000000 --- a/0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch +++ /dev/null @@ -1,80 +0,0 @@ -From f6b09a2ed646f0a0b54605d4c19a898ab2bbf192 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 18 Sep 2023 17:51:49 +0200 -Subject: [PATCH 2/3] man: document the new - PollLimitIntervalSec=/PollLimitBurst= settings - -(cherry picked from commit 9373fce68de183a615d44fe100dcf22e3c9b8c3e) ---- - man/systemd.socket.xml | 58 ++++++++++++++++++++++++++++++++++-------- - 1 file changed, 47 insertions(+), 11 deletions(-) - -diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml -index 45555302f1..462978d438 100644 ---- a/man/systemd.socket.xml -+++ b/man/systemd.socket.xml -@@ -830,17 +830,53 @@ - TriggerLimitIntervalSec= - TriggerLimitBurst= - -- Configures a limit on how often this socket unit may be activated within a specific time -- interval. The TriggerLimitIntervalSec= may be used to configure the length of the time -- interval in the usual time units us, ms, s, -- min, h, … and defaults to 2s (See -- systemd.time7 for details on -- the various time units understood). The TriggerLimitBurst= setting takes a positive integer -- value and specifies the number of permitted activations per time interval, and defaults to 200 for -- Accept=yes sockets (thus by default permitting 200 activations per 2s), and 20 otherwise (20 -- activations per 2s). Set either to 0 to disable any form of trigger rate limiting. If the limit is hit, the -- socket unit is placed into a failure mode, and will not be connectible anymore until restarted. Note that this -- limit is enforced before the service activation is enqueued. -+ Configures a limit on how often this socket unit may be activated within a specific -+ time interval. The TriggerLimitIntervalSec= setting may be used to configure the -+ length of the time interval in the usual time units us, ms, -+ s, min, h, … and defaults to 2s (See -+ systemd.time7 for -+ details on the various time units understood). The TriggerLimitBurst= setting -+ takes a positive integer value and specifies the number of permitted activations per time interval, -+ and defaults to 200 for Accept=yes sockets (thus by default permitting 200 -+ activations per 2s), and 20 otherwise (20 activations per 2s). Set either to 0 to disable any form of -+ trigger rate limiting. -+ -+ If the limit is hit, the socket unit is placed into a failure mode, and will not be connectible -+ anymore until restarted. Note that this limit is enforced before the service activation is -+ enqueued. -+ -+ Compare with PollLimitIntervalSec=/PollLimitBurst= -+ described below, which implements a temporary slowdown if a socket unit is flooded with incoming -+ traffic, as opposed to the permanent failure state -+ TriggerLimitIntervalSec=/TriggerLimitBurst= results in. -+ -+ -+ -+ -+ PollLimitIntervalSec= -+ PollLimitBurst= -+ -+ Configures a limit on how often polling events on the file descriptors backing this -+ socket unit will be considered. This pair of settings is similar to -+ TriggerLimitIntervalSec=/TriggerLimitBurst= but instead of -+ putting a (fatal) limit on the activation frequency puts a (transient) limit on the polling -+ frequency. The expected parameter syntax and range are identical to that of the aforementioned -+ options, and can be disabled the same way. -+ -+ If the polling limit is hit polling is temporarily disabled on it until the specified time -+ window passes. The polling limit hence slows down connection attempts if hit, but unlike the trigger -+ limit won't cause permanent failures. It's the recommended mechanism to deal with DoS attempts -+ through packet flooding. -+ -+ The polling limit is enforced per file descriptor to listen on, as opposed to the trigger limit -+ which is enforced for the entire socket unit. This distinction matters for socket units that listen -+ on multiple file descriptors (i.e. have multiple ListenXYZ= stanzas). -+ -+ These setting defaults to 150 (in case of Accept=yes) and 15 (otherwise) -+ polling events per 2s. This is considerably lower than the default values for the trigger limit (see -+ above) and means that the polling limit should typically ensure the trigger limit is never hit, -+ unless one of them is reconfigured or disabled. -+ - - - diff --git a/0003-ci-add-test-for-poll-limit.patch b/0003-ci-add-test-for-poll-limit.patch deleted file mode 100644 index 33e2178..0000000 --- a/0003-ci-add-test-for-poll-limit.patch +++ /dev/null @@ -1,79 +0,0 @@ -From ae92a9714744bbf92fe69ffe276a668b031a6d26 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 18 Sep 2023 18:05:27 +0200 -Subject: [PATCH 3/3] ci: add test for poll limit - -(cherry picked from commit 065e478a4a8cc8e41a6e87756c081396f253e853) ---- - test/TEST-07-PID1/test.sh | 2 ++ - test/units/testsuite-07.poll-limit.sh | 48 +++++++++++++++++++++++++++ - 2 files changed, 50 insertions(+) - create mode 100755 test/units/testsuite-07.poll-limit.sh - -diff --git a/test/TEST-07-PID1/test.sh b/test/TEST-07-PID1/test.sh -index 1c3d7137fe..d0e35d870f 100755 ---- a/test/TEST-07-PID1/test.sh -+++ b/test/TEST-07-PID1/test.sh -@@ -32,6 +32,8 @@ Alias=issue2730-alias.mount - EOF - "${SYSTEMCTL:?}" enable --root="$workspace" issue2730.mount - ln -svrf "$workspace/etc/systemd/system/issue2730.mount" "$workspace/etc/systemd/system/issue2730-alias.mount" -+ -+ image_install logger - } - - do_test "$@" -diff --git a/test/units/testsuite-07.poll-limit.sh b/test/units/testsuite-07.poll-limit.sh -new file mode 100755 -index 0000000000..480d7ee8df ---- /dev/null -+++ b/test/units/testsuite-07.poll-limit.sh -@@ -0,0 +1,48 @@ -+#!/usr/bin/env bash -+# SPDX-License-Identifier: LGPL-2.1-or-later -+set -eux -+set -o pipefail -+ -+systemd-analyze log-level debug -+ -+cat > /run/systemd/system/floodme@.service < /run/systemd/system/floodme.socket < -Date: Wed, 26 Jul 2023 09:02:04 +0200 -Subject: [PATCH] rpm: add %systemd_postun_with_reload and - %systemd_user_postun_with_reload - -For some units, the package would like to issue a reload. The machinery was -already in place since c9615f73521986b3607b852c139036d58973043c: - - systemctl reload-or-restart --marked - - Enqueues restart jobs for all units that have the 'needs-restart' - mark, and reload jobs for units that have the 'needs-reload' mark. - When a unit marked for reload does not support reload, restart will - be queued. - -The new macros allow a reload to be issued instead of a restart. - -Based on the discussion on fedora-devel: -https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/IJSUGIEJNYZZRE53FF4YFUEBRHRAVIXR/ - -Tested using dummy package https://github.com/keszybz/rpm-test-reload. ---- - src/rpm/macros.systemd.in | 16 ++++++++++++++++ - src/rpm/systemd-update-helper.in | 22 ++++++++++++++++++++++ - 2 files changed, 38 insertions(+) - -diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in -index c07541c7286c..f05553f557e9 100644 ---- a/src/rpm/macros.systemd.in -+++ b/src/rpm/macros.systemd.in -@@ -101,6 +101,22 @@ if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ - fi \ - %{nil} - -+%systemd_postun_with_reload() \ -+%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_reload}} \ -+if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ -+ # Package upgrade, not uninstall \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-reload-system-units %{?*} || : \ -+fi \ -+%{nil} -+ -+%systemd_user_postun_with_reload() \ -+%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_postun_with_reload}} \ -+if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ -+ # Package upgrade, not uninstall \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-reload-user-units %{?*} || : \ -+fi \ -+%{nil} -+ - %udev_hwdb_update() %{nil} - - %udev_rules_update() %{nil} -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -index c623a5ea1722..c81e16c3d3ff 100755 ---- a/src/rpm/systemd-update-helper.in -+++ b/src/rpm/systemd-update-helper.in -@@ -47,6 +47,15 @@ case "$command" in - wait - ;; - -+ mark-reload-system-units) -+ [ -d /run/systemd/system ] || exit 0 -+ -+ for unit in "$@"; do -+ systemctl set-property "$unit" Markers=+needs-reload & -+ done -+ wait -+ ;; -+ - mark-restart-user-units) - [ -d /run/systemd/system ] || exit 0 - -@@ -60,6 +69,19 @@ case "$command" in - wait - ;; - -+ mark-reload-user-units) -+ [ -d /run/systemd/system ] || exit 0 -+ -+ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') -+ for user in $users; do -+ for unit in "$@"; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ -+ systemctl --user -M "$user@" set-property "$unit" Markers=+needs-reload & -+ done -+ done -+ wait -+ ;; -+ - system-reload-restart|system-reload|system-restart) - if [ -n "$*" ]; then - echo "Unexpected arguments for '$command': $*" diff --git a/sources b/sources index 1482dea..fdd7cac 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-254.5.tar.gz) = 8e9b4f802c4da2a0dea6028df78d20de5d96802d8f614d0392e89dea605cdd8d9c1724ce3ea382378d582402646f8bea2ffcd55a84262461721ee3f691105b7a +SHA512 (systemd-255-rc1.tar.gz) = 3a92f59af54e0f4988304daa9d1d186554cd07f5ebc95ab17d2d6c1cb37caf7b329e8eca67eb7349aed2f425341ef2b79e2469156a26b6e2436b900b2136f824 diff --git a/split-files.py b/split-files.py index 6ab2832..cd309cc 100644 --- a/split-files.py +++ b/split-files.py @@ -150,7 +150,7 @@ for file in files(buildroot): integritytab| remount-fs| /initrd| - systemd-pcrphase| + systemd-pcr| systemd-measure| /boot$| /kernel/| diff --git a/systemd.spec b/systemd.spec index b2d550a..3473ec4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 254.5 +Version: 255~rc1 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -104,21 +104,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 Patch0001: https://github.com/systemd/systemd/pull/26494.patch -# Backport of patches that allow reloading of units -Patch0002: https://github.com/systemd/systemd/pull/28521/commits/631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch - -# Backport of improvements to console keyboard layout guessing -# https://github.com/systemd/systemd/pull/29215 -# https://bugzilla.redhat.com/show_bug.cgi?id=1912609 -Patch0003: 0001-find_legacy_keymap-fix-empty-variant-matching.patch -Patch0004: 0002-find_legacy_keymap-try-matching-with-layout-order-re.patch -Patch0005: 0001-find_legacy_keymap-extend-variant-match-bonus-again.patch -Patch0006: 0001-keyboard-model-map-correct-sk-qwerty-entry.patch - -# Requested as an alternative to https://fedoraproject.org/wiki/Changes/Drop_Sshd_Socket -Patch0010: 0001-core-add-new-PollLimit-settings-to-.socket-units.patch -Patch0011: 0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch -Patch0012: 0003-ci-add-test-for-poll-limit.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -128,7 +113,7 @@ Patch0490: use-bfq-scheduler.patch Patch0491: fedora-use-system-auth-in-pam-systemd-user.patch %ifarch %{ix86} x86_64 aarch64 -%global have_gnu_efi 1 +%global want_bootloader 1 %endif BuildRequires: gcc @@ -204,6 +189,9 @@ BuildRequires: python3dist(pytest-flakes) %endif BuildRequires: python3dist(pytest) BuildRequires: python3dist(zstd) +%if 0%{?want_bootloader} +BuildRequires: python3dist(pyelftools) +%endif # gzip and lzma are provided by the stdlib BuildRequires: firewalld-filesystem BuildRequires: libseccomp-devel @@ -408,7 +396,7 @@ This package also provides systemd-timesyncd, a network time protocol daemon. It also contains tools to manage encrypted home areas and secrets bound to the machine, and to create or grow partitions and make file systems automatically. -%if 0%{?have_gnu_efi} +%if 0%{?want_bootloader} %package ukify Summary: Tool to build Unified Kernel Images Requires: %{name} = %{version}-%{release} @@ -576,16 +564,6 @@ package and is meant for use in exitrds. %prep %autosetup -n %{?commit:%{name}%[%stable?"-stable":""]-%{commit}}%{!?commit:%{name}%[%stable?"-stable":""]-%{version_no_tilde}} -p1 -%generate_buildrequires -%if 0%{?have_gnu_efi} -if grep -q gnu-efi meson_options.txt; then - echo 'gnu-efi' - echo 'gnu-efi-devel' -else - echo 'python3dist(pyelftools)' -fi -%endif - %build %global ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} @@ -599,44 +577,44 @@ CONFIGURE_OPTS=( -Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin -Dservice-watchdog= -Ddev-kvm-mode=0666 - -Dkmod=true - -Dxkbcommon=true - -Dblkid=true - -Dfdisk=true - -Dseccomp=true + -Dkmod=enabled + -Dxkbcommon=enabled + -Dblkid=enabled + -Dfdisk=enabled + -Dseccomp=enabled -Dima=true - -Dselinux=true - -Dbpf-framework=%[0%{?have_bpf}?"true":"false"] - -Dapparmor=false - -Dpolkit=true - -Dxz=%[%{with xz}?"true":"false"] - -Dzlib=%[%{with zlib}?"true":"false"] - -Dbzip2=%[%{with bzip2}?"true":"false"] - -Dlz4=%[%{with lz4}?"true":"false"] - -Dzstd=%[%{with zstd}?"true":"false"] - -Dpam=true - -Dacl=true + -Dselinux=enabled + -Dbpf-framework=%[0%{?have_bpf}?"enabled":"disabled"] + -Dapparmor=disabled + -Dpolkit=enabled + -Dxz=%[%{with xz}?"enabled":"disabled"] + -Dzlib=%[%{with zlib}?"enabled":"disabled"] + -Dbzip2=%[%{with bzip2}?"enabled":"disabled"] + -Dlz4=%[%{with lz4}?"enabled":"disabled"] + -Dzstd=%[%{with zstd}?"enabled":"disabled"] + -Dpam=enabled + -Dacl=enabled -Dsmack=true - -Dopenssl=true + -Dopenssl=enabled -Dcryptolib=openssl - -Dp11kit=true - -Dgcrypt=false - -Daudit=true - -Delfutils=true - -Dlibcryptsetup=%[%{with bootstrap}?"false":"true"] - -Delfutils=true - -Dpwquality=true - -Dqrencode=%[%{defined rhel}?"false":"true"] - -Dgnutls=%[%{with gnutls}?"true":"false"] - -Dmicrohttpd=true - -Dlibidn2=true + -Dp11kit=enabled + -Dgcrypt=disabled + -Daudit=enabled + -Delfutils=enabled + -Dlibcryptsetup=%[%{with bootstrap}?"disabled":"enabled"] + -Delfutils=enabled + -Dpwquality=enabled + -Dqrencode=%[%{defined rhel}?"disabled":"enabled"] + -Dgnutls=%[%{with gnutls}?"enabled":"disabled"] + -Dmicrohttpd=enabled + -Dlibidn2=enabled -Dlibiptc=false - -Dlibcurl=true - -Dlibfido2=true - -Dxenctrl=%[0%{?have_xen}?"true":"false"] + -Dlibcurl=enabled + -Dlibfido2=enabled + -Dxenctrl=%[0%{?have_xen}?"enabled":"disabled"] -Defi=true -Dtpm=true - -Dtpm2=true + -Dtpm2=enabled -Dhwdb=true -Dsysusers=true -Dstandalone-binaries=true @@ -653,7 +631,7 @@ CONFIGURE_OPTS=( -Dsplit-bin=true -Db_lto=%[%{with lto}?"true":"false"] -Db_ndebug=false - -Dman=true + -Dman=enabled -Dversion-tag=%{version}-%{release} # https://bugzilla.redhat.com/show_bug.cgi?id=1906010 -Dshared-lib-tag=%{version_no_tilde}-%{release} @@ -690,21 +668,15 @@ CONFIGURE_OPTS=( -Dsystemd-network-uid=192 -Dsystemd-resolve-uid=193 # -Dsystemd-timesync-uid=, not set yet -) -if grep gnu-efi meson_options.txt; then - CONFIGURE_OPTS+=( -Dgnu-efi=%[%{?have_gnu_efi}?"true":"false"] ) -else - # For now, let's build the bootloader in the same places where we - # built with gnu-efi. Later on, we might want to extend coverage, but - # considering that that support is untested, let's not do this now. - # Note, ukify requires bootloader, let's also explicitly enable/disable it - # here for https://github.com/systemd/systemd/pull/24175. - CONFIGURE_OPTS+=( - -Dbootloader=%[%{?have_gnu_efi}?"true":"false"] - -Dukify=%[%{?have_gnu_efi}?"true":"false"] - ) -fi + # For now, let's build the bootloader in the same places where we + # built with gnu-efi. Later on, we might want to extend coverage, but + # considering that that support is untested, let's not do this now. + # Note, ukify requires bootloader, let's also explicitly enable/disable it + # here for https://github.com/systemd/systemd/pull/24175. + -Dbootloader=%[%{?want_bootloader}?"enabled":"disabled"] + -Dukify=%[%{?want_bootloader}?"enabled":"disabled"] +) %if %{without lto} %global _lto_cflags %nil @@ -994,7 +966,7 @@ systemctl --no-reload preset systemd-oomd.service &>/dev/null || : # a different package version. systemctl --no-reload preset systemd-journald-audit.socket &>/dev/null || : -%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-homed.service systemd-timesyncd.service %{?have_gnu_efi:systemd-boot-update.service} systemd-portabled.service systemd-pstore.service remote-cryptsetup.target +%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-homed.service systemd-timesyncd.service %{?want_bootloader:systemd-boot-update.service} systemd-portabled.service systemd-pstore.service remote-cryptsetup.target %post udev # Move old stuff around in /var/lib @@ -1172,7 +1144,7 @@ fi %files udev -f .file-list-udev -%if 0%{?have_gnu_efi} +%if 0%{?want_bootloader} %files ukify -f .file-list-ukify %files boot-unsigned -f .file-list-boot %endif From 5cae6af05feca642414f9bd678f16a161265f7ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 7 Nov 2023 17:45:57 +0100 Subject: [PATCH 044/327] Move oomd to systemd-udev It is really only useful on "full" machines, either VMs or bare metal, so it should be in systemd-udev. --- split-files.py | 7 ++++--- systemd.spec | 17 +++-------------- 2 files changed, 7 insertions(+), 17 deletions(-) diff --git a/split-files.py b/split-files.py index cd309cc..83f1f46 100644 --- a/split-files.py +++ b/split-files.py @@ -116,6 +116,9 @@ for file in files(buildroot): elif '.so.' in n: o = o_libs + elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X): + o = o_oomd_defaults + elif re.search(r'''udev(?!\.pc)| hwdb| bootctl| @@ -160,6 +163,7 @@ for file in files(buildroot): sysctl| coredump| homed|home1| + oomd| portabled|portable1 ''', n, re.X): # coredumpctl, homectl, portablectl are included in the main package because # they can be used to interact with remote daemons. Also, the user could be @@ -179,9 +183,6 @@ for file in files(buildroot): ''', n, re.X): # resolvectl and nss-resolve are in the main package. o = o_resolve - elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X): - o = o_oomd_defaults - else: o = o_main diff --git a/systemd.spec b/systemd.spec index 3473ec4..8a40760 100644 --- a/systemd.spec +++ b/systemd.spec @@ -500,7 +500,7 @@ resolver, as well as an LLMNR and MulticastDNS resolver and responder. %package oomd-defaults Summary: Configuration files for systemd-oomd -Requires: %{name} = %{version}-%{release} +Requires: %{name}-udev = %{version}-%{release} License: LGPL-2.1-or-later BuildArch: noarch @@ -871,13 +871,6 @@ systemd-machine-id-setup &>/dev/null || : # this would make things worse, increasing the number of warnings we get # about needed daemon-reload. -oomd_state=$(systemctl is-active systemd-oomd 2>/dev/null || :) - -# Work-around for #1931034. Remove after F34 is released. -if [ "$oomd_state" == "active" ]; then - systemctl stop -q systemd-oomd 2>/dev/null || : -fi - systemctl daemon-reexec &>/dev/null || { # systemd v239 had bug #9553 in D-Bus authentication of the private socket, # which was later fixed in v240 by #9625. @@ -898,10 +891,6 @@ systemctl daemon-reexec &>/dev/null || { fi } -if [ "$oomd_state" == "active" ]; then - systemctl start -q systemd-oomd 2>/dev/null || : -fi - [ $1 -eq 1 ] || exit 0 # create /var/log/journal only on initial installation, @@ -928,7 +917,7 @@ if [ $1 -eq 1 ]; then systemd-tmpfiles --create &>/dev/null || : fi -%systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-oomd.service +%systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service # FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558) @@ -966,7 +955,7 @@ systemctl --no-reload preset systemd-oomd.service &>/dev/null || : # a different package version. systemctl --no-reload preset systemd-journald-audit.socket &>/dev/null || : -%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-homed.service systemd-timesyncd.service %{?want_bootloader:systemd-boot-update.service} systemd-portabled.service systemd-pstore.service remote-cryptsetup.target +%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-homed.service %{?want_bootloader:systemd-boot-update.service} systemd-oomd.service systemd-portabled.service systemd-pstore.service systemd-timesyncd.service remote-cryptsetup.target %post udev # Move old stuff around in /var/lib From 1c98102f5df560bfa33abc4cd62ef9882ec15cc9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 7 Nov 2023 18:41:08 +0100 Subject: [PATCH 045/327] Also build systemd-vmspawn --- ...7ea76e72ed89a5d86ec9b78ca8f89a989258.patch | 182 ++++++++++++++++++ ...d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch | 24 +++ split-files.py | 1 + systemd.spec | 7 +- 4 files changed, 212 insertions(+), 2 deletions(-) create mode 100644 30247ea76e72ed89a5d86ec9b78ca8f89a989258.patch create mode 100644 6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch diff --git a/30247ea76e72ed89a5d86ec9b78ca8f89a989258.patch b/30247ea76e72ed89a5d86ec9b78ca8f89a989258.patch new file mode 100644 index 0000000..e31a37a --- /dev/null +++ b/30247ea76e72ed89a5d86ec9b78ca8f89a989258.patch @@ -0,0 +1,182 @@ +From 30247ea76e72ed89a5d86ec9b78ca8f89a989258 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 7 Nov 2023 21:36:46 +0100 +Subject: [PATCH] man: many fixes systemd-vmspawn(1) + +- version information +- indentation and missing tags +- mkosi and qemu don't need root +--- + man/systemctl.xml | 8 +-- + man/systemd-vmspawn.xml | 118 +++++++++++++++++++++++----------------- + 2 files changed, 72 insertions(+), 54 deletions(-) + +diff --git a/man/systemd-vmspawn.xml b/man/systemd-vmspawn.xml +index bf3aaf028eafe..4ca6f1a74fd2f 100644 +--- a/man/systemd-vmspawn.xml ++++ b/man/systemd-vmspawn.xml +@@ -44,59 +44,73 @@ + The following options are understood: + + +- Image Options ++ Image Options + +- +- +- +- ++ ++ ++ ++ + +- Root file system disk image (or device node) for the virtual machine. +- +- ++ Root file system disk image (or device node) for the virtual machine. ++ ++ ++ ++ ++ + + + +- Host Configuration ++ Host Configuration ++ ++ ++ ++ SMP ++ ++ Configures the number of CPUs to start the virtual machine with. ++ Defaults to 1. ++ ++ ++ ++ ++ ++ ++ MEM ++ ++ Configures the amount of memory to start the virtual machine with. ++ Defaults to 2G. + +- +- +- SMP ++ ++ ++ + +- Configures the number of CPUs to start the virtual machine with. +- Defaults to 1. +- ++ ++ + +- +- MEM ++ Configures whether to use KVM. If the option is not specified KVM support will be ++ detected automatically. If true, KVM is always used, and if false, KVM is never used. + +- Configures the amount of memory to start the virtual machine with. +- Defaults to 2G. +- ++ ++ + +- +- ++ ++ + +- Configure whether to use KVM. +- If the option is not specified KVM support will be detected automatically. +- If yes is specified KVM is always used, and vice versa if no is set KVM is never used. +- ++ Start QEMU in graphical mode. + +- +- ++ ++ + +- Start QEMU in graphical mode. +- ++ ++ + +- +- ++ Configures whether to search for firmware which supports secure boot. If the option ++ is not specified, the first firmware which is detected will be used. If true, then the first ++ firmware with secure boot support will be selected. If false, then the first firmware without ++ secure boot will be selected. + +- Configure whether to search for firmware which supports secure boot. +- If the option is not specified the first firmware which is detected will be used. +- If the option is set to yes then the first firmware with secure boot support will be selected. +- If no is specified then the first firmware without secure boot will be selected. +- +- ++ ++ ++ + + + +@@ -116,19 +130,21 @@ + use C-style escaping (i.e. \n to embed a newline, or \x00 to + embed a NUL byte). Note that the invoking shell might already apply unescaping + once, hence this might require double escaping!. +- ++ ++ + + + +- +- Other ++ ++ ++ Other + +- +- +- +- +- +- ++ ++ ++ ++ ++ ++ + + + +@@ -139,8 +155,10 @@ + + Run an Arch Linux VM image generated by mkosi + +- # mkosi -d arch -p systemd -p linux --autologin -o image.raw -f build +- # systemd-vmspawn --image=image.raw ++ ++$ mkosi -d arch -p systemd -p linux --autologin -o image.raw -f build ++$ systemd-vmspawn --image=image.raw ++ + + + +@@ -155,7 +173,7 @@ + See Also + + systemd1, +- mkosi1, ++ mkosi1 + + + diff --git a/6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch b/6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch new file mode 100644 index 0000000..a204f81 --- /dev/null +++ b/6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch @@ -0,0 +1,24 @@ +From 6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 7 Nov 2023 18:54:38 +0100 +Subject: [PATCH] vmspawn: shorted --help output to fit in 80 columns + +I think that "SB" is good enough here, the option name shows the unabbreviated +name. +--- + src/vmspawn/vmspawn.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/vmspawn/vmspawn.c b/src/vmspawn/vmspawn.c +index ab137df0a7155..00166b2f7a40f 100644 +--- a/src/vmspawn/vmspawn.c ++++ b/src/vmspawn/vmspawn.c +@@ -68,7 +68,7 @@ static int help(void) { + " --qemu-mem=MEM Configure guest's RAM size\n" + " --qemu-kvm= Configure whether to use KVM or not\n" + " --qemu-gui Start QEMU in graphical mode\n" +- " --secure-boot= Configure whether to search for firmware which supports Secure Boot\n\n" ++ " --secure-boot= Configure searching for firmware with SB support\n\n" + "%3$sCredentials:%4$s\n" + " --set-credential=ID:VALUE\n" + " Pass a credential with literal value to container.\n" diff --git a/split-files.py b/split-files.py index 83f1f46..0f1260e 100644 --- a/split-files.py +++ b/split-files.py @@ -93,6 +93,7 @@ for file in files(buildroot): elif re.search(r'''mymachines| machinectl| systemd-nspawn| + systemd-vmspawn| import-pubring.gpg| systemd-(machined|import|pull)| /machine.slice| diff --git a/systemd.spec b/systemd.spec index 8a40760..0dd7068 100644 --- a/systemd.spec +++ b/systemd.spec @@ -104,6 +104,8 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 Patch0001: https://github.com/systemd/systemd/pull/26494.patch +Patch0002: https://github.com/systemd/systemd/pull/29913/commits/6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch +Patch0003: https://github.com/systemd/systemd/pull/29913/commits/30247ea76e72ed89a5d86ec9b78ca8f89a989258.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -451,8 +453,8 @@ License: LGPL-2.1-or-later %description container Systemd tools to spawn and manage containers and virtual machines. -This package contains systemd-nspawn, machinectl, systemd-machined, and -systemd-importd. +This package contains systemd-nspawn, systemd-vmspawn, machinectl, +systemd-machined, and systemd-importd. %package journal-remote # Name is the same as in Debian @@ -607,6 +609,7 @@ CONFIGURE_OPTS=( -Dqrencode=%[%{defined rhel}?"disabled":"enabled"] -Dgnutls=%[%{with gnutls}?"enabled":"disabled"] -Dmicrohttpd=enabled + -Dvmspawn=true -Dlibidn2=enabled -Dlibiptc=false -Dlibcurl=enabled From 10915ad981e2a81075daa7988065a7852fa55a90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 8 Nov 2023 16:20:57 +0100 Subject: [PATCH 046/327] Add Conflicts with older dracut which doesn't have required patches --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index 0dd7068..afb44b4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -102,6 +102,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 +# Drop when dracut-060 is available. Patch0001: https://github.com/systemd/systemd/pull/26494.patch Patch0002: https://github.com/systemd/systemd/pull/29913/commits/6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch @@ -247,6 +248,9 @@ Conflicts: initscripts < 9.56.1 %if 0%{?fedora} Conflicts: fedora-release < 23-0.12 %endif +# Make sure that dracut supports systemd-executor and the renames done for v255 +Conflicts: dracut < dracut-059-16 + Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 Conflicts: %{name}-standalone-repart < %{version}-%{release}^ From fdfc8c33c8fd11940b24d0dc129cd373cee29f79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 8 Nov 2023 17:02:18 +0100 Subject: [PATCH 047/327] Fix dracut version [skip changelog] --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index afb44b4..be8e4c9 100644 --- a/systemd.spec +++ b/systemd.spec @@ -249,7 +249,7 @@ Conflicts: initscripts < 9.56.1 Conflicts: fedora-release < 23-0.12 %endif # Make sure that dracut supports systemd-executor and the renames done for v255 -Conflicts: dracut < dracut-059-16 +Conflicts: dracut < 059-16 Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 From 82517d01b5404a5e9a4a1da0000200fc0fafce61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 14 Nov 2023 22:57:07 +0100 Subject: [PATCH 048/327] rpminspect: disable udev rules check https://github.com/rpminspect/rpminspect/issues/1294#issuecomment-1808737198 [skip changelog] --- rpminspect.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/rpminspect.yaml b/rpminspect.yaml index 7261213..6318820 100644 --- a/rpminspect.yaml +++ b/rpminspect.yaml @@ -13,7 +13,12 @@ badfuncs: changedfiles: exclude_path: .* -# completely disabled inspections: +# completely disable inspections: inspections: # we know about our patches, no need to report anything patches: off + + # this inspection uses `udevadm` which comes from this package + # disable so we do not check udev rules with a possibly outdated version + # of the command + udevrules: off From 92eed01493a5ffa83c8f9064e1ffaecbe6940b37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 15 Nov 2023 18:26:36 +0100 Subject: [PATCH 049/327] Version 255~rc2 - See See https://raw.githubusercontent.com/systemd/systemd/v255-rc2/NEWS --- ...7ea76e72ed89a5d86ec9b78ca8f89a989258.patch | 182 ------------------ ...d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch | 24 --- sources | 2 +- systemd.spec | 4 +- 4 files changed, 2 insertions(+), 210 deletions(-) delete mode 100644 30247ea76e72ed89a5d86ec9b78ca8f89a989258.patch delete mode 100644 6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch diff --git a/30247ea76e72ed89a5d86ec9b78ca8f89a989258.patch b/30247ea76e72ed89a5d86ec9b78ca8f89a989258.patch deleted file mode 100644 index e31a37a..0000000 --- a/30247ea76e72ed89a5d86ec9b78ca8f89a989258.patch +++ /dev/null @@ -1,182 +0,0 @@ -From 30247ea76e72ed89a5d86ec9b78ca8f89a989258 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 7 Nov 2023 21:36:46 +0100 -Subject: [PATCH] man: many fixes systemd-vmspawn(1) - -- version information -- indentation and missing tags -- mkosi and qemu don't need root ---- - man/systemctl.xml | 8 +-- - man/systemd-vmspawn.xml | 118 +++++++++++++++++++++++----------------- - 2 files changed, 72 insertions(+), 54 deletions(-) - -diff --git a/man/systemd-vmspawn.xml b/man/systemd-vmspawn.xml -index bf3aaf028eafe..4ca6f1a74fd2f 100644 ---- a/man/systemd-vmspawn.xml -+++ b/man/systemd-vmspawn.xml -@@ -44,59 +44,73 @@ - The following options are understood: - - -- Image Options -+ Image Options - -- -- -- -- -+ -+ -+ -+ - -- Root file system disk image (or device node) for the virtual machine. -- -- -+ Root file system disk image (or device node) for the virtual machine. -+ -+ -+ -+ -+ - - - -- Host Configuration -+ Host Configuration -+ -+ -+ -+ SMP -+ -+ Configures the number of CPUs to start the virtual machine with. -+ Defaults to 1. -+ -+ -+ -+ -+ -+ -+ MEM -+ -+ Configures the amount of memory to start the virtual machine with. -+ Defaults to 2G. - -- -- -- SMP -+ -+ -+ - -- Configures the number of CPUs to start the virtual machine with. -- Defaults to 1. -- -+ -+ - -- -- MEM -+ Configures whether to use KVM. If the option is not specified KVM support will be -+ detected automatically. If true, KVM is always used, and if false, KVM is never used. - -- Configures the amount of memory to start the virtual machine with. -- Defaults to 2G. -- -+ -+ - -- -- -+ -+ - -- Configure whether to use KVM. -- If the option is not specified KVM support will be detected automatically. -- If yes is specified KVM is always used, and vice versa if no is set KVM is never used. -- -+ Start QEMU in graphical mode. - -- -- -+ -+ - -- Start QEMU in graphical mode. -- -+ -+ - -- -- -+ Configures whether to search for firmware which supports secure boot. If the option -+ is not specified, the first firmware which is detected will be used. If true, then the first -+ firmware with secure boot support will be selected. If false, then the first firmware without -+ secure boot will be selected. - -- Configure whether to search for firmware which supports secure boot. -- If the option is not specified the first firmware which is detected will be used. -- If the option is set to yes then the first firmware with secure boot support will be selected. -- If no is specified then the first firmware without secure boot will be selected. -- -- -+ -+ -+ - - - -@@ -116,19 +130,21 @@ - use C-style escaping (i.e. \n to embed a newline, or \x00 to - embed a NUL byte). Note that the invoking shell might already apply unescaping - once, hence this might require double escaping!. -- -+ -+ - - - -- -- Other -+ -+ -+ Other - -- -- -- -- -- -- -+ -+ -+ -+ -+ -+ - - - -@@ -139,8 +155,10 @@ - - Run an Arch Linux VM image generated by mkosi - -- # mkosi -d arch -p systemd -p linux --autologin -o image.raw -f build -- # systemd-vmspawn --image=image.raw -+ -+$ mkosi -d arch -p systemd -p linux --autologin -o image.raw -f build -+$ systemd-vmspawn --image=image.raw -+ - - - -@@ -155,7 +173,7 @@ - See Also - - systemd1, -- mkosi1, -+ mkosi1 - - - diff --git a/6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch b/6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch deleted file mode 100644 index a204f81..0000000 --- a/6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 7 Nov 2023 18:54:38 +0100 -Subject: [PATCH] vmspawn: shorted --help output to fit in 80 columns - -I think that "SB" is good enough here, the option name shows the unabbreviated -name. ---- - src/vmspawn/vmspawn.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/vmspawn/vmspawn.c b/src/vmspawn/vmspawn.c -index ab137df0a7155..00166b2f7a40f 100644 ---- a/src/vmspawn/vmspawn.c -+++ b/src/vmspawn/vmspawn.c -@@ -68,7 +68,7 @@ static int help(void) { - " --qemu-mem=MEM Configure guest's RAM size\n" - " --qemu-kvm= Configure whether to use KVM or not\n" - " --qemu-gui Start QEMU in graphical mode\n" -- " --secure-boot= Configure whether to search for firmware which supports Secure Boot\n\n" -+ " --secure-boot= Configure searching for firmware with SB support\n\n" - "%3$sCredentials:%4$s\n" - " --set-credential=ID:VALUE\n" - " Pass a credential with literal value to container.\n" diff --git a/sources b/sources index fdd7cac..5e6bcd1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-255-rc1.tar.gz) = 3a92f59af54e0f4988304daa9d1d186554cd07f5ebc95ab17d2d6c1cb37caf7b329e8eca67eb7349aed2f425341ef2b79e2469156a26b6e2436b900b2136f824 +SHA512 (systemd-255-rc2.tar.gz) = f33c6868efcbe05a7a4703136bb84243e5a6889c7740d77535eb9f19bb46c209e6f797533351fcf66d1c5d4b83e20ca436bfcb625e26b729bfadca795207ec56 diff --git a/systemd.spec b/systemd.spec index be8e4c9..7ccc47b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 255~rc1 +Version: 255~rc2 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -105,8 +105,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Drop when dracut-060 is available. Patch0001: https://github.com/systemd/systemd/pull/26494.patch -Patch0002: https://github.com/systemd/systemd/pull/29913/commits/6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch -Patch0003: https://github.com/systemd/systemd/pull/29913/commits/30247ea76e72ed89a5d86ec9b78ca8f89a989258.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From f93a1346f0f7d1bece6599be35e3187a3b495ca0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 23 Nov 2023 00:38:44 +0100 Subject: [PATCH 050/327] Add systemd-networkd-defaults subpackage --- ...always-install-network-example-files.patch | 42 +++++++++++++++++++ split-files.py | 9 +++- systemd.spec | 16 +++++++ 3 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 0001-meson-always-install-network-example-files.patch diff --git a/0001-meson-always-install-network-example-files.patch b/0001-meson-always-install-network-example-files.patch new file mode 100644 index 0000000..de84bf7 --- /dev/null +++ b/0001-meson-always-install-network-example-files.patch @@ -0,0 +1,42 @@ +From 518d40b992abca8de5b9136e88748783200535da Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 23 Nov 2023 00:06:29 +0100 +Subject: [PATCH] meson: always install network example files + +I started working on integrating this in the Fedora package and realized that +the example files should be installed regardless of the renamed files when +default-network=true is used. This is because the renamed files become part of +a different package, and we want to have the other files which are used as +documentation in the main package anyway. +--- + network/meson.build | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/network/meson.build b/network/meson.build +index 4f17f7385e..2a472f4f51 100644 +--- a/network/meson.build ++++ b/network/meson.build +@@ -18,6 +18,10 @@ if conf.get('ENABLE_NETWORKD') == 1 + '80-wifi-station.network.example', + ) + ++ install_data( ++ example_network_files, ++ install_dir : networkdir) ++ + if get_option('default-network') + foreach f : example_network_files + install_data( +@@ -25,12 +29,7 @@ if conf.get('ENABLE_NETWORKD') == 1 + rename : fs.replace_suffix(fs.name(f), ''), + install_dir : networkdir) + endforeach +- else +- install_data( +- example_network_files, +- install_dir : networkdir) + endif +- + endif + + install_data('99-default.link', diff --git a/split-files.py b/split-files.py index 0f1260e..c6e3cb7 100644 --- a/split-files.py +++ b/split-files.py @@ -24,6 +24,7 @@ o_rpm_macros = open('.file-list-rpm-macros', 'w') o_devel = open('.file-list-devel', 'w') o_container = open('.file-list-container', 'w') o_networkd = open('.file-list-networkd', 'w') +o_networkd_defaults = open('.file-list-networkd-defaults', 'w') o_oomd_defaults = open('.file-list-oomd-defaults', 'w') o_remote = open('.file-list-remote', 'w') o_resolve = open('.file-list-resolve', 'w') @@ -103,7 +104,13 @@ for file in files(buildroot): ''', n, re.X): o = o_container - elif re.search(r'''/usr/lib/systemd/network/80-| + # .network.example files go into systemd-networkd, and the matching files + # without .example go into systemd-networkd-defaults + elif (re.search(r'''/usr/lib/systemd/network/.*\.network$''', n) + and os.path.exists(f'./{n}.example')): + o = o_networkd_defaults + + elif re.search(r'''/usr/lib/systemd/network/.*\.network| networkd| networkctl| org.freedesktop.network1| diff --git a/systemd.spec b/systemd.spec index 7ccc47b..df45e91 100644 --- a/systemd.spec +++ b/systemd.spec @@ -105,6 +105,8 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Drop when dracut-060 is available. Patch0001: https://github.com/systemd/systemd/pull/26494.patch +Patch0002: 0001-meson-always-install-network-example-files.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -489,6 +491,17 @@ systemd-networkd is a system service that manages networks. It detects and configures network devices as they appear, as well as creating virtual network devices. +%package networkd-defaults +Summary: Configure network interfaces with networkd by default +Requires: %{name}-networkd = %{version}-%{release} +License: MIT-0 +BuildArch: noarch + +%description networkd-defaults +This package contains a set of config files for systemd-networkd that cause it +to configure network interfaces by default. Note that systemd-networkd needs to +enabled for this to have any effect. + %package resolved Summary: Network Name Resolution manager Requires: %{name}%{_isa} = %{version}-%{release} @@ -625,6 +638,7 @@ CONFIGURE_OPTS=( -Dstandalone-binaries=true -Ddefault-kill-user-processes=false -Dfirst-boot-full-preset=true + -Ddefault-network=true -Dtests=unsafe -Dinstall-tests=true -Dtty-gid=5 @@ -1150,6 +1164,8 @@ fi %files networkd -f .file-list-networkd +%files networkd-defaults -f .file-list-networkd-defaults + %files oomd-defaults -f .file-list-oomd-defaults %files tests -f .file-list-tests From f071684b2e6f709185305083a5eac0cd4255714d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 22 Nov 2023 23:47:30 +0100 Subject: [PATCH 051/327] Version 255~rc3 --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 5e6bcd1..b931cf6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-255-rc2.tar.gz) = f33c6868efcbe05a7a4703136bb84243e5a6889c7740d77535eb9f19bb46c209e6f797533351fcf66d1c5d4b83e20ca436bfcb625e26b729bfadca795207ec56 +SHA512 (systemd-255-rc3.tar.gz) = f46eb9264fb03868926d1abaa4a90af41ac4b2c7770756b87b2f212cd40f3e0c044679d523cbea3078362b12c4a1ee50d73dbe2639980d55c394db9d1a587b6d diff --git a/systemd.spec b/systemd.spec index df45e91..beea696 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 255~rc2 +Version: 255~rc3 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From f216cc8c799544a9074eed84de9795d824857d93 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Thu, 23 Nov 2023 20:19:16 +0000 Subject: [PATCH 052/327] de-dupe LICENSE.LGPL2.1 in licenses The LICENSE.LGPL2.1 file is installed into the same systemd license directory for both the base systemd and -libs. Because the base systemd requires the -libs sub package it's a duplicate and will always be there, it shouldn't cause an issue but it seems in some cases the duplication into the same directory causes issues with ostree so remove it from the base systemd package as it will always be there due to the hard dep on the -libs subpackage. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index beea696..607e0ea 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1119,7 +1119,7 @@ fi %doc %{_pkgdocdir} %exclude %{_pkgdocdir}/LICENSE* # Only the licenses texts for the licenses in License line are included. -%license LICENSE.GPL2 LICENSE.LGPL2.1 +%license LICENSE.GPL2 %license LICENSES/MIT.txt %ghost %dir %attr(0755,-,-) /etc/systemd/system/basic.target.wants %ghost %dir %attr(0755,-,-) /etc/systemd/system/bluetooth.target.wants From 8ff2a6f2d902f404fedd78854dfbbe8f521fb981 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Wed, 29 Nov 2023 10:42:54 -0800 Subject: [PATCH 053/327] Backport #30197 to fix vconsole startup (RHBZ #2251394) --- ...art-rate-limit-for-systemd-vconsole-.patch | 45 +++++++++++++++++++ systemd.spec | 5 +++ 2 files changed, 50 insertions(+) create mode 100644 0001-units-disable-start-rate-limit-for-systemd-vconsole-.patch diff --git a/0001-units-disable-start-rate-limit-for-systemd-vconsole-.patch b/0001-units-disable-start-rate-limit-for-systemd-vconsole-.patch new file mode 100644 index 0000000..1c8d79a --- /dev/null +++ b/0001-units-disable-start-rate-limit-for-systemd-vconsole-.patch @@ -0,0 +1,45 @@ +From 4704176795c167d49f87dfea79193913e6c6d939 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sat, 25 Nov 2023 13:27:17 +0100 +Subject: [PATCH] units: disable start rate limit for + systemd-vconsole-setup.service + +The unit will be started or restarted a few times during boot, but but it has +StartLimitBurst = DefaultStartLimitBurst = 5, which means that the fifth +restart will already fail. On my laptop, I have exactly 4 restarts, so I don't +hit the limit, but on a slightly different system we will easily hit the limit. +In https://bugzilla.redhat.com/show_bug.cgi?id=2251394, there are five reloads +and we hit the limit. + +Since 6ef512c0bb7aeb2000588d7d05e23b4681da8657 we propagate the start counter +over switch-root and daemon reloads, so it's easier to hit the limit during +boot. + +In principle there might be systems with lots of vtcon devices, so let's just +allow the unit to be restarted without a limit. + +Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251394. +--- + units/systemd-vconsole-setup.service.in | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/units/systemd-vconsole-setup.service.in b/units/systemd-vconsole-setup.service.in +index 3475d456bc..c6c5bc9130 100644 +--- a/units/systemd-vconsole-setup.service.in ++++ b/units/systemd-vconsole-setup.service.in +@@ -17,6 +17,12 @@ DefaultDependencies=no + Before=sysinit.target + Before=initrd-switch-root.target shutdown.target + ++# This unit will be restarted by udev whenever a new vtcon device appears or is ++# triggered. Usually that happens just a handful of times during boot, but some ++# systems may have hundreds or thousands of serial consoles connected, so let's ++# just disable the limit altogether. ++StartLimitIntervalSec=0 ++ + [Service] + Type=oneshot + # This service will be restarted by udev whenever a new vtcon device appears. +-- +2.43.0 + diff --git a/systemd.spec b/systemd.spec index 607e0ea..34e2bfe 100644 --- a/systemd.spec +++ b/systemd.spec @@ -107,6 +107,11 @@ Patch0001: https://github.com/systemd/systemd/pull/26494.patch Patch0002: 0001-meson-always-install-network-example-files.patch +# https://github.com/systemd/systemd/pull/30197 +# https://bugzilla.redhat.com/show_bug.cgi?id=2251394 +# Drop vconsole restart limit to prevent it sometimes failing on boot +Patch0003: 0001-units-disable-start-rate-limit-for-systemd-vconsole-.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From f41ff634cbc300de8ffb881385da2e10f5c0807c Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Fri, 1 Dec 2023 09:10:38 -0800 Subject: [PATCH 054/327] Backport PRs #30170 and #30266 to fix BPF denials (RHBZ #2250930) --- ...se-bpf-outer-map-fd-in-systemd-execu.patch | 31 +++++++ ...ter_map_fd-to-sd-executor-only-if-Re.patch | 47 ++++++++++ ...redundant-check-when-serializing-FDs.patch | 92 +++++++++++++++++++ ...ple-of-tests-for-RestrictFileSystems.patch | 89 ++++++++++++++++++ systemd.spec | 11 +++ 5 files changed, 270 insertions(+) create mode 100644 0001-Make-sure-we-close-bpf-outer-map-fd-in-systemd-execu.patch create mode 100644 0001-core-pass-bpf_outer_map_fd-to-sd-executor-only-if-Re.patch create mode 100644 0002-core-remove-redundant-check-when-serializing-FDs.patch create mode 100644 0003-test-add-a-couple-of-tests-for-RestrictFileSystems.patch diff --git a/0001-Make-sure-we-close-bpf-outer-map-fd-in-systemd-execu.patch b/0001-Make-sure-we-close-bpf-outer-map-fd-in-systemd-execu.patch new file mode 100644 index 0000000..5388c6a --- /dev/null +++ b/0001-Make-sure-we-close-bpf-outer-map-fd-in-systemd-execu.patch @@ -0,0 +1,31 @@ +From ef90e8f9db911626c8f5c18c49cf6fe445afdefb Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 30 Nov 2023 11:01:14 +0100 +Subject: [PATCH] Make sure we close bpf outer map fd in systemd-executor + +Not doing so leaks it into the child service and causes selinux +denials. +--- + src/core/execute-serialize.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c +index 56c4f4da8a..6c19cd42a2 100644 +--- a/src/core/execute-serialize.c ++++ b/src/core/execute-serialize.c +@@ -1625,6 +1625,12 @@ static int exec_parameters_deserialize(ExecParameters *p, FILE *f, FDSet *fds) { + if (fd < 0) + continue; + ++ /* This is special and relies on close-on-exec semantics, make sure it's ++ * there */ ++ r = fd_cloexec(fd, true); ++ if (r < 0) ++ return r; ++ + p->bpf_outer_map_fd = fd; + } else if ((val = startswith(l, "exec-parameters-notify-socket="))) { + r = free_and_strdup(&p->notify_socket, val); +-- +2.43.0 + diff --git a/0001-core-pass-bpf_outer_map_fd-to-sd-executor-only-if-Re.patch b/0001-core-pass-bpf_outer_map_fd-to-sd-executor-only-if-Re.patch new file mode 100644 index 0000000..cf947f2 --- /dev/null +++ b/0001-core-pass-bpf_outer_map_fd-to-sd-executor-only-if-Re.patch @@ -0,0 +1,47 @@ +From 60ef4baeedc34b5c7ab0e2f211684f9b96d63f82 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Thu, 23 Nov 2023 19:08:22 +0000 +Subject: [PATCH 1/3] core: pass bpf_outer_map_fd to sd-executor only if + RestrictFileSystems was set + +It causes SELinux denials to be raised, so restrict it only where needed + +Follow-up for beb4ae87558cae +--- + src/core/execute-serialize.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c +index 342883994a..60c121a0d1 100644 +--- a/src/core/execute-serialize.c ++++ b/src/core/execute-serialize.c +@@ -1244,7 +1244,7 @@ static bool exec_parameters_is_idle_pipe_set(const ExecParameters *p) { + p->idle_pipe[3] >= 0; + } + +-static int exec_parameters_serialize(const ExecParameters *p, FILE *f, FDSet *fds) { ++static int exec_parameters_serialize(const ExecParameters *p, const ExecContext *c, FILE *f, FDSet *fds) { + int r; + + assert(f); +@@ -1375,7 +1375,7 @@ static int exec_parameters_serialize(const ExecParameters *p, FILE *f, FDSet *fd + return r; + } + +- if (p->bpf_outer_map_fd >= 0) { ++ if (c && exec_context_restrict_filesystems_set(c) && p->bpf_outer_map_fd >= 0) { + r = serialize_fd(f, fds, "exec-parameters-bpf-outer-map-fd", p->bpf_outer_map_fd); + if (r < 0) + return r; +@@ -3860,7 +3860,7 @@ int exec_serialize_invocation( + if (r < 0) + return log_debug_errno(r, "Failed to serialize command: %m"); + +- r = exec_parameters_serialize(p, f, fds); ++ r = exec_parameters_serialize(p, ctx, f, fds); + if (r < 0) + return log_debug_errno(r, "Failed to serialize parameters: %m"); + +-- +2.43.0 + diff --git a/0002-core-remove-redundant-check-when-serializing-FDs.patch b/0002-core-remove-redundant-check-when-serializing-FDs.patch new file mode 100644 index 0000000..e09a2e0 --- /dev/null +++ b/0002-core-remove-redundant-check-when-serializing-FDs.patch @@ -0,0 +1,92 @@ +From 2d042c75ffb71f59ebd4689c3972786c29b4bf51 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Thu, 23 Nov 2023 19:14:45 +0000 +Subject: [PATCH 2/3] core: remove redundant check when serializing FDs + +The helpers already skip if the FD is < 0 +--- + src/core/execute-serialize.c | 50 ++++++++++++++---------------------- + 1 file changed, 19 insertions(+), 31 deletions(-) + +diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c +index 60c121a0d1..56c4f4da8a 100644 +--- a/src/core/execute-serialize.c ++++ b/src/core/execute-serialize.c +@@ -1274,11 +1274,9 @@ static int exec_parameters_serialize(const ExecParameters *p, const ExecContext + return r; + } + +- if (p->n_socket_fds + p->n_storage_fds > 0) { +- r = serialize_fd_many(f, fds, "exec-parameters-fds", p->fds, p->n_socket_fds + p->n_storage_fds); +- if (r < 0) +- return r; +- } ++ r = serialize_fd_many(f, fds, "exec-parameters-fds", p->fds, p->n_socket_fds + p->n_storage_fds); ++ if (r < 0) ++ return r; + } + + r = serialize_strv(f, "exec-parameters-fd-names", p->fd_names); +@@ -1351,31 +1349,23 @@ static int exec_parameters_serialize(const ExecParameters *p, const ExecContext + return r; + } + +- if (p->stdin_fd >= 0) { +- r = serialize_fd(f, fds, "exec-parameters-stdin-fd", p->stdin_fd); +- if (r < 0) +- return r; +- } ++ r = serialize_fd(f, fds, "exec-parameters-stdin-fd", p->stdin_fd); ++ if (r < 0) ++ return r; + +- if (p->stdout_fd >= 0) { +- r = serialize_fd(f, fds, "exec-parameters-stdout-fd", p->stdout_fd); +- if (r < 0) +- return r; +- } ++ r = serialize_fd(f, fds, "exec-parameters-stdout-fd", p->stdout_fd); ++ if (r < 0) ++ return r; + +- if (p->stderr_fd >= 0) { +- r = serialize_fd(f, fds, "exec-parameters-stderr-fd", p->stderr_fd); +- if (r < 0) +- return r; +- } ++ r = serialize_fd(f, fds, "exec-parameters-stderr-fd", p->stderr_fd); ++ if (r < 0) ++ return r; + +- if (p->exec_fd >= 0) { +- r = serialize_fd(f, fds, "exec-parameters-exec-fd", p->exec_fd); +- if (r < 0) +- return r; +- } ++ r = serialize_fd(f, fds, "exec-parameters-exec-fd", p->exec_fd); ++ if (r < 0) ++ return r; + +- if (c && exec_context_restrict_filesystems_set(c) && p->bpf_outer_map_fd >= 0) { ++ if (c && exec_context_restrict_filesystems_set(c)) { + r = serialize_fd(f, fds, "exec-parameters-bpf-outer-map-fd", p->bpf_outer_map_fd); + if (r < 0) + return r; +@@ -1401,11 +1391,9 @@ static int exec_parameters_serialize(const ExecParameters *p, const ExecContext + if (r < 0) + return r; + +- if (p->user_lookup_fd >= 0) { +- r = serialize_fd(f, fds, "exec-parameters-user-lookup-fd", p->user_lookup_fd); +- if (r < 0) +- return r; +- } ++ r = serialize_fd(f, fds, "exec-parameters-user-lookup-fd", p->user_lookup_fd); ++ if (r < 0) ++ return r; + + r = serialize_strv(f, "exec-parameters-files-env", p->files_env); + if (r < 0) +-- +2.43.0 + diff --git a/0003-test-add-a-couple-of-tests-for-RestrictFileSystems.patch b/0003-test-add-a-couple-of-tests-for-RestrictFileSystems.patch new file mode 100644 index 0000000..4034b22 --- /dev/null +++ b/0003-test-add-a-couple-of-tests-for-RestrictFileSystems.patch @@ -0,0 +1,89 @@ +From 4a43c2b3a1066247f26d8a6e52ebfc40852a5f7e Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Fri, 24 Nov 2023 16:00:15 +0100 +Subject: [PATCH 3/3] test: add a couple of tests for RestrictFileSystems= + +--- + test/units/testsuite-07.exec-context.sh | 31 +++++++++++++++++++++++++ + test/units/util.sh | 19 +++++++++++++++ + 2 files changed, 50 insertions(+) + +diff --git a/test/units/testsuite-07.exec-context.sh b/test/units/testsuite-07.exec-context.sh +index b4118d2fe8..10b425359d 100755 +--- a/test/units/testsuite-07.exec-context.sh ++++ b/test/units/testsuite-07.exec-context.sh +@@ -4,6 +4,9 @@ + set -eux + set -o pipefail + ++# shellcheck source=test/units/util.sh ++. "$(dirname "$0")"/util.sh ++ + # Make sure the unit's exec context matches its configuration + # See: https://github.com/systemd/systemd/pull/29552 + +@@ -284,6 +287,34 @@ systemd-run --wait --pipe "${ARGUMENTS[@]}" \ + ulimit -R || exit 0; + : RTTIME; [[ $(ulimit -SR) -eq 666666 ]]; [[ $(ulimit -HR) -eq 666666 ]];' + ++# RestrictFileSystems= ++# ++# Note: running instrumented binaries requires at least /proc to be accessible, so let's ++# skip the test when we're running under sanitizers ++if [[ ! -v ASAN_OPTIONS ]] && systemctl --version | grep "+BPF_FRAMEWORK" && kernel_supports_lsm bpf; then ++ ROOTFS="$(df --output=fstype /usr/bin | sed --quiet 2p)" ++ systemd-run --wait --pipe -p RestrictFileSystems="" ls / ++ systemd-run --wait --pipe -p RestrictFileSystems="$ROOTFS foo bar" ls / ++ (! systemd-run --wait --pipe -p RestrictFileSystems="$ROOTFS" ls /proc) ++ (! systemd-run --wait --pipe -p RestrictFileSystems="foo" ls /) ++ systemd-run --wait --pipe -p RestrictFileSystems="$ROOTFS foo bar baz proc" ls /proc ++ systemd-run --wait --pipe -p RestrictFileSystems="$ROOTFS @foo @basic-api" ls /proc ++ systemd-run --wait --pipe -p RestrictFileSystems="$ROOTFS @foo @basic-api" ls /sys/fs/cgroup ++ ++ systemd-run --wait --pipe -p RestrictFileSystems="~" ls / ++ systemd-run --wait --pipe -p RestrictFileSystems="~proc" ls / ++ systemd-run --wait --pipe -p RestrictFileSystems="~@basic-api" ls / ++ (! systemd-run --wait --pipe -p RestrictFileSystems="~$ROOTFS" ls /) ++ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc" ls /proc) ++ (! systemd-run --wait --pipe -p RestrictFileSystems="~@basic-api" ls /proc) ++ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc foo @bar @basic-api" ls /proc) ++ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc foo @bar @basic-api" ls /sys) ++ systemd-run --wait --pipe -p RestrictFileSystems="~proc devtmpfs sysfs" ls / ++ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc devtmpfs sysfs" ls /proc) ++ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc devtmpfs sysfs" ls /dev) ++ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc devtmpfs sysfs" ls /sys) ++fi ++ + # Ensure that clean-up codepaths work correctly if activation ultimately fails + touch /run/not-a-directory + mkdir /tmp/root +diff --git a/test/units/util.sh b/test/units/util.sh +index fdfb91f8c6..b5ed73237c 100755 +--- a/test/units/util.sh ++++ b/test/units/util.sh +@@ -197,3 +197,22 @@ openssl_supports_kdf() { + # but let's do that when/if the need arises + openssl kdf -keylen 16 -kdfopt digest:SHA2-256 -kdfopt key:foo -out /dev/null "$kdf" + } ++ ++kernel_supports_lsm() { ++ local lsm="${1:?}" ++ local items item ++ ++ if [[ ! -e /sys/kernel/security/lsm ]]; then ++ echo "/sys/kernel/security/lsm doesn't exist, assuming $lsm is not supported" ++ return 1 ++ fi ++ ++ mapfile -t -d, items Date: Thu, 23 Nov 2023 14:45:33 +0100 Subject: [PATCH 055/327] split-files: move static filelist config into split-files.py The idea was that it's nicer to keep that config in .spec where it's subject to syntax highlighting. split-files.py was supposed to a stand-alone program. But in practice this split is confusing, because file rules are listed in two places and we need to modify split-files.py quite often. This will be easier if everything is in one file. [skip changelog] --- split-files.py | 39 +++++++++++++++++++++++++++++++++++++-- systemd.spec | 39 ++------------------------------------- 2 files changed, 39 insertions(+), 39 deletions(-) diff --git a/split-files.py b/split-files.py index c6e3cb7..cd19a85 100644 --- a/split-files.py +++ b/split-files.py @@ -1,8 +1,43 @@ import re, sys, os, collections buildroot = sys.argv[1] -known_files = sys.stdin.read().splitlines() -known_files = {line.split()[-1]:line for line in known_files} + +known_files = ''' +%ghost %config(noreplace) /etc/crypttab +%ghost %attr(0444,root,root) /etc/udev/hwdb.bin +/etc/inittab +/usr/lib/systemd/purge-nobody-user +%ghost %config(noreplace) /etc/vconsole.conf +%ghost %config(noreplace) /etc/X11/xorg.conf.d/00-keyboard.conf +%ghost %attr(0664,root,root) %verify(not group) /run/utmp +%ghost %attr(0664,root,root) %verify(not group) /var/log/wtmp +%ghost %attr(0660,root,root) %verify(not group) /var/log/btmp +%ghost %attr(0664,root,root) %verify(not md5 size mtime group) /var/log/lastlog +%ghost %config(noreplace) /etc/hostname +%ghost %config(noreplace) /etc/localtime +%ghost %config(noreplace) /etc/locale.conf +%ghost %attr(0444,root,root) %config(noreplace) /etc/machine-id +%ghost %config(noreplace) /etc/machine-info +%ghost %attr(0700,root,root) %dir /var/cache/private +%ghost %attr(0700,root,root) %dir /var/lib/private +%ghost %dir /var/lib/private/systemd +%ghost %dir /var/lib/private/systemd/journal-upload +%ghost /var/lib/private/systemd/journal-upload/state +%ghost %dir /var/lib/systemd/timesync +%ghost /var/lib/systemd/timesync/clock +%ghost %dir /var/lib/systemd/backlight +%ghost /var/lib/systemd/catalog/database +%ghost %dir /var/lib/systemd/coredump +%ghost /var/lib/systemd/journal-upload +%ghost %dir /var/lib/systemd/linger +%ghost %attr(0600,root,root) /var/lib/systemd/random-seed +%ghost %dir /var/lib/systemd/rfkill +%ghost %dir %verify(not mode group) /var/log/journal +%ghost %dir /var/log/journal/remote +%ghost %attr(0700,root,root) %dir /var/log/private +'''.splitlines() + +known_files = {line.split()[-1]:line for line in known_files if line} def files(root): os.chdir(root) diff --git a/systemd.spec b/systemd.spec index 28fdc6d..a70d85e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -849,43 +849,8 @@ ln -s --relative %{buildroot}%{_bindir}/kernel-install %{buildroot}%{_sbindir}/i %find_lang %{name} -# Split files in build root into rpms. See split-files.py for the -# rules towards the end, anything which is an exception needs a line -# here. -python3 %{SOURCE2} %buildroot < Date: Thu, 23 Nov 2023 14:53:53 +0100 Subject: [PATCH 056/327] split-files: use a dictionary instead of many little variables Just refactoring, to make it easier to act on the list of outputs. [skip changelog] --- split-files.py | 84 ++++++++++++++++++++++++++------------------------ 1 file changed, 44 insertions(+), 40 deletions(-) diff --git a/split-files.py b/split-files.py index cd19a85..ad0d920 100644 --- a/split-files.py +++ b/split-files.py @@ -50,25 +50,29 @@ def files(root): if file.is_dir() and not file.is_symlink(): todo.append(file) -o_libs = open('.file-list-libs', 'w') -o_udev = open('.file-list-udev', 'w') -o_ukify = open('.file-list-ukify', 'w') -o_boot = open('.file-list-boot', 'w') -o_pam = open('.file-list-pam', 'w') -o_rpm_macros = open('.file-list-rpm-macros', 'w') -o_devel = open('.file-list-devel', 'w') -o_container = open('.file-list-container', 'w') -o_networkd = open('.file-list-networkd', 'w') -o_networkd_defaults = open('.file-list-networkd-defaults', 'w') -o_oomd_defaults = open('.file-list-oomd-defaults', 'w') -o_remote = open('.file-list-remote', 'w') -o_resolve = open('.file-list-resolve', 'w') -o_tests = open('.file-list-tests', 'w') -o_standalone_repart = open('.file-list-standalone-repart', 'w') -o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w') -o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w') -o_standalone_shutdown = open('.file-list-standalone-shutdown', 'w') -o_main = open('.file-list-main', 'w') +outputs = {suffix: open(f'.file-list-{suffix}', 'w') + for suffix in ( + 'libs', + 'udev', + 'ukify', + 'boot', + 'pam', + 'rpm-macros', + 'devel', + 'container', + 'networkd', + 'networkd-defaults', + 'oomd-defaults', + 'remote', + 'resolve', + 'tests', + 'standalone-repart', + 'standalone-tmpfiles', + 'standalone-sysusers', + 'standalone-shutdown', + 'main', + )} + for file in files(buildroot): n = file.path[1:] if re.match(r'''/usr/(share|include)$| @@ -95,36 +99,36 @@ for file in files(buildroot): if n.endswith('.standalone'): if 'repart' in n: - o = o_standalone_repart + o = outputs['standalone-repart'] elif 'tmpfiles' in n: - o = o_standalone_tmpfiles + o = outputs['standalone-tmpfiles'] elif 'sysusers' in n: - o = o_standalone_sysusers + o = outputs['standalone-sysusers'] elif 'shutdown' in n: - o = o_standalone_shutdown + o = outputs['standalone-shutdown'] else: assert False, 'Found .standalone not belonging to known packages' elif '/security/pam_' in n or '/man8/pam_' in n: - o = o_pam + o = outputs['pam'] elif '/rpm/' in n: - o = o_rpm_macros + o = outputs['rpm-macros'] elif '/usr/lib/systemd/tests' in n: - o = o_tests + o = outputs['tests'] elif 'ukify' in n: - o = o_ukify + o = outputs['ukify'] elif re.search(r'/libsystemd-(shared|core)-.*\.so$', n): - o = o_main + o = outputs['main'] elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n): - o = o_udev + o = outputs['udev'] elif re.search(r'/lib.*\.pc|/man3/|/usr/include|\.so$', n): - o = o_devel + o = outputs['devel'] elif re.search(r'''journal-(remote|gateway|upload)| systemd-remote\.conf| /usr/share/systemd/gatewayd| /var/log/journal/remote ''', n, re.X): - o = o_remote + o = outputs['remote'] elif re.search(r'''mymachines| machinectl| @@ -137,13 +141,13 @@ for file in files(buildroot): var-lib-machines.mount| org.freedesktop.(import|machine)1 ''', n, re.X): - o = o_container + o = outputs['container'] # .network.example files go into systemd-networkd, and the matching files # without .example go into systemd-networkd-defaults elif (re.search(r'''/usr/lib/systemd/network/.*\.network$''', n) and os.path.exists(f'./{n}.example')): - o = o_networkd_defaults + o = outputs['networkd-defaults'] elif re.search(r'''/usr/lib/systemd/network/.*\.network| networkd| @@ -154,13 +158,13 @@ for file in files(buildroot): systemd\.network| systemd\.netdev ''', n, re.X): - o = o_networkd + o = outputs['networkd'] elif '.so.' in n: - o = o_libs + o = outputs['libs'] elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X): - o = o_oomd_defaults + o = outputs['oomd-defaults'] elif re.search(r'''udev(?!\.pc)| hwdb| @@ -211,23 +215,23 @@ for file in files(buildroot): ''', n, re.X): # coredumpctl, homectl, portablectl are included in the main package because # they can be used to interact with remote daemons. Also, the user could be # confused if those user-facing binaries are not available. - o = o_udev + o = outputs['udev'] elif re.search(r'''/boot/efi| /usr/lib/systemd/boot| sd-boot|systemd-boot\.|loader.conf ''', n, re.X): - o = o_boot + o = outputs['boot'] elif re.search(r'''resolved|resolve1| systemd-resolve| resolvconf| systemd\.(positive|negative) ''', n, re.X): # resolvectl and nss-resolve are in the main package. - o = o_resolve + o = outputs['resolve'] else: - o = o_main + o = outputs['main'] if n in known_files: prefix = ' '.join(known_files[n].split()[:-1]) From 0e8fc18fbde4c57742cc844a73bc280b8929b781 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 23 Nov 2023 14:57:31 +0100 Subject: [PATCH 057/327] split-files: fail early if we split-files produces an empty output We would fail later anyway, because rpm refuses %files with an empty filelist file. But this is much later, after %check, so let's fail already in %install. [skip changelog] --- split-files.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/split-files.py b/split-files.py index ad0d920..d978886 100644 --- a/split-files.py +++ b/split-files.py @@ -249,3 +249,8 @@ for file in files(buildroot): suffix = '*' if '/man/' in n else '' print(f'{prefix}{n}{suffix}', file=o) + +if [print(f'ERROR: no file names were written to {o.name}') + for o in outputs.values() + if o.tell() == 0]: + sys.exit(1) From 453bbcb4233717f8e5ad5213882582484da8b7b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 23 Nov 2023 15:10:10 +0100 Subject: [PATCH 058/327] split-files: also handle conditional packages This is a bit annoying, but meh. [skip changelog] --- split-files.py | 7 +++++-- systemd.spec | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/split-files.py b/split-files.py index d978886..e03484f 100644 --- a/split-files.py +++ b/split-files.py @@ -1,6 +1,7 @@ import re, sys, os, collections buildroot = sys.argv[1] +no_bootloader = '--no-bootloader' in sys.argv known_files = ''' %ghost %config(noreplace) /etc/crypttab @@ -251,6 +252,8 @@ for file in files(buildroot): print(f'{prefix}{n}{suffix}', file=o) if [print(f'ERROR: no file names were written to {o.name}') - for o in outputs.values() - if o.tell() == 0]: + for name, o in outputs.items() + if (o.tell() == 0 and + not (no_bootloader and name in ('ukify', 'boot-unsigned'))) + ]: sys.exit(1) diff --git a/systemd.spec b/systemd.spec index a70d85e..ba7f6cb 100644 --- a/systemd.spec +++ b/systemd.spec @@ -850,7 +850,7 @@ ln -s --relative %{buildroot}%{_bindir}/kernel-install %{buildroot}%{_sbindir}/i %find_lang %{name} # Split files in build root into rpms -python3 %{SOURCE2} %buildroot +python3 %{SOURCE2} %buildroot %{!?want_bootloader:--no-bootloader} %check %if %{with tests} From 268ca6a05967f1b2fa5ff6eb1bf85f9f3e6266fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 2 Dec 2023 09:56:40 +0100 Subject: [PATCH 059/327] Version 255~rc4 --- ...se-bpf-outer-map-fd-in-systemd-execu.patch | 31 ------- ...ter_map_fd-to-sd-executor-only-if-Re.patch | 47 ---------- ...always-install-network-example-files.patch | 42 --------- ...art-rate-limit-for-systemd-vconsole-.patch | 45 --------- ...redundant-check-when-serializing-FDs.patch | 92 ------------------- ...ple-of-tests-for-RestrictFileSystems.patch | 89 ------------------ systemd.spec | 20 +--- 7 files changed, 1 insertion(+), 365 deletions(-) delete mode 100644 0001-Make-sure-we-close-bpf-outer-map-fd-in-systemd-execu.patch delete mode 100644 0001-core-pass-bpf_outer_map_fd-to-sd-executor-only-if-Re.patch delete mode 100644 0001-meson-always-install-network-example-files.patch delete mode 100644 0001-units-disable-start-rate-limit-for-systemd-vconsole-.patch delete mode 100644 0002-core-remove-redundant-check-when-serializing-FDs.patch delete mode 100644 0003-test-add-a-couple-of-tests-for-RestrictFileSystems.patch diff --git a/0001-Make-sure-we-close-bpf-outer-map-fd-in-systemd-execu.patch b/0001-Make-sure-we-close-bpf-outer-map-fd-in-systemd-execu.patch deleted file mode 100644 index 5388c6a..0000000 --- a/0001-Make-sure-we-close-bpf-outer-map-fd-in-systemd-execu.patch +++ /dev/null @@ -1,31 +0,0 @@ -From ef90e8f9db911626c8f5c18c49cf6fe445afdefb Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 30 Nov 2023 11:01:14 +0100 -Subject: [PATCH] Make sure we close bpf outer map fd in systemd-executor - -Not doing so leaks it into the child service and causes selinux -denials. ---- - src/core/execute-serialize.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c -index 56c4f4da8a..6c19cd42a2 100644 ---- a/src/core/execute-serialize.c -+++ b/src/core/execute-serialize.c -@@ -1625,6 +1625,12 @@ static int exec_parameters_deserialize(ExecParameters *p, FILE *f, FDSet *fds) { - if (fd < 0) - continue; - -+ /* This is special and relies on close-on-exec semantics, make sure it's -+ * there */ -+ r = fd_cloexec(fd, true); -+ if (r < 0) -+ return r; -+ - p->bpf_outer_map_fd = fd; - } else if ((val = startswith(l, "exec-parameters-notify-socket="))) { - r = free_and_strdup(&p->notify_socket, val); --- -2.43.0 - diff --git a/0001-core-pass-bpf_outer_map_fd-to-sd-executor-only-if-Re.patch b/0001-core-pass-bpf_outer_map_fd-to-sd-executor-only-if-Re.patch deleted file mode 100644 index cf947f2..0000000 --- a/0001-core-pass-bpf_outer_map_fd-to-sd-executor-only-if-Re.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 60ef4baeedc34b5c7ab0e2f211684f9b96d63f82 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Thu, 23 Nov 2023 19:08:22 +0000 -Subject: [PATCH 1/3] core: pass bpf_outer_map_fd to sd-executor only if - RestrictFileSystems was set - -It causes SELinux denials to be raised, so restrict it only where needed - -Follow-up for beb4ae87558cae ---- - src/core/execute-serialize.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c -index 342883994a..60c121a0d1 100644 ---- a/src/core/execute-serialize.c -+++ b/src/core/execute-serialize.c -@@ -1244,7 +1244,7 @@ static bool exec_parameters_is_idle_pipe_set(const ExecParameters *p) { - p->idle_pipe[3] >= 0; - } - --static int exec_parameters_serialize(const ExecParameters *p, FILE *f, FDSet *fds) { -+static int exec_parameters_serialize(const ExecParameters *p, const ExecContext *c, FILE *f, FDSet *fds) { - int r; - - assert(f); -@@ -1375,7 +1375,7 @@ static int exec_parameters_serialize(const ExecParameters *p, FILE *f, FDSet *fd - return r; - } - -- if (p->bpf_outer_map_fd >= 0) { -+ if (c && exec_context_restrict_filesystems_set(c) && p->bpf_outer_map_fd >= 0) { - r = serialize_fd(f, fds, "exec-parameters-bpf-outer-map-fd", p->bpf_outer_map_fd); - if (r < 0) - return r; -@@ -3860,7 +3860,7 @@ int exec_serialize_invocation( - if (r < 0) - return log_debug_errno(r, "Failed to serialize command: %m"); - -- r = exec_parameters_serialize(p, f, fds); -+ r = exec_parameters_serialize(p, ctx, f, fds); - if (r < 0) - return log_debug_errno(r, "Failed to serialize parameters: %m"); - --- -2.43.0 - diff --git a/0001-meson-always-install-network-example-files.patch b/0001-meson-always-install-network-example-files.patch deleted file mode 100644 index de84bf7..0000000 --- a/0001-meson-always-install-network-example-files.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 518d40b992abca8de5b9136e88748783200535da Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 23 Nov 2023 00:06:29 +0100 -Subject: [PATCH] meson: always install network example files - -I started working on integrating this in the Fedora package and realized that -the example files should be installed regardless of the renamed files when -default-network=true is used. This is because the renamed files become part of -a different package, and we want to have the other files which are used as -documentation in the main package anyway. ---- - network/meson.build | 9 ++++----- - 1 file changed, 4 insertions(+), 5 deletions(-) - -diff --git a/network/meson.build b/network/meson.build -index 4f17f7385e..2a472f4f51 100644 ---- a/network/meson.build -+++ b/network/meson.build -@@ -18,6 +18,10 @@ if conf.get('ENABLE_NETWORKD') == 1 - '80-wifi-station.network.example', - ) - -+ install_data( -+ example_network_files, -+ install_dir : networkdir) -+ - if get_option('default-network') - foreach f : example_network_files - install_data( -@@ -25,12 +29,7 @@ if conf.get('ENABLE_NETWORKD') == 1 - rename : fs.replace_suffix(fs.name(f), ''), - install_dir : networkdir) - endforeach -- else -- install_data( -- example_network_files, -- install_dir : networkdir) - endif -- - endif - - install_data('99-default.link', diff --git a/0001-units-disable-start-rate-limit-for-systemd-vconsole-.patch b/0001-units-disable-start-rate-limit-for-systemd-vconsole-.patch deleted file mode 100644 index 1c8d79a..0000000 --- a/0001-units-disable-start-rate-limit-for-systemd-vconsole-.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 4704176795c167d49f87dfea79193913e6c6d939 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sat, 25 Nov 2023 13:27:17 +0100 -Subject: [PATCH] units: disable start rate limit for - systemd-vconsole-setup.service - -The unit will be started or restarted a few times during boot, but but it has -StartLimitBurst = DefaultStartLimitBurst = 5, which means that the fifth -restart will already fail. On my laptop, I have exactly 4 restarts, so I don't -hit the limit, but on a slightly different system we will easily hit the limit. -In https://bugzilla.redhat.com/show_bug.cgi?id=2251394, there are five reloads -and we hit the limit. - -Since 6ef512c0bb7aeb2000588d7d05e23b4681da8657 we propagate the start counter -over switch-root and daemon reloads, so it's easier to hit the limit during -boot. - -In principle there might be systems with lots of vtcon devices, so let's just -allow the unit to be restarted without a limit. - -Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251394. ---- - units/systemd-vconsole-setup.service.in | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/units/systemd-vconsole-setup.service.in b/units/systemd-vconsole-setup.service.in -index 3475d456bc..c6c5bc9130 100644 ---- a/units/systemd-vconsole-setup.service.in -+++ b/units/systemd-vconsole-setup.service.in -@@ -17,6 +17,12 @@ DefaultDependencies=no - Before=sysinit.target - Before=initrd-switch-root.target shutdown.target - -+# This unit will be restarted by udev whenever a new vtcon device appears or is -+# triggered. Usually that happens just a handful of times during boot, but some -+# systems may have hundreds or thousands of serial consoles connected, so let's -+# just disable the limit altogether. -+StartLimitIntervalSec=0 -+ - [Service] - Type=oneshot - # This service will be restarted by udev whenever a new vtcon device appears. --- -2.43.0 - diff --git a/0002-core-remove-redundant-check-when-serializing-FDs.patch b/0002-core-remove-redundant-check-when-serializing-FDs.patch deleted file mode 100644 index e09a2e0..0000000 --- a/0002-core-remove-redundant-check-when-serializing-FDs.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 2d042c75ffb71f59ebd4689c3972786c29b4bf51 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Thu, 23 Nov 2023 19:14:45 +0000 -Subject: [PATCH 2/3] core: remove redundant check when serializing FDs - -The helpers already skip if the FD is < 0 ---- - src/core/execute-serialize.c | 50 ++++++++++++++---------------------- - 1 file changed, 19 insertions(+), 31 deletions(-) - -diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c -index 60c121a0d1..56c4f4da8a 100644 ---- a/src/core/execute-serialize.c -+++ b/src/core/execute-serialize.c -@@ -1274,11 +1274,9 @@ static int exec_parameters_serialize(const ExecParameters *p, const ExecContext - return r; - } - -- if (p->n_socket_fds + p->n_storage_fds > 0) { -- r = serialize_fd_many(f, fds, "exec-parameters-fds", p->fds, p->n_socket_fds + p->n_storage_fds); -- if (r < 0) -- return r; -- } -+ r = serialize_fd_many(f, fds, "exec-parameters-fds", p->fds, p->n_socket_fds + p->n_storage_fds); -+ if (r < 0) -+ return r; - } - - r = serialize_strv(f, "exec-parameters-fd-names", p->fd_names); -@@ -1351,31 +1349,23 @@ static int exec_parameters_serialize(const ExecParameters *p, const ExecContext - return r; - } - -- if (p->stdin_fd >= 0) { -- r = serialize_fd(f, fds, "exec-parameters-stdin-fd", p->stdin_fd); -- if (r < 0) -- return r; -- } -+ r = serialize_fd(f, fds, "exec-parameters-stdin-fd", p->stdin_fd); -+ if (r < 0) -+ return r; - -- if (p->stdout_fd >= 0) { -- r = serialize_fd(f, fds, "exec-parameters-stdout-fd", p->stdout_fd); -- if (r < 0) -- return r; -- } -+ r = serialize_fd(f, fds, "exec-parameters-stdout-fd", p->stdout_fd); -+ if (r < 0) -+ return r; - -- if (p->stderr_fd >= 0) { -- r = serialize_fd(f, fds, "exec-parameters-stderr-fd", p->stderr_fd); -- if (r < 0) -- return r; -- } -+ r = serialize_fd(f, fds, "exec-parameters-stderr-fd", p->stderr_fd); -+ if (r < 0) -+ return r; - -- if (p->exec_fd >= 0) { -- r = serialize_fd(f, fds, "exec-parameters-exec-fd", p->exec_fd); -- if (r < 0) -- return r; -- } -+ r = serialize_fd(f, fds, "exec-parameters-exec-fd", p->exec_fd); -+ if (r < 0) -+ return r; - -- if (c && exec_context_restrict_filesystems_set(c) && p->bpf_outer_map_fd >= 0) { -+ if (c && exec_context_restrict_filesystems_set(c)) { - r = serialize_fd(f, fds, "exec-parameters-bpf-outer-map-fd", p->bpf_outer_map_fd); - if (r < 0) - return r; -@@ -1401,11 +1391,9 @@ static int exec_parameters_serialize(const ExecParameters *p, const ExecContext - if (r < 0) - return r; - -- if (p->user_lookup_fd >= 0) { -- r = serialize_fd(f, fds, "exec-parameters-user-lookup-fd", p->user_lookup_fd); -- if (r < 0) -- return r; -- } -+ r = serialize_fd(f, fds, "exec-parameters-user-lookup-fd", p->user_lookup_fd); -+ if (r < 0) -+ return r; - - r = serialize_strv(f, "exec-parameters-files-env", p->files_env); - if (r < 0) --- -2.43.0 - diff --git a/0003-test-add-a-couple-of-tests-for-RestrictFileSystems.patch b/0003-test-add-a-couple-of-tests-for-RestrictFileSystems.patch deleted file mode 100644 index 4034b22..0000000 --- a/0003-test-add-a-couple-of-tests-for-RestrictFileSystems.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 4a43c2b3a1066247f26d8a6e52ebfc40852a5f7e Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Fri, 24 Nov 2023 16:00:15 +0100 -Subject: [PATCH 3/3] test: add a couple of tests for RestrictFileSystems= - ---- - test/units/testsuite-07.exec-context.sh | 31 +++++++++++++++++++++++++ - test/units/util.sh | 19 +++++++++++++++ - 2 files changed, 50 insertions(+) - -diff --git a/test/units/testsuite-07.exec-context.sh b/test/units/testsuite-07.exec-context.sh -index b4118d2fe8..10b425359d 100755 ---- a/test/units/testsuite-07.exec-context.sh -+++ b/test/units/testsuite-07.exec-context.sh -@@ -4,6 +4,9 @@ - set -eux - set -o pipefail - -+# shellcheck source=test/units/util.sh -+. "$(dirname "$0")"/util.sh -+ - # Make sure the unit's exec context matches its configuration - # See: https://github.com/systemd/systemd/pull/29552 - -@@ -284,6 +287,34 @@ systemd-run --wait --pipe "${ARGUMENTS[@]}" \ - ulimit -R || exit 0; - : RTTIME; [[ $(ulimit -SR) -eq 666666 ]]; [[ $(ulimit -HR) -eq 666666 ]];' - -+# RestrictFileSystems= -+# -+# Note: running instrumented binaries requires at least /proc to be accessible, so let's -+# skip the test when we're running under sanitizers -+if [[ ! -v ASAN_OPTIONS ]] && systemctl --version | grep "+BPF_FRAMEWORK" && kernel_supports_lsm bpf; then -+ ROOTFS="$(df --output=fstype /usr/bin | sed --quiet 2p)" -+ systemd-run --wait --pipe -p RestrictFileSystems="" ls / -+ systemd-run --wait --pipe -p RestrictFileSystems="$ROOTFS foo bar" ls / -+ (! systemd-run --wait --pipe -p RestrictFileSystems="$ROOTFS" ls /proc) -+ (! systemd-run --wait --pipe -p RestrictFileSystems="foo" ls /) -+ systemd-run --wait --pipe -p RestrictFileSystems="$ROOTFS foo bar baz proc" ls /proc -+ systemd-run --wait --pipe -p RestrictFileSystems="$ROOTFS @foo @basic-api" ls /proc -+ systemd-run --wait --pipe -p RestrictFileSystems="$ROOTFS @foo @basic-api" ls /sys/fs/cgroup -+ -+ systemd-run --wait --pipe -p RestrictFileSystems="~" ls / -+ systemd-run --wait --pipe -p RestrictFileSystems="~proc" ls / -+ systemd-run --wait --pipe -p RestrictFileSystems="~@basic-api" ls / -+ (! systemd-run --wait --pipe -p RestrictFileSystems="~$ROOTFS" ls /) -+ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc" ls /proc) -+ (! systemd-run --wait --pipe -p RestrictFileSystems="~@basic-api" ls /proc) -+ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc foo @bar @basic-api" ls /proc) -+ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc foo @bar @basic-api" ls /sys) -+ systemd-run --wait --pipe -p RestrictFileSystems="~proc devtmpfs sysfs" ls / -+ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc devtmpfs sysfs" ls /proc) -+ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc devtmpfs sysfs" ls /dev) -+ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc devtmpfs sysfs" ls /sys) -+fi -+ - # Ensure that clean-up codepaths work correctly if activation ultimately fails - touch /run/not-a-directory - mkdir /tmp/root -diff --git a/test/units/util.sh b/test/units/util.sh -index fdfb91f8c6..b5ed73237c 100755 ---- a/test/units/util.sh -+++ b/test/units/util.sh -@@ -197,3 +197,22 @@ openssl_supports_kdf() { - # but let's do that when/if the need arises - openssl kdf -keylen 16 -kdfopt digest:SHA2-256 -kdfopt key:foo -out /dev/null "$kdf" - } -+ -+kernel_supports_lsm() { -+ local lsm="${1:?}" -+ local items item -+ -+ if [[ ! -e /sys/kernel/security/lsm ]]; then -+ echo "/sys/kernel/security/lsm doesn't exist, assuming $lsm is not supported" -+ return 1 -+ fi -+ -+ mapfile -t -d, items Date: Sat, 2 Dec 2023 10:28:45 +0100 Subject: [PATCH 060/327] Upload sources [skip changelog] --- sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources b/sources index b931cf6..20ad87b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-255-rc3.tar.gz) = f46eb9264fb03868926d1abaa4a90af41ac4b2c7770756b87b2f212cd40f3e0c044679d523cbea3078362b12c4a1ee50d73dbe2639980d55c394db9d1a587b6d +SHA512 (systemd-255-rc4.tar.gz) = 7845aeed50a64771da6a5a39266fdbeb8b3b030aca18e03ad22a91bbd0c852e9c713a3cdf83b5b9d2f7f0fbb7a52c0d3a0dd44f28afb082ca340b45d9d4c78f5 From a3dfa110ec033f9e518e0a54be321c8ff3439c8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 2 Dec 2023 10:56:51 +0100 Subject: [PATCH 061/327] split-files: fix check for empty package [skip changelog] --- split-files.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/split-files.py b/split-files.py index e03484f..23402d3 100644 --- a/split-files.py +++ b/split-files.py @@ -254,6 +254,6 @@ for file in files(buildroot): if [print(f'ERROR: no file names were written to {o.name}') for name, o in outputs.items() if (o.tell() == 0 and - not (no_bootloader and name in ('ukify', 'boot-unsigned'))) + not (no_bootloader and name in ('ukify', 'boot'))) ]: sys.exit(1) From e36c897dbdeec1099fa9e4ec428fb3bb080df646 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 4 Dec 2023 12:42:29 +0900 Subject: [PATCH 062/327] Replace deprecated boolean value with enabled/disabled [skip changelog] --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 6394857..82161d1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -622,9 +622,9 @@ CONFIGURE_OPTS=( -Dqrencode=%[%{defined rhel}?"disabled":"enabled"] -Dgnutls=%[%{with gnutls}?"enabled":"disabled"] -Dmicrohttpd=enabled - -Dvmspawn=true + -Dvmspawn=enabled -Dlibidn2=enabled - -Dlibiptc=false + -Dlibiptc=disabled -Dlibcurl=enabled -Dlibfido2=enabled -Dxenctrl=%[0%{?have_xen}?"enabled":"disabled"] From 3bab7a695c6fdb27c7800d47067b2203e2200869 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 4 Dec 2023 12:42:46 +0900 Subject: [PATCH 063/327] Drop deprecated split-usr option [skip changelog] --- systemd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 82161d1..f574aee 100644 --- a/systemd.spec +++ b/systemd.spec @@ -644,7 +644,6 @@ CONFIGURE_OPTS=( -Dnobody-user=nobody -Dnobody-group=nobody -Dcompat-mutable-uid-boundaries=true - -Dsplit-usr=false -Dsplit-bin=true -Db_lto=%[%{with lto}?"true":"false"] -Db_ndebug=false From 81bbc12743e3d152364ae74f625033a29174426f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 6 Dec 2023 22:19:12 +0100 Subject: [PATCH 064/327] Version 255 - Just a few bugfixes since 255-rc4: seccomp filters, logging, documentation, systemd-repart - Includes a hardware database update. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 20ad87b..e196ac7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-255-rc4.tar.gz) = 7845aeed50a64771da6a5a39266fdbeb8b3b030aca18e03ad22a91bbd0c852e9c713a3cdf83b5b9d2f7f0fbb7a52c0d3a0dd44f28afb082ca340b45d9d4c78f5 +SHA512 (systemd-255.tar.gz) = 51728de604c2169d8643718ac72acb8f70f613cfcca9e9abb7dac519f291fa26a16d48f24cae6897356319096cfe8f4d9377743e7870127374f98d432e0c557c diff --git a/systemd.spec b/systemd.spec index f574aee..8c31371 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 255~rc4 +Version: 255 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 40811593d0192308d73bebbf32a950a00f5c9821 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 8 Dec 2023 09:43:00 +0100 Subject: [PATCH 065/327] Move systemd-bsod is to udev subpackage --- split-files.py | 1 + 1 file changed, 1 insertion(+) diff --git a/split-files.py b/split-files.py index 23402d3..a025062 100644 --- a/split-files.py +++ b/split-files.py @@ -173,6 +173,7 @@ for file in files(buildroot): boot-update| bless-boot| boot-system-token| + bsod| kernel-install| installkernel| vconsole| From 29eb35530b29232eed65718d0cd96d67cd7ffd6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 8 Dec 2023 12:35:59 +0100 Subject: [PATCH 066/327] Move config files to /usr/lib/systemd MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ... (e.g. /etc/systemd/system.conf → /usr/lib/systemd/systemd.conf). Both config file locations were already supported, and the files installed in /etc/ were "empty" (i.e. they had only comments and section headers). The move does not change the configuration, but just makes /etc more empty by default. See https://github.com/systemd/systemd/commit/6495361c7d for more discussion and details. --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index 8c31371..a8946de 100644 --- a/systemd.spec +++ b/systemd.spec @@ -662,6 +662,7 @@ CONFIGURE_OPTS=( # https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer -Ddefault-timeout-sec=45 -Ddefault-user-timeout-sec=45 + -Dconfigfiledir=/usr/lib -Doomd=true -Dadm-gid=4 -Daudio-gid=63 From 245a2587e095a08a61af4e48f7daa57dee3629e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 8 Dec 2023 18:17:39 +0100 Subject: [PATCH 067/327] Add /etc/ssh/sshd_config.d to the file list This is a bit of a mess: sshd can only load configuration from /etc/ssh/sshd_config.d, and that directory is declared as non-world-readable. This is in violation of the packaging guidelines which say that packaged files must be world-readable, and also makes very little sense, since those files are part of the package payload. If we create the directory with different permissions, and list it in %files, installation will fail. If we don't list it in %files, and the user doesn't have openssh-server installed, they will have an unowned directory. Another option would be to depend on owner of this directory, i.e. openssh-server, but we don't want to have that dependency. So let's copy the %files line from openssh-server and figure out what to do if it changes in openssh-server again. --- split-files.py | 1 + 1 file changed, 1 insertion(+) diff --git a/split-files.py b/split-files.py index a025062..4f939ec 100644 --- a/split-files.py +++ b/split-files.py @@ -8,6 +8,7 @@ known_files = ''' %ghost %attr(0444,root,root) /etc/udev/hwdb.bin /etc/inittab /usr/lib/systemd/purge-nobody-user +%dir %attr(0700,root,root) /etc/ssh/sshd_config.d %ghost %config(noreplace) /etc/vconsole.conf %ghost %config(noreplace) /etc/X11/xorg.conf.d/00-keyboard.conf %ghost %attr(0664,root,root) %verify(not group) /run/utmp From 1d61a36c4c436c033981305afe15dada31ada6aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 9 Dec 2023 14:36:49 +0100 Subject: [PATCH 068/327] Add comment [skip changelog] --- split-files.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/split-files.py b/split-files.py index 4f939ec..5304bcc 100644 --- a/split-files.py +++ b/split-files.py @@ -8,6 +8,8 @@ known_files = ''' %ghost %attr(0444,root,root) /etc/udev/hwdb.bin /etc/inittab /usr/lib/systemd/purge-nobody-user +# This directory is owned by openssh-server, but we don't want to introduce +# a dependency. So let's copy the config and co-own the directory. %dir %attr(0700,root,root) /etc/ssh/sshd_config.d %ghost %config(noreplace) /etc/vconsole.conf %ghost %config(noreplace) /etc/X11/xorg.conf.d/00-keyboard.conf @@ -39,7 +41,8 @@ known_files = ''' %ghost %attr(0700,root,root) %dir /var/log/private '''.splitlines() -known_files = {line.split()[-1]:line for line in known_files if line} +known_files = {line.split()[-1]:line for line in known_files.splitlines() + if line and not line.startswith('#')} def files(root): os.chdir(root) From 3a8edc754038f889f4a97641a6b286eaefaf01f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 11 Dec 2023 22:51:48 +0100 Subject: [PATCH 069/327] Fix previous commit [skip changelog] --- split-files.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/split-files.py b/split-files.py index 5304bcc..a595392 100644 --- a/split-files.py +++ b/split-files.py @@ -39,7 +39,7 @@ known_files = ''' %ghost %dir %verify(not mode group) /var/log/journal %ghost %dir /var/log/journal/remote %ghost %attr(0700,root,root) %dir /var/log/private -'''.splitlines() +''' known_files = {line.split()[-1]:line for line in known_files.splitlines() if line and not line.startswith('#')} From 4c7acded2ace6fc074b80f098ee3754de758eab7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 13 Dec 2023 13:02:45 +0100 Subject: [PATCH 070/327] Do not remove modified config files Our config files in /etc/ were marked as %config(noreplace). This means that the would not be replaced on upgraded if local modifications have been made. But when we moved them to /usr/lib, they would be be renamed to .rpmsave, if they had local modifications. This is not what I expected, but what rpm apparently does. So we need to add them as %ghost to prevent the removal. This is probably for the better anyway. --- split-files.py | 15 ++++++++------- systemd.spec | 19 +++++++++++++++++++ 2 files changed, 27 insertions(+), 7 deletions(-) diff --git a/split-files.py b/split-files.py index a595392..3f66ada 100644 --- a/split-files.py +++ b/split-files.py @@ -240,17 +240,18 @@ for file in files(buildroot): o = outputs['main'] if n in known_files: - prefix = ' '.join(known_files[n].split()[:-1]) - if prefix: - prefix += ' ' + prefix = known_files[n].split()[:-1] elif file.is_dir() and not file.is_symlink(): - prefix = '%dir ' + prefix = ['%dir'] elif 'README' in n: - prefix = '%doc ' + prefix = ['%doc'] elif n.startswith('/etc'): - prefix = '%config(noreplace) ' + prefix = ['%config(noreplace)'] + if file.stat().st_size == 0: + prefix += ['%ghost'] else: - prefix = '' + prefix = [] + prefix = ' '.join(prefix + ['']) if prefix else '' suffix = '*' if '/man/' in n else '' diff --git a/systemd.spec b/systemd.spec index a8946de..070190b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -731,6 +731,25 @@ ln -sf ../bin/udevadm %{buildroot}%{_sbindir}/udevadm touch %{buildroot}/etc/crypttab chmod 600 %{buildroot}/etc/crypttab +# Config files that were moved under /usr. +# We need to %ghost them so that they are not removed on upgrades. +touch %{buildroot}/etc/systemd/coredump.conf \ + %{buildroot}/etc/systemd/homed.conf \ + %{buildroot}/etc/systemd/journald.conf \ + %{buildroot}/etc/systemd/journal-remote.conf \ + %{buildroot}/etc/systemd/journal-upload.conf \ + %{buildroot}/etc/systemd/logind.conf \ + %{buildroot}/etc/systemd/networkd.conf \ + %{buildroot}/etc/systemd/oomd.conf \ + %{buildroot}/etc/systemd/pstore.conf \ + %{buildroot}/etc/systemd/resolved.conf \ + %{buildroot}/etc/systemd/sleep.conf \ + %{buildroot}/etc/systemd/system.conf \ + %{buildroot}/etc/systemd/timesyncd.conf \ + %{buildroot}/etc/systemd/user.conf \ + %{buildroot}/etc/udev/udev.conf \ + %{buildroot}/etc/udev/iocost.conf + # /etc/initab install -Dm0644 -t %{buildroot}/etc/ %{SOURCE5} From 3211e4adfcca38dfe24188e28a65b1cf385ecfd6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 16 Dec 2023 11:07:35 +0100 Subject: [PATCH 071/327] Version 255.1 --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index e196ac7..ad62708 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-255.tar.gz) = 51728de604c2169d8643718ac72acb8f70f613cfcca9e9abb7dac519f291fa26a16d48f24cae6897356319096cfe8f4d9377743e7870127374f98d432e0c557c +SHA512 (systemd-255.1.tar.gz) = ec1506b8e36c943920d8a5a8f6bbedd687d6a8cbc5cd28510485aaa65b96ad1bb58e77cf138818c95d31ea748bb65c56b95efd781d18c8936e910e222e9fdedb diff --git a/systemd.spec b/systemd.spec index 070190b..ec214ca 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 255 +Version: 255.1 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From cd0e291d13db4fe21a0c6ec0f262f439a6d8fb23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 9 Jan 2024 10:12:34 +0100 Subject: [PATCH 072/327] Add missing %postun scriptlets for systemd-{resolved,networkd} ... (rhbz#2255718) I'm not sure what happened here. But I think both services should be fine with a restart and there is no reason not to do this. --- systemd.spec | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/systemd.spec b/systemd.spec index ec214ca..0359026 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1032,6 +1032,24 @@ fi %preun networkd %systemd_preun systemd-networkd.service systemd-networkd-wait-online.service +%postun networkd +%systemd_postun_with_restart systemd-networkd.service +%systemd_postun systemd-networkd-wait-online.service + +%post resolved +[ $1 -eq 1 ] || exit 0 +# Initial installation + +touch %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation + +# Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263 +if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then + echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd." + exit 0 +fi + +%systemd_post systemd-resolved.service + %preun resolved if [ $1 -eq 0 ] ; then systemctl disable --quiet \ @@ -1047,19 +1065,8 @@ if [ $1 -eq 0 ] ; then fi fi -%post resolved -[ $1 -eq 1 ] || exit 0 -# Initial installation - -touch %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation - -# Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263 -if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then - echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd." - exit 0 -fi - -%systemd_post systemd-resolved.service +%postun resolved +%systemd_postun_with_restart systemd-resolved.service %posttrans resolved [ -e %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation ] || exit 0 From 047337bfbcb1a19fa5e5942f36b060553a39f9a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 9 Jan 2024 15:52:01 +0100 Subject: [PATCH 073/327] Version 255.2 - Fixes missing DNSSEC validity check in SOA DNS packets (CVE-2023-7008) - systemd-resolved and systemd-networkd are restarted after an upgrade. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 0359026..14f79f7 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 255.1 +Version: 255.2 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From cb344fd09f2896ae9242ebbd70bfd031deacc5d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 9 Jan 2024 16:21:46 +0100 Subject: [PATCH 074/327] Upload sources [skip changelog] --- sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources b/sources index ad62708..6692a85 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-255.1.tar.gz) = ec1506b8e36c943920d8a5a8f6bbedd687d6a8cbc5cd28510485aaa65b96ad1bb58e77cf138818c95d31ea748bb65c56b95efd781d18c8936e910e222e9fdedb +SHA512 (systemd-255.2.tar.gz) = 0a9a43adc6d23f52349d298cdff3f3ae6accd7e43a33253608f7a9d241699c7cba3c9f6a0fa6da3ae3cba0e246e272076bfa2cdf5bade7bc019406f407be0bb9 From 7ec963cfce80fdd6ca56421a598f0230907671e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 23 Jan 2024 18:31:57 +0100 Subject: [PATCH 075/327] Add temporary patch to adjust uid range classification ... (rhbz#2251843) --- 30846.patch | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++ systemd.spec | 4 +++- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 30846.patch diff --git a/30846.patch b/30846.patch new file mode 100644 index 0000000..84a4163 --- /dev/null +++ b/30846.patch @@ -0,0 +1,55 @@ +From 07fd822c59e29b4f5e7dab029ea1186c1b862e3e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 9 Jan 2024 11:28:04 +0100 +Subject: [PATCH] journal: again create user journals for users with high uids + +This effectively reverts a change in 115d5145a257c1a27330acf9f063b5f4d910ca4d +'journald: move uid_for_system_journal() to uid-alloc-range.h', which slipped +in an additional check of uid_is_container(uid). The problem is that that change +is not backwards-compatible at all and very hard for users to handle. +There is no common agreement on mappings of high-range uids. Systemd declares +ownership of a large range for container uids in https://systemd.io/UIDS-GIDS/, +but this is only a recent change and various sites allocated those ranges +in a different way, in particular FreeIPA uses (used?) uids from this range +for human users. On big sites with lots of users changing uids is obviously a +hard problem. We generally assume that uids cannot be "freed" and/or changed +and/or reused safely, so we shouldn't demand the same from others. + +This is somewhat similar to the situation with SYSTEM_ALLOC_UID_MIN / +SYSTEM_UID_MAX, which we tried to define to a fixed value in our code, causing +huge problems for existing systems with were created with a different +definition and couldn't be easily updated. For that case, we added a +configuration time switch and we now parse /etc/login.defs to actually use the +value that is appropriate for the local system. + +Unfortunately, login.defs doesn't have a concept of container allocation ranges +(and we don't have code to parse and use those nonexistent names either), so we +can't tell users to adjust logind.defs to work around the changed definition. + +login.defs has SUB_UID_{MIN,MAX}, but those aren't really the same thing, +because they are used to define where the add allocations for subuids, which is +generally a much smaller range. Maybe we should talk with other folks about +the appropriate allocation ranges and define some new settings in login.defs. +But this would require discussion and coordination with other projects first. + +Actualy, it seems that this change was needed at all. The code in the container +does not log to the outside journal. It talks to its own journald, which does +journal splitting using its internal logic based on shifted uids. So let's +revert the change to fix user systems. + +Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843. +--- + src/basic/uid-alloc-range.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/uid-alloc-range.c b/src/basic/uid-alloc-range.c +index 669cb6d56f7be..7b724b7959f60 100644 +--- a/src/basic/uid-alloc-range.c ++++ b/src/basic/uid-alloc-range.c +@@ -127,5 +127,5 @@ bool uid_for_system_journal(uid_t uid) { + + /* Returns true if the specified UID shall get its data stored in the system journal. */ + +- return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY || uid_is_container(uid); ++ return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY; + } diff --git a/systemd.spec b/systemd.spec index 14f79f7..1400ccc 100644 --- a/systemd.spec +++ b/systemd.spec @@ -109,9 +109,11 @@ Patch0001: https://github.com/systemd/systemd/pull/26494.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0490: use-bfq-scheduler.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2251843 +Patch0491: https://github.com/systemd/systemd/pull/30846.patch # Adjust upstream config to use our shared stack -Patch0491: fedora-use-system-auth-in-pam-systemd-user.patch +Patch0499: fedora-use-system-auth-in-pam-systemd-user.patch %ifarch %{ix86} x86_64 aarch64 %global want_bootloader 1 From 6f32627f61be709fd2b7070530661dc6e0254998 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 25 Jan 2024 16:49:50 +0100 Subject: [PATCH 076/327] Version 255.3 - A bunch of various fixes for memory and behaviour, in many different components (bootctl, systemd, udev, systemd-networkd, systemd-homed, systemd-logind, systemd-resolve, systemd-repart, systemd-analyze, systemd-dissect, systemd-boot, pam modules, systemd-storagetm, systemd-journal-remote, kernel-install) - Improved detection of virtualization (Google Compute Engine, Apple Virt) - Updates for shell completions and docs - An update for hardware database --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 6692a85..97f147b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-255.2.tar.gz) = 0a9a43adc6d23f52349d298cdff3f3ae6accd7e43a33253608f7a9d241699c7cba3c9f6a0fa6da3ae3cba0e246e272076bfa2cdf5bade7bc019406f407be0bb9 +SHA512 (systemd-255.3.tar.gz) = c2868a53df2176649b0d0c94e5d451c46ba783bcdbc89ce12434ed2d11dba44b4854ffe4c2430f3f64eef2e214cbb51d5f740170afbd9edd66761a8851157453 diff --git a/systemd.spec b/systemd.spec index 1400ccc..ba01700 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 255.2 +Version: 255.3 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 92ef780f99da541c9f2976cd04de686548ebed1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 29 Jan 2024 11:23:07 +0100 Subject: [PATCH 077/327] Conflicts/Provides with systemd-standalone-repart are moved udev subpackage /usr/bin/systemd-repart is in systemd-udev, so this Conflicts/Provides combo was misplaced. (For the Conflicts, this is actually not a real issue, because systemd-udev Requires systemd, so transitively, the conflicting packages could not be installed. But for Provides, the issue is real, because systemd by itself does _not_ provide the binary.) This was noticed by rpmdeplint CI job: Undeclared file conflicts: systemd-standalone-repart-255.3-1.fc40.x86_64 provides /usr/bin/systemd-repart which is also provided by systemd-udev-255.2-2.fc40.x86_64 --- systemd.spec | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index ba01700..e98b28c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -253,8 +253,6 @@ Conflicts: dracut < 059-16 Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 -Conflicts: %{name}-standalone-repart < %{version}-%{release}^ -Provides: %{name}-repart = %{version}-%{release} Conflicts: %{name}-standalone-tmpfiles < %{version}-%{release}^ Provides: %{name}-tmpfiles = %{version}-%{release} Conflicts: %{name}-standalone-sysusers < %{version}-%{release}^ @@ -392,6 +390,9 @@ Obsoletes: u2f-hidraw-policy < 1.0.2-40 # self-obsoletes to install both packages after split of systemd-boot Obsoletes: systemd-udev < 252.2^ +Conflicts: %{name}-standalone-repart < %{version}-%{release}^ +Provides: %{name}-repart = %{version}-%{release} + %description udev This package contains systemd-udev and the rules and hardware database needed to manage device nodes. This package is necessary on physical machines and in From b375f983d99f397e184b1d5ab55c7d9674c853c4 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sun, 11 Feb 2024 12:41:32 +0100 Subject: [PATCH 078/327] Stop depending on filelists There's a bug in dnf5 where it always downloads filelists metadata even for file dependencies that are in the "allowed" paths, such as /usr/bin/getfacl. Let's use the package names for now to avoid downloading the filelists metadata unnecessarily. See https://bugzilla.redhat.com/show_bug.cgi?id=2263771 --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index e98b28c..a71549f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -134,9 +134,9 @@ BuildRequires: audit-libs-devel BuildRequires: cryptsetup-devel %endif BuildRequires: dbus-devel -BuildRequires: /usr/sbin/sfdisk +BuildRequires: util-linux # /usr/bin/getfacl is needed by test-acl-util -BuildRequires: /usr/bin/getfacl +BuildRequires: acl BuildRequires: libacl-devel BuildRequires: gobject-introspection-devel BuildRequires: libblkid-devel From a9172a2e9c8cd53f00453e15ec339229925c87df Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sun, 11 Feb 2024 12:48:19 +0100 Subject: [PATCH 079/327] Remove reconfiguration logic meson handles this internally since 1.3 so we don't need this logic anymore. --- systemd.spec | 8 -------- 1 file changed, 8 deletions(-) diff --git a/systemd.spec b/systemd.spec index a71549f..fe91d40 100644 --- a/systemd.spec +++ b/systemd.spec @@ -702,14 +702,6 @@ CONFIGURE_OPTS=( %global _lto_cflags %nil %endif -# Do configuration. If doing an inplace build, try to do -# reconfiguration to pick up new options. -%if %{with inplace} - command -v ccache 2>/dev/null && { CC="${CC:-ccache %__cc}"; CXX="${CXX:-ccache %__cxx}"; } - - [ -e %{_vpath_builddir}/build.ninja ] && - %__meson configure %{_vpath_builddir} "${CONFIGURE_OPTS[@]}" || -%endif { %meson "${CONFIGURE_OPTS[@]}"; } %meson_build From a95f14a72ed67f826802bb44714b0ec7dd9a2a11 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sun, 11 Feb 2024 12:52:56 +0100 Subject: [PATCH 080/327] Replace inplace macro with upstream macro Currently, the inplace macro only influences whether we use tools/meson-vcs-tag.sh to figure out the version instead of using the predefined one. But doing an inplace build shouldn't really affect the version, since it's possible to do an inplace builds that's not a git main upstream build, so the two concepts are disjoint. Instead, let's replace the "inplace" macro with an "upstream" macro to indicate that we're building from systemd git upstream. Aside from influencing the version, this also disables various patches and adds a libarchive dependency that was added upstream recently but isn't in an official release yet. --- README.build-in-place.md | 2 +- systemd.spec | 19 +++++++++++++++---- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/README.build-in-place.md b/README.build-in-place.md index 8c444c5..df108d1 100644 --- a/README.build-in-place.md +++ b/README.build-in-place.md @@ -7,7 +7,7 @@ and his [talk during ASG2019](https://www.youtube.com/watch?v=fVM1kJrymRM). git clone https://github.com/systemd/systemd fedpkg clone systemd fedora-systemd cd systemd -rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with inplace ../fedora-systemd/systemd.spec +rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with upstream ../fedora-systemd/systemd.spec sudo dnf upgrade --setopt install_weak_deps=False rpms/*/*.rpm ``` diff --git a/systemd.spec b/systemd.spec index fe91d40..354678e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -28,13 +28,12 @@ %bcond tests 1 %bcond lto 1 -# Support for quick builds with rpmbuild --build-in-place. -# See README.build-in-place. -%bcond inplace 0 +# Build from git main +%bcond upstream 0 Name: systemd Url: https://systemd.io -%if %{without inplace} +%if %{without upstream} Version: 255.3 %else # determine the build information from local checkout @@ -100,6 +99,8 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. +%if %{without upstream} + # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 # Drop when dracut-060 is available. @@ -115,6 +116,8 @@ Patch0491: https://github.com/systemd/systemd/pull/30846.patch # Adjust upstream config to use our shared stack Patch0499: fedora-use-system-auth-in-pam-systemd-user.patch +%endif + %ifarch %{ix86} x86_64 aarch64 %global want_bootloader 1 %endif @@ -206,6 +209,10 @@ BuildRequires: pkgconfig(bash-completion) BuildRequires: perl BuildRequires: perl(IPC::SysV) +%if %{with upstream} +BuildRequires: pkgconfig(libarchive) +%endif + %ifnarch %ix86 # bpftool is not built for i368 BuildRequires: bpftool @@ -282,6 +289,10 @@ Recommends: libelf.so.1(ELFUTILS_1.7)%{?elf_bits} Recommends: libcryptsetup.so.12%{?elf_suffix} Recommends: libcryptsetup.so.12(CRYPTSETUP_2.4)%{?elf_bits} +%if %{with upstream} +Recommends: libarchive.so.13%{?elf_suffix} +%endif + %description systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket From 3f657395214b75c7c7b8028091e7f534ae6f23a0 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 15 Feb 2024 20:21:25 +0100 Subject: [PATCH 081/327] Update usage of meson-vcs-tag.sh to account for upstream changes The second argument now specifies the version tag version so let's adapt. Because the script now supports running without any arguments at all, let's just do that. The output now also doesn't use any hyphens anymore so we get rid of the sed transformation as well; --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 354678e..d8a58e5 100644 --- a/systemd.spec +++ b/systemd.spec @@ -37,7 +37,7 @@ Url: https://systemd.io Version: 255.3 %else # determine the build information from local checkout -Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') +Version: %(tools/meson-vcs-tag.sh) %endif Release: %autorelease From 4c5b844e620bc610d792cc416fc436810c6441d8 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sat, 17 Feb 2024 17:58:18 +0100 Subject: [PATCH 082/327] Don't pass b_lto to meson Let's depend on %lto_cflags doing the right thing instead of manually passing the b_lto option to meson. --- systemd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index d8a58e5..75720d8 100644 --- a/systemd.spec +++ b/systemd.spec @@ -659,7 +659,6 @@ CONFIGURE_OPTS=( -Dnobody-group=nobody -Dcompat-mutable-uid-boundaries=true -Dsplit-bin=true - -Db_lto=%[%{with lto}?"true":"false"] -Db_ndebug=false -Dman=enabled -Dversion-tag=%{version}-%{release} From 74b3ef386f602ee69c0204525083aa45ade786ad Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sat, 17 Feb 2024 17:59:21 +0100 Subject: [PATCH 083/327] Stop passing %{release} to meson when building in upstream mode When building in upstream mode, the release doesn't really have any meaning so let's stop passing it as part of the version-tag and shared-library-tag arguments. This also makes it possible to make the release a timestamp so that each package built from upstream is guaranteed to be newer. If we pass the release to meson via version-tag and shared-library-tag and the release changes every build, we end up having constant rebuilds of various targets in meson that depend on the version. --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 75720d8..10ad145 100644 --- a/systemd.spec +++ b/systemd.spec @@ -661,9 +661,9 @@ CONFIGURE_OPTS=( -Dsplit-bin=true -Db_ndebug=false -Dman=enabled - -Dversion-tag=%{version}-%{release} + -Dversion-tag=%{version}%[%{without upstream}?"-%{release}":""] # https://bugzilla.redhat.com/show_bug.cgi?id=1906010 - -Dshared-lib-tag=%{version_no_tilde}-%{release} + -Dshared-lib-tag=%{version_no_tilde}%[%{without upstream}?"-%{release}":""] -Dfallback-hostname="localhost" -Ddefault-dnssec=no -Ddefault-dns-over-tls=no From 3520bb5c9267749043db39dfd24cb090157955b1 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sat, 17 Feb 2024 18:02:24 +0100 Subject: [PATCH 084/327] Allow overriding the version and release using macros Let's allow overriding the version and release by specifying the corresponding macros on the rpmbuild command line. This allows us to specify a custom version and release when doing upstream builds. --- systemd.spec | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/systemd.spec b/systemd.spec index 10ad145..0add847 100644 --- a/systemd.spec +++ b/systemd.spec @@ -33,13 +33,8 @@ Name: systemd Url: https://systemd.io -%if %{without upstream} -Version: 255.3 -%else -# determine the build information from local checkout -Version: %(tools/meson-vcs-tag.sh) -%endif -Release: %autorelease +Version: %{?version}%{!?version:255.3} +Release: %{?release}%{!?release:%autorelease} %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From 7740aea610b37fbac557cf4e73ae35bfa49b8b13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 20 Feb 2024 11:11:20 +0100 Subject: [PATCH 085/327] Let libkmod be a dlopen'ed dependency --- systemd.spec | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/systemd.spec b/systemd.spec index 0add847..a09be1d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -285,6 +285,15 @@ Recommends: libcryptsetup.so.12%{?elf_suffix} Recommends: libcryptsetup.so.12(CRYPTSETUP_2.4)%{?elf_bits} %if %{with upstream} +# Libkmod is used to load modules. +Recommends: libkmod.so.2%{?elf_suffix} +# kmod_list_next, kmod_load_resources, kmod_module_get_initstate, +# kmod_module_get_module, kmod_module_get_name, kmod_module_new_from_lookup, +# kmod_module_probe_insert_module, kmod_module_unref, kmod_module_unref_list, +# kmod_new, kmod_set_log_fn, kmod_unref, kmod_validate_resources +# are part of LIBKMOD_5. +Recommends: libkmod.so.2(LIBKMOD_5)%{?elf_bits} + Recommends: libarchive.so.13%{?elf_suffix} %endif @@ -366,6 +375,13 @@ Obsoletes: udev < 183 Requires: (grubby > 8.40-72 if grubby) Requires: (sdubby > 1.0-3 if sdubby) +%if %{with upstream} +# Libkmod is used to load modules. Assume that if we need udevd, we certainly +# want to load modules, so make this into a hard dependency here. +Requires: libkmod.so.2%{?elf_suffix} +Requires: libkmod.so.2(LIBKMOD_5)%{?elf_bits} +%endif + # Recommends to replace normal Requires deps for stuff that is dlopen()ed # used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home Recommends: libcryptsetup.so.12%{?elf_suffix} From 0a51fe1e6ba8b30fcdb2c2171fc49ea2e2d6a56d Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 20 Feb 2024 12:20:11 +0100 Subject: [PATCH 086/327] Use %version_override/%release_override to specify version/release by users When backporting the latest changes to CentOS Hyperscale reviewers were confused by using %version and %release to define "Version" and "Release" which are supposed to specify the values for %version and %release. Let's use different macros to make it more clear that these are supposed to be set by users building the rpm and add a comment to explain why we do this. --- systemd.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index a09be1d..0dc8f07 100644 --- a/systemd.spec +++ b/systemd.spec @@ -33,8 +33,10 @@ Name: systemd Url: https://systemd.io -Version: %{?version}%{!?version:255.3} -Release: %{?release}%{!?release:%autorelease} +# Allow users to specify the version and release when building the rpm by +# setting the %%version_override and %%release_override macros. +Version: %{?version_override}%{!?version_override:255.3} +Release: %{?release_override:%{release_override}%{?dist}}%{!?release_override:%autorelease} %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From 104532bab277f06e7c808f9661ce88324d4c07a0 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 21 Feb 2024 15:42:00 +0100 Subject: [PATCH 087/327] Apply pam patch when building for upstream It applies without conflicts and ensures coverage of a pretty important patch so let's apply it when building for upstream. --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 0dc8f07..f34169b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -110,11 +110,11 @@ Patch0490: use-bfq-scheduler.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch +%endif + # Adjust upstream config to use our shared stack Patch0499: fedora-use-system-auth-in-pam-systemd-user.patch -%endif - %ifarch %{ix86} x86_64 aarch64 %global want_bootloader 1 %endif From dc3dcc011438bf86eb921c2a92770556733a6453 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 21 Feb 2024 15:42:47 +0100 Subject: [PATCH 088/327] Allow setting extra configure options using %meson_extra_configure_options Will be used when building upstream to enable developer mode or sanitizers for example. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index f34169b..1dde420 100644 --- a/systemd.spec +++ b/systemd.spec @@ -725,7 +725,7 @@ CONFIGURE_OPTS=( %global _lto_cflags %nil %endif -{ %meson "${CONFIGURE_OPTS[@]}"; } +{ %meson "${CONFIGURE_OPTS[@]}" %{?meson_extra_configure_options} ; } %meson_build From e8d02128c9bfdd86b878235fc730a2863de1d1a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 1 Mar 2024 16:38:06 +0100 Subject: [PATCH 089/327] Version 255.4 --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 97f147b..3dc0d2e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-255.3.tar.gz) = c2868a53df2176649b0d0c94e5d451c46ba783bcdbc89ce12434ed2d11dba44b4854ffe4c2430f3f64eef2e214cbb51d5f740170afbd9edd66761a8851157453 +SHA512 (systemd-255.4.tar.gz) = 8a2bde11a55f7f788ba7751789a5e9be6ce9634e88d54e49f6e832c4c49020c6cacaf2a610fe26f92998b0cbf43c6c2150a96b2c0953d23261009f57d71ea979 diff --git a/systemd.spec b/systemd.spec index 1dde420..cdc5cfb 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:255.3} +Version: %{?version_override}%{!?version_override:255.4} Release: %{?release_override:%{release_override}%{?dist}}%{!?release_override:%autorelease} %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From 2822a03dded26b9453bddbba7c6a152de8204aec Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 7 Mar 2024 11:20:56 +0100 Subject: [PATCH 090/327] Build in developer mode when building for upstream --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index cdc5cfb..789ea36 100644 --- a/systemd.spec +++ b/systemd.spec @@ -611,7 +611,7 @@ package and is meant for use in exitrds. %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} CONFIGURE_OPTS=( - -Dmode=release + -Dmode=%[%{with upstream}?"developer":"release"] -Dsysvinit-path=/etc/rc.d/init.d -Drc-local=/etc/rc.d/rc.local -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' From ae8a47e92e42244f727755274a7065d8dc12e6ba Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 18 Mar 2024 14:25:44 +0100 Subject: [PATCH 091/327] Add psutil dependency to systemd-tests Required by systemd-networkd-tests.py --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index 789ea36..f100b17 100644 --- a/systemd.spec +++ b/systemd.spec @@ -556,6 +556,7 @@ Requires: %{name}%{_isa} = %{version}-%{release} # This dependency is provided transitively. Also add it explicitly to # appease rpminspect, https://github.com/rpminspect/rpminspect/issues/1231: Requires: %{name}-libs%{_isa} = %{version}-%{release} +Requires: python3dist(psutil) License: LGPL-2.1-or-later From 95a3861e920a57ede5fcde0ca426084fe7e62171 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 16 Mar 2024 16:59:07 +0100 Subject: [PATCH 092/327] Add R:systemd-udev to systemd-networkd subpackage ... (rhbz#2173425) --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index f100b17..159b38c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -507,6 +507,7 @@ systemd-journal-upload. %package networkd Summary: System daemon that manages network configurations Requires: %{name}%{_isa} = %{version}-%{release} +%{?fedora:Recommends: %{name}-udev = %{version}-%{release}} License: LGPL-2.1-or-later # https://src.fedoraproject.org/rpms/systemd/pull-request/34 Obsoletes: systemd < 246.6-2 From 2e32a339a10caad9392a7049bccfd1c4cd7c24cc Mon Sep 17 00:00:00 2001 From: David Tardon Date: Wed, 20 Mar 2024 10:50:38 +0100 Subject: [PATCH 093/327] Make Requires(*) on systemd versioned Most systemd tools run from scriptlets need libsystemd-shared-X.so (from systemd package), which contains version and release in it's name. Therefore, the same version of systemd package must be already installed when they run. Resolves: #2282821 --- systemd.spec | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/systemd.spec b/systemd.spec index 159b38c..2bebda2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -364,9 +364,9 @@ Summary: Rule-based device node and kernel event manager License: LGPL-2.1-or-later Requires: systemd%{_isa} = %{version}-%{release} -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd +Requires(post): systemd%{_isa} = %{version}-%{release} +Requires(preun): systemd%{_isa} = %{version}-%{release} +Requires(postun): systemd%{_isa} = %{version}-%{release} Requires(post): grep Requires: kmod >= 18-4 # https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1 @@ -470,9 +470,9 @@ the version that works with Secure Boot. # Name is the same as in Debian Summary: Tools for containers and VMs Requires: %{name}%{_isa} = %{version}-%{release} -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd +Requires(post): systemd%{_isa} = %{version}-%{release} +Requires(preun): systemd%{_isa} = %{version}-%{release} +Requires(postun): systemd%{_isa} = %{version}-%{release} # obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) Obsoletes: %{name} < 229-5 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) From ec5f3a94bce2474ea250e02ef8b2bd0b57b8727c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 21 Mar 2024 11:05:08 +0100 Subject: [PATCH 094/327] BR: add versioned dependency on binutils for ukify tests [skip changelog] --- systemd.spec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/systemd.spec b/systemd.spec index 2bebda2..a7bce17 100644 --- a/systemd.spec +++ b/systemd.spec @@ -437,6 +437,13 @@ Requires: python3dist(zstd) Requires: python3dist(cryptography) Recommends: python3dist(pillow) +# for tests +%ifarch riscv64 +# 2.42 received support for riscv64 + efi targets +%global binutils_version_req >= 2.42 +%endif +BuildRequires: binutils %{?binutils_version_req} + BuildArch: noarch %description ukify From e3e9477031d88374d2c2796ce765401f68b1653e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 22 Mar 2024 12:57:04 +0100 Subject: [PATCH 095/327] BR: valgrind is not available on riscv64 [skip changelog] --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index a7bce17..6ada273 100644 --- a/systemd.spec +++ b/systemd.spec @@ -201,7 +201,9 @@ BuildRequires: libseccomp-devel BuildRequires: meson >= 0.43 BuildRequires: gettext # We use RUNNING_ON_VALGRIND in tests, so the headers need to be available +%ifarch %{valgrind_arches} BuildRequires: valgrind-devel +%endif BuildRequires: pkgconfig(bash-completion) BuildRequires: perl BuildRequires: perl(IPC::SysV) From 58b044d8e9ccf7be153a4b3e8259b9cc51034f8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 22 Mar 2024 13:00:11 +0100 Subject: [PATCH 096/327] Adjust indentation [skip changelog] --- systemd.spec | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/systemd.spec b/systemd.spec index 6ada273..63974f2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -15,12 +15,12 @@ %global elf_suffix ()%{elf_bits} %endif -%bcond bzip2 1 -%bcond gnutls 1 -%bcond lz4 1 -%bcond xz 1 -%bcond zlib 1 -%bcond zstd 1 +%bcond bzip2 1 +%bcond gnutls 1 +%bcond lz4 1 +%bcond xz 1 +%bcond zlib 1 +%bcond zstd 1 # Bootstrap may be needed to break circular dependencies with cryptsetup, # e.g. when re-building cryptsetup on a json-c SONAME-bump. @@ -29,7 +29,7 @@ %bcond lto 1 # Build from git main -%bcond upstream 0 +%bcond upstream 0 Name: systemd Url: https://systemd.io From b6f8f82d8bb1b153b7ed2518b0ad7704ce480feb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 22 Mar 2024 13:01:02 +0100 Subject: [PATCH 097/327] Adjust release tag for riscv64 If it is specified externally, we hounour that. Otherwise, default to "1.0.riscv64" on riscv. --- systemd.spec | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/systemd.spec b/systemd.spec index 63974f2..d794e11 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,6 +31,12 @@ # Build from git main %bcond upstream 0 +%ifarch riscv64 +%if !%{defined release_override} +%global release_override 1.0.riscv64 +%endif +%endif + Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by From ac2364bc4b8f36bf1ca7bc6873e76c7c8ff8a406 Mon Sep 17 00:00:00 2001 From: David Abdurachmanov Date: Fri, 22 Mar 2024 13:03:35 +0100 Subject: [PATCH 098/327] Enable bootloader stack for riscv64 --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index d794e11..7801f4d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -121,7 +121,7 @@ Patch0491: https://github.com/systemd/systemd/pull/30846.patch # Adjust upstream config to use our shared stack Patch0499: fedora-use-system-auth-in-pam-systemd-user.patch -%ifarch %{ix86} x86_64 aarch64 +%ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 %endif From f1d38667ef013aa832f43ea7b5861efd29b09fee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 22 Mar 2024 13:09:25 +0100 Subject: [PATCH 099/327] Revert "Adjust release tag for riscv64" This reverts commit b6f8f82d8bb1b153b7ed2518b0ad7704ce480feb. It was a misunderstanding, it wasn't supposed to go in. --- systemd.spec | 6 ------ 1 file changed, 6 deletions(-) diff --git a/systemd.spec b/systemd.spec index 7801f4d..89f2a9f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,12 +31,6 @@ # Build from git main %bcond upstream 0 -%ifarch riscv64 -%if !%{defined release_override} -%global release_override 1.0.riscv64 -%endif -%endif - Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by From 3a8ac5baa8b26973a06ede0a709d83d1e446ff13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 27 Mar 2024 11:39:37 +0100 Subject: [PATCH 100/327] spec: sort and deduplicate gid configuration [skip changelog] --- systemd.spec | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/systemd.spec b/systemd.spec index 89f2a9f..d41bd8f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -677,8 +677,6 @@ CONFIGURE_OPTS=( -Ddefault-network=true -Dtests=unsafe -Dinstall-tests=true - -Dtty-gid=5 - -Dusers-gid=100 -Dnobody-user=nobody -Dnobody-group=nobody -Dcompat-mutable-uid-boundaries=true @@ -701,23 +699,24 @@ CONFIGURE_OPTS=( -Ddefault-user-timeout-sec=45 -Dconfigfiledir=/usr/lib -Doomd=true + -Dadm-gid=4 - -Daudio-gid=63 + -Dtty-gid=5 + -Ddisk-gid=6 + -Dlp-gid=7 + -Dkmem-gid=9 + -Dwheel-gid=10 -Dcdrom-gid=11 -Ddialout-gid=18 - -Ddisk-gid=6 - -Dinput-gid=104 - -Dkmem-gid=9 + -Dutmp-gid=22 + -Dtape-gid=33 -Dkvm-gid=36 - -Dlp-gid=7 + -Dvideo-gid=39 + -Daudio-gid=63 + -Dusers-gid=100 + -Dinput-gid=104 -Drender-gid=105 -Dsgx-gid=106 - -Dtape-gid=33 - -Dtty-gid=5 - -Dusers-gid=100 - -Dutmp-gid=22 - -Dvideo-gid=39 - -Dwheel-gid=10 -Dsystemd-journal-gid=190 -Dsystemd-network-uid=192 -Dsystemd-resolve-uid=193 From 976e1b0a6828cdc1ec6f3d227009dff5edfa744b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 27 Mar 2024 11:40:36 +0100 Subject: [PATCH 101/327] spec: add %bcond to build without documentation Building of the man pages takes quite a while. We can skip this step in integration mkosi tests, we don't care about documentation there. --- systemd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index d41bd8f..f1a53a7 100644 --- a/systemd.spec +++ b/systemd.spec @@ -27,6 +27,7 @@ %bcond bootstrap 0 %bcond tests 1 %bcond lto 1 +%bcond docs 1 # Build from git main %bcond upstream 0 @@ -174,8 +175,10 @@ BuildRequires: pkgconfig(tss2-rc) BuildRequires: pkgconfig(tss2-mu) BuildRequires: pkgconfig(libbpf) BuildRequires: systemtap-sdt-devel +%if %{with docs} BuildRequires: libxslt BuildRequires: docbook-style-xsl +%endif BuildRequires: pkgconfig BuildRequires: gperf BuildRequires: gawk @@ -682,7 +685,7 @@ CONFIGURE_OPTS=( -Dcompat-mutable-uid-boundaries=true -Dsplit-bin=true -Db_ndebug=false - -Dman=enabled + -Dman=%[%{with docs}?"enabled":"disabled"] -Dversion-tag=%{version}%[%{without upstream}?"-%{release}":""] # https://bugzilla.redhat.com/show_bug.cgi?id=1906010 -Dshared-lib-tag=%{version_no_tilde}%[%{without upstream}?"-%{release}":""] From 5a7cc0a327f3d0fe354f34639c200e482a5462d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 7 Apr 2024 10:57:36 +0200 Subject: [PATCH 102/327] Fix build with newer kernel headers [skip changelog] --- 32134.patch | 31 +++++++++++++++++++++++++++++++ systemd.spec | 2 ++ 2 files changed, 33 insertions(+) create mode 100644 32134.patch diff --git a/32134.patch b/32134.patch new file mode 100644 index 0000000..690bd09 --- /dev/null +++ b/32134.patch @@ -0,0 +1,31 @@ +From d0515eec3c38c9b53a8e30397cf9b40cda5d6b94 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 7 Apr 2024 10:39:20 +0200 +Subject: [PATCH] meson: do not fail build with newer kernel headers +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +systemd-255 is failing a build with the latest kernel headers… Let's downgrade +this warning, because it's fine if there's a file system we don't know about +and it makes thing less brittle if we don't treat this as a hard error. + +(I initially conditionalized this on BUILD_MODE, but I don't think we need a +hard error there either. A warning will be noticed and fixed.) +--- + src/basic/meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/meson.build b/src/basic/meson.build +index 1516a9f7af3e4..386d9ab6c9c50 100644 +--- a/src/basic/meson.build ++++ b/src/basic/meson.build +@@ -240,7 +240,7 @@ filesystem_includes = ['linux/magic.h', + check_filesystems = find_program('check-filesystems.sh') + r = run_command([check_filesystems, cpp, files('filesystems-gperf.gperf')] + filesystem_includes, check: false) + if r.returncode() != 0 +- error('Unknown filesystems defined in kernel headers:\n\n' + r.stdout()) ++ warning('Unknown filesystems defined in kernel headers:\n\n' + r.stdout()) + endif + + filesystems_gperf_h = custom_target( diff --git a/systemd.spec b/systemd.spec index f1a53a7..8a11e42 100644 --- a/systemd.spec +++ b/systemd.spec @@ -104,6 +104,8 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Drop when dracut-060 is available. Patch0001: https://github.com/systemd/systemd/pull/26494.patch +Patch0002: https://github.com/systemd/systemd/pull/32134.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From 3f8c38e5d6481fa01e766516cbdf7779c4a2825b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 8 Apr 2024 13:54:32 +0200 Subject: [PATCH 103/327] Drop perl from BR It was removed upstream in 711169905e75617eabf3934273aa37dac02c6458, except for one call in test/test-functions, but we don't run those during package build. [skip changelog] --- systemd.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 8a11e42..3b1e1fe 100644 --- a/systemd.spec +++ b/systemd.spec @@ -210,8 +210,6 @@ BuildRequires: gettext BuildRequires: valgrind-devel %endif BuildRequires: pkgconfig(bash-completion) -BuildRequires: perl -BuildRequires: perl(IPC::SysV) %if %{with upstream} BuildRequires: pkgconfig(libarchive) From a37923658fbe9f511c36d31f556eaada782691eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 10 Apr 2024 21:37:19 +0200 Subject: [PATCH 104/327] Prepare for bin-sbin merge https://fedoraproject.org/wiki/Changes/Unify_bin_and_sbin Skip symlinks if they'd point to themselves, rely on filesystem to create symlinks for us. --- systemd.spec | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 3b1e1fe..bce1978 100644 --- a/systemd.spec +++ b/systemd.spec @@ -269,6 +269,19 @@ Provides: %{name}-sysusers = %{version}-%{release} Conflicts: %{name}-standalone-shutdown < %{version}-%{release}^ Provides: %{name}-shutdown = %{version}-%{release} +%if "%{_sbindir}" == "%{_bindir}" +# Compat symlinks for Requires in other packages. +# We rely on filesystem to create the symlinks for us. +Requires: filesystem(unmerged-sbin-symlinks) +Provides: /usr/sbin/halt +Provides: /usr/sbin/init +Provides: /usr/sbin/poweroff +Provides: /usr/sbin/reboot +Provides: /usr/sbin/runlevel +Provides: /usr/sbin/shutdown +Provides: /usr/sbin/telinit +%endif + # Recommends to replace normal Requires deps for stuff that is dlopen()ed Recommends: libidn2.so.0%{?elf_suffix} Recommends: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} @@ -422,6 +435,13 @@ Obsoletes: systemd-udev < 252.2^ Conflicts: %{name}-standalone-repart < %{version}-%{release}^ Provides: %{name}-repart = %{version}-%{release} +%if "%{_sbindir}" == "%{_bindir}" +# Compat symlinks for Requires in other packages. +# We rely on filesystem to create the symlinks for us. +Requires: filesystem(unmerged-sbin-symlinks) +Provides: /usr/sbin/udevadm +%endif + %description udev This package contains systemd-udev and the rules and hardware database needed to manage device nodes. This package is necessary on physical machines and in @@ -755,8 +775,10 @@ sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user %meson_install # udev links +%if "%{_sbindir}" != "%{_bindir}" mkdir -p %{buildroot}/%{_sbindir} ln -sf ../bin/udevadm %{buildroot}%{_sbindir}/udevadm +%endif # Compatiblity and documentation files touch %{buildroot}/etc/crypttab @@ -997,7 +1019,7 @@ if [ -L %{_localstatedir}/lib/systemd/timesync ]; then rm %{_localstatedir}/lib/systemd/timesync mv %{_localstatedir}/lib/private/systemd/timesync %{_localstatedir}/lib/systemd/timesync fi -if [ -f %{_localstatedir}/lib/systemd/clock ] ; then +if [ -f %{_localstatedir}/lib/systemd/clock ]; then mkdir -p %{_localstatedir}/lib/systemd/timesync mv %{_localstatedir}/lib/systemd/clock %{_localstatedir}/lib/systemd/timesync/. fi From cffa0853c9bb4c27ed22e4c581d35fc2834e876f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 18 Apr 2024 13:45:24 +0200 Subject: [PATCH 105/327] Move systemctl symlinks to /usr/bin too [skip changelog] --- systemd.spec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/systemd.spec b/systemd.spec index bce1978..a4ded85 100644 --- a/systemd.spec +++ b/systemd.spec @@ -901,6 +901,13 @@ install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25} ln -s --relative %{buildroot}%{_bindir}/kernel-install %{buildroot}%{_sbindir}/installkernel +%if "%{_sbindir}" == "%{_bindir}" +# Systemd has the split-sbin option which is also used to select the directory +# for alias symlinks. We need to keep split-sbin=true for now, to support +# unmerged systems. Move the symlinks here instead. +mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ +%endif + %find_lang %{name} # Split files in build root into rpms From 041d0e2394300bb5ff1ab46f4d84778d64fcf36c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 24 Apr 2024 16:43:34 +0200 Subject: [PATCH 106/327] Version 255.5 - Many different small fixes: systemd itself, systemd-networkd, systemd-journal-remote, compilation fixes for newer kernels and clang, systemd-homed, systemd-resolved, ukify, systemd-tmpfiles, various other. --- 32134.patch | 31 ------------------------------- sources | 2 +- systemd.spec | 4 +--- 3 files changed, 2 insertions(+), 35 deletions(-) delete mode 100644 32134.patch diff --git a/32134.patch b/32134.patch deleted file mode 100644 index 690bd09..0000000 --- a/32134.patch +++ /dev/null @@ -1,31 +0,0 @@ -From d0515eec3c38c9b53a8e30397cf9b40cda5d6b94 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sun, 7 Apr 2024 10:39:20 +0200 -Subject: [PATCH] meson: do not fail build with newer kernel headers -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -systemd-255 is failing a build with the latest kernel headers… Let's downgrade -this warning, because it's fine if there's a file system we don't know about -and it makes thing less brittle if we don't treat this as a hard error. - -(I initially conditionalized this on BUILD_MODE, but I don't think we need a -hard error there either. A warning will be noticed and fixed.) ---- - src/basic/meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/meson.build b/src/basic/meson.build -index 1516a9f7af3e4..386d9ab6c9c50 100644 ---- a/src/basic/meson.build -+++ b/src/basic/meson.build -@@ -240,7 +240,7 @@ filesystem_includes = ['linux/magic.h', - check_filesystems = find_program('check-filesystems.sh') - r = run_command([check_filesystems, cpp, files('filesystems-gperf.gperf')] + filesystem_includes, check: false) - if r.returncode() != 0 -- error('Unknown filesystems defined in kernel headers:\n\n' + r.stdout()) -+ warning('Unknown filesystems defined in kernel headers:\n\n' + r.stdout()) - endif - - filesystems_gperf_h = custom_target( diff --git a/sources b/sources index 3dc0d2e..498b802 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-255.4.tar.gz) = 8a2bde11a55f7f788ba7751789a5e9be6ce9634e88d54e49f6e832c4c49020c6cacaf2a610fe26f92998b0cbf43c6c2150a96b2c0953d23261009f57d71ea979 +SHA512 (systemd-255.5.tar.gz) = 9c0b39379e9ef2af983d885ec3cac0377c90435846341bb4e22abf33c00cc1c9f40abba1d6f598300ffac18e2b27bf917eea41885b1413f63cb9902d2efe9bcc diff --git a/systemd.spec b/systemd.spec index a4ded85..99a1ccf 100644 --- a/systemd.spec +++ b/systemd.spec @@ -36,7 +36,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:255.4} +Version: %{?version_override}%{!?version_override:255.5} Release: %{?release_override:%{release_override}%{?dist}}%{!?release_override:%autorelease} %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -104,8 +104,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Drop when dracut-060 is available. Patch0001: https://github.com/systemd/systemd/pull/26494.patch -Patch0002: https://github.com/systemd/systemd/pull/32134.patch - # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From 69d6e4469589ae42c044383cd0173572f64b20fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 24 Apr 2024 16:45:03 +0200 Subject: [PATCH 107/327] Drop workaround to run generators without sandboxing ... (requirement on dracut >= 60 is added) --- 26494.patch | 30 ------------------------------ systemd.spec | 8 +------- 2 files changed, 1 insertion(+), 37 deletions(-) delete mode 100644 26494.patch diff --git a/26494.patch b/26494.patch deleted file mode 100644 index 19bc67b..0000000 --- a/26494.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 6b25470ee28843a49c50442e9d8a98edc842ceca Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 20 Feb 2023 12:00:30 +0900 -Subject: [PATCH] core/manager: run generators directly when we are in initrd - -Some initrd system write files at ourside of /run, /etc, or other -allowed places. This is a kind of workaround, but in most cases, such -sandboxing is not necessary as the filesystem is on ramfs when we are in -initrd. - -Fixes #26488. ---- - src/core/manager.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/core/manager.c b/src/core/manager.c -index 7b394794b0d4..306477c6e6c2 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -3822,8 +3822,8 @@ static int manager_run_generators(Manager *m) { - /* If we are the system manager, we fork and invoke the generators in a sanitized mount namespace. If - * we are the user manager, let's just execute the generators directly. We might not have the - * necessary privileges, and the system manager has already mounted /tmp/ and everything else for us. -- */ -- if (MANAGER_IS_USER(m)) { -+ * If we are in initrd, let's also execute the generators directly, as we are in ramfs. */ -+ if (MANAGER_IS_USER(m) || in_initrd()) { - r = manager_execute_generators(m, paths, /* remount_ro= */ false); - goto finish; - } diff --git a/systemd.spec b/systemd.spec index 99a1ccf..c2fae5c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -99,12 +99,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ %if %{without upstream} -# Work-around for dracut issue: run generators directly when we are in initrd -# https://bugzilla.redhat.com/show_bug.cgi?id=2164404 -# Drop when dracut-060 is available. -Patch0001: https://github.com/systemd/systemd/pull/26494.patch - - # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0490: use-bfq-scheduler.patch @@ -256,7 +250,7 @@ Conflicts: initscripts < 9.56.1 Conflicts: fedora-release < 23-0.12 %endif # Make sure that dracut supports systemd-executor and the renames done for v255 -Conflicts: dracut < 059-16 +Conflicts: dracut < 060 Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 From 4e7c10c3a59d286a33077539d75585ec45245e36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 24 Apr 2024 17:28:14 +0200 Subject: [PATCH 108/327] Reexec systemd in %postun (https://github.com/systemd/systemd/issues/5096) - The workaround dbus issues in upgrades from systemd-239 is dropped --- systemd.spec | 36 ++++++------------------------------ 1 file changed, 6 insertions(+), 30 deletions(-) diff --git a/systemd.spec b/systemd.spec index c2fae5c..968f43e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -917,33 +917,6 @@ meson test -C %{_vpath_builddir} -t 6 --print-errorlogs %post systemd-machine-id-setup &>/dev/null || : -# FIXME: move to %postun. We want to restart systemd *after* removing -# files from the old rpm. Right now we may still have bits the old -# setup if the files are not present in the new version. But before -# implement restarting of *other* services after the transaction, moving -# this would make things worse, increasing the number of warnings we get -# about needed daemon-reload. - -systemctl daemon-reexec &>/dev/null || { - # systemd v239 had bug #9553 in D-Bus authentication of the private socket, - # which was later fixed in v240 by #9625. - # - # The end result is that a `systemctl daemon-reexec` call as root will fail - # when upgrading from systemd v239, which means the system will not start - # running the new version of systemd after this post install script runs. - # - # To work around this issue, let's fall back to using a `kill -TERM 1` to - # re-execute the daemon when the `systemctl daemon-reexec` call fails. - # - # In order to prevent issues when the reason why the daemon-reexec failed is - # not the aforementioned bug, let's only use this fallback when: - # - we're upgrading this RPM package; and - # - we confirm that systemd is running as PID1 on this system. - if [ $1 -gt 1 ] && [ -d /run/systemd/system ] ; then - kill -TERM 1 &>/dev/null || : - fi -} - [ $1 -eq 1 ] || exit 0 # create /var/log/journal only on initial installation, @@ -965,9 +938,12 @@ systemctl preset-all &>/dev/null || : systemctl --global preset-all &>/dev/null || : %postun -if [ $1 -eq 1 ]; then - [ -w %{_localstatedir} ] && journalctl --update-catalog || : - systemd-tmpfiles --create &>/dev/null || : +if [ $1 -ge 1 ]; then + [ -w %{_localstatedir} ] && journalctl --update-catalog || : + + systemctl daemon-reexec || : + + systemd-tmpfiles --create &>/dev/null || : fi %systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service From c29942f58b39c463349421ee975712cf79514008 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 26 Apr 2024 08:53:40 +0200 Subject: [PATCH 109/327] Version 256~rc1 - See https://raw.githubusercontent.com/systemd/systemd/v256-rc1/NEWS. Too many changes to list or discuss here. --- 30846.patch | 12 ++++++------ sources | 2 +- systemd.spec | 9 +++------ 3 files changed, 10 insertions(+), 13 deletions(-) diff --git a/30846.patch b/30846.patch index 84a4163..f135830 100644 --- a/30846.patch +++ b/30846.patch @@ -1,4 +1,4 @@ -From 07fd822c59e29b4f5e7dab029ea1186c1b862e3e Mon Sep 17 00:00:00 2001 +From ca1344d04a9c1804234417dcfbd868524abc7ce6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 9 Jan 2024 11:28:04 +0100 Subject: [PATCH] journal: again create user journals for users with high uids @@ -39,13 +39,13 @@ revert the change to fix user systems. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843. --- - src/basic/uid-alloc-range.c | 2 +- + src/basic/uid-classification.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/src/basic/uid-alloc-range.c b/src/basic/uid-alloc-range.c -index 669cb6d56f7be..7b724b7959f60 100644 ---- a/src/basic/uid-alloc-range.c -+++ b/src/basic/uid-alloc-range.c +diff --git a/src/basic/uid-classification.c b/src/basic/uid-classification.c +index e2d2cebc6d..2c8b06c0d3 100644 +--- a/src/basic/uid-classification.c ++++ b/src/basic/uid-classification.c @@ -127,5 +127,5 @@ bool uid_for_system_journal(uid_t uid) { /* Returns true if the specified UID shall get its data stored in the system journal. */ diff --git a/sources b/sources index 498b802..15d046a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-255.5.tar.gz) = 9c0b39379e9ef2af983d885ec3cac0377c90435846341bb4e22abf33c00cc1c9f40abba1d6f598300ffac18e2b27bf917eea41885b1413f63cb9902d2efe9bcc +SHA512 (systemd-256-rc1.tar.gz) = 657d3e5743f7c951322907c94bcf08497f7e28efde8f08269173de4e53e57f883bae313a0bf2b5f88d762efa5816cb78f69c1b66c1e8ace7a4e4e005e7af5f14 diff --git a/systemd.spec b/systemd.spec index 968f43e..54c37fb 100644 --- a/systemd.spec +++ b/systemd.spec @@ -36,7 +36,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:255.5} +Version: %{?version_override}%{!?version_override:256~rc1} Release: %{?release_override:%{release_override}%{?dist}}%{!?release_override:%autorelease} %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -163,6 +163,8 @@ BuildRequires: qrencode-devel BuildRequires: libmicrohttpd-devel BuildRequires: libxkbcommon-devel BuildRequires: iptables-devel +BuildRequires: pkgconfig(bash-completion) +BuildRequires: pkgconfig(libarchive) BuildRequires: pkgconfig(libfido2) BuildRequires: pkgconfig(tss2-esys) BuildRequires: pkgconfig(tss2-rc) @@ -201,11 +203,6 @@ BuildRequires: gettext %ifarch %{valgrind_arches} BuildRequires: valgrind-devel %endif -BuildRequires: pkgconfig(bash-completion) - -%if %{with upstream} -BuildRequires: pkgconfig(libarchive) -%endif %ifnarch %ix86 # bpftool is not built for i368 From 9ebc196a772412104822587cddd9e5534bf91a11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 27 Apr 2024 20:24:22 +0200 Subject: [PATCH 110/327] Add Recommends for dlopen libraries They were already in place, but disabled using %{with upstream}. So it's enough to drop this conditionalization. --- systemd.spec | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/systemd.spec b/systemd.spec index 54c37fb..e7328bd 100644 --- a/systemd.spec +++ b/systemd.spec @@ -246,8 +246,9 @@ Conflicts: initscripts < 9.56.1 %if 0%{?fedora} Conflicts: fedora-release < 23-0.12 %endif -# Make sure that dracut supports systemd-executor and the renames done for v255 -Conflicts: dracut < 060 +# Make sure that dracut supports systemd-executor and the renames done for v255, +# and dlopen libraries and read-only fs in initrd. +Conflicts: dracut < 060-2 Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 @@ -293,7 +294,6 @@ Recommends: libelf.so.1(ELFUTILS_1.7)%{?elf_bits} Recommends: libcryptsetup.so.12%{?elf_suffix} Recommends: libcryptsetup.so.12(CRYPTSETUP_2.4)%{?elf_bits} -%if %{with upstream} # Libkmod is used to load modules. Recommends: libkmod.so.2%{?elf_suffix} # kmod_list_next, kmod_load_resources, kmod_module_get_initstate, @@ -304,7 +304,6 @@ Recommends: libkmod.so.2%{?elf_suffix} Recommends: libkmod.so.2(LIBKMOD_5)%{?elf_bits} Recommends: libarchive.so.13%{?elf_suffix} -%endif %description systemd is a system and service manager that runs as PID 1 and starts the rest @@ -384,12 +383,10 @@ Obsoletes: udev < 183 Requires: (grubby > 8.40-72 if grubby) Requires: (sdubby > 1.0-3 if sdubby) -%if %{with upstream} # Libkmod is used to load modules. Assume that if we need udevd, we certainly # want to load modules, so make this into a hard dependency here. Requires: libkmod.so.2%{?elf_suffix} Requires: libkmod.so.2(LIBKMOD_5)%{?elf_bits} -%endif # Recommends to replace normal Requires deps for stuff that is dlopen()ed # used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home From 529e5aa70e40d255d6d76c6380cb6b0495c3e026 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 27 Apr 2024 20:50:57 +0200 Subject: [PATCH 111/327] Drop trigger scriptlets for upgrades from systemd < 247 --- systemd.spec | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/systemd.spec b/systemd.spec index e7328bd..0ca444f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -951,26 +951,6 @@ if [ $1 -ge 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then /usr/lib/systemd/systemd-update-helper user-reexec || : fi -%triggerun resolved -- systemd < 246.1-1 -# This is for upgrades from previous versions before systemd-resolved became the default. -systemctl --no-reload preset systemd-resolved.service &>/dev/null || : - -if systemctl -q is-enabled systemd-resolved.service &>/dev/null; then - systemctl -q is-enabled NetworkManager.service 2>/dev/null && \ - ! test -L /etc/resolv.conf 2>/dev/null && \ - ! mountpoint /etc/resolv.conf &>/dev/null && \ - grep -q 'Generated by NetworkManager' /etc/resolv.conf 2>/dev/null && \ - echo -e '/etc/resolv.conf was generated by NetworkManager.\nRemoving it to let systemd-resolved manage this file.' && \ - mv -v /etc/resolv.conf /etc/resolv.conf.orig-with-nm && \ - ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf 2>/dev/null || : - - systemctl start systemd-resolved.service &>/dev/null || : -fi - -%triggerun -- systemd < 247.3-2 -# This is for upgrades from previous versions before oomd-defaults is available. -systemctl --no-reload preset systemd-oomd.service &>/dev/null || : - %triggerpostun -- systemd < 253~rc1-2 # This is for upgrades from previous versions where systemd-journald-audit.socket # had a static enablement symlink. From c6f7df8b6c1b764cb6e32240b866a00b11156649 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 27 Apr 2024 20:28:36 +0200 Subject: [PATCH 112/327] Add additional daemon-reexec for upgrades from old systemd versions https://github.com/systemd/systemd/issues/32508#issuecomment-2079991745 > The new systemd package does the reexec in %postun, but the old one does it in > %post. So if we install the new one, we don't do any reexec (since %postun > doesn't run in this case), but once we remove the old one we also don't do any > reexec, because in this case there's no reexec in %postun: > # dnf upgrade --rpmverbosity=debug ./*.rpm |& tee log.txt > ... > : %postun(systemd-255.5-1.fc41.x86_64): scriptlet start > D: %postun(systemd-255.5-1.fc41.x86_64): execv(/bin/sh) pid 2649 > D: Plugin: calling hook scriptlet_fork_post in selinux plugin > D: setexecfilecon: (/bin/sh, rpm_script_t) > + '[' 1 -eq 1 ']' > + '[' -w /var ']' > + journalctl --update-catalog > + systemd-tmpfiles --create --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index 0ca444f..c0ef7e4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -951,6 +951,10 @@ if [ $1 -ge 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then /usr/lib/systemd/systemd-update-helper user-reexec || : fi +%triggerun -- systemd < 256 +# This is for upgrades from previous versions before systemd restart was moved to %%postun +systemctl daemon-reexec || : + %triggerpostun -- systemd < 253~rc1-2 # This is for upgrades from previous versions where systemd-journald-audit.socket # had a static enablement symlink. From 580f7f149a4ffa9e7644ab9512a12ec4add18a1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 27 Apr 2024 21:28:03 +0200 Subject: [PATCH 113/327] Override release tag I think this is a bug in rpmautospec. The release tag is always generated as "1". Before this is investigated and fixed, just set it manually. [skip changelog] --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index c0ef7e4..7bd627d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -32,6 +32,8 @@ # Build from git main %bcond upstream 0 +%global release_override 4 + Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by From b9ec39c0efa664f18666c8c94140f3bbfb0bca3b Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Tue, 30 Apr 2024 14:39:11 +0200 Subject: [PATCH 114/327] spec: `systemd-ukify` should depend on `systemd-boot` `systemd-ukify` requires `/usr/lib/systemd/boot/efi/{addonx64,linuxx64}.efi.stub` to work properly, e.g. ``` Traceback (most recent call last): File "/usr/bin/ukify", line 1660, in main() File "/usr/bin/ukify", line 1648, in main check_inputs(opts) File "/usr/bin/ukify", line 390, in check_inputs value.open().close() File "/usr/lib64/python3.9/pathlib.py", line 1252, in open return io.open(self, mode, buffering, encoding, errors, newline, File "/usr/lib64/python3.9/pathlib.py", line 1120, in _opener return self._accessor.open(self, flags, mode) FileNotFoundError: [Errno 2] No such file or directory: '/usr/lib/systemd/boot/efi/addonx64.efi.stub' ``` `/usr/lib/systemd/boot/efi/{addonx64,linuxx64}.efi.stub` are now contained in `systemd-boot-unsigned` sub-package so adding a dependency on it seems like the easiest solution. Originally reported by: Vitaly Kuznetsov in https://issues.redhat.com/browse/RHEL-33990 Signed-off-by: Jan Macku --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index 7bd627d..7eab1e1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -445,6 +445,7 @@ machine, and to create or grow partitions and make file systems automatically. Summary: Tool to build Unified Kernel Images Requires: %{name} = %{version}-%{release} +Requires: systemd-boot Requires: python3dist(pefile) Requires: python3dist(zstd) Requires: python3dist(cryptography) From f872d00c6a788a952a99337e3fe2549e49363f0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 9 May 2024 12:06:12 +0200 Subject: [PATCH 115/327] Version 256-rc1^20240509git - There were some fixes merged upstream, so let's try again before v256-rc2 is released. --- sources | 2 +- systemd.spec | 8 +++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/sources b/sources index 15d046a..cd54bd0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256-rc1.tar.gz) = 657d3e5743f7c951322907c94bcf08497f7e28efde8f08269173de4e53e57f883bae313a0bf2b5f88d762efa5816cb78f69c1b66c1e8ace7a4e4e005e7af5f14 +SHA512 (systemd-1781de1.tar.gz) = caf850fe2b0a49b0808ed1767a0eb282136682ad52a815e422ddb69d8f9d0a40451ddc658815821fa1fa26cee8a0ab13e929457b71a0f15168c81e869ab884b9 diff --git a/systemd.spec b/systemd.spec index 7eab1e1..c495ef6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,4 +1,4 @@ -#global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa +%global commit 1781de18ab8ebc3e42a607851d8effb3b0355c87 %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} # We ship a .pc file but don't want to have a dep on pkg-config. We @@ -32,13 +32,11 @@ # Build from git main %bcond upstream 0 -%global release_override 4 - Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256~rc1} +Version: %{?version_override}%{!?version_override:256~rc1^20240509git%{shortcommit}} Release: %{?release_override:%{release_override}%{?dist}}%{!?release_override:%autorelease} %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -49,7 +47,7 @@ Summary: System and Service Manager # download tarballs with "spectool -g systemd.spec" %if %{defined commit} -Source0: https://github.com/systemd/systemd%{?stable:-stable}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz +Source0: https://github.com/systemd/systemd%[%stable?"-stable":""]/archive/%{commit}/%{name}-%{shortcommit}.tar.gz %else %if 0%{?stable} Source0: https://github.com/systemd/systemd-stable/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz From a2d3bbf3d2211e946357560c71bc58f984200030 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 11 May 2024 13:28:34 +0200 Subject: [PATCH 116/327] Temporarily drop call to varlink method to avoid SELinux denial There were a bunch of other commits incl. bugfixes that mean that it'd make sense to update to the latest snapshot, but I chose not to do that to avoid introducing new issues. We'll get -rc2 soon enough anyway. --- ...add-varlink-interface-for-registerin.patch | 426 ++++++++++++++++++ systemd.spec | 5 + 2 files changed, 431 insertions(+) create mode 100644 0001-Revert-machined-add-varlink-interface-for-registerin.patch diff --git a/0001-Revert-machined-add-varlink-interface-for-registerin.patch b/0001-Revert-machined-add-varlink-interface-for-registerin.patch new file mode 100644 index 0000000..7d833af --- /dev/null +++ b/0001-Revert-machined-add-varlink-interface-for-registerin.patch @@ -0,0 +1,426 @@ +From a915f0937e7cf8cc7968a4cfb4a8880480a657a6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sat, 11 May 2024 13:27:12 +0200 +Subject: [PATCH] Revert "machined: add varlink interface for registering + machines" + +This reverts commit 5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. +--- + man/systemd-machined.service.xml | 6 +- + src/machine/machine-varlink.c | 171 ------------------------ + src/machine/machine-varlink.h | 6 - + src/machine/machined-varlink.c | 62 +-------- + src/machine/machined.c | 5 +- + src/machine/machined.h | 3 +- + src/machine/meson.build | 1 - + src/shared/meson.build | 1 - + src/shared/varlink-io.systemd.Machine.c | 22 --- + src/shared/varlink-io.systemd.Machine.h | 6 - + 10 files changed, 8 insertions(+), 275 deletions(-) + delete mode 100644 src/machine/machine-varlink.c + delete mode 100644 src/machine/machine-varlink.h + delete mode 100644 src/shared/varlink-io.systemd.Machine.c + delete mode 100644 src/shared/varlink-io.systemd.Machine.h + +diff --git a/man/systemd-machined.service.xml b/man/systemd-machined.service.xml +index b2899ff0fd..f3d7755973 100644 +--- a/man/systemd-machined.service.xml ++++ b/man/systemd-machined.service.xml +@@ -100,12 +100,10 @@ + + The daemon provides both a C library interface + (which is shared with systemd-logind.service8) +- as well as a D-Bus interface and a Varlink interface. ++ as well as a D-Bus interface. + The library interface may be used to introspect and watch the state of virtual machines/containers. + The bus interface provides the same but in addition may also be used to register or terminate +- machines. The Varlink interface may be used to register machines with optional extensions, e.g. with an +- SSH key / address; it can be queried with +- varlinkctl introspect /run/systemd/machine/io.systemd.Machine io.systemd.Machine. ++ machines. + For more information please consult + sd-login3 + and +diff --git a/src/machine/machine-varlink.c b/src/machine/machine-varlink.c +deleted file mode 100644 +index 377b3d3f0e..0000000000 +--- a/src/machine/machine-varlink.c ++++ /dev/null +@@ -1,171 +0,0 @@ +-/* SPDX-License-Identifier: LGPL-2.1-or-later */ +- +-#include +- +-#include "sd-id128.h" +- +-#include "hostname-util.h" +-#include "json.h" +-#include "machine-varlink.h" +-#include "machine.h" +-#include "path-util.h" +-#include "pidref.h" +-#include "process-util.h" +-#include "socket-util.h" +-#include "string-util.h" +-#include "varlink.h" +- +-static JSON_DISPATCH_ENUM_DEFINE(dispatch_machine_class, MachineClass, machine_class_from_string); +- +-static int machine_name(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) { +- char **m = ASSERT_PTR(userdata); +- const char *hostname; +- int r; +- +- assert(variant); +- +- if (!json_variant_is_string(variant)) +- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name)); +- +- hostname = json_variant_string(variant); +- if (!hostname_is_valid(hostname, /* flags= */ 0)) +- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Invalid machine name"); +- +- r = free_and_strdup(m, hostname); +- if (r < 0) +- return json_log_oom(variant, flags); +- +- return 0; +-} +- +-static int machine_leader(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) { +- PidRef *leader = ASSERT_PTR(userdata); +- _cleanup_(pidref_done) PidRef temp = PIDREF_NULL; +- uint64_t k; +- int r; +- +- if (!json_variant_is_unsigned(variant)) +- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an integer.", strna(name)); +- +- k = json_variant_unsigned(variant); +- if (k > PID_T_MAX || !pid_is_valid(k)) +- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid PID.", strna(name)); +- +- if (k == 1) +- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid leader PID.", strna(name)); +- +- r = pidref_set_pid(&temp, k); +- if (r < 0) +- return json_log(variant, flags, r, "Failed to pin process " PID_FMT ": %m", leader->pid); +- +- pidref_done(leader); +- +- *leader = TAKE_PIDREF(temp); +- +- return 0; +-} +- +-static int machine_ifindices(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) { +- Machine *m = ASSERT_PTR(userdata); +- _cleanup_free_ int *netif = NULL; +- size_t n_netif, k = 0; +- +- assert(variant); +- +- if (!json_variant_is_array(variant)) +- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name)); +- +- n_netif = json_variant_elements(variant); +- +- netif = new(int, n_netif); +- if (!netif) +- return json_log_oom(variant, flags); +- +- JsonVariant *i; +- JSON_VARIANT_ARRAY_FOREACH(i, variant) { +- uint64_t b; +- +- if (!json_variant_is_unsigned(i)) +- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Element %zu of JSON field '%s' is not an unsigned integer.", k, strna(name)); +- +- b = json_variant_unsigned(i); +- if (b > INT_MAX || b <= 0) +- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Invalid network interface index %"PRIu64, b); +- +- netif[k++] = (int) b; +- } +- assert(k == n_netif); +- +- free_and_replace(m->netif, netif); +- m->n_netif = n_netif; +- +- return 0; +-} +- +-static int machine_cid(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) { +- unsigned cid, *c = ASSERT_PTR(userdata); +- +- assert(variant); +- +- if (!json_variant_is_unsigned(variant)) +- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name)); +- +- cid = json_variant_unsigned(variant); +- if (!VSOCK_CID_IS_REGULAR(cid)) +- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a regular VSOCK CID.", strna(name)); +- +- *c = cid; +- +- return 0; +-} +- +-int vl_method_register(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) { +- Manager *manager = ASSERT_PTR(userdata); +- _cleanup_(machine_freep) Machine *machine = NULL; +- int r; +- +- static const JsonDispatch dispatch_table[] = { +- { "name", JSON_VARIANT_STRING, machine_name, offsetof(Machine, name), JSON_MANDATORY }, +- { "id", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(Machine, id), 0 }, +- { "service", JSON_VARIANT_STRING, json_dispatch_string, offsetof(Machine, service), 0 }, +- { "class", JSON_VARIANT_STRING, dispatch_machine_class, offsetof(Machine, class), JSON_MANDATORY }, +- { "leader", JSON_VARIANT_UNSIGNED, machine_leader, offsetof(Machine, leader), 0 }, +- { "rootDirectory", JSON_VARIANT_STRING, json_dispatch_absolute_path, offsetof(Machine, root_directory), 0 }, +- { "ifIndices", JSON_VARIANT_ARRAY, machine_ifindices, 0, 0 }, +- { "vsockCid", JSON_VARIANT_UNSIGNED, machine_cid, offsetof(Machine, vsock_cid), 0 }, +- { "sshAddress", JSON_VARIANT_STRING, json_dispatch_string, offsetof(Machine, ssh_address), JSON_SAFE }, +- { "sshPrivateKeyPath", JSON_VARIANT_STRING, json_dispatch_absolute_path, offsetof(Machine, ssh_private_key_path), 0 }, +- {} +- }; +- +- r = machine_new(_MACHINE_CLASS_INVALID, NULL, &machine); +- if (r < 0) +- return r; +- +- r = varlink_dispatch(link, parameters, dispatch_table, machine); +- if (r != 0) +- return r; +- +- if (!pidref_is_set(&machine->leader)) { +- r = varlink_get_peer_pidref(link, &machine->leader); +- if (r < 0) +- return r; +- } +- +- r = machine_link(manager, machine); +- if (r < 0) +- return r; +- +- r = cg_pidref_get_unit(&machine->leader, &machine->unit); +- if (r < 0) +- return r; +- +- r = machine_start(machine, NULL, NULL); +- if (r < 0) +- return r; +- +- /* the manager will free this machine */ +- TAKE_PTR(machine); +- +- return varlink_reply(link, NULL); +-} +diff --git a/src/machine/machine-varlink.h b/src/machine/machine-varlink.h +deleted file mode 100644 +index ce4ec54dc1..0000000000 +--- a/src/machine/machine-varlink.h ++++ /dev/null +@@ -1,6 +0,0 @@ +-/* SPDX-License-Identifier: LGPL-2.1-or-later */ +-#pragma once +- +-#include "varlink.h" +- +-int vl_method_register(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata); +diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c +index 0d3ae627c1..6ca98e27cf 100644 +--- a/src/machine/machined-varlink.c ++++ b/src/machine/machined-varlink.c +@@ -1,12 +1,10 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + + #include "format-util.h" +-#include "machine-varlink.h" + #include "machined-varlink.h" + #include "mkdir.h" + #include "user-util.h" + #include "varlink.h" +-#include "varlink-io.systemd.Machine.h" + #include "varlink-io.systemd.UserDatabase.h" + + typedef struct LookupParameters { +@@ -380,13 +378,13 @@ static int vl_method_get_memberships(Varlink *link, JsonVariant *parameters, Var + return varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL); + } + +-static int manager_varlink_init_userdb(Manager *m) { ++int manager_varlink_init(Manager *m) { + _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; + int r; + + assert(m); + +- if (m->varlink_userdb_server) ++ if (m->varlink_server) + return 0; + + r = varlink_server_new(&s, VARLINK_SERVER_ACCOUNT_UID|VARLINK_SERVER_INHERIT_USERDATA); +@@ -417,64 +415,12 @@ static int manager_varlink_init_userdb(Manager *m) { + if (r < 0) + return log_error_errno(r, "Failed to attach varlink connection to event loop: %m"); + +- m->varlink_userdb_server = TAKE_PTR(s); +- return 0; +-} +- +-static int manager_varlink_init_machine(Manager *m) { +- _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; +- int r; +- +- assert(m); +- +- if (m->varlink_machine_server) +- return 0; +- +- r = varlink_server_new(&s, VARLINK_SERVER_ROOT_ONLY|VARLINK_SERVER_INHERIT_USERDATA); +- if (r < 0) +- return log_error_errno(r, "Failed to allocate varlink server object: %m"); +- +- varlink_server_set_userdata(s, m); +- +- r = varlink_server_add_interface(s, &vl_interface_io_systemd_Machine); +- if (r < 0) +- return log_error_errno(r, "Failed to add UserDatabase interface to varlink server: %m"); +- +- r = varlink_server_bind_method(s, "io.systemd.Machine.Register", vl_method_register); +- if (r < 0) +- return log_error_errno(r, "Failed to register varlink methods: %m"); +- +- (void) mkdir_p("/run/systemd/machine", 0755); +- +- r = varlink_server_listen_address(s, "/run/systemd/machine/io.systemd.Machine", 0666); +- if (r < 0) +- return log_error_errno(r, "Failed to bind to varlink socket: %m"); +- +- r = varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); +- if (r < 0) +- return log_error_errno(r, "Failed to attach varlink connection to event loop: %m"); +- +- m->varlink_machine_server = TAKE_PTR(s); +- return 0; +-} +- +-int manager_varlink_init(Manager *m) { +- int r; +- +- r = manager_varlink_init_userdb(m); +- if (r < 0) +- return r; +- +- r = manager_varlink_init_machine(m); +- if (r < 0) +- return r; +- ++ m->varlink_server = TAKE_PTR(s); + return 0; + } + + void manager_varlink_done(Manager *m) { + assert(m); + +- m->varlink_userdb_server = varlink_server_unref(m->varlink_userdb_server); +- m->varlink_machine_server = varlink_server_unref(m->varlink_machine_server); ++ m->varlink_server = varlink_server_unref(m->varlink_server); + } +diff --git a/src/machine/machined.c b/src/machine/machined.c +index d7087e4672..2638ed572e 100644 +--- a/src/machine/machined.c ++++ b/src/machine/machined.c +@@ -316,10 +316,7 @@ static bool check_idle(void *userdata) { + if (m->operations) + return false; + +- if (varlink_server_current_connections(m->varlink_userdb_server) > 0) +- return false; +- +- if (varlink_server_current_connections(m->varlink_machine_server) > 0) ++ if (varlink_server_current_connections(m->varlink_server) > 0) + return false; + + manager_gc(m, true); +diff --git a/src/machine/machined.h b/src/machine/machined.h +index 67abed0fd6..280c32bab6 100644 +--- a/src/machine/machined.h ++++ b/src/machine/machined.h +@@ -40,8 +40,7 @@ struct Manager { + sd_event_source *nscd_cache_flush_event; + #endif + +- VarlinkServer *varlink_userdb_server; +- VarlinkServer *varlink_machine_server; ++ VarlinkServer *varlink_server; + }; + + int manager_add_machine(Manager *m, const char *name, Machine **_machine); +diff --git a/src/machine/meson.build b/src/machine/meson.build +index 3150b33de5..c82a32589d 100644 +--- a/src/machine/meson.build ++++ b/src/machine/meson.build +@@ -3,7 +3,6 @@ + libmachine_core_sources = files( + 'image-dbus.c', + 'machine-dbus.c', +- 'machine-varlink.c', + 'machine.c', + 'machined-core.c', + 'machined-dbus.c', +diff --git a/src/shared/meson.build b/src/shared/meson.build +index d01367a159..17313aefed 100644 +--- a/src/shared/meson.build ++++ b/src/shared/meson.build +@@ -180,7 +180,6 @@ shared_sources = files( + 'varlink-io.systemd.Credentials.c', + 'varlink-io.systemd.Hostname.c', + 'varlink-io.systemd.Journal.c', +- 'varlink-io.systemd.Machine.c', + 'varlink-io.systemd.ManagedOOM.c', + 'varlink-io.systemd.MountFileSystem.c', + 'varlink-io.systemd.NamespaceResource.c', +diff --git a/src/shared/varlink-io.systemd.Machine.c b/src/shared/varlink-io.systemd.Machine.c +deleted file mode 100644 +index 936f01f366..0000000000 +--- a/src/shared/varlink-io.systemd.Machine.c ++++ /dev/null +@@ -1,22 +0,0 @@ +-/* SPDX-License-Identifier: LGPL-2.1-or-later */ +- +-#include "varlink-idl.h" +-#include "varlink-io.systemd.Machine.h" +- +-static VARLINK_DEFINE_METHOD( +- Register, +- VARLINK_DEFINE_INPUT(name, VARLINK_STRING, 0), +- VARLINK_DEFINE_INPUT(id, VARLINK_STRING, VARLINK_NULLABLE), +- VARLINK_DEFINE_INPUT(service, VARLINK_STRING, VARLINK_NULLABLE), +- VARLINK_DEFINE_INPUT(class, VARLINK_STRING, 0), +- VARLINK_DEFINE_INPUT(leader, VARLINK_INT, VARLINK_NULLABLE), +- VARLINK_DEFINE_INPUT(rootDirectory, VARLINK_STRING, VARLINK_NULLABLE), +- VARLINK_DEFINE_INPUT(ifIndices, VARLINK_INT, VARLINK_ARRAY|VARLINK_NULLABLE), +- VARLINK_DEFINE_INPUT(vsockCid, VARLINK_INT, VARLINK_NULLABLE), +- VARLINK_DEFINE_INPUT(sshAddress, VARLINK_STRING, VARLINK_NULLABLE), +- VARLINK_DEFINE_INPUT(sshPrivateKeyPath, VARLINK_STRING, VARLINK_NULLABLE)); +- +-VARLINK_DEFINE_INTERFACE( +- io_systemd_Machine, +- "io.systemd.Machine", +- &vl_method_Register); +diff --git a/src/shared/varlink-io.systemd.Machine.h b/src/shared/varlink-io.systemd.Machine.h +deleted file mode 100644 +index c9fc85f150..0000000000 +--- a/src/shared/varlink-io.systemd.Machine.h ++++ /dev/null +@@ -1,6 +0,0 @@ +-/* SPDX-License-Identifier: LGPL-2.1-or-later */ +-#pragma once +- +-#include "varlink-idl.h" +- +-extern const VarlinkInterface vl_interface_io_systemd_Machine; diff --git a/systemd.spec b/systemd.spec index c495ef6..3346ee7 100644 --- a/systemd.spec +++ b/systemd.spec @@ -98,6 +98,11 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # applying upstream pull requests. %if %{without upstream} +# Drop varlink method call until selinux policy is updated, +# see https://bodhi.fedoraproject.org/updates/FEDORA-2024-d5c99f5063, +# https://bugzilla.redhat.com/show_bug.cgi?id=2279923. +# Reverts https://github.com/systemd/systemd/commit/5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. +Patch0001: 0001-Revert-machined-add-varlink-interface-for-registerin.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From 491a9ed5d15e1b535bdc80f6c1f0d55b1b63af3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 27 Apr 2024 21:28:03 +0200 Subject: [PATCH 117/327] Override release tag I think this is a bug in rpmautospec. The release tag is always generated as "1". Before this is investigated and fixed, just set it manually. [skip changelog] --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 3346ee7..edc58b3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -32,6 +32,8 @@ # Build from git main %bcond upstream 0 +%global release_override 2 + Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by From f2d12ae6d19fba28ade613fe7b39b07fb97c659f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 13 May 2024 13:26:25 +0200 Subject: [PATCH 118/327] Make %release_override overridable from outside --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index edc58b3..bfe692f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -32,7 +32,7 @@ # Build from git main %bcond upstream 0 -%global release_override 2 +%{!?release_override:%global release_override 2} Name: systemd Url: https://systemd.io From 8fe1f037d21c9d68d96728843f22e5036d769521 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 14 May 2024 20:53:33 +0200 Subject: [PATCH 119/327] Restore compatibility with F40 In systemd upstream CI, we only have the rawhide branch, because we import dist-git via git submodule. But we want to build systemd on F40 too from this branch, so conditionally ressurect the patch to make that work. This partially reverts 69d6e4469589ae42c044383cd0173572f64b20fb. [skip changelog] --- 26494.patch | 30 ++++++++++++++++++++++++++++++ systemd.spec | 13 +++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 26494.patch diff --git a/26494.patch b/26494.patch new file mode 100644 index 0000000..19bc67b --- /dev/null +++ b/26494.patch @@ -0,0 +1,30 @@ +From 6b25470ee28843a49c50442e9d8a98edc842ceca Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 20 Feb 2023 12:00:30 +0900 +Subject: [PATCH] core/manager: run generators directly when we are in initrd + +Some initrd system write files at ourside of /run, /etc, or other +allowed places. This is a kind of workaround, but in most cases, such +sandboxing is not necessary as the filesystem is on ramfs when we are in +initrd. + +Fixes #26488. +--- + src/core/manager.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 7b394794b0d4..306477c6e6c2 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -3822,8 +3822,8 @@ static int manager_run_generators(Manager *m) { + /* If we are the system manager, we fork and invoke the generators in a sanitized mount namespace. If + * we are the user manager, let's just execute the generators directly. We might not have the + * necessary privileges, and the system manager has already mounted /tmp/ and everything else for us. +- */ +- if (MANAGER_IS_USER(m)) { ++ * If we are in initrd, let's also execute the generators directly, as we are in ramfs. */ ++ if (MANAGER_IS_USER(m) || in_initrd()) { + r = manager_execute_generators(m, paths, /* remount_ro= */ false); + goto finish; + } diff --git a/systemd.spec b/systemd.spec index bfe692f..6a7d82d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -106,6 +106,13 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Reverts https://github.com/systemd/systemd/commit/5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. Patch0001: 0001-Revert-machined-add-varlink-interface-for-registerin.patch +%if 0%{?fedora} < 41 +# Work-around for dracut issue: run generators directly when we are in initrd +# https://bugzilla.redhat.com/show_bug.cgi?id=2164404 +# Drop when dracut-060 is available. +Patch0001: https://github.com/systemd/systemd/pull/26494.patch +%endif + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0490: use-bfq-scheduler.patch @@ -253,9 +260,15 @@ Conflicts: initscripts < 9.56.1 %if 0%{?fedora} Conflicts: fedora-release < 23-0.12 %endif + +%if 0%{?fedora} >= 41 # Make sure that dracut supports systemd-executor and the renames done for v255, # and dlopen libraries and read-only fs in initrd. Conflicts: dracut < 060-2 +%else +# Make sure that dracut supports systemd-executor and the renames done for v255. +Conflicts: dracut < 059-16 +%endif Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 From b64db848921a25832ef785ecc618370dd3d9bf09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 15 May 2024 10:51:15 +0200 Subject: [PATCH 120/327] Version 256~rc2 - Various small changes all over - A fix for rhbz#2273069 --- ...add-varlink-interface-for-registerin.patch | 229 +----------------- systemd.spec | 8 +- 2 files changed, 14 insertions(+), 223 deletions(-) diff --git a/0001-Revert-machined-add-varlink-interface-for-registerin.patch b/0001-Revert-machined-add-varlink-interface-for-registerin.patch index 7d833af..01946d6 100644 --- a/0001-Revert-machined-add-varlink-interface-for-registerin.patch +++ b/0001-Revert-machined-add-varlink-interface-for-registerin.patch @@ -1,4 +1,4 @@ -From a915f0937e7cf8cc7968a4cfb4a8880480a657a6 Mon Sep 17 00:00:00 2001 +From c93a24119977a11791aab0f3df5e5cb9973a34de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 11 May 2024 13:27:12 +0200 Subject: [PATCH] Revert "machined: add varlink interface for registering @@ -6,20 +6,16 @@ Subject: [PATCH] Revert "machined: add varlink interface for registering This reverts commit 5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. --- - man/systemd-machined.service.xml | 6 +- - src/machine/machine-varlink.c | 171 ------------------------ - src/machine/machine-varlink.h | 6 - - src/machine/machined-varlink.c | 62 +-------- - src/machine/machined.c | 5 +- - src/machine/machined.h | 3 +- - src/machine/meson.build | 1 - - src/shared/meson.build | 1 - - src/shared/varlink-io.systemd.Machine.c | 22 --- - src/shared/varlink-io.systemd.Machine.h | 6 - - 10 files changed, 8 insertions(+), 275 deletions(-) - delete mode 100644 src/machine/machine-varlink.c + man/systemd-machined.service.xml | 6 +-- + src/machine/machine-varlink.h | 6 --- + src/machine/machined-varlink.c | 62 ++----------------------- + src/machine/machined.c | 5 +- + src/machine/machined.h | 3 +- + src/machine/meson.build | 1 - + src/shared/meson.build | 1 - + src/shared/varlink-io.systemd.Machine.h | 6 --- + 8 files changed, 8 insertions(+), 82 deletions(-) delete mode 100644 src/machine/machine-varlink.h - delete mode 100644 src/shared/varlink-io.systemd.Machine.c delete mode 100644 src/shared/varlink-io.systemd.Machine.h diff --git a/man/systemd-machined.service.xml b/man/systemd-machined.service.xml @@ -41,183 +37,6 @@ index b2899ff0fd..f3d7755973 100644 For more information please consult sd-login3 and -diff --git a/src/machine/machine-varlink.c b/src/machine/machine-varlink.c -deleted file mode 100644 -index 377b3d3f0e..0000000000 ---- a/src/machine/machine-varlink.c -+++ /dev/null -@@ -1,171 +0,0 @@ --/* SPDX-License-Identifier: LGPL-2.1-or-later */ -- --#include -- --#include "sd-id128.h" -- --#include "hostname-util.h" --#include "json.h" --#include "machine-varlink.h" --#include "machine.h" --#include "path-util.h" --#include "pidref.h" --#include "process-util.h" --#include "socket-util.h" --#include "string-util.h" --#include "varlink.h" -- --static JSON_DISPATCH_ENUM_DEFINE(dispatch_machine_class, MachineClass, machine_class_from_string); -- --static int machine_name(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) { -- char **m = ASSERT_PTR(userdata); -- const char *hostname; -- int r; -- -- assert(variant); -- -- if (!json_variant_is_string(variant)) -- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name)); -- -- hostname = json_variant_string(variant); -- if (!hostname_is_valid(hostname, /* flags= */ 0)) -- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Invalid machine name"); -- -- r = free_and_strdup(m, hostname); -- if (r < 0) -- return json_log_oom(variant, flags); -- -- return 0; --} -- --static int machine_leader(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) { -- PidRef *leader = ASSERT_PTR(userdata); -- _cleanup_(pidref_done) PidRef temp = PIDREF_NULL; -- uint64_t k; -- int r; -- -- if (!json_variant_is_unsigned(variant)) -- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an integer.", strna(name)); -- -- k = json_variant_unsigned(variant); -- if (k > PID_T_MAX || !pid_is_valid(k)) -- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid PID.", strna(name)); -- -- if (k == 1) -- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid leader PID.", strna(name)); -- -- r = pidref_set_pid(&temp, k); -- if (r < 0) -- return json_log(variant, flags, r, "Failed to pin process " PID_FMT ": %m", leader->pid); -- -- pidref_done(leader); -- -- *leader = TAKE_PIDREF(temp); -- -- return 0; --} -- --static int machine_ifindices(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) { -- Machine *m = ASSERT_PTR(userdata); -- _cleanup_free_ int *netif = NULL; -- size_t n_netif, k = 0; -- -- assert(variant); -- -- if (!json_variant_is_array(variant)) -- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name)); -- -- n_netif = json_variant_elements(variant); -- -- netif = new(int, n_netif); -- if (!netif) -- return json_log_oom(variant, flags); -- -- JsonVariant *i; -- JSON_VARIANT_ARRAY_FOREACH(i, variant) { -- uint64_t b; -- -- if (!json_variant_is_unsigned(i)) -- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Element %zu of JSON field '%s' is not an unsigned integer.", k, strna(name)); -- -- b = json_variant_unsigned(i); -- if (b > INT_MAX || b <= 0) -- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Invalid network interface index %"PRIu64, b); -- -- netif[k++] = (int) b; -- } -- assert(k == n_netif); -- -- free_and_replace(m->netif, netif); -- m->n_netif = n_netif; -- -- return 0; --} -- --static int machine_cid(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) { -- unsigned cid, *c = ASSERT_PTR(userdata); -- -- assert(variant); -- -- if (!json_variant_is_unsigned(variant)) -- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name)); -- -- cid = json_variant_unsigned(variant); -- if (!VSOCK_CID_IS_REGULAR(cid)) -- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a regular VSOCK CID.", strna(name)); -- -- *c = cid; -- -- return 0; --} -- --int vl_method_register(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) { -- Manager *manager = ASSERT_PTR(userdata); -- _cleanup_(machine_freep) Machine *machine = NULL; -- int r; -- -- static const JsonDispatch dispatch_table[] = { -- { "name", JSON_VARIANT_STRING, machine_name, offsetof(Machine, name), JSON_MANDATORY }, -- { "id", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(Machine, id), 0 }, -- { "service", JSON_VARIANT_STRING, json_dispatch_string, offsetof(Machine, service), 0 }, -- { "class", JSON_VARIANT_STRING, dispatch_machine_class, offsetof(Machine, class), JSON_MANDATORY }, -- { "leader", JSON_VARIANT_UNSIGNED, machine_leader, offsetof(Machine, leader), 0 }, -- { "rootDirectory", JSON_VARIANT_STRING, json_dispatch_absolute_path, offsetof(Machine, root_directory), 0 }, -- { "ifIndices", JSON_VARIANT_ARRAY, machine_ifindices, 0, 0 }, -- { "vsockCid", JSON_VARIANT_UNSIGNED, machine_cid, offsetof(Machine, vsock_cid), 0 }, -- { "sshAddress", JSON_VARIANT_STRING, json_dispatch_string, offsetof(Machine, ssh_address), JSON_SAFE }, -- { "sshPrivateKeyPath", JSON_VARIANT_STRING, json_dispatch_absolute_path, offsetof(Machine, ssh_private_key_path), 0 }, -- {} -- }; -- -- r = machine_new(_MACHINE_CLASS_INVALID, NULL, &machine); -- if (r < 0) -- return r; -- -- r = varlink_dispatch(link, parameters, dispatch_table, machine); -- if (r != 0) -- return r; -- -- if (!pidref_is_set(&machine->leader)) { -- r = varlink_get_peer_pidref(link, &machine->leader); -- if (r < 0) -- return r; -- } -- -- r = machine_link(manager, machine); -- if (r < 0) -- return r; -- -- r = cg_pidref_get_unit(&machine->leader, &machine->unit); -- if (r < 0) -- return r; -- -- r = machine_start(machine, NULL, NULL); -- if (r < 0) -- return r; -- -- /* the manager will free this machine */ -- TAKE_PTR(machine); -- -- return varlink_reply(link, NULL); --} diff --git a/src/machine/machine-varlink.h b/src/machine/machine-varlink.h deleted file mode 100644 index ce4ec54dc1..0000000000 @@ -384,34 +203,6 @@ index d01367a159..17313aefed 100644 'varlink-io.systemd.ManagedOOM.c', 'varlink-io.systemd.MountFileSystem.c', 'varlink-io.systemd.NamespaceResource.c', -diff --git a/src/shared/varlink-io.systemd.Machine.c b/src/shared/varlink-io.systemd.Machine.c -deleted file mode 100644 -index 936f01f366..0000000000 ---- a/src/shared/varlink-io.systemd.Machine.c -+++ /dev/null -@@ -1,22 +0,0 @@ --/* SPDX-License-Identifier: LGPL-2.1-or-later */ -- --#include "varlink-idl.h" --#include "varlink-io.systemd.Machine.h" -- --static VARLINK_DEFINE_METHOD( -- Register, -- VARLINK_DEFINE_INPUT(name, VARLINK_STRING, 0), -- VARLINK_DEFINE_INPUT(id, VARLINK_STRING, VARLINK_NULLABLE), -- VARLINK_DEFINE_INPUT(service, VARLINK_STRING, VARLINK_NULLABLE), -- VARLINK_DEFINE_INPUT(class, VARLINK_STRING, 0), -- VARLINK_DEFINE_INPUT(leader, VARLINK_INT, VARLINK_NULLABLE), -- VARLINK_DEFINE_INPUT(rootDirectory, VARLINK_STRING, VARLINK_NULLABLE), -- VARLINK_DEFINE_INPUT(ifIndices, VARLINK_INT, VARLINK_ARRAY|VARLINK_NULLABLE), -- VARLINK_DEFINE_INPUT(vsockCid, VARLINK_INT, VARLINK_NULLABLE), -- VARLINK_DEFINE_INPUT(sshAddress, VARLINK_STRING, VARLINK_NULLABLE), -- VARLINK_DEFINE_INPUT(sshPrivateKeyPath, VARLINK_STRING, VARLINK_NULLABLE)); -- --VARLINK_DEFINE_INTERFACE( -- io_systemd_Machine, -- "io.systemd.Machine", -- &vl_method_Register); diff --git a/src/shared/varlink-io.systemd.Machine.h b/src/shared/varlink-io.systemd.Machine.h deleted file mode 100644 index c9fc85f150..0000000000 diff --git a/systemd.spec b/systemd.spec index 6a7d82d..e9c2281 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,4 +1,4 @@ -%global commit 1781de18ab8ebc3e42a607851d8effb3b0355c87 +#global commit 1781de18ab8ebc3e42a607851d8effb3b0355c87 %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} # We ship a .pc file but don't want to have a dep on pkg-config. We @@ -32,13 +32,13 @@ # Build from git main %bcond upstream 0 -%{!?release_override:%global release_override 2} +%{!?release_override:%global release_override 1} Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256~rc1^20240509git%{shortcommit}} +Version: %{?version_override}%{!?version_override:256~rc2} Release: %{?release_override:%{release_override}%{?dist}}%{!?release_override:%autorelease} %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -110,7 +110,7 @@ Patch0001: 0001-Revert-machined-add-varlink-interface-for-registerin.patch # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 # Drop when dracut-060 is available. -Patch0001: https://github.com/systemd/systemd/pull/26494.patch +Patch0002: https://github.com/systemd/systemd/pull/26494.patch %endif # Those are downstream-only patches, but we don't want them in packit builds: From f706e12e058cc99a25c6778867d796a2bb0de818 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 15 May 2024 13:57:29 +0200 Subject: [PATCH 121/327] Upload sources [skip changelog] --- sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources b/sources index cd54bd0..713f573 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-1781de1.tar.gz) = caf850fe2b0a49b0808ed1767a0eb282136682ad52a815e422ddb69d8f9d0a40451ddc658815821fa1fa26cee8a0ab13e929457b71a0f15168c81e869ab884b9 +SHA512 (systemd-256-rc2.tar.gz) = 6db328bacb7b6b36e7cf11cc6e3a0136f1e0ea20bccb055f7524c130cc0ae5558f8a69eba2d3a50950e083f9928494c322c0a9daa4758dc2be1e09f2f05b233c From c72623872ad33b70e22b7de0756cad8bb1826137 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 23 May 2024 10:11:57 +0200 Subject: [PATCH 122/327] Version 256~rc3 The revert patch Patch0001 could be droppped, since the policy has been updated, but let's do that later separately. --- sources | 2 +- systemd.spec | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sources b/sources index 713f573..450d5cf 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256-rc2.tar.gz) = 6db328bacb7b6b36e7cf11cc6e3a0136f1e0ea20bccb055f7524c130cc0ae5558f8a69eba2d3a50950e083f9928494c322c0a9daa4758dc2be1e09f2f05b233c +SHA512 (systemd-256-rc3.tar.gz) = 0dce57bc6e4cefd59ad8f93e1e474f5a9de1857eac138fb6ca0735d2a7f8ebdea1469b8efe15b945be23281d8eddd321567d47b42a5145a86627587d34cc39c0 diff --git a/systemd.spec b/systemd.spec index e9c2281..dc9782c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -32,13 +32,13 @@ # Build from git main %bcond upstream 0 -%{!?release_override:%global release_override 1} +# %%{!?release_override:%%global release_override 1} Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256~rc2} +Version: %{?version_override}%{!?version_override:256~rc3} Release: %{?release_override:%{release_override}%{?dist}}%{!?release_override:%autorelease} %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From a94605b586d2d717f8f98a1278634e659041e0ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 29 May 2024 13:00:27 +0200 Subject: [PATCH 123/327] Add patch to work-around libbpf bug ... (rhbz#2280935) --- 0001-generator-setup-use-RET_GATHER.patch | 42 +++++++++++ ...e-stdio-array-of-safe_fork_full-wher.patch | 71 +++++++++++++++++++ ...ure-to-close-all-fds-for-invoked-gen.patch | 28 ++++++++ systemd.spec | 6 +- 4 files changed, 146 insertions(+), 1 deletion(-) create mode 100644 0001-generator-setup-use-RET_GATHER.patch create mode 100644 0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch create mode 100644 0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch diff --git a/0001-generator-setup-use-RET_GATHER.patch b/0001-generator-setup-use-RET_GATHER.patch new file mode 100644 index 0000000..220b210 --- /dev/null +++ b/0001-generator-setup-use-RET_GATHER.patch @@ -0,0 +1,42 @@ +From 89713133365b14634ed3f7e2812d4ddc17be0390 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 29 May 2024 11:45:50 +0200 +Subject: [PATCH 1/3] generator-setup: use RET_GATHER() + +--- + src/core/generator-setup.c | 12 +++--------- + 1 file changed, 3 insertions(+), 9 deletions(-) + +diff --git a/src/core/generator-setup.c b/src/core/generator-setup.c +index 00d6ad61fa..b16211e8f4 100644 +--- a/src/core/generator-setup.c ++++ b/src/core/generator-setup.c +@@ -8,7 +8,7 @@ + #include "rm-rf.h" + + int lookup_paths_mkdir_generator(LookupPaths *p) { +- int r, q; ++ int r; + + assert(p); + +@@ -16,14 +16,8 @@ int lookup_paths_mkdir_generator(LookupPaths *p) { + return -EINVAL; + + r = mkdir_p_label(p->generator, 0755); +- +- q = mkdir_p_label(p->generator_early, 0755); +- if (q < 0 && r >= 0) +- r = q; +- +- q = mkdir_p_label(p->generator_late, 0755); +- if (q < 0 && r >= 0) +- r = q; ++ RET_GATHER(r, mkdir_p_label(p->generator_early, 0755)); ++ RET_GATHER(r, mkdir_p_label(p->generator_late, 0755)); + + return r; + } +-- +2.45.0 + diff --git a/0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch b/0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch new file mode 100644 index 0000000..ae26e94 --- /dev/null +++ b/0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch @@ -0,0 +1,71 @@ +From 064e901cb34b1a3dddbbe98595a2731bb85c4424 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 29 May 2024 11:46:51 +0200 +Subject: [PATCH 2/3] exec-util: use the stdio array of safe_fork_full() where + appropriate + +--- + src/shared/exec-util.c | 28 ++++++++++++++++++---------- + 1 file changed, 18 insertions(+), 10 deletions(-) + +diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c +index 1c7b14d98d..dc0974572f 100644 +--- a/src/shared/exec-util.c ++++ b/src/shared/exec-util.c +@@ -36,27 +36,35 @@ + /* Put this test here for a lack of better place */ + assert_cc(EAGAIN == EWOULDBLOCK); + +-static int do_spawn(const char *path, char *argv[], int stdout_fd, pid_t *pid, bool set_systemd_exec_pid) { +- pid_t _pid; ++static int do_spawn( ++ const char *path, ++ char *argv[], ++ int stdout_fd, ++ pid_t *ret_pid, ++ bool set_systemd_exec_pid) { ++ + int r; + ++ assert(path); ++ assert(ret_pid); ++ + if (null_or_empty_path(path) > 0) { + log_debug("%s is empty (a mask).", path); + return 0; + } + +- r = safe_fork("(direxec)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE, &_pid); ++ pid_t pid; ++ r = safe_fork_full( ++ "(direxec)", ++ (const int[]) { STDIN_FILENO, stdout_fd < 0 ? STDOUT_FILENO : stdout_fd, STDERR_FILENO }, ++ /* except_fds= */ NULL, /* n_except_fds= */ 0, ++ FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO, ++ &pid); + if (r < 0) + return r; + if (r == 0) { + char *_argv[2]; + +- if (stdout_fd >= 0) { +- r = rearrange_stdio(STDIN_FILENO, TAKE_FD(stdout_fd), STDERR_FILENO); +- if (r < 0) +- _exit(EXIT_FAILURE); +- } +- + if (set_systemd_exec_pid) { + r = setenv_systemd_exec_pid(false); + if (r < 0) +@@ -75,7 +83,7 @@ static int do_spawn(const char *path, char *argv[], int stdout_fd, pid_t *pid, b + _exit(EXIT_FAILURE); + } + +- *pid = _pid; ++ *ret_pid = pid; + return 1; + } + +-- +2.45.0 + diff --git a/0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch b/0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch new file mode 100644 index 0000000..d2d95ac --- /dev/null +++ b/0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch @@ -0,0 +1,28 @@ +From 8263be4e65e565d8abb1d00f1c0e6ca9af44a4d1 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 29 May 2024 11:50:54 +0200 +Subject: [PATCH 3/3] exec-util: make sure to close all fds for invoked + generators + +We should really have set O_CLOEXEC for all our fds, but better be safe +than sorry. +--- + src/shared/exec-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c +index dc0974572f..ac1c150ab1 100644 +--- a/src/shared/exec-util.c ++++ b/src/shared/exec-util.c +@@ -58,7 +58,7 @@ static int do_spawn( + "(direxec)", + (const int[]) { STDIN_FILENO, stdout_fd < 0 ? STDOUT_FILENO : stdout_fd, STDERR_FILENO }, + /* except_fds= */ NULL, /* n_except_fds= */ 0, +- FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO, ++ FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO|FORK_CLOSE_ALL_FDS, + &pid); + if (r < 0) + return r; +-- +2.45.0 + diff --git a/systemd.spec b/systemd.spec index dc9782c..ba0c1d6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -106,11 +106,15 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Reverts https://github.com/systemd/systemd/commit/5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. Patch0001: 0001-Revert-machined-add-varlink-interface-for-registerin.patch +Patch0002: 0001-generator-setup-use-RET_GATHER.patch +Patch0003: 0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch +Patch0004: 0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch + %if 0%{?fedora} < 41 # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 # Drop when dracut-060 is available. -Patch0002: https://github.com/systemd/systemd/pull/26494.patch +Patch0010: https://github.com/systemd/systemd/pull/26494.patch %endif # Those are downstream-only patches, but we don't want them in packit builds: From 74810c5bc4fe7d872e54c253447ffd61bbc8839f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 29 May 2024 14:54:54 +0200 Subject: [PATCH 124/327] Fix release field [skip changelog] --- systemd.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index ba0c1d6..fc07235 100644 --- a/systemd.spec +++ b/systemd.spec @@ -32,14 +32,16 @@ # Build from git main %bcond upstream 0 -# %%{!?release_override:%%global release_override 1} +# Override %%autorelease. This is ugly, but rpmautospec doesn't implement +# autorelease correctly if the macro is conditionalized in the Release field. +%{?release_override:%global autorelease %{release_override}%{?dist}} Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. Version: %{?version_override}%{!?version_override:256~rc3} -Release: %{?release_override:%{release_override}%{?dist}}%{!?release_override:%autorelease} +Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From 1f94b56cee818068f57debfd78f035edd29f0e61 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Sun, 2 Jun 2024 10:07:04 -0700 Subject: [PATCH 125/327] Partially backport PR #33016 to fix crashes in KDE 6.3.0 --- ...e-use-correct-char-for-representing-.patch | 26 +++++ ...e-don-t-trigger-assertion-if-Working.patch | 100 ++++++++++++++++++ systemd.spec | 5 + 3 files changed, 131 insertions(+) create mode 100644 0001-core-dbus-execute-use-correct-char-for-representing-.patch create mode 100644 0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch diff --git a/0001-core-dbus-execute-use-correct-char-for-representing-.patch b/0001-core-dbus-execute-use-correct-char-for-representing-.patch new file mode 100644 index 0000000..005d49f --- /dev/null +++ b/0001-core-dbus-execute-use-correct-char-for-representing-.patch @@ -0,0 +1,26 @@ +From af87bdc6bc0d5b50af87ffd3b5cbd3e7c472dd42 Mon Sep 17 00:00:00 2001 +From: Mike Yuan +Date: Sun, 26 May 2024 00:49:09 +0800 +Subject: [PATCH 1/2] core/dbus-execute: use correct char for representing + WorkingDirectory=home + +--- + src/core/dbus-execute.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c +index e907aa67af..e55fb6ee16 100644 +--- a/src/core/dbus-execute.c ++++ b/src/core/dbus-execute.c +@@ -2755,7 +2755,7 @@ int bus_exec_context_set_transient_property( + c->working_directory_home = is_home; + c->working_directory_missing_ok = missing_ok; + +- unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "WorkingDirectory=%s%s", missing_ok ? "-" : "", c->working_directory_home ? "+" : ASSERT_PTR(c->working_directory)); ++ unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "WorkingDirectory=%s%s", missing_ok ? "-" : "", c->working_directory_home ? "~" : ASSERT_PTR(c->working_directory)); + } + + return 1; +-- +2.45.1 + diff --git a/0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch b/0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch new file mode 100644 index 0000000..fc4c89f --- /dev/null +++ b/0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch @@ -0,0 +1,100 @@ +From 6f8ef80bb3ba5d244a428aee200c168e809a0079 Mon Sep 17 00:00:00 2001 +From: Mike Yuan +Date: Sun, 26 May 2024 00:53:46 +0800 +Subject: [PATCH 2/2] core/dbus-execute: don't trigger assertion if + WorkingDirectory="" or "-" + +Follow-up for 14631951cea807de2d482a430841c604c2040718 + +Before this commit, if WorkingDirectory= is empty or literally "-", +'simplified' is not populated, resulting in the ASSERT_PTR +in unit_write_settingf() below getting triggered. + +Also, do not accept "-", so that the parser is consistent +with load-fragment.c + +Fixes #33015 +--- + src/core/dbus-execute.c | 49 ++++++++++++++++++++++------------------- + 1 file changed, 26 insertions(+), 23 deletions(-) + +diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c +index e55fb6ee16..21c260b26b 100644 +--- a/src/core/dbus-execute.c ++++ b/src/core/dbus-execute.c +@@ -2716,38 +2716,38 @@ int bus_exec_context_set_transient_property( + + } else if (streq(name, "WorkingDirectory")) { + _cleanup_free_ char *simplified = NULL; +- bool missing_ok, is_home; ++ bool missing_ok = false, is_home = false; + const char *s; + + r = sd_bus_message_read(message, "s", &s); + if (r < 0) + return r; + +- if (s[0] == '-') { +- missing_ok = true; +- s++; +- } else +- missing_ok = false; +- +- if (isempty(s)) +- is_home = false; +- else if (streq(s, "~")) +- is_home = true; +- else { +- if (!path_is_absolute(s)) +- return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "WorkingDirectory= expects an absolute path or '~'"); ++ if (!isempty(s)) { ++ if (s[0] == '-') { ++ missing_ok = true; ++ s++; ++ } + +- r = path_simplify_alloc(s, &simplified); +- if (r < 0) +- return r; ++ if (streq(s, "~")) ++ is_home = true; ++ else { ++ if (!path_is_absolute(s)) ++ return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, ++ "WorkingDirectory= expects an absolute path or '~'"); + +- if (!path_is_normalized(simplified)) +- return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "WorkingDirectory= expects a normalized path or '~'"); ++ r = path_simplify_alloc(s, &simplified); ++ if (r < 0) ++ return r; + +- if (path_below_api_vfs(simplified)) +- return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "WorkingDirectory= may not be below /proc/, /sys/ or /dev/."); ++ if (!path_is_normalized(simplified)) ++ return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, ++ "WorkingDirectory= expects a normalized path or '~'"); + +- is_home = false; ++ if (path_below_api_vfs(simplified)) ++ return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, ++ "WorkingDirectory= may not be below /proc/, /sys/ or /dev/"); ++ } + } + + if (!UNIT_WRITE_FLAGS_NOOP(flags)) { +@@ -2755,7 +2755,10 @@ int bus_exec_context_set_transient_property( + c->working_directory_home = is_home; + c->working_directory_missing_ok = missing_ok; + +- unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "WorkingDirectory=%s%s", missing_ok ? "-" : "", c->working_directory_home ? "~" : ASSERT_PTR(c->working_directory)); ++ unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, ++ "WorkingDirectory=%s%s", ++ c->working_directory_missing_ok ? "-" : "", ++ c->working_directory_home ? "~" : strempty(c->working_directory)); + } + + return 1; +-- +2.45.1 + diff --git a/systemd.spec b/systemd.spec index fc07235..6e056ae 100644 --- a/systemd.spec +++ b/systemd.spec @@ -112,6 +112,11 @@ Patch0002: 0001-generator-setup-use-RET_GATHER.patch Patch0003: 0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch Patch0004: 0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch +# Backport part of https://github.com/systemd/systemd/pull/33016 +# to fix a bug that causes crashes in KDE Frameworks 6.3.0 +Patch0005: 0001-core-dbus-execute-use-correct-char-for-representing-.patch +Patch0006: 0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch + %if 0%{?fedora} < 41 # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 From 69472997b91c457eb2e490e232592557baa76013 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 30 May 2024 13:16:53 +0200 Subject: [PATCH 126/327] Renumber sources and make order more consistent [skip changelog] --- systemd.spec | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/systemd.spec b/systemd.spec index 6e056ae..b0ce180 100644 --- a/systemd.spec +++ b/systemd.spec @@ -66,14 +66,14 @@ Source2: split-files.py Source3: purge-nobody-user # Prevent accidental removal of the systemd package -Source4: yum-protect-systemd.conf +Source5: yum-protect-systemd.conf -Source5: inittab -Source6: sysctl.conf.README -Source7: systemd-journal-remote.xml -Source8: systemd-journal-gatewayd.xml -Source9: 20-yama-ptrace.conf -Source10: systemd-udev-trigger-no-reload.conf +Source6: inittab +Source7: sysctl.conf.README +Source8: systemd-journal-remote.xml +Source9: systemd-journal-gatewayd.xml +Source10: 20-yama-ptrace.conf +Source11: systemd-udev-trigger-no-reload.conf # https://fedoraproject.org/wiki/How_to_filter_libabigail_reports Source13: .abignore @@ -821,11 +821,13 @@ touch %{buildroot}/etc/systemd/coredump.conf \ %{buildroot}/etc/udev/udev.conf \ %{buildroot}/etc/udev/iocost.conf +install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3} + # /etc/initab -install -Dm0644 -t %{buildroot}/etc/ %{SOURCE5} +install -Dm0644 -t %{buildroot}/etc/ %{SOURCE6} # /etc/sysctl.conf compat -install -Dm0644 %{SOURCE6} %{buildroot}/etc/sysctl.conf +install -Dm0644 %{SOURCE7} %{buildroot}/etc/sysctl.conf ln -s ../sysctl.conf %{buildroot}/etc/sysctl.d/99-sysctl.conf # Make sure these directories are properly owned @@ -878,21 +880,19 @@ touch %{buildroot}%{_localstatedir}/lib/systemd/timesync/clock touch %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload/state # Install yum protection fragment -install -Dm0644 %{SOURCE4} %{buildroot}/etc/dnf/protected.d/systemd.conf +install -Dm0644 %{SOURCE5} %{buildroot}/etc/dnf/protected.d/systemd.conf -install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE7} %{SOURCE8} +install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE8} %{SOURCE9} # Install additional docs # https://bugzilla.redhat.com/show_bug.cgi?id=1234951 -install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE9} +install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE10} # https://bugzilla.redhat.com/show_bug.cgi?id=1378974 -install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE10} +install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE11} install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/ %{SOURCE13} -install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3} - # systemd-oomd default configuration install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14} install -Dm0644 -t %{buildroot}%{system_unit_dir}/system.slice.d/ %{SOURCE15} From c56891fb68de56b9e40d26f2e5473aaaa8e24099 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 30 May 2024 13:21:44 +0200 Subject: [PATCH 127/327] Drop sysusers.d/basic.conf - We rely on setup to provide all necessary groups. --- systemd.spec | 13 +++++++++++++ test_sysusers_defined.py | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) create mode 100755 test_sysusers_defined.py diff --git a/systemd.spec b/systemd.spec index b0ce180..ff42fbb 100644 --- a/systemd.spec +++ b/systemd.spec @@ -64,6 +64,7 @@ Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/ Source1: triggers.systemd Source2: split-files.py Source3: purge-nobody-user +Source4: test_sysusers_defined.py # Prevent accidental removal of the systemd package Source5: yum-protect-systemd.conf @@ -271,6 +272,11 @@ Conflicts: initscripts < 9.56.1 %if 0%{?fedora} Conflicts: fedora-release < 23-0.12 %endif +%if 0%{?fedora} >= 41 +BuildRequires: setup >= 2.15.0-3 +BuildRequires: python3 +Conflicts: setup < 2.15.0-3 +%endif %if 0%{?fedora} >= 41 # Make sure that dracut supports systemd-executor and the renames done for v255, @@ -926,6 +932,13 @@ ln -s --relative %{buildroot}%{_bindir}/kernel-install %{buildroot}%{_sbindir}/i mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ %endif +%if 0%{?fedora} >= 41 +# This requires https://pagure.io/setup/pull-request/50 +# and https://src.fedoraproject.org/rpms/setup/pull-request/10. +%{python3} %{SOURCE4} /usr/lib/sysusers.d/20-setup-{users,groups}.conf %{buildroot}/usr/lib/sysusers.d/basic.conf +rm %{buildroot}/usr/lib/sysusers.d/basic.conf +%endif + %find_lang %{name} # Split files in build root into rpms diff --git a/test_sysusers_defined.py b/test_sysusers_defined.py new file mode 100755 index 0000000..2754578 --- /dev/null +++ b/test_sysusers_defined.py @@ -0,0 +1,34 @@ +#!/usr/bin/python + +import sys + +def parse_sysusers_file(filename): + users, groups = set(), set() + + for line in open(filename): + line = line.strip() + if not line or line.startswith('#'): + continue + words = line.split() + match words[0]: + case 'u': + users.add(words[1]) + case 'g': + groups.add(words[1]) + case 'm'|'r': + continue + case _: + assert False + return users, groups + +setup_users, setup_groups = parse_sysusers_file(sys.argv[1]) +setup_users2, setup_groups2 = parse_sysusers_file(sys.argv[2]) +setup_users |= setup_users2 +setup_groups |= setup_groups2 + +basic_users, basic_groups = parse_sysusers_file(sys.argv[3]) + +if d := basic_users - setup_users: + exit(f'We have new users: {d}') +if d := basic_groups - setup_groups: + exit(f'We have new groups: {d}') From 65d9b4979146fecbfb21f35ac7cfb3d01147d217 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 6 Jun 2024 21:53:54 +0200 Subject: [PATCH 128/327] Fix typo [skip changelog] --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index ff42fbb..2821ad2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -989,7 +989,7 @@ fi # FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558) -# This is the explanded form of %%systemd_user_daemon_reexec. We +# This is the expanded form of %%systemd_user_daemon_reexec. We # can't use the macro because we define it ourselves. if [ $1 -ge 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then # Package upgrade, not uninstall From 421f0041b3dc4bcf6dd611ebfab950da69ec946b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 6 Jun 2024 22:04:51 +0200 Subject: [PATCH 129/327] Version 256~rc4 --- ...add-varlink-interface-for-registerin.patch | 217 ------------------ ...e-use-correct-char-for-representing-.patch | 26 --- 0001-generator-setup-use-RET_GATHER.patch | 42 ---- ...e-don-t-trigger-assertion-if-Working.patch | 100 -------- ...e-stdio-array-of-safe_fork_full-wher.patch | 71 ------ ...ure-to-close-all-fds-for-invoked-gen.patch | 28 --- sources | 2 +- systemd.spec | 17 +- 8 files changed, 3 insertions(+), 500 deletions(-) delete mode 100644 0001-Revert-machined-add-varlink-interface-for-registerin.patch delete mode 100644 0001-core-dbus-execute-use-correct-char-for-representing-.patch delete mode 100644 0001-generator-setup-use-RET_GATHER.patch delete mode 100644 0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch delete mode 100644 0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch delete mode 100644 0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch diff --git a/0001-Revert-machined-add-varlink-interface-for-registerin.patch b/0001-Revert-machined-add-varlink-interface-for-registerin.patch deleted file mode 100644 index 01946d6..0000000 --- a/0001-Revert-machined-add-varlink-interface-for-registerin.patch +++ /dev/null @@ -1,217 +0,0 @@ -From c93a24119977a11791aab0f3df5e5cb9973a34de Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sat, 11 May 2024 13:27:12 +0200 -Subject: [PATCH] Revert "machined: add varlink interface for registering - machines" - -This reverts commit 5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. ---- - man/systemd-machined.service.xml | 6 +-- - src/machine/machine-varlink.h | 6 --- - src/machine/machined-varlink.c | 62 ++----------------------- - src/machine/machined.c | 5 +- - src/machine/machined.h | 3 +- - src/machine/meson.build | 1 - - src/shared/meson.build | 1 - - src/shared/varlink-io.systemd.Machine.h | 6 --- - 8 files changed, 8 insertions(+), 82 deletions(-) - delete mode 100644 src/machine/machine-varlink.h - delete mode 100644 src/shared/varlink-io.systemd.Machine.h - -diff --git a/man/systemd-machined.service.xml b/man/systemd-machined.service.xml -index b2899ff0fd..f3d7755973 100644 ---- a/man/systemd-machined.service.xml -+++ b/man/systemd-machined.service.xml -@@ -100,12 +100,10 @@ - - The daemon provides both a C library interface - (which is shared with systemd-logind.service8) -- as well as a D-Bus interface and a Varlink interface. -+ as well as a D-Bus interface. - The library interface may be used to introspect and watch the state of virtual machines/containers. - The bus interface provides the same but in addition may also be used to register or terminate -- machines. The Varlink interface may be used to register machines with optional extensions, e.g. with an -- SSH key / address; it can be queried with -- varlinkctl introspect /run/systemd/machine/io.systemd.Machine io.systemd.Machine. -+ machines. - For more information please consult - sd-login3 - and -diff --git a/src/machine/machine-varlink.h b/src/machine/machine-varlink.h -deleted file mode 100644 -index ce4ec54dc1..0000000000 ---- a/src/machine/machine-varlink.h -+++ /dev/null -@@ -1,6 +0,0 @@ --/* SPDX-License-Identifier: LGPL-2.1-or-later */ --#pragma once -- --#include "varlink.h" -- --int vl_method_register(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata); -diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c -index 0d3ae627c1..6ca98e27cf 100644 ---- a/src/machine/machined-varlink.c -+++ b/src/machine/machined-varlink.c -@@ -1,12 +1,10 @@ - /* SPDX-License-Identifier: LGPL-2.1-or-later */ - - #include "format-util.h" --#include "machine-varlink.h" - #include "machined-varlink.h" - #include "mkdir.h" - #include "user-util.h" - #include "varlink.h" --#include "varlink-io.systemd.Machine.h" - #include "varlink-io.systemd.UserDatabase.h" - - typedef struct LookupParameters { -@@ -380,13 +378,13 @@ static int vl_method_get_memberships(Varlink *link, JsonVariant *parameters, Var - return varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL); - } - --static int manager_varlink_init_userdb(Manager *m) { -+int manager_varlink_init(Manager *m) { - _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; - int r; - - assert(m); - -- if (m->varlink_userdb_server) -+ if (m->varlink_server) - return 0; - - r = varlink_server_new(&s, VARLINK_SERVER_ACCOUNT_UID|VARLINK_SERVER_INHERIT_USERDATA); -@@ -417,64 +415,12 @@ static int manager_varlink_init_userdb(Manager *m) { - if (r < 0) - return log_error_errno(r, "Failed to attach varlink connection to event loop: %m"); - -- m->varlink_userdb_server = TAKE_PTR(s); -- return 0; --} -- --static int manager_varlink_init_machine(Manager *m) { -- _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; -- int r; -- -- assert(m); -- -- if (m->varlink_machine_server) -- return 0; -- -- r = varlink_server_new(&s, VARLINK_SERVER_ROOT_ONLY|VARLINK_SERVER_INHERIT_USERDATA); -- if (r < 0) -- return log_error_errno(r, "Failed to allocate varlink server object: %m"); -- -- varlink_server_set_userdata(s, m); -- -- r = varlink_server_add_interface(s, &vl_interface_io_systemd_Machine); -- if (r < 0) -- return log_error_errno(r, "Failed to add UserDatabase interface to varlink server: %m"); -- -- r = varlink_server_bind_method(s, "io.systemd.Machine.Register", vl_method_register); -- if (r < 0) -- return log_error_errno(r, "Failed to register varlink methods: %m"); -- -- (void) mkdir_p("/run/systemd/machine", 0755); -- -- r = varlink_server_listen_address(s, "/run/systemd/machine/io.systemd.Machine", 0666); -- if (r < 0) -- return log_error_errno(r, "Failed to bind to varlink socket: %m"); -- -- r = varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); -- if (r < 0) -- return log_error_errno(r, "Failed to attach varlink connection to event loop: %m"); -- -- m->varlink_machine_server = TAKE_PTR(s); -- return 0; --} -- --int manager_varlink_init(Manager *m) { -- int r; -- -- r = manager_varlink_init_userdb(m); -- if (r < 0) -- return r; -- -- r = manager_varlink_init_machine(m); -- if (r < 0) -- return r; -- -+ m->varlink_server = TAKE_PTR(s); - return 0; - } - - void manager_varlink_done(Manager *m) { - assert(m); - -- m->varlink_userdb_server = varlink_server_unref(m->varlink_userdb_server); -- m->varlink_machine_server = varlink_server_unref(m->varlink_machine_server); -+ m->varlink_server = varlink_server_unref(m->varlink_server); - } -diff --git a/src/machine/machined.c b/src/machine/machined.c -index d7087e4672..2638ed572e 100644 ---- a/src/machine/machined.c -+++ b/src/machine/machined.c -@@ -316,10 +316,7 @@ static bool check_idle(void *userdata) { - if (m->operations) - return false; - -- if (varlink_server_current_connections(m->varlink_userdb_server) > 0) -- return false; -- -- if (varlink_server_current_connections(m->varlink_machine_server) > 0) -+ if (varlink_server_current_connections(m->varlink_server) > 0) - return false; - - manager_gc(m, true); -diff --git a/src/machine/machined.h b/src/machine/machined.h -index 67abed0fd6..280c32bab6 100644 ---- a/src/machine/machined.h -+++ b/src/machine/machined.h -@@ -40,8 +40,7 @@ struct Manager { - sd_event_source *nscd_cache_flush_event; - #endif - -- VarlinkServer *varlink_userdb_server; -- VarlinkServer *varlink_machine_server; -+ VarlinkServer *varlink_server; - }; - - int manager_add_machine(Manager *m, const char *name, Machine **_machine); -diff --git a/src/machine/meson.build b/src/machine/meson.build -index 3150b33de5..c82a32589d 100644 ---- a/src/machine/meson.build -+++ b/src/machine/meson.build -@@ -3,7 +3,6 @@ - libmachine_core_sources = files( - 'image-dbus.c', - 'machine-dbus.c', -- 'machine-varlink.c', - 'machine.c', - 'machined-core.c', - 'machined-dbus.c', -diff --git a/src/shared/meson.build b/src/shared/meson.build -index d01367a159..17313aefed 100644 ---- a/src/shared/meson.build -+++ b/src/shared/meson.build -@@ -180,7 +180,6 @@ shared_sources = files( - 'varlink-io.systemd.Credentials.c', - 'varlink-io.systemd.Hostname.c', - 'varlink-io.systemd.Journal.c', -- 'varlink-io.systemd.Machine.c', - 'varlink-io.systemd.ManagedOOM.c', - 'varlink-io.systemd.MountFileSystem.c', - 'varlink-io.systemd.NamespaceResource.c', -diff --git a/src/shared/varlink-io.systemd.Machine.h b/src/shared/varlink-io.systemd.Machine.h -deleted file mode 100644 -index c9fc85f150..0000000000 ---- a/src/shared/varlink-io.systemd.Machine.h -+++ /dev/null -@@ -1,6 +0,0 @@ --/* SPDX-License-Identifier: LGPL-2.1-or-later */ --#pragma once -- --#include "varlink-idl.h" -- --extern const VarlinkInterface vl_interface_io_systemd_Machine; diff --git a/0001-core-dbus-execute-use-correct-char-for-representing-.patch b/0001-core-dbus-execute-use-correct-char-for-representing-.patch deleted file mode 100644 index 005d49f..0000000 --- a/0001-core-dbus-execute-use-correct-char-for-representing-.patch +++ /dev/null @@ -1,26 +0,0 @@ -From af87bdc6bc0d5b50af87ffd3b5cbd3e7c472dd42 Mon Sep 17 00:00:00 2001 -From: Mike Yuan -Date: Sun, 26 May 2024 00:49:09 +0800 -Subject: [PATCH 1/2] core/dbus-execute: use correct char for representing - WorkingDirectory=home - ---- - src/core/dbus-execute.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c -index e907aa67af..e55fb6ee16 100644 ---- a/src/core/dbus-execute.c -+++ b/src/core/dbus-execute.c -@@ -2755,7 +2755,7 @@ int bus_exec_context_set_transient_property( - c->working_directory_home = is_home; - c->working_directory_missing_ok = missing_ok; - -- unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "WorkingDirectory=%s%s", missing_ok ? "-" : "", c->working_directory_home ? "+" : ASSERT_PTR(c->working_directory)); -+ unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "WorkingDirectory=%s%s", missing_ok ? "-" : "", c->working_directory_home ? "~" : ASSERT_PTR(c->working_directory)); - } - - return 1; --- -2.45.1 - diff --git a/0001-generator-setup-use-RET_GATHER.patch b/0001-generator-setup-use-RET_GATHER.patch deleted file mode 100644 index 220b210..0000000 --- a/0001-generator-setup-use-RET_GATHER.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 89713133365b14634ed3f7e2812d4ddc17be0390 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 29 May 2024 11:45:50 +0200 -Subject: [PATCH 1/3] generator-setup: use RET_GATHER() - ---- - src/core/generator-setup.c | 12 +++--------- - 1 file changed, 3 insertions(+), 9 deletions(-) - -diff --git a/src/core/generator-setup.c b/src/core/generator-setup.c -index 00d6ad61fa..b16211e8f4 100644 ---- a/src/core/generator-setup.c -+++ b/src/core/generator-setup.c -@@ -8,7 +8,7 @@ - #include "rm-rf.h" - - int lookup_paths_mkdir_generator(LookupPaths *p) { -- int r, q; -+ int r; - - assert(p); - -@@ -16,14 +16,8 @@ int lookup_paths_mkdir_generator(LookupPaths *p) { - return -EINVAL; - - r = mkdir_p_label(p->generator, 0755); -- -- q = mkdir_p_label(p->generator_early, 0755); -- if (q < 0 && r >= 0) -- r = q; -- -- q = mkdir_p_label(p->generator_late, 0755); -- if (q < 0 && r >= 0) -- r = q; -+ RET_GATHER(r, mkdir_p_label(p->generator_early, 0755)); -+ RET_GATHER(r, mkdir_p_label(p->generator_late, 0755)); - - return r; - } --- -2.45.0 - diff --git a/0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch b/0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch deleted file mode 100644 index fc4c89f..0000000 --- a/0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 6f8ef80bb3ba5d244a428aee200c168e809a0079 Mon Sep 17 00:00:00 2001 -From: Mike Yuan -Date: Sun, 26 May 2024 00:53:46 +0800 -Subject: [PATCH 2/2] core/dbus-execute: don't trigger assertion if - WorkingDirectory="" or "-" - -Follow-up for 14631951cea807de2d482a430841c604c2040718 - -Before this commit, if WorkingDirectory= is empty or literally "-", -'simplified' is not populated, resulting in the ASSERT_PTR -in unit_write_settingf() below getting triggered. - -Also, do not accept "-", so that the parser is consistent -with load-fragment.c - -Fixes #33015 ---- - src/core/dbus-execute.c | 49 ++++++++++++++++++++++------------------- - 1 file changed, 26 insertions(+), 23 deletions(-) - -diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c -index e55fb6ee16..21c260b26b 100644 ---- a/src/core/dbus-execute.c -+++ b/src/core/dbus-execute.c -@@ -2716,38 +2716,38 @@ int bus_exec_context_set_transient_property( - - } else if (streq(name, "WorkingDirectory")) { - _cleanup_free_ char *simplified = NULL; -- bool missing_ok, is_home; -+ bool missing_ok = false, is_home = false; - const char *s; - - r = sd_bus_message_read(message, "s", &s); - if (r < 0) - return r; - -- if (s[0] == '-') { -- missing_ok = true; -- s++; -- } else -- missing_ok = false; -- -- if (isempty(s)) -- is_home = false; -- else if (streq(s, "~")) -- is_home = true; -- else { -- if (!path_is_absolute(s)) -- return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "WorkingDirectory= expects an absolute path or '~'"); -+ if (!isempty(s)) { -+ if (s[0] == '-') { -+ missing_ok = true; -+ s++; -+ } - -- r = path_simplify_alloc(s, &simplified); -- if (r < 0) -- return r; -+ if (streq(s, "~")) -+ is_home = true; -+ else { -+ if (!path_is_absolute(s)) -+ return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, -+ "WorkingDirectory= expects an absolute path or '~'"); - -- if (!path_is_normalized(simplified)) -- return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "WorkingDirectory= expects a normalized path or '~'"); -+ r = path_simplify_alloc(s, &simplified); -+ if (r < 0) -+ return r; - -- if (path_below_api_vfs(simplified)) -- return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "WorkingDirectory= may not be below /proc/, /sys/ or /dev/."); -+ if (!path_is_normalized(simplified)) -+ return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, -+ "WorkingDirectory= expects a normalized path or '~'"); - -- is_home = false; -+ if (path_below_api_vfs(simplified)) -+ return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, -+ "WorkingDirectory= may not be below /proc/, /sys/ or /dev/"); -+ } - } - - if (!UNIT_WRITE_FLAGS_NOOP(flags)) { -@@ -2755,7 +2755,10 @@ int bus_exec_context_set_transient_property( - c->working_directory_home = is_home; - c->working_directory_missing_ok = missing_ok; - -- unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "WorkingDirectory=%s%s", missing_ok ? "-" : "", c->working_directory_home ? "~" : ASSERT_PTR(c->working_directory)); -+ unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, -+ "WorkingDirectory=%s%s", -+ c->working_directory_missing_ok ? "-" : "", -+ c->working_directory_home ? "~" : strempty(c->working_directory)); - } - - return 1; --- -2.45.1 - diff --git a/0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch b/0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch deleted file mode 100644 index ae26e94..0000000 --- a/0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 064e901cb34b1a3dddbbe98595a2731bb85c4424 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 29 May 2024 11:46:51 +0200 -Subject: [PATCH 2/3] exec-util: use the stdio array of safe_fork_full() where - appropriate - ---- - src/shared/exec-util.c | 28 ++++++++++++++++++---------- - 1 file changed, 18 insertions(+), 10 deletions(-) - -diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c -index 1c7b14d98d..dc0974572f 100644 ---- a/src/shared/exec-util.c -+++ b/src/shared/exec-util.c -@@ -36,27 +36,35 @@ - /* Put this test here for a lack of better place */ - assert_cc(EAGAIN == EWOULDBLOCK); - --static int do_spawn(const char *path, char *argv[], int stdout_fd, pid_t *pid, bool set_systemd_exec_pid) { -- pid_t _pid; -+static int do_spawn( -+ const char *path, -+ char *argv[], -+ int stdout_fd, -+ pid_t *ret_pid, -+ bool set_systemd_exec_pid) { -+ - int r; - -+ assert(path); -+ assert(ret_pid); -+ - if (null_or_empty_path(path) > 0) { - log_debug("%s is empty (a mask).", path); - return 0; - } - -- r = safe_fork("(direxec)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE, &_pid); -+ pid_t pid; -+ r = safe_fork_full( -+ "(direxec)", -+ (const int[]) { STDIN_FILENO, stdout_fd < 0 ? STDOUT_FILENO : stdout_fd, STDERR_FILENO }, -+ /* except_fds= */ NULL, /* n_except_fds= */ 0, -+ FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO, -+ &pid); - if (r < 0) - return r; - if (r == 0) { - char *_argv[2]; - -- if (stdout_fd >= 0) { -- r = rearrange_stdio(STDIN_FILENO, TAKE_FD(stdout_fd), STDERR_FILENO); -- if (r < 0) -- _exit(EXIT_FAILURE); -- } -- - if (set_systemd_exec_pid) { - r = setenv_systemd_exec_pid(false); - if (r < 0) -@@ -75,7 +83,7 @@ static int do_spawn(const char *path, char *argv[], int stdout_fd, pid_t *pid, b - _exit(EXIT_FAILURE); - } - -- *pid = _pid; -+ *ret_pid = pid; - return 1; - } - --- -2.45.0 - diff --git a/0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch b/0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch deleted file mode 100644 index d2d95ac..0000000 --- a/0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 8263be4e65e565d8abb1d00f1c0e6ca9af44a4d1 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 29 May 2024 11:50:54 +0200 -Subject: [PATCH 3/3] exec-util: make sure to close all fds for invoked - generators - -We should really have set O_CLOEXEC for all our fds, but better be safe -than sorry. ---- - src/shared/exec-util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c -index dc0974572f..ac1c150ab1 100644 ---- a/src/shared/exec-util.c -+++ b/src/shared/exec-util.c -@@ -58,7 +58,7 @@ static int do_spawn( - "(direxec)", - (const int[]) { STDIN_FILENO, stdout_fd < 0 ? STDOUT_FILENO : stdout_fd, STDERR_FILENO }, - /* except_fds= */ NULL, /* n_except_fds= */ 0, -- FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO, -+ FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO|FORK_CLOSE_ALL_FDS, - &pid); - if (r < 0) - return r; --- -2.45.0 - diff --git a/sources b/sources index 450d5cf..2f0f391 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256-rc3.tar.gz) = 0dce57bc6e4cefd59ad8f93e1e474f5a9de1857eac138fb6ca0735d2a7f8ebdea1469b8efe15b945be23281d8eddd321567d47b42a5145a86627587d34cc39c0 +SHA512 (systemd-256-rc4.tar.gz) = 0233c4d6c99027192312b38fff66258860570d3b09324c2748767b318697958383ecf5133bd187d52778671c286afd41eb7c83e755dffd4c12e46b16fc3f0d0d diff --git a/systemd.spec b/systemd.spec index 2821ad2..9c9a588 100644 --- a/systemd.spec +++ b/systemd.spec @@ -40,7 +40,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256~rc3} +Version: %{?version_override}%{!?version_override:256~rc4} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -103,20 +103,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # applying upstream pull requests. %if %{without upstream} -# Drop varlink method call until selinux policy is updated, -# see https://bodhi.fedoraproject.org/updates/FEDORA-2024-d5c99f5063, -# https://bugzilla.redhat.com/show_bug.cgi?id=2279923. -# Reverts https://github.com/systemd/systemd/commit/5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. -Patch0001: 0001-Revert-machined-add-varlink-interface-for-registerin.patch - -Patch0002: 0001-generator-setup-use-RET_GATHER.patch -Patch0003: 0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch -Patch0004: 0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch - -# Backport part of https://github.com/systemd/systemd/pull/33016 -# to fix a bug that causes crashes in KDE Frameworks 6.3.0 -Patch0005: 0001-core-dbus-execute-use-correct-char-for-representing-.patch -Patch0006: 0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch %if 0%{?fedora} < 41 # Work-around for dracut issue: run generators directly when we are in initrd @@ -276,6 +262,7 @@ Conflicts: fedora-release < 23-0.12 BuildRequires: setup >= 2.15.0-3 BuildRequires: python3 Conflicts: setup < 2.15.0-3 +Conflicts: selinux-policy-any < 41.1 %endif %if 0%{?fedora} >= 41 From b32641170ec138988700a915222e0220d901731f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 7 Jun 2024 17:03:20 +0200 Subject: [PATCH 130/327] Restore patch to drop varlink method call It still seems to fail in the CI. Maybe the selinux policy does not work as expected. --- ...add-varlink-interface-for-registerin.patch | 217 ++++++++++++++++++ systemd.spec | 5 + 2 files changed, 222 insertions(+) create mode 100644 0001-Revert-machined-add-varlink-interface-for-registerin.patch diff --git a/0001-Revert-machined-add-varlink-interface-for-registerin.patch b/0001-Revert-machined-add-varlink-interface-for-registerin.patch new file mode 100644 index 0000000..01946d6 --- /dev/null +++ b/0001-Revert-machined-add-varlink-interface-for-registerin.patch @@ -0,0 +1,217 @@ +From c93a24119977a11791aab0f3df5e5cb9973a34de Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sat, 11 May 2024 13:27:12 +0200 +Subject: [PATCH] Revert "machined: add varlink interface for registering + machines" + +This reverts commit 5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. +--- + man/systemd-machined.service.xml | 6 +-- + src/machine/machine-varlink.h | 6 --- + src/machine/machined-varlink.c | 62 ++----------------------- + src/machine/machined.c | 5 +- + src/machine/machined.h | 3 +- + src/machine/meson.build | 1 - + src/shared/meson.build | 1 - + src/shared/varlink-io.systemd.Machine.h | 6 --- + 8 files changed, 8 insertions(+), 82 deletions(-) + delete mode 100644 src/machine/machine-varlink.h + delete mode 100644 src/shared/varlink-io.systemd.Machine.h + +diff --git a/man/systemd-machined.service.xml b/man/systemd-machined.service.xml +index b2899ff0fd..f3d7755973 100644 +--- a/man/systemd-machined.service.xml ++++ b/man/systemd-machined.service.xml +@@ -100,12 +100,10 @@ + + The daemon provides both a C library interface + (which is shared with systemd-logind.service8) +- as well as a D-Bus interface and a Varlink interface. ++ as well as a D-Bus interface. + The library interface may be used to introspect and watch the state of virtual machines/containers. + The bus interface provides the same but in addition may also be used to register or terminate +- machines. The Varlink interface may be used to register machines with optional extensions, e.g. with an +- SSH key / address; it can be queried with +- varlinkctl introspect /run/systemd/machine/io.systemd.Machine io.systemd.Machine. ++ machines. + For more information please consult + sd-login3 + and +diff --git a/src/machine/machine-varlink.h b/src/machine/machine-varlink.h +deleted file mode 100644 +index ce4ec54dc1..0000000000 +--- a/src/machine/machine-varlink.h ++++ /dev/null +@@ -1,6 +0,0 @@ +-/* SPDX-License-Identifier: LGPL-2.1-or-later */ +-#pragma once +- +-#include "varlink.h" +- +-int vl_method_register(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata); +diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c +index 0d3ae627c1..6ca98e27cf 100644 +--- a/src/machine/machined-varlink.c ++++ b/src/machine/machined-varlink.c +@@ -1,12 +1,10 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + + #include "format-util.h" +-#include "machine-varlink.h" + #include "machined-varlink.h" + #include "mkdir.h" + #include "user-util.h" + #include "varlink.h" +-#include "varlink-io.systemd.Machine.h" + #include "varlink-io.systemd.UserDatabase.h" + + typedef struct LookupParameters { +@@ -380,13 +378,13 @@ static int vl_method_get_memberships(Varlink *link, JsonVariant *parameters, Var + return varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL); + } + +-static int manager_varlink_init_userdb(Manager *m) { ++int manager_varlink_init(Manager *m) { + _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; + int r; + + assert(m); + +- if (m->varlink_userdb_server) ++ if (m->varlink_server) + return 0; + + r = varlink_server_new(&s, VARLINK_SERVER_ACCOUNT_UID|VARLINK_SERVER_INHERIT_USERDATA); +@@ -417,64 +415,12 @@ static int manager_varlink_init_userdb(Manager *m) { + if (r < 0) + return log_error_errno(r, "Failed to attach varlink connection to event loop: %m"); + +- m->varlink_userdb_server = TAKE_PTR(s); +- return 0; +-} +- +-static int manager_varlink_init_machine(Manager *m) { +- _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; +- int r; +- +- assert(m); +- +- if (m->varlink_machine_server) +- return 0; +- +- r = varlink_server_new(&s, VARLINK_SERVER_ROOT_ONLY|VARLINK_SERVER_INHERIT_USERDATA); +- if (r < 0) +- return log_error_errno(r, "Failed to allocate varlink server object: %m"); +- +- varlink_server_set_userdata(s, m); +- +- r = varlink_server_add_interface(s, &vl_interface_io_systemd_Machine); +- if (r < 0) +- return log_error_errno(r, "Failed to add UserDatabase interface to varlink server: %m"); +- +- r = varlink_server_bind_method(s, "io.systemd.Machine.Register", vl_method_register); +- if (r < 0) +- return log_error_errno(r, "Failed to register varlink methods: %m"); +- +- (void) mkdir_p("/run/systemd/machine", 0755); +- +- r = varlink_server_listen_address(s, "/run/systemd/machine/io.systemd.Machine", 0666); +- if (r < 0) +- return log_error_errno(r, "Failed to bind to varlink socket: %m"); +- +- r = varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); +- if (r < 0) +- return log_error_errno(r, "Failed to attach varlink connection to event loop: %m"); +- +- m->varlink_machine_server = TAKE_PTR(s); +- return 0; +-} +- +-int manager_varlink_init(Manager *m) { +- int r; +- +- r = manager_varlink_init_userdb(m); +- if (r < 0) +- return r; +- +- r = manager_varlink_init_machine(m); +- if (r < 0) +- return r; +- ++ m->varlink_server = TAKE_PTR(s); + return 0; + } + + void manager_varlink_done(Manager *m) { + assert(m); + +- m->varlink_userdb_server = varlink_server_unref(m->varlink_userdb_server); +- m->varlink_machine_server = varlink_server_unref(m->varlink_machine_server); ++ m->varlink_server = varlink_server_unref(m->varlink_server); + } +diff --git a/src/machine/machined.c b/src/machine/machined.c +index d7087e4672..2638ed572e 100644 +--- a/src/machine/machined.c ++++ b/src/machine/machined.c +@@ -316,10 +316,7 @@ static bool check_idle(void *userdata) { + if (m->operations) + return false; + +- if (varlink_server_current_connections(m->varlink_userdb_server) > 0) +- return false; +- +- if (varlink_server_current_connections(m->varlink_machine_server) > 0) ++ if (varlink_server_current_connections(m->varlink_server) > 0) + return false; + + manager_gc(m, true); +diff --git a/src/machine/machined.h b/src/machine/machined.h +index 67abed0fd6..280c32bab6 100644 +--- a/src/machine/machined.h ++++ b/src/machine/machined.h +@@ -40,8 +40,7 @@ struct Manager { + sd_event_source *nscd_cache_flush_event; + #endif + +- VarlinkServer *varlink_userdb_server; +- VarlinkServer *varlink_machine_server; ++ VarlinkServer *varlink_server; + }; + + int manager_add_machine(Manager *m, const char *name, Machine **_machine); +diff --git a/src/machine/meson.build b/src/machine/meson.build +index 3150b33de5..c82a32589d 100644 +--- a/src/machine/meson.build ++++ b/src/machine/meson.build +@@ -3,7 +3,6 @@ + libmachine_core_sources = files( + 'image-dbus.c', + 'machine-dbus.c', +- 'machine-varlink.c', + 'machine.c', + 'machined-core.c', + 'machined-dbus.c', +diff --git a/src/shared/meson.build b/src/shared/meson.build +index d01367a159..17313aefed 100644 +--- a/src/shared/meson.build ++++ b/src/shared/meson.build +@@ -180,7 +180,6 @@ shared_sources = files( + 'varlink-io.systemd.Credentials.c', + 'varlink-io.systemd.Hostname.c', + 'varlink-io.systemd.Journal.c', +- 'varlink-io.systemd.Machine.c', + 'varlink-io.systemd.ManagedOOM.c', + 'varlink-io.systemd.MountFileSystem.c', + 'varlink-io.systemd.NamespaceResource.c', +diff --git a/src/shared/varlink-io.systemd.Machine.h b/src/shared/varlink-io.systemd.Machine.h +deleted file mode 100644 +index c9fc85f150..0000000000 +--- a/src/shared/varlink-io.systemd.Machine.h ++++ /dev/null +@@ -1,6 +0,0 @@ +-/* SPDX-License-Identifier: LGPL-2.1-or-later */ +-#pragma once +- +-#include "varlink-idl.h" +- +-extern const VarlinkInterface vl_interface_io_systemd_Machine; diff --git a/systemd.spec b/systemd.spec index 9c9a588..ff4ea6c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -103,6 +103,11 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # applying upstream pull requests. %if %{without upstream} +# Drop varlink method call until selinux policy is updated, +# see https://bodhi.fedoraproject.org/updates/FEDORA-2024-d5c99f5063, +# https://bugzilla.redhat.com/show_bug.cgi?id=2279923. +# Reverts https://github.com/systemd/systemd/commit/5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. +Patch0001: 0001-Revert-machined-add-varlink-interface-for-registerin.patch %if 0%{?fedora} < 41 # Work-around for dracut issue: run generators directly when we are in initrd From 1ae0516ae7111cab8415408a79f8691b7d5b6675 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 12 Jun 2024 00:08:45 +0200 Subject: [PATCH 131/327] Version 256 - Only minor changes since -rc4. - Hardward db is updated. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 2f0f391..bc2cd5b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256-rc4.tar.gz) = 0233c4d6c99027192312b38fff66258860570d3b09324c2748767b318697958383ecf5133bd187d52778671c286afd41eb7c83e755dffd4c12e46b16fc3f0d0d +SHA512 (systemd-256.tar.gz) = cfb2bff8d9937245e65581253bba9278533b76ae0f0275fdad59471d8c6089bba2bcd3f0655b34f4b8d7d82fa037c4e6fe18c2227e9f93d62494a2a6cb2db4ec diff --git a/systemd.spec b/systemd.spec index ff4ea6c..11121b4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -40,7 +40,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256~rc4} +Version: %{?version_override}%{!?version_override:256} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From ebf352d292924fd989d81e8ca572a70cffeb1b4e Mon Sep 17 00:00:00 2001 From: U2FsdGVkX1 Date: Sat, 15 Jun 2024 22:56:39 -0400 Subject: [PATCH 132/327] disable auto-features when bootstrapping --- systemd.spec | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/systemd.spec b/systemd.spec index 11121b4..7098829 100644 --- a/systemd.spec +++ b/systemd.spec @@ -32,6 +32,13 @@ # Build from git main %bcond upstream 0 +# When bootstrap, libcryptsetup is disabled +# but auto-features causes many options to be turned on +# that depend on libcryptsetup (e.g. libcryptsetup-plugins, homed) +%if %{with bootstrap} +%global __meson_auto_features disabled +%endif + # Override %%autorelease. This is ugly, but rpmautospec doesn't implement # autorelease correctly if the macro is conditionalized in the Release field. %{?release_override:%global autorelease %{release_override}%{?dist}} @@ -695,6 +702,7 @@ CONFIGURE_OPTS=( -Delfutils=enabled -Dlibcryptsetup=%[%{with bootstrap}?"disabled":"enabled"] -Delfutils=enabled + -Drepart=enabled -Dpwquality=enabled -Dqrencode=%[%{defined rhel}?"disabled":"enabled"] -Dgnutls=%[%{with gnutls}?"enabled":"disabled"] From 4a29ab3f3be4f20ac0b8248ab44b4c4d0bb5225b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 18 Jun 2024 21:00:59 +0200 Subject: [PATCH 133/327] Version 256.1 --- sources | 2 +- systemd.spec | 10 +++------- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/sources b/sources index bc2cd5b..6ceb957 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256.tar.gz) = cfb2bff8d9937245e65581253bba9278533b76ae0f0275fdad59471d8c6089bba2bcd3f0655b34f4b8d7d82fa037c4e6fe18c2227e9f93d62494a2a6cb2db4ec +SHA512 (systemd-256.1.tar.gz) = 5441f634f43b726c13fe57d1ba0030f1b91427d7c2d4f4f32e4add8ff93aeb5139e9337422653df3b897c241e0a8760dafcd441dc622d1e2c1230bbe27dd1a1c diff --git a/systemd.spec b/systemd.spec index 7098829..d33d46b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256} +Version: %{?version_override}%{!?version_override:256.1} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -58,14 +58,10 @@ Summary: System and Service Manager # download tarballs with "spectool -g systemd.spec" %if %{defined commit} -Source0: https://github.com/systemd/systemd%[%stable?"-stable":""]/archive/%{commit}/%{name}-%{shortcommit}.tar.gz -%else -%if 0%{?stable} -Source0: https://github.com/systemd/systemd-stable/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz +Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{shortcommit}.tar.gz %else Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %endif -%endif # This file must be available before %%prep. # It is generated during systemd build and can be found in build/src/core/. Source1: triggers.systemd @@ -661,7 +657,7 @@ other libraries from systemd-libs. This package conflicts with the main systemd package and is meant for use in exitrds. %prep -%autosetup -n %{?commit:%{name}%[%stable?"-stable":""]-%{commit}}%{!?commit:%{name}%[%stable?"-stable":""]-%{version_no_tilde}} -p1 +%autosetup -n %{?commit:%{name}-%{commit}}%{!?commit:%{name}-%{version_no_tilde}} -p1 %build %global ntpvendor %(source /etc/os-release; echo ${ID}) From b3e1d52cb4f69520fa5d2679d68549b7c24ecbca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 18 Jun 2024 20:34:21 +0200 Subject: [PATCH 134/327] Soft-disable tmpfiles --purge until a good use case comes up --- ...-tmpfiles-make-purge-hard-to-mis-use.patch | 63 +++++++++++++++++++ systemd.spec | 2 + 2 files changed, 65 insertions(+) create mode 100644 0001-tmpfiles-make-purge-hard-to-mis-use.patch diff --git a/0001-tmpfiles-make-purge-hard-to-mis-use.patch b/0001-tmpfiles-make-purge-hard-to-mis-use.patch new file mode 100644 index 0000000..87b5fa5 --- /dev/null +++ b/0001-tmpfiles-make-purge-hard-to-mis-use.patch @@ -0,0 +1,63 @@ +From f62d1f6ea55fc0dcccbe60582804c9b033f8ad0e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 18 Jun 2024 20:32:10 +0200 +Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use + +Follow-up for https://github.com/systemd/systemd/pull/33383. +--- + src/tmpfiles/tmpfiles.c | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c +index 5841db293e..9b0f744ba9 100644 +--- a/src/tmpfiles/tmpfiles.c ++++ b/src/tmpfiles/tmpfiles.c +@@ -4195,6 +4195,7 @@ static int parse_argv(int argc, char *argv[]) { + ARG_IMAGE_POLICY, + ARG_REPLACE, + ARG_DRY_RUN, ++ ARG_DESTROY_DATA, + ARG_NO_PAGER, + }; + +@@ -4218,10 +4219,18 @@ static int parse_argv(int argc, char *argv[]) { + { "replace", required_argument, NULL, ARG_REPLACE }, + { "dry-run", no_argument, NULL, ARG_DRY_RUN }, + { "no-pager", no_argument, NULL, ARG_NO_PAGER }, ++ ++ /* This is not documented on purpose. ++ * If you think --purge should be allowed without jumping through hoops, ++ * consider opening a bug report with the description of the use case. ++ */ ++ { "destroy-data", no_argument, NULL, ARG_DESTROY_DATA }, ++ + {} + }; + + int c, r; ++ bool destroy_data = false; + + assert(argc >= 0); + assert(argv); +@@ -4328,6 +4337,10 @@ static int parse_argv(int argc, char *argv[]) { + arg_dry_run = true; + break; + ++ case ARG_DESTROY_DATA: ++ destroy_data = true; ++ break; ++ + case ARG_NO_PAGER: + arg_pager_flags |= PAGER_DISABLE; + break; +@@ -4347,6 +4360,10 @@ static int parse_argv(int argc, char *argv[]) { + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Refusing --purge without specification of a configuration file."); + ++ if (FLAGS_SET(arg_operation, OPERATION_PURGE) && !arg_dry_run && !destroy_data) ++ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), ++ "Refusing --purge without --destroy-data."); ++ + if (arg_replace && arg_cat_flags != CAT_CONFIG_OFF) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Option --replace= is not supported with --cat-config/--tldr."); diff --git a/systemd.spec b/systemd.spec index d33d46b..1fdfc20 100644 --- a/systemd.spec +++ b/systemd.spec @@ -125,6 +125,8 @@ Patch0490: use-bfq-scheduler.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch +# Soft-disable tmpfiles --purge until a good use case comes up. +Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch %endif # Adjust upstream config to use our shared stack From a76669ee222fc4374f14f7e2a6e9a28c5ad87c0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 18 Jun 2024 20:36:14 +0200 Subject: [PATCH 135/327] Remove tmpfiles snippet for /home and /srv --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index 1fdfc20..eb527cc 100644 --- a/systemd.spec +++ b/systemd.spec @@ -937,6 +937,10 @@ mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ rm %{buildroot}/usr/lib/sysusers.d/basic.conf %endif +# /home and /srv are created by filesystem. +# Remove our config to avoid confusion where those are defined. +rm %{buildroot}/usr/lib/tmpfiles.d/home.conf + %find_lang %{name} # Split files in build root into rpms From 8153d9b0f978d633c8422011d4c547ae1f0e51a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 25 Jun 2024 10:29:02 +0200 Subject: [PATCH 136/327] Revert "Remove tmpfiles snippet for /home and /srv" This reverts commit a76669ee222fc4374f14f7e2a6e9a28c5ad87c0e. People create /usr-only images by making an installation and only picking up /usr from it. In that case, the snippet is needed to re-recreate /home on the rootfs. --- systemd.spec | 4 ---- 1 file changed, 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index eb527cc..1fdfc20 100644 --- a/systemd.spec +++ b/systemd.spec @@ -937,10 +937,6 @@ mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ rm %{buildroot}/usr/lib/sysusers.d/basic.conf %endif -# /home and /srv are created by filesystem. -# Remove our config to avoid confusion where those are defined. -rm %{buildroot}/usr/lib/tmpfiles.d/home.conf - %find_lang %{name} # Split files in build root into rpms From 750e910c7cfdac4d066c74ff00171706702943d2 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 1 Jul 2024 15:18:07 +0200 Subject: [PATCH 137/327] Drop BuildRequires on python3-zstd python3-zstd is only required by ukify and ukify already has a Requires dependency on python3-zstd so let's drop the BuildRequires. --- systemd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 1fdfc20..b5352c4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -212,7 +212,6 @@ BuildRequires: python3dist(pillow) BuildRequires: python3dist(pytest-flakes) %endif BuildRequires: python3dist(pytest) -BuildRequires: python3dist(zstd) %if 0%{?want_bootloader} BuildRequires: python3dist(pyelftools) %endif From 8ae009f929d93ef523242f15baa8e13a1526abeb Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 1 Jul 2024 15:18:47 +0200 Subject: [PATCH 138/327] Only add Requires on python3-zstd on Fedora python3-zstd is not packaged on for CentOS Stream. --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index b5352c4..209c85b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -478,7 +478,9 @@ Requires: %{name} = %{version}-%{release} Requires: systemd-boot Requires: python3dist(pefile) +%if %{undefined rhel} Requires: python3dist(zstd) +%endif Requires: python3dist(cryptography) Recommends: python3dist(pillow) From 9cbad936a67181f5eb6503d8ce081fdaf5adf410 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 2 Jul 2024 13:26:55 +0200 Subject: [PATCH 139/327] Pull in openssl-devel-engine --- systemd.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systemd.spec b/systemd.spec index 209c85b..681c95d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -176,6 +176,9 @@ BuildRequires: libcurl-devel BuildRequires: kmod-devel BuildRequires: elfutils-devel BuildRequires: openssl-devel +%if 0%{?fedora} >= 41 +BuildRequires: openssl-devel-engine +%endif %if %{with gnutls} BuildRequires: gnutls-devel %endif From f9fe17dbdee7242ccd4fd2858128c8952890bdb8 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 2 Jul 2024 13:01:47 +0200 Subject: [PATCH 140/327] Use vmlinux.h from kernel-devel Let's make sure we use the vmlinux.h from kernel-devel or none at all. This makes sure the systemd BPF programs are built against a known version of vmlinux.h and we don't depend on /sys being available to generate vmlinux.h ourselves. Use rpmdev-vercmp to select vmlinux.h from the latest kernel. --- systemd.spec | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/systemd.spec b/systemd.spec index 681c95d..2321d4a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -140,6 +140,7 @@ BuildRequires: gcc BuildRequires: gcc-c++ BuildRequires: clang BuildRequires: coreutils +BuildRequires: rpmdevtools BuildRequires: libcap-devel BuildRequires: libmount-devel BuildRequires: libfdisk-devel @@ -231,6 +232,7 @@ BuildRequires: valgrind-devel %ifnarch %ix86 # bpftool is not built for i368 BuildRequires: bpftool +BuildRequires: kernel-devel %global have_bpf 1 %endif @@ -669,6 +671,28 @@ package and is meant for use in exitrds. %global ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} +VMLINUX_H_PATH='' + +%if 0%{?have_bpf} + +%global find_vmlinux_h %{expand: +import functools, glob, subprocess +def cmp(a, b): + c = subprocess.call(["rpmdev-vercmp", a, b], stdout=subprocess.DEVNULL) + return {0:0, 11:+1, 12:-1}[c] +choices = list(glob.glob("/usr/src/kernels/*/vmlinux.h")) +assert choices +print(max(choices, key=functools.cmp_to_key(cmp))) +} + +# The build fails on ppc64le with +# "GCC error "Must specify a BPF target arch via __TARGET_ARCH_xxx". +# TODO: Remove this when libbpf checks for __powerpc64__ macro. +%ifnarch ppc64le +VMLINUX_H_PATH=$(%python3 -c '%find_vmlinux_h') +%endif +%endif + CONFIGURE_OPTS=( -Dmode=%[%{with upstream}?"developer":"release"] -Dsysvinit-path=/etc/rc.d/init.d @@ -686,6 +710,8 @@ CONFIGURE_OPTS=( -Dima=true -Dselinux=enabled -Dbpf-framework=%[0%{?have_bpf}?"enabled":"disabled"] + -Dvmlinux-h=%[0%{?have_bpf}?"auto":"disabled"] + -Dvmlinux-h-path="$VMLINUX_H_PATH" -Dapparmor=disabled -Dpolkit=enabled -Dxz=%[%{with xz}?"enabled":"disabled"] From 7db154308bafbdf6a0898ce94b19aeff1928ecaa Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 5 Jul 2024 11:09:10 +0200 Subject: [PATCH 141/327] Conditionalize dracut Conflicts more Make sure on centos stream 10 we also conflict with dracut 060-2 and that on centos stream 9 so that the spec can still be used to build systemd rpms for centos stream 9 upstream in systemd CI that can be installed on centos stream 9. (dracut is pulled in as a required dependency of kernel-core so we can't just not install it on centos stream 9 unfortunately). --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 2321d4a..4d7e826 100644 --- a/systemd.spec +++ b/systemd.spec @@ -279,11 +279,11 @@ Conflicts: setup < 2.15.0-3 Conflicts: selinux-policy-any < 41.1 %endif -%if 0%{?fedora} >= 41 +%if 0%{?fedora} >= 41 || 0%{?rhel} >= 10 # Make sure that dracut supports systemd-executor and the renames done for v255, # and dlopen libraries and read-only fs in initrd. Conflicts: dracut < 060-2 -%else +%elif 0%{?fedora} # Make sure that dracut supports systemd-executor and the renames done for v255. Conflicts: dracut < 059-16 %endif From 3f68c5d802f018d7c4e7153757420844249bccab Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 5 Jul 2024 15:26:40 +0200 Subject: [PATCH 142/327] Only exclude dracut conflicts on non-fedora on upstream builds For the CentOS Stream Hyperscale SIG we backport a newer version of dracut and still want the Conflicts to apply so let's conditionalize the check on the %upstream macro since we only need it for upstream builds anyway. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 4d7e826..a24a611 100644 --- a/systemd.spec +++ b/systemd.spec @@ -283,7 +283,7 @@ Conflicts: selinux-policy-any < 41.1 # Make sure that dracut supports systemd-executor and the renames done for v255, # and dlopen libraries and read-only fs in initrd. Conflicts: dracut < 060-2 -%elif 0%{?fedora} +%elif 0%{?fedora} || %{without upstream} # Make sure that dracut supports systemd-executor and the renames done for v255. Conflicts: dracut < 059-16 %endif From c96f54de2262ae36d579f8383c0a7ebc9f397be5 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Fri, 5 Jul 2024 18:00:39 -0400 Subject: [PATCH 143/327] Fix ELN build ELN, following rawhide, now also splits out the openssl-devel-engine headers in preparation for their eventual removal. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index a24a611..a1ae692 100644 --- a/systemd.spec +++ b/systemd.spec @@ -177,7 +177,7 @@ BuildRequires: libcurl-devel BuildRequires: kmod-devel BuildRequires: elfutils-devel BuildRequires: openssl-devel -%if 0%{?fedora} >= 41 +%if 0%{?fedora} >= 41 || 0%{?rhel} >= 11 BuildRequires: openssl-devel-engine %endif %if %{with gnutls} From 0319e62d9c1d0d121a9c1f1c4a946ef3c28df767 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Fri, 5 Jul 2024 18:56:02 -0400 Subject: [PATCH 144/327] Update dracut workaround Fedora 40 and RHEL 10 both now have dracut 101. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index a1ae692..0dc781e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -112,7 +112,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Reverts https://github.com/systemd/systemd/commit/5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. Patch0001: 0001-Revert-machined-add-varlink-interface-for-registerin.patch -%if 0%{?fedora} < 41 +%if ! (0%{?fedora} >= 40 || 0%{?rhel} >= 10) # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 # Drop when dracut-060 is available. From 1cc4f8300258a4c68c4036d08d53fd907d444e34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 3 Jul 2024 17:36:55 +0200 Subject: [PATCH 145/327] Link systemd-executor statically --- ...n-rename-libbasic-to-libbasic_static.patch | 176 ++++++++++++++++++ ...ystemd-core-via-an-intermediate-stat.patch | 59 ++++++ ...-to-build-systemd-executor-staticall.patch | 97 ++++++++++ systemd.spec | 5 + 4 files changed, 337 insertions(+) create mode 100644 0001-meson-rename-libbasic-to-libbasic_static.patch create mode 100644 0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch create mode 100644 0003-meson-add-option-to-build-systemd-executor-staticall.patch diff --git a/0001-meson-rename-libbasic-to-libbasic_static.patch b/0001-meson-rename-libbasic-to-libbasic_static.patch new file mode 100644 index 0000000..b1fdd9e --- /dev/null +++ b/0001-meson-rename-libbasic-to-libbasic_static.patch @@ -0,0 +1,176 @@ +From d5534ba7444f7733b55e56284eb27d16dc6a267d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 3 Jul 2024 16:51:05 +0200 +Subject: [PATCH 1/3] meson: rename libbasic to libbasic_static + +Our variables for internal libraries are named 'libfoo' for the shared lib +variant, and 'libfoo_static' for the static lib variant. The only exception was +libbasic, because we didn't have a shared variant for it. But let's rename it +for consitency. This makes the build config easier to understand. + +(cherry picked from commit 732ed8a84e8b264fccd3f5c0fc68ec2894b6d8ea) +--- + meson.build | 4 ++-- + src/basic/meson.build | 2 +- + src/libsystemd/meson.build | 2 +- + src/partition/meson.build | 2 +- + src/shared/meson.build | 2 +- + src/shutdown/meson.build | 2 +- + src/sysusers/meson.build | 2 +- + src/test/meson.build | 8 ++++---- + src/tmpfiles/meson.build | 2 +- + 9 files changed, 13 insertions(+), 13 deletions(-) + +diff --git a/meson.build b/meson.build +index e42151998b..18115cad5e 100644 +--- a/meson.build ++++ b/meson.build +@@ -2078,7 +2078,7 @@ libsystemd = shared_library( + # Make sure our library is never deleted from memory, so that our open logging fds don't leak on dlopen/dlclose cycles. + '-z', 'nodelete', + '-Wl,--version-script=' + libsystemd_sym_path], +- link_with : [libbasic], ++ link_with : [libbasic_static], + link_whole : [libsystemd_static], + dependencies : [librt, + threads, +@@ -2243,7 +2243,7 @@ nss_template = { + 'link_with' : [ + libsystemd_static, + libshared_static, +- libbasic, ++ libbasic_static, + ], + 'dependencies' : [ + librt, +diff --git a/src/basic/meson.build b/src/basic/meson.build +index 9a214575a5..b538775576 100644 +--- a/src/basic/meson.build ++++ b/src/basic/meson.build +@@ -274,7 +274,7 @@ filesystem_switch_case_h = custom_target( + + basic_sources += [filesystem_list_h, filesystem_switch_case_h, filesystems_gperf_h] + +-libbasic = static_library( ++libbasic_static = static_library( + 'basic', + basic_sources, + fundamental_sources, +diff --git a/src/libsystemd/meson.build b/src/libsystemd/meson.build +index 6d4337d1a7..243549299f 100644 +--- a/src/libsystemd/meson.build ++++ b/src/libsystemd/meson.build +@@ -118,7 +118,7 @@ libsystemd_static = static_library( + libsystemd_sources, + include_directories : libsystemd_includes, + c_args : libsystemd_c_args, +- link_with : [libbasic], ++ link_with : [libbasic_static], + dependencies : [threads, + librt, + userspace], +diff --git a/src/partition/meson.build b/src/partition/meson.build +index 52e1368116..2cfe43e029 100644 +--- a/src/partition/meson.build ++++ b/src/partition/meson.build +@@ -32,7 +32,7 @@ executables += [ + 'sources' : files('repart.c'), + 'c_args' : '-DSTANDALONE', + 'link_with' : [ +- libbasic, ++ libbasic_static, + libshared_fdisk, + libshared_static, + libsystemd_static, +diff --git a/src/shared/meson.build b/src/shared/meson.build +index c5106d87d5..e513c0ec1c 100644 +--- a/src/shared/meson.build ++++ b/src/shared/meson.build +@@ -358,7 +358,7 @@ libshared = shared_library( + '-Wl,--version-script=' + libshared_sym_path], + link_depends : libshared_sym_path, + link_whole : [libshared_static, +- libbasic, ++ libbasic_static, + libsystemd_static], + dependencies : [libshared_deps, + userspace], +diff --git a/src/shutdown/meson.build b/src/shutdown/meson.build +index 219f9fd308..9bc60f83e5 100644 +--- a/src/shutdown/meson.build ++++ b/src/shutdown/meson.build +@@ -20,7 +20,7 @@ executables += [ + 'sources' : systemd_shutdown_sources, + 'c_args' : '-DSTANDALONE', + 'link_with' : [ +- libbasic, ++ libbasic_static, + libshared_static, + libsystemd_static, + ], +diff --git a/src/sysusers/meson.build b/src/sysusers/meson.build +index 0f9c067d50..403d82a340 100644 +--- a/src/sysusers/meson.build ++++ b/src/sysusers/meson.build +@@ -14,7 +14,7 @@ executables += [ + 'sources' : files('sysusers.c'), + 'c_args' : '-DSTANDALONE', + 'link_with' : [ +- libbasic, ++ libbasic_static, + libshared_static, + libsystemd_static, + ], +diff --git a/src/test/meson.build b/src/test/meson.build +index 3abbb94d9f..9d3c7d675f 100644 +--- a/src/test/meson.build ++++ b/src/test/meson.build +@@ -274,7 +274,7 @@ executables += [ + # only static linking apart from libdl, to make sure that the + # module is linked to all libraries that it uses. + 'sources' : files('test-dlopen.c'), +- 'link_with' : libbasic, ++ 'link_with' : libbasic_static, + 'dependencies' : libdl, + 'install' : false, + 'type' : 'manual', +@@ -410,7 +410,7 @@ executables += [ + }, + test_template + { + 'sources' : files('test-sizeof.c'), +- 'link_with' : libbasic, ++ 'link_with' : libbasic_static, + }, + test_template + { + 'sources' : files('test-time-util.c'), +@@ -590,7 +590,7 @@ executables += [ + test_template + { + 'sources' : files('../libsystemd/sd-device/test-sd-device-thread.c'), + 'link_with' : [ +- libbasic, ++ libbasic_static, + libsystemd, + ], + 'dependencies' : threads, +@@ -598,7 +598,7 @@ executables += [ + test_template + { + 'sources' : files('../libudev/test-udev-device-thread.c'), + 'link_with' : [ +- libbasic, ++ libbasic_static, + libudev, + ], + 'dependencies' : threads, +diff --git a/src/tmpfiles/meson.build b/src/tmpfiles/meson.build +index 2e918509a7..09ad839586 100644 +--- a/src/tmpfiles/meson.build ++++ b/src/tmpfiles/meson.build +@@ -20,7 +20,7 @@ executables += [ + 'sources' : systemd_tmpfiles_sources, + 'c_args' : '-DSTANDALONE', + 'link_with' : [ +- libbasic, ++ libbasic_static, + libshared_static, + libsystemd_static, + ], diff --git a/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch b/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch new file mode 100644 index 0000000..1d27b04 --- /dev/null +++ b/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch @@ -0,0 +1,59 @@ +From 63178ad7e51dae8730158573318388ea8c3e488e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 3 Jul 2024 17:03:26 +0200 +Subject: [PATCH 2/3] meson: build libsystemd-core via an intermediate static + library + +By itself, this is not useful. I'm making this a separate commit to +make debugging easier. It turns out that meson does static libraries +using references, so the "static library" a tiny stub stub that refers +to the object files on disk and this has negligible cost: +$ ls -lhd build/src/core/libsystemd-core-257.{a,so} +-rw-r--r-- 1 zbyszek zbyszek 36K Jul 3 16:54 build/src/core/libsystemd-core-257.a +-rwxr-xr-x 1 zbyszek zbyszek 6.1M Jul 3 16:54 build/src/core/libsystemd-core-257.so + +(cherry picked from commit d0689ee5fbfafa736e6eca89bc80cb2d372f2229) +--- + src/core/meson.build | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/src/core/meson.build b/src/core/meson.build +index 7a2012a372..1ef31cc529 100644 +--- a/src/core/meson.build ++++ b/src/core/meson.build +@@ -110,17 +110,13 @@ load_fragment_gperf_nulstr_c = custom_target( + + libcore_name = 'systemd-core-@0@'.format(shared_lib_tag) + +-libcore = shared_library( ++libcore_static = static_library( + libcore_name, + libcore_sources, + load_fragment_gperf_c, + load_fragment_gperf_nulstr_c, + include_directories : includes, + c_args : ['-fvisibility=default'], +- link_args : ['-shared', +- '-Wl,--version-script=' + libshared_sym_path], +- link_depends : libshared_sym_path, +- link_with : libshared, + dependencies : [libacl, + libapparmor, + libaudit, +@@ -135,6 +131,16 @@ libcore = shared_library( + libselinux, + threads, + userspace], ++ build_by_default : false) ++ ++libcore = shared_library( ++ libcore_name, ++ c_args : ['-fvisibility=default'], ++ link_args : ['-shared', ++ '-Wl,--version-script=' + libshared_sym_path], ++ link_depends : libshared_sym_path, ++ link_whole: libcore_static, ++ link_with : libshared, + install : true, + install_dir : pkglibdir) + diff --git a/0003-meson-add-option-to-build-systemd-executor-staticall.patch b/0003-meson-add-option-to-build-systemd-executor-staticall.patch new file mode 100644 index 0000000..f942c59 --- /dev/null +++ b/0003-meson-add-option-to-build-systemd-executor-staticall.patch @@ -0,0 +1,97 @@ +From 66df80d8c37dce4b597dfa26e1050856a610cf7f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 3 Jul 2024 17:05:31 +0200 +Subject: [PATCH 3/3] meson: add option to build systemd-executor "statically" + +The new link-executor-shared option is similar to the existing +link-udev-shared: when set to false, we link to the static versions of our +internal libraries. + +The resulting exuctor binary is fairly large, about as large as libsystemd-core +(14 MB without lto, 8 with lto). + +This is intended as a workaround for the fuckup with the pinned executor +binary: +when an upgrade is performed, the package manager will install new version of +the libraries and new version of the code, and some time later reexecute the +managers. This creates a window when the pinned executor binary will fail to +execute. There are two factors which make the issue easier to hit: + +- when the distribution uses a finely-grained shared-lib-tag. E.g. Fedora + uses version-release as the tag, which means that the issue occurs on + every package upgrade. This is the right thing to do, because the + ABI of our internal libraries is not stable at all, so replacing the + library from a different version in place creates a window where our + programs may crash or misbehave. + +- when the distribution doesn't immediately reexec all the managers after + upgrade. In early versions of systemd, we used to hammer the machine during + upgrade, doing daemon-reexecs repeatedly. This works, but is ugly and + wasteful. Doing the reexecs while the upgrade is in progres also creates a + window where a mix of old and new configs or both is loaded. Users are + particularly annoyed by those reloads if there is some issue in the + configuration causing us to emit warnings on every reexec. Doing the + reexecs once after the new configuration and libraries have been put + in place is nicer. + +The pinning of the executor binary breaks upgrades and in particular +it penalizes the distributions which make use of the features which +were previously added to avoid bugs and inefficiency during upgrades. + +When the executor is linked statically, there is a smaller chance that it'll +fail to load libraries. The issue can still occur because other libraries, not +our own, are linked dynamically. + +(cherry picked from commit d59cae6cebd0fc25a16a020bd28e5303901f1b19) +--- + meson_options.txt | 2 ++ + src/core/meson.build | 16 ++++++++++++---- + 2 files changed, 14 insertions(+), 4 deletions(-) + +diff --git a/meson_options.txt b/meson_options.txt +index d52ca4e4b5..3cce818392 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -21,6 +21,8 @@ option('rootprefix', type : 'string', deprecated: true, + description : '''This option is deprecated and will be removed in a future release''') + option('link-udev-shared', type : 'boolean', + description : 'link systemd-udevd and its helpers to libsystemd-shared.so') ++option('link-executor-shared', type : 'boolean', ++ description : 'link systemd-executor to libsystemd-shared.so and libsystemd-core.so') + option('link-systemctl-shared', type: 'boolean', + description : 'link systemctl against libsystemd-shared.so') + option('link-networkd-shared', type: 'boolean', +diff --git a/src/core/meson.build b/src/core/meson.build +index 1ef31cc529..dbeb752977 100644 +--- a/src/core/meson.build ++++ b/src/core/meson.build +@@ -156,6 +156,17 @@ systemd_executor_sources = files( + 'exec-invoke.c', + ) + ++executor_libs = get_option('link-executor-shared') ? \ ++ [ ++ libcore, ++ libshared, ++ ] : [ ++ libcore_static, ++ libshared_static, ++ libbasic_static, ++ libsystemd_static, ++ ] ++ + executables += [ + libexec_template + { + 'name' : 'systemd', +@@ -173,10 +184,7 @@ executables += [ + 'public' : true, + 'sources' : systemd_executor_sources, + 'include_directories' : core_includes, +- 'link_with' : [ +- libcore, +- libshared, +- ], ++ 'link_with' : executor_libs, + 'dependencies' : [ + libapparmor, + libpam, diff --git a/systemd.spec b/systemd.spec index 0dc781e..2aba928 100644 --- a/systemd.spec +++ b/systemd.spec @@ -119,6 +119,10 @@ Patch0001: 0001-Revert-machined-add-varlink-interface-for-registerin.patch Patch0010: https://github.com/systemd/systemd/pull/26494.patch %endif +Patch0020: 0001-meson-rename-libbasic-to-libbasic_static.patch +Patch0021: 0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch +Patch0022: 0003-meson-add-option-to-build-systemd-executor-staticall.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0490: use-bfq-scheduler.patch @@ -761,6 +765,7 @@ CONFIGURE_OPTS=( -Dversion-tag=%{version}%[%{without upstream}?"-%{release}":""] # https://bugzilla.redhat.com/show_bug.cgi?id=1906010 -Dshared-lib-tag=%{version_no_tilde}%[%{without upstream}?"-%{release}":""] + -Dlink-executor-shared=false -Dfallback-hostname="localhost" -Ddefault-dnssec=no -Ddefault-dns-over-tls=no From 8881fa94ee53587426d8c7ea8acbea015cac01d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 8 Jul 2024 15:36:28 +0200 Subject: [PATCH 146/327] Version 256.2 - A bunch of various small fixes --- 0001-meson-rename-libbasic-to-libbasic_static.patch | 8 ++++---- ...n-build-libsystemd-core-via-an-intermediate-stat.patch | 2 +- ...n-add-option-to-build-systemd-executor-staticall.patch | 6 +++--- sources | 2 +- systemd.spec | 2 +- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/0001-meson-rename-libbasic-to-libbasic_static.patch b/0001-meson-rename-libbasic-to-libbasic_static.patch index b1fdd9e..8059d87 100644 --- a/0001-meson-rename-libbasic-to-libbasic_static.patch +++ b/0001-meson-rename-libbasic-to-libbasic_static.patch @@ -1,4 +1,4 @@ -From d5534ba7444f7733b55e56284eb27d16dc6a267d Mon Sep 17 00:00:00 2001 +From 8954e7ccc1f2005df221f50882f3253518c63159 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 3 Jul 2024 16:51:05 +0200 Subject: [PATCH 1/3] meson: rename libbasic to libbasic_static @@ -22,10 +22,10 @@ for consitency. This makes the build config easier to understand. 9 files changed, 13 insertions(+), 13 deletions(-) diff --git a/meson.build b/meson.build -index e42151998b..18115cad5e 100644 +index b1a110cbfc..58748a37a3 100644 --- a/meson.build +++ b/meson.build -@@ -2078,7 +2078,7 @@ libsystemd = shared_library( +@@ -2089,7 +2089,7 @@ libsystemd = shared_library( # Make sure our library is never deleted from memory, so that our open logging fds don't leak on dlopen/dlclose cycles. '-z', 'nodelete', '-Wl,--version-script=' + libsystemd_sym_path], @@ -34,7 +34,7 @@ index e42151998b..18115cad5e 100644 link_whole : [libsystemd_static], dependencies : [librt, threads, -@@ -2243,7 +2243,7 @@ nss_template = { +@@ -2254,7 +2254,7 @@ nss_template = { 'link_with' : [ libsystemd_static, libshared_static, diff --git a/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch b/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch index 1d27b04..c7423e9 100644 --- a/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch +++ b/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch @@ -1,4 +1,4 @@ -From 63178ad7e51dae8730158573318388ea8c3e488e Mon Sep 17 00:00:00 2001 +From 3b101982011d787c05d7708740e6eada560c62cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 3 Jul 2024 17:03:26 +0200 Subject: [PATCH 2/3] meson: build libsystemd-core via an intermediate static diff --git a/0003-meson-add-option-to-build-systemd-executor-staticall.patch b/0003-meson-add-option-to-build-systemd-executor-staticall.patch index f942c59..73a12b2 100644 --- a/0003-meson-add-option-to-build-systemd-executor-staticall.patch +++ b/0003-meson-add-option-to-build-systemd-executor-staticall.patch @@ -1,4 +1,4 @@ -From 66df80d8c37dce4b597dfa26e1050856a610cf7f Mon Sep 17 00:00:00 2001 +From 254338a838354d9d3e43efa14190ca1203ef3afe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 3 Jul 2024 17:05:31 +0200 Subject: [PATCH 3/3] meson: add option to build systemd-executor "statically" @@ -49,11 +49,11 @@ our own, are linked dynamically. 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/meson_options.txt b/meson_options.txt -index d52ca4e4b5..3cce818392 100644 +index 667340ca59..909e2d53e8 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -21,6 +21,8 @@ option('rootprefix', type : 'string', deprecated: true, - description : '''This option is deprecated and will be removed in a future release''') + description : 'This option is deprecated and will be removed in a future release') option('link-udev-shared', type : 'boolean', description : 'link systemd-udevd and its helpers to libsystemd-shared.so') +option('link-executor-shared', type : 'boolean', diff --git a/sources b/sources index 6ceb957..2e30e2f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256.1.tar.gz) = 5441f634f43b726c13fe57d1ba0030f1b91427d7c2d4f4f32e4add8ff93aeb5139e9337422653df3b897c241e0a8760dafcd441dc622d1e2c1230bbe27dd1a1c +SHA512 (systemd-256.2.tar.gz) = 10da82ee58d3608c41cb0204fdf0227af965b13b8f3716e4f5dea994c236c08a5e31f09ba0d3774cea20a365e1d959c8c865fdeacc82400da55e94ad800e75ba diff --git a/systemd.spec b/systemd.spec index 2aba928..47691ff 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256.1} +Version: %{?version_override}%{!?version_override:256.2} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From d569018a92da3fe91f3f604a93f444751f0e4a50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 9 Jul 2024 12:40:39 +0200 Subject: [PATCH 147/327] Rebuilt for the bin-sbin merge https://fedoraproject.org/wiki/Changes/Unify_bin_and_sbin From 980ede8c0f65965b272872001de5f85e9d741623 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 11 Jul 2024 13:05:04 +0200 Subject: [PATCH 148/327] Drop machined revert The selinux-policy was fixed (https://bugzilla.redhat.com/show_bug.cgi?id=2279923) so let's drop the revert. The minimum version for the selinux-policy Conflicts is updated to make sure it is installed. --- ...add-varlink-interface-for-registerin.patch | 217 ------------------ systemd.spec | 8 +- 2 files changed, 1 insertion(+), 224 deletions(-) delete mode 100644 0001-Revert-machined-add-varlink-interface-for-registerin.patch diff --git a/0001-Revert-machined-add-varlink-interface-for-registerin.patch b/0001-Revert-machined-add-varlink-interface-for-registerin.patch deleted file mode 100644 index 01946d6..0000000 --- a/0001-Revert-machined-add-varlink-interface-for-registerin.patch +++ /dev/null @@ -1,217 +0,0 @@ -From c93a24119977a11791aab0f3df5e5cb9973a34de Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sat, 11 May 2024 13:27:12 +0200 -Subject: [PATCH] Revert "machined: add varlink interface for registering - machines" - -This reverts commit 5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. ---- - man/systemd-machined.service.xml | 6 +-- - src/machine/machine-varlink.h | 6 --- - src/machine/machined-varlink.c | 62 ++----------------------- - src/machine/machined.c | 5 +- - src/machine/machined.h | 3 +- - src/machine/meson.build | 1 - - src/shared/meson.build | 1 - - src/shared/varlink-io.systemd.Machine.h | 6 --- - 8 files changed, 8 insertions(+), 82 deletions(-) - delete mode 100644 src/machine/machine-varlink.h - delete mode 100644 src/shared/varlink-io.systemd.Machine.h - -diff --git a/man/systemd-machined.service.xml b/man/systemd-machined.service.xml -index b2899ff0fd..f3d7755973 100644 ---- a/man/systemd-machined.service.xml -+++ b/man/systemd-machined.service.xml -@@ -100,12 +100,10 @@ - - The daemon provides both a C library interface - (which is shared with systemd-logind.service8) -- as well as a D-Bus interface and a Varlink interface. -+ as well as a D-Bus interface. - The library interface may be used to introspect and watch the state of virtual machines/containers. - The bus interface provides the same but in addition may also be used to register or terminate -- machines. The Varlink interface may be used to register machines with optional extensions, e.g. with an -- SSH key / address; it can be queried with -- varlinkctl introspect /run/systemd/machine/io.systemd.Machine io.systemd.Machine. -+ machines. - For more information please consult - sd-login3 - and -diff --git a/src/machine/machine-varlink.h b/src/machine/machine-varlink.h -deleted file mode 100644 -index ce4ec54dc1..0000000000 ---- a/src/machine/machine-varlink.h -+++ /dev/null -@@ -1,6 +0,0 @@ --/* SPDX-License-Identifier: LGPL-2.1-or-later */ --#pragma once -- --#include "varlink.h" -- --int vl_method_register(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata); -diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c -index 0d3ae627c1..6ca98e27cf 100644 ---- a/src/machine/machined-varlink.c -+++ b/src/machine/machined-varlink.c -@@ -1,12 +1,10 @@ - /* SPDX-License-Identifier: LGPL-2.1-or-later */ - - #include "format-util.h" --#include "machine-varlink.h" - #include "machined-varlink.h" - #include "mkdir.h" - #include "user-util.h" - #include "varlink.h" --#include "varlink-io.systemd.Machine.h" - #include "varlink-io.systemd.UserDatabase.h" - - typedef struct LookupParameters { -@@ -380,13 +378,13 @@ static int vl_method_get_memberships(Varlink *link, JsonVariant *parameters, Var - return varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL); - } - --static int manager_varlink_init_userdb(Manager *m) { -+int manager_varlink_init(Manager *m) { - _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; - int r; - - assert(m); - -- if (m->varlink_userdb_server) -+ if (m->varlink_server) - return 0; - - r = varlink_server_new(&s, VARLINK_SERVER_ACCOUNT_UID|VARLINK_SERVER_INHERIT_USERDATA); -@@ -417,64 +415,12 @@ static int manager_varlink_init_userdb(Manager *m) { - if (r < 0) - return log_error_errno(r, "Failed to attach varlink connection to event loop: %m"); - -- m->varlink_userdb_server = TAKE_PTR(s); -- return 0; --} -- --static int manager_varlink_init_machine(Manager *m) { -- _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; -- int r; -- -- assert(m); -- -- if (m->varlink_machine_server) -- return 0; -- -- r = varlink_server_new(&s, VARLINK_SERVER_ROOT_ONLY|VARLINK_SERVER_INHERIT_USERDATA); -- if (r < 0) -- return log_error_errno(r, "Failed to allocate varlink server object: %m"); -- -- varlink_server_set_userdata(s, m); -- -- r = varlink_server_add_interface(s, &vl_interface_io_systemd_Machine); -- if (r < 0) -- return log_error_errno(r, "Failed to add UserDatabase interface to varlink server: %m"); -- -- r = varlink_server_bind_method(s, "io.systemd.Machine.Register", vl_method_register); -- if (r < 0) -- return log_error_errno(r, "Failed to register varlink methods: %m"); -- -- (void) mkdir_p("/run/systemd/machine", 0755); -- -- r = varlink_server_listen_address(s, "/run/systemd/machine/io.systemd.Machine", 0666); -- if (r < 0) -- return log_error_errno(r, "Failed to bind to varlink socket: %m"); -- -- r = varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); -- if (r < 0) -- return log_error_errno(r, "Failed to attach varlink connection to event loop: %m"); -- -- m->varlink_machine_server = TAKE_PTR(s); -- return 0; --} -- --int manager_varlink_init(Manager *m) { -- int r; -- -- r = manager_varlink_init_userdb(m); -- if (r < 0) -- return r; -- -- r = manager_varlink_init_machine(m); -- if (r < 0) -- return r; -- -+ m->varlink_server = TAKE_PTR(s); - return 0; - } - - void manager_varlink_done(Manager *m) { - assert(m); - -- m->varlink_userdb_server = varlink_server_unref(m->varlink_userdb_server); -- m->varlink_machine_server = varlink_server_unref(m->varlink_machine_server); -+ m->varlink_server = varlink_server_unref(m->varlink_server); - } -diff --git a/src/machine/machined.c b/src/machine/machined.c -index d7087e4672..2638ed572e 100644 ---- a/src/machine/machined.c -+++ b/src/machine/machined.c -@@ -316,10 +316,7 @@ static bool check_idle(void *userdata) { - if (m->operations) - return false; - -- if (varlink_server_current_connections(m->varlink_userdb_server) > 0) -- return false; -- -- if (varlink_server_current_connections(m->varlink_machine_server) > 0) -+ if (varlink_server_current_connections(m->varlink_server) > 0) - return false; - - manager_gc(m, true); -diff --git a/src/machine/machined.h b/src/machine/machined.h -index 67abed0fd6..280c32bab6 100644 ---- a/src/machine/machined.h -+++ b/src/machine/machined.h -@@ -40,8 +40,7 @@ struct Manager { - sd_event_source *nscd_cache_flush_event; - #endif - -- VarlinkServer *varlink_userdb_server; -- VarlinkServer *varlink_machine_server; -+ VarlinkServer *varlink_server; - }; - - int manager_add_machine(Manager *m, const char *name, Machine **_machine); -diff --git a/src/machine/meson.build b/src/machine/meson.build -index 3150b33de5..c82a32589d 100644 ---- a/src/machine/meson.build -+++ b/src/machine/meson.build -@@ -3,7 +3,6 @@ - libmachine_core_sources = files( - 'image-dbus.c', - 'machine-dbus.c', -- 'machine-varlink.c', - 'machine.c', - 'machined-core.c', - 'machined-dbus.c', -diff --git a/src/shared/meson.build b/src/shared/meson.build -index d01367a159..17313aefed 100644 ---- a/src/shared/meson.build -+++ b/src/shared/meson.build -@@ -180,7 +180,6 @@ shared_sources = files( - 'varlink-io.systemd.Credentials.c', - 'varlink-io.systemd.Hostname.c', - 'varlink-io.systemd.Journal.c', -- 'varlink-io.systemd.Machine.c', - 'varlink-io.systemd.ManagedOOM.c', - 'varlink-io.systemd.MountFileSystem.c', - 'varlink-io.systemd.NamespaceResource.c', -diff --git a/src/shared/varlink-io.systemd.Machine.h b/src/shared/varlink-io.systemd.Machine.h -deleted file mode 100644 -index c9fc85f150..0000000000 ---- a/src/shared/varlink-io.systemd.Machine.h -+++ /dev/null -@@ -1,6 +0,0 @@ --/* SPDX-License-Identifier: LGPL-2.1-or-later */ --#pragma once -- --#include "varlink-idl.h" -- --extern const VarlinkInterface vl_interface_io_systemd_Machine; diff --git a/systemd.spec b/systemd.spec index 47691ff..a5a8ce7 100644 --- a/systemd.spec +++ b/systemd.spec @@ -106,12 +106,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # applying upstream pull requests. %if %{without upstream} -# Drop varlink method call until selinux policy is updated, -# see https://bodhi.fedoraproject.org/updates/FEDORA-2024-d5c99f5063, -# https://bugzilla.redhat.com/show_bug.cgi?id=2279923. -# Reverts https://github.com/systemd/systemd/commit/5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. -Patch0001: 0001-Revert-machined-add-varlink-interface-for-registerin.patch - %if ! (0%{?fedora} >= 40 || 0%{?rhel} >= 10) # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 @@ -280,7 +274,7 @@ Conflicts: fedora-release < 23-0.12 BuildRequires: setup >= 2.15.0-3 BuildRequires: python3 Conflicts: setup < 2.15.0-3 -Conflicts: selinux-policy-any < 41.1 +Conflicts: selinux-policy-any < 41.3 %endif %if 0%{?fedora} >= 41 || 0%{?rhel} >= 10 From a3524fc837f5e7b68f86b3e0a9d470a94a04c4c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 14 Jul 2024 11:28:29 +0200 Subject: [PATCH 149/327] Use a more precise Recommends for libkxbcommon The old one was the first one added, and referred to the package. The later ones refer to the soname. Let's convert that one to that too. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index a5a8ce7..a43c783 100644 --- a/systemd.spec +++ b/systemd.spec @@ -254,7 +254,6 @@ Requires: %{name}-libs%{_isa} = %{version}-%{release} %{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} Recommends: diffutils Requires: (util-linux-core or util-linux) -Recommends: libxkbcommon%{_isa} Provides: /bin/systemctl Provides: /sbin/shutdown Provides: syslog @@ -309,6 +308,7 @@ Provides: /usr/sbin/telinit %endif # Recommends to replace normal Requires deps for stuff that is dlopen()ed +Recommends: libxkbcommon.so.0%{?elf_suffix} Recommends: libidn2.so.0%{?elf_suffix} Recommends: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} Recommends: libpcre2-8.so.0%{?elf_suffix} From b7800e3e6629b14ae91743915d23c8681754f350 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 15 Jul 2024 11:33:37 +0200 Subject: [PATCH 150/327] Drop versions from Conflicts for standalone packages Because the conflicts are in one direction, dnf may try to install older systemd/systemd-duev and newer systemd-standalone-*. This is not what we want: $ sudo dnf5 install systemd-standalone-repart Updating and loading repositories: Repositories loaded. Package Arch Version Repository Size Downgrading: systemd x86_64 255.4-1.fc40 fedora 14.6 MiB replacing systemd x86_64 256.2-1.fc40 @commandline 16.8 MiB systemd-container x86_64 255.4-1.fc40 fedora 1.4 MiB replacing systemd-container x86_64 256.2-1.fc40 @commandline 1.5 MiB systemd-devel x86_64 255.4-1.fc40 fedora 550.3 KiB replacing systemd-devel x86_64 256.2-1.fc40 @commandline 556.1 KiB systemd-libs x86_64 255.4-1.fc40 fedora 1.9 MiB replacing systemd-libs x86_64 256.2-1.fc40 @commandline 2.0 MiB systemd-networkd x86_64 255.4-1.fc40 fedora 2.0 MiB replacing systemd-networkd x86_64 256.2-1.fc40 @commandline 2.1 MiB systemd-oomd-defaults noarch 255.4-1.fc40 fedora 187.0 B replacing systemd-oomd-defaults noarch 256.2-1.fc40 @commandline 187.0 B systemd-pam x86_64 255.4-1.fc40 fedora 1.0 MiB replacing systemd-pam x86_64 256.2-1.fc40 @commandline 1.1 MiB systemd-resolved x86_64 255.4-1.fc40 fedora 629.9 KiB replacing systemd-resolved x86_64 256.2-1.fc40 @commandline 667.1 KiB systemd-rpm-macros noarch 255.4-1.fc40 fedora 9.5 KiB replacing systemd-rpm-macros noarch 256.2-1.fc40 @commandline 9.3 KiB systemd-tests x86_64 255.4-1.fc40 fedora 16.5 MiB replacing systemd-tests x86_64 256.2-1.fc40 @commandline 20.0 MiB systemd-udev x86_64 255.4-1.fc40 fedora 11.5 MiB replacing systemd-udev x86_64 256.2-1.fc40 @commandline 11.7 MiB systemd-ukify noarch 255.4-1.fc40 fedora 69.9 KiB replacing systemd-ukify noarch 256.2-1.fc40 @commandline 73.3 KiB Installing: systemd-standalone-repart x86_64 255.8-1.fc40 updates 986.6 KiB Transaction Summary: Installing: 1 packages Replacing: 12 packages Downgrading: 12 packages Also, declare the Conflicts on both sides, so that the issue is resolved immediately. Otherwise, it could still occur when an older version of the non-standalone packages are available (or installed). --- systemd.spec | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index a43c783..44a0f16 100644 --- a/systemd.spec +++ b/systemd.spec @@ -287,11 +287,11 @@ Conflicts: dracut < 059-16 Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 -Conflicts: %{name}-standalone-tmpfiles < %{version}-%{release}^ +Conflicts: %{name}-standalone-tmpfiles Provides: %{name}-tmpfiles = %{version}-%{release} -Conflicts: %{name}-standalone-sysusers < %{version}-%{release}^ +Conflicts: %{name}-standalone-sysusers Provides: %{name}-sysusers = %{version}-%{release} -Conflicts: %{name}-standalone-shutdown < %{version}-%{release}^ +Conflicts: %{name}-standalone-shutdown Provides: %{name}-shutdown = %{version}-%{release} %if "%{_sbindir}" == "%{_bindir}" @@ -454,7 +454,7 @@ Obsoletes: u2f-hidraw-policy < 1.0.2-40 # self-obsoletes to install both packages after split of systemd-boot Obsoletes: systemd-udev < 252.2^ -Conflicts: %{name}-standalone-repart < %{version}-%{release}^ +Conflicts: %{name}-standalone-repart Provides: %{name}-repart = %{version}-%{release} %if "%{_sbindir}" == "%{_bindir}" @@ -625,6 +625,7 @@ useful to test systemd internals. %package standalone-repart Summary: Standalone systemd-repart binary for use on systems without systemd Provides: %{name}-repart = %{version}-%{release} +Conflicts: %{name}-udev RemovePathPostfixes: .standalone %description standalone-repart @@ -635,6 +636,7 @@ package and is meant for use on systems without systemd. %package standalone-tmpfiles Summary: Standalone systemd-tmpfiles binary for use on systems without systemd Provides: %{name}-tmpfiles = %{version}-%{release} +Conflicts: %{name} RemovePathPostfixes: .standalone %description standalone-tmpfiles @@ -645,6 +647,7 @@ package and is meant for use on systems without systemd. %package standalone-sysusers Summary: Standalone systemd-sysusers binary for use on systems without systemd Provides: %{name}-sysusers = %{version}-%{release} +Conflicts: %{name} RemovePathPostfixes: .standalone %description standalone-sysusers @@ -655,6 +658,7 @@ package and is meant for use on systems without systemd. %package standalone-shutdown Summary: Standalone systemd-shutdown binary for use on systems without systemd Provides: %{name}-shutdown = %{version}-%{release} +Conflicts: %{name} RemovePathPostfixes: .standalone %description standalone-shutdown From 3889da947eefa17777535e7f6b29e61776b2896c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 15 Jul 2024 11:56:59 +0200 Subject: [PATCH 151/327] In standalone subpackages, suggest coreutils-single In a minimal installation, we pull in coreutils via dependencies. coreutils-single is much smaller, so bias the resolved towards that. $ sudo dnf5 install --releasever=rawhide --installroot=/var/tmp/inst1 --use-host-config \ /var/lib/mock/fedora-rawhide-x86_64/result/systemd-standalone-{repart,shutdown,sysusers,tmpfiles}-256.2-5*rpm After this operation 57 MiB will be used (install 57 MiB, remove 0 B). $ sudo dnf5 install --releasever=rawhide --installroot=/var/tmp/inst1 --use-host-config \ /var/lib/mock/fedora-rawhide-x86_64/result/systemd-standalone-{repart,shutdown,sysusers,tmpfiles}-256.2-6*rpm After this operation 41 MiB will be used (install 41 MiB, remove 0 B). --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index 44a0f16..8ce14eb 100644 --- a/systemd.spec +++ b/systemd.spec @@ -626,6 +626,7 @@ useful to test systemd internals. Summary: Standalone systemd-repart binary for use on systems without systemd Provides: %{name}-repart = %{version}-%{release} Conflicts: %{name}-udev +Suggests: coreutils-single RemovePathPostfixes: .standalone %description standalone-repart @@ -637,6 +638,7 @@ package and is meant for use on systems without systemd. Summary: Standalone systemd-tmpfiles binary for use on systems without systemd Provides: %{name}-tmpfiles = %{version}-%{release} Conflicts: %{name} +Suggests: coreutils-single RemovePathPostfixes: .standalone %description standalone-tmpfiles @@ -648,6 +650,7 @@ package and is meant for use on systems without systemd. Summary: Standalone systemd-sysusers binary for use on systems without systemd Provides: %{name}-sysusers = %{version}-%{release} Conflicts: %{name} +Suggests: coreutils-single RemovePathPostfixes: .standalone %description standalone-sysusers @@ -659,6 +662,7 @@ package and is meant for use on systems without systemd. Summary: Standalone systemd-shutdown binary for use on systems without systemd Provides: %{name}-shutdown = %{version}-%{release} Conflicts: %{name} +Suggests: coreutils-single RemovePathPostfixes: .standalone %description standalone-shutdown From cb9d631ca058450733fb5eea60a866a85b968c34 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 16 Jul 2024 18:17:54 +0200 Subject: [PATCH 152/327] Update PR patch metadata The PR was recently rebased so let's include the newest patch metadata in the repo. --- 30846.patch | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/30846.patch b/30846.patch index f135830..ca9cffb 100644 --- a/30846.patch +++ b/30846.patch @@ -1,4 +1,4 @@ -From ca1344d04a9c1804234417dcfbd868524abc7ce6 Mon Sep 17 00:00:00 2001 +From 9e3d6b193d79ce447cd329617ada941f331570a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 9 Jan 2024 11:28:04 +0100 Subject: [PATCH] journal: again create user journals for users with high uids @@ -43,7 +43,7 @@ Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843. 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/basic/uid-classification.c b/src/basic/uid-classification.c -index e2d2cebc6d..2c8b06c0d3 100644 +index e2d2cebc6de27..2c8b06c0d3088 100644 --- a/src/basic/uid-classification.c +++ b/src/basic/uid-classification.c @@ -127,5 +127,5 @@ bool uid_for_system_journal(uid_t uid) { From 60844538070a76169181dcda4325901439d32b72 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 16 Jul 2024 18:18:36 +0200 Subject: [PATCH 153/327] Add support for building from a specific branch For our nightly systemd build for the CentOS Hyperscale build it would be very useful to download sources straight from git main on github so let's allow defining the "branch" macro to do just that. --- systemd.spec | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 8ce14eb..191a7f6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -57,7 +57,9 @@ License: LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later Summary: System and Service Manager # download tarballs with "spectool -g systemd.spec" -%if %{defined commit} +%if %{defined branch} +Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz +%elif %{defined commit} Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{shortcommit}.tar.gz %else Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz @@ -671,7 +673,13 @@ other libraries from systemd-libs. This package conflicts with the main systemd package and is meant for use in exitrds. %prep -%autosetup -n %{?commit:%{name}-%{commit}}%{!?commit:%{name}-%{version_no_tilde}} -p1 +%if %{defined branch} +%autosetup -n %{name}-%{branch} -p1 +%elif %{defined commit} +%autosetup -n %{name}-%{commit} -p1 +%else +%autosetup -n %{name}-%{version_no_tilde} -p1 +%endif %build %global ntpvendor %(source /etc/os-release; echo ${ID}) From 8d080fb5cbcb2e081dbe5e571506a8540ad1eeb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 17 Jul 2024 11:49:37 +0200 Subject: [PATCH 154/327] Backport udma buffer access patch ... (rhbz#2298422) --- 33738.patch | 37 +++++++++++++++++++++++++++++++++++++ systemd.spec | 3 +++ 2 files changed, 40 insertions(+) create mode 100644 33738.patch diff --git a/33738.patch b/33738.patch new file mode 100644 index 0000000..58ab604 --- /dev/null +++ b/33738.patch @@ -0,0 +1,37 @@ +From 69c5d6bea7cc2168a2a483d232aa9a77202173f0 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Tue, 16 Jul 2024 17:46:09 +0200 +Subject: [PATCH] rules: Add uaccess tag to /dev/udmabuf + +In some cases userspace may need to create dmabuffers from userspace +on such example is the software ISP part of libcamera which needs to +allocate dma-buffers for the output of the software ISP. + +At first the plan was to allow console users access to /dev/dma_heap/*, +this was discussed with various kernel folks here: +https://lore.kernel.org/all/bb372250-e8b8-4458-bc99-dd8365b06991@redhat.com/ + +Giving console users access to the dma_heap's was deemed a bad idea +because memory allocated this way is not accounted in cgroup limits. + +Giving access to /dev/udmabuf OTOH was deemed acceptable so that +is what this patch adds. + +Resolves: #32662 +--- + rules.d/70-uaccess.rules.in | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/rules.d/70-uaccess.rules.in b/rules.d/70-uaccess.rules.in +index b82ce04a39d38..e683bb1114461 100644 +--- a/rules.d/70-uaccess.rules.in ++++ b/rules.d/70-uaccess.rules.in +@@ -34,6 +34,8 @@ SUBSYSTEM=="sound", TAG+="uaccess", \ + SUBSYSTEM=="video4linux", TAG+="uaccess" + SUBSYSTEM=="dvb", TAG+="uaccess" + SUBSYSTEM=="media", TAG+="uaccess" ++# libcamera software ISP used with some cams requires udmabuf access ++KERNEL=="udmabuf", TAG+="uaccess" + + # industrial cameras, some webcams, camcorders, set-top boxes, TV sets, audio devices, and more + SUBSYSTEM=="firewire", TEST=="units", ENV{IEEE1394_UNIT_FUNCTION_MIDI}=="1", TAG+="uaccess" diff --git a/systemd.spec b/systemd.spec index 191a7f6..2cda531 100644 --- a/systemd.spec +++ b/systemd.spec @@ -115,6 +115,9 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ Patch0010: https://github.com/systemd/systemd/pull/26494.patch %endif +# Requested in https://bugzilla.redhat.com/show_bug.cgi?id=2298422 +Patch0011: https://github.com/systemd/systemd/pull/33738.patch + Patch0020: 0001-meson-rename-libbasic-to-libbasic_static.patch Patch0021: 0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch Patch0022: 0003-meson-add-option-to-build-systemd-executor-staticall.patch From c5d3af1638de70a3cd7b39cd812cff5c7a5d5441 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 16 Jul 2024 21:04:26 +0200 Subject: [PATCH 155/327] Add build dependency on rsync on CentOS Stream 9 meson on CentOS Stream 9 is too old to properly handle symlinks when installing test data so the systemd meson build script uses rsync instead. Let's add the requisite build requires to make that work. --- systemd.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systemd.spec b/systemd.spec index 2cda531..73a6d69 100644 --- a/systemd.spec +++ b/systemd.spec @@ -231,6 +231,9 @@ BuildRequires: gettext %ifarch %{valgrind_arches} BuildRequires: valgrind-devel %endif +%if %{defined rhel} && 0%{?rhel} < 10 +BuildRequires: rsync +%endif %ifnarch %ix86 # bpftool is not built for i368 From 79828f2753fa8e9f297cdb86795bac449ae2e463 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 18 Jul 2024 10:12:15 +0200 Subject: [PATCH 156/327] spec: use "positive" conditions in conditionals I think it's easier to read this way. [skip changelog] --- systemd.spec | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/systemd.spec b/systemd.spec index 73a6d69..b436ad8 100644 --- a/systemd.spec +++ b/systemd.spec @@ -108,7 +108,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # applying upstream pull requests. %if %{without upstream} -%if ! (0%{?fedora} >= 40 || 0%{?rhel} >= 10) +%if 0%{?fedora} < 40 && 0%{?rhel} < 10 # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 # Drop when dracut-060 is available. @@ -186,7 +186,7 @@ BuildRequires: openssl-devel-engine %if %{with gnutls} BuildRequires: gnutls-devel %endif -%if %{undefined rhel} +%if 0%{?fedora} BuildRequires: qrencode-devel %endif BuildRequires: libmicrohttpd-devel @@ -214,7 +214,7 @@ BuildRequires: python3-devel BuildRequires: python3dist(jinja2) BuildRequires: python3dist(lxml) BuildRequires: python3dist(pefile) -%if %{undefined rhel} +%if 0%{?fedora} BuildRequires: python3dist(pillow) BuildRequires: python3dist(pytest-flakes) %endif @@ -322,7 +322,7 @@ Recommends: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} Recommends: libpcre2-8.so.0%{?elf_suffix} Recommends: libpwquality.so.1%{?elf_suffix} Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits} -%if %{undefined rhel} +%if 0%{?fedora} Recommends: libqrencode.so.4%{?elf_suffix} %endif Recommends: libbpf.so.1%{?elf_suffix} @@ -489,7 +489,7 @@ Requires: %{name} = %{version}-%{release} Requires: systemd-boot Requires: python3dist(pefile) -%if %{undefined rhel} +%if 0%{?fedora} Requires: python3dist(zstd) %endif Requires: python3dist(cryptography) From 9378a0733a1a01eebe73067fd70f0823b475c392 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 19 Jul 2024 11:52:58 +0200 Subject: [PATCH 157/327] Deal with systemd-timesyncd backport in EPEL --- systemd.spec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/systemd.spec b/systemd.spec index b436ad8..7cafd60 100644 --- a/systemd.spec +++ b/systemd.spec @@ -426,6 +426,13 @@ Provides: udev%{_isa} = %{version} Obsoletes: udev < 183 Requires: (grubby > 8.40-72 if grubby) Requires: (sdubby > 1.0-3 if sdubby) +# A backport of systemd-timesyncd is shipped as a separate package in EPEL so +# let's make sure we properly handle that. +%if 0%{?rhel} +Conflicts: systemd-timesyncd < %{version}-%{release} +Obsoletes: systemd-timesyncd < %{version}-%{release} +Provides: systemd-timesyncd = %{version}-%{release} +%endif # Libkmod is used to load modules. Assume that if we need udevd, we certainly # want to load modules, so make this into a hard dependency here. From 12d1f050295e2e88235a5478b07eebdbda461ae3 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 19 Jul 2024 16:31:45 +0200 Subject: [PATCH 158/327] Don't claim /sbin/installkernel if building for CentOS Stream 9 CentOS Stream 9 has older grubby that still claims /sbin/installkernel for itself so let's not install the symlink in that case. --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index b436ad8..4c2542d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -972,7 +972,9 @@ install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24} # https://bugzilla.redhat.com/show_bug.cgi?id=2107754 install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25} +%if 0%{?fedora} || 0%{?rhel} >= 10 ln -s --relative %{buildroot}%{_bindir}/kernel-install %{buildroot}%{_sbindir}/installkernel +%endif %if "%{_sbindir}" == "%{_bindir}" # Systemd has the split-sbin option which is also used to select the directory From a8c5c736f65445cc3fd4c190b13f3481b3933796 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 19 Jul 2024 16:24:45 +0200 Subject: [PATCH 159/327] Only apply shorter shutdown timer changes on Fedora We had a *lot* of breakage caused by this change internally so let's make the spec a little more conservative by only applying the shorter shutdown timer for Fedora builds. --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index ca12e4e..8547d82 100644 --- a/systemd.spec +++ b/systemd.spec @@ -797,9 +797,11 @@ CONFIGURE_OPTS=( -Ddefault-llmnr=resolve # https://bugzilla.redhat.com/show_bug.cgi?id=2028169 -Dstatus-unit-format-default=combined +%if 0%{?fedora} # https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer -Ddefault-timeout-sec=45 -Ddefault-user-timeout-sec=45 +%endif -Dconfigfiledir=/usr/lib -Doomd=true @@ -959,9 +961,11 @@ install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/ %{SOURCE13} install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14} install -Dm0644 -t %{buildroot}%{system_unit_dir}/system.slice.d/ %{SOURCE15} install -Dm0644 -t %{buildroot}%{user_unit_dir}/slice.d/ %{SOURCE15} +%if 0%{?fedora} # https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer install -Dm0644 -t %{buildroot}%{system_unit_dir}/service.d/ %{SOURCE16} install -Dm0644 10-timeout-abort.conf.user %{buildroot}%{user_unit_dir}/service.d/10-timeout-abort.conf +%endif # https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount install -Dm0644 -t %{buildroot}%{_prefix}/lib/sysctl.d/ %{SOURCE17} From 5b4a5461d6af7017b9b8d5ae91159998085d37b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 19 Jul 2024 16:56:23 +0200 Subject: [PATCH 160/327] Fix changelog rpmautospec doesn't like the merge: "unresolvable merge". To avoid the issue, re-add the changelog file. Also, let's drop the stuff that is only specific to EPEL, since this branch is primarily for rawhide. --- changelog | 604 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 604 insertions(+) diff --git a/changelog b/changelog index d19adec..fb6584d 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,607 @@ +* Wed Jul 17 2024 Zbigniew Jędrzejewski-Szmek - 256.2-9 +- Backport udma buffer access patch (rhbz#2298422) + +* Tue Jul 16 2024 Daan De Meyer - 256.2-8 +- Add support for building from a specific branch + +* Tue Jul 16 2024 Daan De Meyer - 256.2-7 +- Update PR patch metadata + +* Mon Jul 15 2024 Zbigniew Jędrzejewski-Szmek - 256.2-6 +- In standalone subpackages, suggest coreutils-single + +* Mon Jul 15 2024 Zbigniew Jędrzejewski-Szmek - 256.2-5 +- Drop versions from Conflicts for standalone packages + +* Sun Jul 14 2024 Zbigniew Jędrzejewski-Szmek - 256.2-4 +- Use a more precise Recommends for libkxbcommon + +* Thu Jul 11 2024 Daan De Meyer - 256.2-3 +- Drop machined revert + +* Tue Jul 09 2024 Zbigniew Jędrzejewski-Szmek - 256.2-2 +- Rebuilt for the bin-sbin merge + +* Mon Jul 08 2024 Zbigniew Jędrzejewski-Szmek - 256.2-1 +- Version 256.2 +- A bunch of various small fixes + +* Mon Jul 08 2024 Zbigniew Jędrzejewski-Szmek - 256.1-13 +- Link systemd-executor statically + +* Fri Jul 05 2024 Yaakov Selkowitz - 256.1-12 +- Update dracut workaround + +* Fri Jul 05 2024 Yaakov Selkowitz - 256.1-11 +- Fix ELN build + +* Fri Jul 05 2024 Daan De Meyer - 256.1-10 +- Only exclude dracut conflicts on non-fedora on upstream builds + +* Fri Jul 05 2024 Daan De Meyer - 256.1-9 +- Conditionalize dracut Conflicts more + +* Tue Jul 02 2024 Daan De Meyer - 256.1-8 +- Use vmlinux.h from kernel-devel + +* Tue Jul 02 2024 Zbigniew Jędrzejewski-Szmek - 256.1-7 +- Pull in openssl-devel-engine + +* Mon Jul 01 2024 Daan De Meyer - 256.1-6 +- Only add Requires on python3-zstd on Fedora + +* Mon Jul 01 2024 Daan De Meyer - 256.1-5 +- Drop BuildRequires on python3-zstd + +* Tue Jun 25 2024 Zbigniew Jędrzejewski-Szmek - 256.1-4 +- Revert "Remove tmpfiles snippet for /home and /srv" + +* Tue Jun 18 2024 Zbigniew Jędrzejewski-Szmek - 256.1-3 +- Remove tmpfiles snippet for /home and /srv + +* Tue Jun 18 2024 Zbigniew Jędrzejewski-Szmek - 256.1-2 +- Soft-disable tmpfiles --purge until a good use case comes up + +* Tue Jun 18 2024 Zbigniew Jędrzejewski-Szmek - 256.1-1 +- Version 256.1 + +* Sun Jun 16 2024 U2FsdGVkX1 - 256-2 +- disable auto-features when bootstrapping + +* Tue Jun 11 2024 Zbigniew Jędrzejewski-Szmek - 256-1 +- Version 256 +- Only minor changes since -rc4. +- Hardward db is updated. + +* Fri Jun 07 2024 Zbigniew Jędrzejewski-Szmek - 256~rc4-2 +- Restore patch to drop varlink method call + +* Thu Jun 06 2024 Zbigniew Jędrzejewski-Szmek - 256~rc4-1 +- Version 256~rc4 + +* Thu Jun 06 2024 Zbigniew Jędrzejewski-Szmek - 256~rc3-6 +- Drop sysusers.d/basic.conf +- We rely on setup to provide all necessary groups. + +* Sun Jun 02 2024 Adam Williamson - 256~rc3-4 +- Partially backport PR #33016 to fix crashes in KDE 6.3.0 + +* Wed May 29 2024 Zbigniew Jędrzejewski-Szmek - 256~rc3-2 +- Add patch to work-around libbpf bug (rhbz#2280935) + +* Thu May 23 2024 Zbigniew Jędrzejewski-Szmek - 256~rc3-1 +- Version 256~rc3 + +* Wed May 15 2024 Zbigniew Jędrzejewski-Szmek - 256~rc2-6 +- Version 256~rc2 +- Various small changes all over +- A fix for rhbz#2273069 + +* Mon May 13 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1^20240509git1781de1-4 +- Make %%release_override overridable from outside + +* Sat May 11 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1^20240509git1781de1-2 +- Temporarily drop call to varlink method to avoid SELinux denial + +* Thu May 09 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1^20240509git1781de1-1 +- Version 256-rc1^20240509git +- There were some fixes merged upstream, so let's try again before v256-rc2 + is released. + +* Thu May 02 2024 Jan Macku - 256~rc1-6 +- spec: `systemd-ukify` should depend on `systemd-boot` + +* Sat Apr 27 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1-4 +- Add additional daemon-reexec for upgrades from old systemd versions + +* Sat Apr 27 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1-3 +- Drop trigger scriptlets for upgrades from systemd < 247 + +* Sat Apr 27 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1-2 +- Add Recommends for dlopen libraries + +* Fri Apr 26 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1-1 +- Version 256~rc1 +- See https://raw.githubusercontent.com/systemd/systemd/v256-rc1/NEWS. Too + many changes to list or discuss here. + +* Wed Apr 24 2024 Zbigniew Jędrzejewski-Szmek - 255.5-3 +- Reexec systemd in %%postun + (https://github.com/systemd/systemd/issues/5096) +- The workaround dbus issues in upgrades from systemd-239 is dropped + +* Wed Apr 24 2024 Zbigniew Jędrzejewski-Szmek - 255.5-2 +- Drop workaround to run generators without sandboxing (requirement on + dracut >= 60 is added) + +* Wed Apr 24 2024 Zbigniew Jędrzejewski-Szmek - 255.5-1 +- Version 255.5 +- Many different small fixes: systemd itself, systemd-networkd, systemd- + journal-remote, compilation fixes for newer kernels and clang, systemd- + homed, systemd-resolved, ukify, systemd-tmpfiles, various other. + +* Wed Apr 10 2024 Zbigniew Jędrzejewski-Szmek - 255.4-16 +- Prepare for bin-sbin merge + +* Wed Mar 27 2024 Zbigniew Jędrzejewski-Szmek - 255.4-13 +- spec: add %%bcond to build without documentation + +* Fri Mar 22 2024 Zbigniew Jędrzejewski-Szmek - 255.4-11 +- Revert "Adjust release tag for riscv64" + +* Fri Mar 22 2024 David Abdurachmanov - 255.4-10 +- Enable bootloader stack for riscv64 + +* Fri Mar 22 2024 Zbigniew Jędrzejewski-Szmek - 255.4-9 +- Adjust release tag for riscv64 + +* Wed Mar 20 2024 David Tardon - 255.4-5 +- Make Requires(*) on systemd versioned + +* Wed Mar 20 2024 Zbigniew Jędrzejewski-Szmek - 255.4-4 +- Add R:systemd-udev to systemd-networkd subpackage (rhbz#2173425) + +* Mon Mar 18 2024 Daan De Meyer - 255.4-3 +- Add psutil dependency to systemd-tests + +* Thu Mar 07 2024 Daan De Meyer - 255.4-2 +- Build in developer mode when building for upstream + +* Fri Mar 01 2024 Zbigniew Jędrzejewski-Szmek - 255.4-1 +- Version 255.4 + +* Wed Feb 21 2024 Daan De Meyer - 255.3-13 +- Allow setting extra configure options using + %%meson_extra_configure_options + +* Wed Feb 21 2024 Daan De Meyer - 255.3-12 +- Apply pam patch when building for upstream + +* Wed Feb 21 2024 Daan De Meyer - 255.3-11 +- Use %%version_override/%%release_override to specify version/release by + users + +* Tue Feb 20 2024 Zbigniew Jędrzejewski-Szmek - 255.3-10 +- Let libkmod be a dlopen'ed dependency + +* Sat Feb 17 2024 Daan De Meyer - 255.3-9 +- Allow overriding the version and release using macros + +* Sat Feb 17 2024 Daan De Meyer - 255.3-8 +- Stop passing %%{release} to meson when building in upstream mode + +* Sat Feb 17 2024 Daan De Meyer - 255.3-7 +- Don't pass b_lto to meson + +* Thu Feb 15 2024 Daan De Meyer - 255.3-6 +- Update usage of meson-vcs-tag.sh to account for upstream changes + +* Sun Feb 11 2024 Daan De Meyer - 255.3-5 +- Replace inplace macro with upstream macro + +* Sun Feb 11 2024 Daan De Meyer - 255.3-4 +- Remove reconfiguration logic + +* Sun Feb 11 2024 Daan De Meyer - 255.3-3 +- Stop depending on filelists + +* Mon Jan 29 2024 Zbigniew Jędrzejewski-Szmek - 255.3-2 +- Conflicts/Provides with systemd-standalone-repart are moved udev + subpackage + +* Thu Jan 25 2024 Zbigniew Jędrzejewski-Szmek - 255.3-1 +- Version 255.3 +- A bunch of various fixes for memory and behaviour, in many different + components (bootctl, systemd, udev, systemd-networkd, systemd-homed, + systemd-logind, systemd-resolve, systemd-repart, systemd-analyze, + systemd-dissect, systemd-boot, pam modules, systemd-storagetm, systemd- + journal-remote, kernel-install) +- Improved detection of virtualization (Google Compute Engine, Apple Virt) +- Updates for shell completions and docs +- An update for hardware database + +* Tue Jan 23 2024 Zbigniew Jędrzejewski-Szmek - 255.2-3 +- Add temporary patch to adjust uid range classification (rhbz#2251843) + +* Tue Jan 09 2024 Zbigniew Jędrzejewski-Szmek - 255.2-1 +- Version 255.2 +- Fixes missing DNSSEC validity check in SOA DNS packets (CVE-2023-7008) +- systemd-resolved and systemd-networkd are restarted after an upgrade. + +* Tue Jan 09 2024 Zbigniew Jędrzejewski-Szmek - 255.1-2 +- Add missing %%postun scriptlets for systemd-{resolved,networkd} + (rhbz#2255718) + +* Sat Dec 16 2023 Zbigniew Jędrzejewski-Szmek - 255.1-1 +- Version 255.1 + +* Wed Dec 13 2023 Zbigniew Jędrzejewski-Szmek - 255-7 +- Do not remove modified config files + +* Fri Dec 08 2023 Zbigniew Jędrzejewski-Szmek - 255-4 +- Add /etc/ssh/sshd_config.d to the file list + +* Fri Dec 08 2023 Zbigniew Jędrzejewski-Szmek - 255-3 +- Move config files to /usr/lib/systemd (e.g. /etc/systemd/system.conf → + /usr/lib/systemd/systemd.conf). Both config file locations were already + supported, and the files installed in /etc/ were "empty" (i.e. they had + only comments and section headers). The move does not change the + configuration, but just makes /etc more empty by default. See + https://github.com/systemd/systemd/commit/6495361c7d for more discussion + and details. + +* Fri Dec 08 2023 Zbigniew Jędrzejewski-Szmek - 255-2 +- Move systemd-bsod is to udev subpackage + +* Wed Dec 06 2023 Zbigniew Jędrzejewski-Szmek - 255-1 +- Version 255 +- Just a few bugfixes since 255-rc4: seccomp filters, logging, + documentation, systemd-repart +- Includes a hardware database update. + +* Sat Dec 02 2023 Zbigniew Jędrzejewski-Szmek - 255~rc4-1 +- Version 255~rc4 + +* Fri Dec 01 2023 Adam Williamson - 255~rc3-4 +- Backport PRs #30170 and #30266 to fix BPF denials (RHBZ #2250930) + +* Wed Nov 29 2023 Adam Williamson - 255~rc3-3 +- Backport #30197 to fix vconsole startup (RHBZ #2251394) + +* Thu Nov 23 2023 Peter Robinson - 255~rc3-2 +- de-dupe LICENSE.LGPL2.1 in licenses + +* Wed Nov 22 2023 Zbigniew Jędrzejewski-Szmek - 255~rc3-1 +- Version 255~rc3 + +* Wed Nov 22 2023 Zbigniew Jędrzejewski-Szmek - 255~rc2-2 +- Add systemd-networkd-defaults subpackage + +* Wed Nov 15 2023 Zbigniew Jędrzejewski-Szmek - 255~rc2-1 +- Version 255~rc2 +- See See https://raw.githubusercontent.com/systemd/systemd/v255-rc2/NEWS + +* Wed Nov 08 2023 Zbigniew Jędrzejewski-Szmek +- Add Conflicts with older dracut which doesn't have required patches + +* Tue Nov 07 2023 Zbigniew Jędrzejewski-Szmek - 255~rc1-3 +- Also build systemd-vmspawn + +* Tue Nov 07 2023 Zbigniew Jędrzejewski-Szmek - 255~rc1-2 +- Move oomd to systemd-udev + +* Tue Nov 07 2023 Zbigniew Jędrzejewski-Szmek - 255~rc1-1 +- Version 255~rc1 +- See https://raw.githubusercontent.com/systemd/systemd/v255-rc1/NEWS +- All the files and services related to pcrs are moved to -udev subpackage. + This includes the new systemd-pcrlock binary. + +* Wed Sep 27 2023 Zbigniew Jędrzejewski-Szmek - 254.5-2 +- Pull in more patches for keyboard layout matching + +* Wed Sep 27 2023 Zbigniew Jędrzejewski-Szmek - 254.5-1 +- Version 254.5 +- Resolves rhbz#29216. + +* Wed Sep 27 2023 Zbigniew Jędrzejewski-Szmek - 254.2-14 +- Pull in patches to add PollLimit setting + +* Wed Sep 27 2023 Zbigniew Jędrzejewski-Szmek - 254.2-13 +- Change versioned Conflicts to rich Requires (rhbz#2240828) + +* Tue Sep 19 2023 Adam Williamson - 254.2-12 +- Backport PR #29215 to improve keyboard layout matching + +* Mon Sep 18 2023 Zbigniew Jędrzejewski-Szmek - 254.2-7 +- Fix creation of installkernel symlink + +* Fri Sep 15 2023 Zbigniew Jędrzejewski-Szmek - 254.2-6 +- Provide /usr/sbin/installkernel (rhbz#2239008). + +* Thu Sep 07 2023 Zbigniew Jędrzejewski-Szmek - 254.2-2 +- Make inter-subpackage dependencies archful + +* Thu Sep 07 2023 Zbigniew Jędrzejewski-Szmek - 254.2-1 +- Version 254.2 +- A bunch of fixes in various areas: manager, coredump, sysupdate, + hibernation, journal. +- Should fix rhbz#2234653. + +* Wed Sep 06 2023 Zbigniew Jędrzejewski-Szmek - 254.1-8 +- Actually reload user managers and backport unit reload macros + +* Sat Sep 02 2023 Daan De Meyer - 254.1-7 +- ukify: Drop obsolete dependency on objcopy + +* Sat Sep 02 2023 Daan De Meyer - 254.1-6 +- Add missing ukify dependency on python-cryptography + +* Sun Aug 20 2023 Yu Watanabe - 254.1-5 +- spec: also explicitly enable/disable ukify support + +* Sun Aug 13 2023 Yu Watanabe - 254.1-4 +- spec: explicitly enable/disable xen support + +* Wed Aug 09 2023 Zbigniew Jędrzejewski-Szmek - 254.1-1 +- Version 254.1 (rhbz#2228089, possibly partial fix for rhbz#2229524) + +* Wed Aug 09 2023 Zbigniew Jędrzejewski-Szmek - 254-5 +- Do daemon-reexec of user managers after package upgrade + +* Mon Aug 07 2023 Daan De Meyer - 254-4 +- Revert "Supress errors on selinux systems" + +* Thu Aug 03 2023 Daan De Meyer - 254-3 +- Add a custom %%clean implementation + +* Thu Aug 03 2023 Daan De Meyer - 254-2 +- Update libbpf soname + +* Fri Jul 28 2023 Zbigniew Jędrzejewski-Szmek - 254-1 +- Version 254 (just a bunch of bugfixes, mostly for unusual architectures, + since rc3) +- rhbz#2226908 +- See https://raw.githubusercontent.com/systemd/systemd/v254-rc1/NEWS for + the full changeset. + +* Mon Jul 24 2023 Zbigniew Jędrzejewski-Szmek - 254~rc3-1 +- Version 254~rc3 +- A bunch of fixes, e.g. rhbz#2223795. Also a bunch of reverts of commits + which were found to cause problems. + +* Sat Jul 22 2023 Fedora Release Engineering - 254~rc2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Mon Jul 17 2023 Zbigniew Jędrzejewski-Szmek - 254~rc2-4 +- Fix scriptlets for various services and remote-cryptsetup.target + (rhbz#2217997) + +* Sun Jul 16 2023 Stewart Smith - 254~rc2-3 +- Convert existing bcond_with[out] to plain bcond + +* Sun Jul 16 2023 Stewart Smith - 254~rc2-2 +- Move gnutls, zlib, bzip2, lz4, xz, and zstd to bconds + +* Sat Jul 15 2023 Zbigniew Jędrzejewski-Szmek - 254~rc2-1 +- Version 254~rc2 +- Various bug fixes, in particular kernel-install should again work without + /proc. + +* Thu Jul 13 2023 Zbigniew Jędrzejewski-Szmek - 254~rc1-1 +- Version 254~rc1 +- Way too many changes to list. See + https://raw.githubusercontent.com/systemd/systemd/v254-rc1/NEWS +- Fix regression in socket activation of services (rhbz#2213660). + +* Mon Jun 26 2023 Yaakov Selkowitz - 253.5-7 +- Use rpm sysuser provide generation on RHEL >= 10 + +* Thu Jun 22 2023 Panu Matilainen - 253.5-6 +- Use rpm's sysuser provide generation on Fedora >= 39 + +* Wed Jun 21 2023 Anita Zhang - 253.5-5 +- fix typos in standalone package provides + +* Mon Jun 05 2023 Yaakov Selkowitz - 253.5-4 +- Avoid pillow and pyflakes in RHEL builds + +* Mon Jun 05 2023 Yaakov Selkowitz - 253.5-3 +- Avoid qrencode dependency in RHEL builds + +* Fri Jun 02 2023 Alessandro Astone - 253.5-2 +- Increase vm.max_map_count + +* Thu Jun 01 2023 Zbigniew Jędrzejewski-Szmek - 253.5-1 +- Version 253.5 + +* Thu May 11 2023 Zbigniew Jędrzejewski-Szmek - 253.4-1 +- Version 253.4 + +* Thu May 11 2023 Michael Catanzaro - 253.2-6 +- Raise ManagedOOMMemoryPressureLimit from 50%% to 80%% + +* Tue May 09 2023 Zbigniew Jędrzejewski-Szmek - 253.2-5 +- Add forgotten Provides and Conflicts for standalones + +* Wed Apr 26 2023 Zbigniew Jędrzejewski-Szmek - 253.2-4 +- sysusers.generate-pre.sh: properly escape quotes in description strings + (rhbz#2104141) + +* Wed Apr 26 2023 Zbigniew Jędrzejewski-Szmek - 253.2-3 +- sysusers.generate-pre.sh: fix indentation in generated scripts + +* Wed Mar 29 2023 Zbigniew Jędrzejewski-Szmek - 253.2-1 +- Version 253.2 + +* Wed Mar 29 2023 Zbigniew Jędrzejewski-Szmek - 253.1-7 +- oomd: stop monitoring user-*.slice slices (rhbz#2177722) + +* Thu Mar 09 2023 Zbigniew Jędrzejewski-Szmek - 253.1-6 +- Move /usr/lib/systemd/boot/ to systemd-boot-unsigned subpackage + +* Fri Mar 03 2023 Zbigniew Jędrzejewski-Szmek - 253.1-2 +- Fix build with gnu-efi-3.0.11-13 + +* Fri Mar 03 2023 Zbigniew Jędrzejewski-Szmek - 253.1-1 +- Version 253.1 +- Fixes rhbz#2148464 + +* Wed Mar 01 2023 Zbigniew Jędrzejewski-Szmek - 253-7 +- Move man pages for sd-boot into systemd-boot-unsigned + +* Wed Feb 22 2023 Zbigniew Jędrzejewski-Szmek - 253-6 +- Set TimeoutStopFailureMode=abort for services (see + https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer) + +* Tue Feb 21 2023 Dusty Mabe - 253-5 +- remove group write permission from 98-default-mac-none.link + +* Tue Feb 21 2023 Dusty Mabe - 253-4 +- fix comment instructions for 98-default-mac-none.link + +* Tue Feb 21 2023 Zbigniew Jędrzejewski-Szmek - 253-3 +- Backport patch for container compatibility (rhbz#2165004) + +* Tue Feb 21 2023 Zbigniew Jędrzejewski-Szmek - 253-2 +- Add workaround patch for dracut generator issue (rhbz#2164404) + +* Mon Feb 20 2023 Zbigniew Jędrzejewski-Szmek - 253-1 +- Version 253 (mostly some documentation fixes since -rc3). + +* Fri Feb 10 2023 Zbigniew Jędrzejewski-Szmek - 253~rc3-1 +- Version 253-rc3 +- A bunch of bugfixes for regressions, some documentation and bug fixes + too. +- Really fix rhbz#2165692 (previous build carried an unapplied patch). + +* Thu Feb 09 2023 Zbigniew Jędrzejewski-Szmek - 253~rc2-7 +- Revert patch switch causes problems for 'systemctl isolate' + (rhbz#2165692) + +* Wed Feb 08 2023 Zbigniew Jędrzejewski-Szmek - 253~rc2-6 +- Disable systemd-boot-update.service in presets + +* Wed Feb 08 2023 Zbigniew Jędrzejewski-Szmek - 253~rc2-4 +- Update License to SPDX + +* Mon Feb 06 2023 Thomas Haller - 253~rc2-3 +- add "98-default-mac-none.link" to keep default MAC address of + bridge/bond/team + +* Thu Feb 02 2023 Michael Catanzaro - 253~rc2-2 +- Shorten shutdown timeout to 45 s + +* Thu Feb 02 2023 Zbigniew Jędrzejewski-Szmek - 253~rc2-1 +- Version 253~rc2 +- Sysusers fixup (rhbz#2156900) + other small changes + +* Thu Feb 02 2023 Yaakov Selkowitz - 253~rc1-5 +- Build with xen only on Fedora + +* Thu Jan 26 2023 Zbigniew Jędrzejewski-Szmek - 253~rc1-3 +- Reenable systemd-journald-audit.socket after upgrades (rhbz#2164594) + +* Wed Jan 25 2023 Zbigniew Jędrzejewski-Szmek - 253~rc1-2 +- Add Requires on Python modules to systemd-ukify and Recommends for + libp11-kit + +* Tue Jan 24 2023 Zbigniew Jędrzejewski-Szmek - 253~rc1-1 +- Version 253~rc1 +- See https://raw.githubusercontent.com/systemd/systemd/v253-rc1/NEWS +- New subpackages: systemd-repart-standalone, systemd-shutdown-standalone, + and systemd-ukify. + +* Sun Jan 22 2023 Zbigniew Jędrzejewski-Szmek - 252.4-4 +- Backport patches to fix issues gcc-13 and -D_FORTIFY_SOURCE=3 + +* Sat Jan 21 2023 Fedora Release Engineering - 252.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Thu Jan 05 2023 Daan De Meyer - 252.4-2 +- Add python3 to BuildRequires + +* Tue Dec 20 2022 Zbigniew Jędrzejewski-Szmek - 252.4-1 +- Version 252.4 +- Fixes a few different issues (systemd-timesyncd connectivity problems, + broken emoji output on the console, crashes in pid1 unit dependency + logic) +- CVE-2022-4415: systemd: coredump not respecting fs.suid_dumpable kernel + setting + +* Sat Dec 17 2022 Zbigniew Jędrzejewski-Szmek - 252.3-4 +- boot: add Provides:systemd-boot(isa) + +* Wed Dec 14 2022 Zbigniew Jędrzejewski-Szmek - 252.3-2 +- Use upstream pam systemd-auth file with a patch, add pam_keyinit + +* Thu Dec 08 2022 Zbigniew Jędrzejewski-Szmek - 252.3-1 +- Version 252.3 (rhbz#2136916, rhbz#2083900) + +* Fri Dec 02 2022 Zbigniew Jędrzejewski-Szmek - 252.2-2 +- Split out systemd-boot-unsigned package + +* Thu Nov 24 2022 Zbigniew Jędrzejewski-Szmek - 252.2-1 +- Version 252.2 +- Latest batch of bugfixes (rhbz#2137631) + +* Thu Nov 24 2022 Martin Osvald - 252.1-3 +- Support user:group notation by sysusers.generate-pre.sh script + +* Tue Nov 08 2022 Zbigniew Jędrzejewski-Szmek - 252.1-1 +- Version 252.1 (just some small fixes). + +* Mon Oct 31 2022 Zbigniew Jędrzejewski-Szmek - 252-1 +- Version 252 + +* Tue Oct 25 2022 Zbigniew Jędrzejewski-Szmek - 252~rc3-1 +- Version 252-rc3 (#2135778) + +* Tue Oct 18 2022 Zbigniew Jędrzejewski-Szmek - 252~rc2-28 +- Version 252-rc2 (#2134741, #2133792) + +* Fri Oct 14 2022 Zbigniew Jędrzejewski-Szmek - 252~rc1-31 +- Fix upgrade detection in %%posttrans scriptlet (rhbz#2115094) + +* Sun Oct 09 2022 Zbigniew Jędrzejewski-Szmek - 252~rc1-30 +- Fix indentation in %%sysusers_create_compat macro (rhbz#2132835) + +* Sun Oct 09 2022 Zbigniew Jędrzejewski-Szmek - 252~rc1-29 +- Correctly move systemd-measure to systemd-udev subpackage + +* Fri Oct 07 2022 Zbigniew Jędrzejewski-Szmek - 252~rc1-28 +- Version 252-rc1 (for details see + https://raw.githubusercontent.com/systemd/systemd/v252-rc1/NEWS) + +* Sat Oct 01 2022 Zbigniew Jędrzejewski-Szmek - 251.5-29 +- Fix permissions on %%ghost files (rhbz#2122889) + +* Sat Oct 01 2022 Zbigniew Jędrzejewski-Szmek - 251.5-28 +- Version 251.5 (rhbz#2129343, rhbz#2121106, rhbz#2130188) + +* Fri Sep 30 2022 Yu Watanabe - 251.4-41 +- Replace patch for test-mountpoint-util + +* Fri Sep 30 2022 Yu Watanabe - 251.4-40 +- patch: fix regression in bfq patch + +* Fri Sep 30 2022 Luca BRUNO - 251.4-39 +- sysusers/generate: bridge 'm' entries to usermod + +* Fri Sep 30 2022 Anita Zhang - 251.4-38 +- Update systemd-oomd defaults to friendlier values +- Remove swap policy. Default amount of swap (8GB?) is a lot lower than + what we use internally with the swap policy. Which frequently leads to + GNOME getting killed (e.g. + https://bugzilla.redhat.com/show_bug.cgi?id=1941170, and other BZs not + linked here). Internally we use 0.5x-1x size of physical memory for swap + via swapfiles (this will be documented in systemd upstream). In simple + cases of using more memory than is available (but without memory + pressure), the Kernel OOM killer can handle killing the offending + process. + +* Thu Sep 29 2022 Zbigniew Jędrzejewski-Szmek - 251.4-37 +- Make systemd-devel conditionally pull in systemd-rpm-macros + * Fri Aug 19 2022 Neal Gompa - 251.4-53 - Set compile-time fallback hostname to "localhost" https://fedoraproject.org/wiki/Changes/FallbackHostname From ef8ddb130b5995ddf21a7d06b5cb723f7bd18909 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 20 Jul 2024 06:58:47 +0000 Subject: [PATCH 161/327] Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild From 00babccdea1576d96edfdb7ab12958564cc4f1b6 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sat, 20 Jul 2024 17:06:40 +0200 Subject: [PATCH 162/327] Simplify BFQ scheduler enablement This doesn't need to be a patch, let's instead install it as part of %install to simplify things a little. --- 60-block-scheduler.rules | 5 +++++ systemd.spec | 9 +++++++-- use-bfq-scheduler.patch | 43 ---------------------------------------- 3 files changed, 12 insertions(+), 45 deletions(-) create mode 100644 60-block-scheduler.rules delete mode 100644 use-bfq-scheduler.patch diff --git a/60-block-scheduler.rules b/60-block-scheduler.rules new file mode 100644 index 0000000..850b645 --- /dev/null +++ b/60-block-scheduler.rules @@ -0,0 +1,5 @@ +# do not edit this file, it will be overwritten on update + +ACTION=="add", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", \ + KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \ + ATTR{queue/scheduler}="bfq" diff --git a/systemd.spec b/systemd.spec index 8547d82..4d80273 100644 --- a/systemd.spec +++ b/systemd.spec @@ -87,6 +87,7 @@ Source14: 10-oomd-defaults.conf Source15: 10-oomd-per-slice-defaults.conf Source16: 10-timeout-abort.conf Source17: 10-map-count.conf +Source18: 60-block-scheduler.rules Source21: macros.sysusers Source22: sysusers.attr @@ -123,8 +124,6 @@ Patch0021: 0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch Patch0022: 0003-meson-add-option-to-build-systemd-executor-staticall.patch # Those are downstream-only patches, but we don't want them in packit builds: -# https://bugzilla.redhat.com/show_bug.cgi?id=1738828 -Patch0490: use-bfq-scheduler.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch @@ -970,6 +969,12 @@ install -Dm0644 10-timeout-abort.conf.user %{buildroot}%{user_unit_dir}/service. # https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount install -Dm0644 -t %{buildroot}%{_prefix}/lib/sysctl.d/ %{SOURCE17} +# As requested in https://bugzilla.redhat.com/show_bug.cgi?id=1738828. +# Test results are that bfq seems to behave better and more consistently on +# typical hardware. The kernel does not have a configuration option to set the +# default scheduler, and it currently needs to be set by userspace. +install -Dm0644 -t %{buildroot}%{_prefix}/lib/udev/rules.d/ %{SOURCE18} + sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/macros.d/ %{SOURCE21} diff --git a/use-bfq-scheduler.patch b/use-bfq-scheduler.patch deleted file mode 100644 index 6ad5e5d..0000000 --- a/use-bfq-scheduler.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 1990fb757f6d275d807fcb48ad09f5fc7c947bc6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 14 Aug 2019 15:57:42 +0200 -Subject: [PATCH] udev: use bfq as the default scheduler - -As requested in https://bugzilla.redhat.com/show_bug.cgi?id=1738828. -Test results are that bfq seems to behave better and more consistently on -typical hardware. The kernel does not have a configuration option to set -the default scheduler, and it currently needs to be set by userspace. - -See the bug for more discussion and links. ---- - rules.d/60-block-scheduler.rules | 5 +++++ - rules.d/meson.build | 1 + - 2 files changed, 6 insertions(+) - create mode 100644 rules.d/60-block-scheduler.rules - -diff --git a/rules.d/60-block-scheduler.rules b/rules.d/60-block-scheduler.rules -new file mode 100644 -index 0000000000..850b64540e ---- /dev/null -+++ b/rules.d/60-block-scheduler.rules -@@ -0,0 +1,5 @@ -+# do not edit this file, it will be overwritten on update -+ -+ACTION=="add", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", \ -+ KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \ -+ ATTR{queue/scheduler}="bfq" -diff --git a/rules.d/meson.build b/rules.d/meson.build -index 20fca222da..94fee9d7c0 100644 ---- a/rules.d/meson.build -+++ b/rules.d/meson.build -@@ -7,6 +7,7 @@ install_data( - rules = [ - [files('60-autosuspend.rules', - '60-block.rules', -+ '60-block-scheduler.rules', - '60-cdrom_id.rules', - '60-dmi-id.rules', - '60-drm.rules', --- -2.41.0 - From 3c3772150d2403f1f7a9c0bb1cda9c1c375c623a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 23 Jul 2024 10:25:28 +0200 Subject: [PATCH 163/327] Version 256.3 - A bunch of fixes for systemd (pid1) - Various upgrades related to running tests in mkosi --- ...n-rename-libbasic-to-libbasic_static.patch | 176 ------------------ ...ystemd-core-via-an-intermediate-stat.patch | 59 ------ ...-to-build-systemd-executor-staticall.patch | 97 ---------- systemd.spec | 6 +- 4 files changed, 1 insertion(+), 337 deletions(-) delete mode 100644 0001-meson-rename-libbasic-to-libbasic_static.patch delete mode 100644 0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch delete mode 100644 0003-meson-add-option-to-build-systemd-executor-staticall.patch diff --git a/0001-meson-rename-libbasic-to-libbasic_static.patch b/0001-meson-rename-libbasic-to-libbasic_static.patch deleted file mode 100644 index 8059d87..0000000 --- a/0001-meson-rename-libbasic-to-libbasic_static.patch +++ /dev/null @@ -1,176 +0,0 @@ -From 8954e7ccc1f2005df221f50882f3253518c63159 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 3 Jul 2024 16:51:05 +0200 -Subject: [PATCH 1/3] meson: rename libbasic to libbasic_static - -Our variables for internal libraries are named 'libfoo' for the shared lib -variant, and 'libfoo_static' for the static lib variant. The only exception was -libbasic, because we didn't have a shared variant for it. But let's rename it -for consitency. This makes the build config easier to understand. - -(cherry picked from commit 732ed8a84e8b264fccd3f5c0fc68ec2894b6d8ea) ---- - meson.build | 4 ++-- - src/basic/meson.build | 2 +- - src/libsystemd/meson.build | 2 +- - src/partition/meson.build | 2 +- - src/shared/meson.build | 2 +- - src/shutdown/meson.build | 2 +- - src/sysusers/meson.build | 2 +- - src/test/meson.build | 8 ++++---- - src/tmpfiles/meson.build | 2 +- - 9 files changed, 13 insertions(+), 13 deletions(-) - -diff --git a/meson.build b/meson.build -index b1a110cbfc..58748a37a3 100644 ---- a/meson.build -+++ b/meson.build -@@ -2089,7 +2089,7 @@ libsystemd = shared_library( - # Make sure our library is never deleted from memory, so that our open logging fds don't leak on dlopen/dlclose cycles. - '-z', 'nodelete', - '-Wl,--version-script=' + libsystemd_sym_path], -- link_with : [libbasic], -+ link_with : [libbasic_static], - link_whole : [libsystemd_static], - dependencies : [librt, - threads, -@@ -2254,7 +2254,7 @@ nss_template = { - 'link_with' : [ - libsystemd_static, - libshared_static, -- libbasic, -+ libbasic_static, - ], - 'dependencies' : [ - librt, -diff --git a/src/basic/meson.build b/src/basic/meson.build -index 9a214575a5..b538775576 100644 ---- a/src/basic/meson.build -+++ b/src/basic/meson.build -@@ -274,7 +274,7 @@ filesystem_switch_case_h = custom_target( - - basic_sources += [filesystem_list_h, filesystem_switch_case_h, filesystems_gperf_h] - --libbasic = static_library( -+libbasic_static = static_library( - 'basic', - basic_sources, - fundamental_sources, -diff --git a/src/libsystemd/meson.build b/src/libsystemd/meson.build -index 6d4337d1a7..243549299f 100644 ---- a/src/libsystemd/meson.build -+++ b/src/libsystemd/meson.build -@@ -118,7 +118,7 @@ libsystemd_static = static_library( - libsystemd_sources, - include_directories : libsystemd_includes, - c_args : libsystemd_c_args, -- link_with : [libbasic], -+ link_with : [libbasic_static], - dependencies : [threads, - librt, - userspace], -diff --git a/src/partition/meson.build b/src/partition/meson.build -index 52e1368116..2cfe43e029 100644 ---- a/src/partition/meson.build -+++ b/src/partition/meson.build -@@ -32,7 +32,7 @@ executables += [ - 'sources' : files('repart.c'), - 'c_args' : '-DSTANDALONE', - 'link_with' : [ -- libbasic, -+ libbasic_static, - libshared_fdisk, - libshared_static, - libsystemd_static, -diff --git a/src/shared/meson.build b/src/shared/meson.build -index c5106d87d5..e513c0ec1c 100644 ---- a/src/shared/meson.build -+++ b/src/shared/meson.build -@@ -358,7 +358,7 @@ libshared = shared_library( - '-Wl,--version-script=' + libshared_sym_path], - link_depends : libshared_sym_path, - link_whole : [libshared_static, -- libbasic, -+ libbasic_static, - libsystemd_static], - dependencies : [libshared_deps, - userspace], -diff --git a/src/shutdown/meson.build b/src/shutdown/meson.build -index 219f9fd308..9bc60f83e5 100644 ---- a/src/shutdown/meson.build -+++ b/src/shutdown/meson.build -@@ -20,7 +20,7 @@ executables += [ - 'sources' : systemd_shutdown_sources, - 'c_args' : '-DSTANDALONE', - 'link_with' : [ -- libbasic, -+ libbasic_static, - libshared_static, - libsystemd_static, - ], -diff --git a/src/sysusers/meson.build b/src/sysusers/meson.build -index 0f9c067d50..403d82a340 100644 ---- a/src/sysusers/meson.build -+++ b/src/sysusers/meson.build -@@ -14,7 +14,7 @@ executables += [ - 'sources' : files('sysusers.c'), - 'c_args' : '-DSTANDALONE', - 'link_with' : [ -- libbasic, -+ libbasic_static, - libshared_static, - libsystemd_static, - ], -diff --git a/src/test/meson.build b/src/test/meson.build -index 3abbb94d9f..9d3c7d675f 100644 ---- a/src/test/meson.build -+++ b/src/test/meson.build -@@ -274,7 +274,7 @@ executables += [ - # only static linking apart from libdl, to make sure that the - # module is linked to all libraries that it uses. - 'sources' : files('test-dlopen.c'), -- 'link_with' : libbasic, -+ 'link_with' : libbasic_static, - 'dependencies' : libdl, - 'install' : false, - 'type' : 'manual', -@@ -410,7 +410,7 @@ executables += [ - }, - test_template + { - 'sources' : files('test-sizeof.c'), -- 'link_with' : libbasic, -+ 'link_with' : libbasic_static, - }, - test_template + { - 'sources' : files('test-time-util.c'), -@@ -590,7 +590,7 @@ executables += [ - test_template + { - 'sources' : files('../libsystemd/sd-device/test-sd-device-thread.c'), - 'link_with' : [ -- libbasic, -+ libbasic_static, - libsystemd, - ], - 'dependencies' : threads, -@@ -598,7 +598,7 @@ executables += [ - test_template + { - 'sources' : files('../libudev/test-udev-device-thread.c'), - 'link_with' : [ -- libbasic, -+ libbasic_static, - libudev, - ], - 'dependencies' : threads, -diff --git a/src/tmpfiles/meson.build b/src/tmpfiles/meson.build -index 2e918509a7..09ad839586 100644 ---- a/src/tmpfiles/meson.build -+++ b/src/tmpfiles/meson.build -@@ -20,7 +20,7 @@ executables += [ - 'sources' : systemd_tmpfiles_sources, - 'c_args' : '-DSTANDALONE', - 'link_with' : [ -- libbasic, -+ libbasic_static, - libshared_static, - libsystemd_static, - ], diff --git a/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch b/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch deleted file mode 100644 index c7423e9..0000000 --- a/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 3b101982011d787c05d7708740e6eada560c62cc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 3 Jul 2024 17:03:26 +0200 -Subject: [PATCH 2/3] meson: build libsystemd-core via an intermediate static - library - -By itself, this is not useful. I'm making this a separate commit to -make debugging easier. It turns out that meson does static libraries -using references, so the "static library" a tiny stub stub that refers -to the object files on disk and this has negligible cost: -$ ls -lhd build/src/core/libsystemd-core-257.{a,so} --rw-r--r-- 1 zbyszek zbyszek 36K Jul 3 16:54 build/src/core/libsystemd-core-257.a --rwxr-xr-x 1 zbyszek zbyszek 6.1M Jul 3 16:54 build/src/core/libsystemd-core-257.so - -(cherry picked from commit d0689ee5fbfafa736e6eca89bc80cb2d372f2229) ---- - src/core/meson.build | 16 +++++++++++----- - 1 file changed, 11 insertions(+), 5 deletions(-) - -diff --git a/src/core/meson.build b/src/core/meson.build -index 7a2012a372..1ef31cc529 100644 ---- a/src/core/meson.build -+++ b/src/core/meson.build -@@ -110,17 +110,13 @@ load_fragment_gperf_nulstr_c = custom_target( - - libcore_name = 'systemd-core-@0@'.format(shared_lib_tag) - --libcore = shared_library( -+libcore_static = static_library( - libcore_name, - libcore_sources, - load_fragment_gperf_c, - load_fragment_gperf_nulstr_c, - include_directories : includes, - c_args : ['-fvisibility=default'], -- link_args : ['-shared', -- '-Wl,--version-script=' + libshared_sym_path], -- link_depends : libshared_sym_path, -- link_with : libshared, - dependencies : [libacl, - libapparmor, - libaudit, -@@ -135,6 +131,16 @@ libcore = shared_library( - libselinux, - threads, - userspace], -+ build_by_default : false) -+ -+libcore = shared_library( -+ libcore_name, -+ c_args : ['-fvisibility=default'], -+ link_args : ['-shared', -+ '-Wl,--version-script=' + libshared_sym_path], -+ link_depends : libshared_sym_path, -+ link_whole: libcore_static, -+ link_with : libshared, - install : true, - install_dir : pkglibdir) - diff --git a/0003-meson-add-option-to-build-systemd-executor-staticall.patch b/0003-meson-add-option-to-build-systemd-executor-staticall.patch deleted file mode 100644 index 73a12b2..0000000 --- a/0003-meson-add-option-to-build-systemd-executor-staticall.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 254338a838354d9d3e43efa14190ca1203ef3afe Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 3 Jul 2024 17:05:31 +0200 -Subject: [PATCH 3/3] meson: add option to build systemd-executor "statically" - -The new link-executor-shared option is similar to the existing -link-udev-shared: when set to false, we link to the static versions of our -internal libraries. - -The resulting exuctor binary is fairly large, about as large as libsystemd-core -(14 MB without lto, 8 with lto). - -This is intended as a workaround for the fuckup with the pinned executor -binary: -when an upgrade is performed, the package manager will install new version of -the libraries and new version of the code, and some time later reexecute the -managers. This creates a window when the pinned executor binary will fail to -execute. There are two factors which make the issue easier to hit: - -- when the distribution uses a finely-grained shared-lib-tag. E.g. Fedora - uses version-release as the tag, which means that the issue occurs on - every package upgrade. This is the right thing to do, because the - ABI of our internal libraries is not stable at all, so replacing the - library from a different version in place creates a window where our - programs may crash or misbehave. - -- when the distribution doesn't immediately reexec all the managers after - upgrade. In early versions of systemd, we used to hammer the machine during - upgrade, doing daemon-reexecs repeatedly. This works, but is ugly and - wasteful. Doing the reexecs while the upgrade is in progres also creates a - window where a mix of old and new configs or both is loaded. Users are - particularly annoyed by those reloads if there is some issue in the - configuration causing us to emit warnings on every reexec. Doing the - reexecs once after the new configuration and libraries have been put - in place is nicer. - -The pinning of the executor binary breaks upgrades and in particular -it penalizes the distributions which make use of the features which -were previously added to avoid bugs and inefficiency during upgrades. - -When the executor is linked statically, there is a smaller chance that it'll -fail to load libraries. The issue can still occur because other libraries, not -our own, are linked dynamically. - -(cherry picked from commit d59cae6cebd0fc25a16a020bd28e5303901f1b19) ---- - meson_options.txt | 2 ++ - src/core/meson.build | 16 ++++++++++++---- - 2 files changed, 14 insertions(+), 4 deletions(-) - -diff --git a/meson_options.txt b/meson_options.txt -index 667340ca59..909e2d53e8 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -21,6 +21,8 @@ option('rootprefix', type : 'string', deprecated: true, - description : 'This option is deprecated and will be removed in a future release') - option('link-udev-shared', type : 'boolean', - description : 'link systemd-udevd and its helpers to libsystemd-shared.so') -+option('link-executor-shared', type : 'boolean', -+ description : 'link systemd-executor to libsystemd-shared.so and libsystemd-core.so') - option('link-systemctl-shared', type: 'boolean', - description : 'link systemctl against libsystemd-shared.so') - option('link-networkd-shared', type: 'boolean', -diff --git a/src/core/meson.build b/src/core/meson.build -index 1ef31cc529..dbeb752977 100644 ---- a/src/core/meson.build -+++ b/src/core/meson.build -@@ -156,6 +156,17 @@ systemd_executor_sources = files( - 'exec-invoke.c', - ) - -+executor_libs = get_option('link-executor-shared') ? \ -+ [ -+ libcore, -+ libshared, -+ ] : [ -+ libcore_static, -+ libshared_static, -+ libbasic_static, -+ libsystemd_static, -+ ] -+ - executables += [ - libexec_template + { - 'name' : 'systemd', -@@ -173,10 +184,7 @@ executables += [ - 'public' : true, - 'sources' : systemd_executor_sources, - 'include_directories' : core_includes, -- 'link_with' : [ -- libcore, -- libshared, -- ], -+ 'link_with' : executor_libs, - 'dependencies' : [ - libapparmor, - libpam, diff --git a/systemd.spec b/systemd.spec index 4d80273..cd4e455 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256.2} +Version: %{?version_override}%{!?version_override:256.3} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -119,10 +119,6 @@ Patch0010: https://github.com/systemd/systemd/pull/26494.patch # Requested in https://bugzilla.redhat.com/show_bug.cgi?id=2298422 Patch0011: https://github.com/systemd/systemd/pull/33738.patch -Patch0020: 0001-meson-rename-libbasic-to-libbasic_static.patch -Patch0021: 0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch -Patch0022: 0003-meson-add-option-to-build-systemd-executor-staticall.patch - # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch From 4fd4ef72a6088bbc7791ff03739ce05932bc02e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 23 Jul 2024 10:58:29 +0200 Subject: [PATCH 164/327] Upload sources [skip changelog] --- sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources b/sources index 2e30e2f..aeac4c9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256.2.tar.gz) = 10da82ee58d3608c41cb0204fdf0227af965b13b8f3716e4f5dea994c236c08a5e31f09ba0d3774cea20a365e1d959c8c865fdeacc82400da55e94ad800e75ba +SHA512 (systemd-256.3.tar.gz) = 474a4bf24fc7180f2edef6c61ec2cc502a671ba944e54dd44d4b8d3d34fec22935dd8da247deafbce828c90041672c0a963472593e9d1fd54c98c6ee01861a4f From 1cdae03391665f76c25519197aa036fe7957d4c2 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 23 Jul 2024 13:16:26 +0200 Subject: [PATCH 165/327] Update tmpfiles --destroy-data patch Let's make sure we patch the integration test for systemd-tmpfiles --purge as well so it doesn't fail. --- ...-tmpfiles-make-purge-hard-to-mis-use.patch | 45 ++++++++++++++----- 1 file changed, 35 insertions(+), 10 deletions(-) diff --git a/0001-tmpfiles-make-purge-hard-to-mis-use.patch b/0001-tmpfiles-make-purge-hard-to-mis-use.patch index 87b5fa5..033b575 100644 --- a/0001-tmpfiles-make-purge-hard-to-mis-use.patch +++ b/0001-tmpfiles-make-purge-hard-to-mis-use.patch @@ -1,18 +1,19 @@ -From f62d1f6ea55fc0dcccbe60582804c9b033f8ad0e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 18 Jun 2024 20:32:10 +0200 +From 1e788a7fb535a37a8268aa7dc5130f670eb72a6b Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Tue, 23 Jul 2024 13:14:05 +0200 Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use Follow-up for https://github.com/systemd/systemd/pull/33383. --- - src/tmpfiles/tmpfiles.c | 17 +++++++++++++++++ - 1 file changed, 17 insertions(+) + src/tmpfiles/tmpfiles.c | 17 +++++++++++++++++ + test/units/TEST-22-TMPFILES.18.sh | 4 ++-- + 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c -index 5841db293e..9b0f744ba9 100644 +index 8cc8c1ccd6..14048545db 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c -@@ -4195,6 +4195,7 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4197,6 +4197,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_IMAGE_POLICY, ARG_REPLACE, ARG_DRY_RUN, @@ -20,7 +21,7 @@ index 5841db293e..9b0f744ba9 100644 ARG_NO_PAGER, }; -@@ -4218,10 +4219,18 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4220,10 +4221,18 @@ static int parse_argv(int argc, char *argv[]) { { "replace", required_argument, NULL, ARG_REPLACE }, { "dry-run", no_argument, NULL, ARG_DRY_RUN }, { "no-pager", no_argument, NULL, ARG_NO_PAGER }, @@ -39,7 +40,7 @@ index 5841db293e..9b0f744ba9 100644 assert(argc >= 0); assert(argv); -@@ -4328,6 +4337,10 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4330,6 +4339,10 @@ static int parse_argv(int argc, char *argv[]) { arg_dry_run = true; break; @@ -50,7 +51,7 @@ index 5841db293e..9b0f744ba9 100644 case ARG_NO_PAGER: arg_pager_flags |= PAGER_DISABLE; break; -@@ -4347,6 +4360,10 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4349,6 +4362,10 @@ static int parse_argv(int argc, char *argv[]) { return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Refusing --purge without specification of a configuration file."); @@ -61,3 +62,27 @@ index 5841db293e..9b0f744ba9 100644 if (arg_replace && arg_cat_flags != CAT_CONFIG_OFF) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Option --replace= is not supported with --cat-config/--tldr."); +diff --git a/test/units/TEST-22-TMPFILES.18.sh b/test/units/TEST-22-TMPFILES.18.sh +index 5d24197c81..de23bbb95f 100755 +--- a/test/units/TEST-22-TMPFILES.18.sh ++++ b/test/units/TEST-22-TMPFILES.18.sh +@@ -21,7 +21,7 @@ systemd-tmpfiles --purge --dry-run - <<<"$c" + test -f /tmp/somedir/somefile + grep -q baz /tmp/somedir/somefile + +-systemd-tmpfiles --purge - <<<"$c" ++systemd-tmpfiles --purge --destroy-data - <<<"$c" + test ! -f /tmp/somedir/somefile + test ! -d /tmp/somedir/ + +@@ -29,6 +29,6 @@ systemd-tmpfiles --create --purge --dry-run - <<<"$c" + test ! -f /tmp/somedir/somefile + test ! -d /tmp/somedir/ + +-systemd-tmpfiles --create --purge - <<<"$c" ++systemd-tmpfiles --create --destroy-data --purge - <<<"$c" + test -f /tmp/somedir/somefile + grep -q baz /tmp/somedir/somefile +-- +2.45.2 + From b29a66006c90e692ec8364ea6fb5d78e3be672e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 25 Jul 2024 12:50:06 +0200 Subject: [PATCH 166/327] Version 256.4 - Hardware db update - Minor fixes for systemd-udevd and varlink protocol --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index aeac4c9..dca53b1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256.3.tar.gz) = 474a4bf24fc7180f2edef6c61ec2cc502a671ba944e54dd44d4b8d3d34fec22935dd8da247deafbce828c90041672c0a963472593e9d1fd54c98c6ee01861a4f +SHA512 (systemd-256.4.tar.gz) = 0357f1b61a07e594aff118dec54bd7233f37b69ccdfa393b91f46f32f08238fa7dd44df70d1df858464c866e114868ae1bec66dc685703d425cbd4c86baddfb8 diff --git a/systemd.spec b/systemd.spec index cd4e455..210c1f7 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256.3} +Version: %{?version_override}%{!?version_override:256.4} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From 903e8e0f888de31d02fb75a1cfdeeebd0d7be359 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 29 Jul 2024 15:49:54 +0200 Subject: [PATCH 167/327] Backport upstream patch to try more initrd variants in 90-loaderentry.install This makes sure that 90-loaderentry.install plays nicely with the dracut kernel-install plugin that is shipped in Fedora and CentOS Stream. --- 33861.patch | 38 ++++++++++++++++++++++++++++++++++++++ systemd.spec | 2 ++ 2 files changed, 40 insertions(+) create mode 100644 33861.patch diff --git a/33861.patch b/33861.patch new file mode 100644 index 0000000..b443387 --- /dev/null +++ b/33861.patch @@ -0,0 +1,38 @@ +From 1310492f7a58db4315390db174da65aef699aa91 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Mon, 29 Jul 2024 15:41:51 +0200 +Subject: [PATCH] kernel-install: Try some more initrd variants in + 90-loaderentry.install + +On CentOS/Fedora, dracut is configured to write the initrd to +/boot/initramfs-$KERNEL_VERSION...img so let's check for that as well +if no initrds were supplied. +--- + src/kernel-install/90-loaderentry.install.in | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/src/kernel-install/90-loaderentry.install.in b/src/kernel-install/90-loaderentry.install.in +index 4ef6aca169c1a..84f7a4a97fb43 100755 +--- a/src/kernel-install/90-loaderentry.install.in ++++ b/src/kernel-install/90-loaderentry.install.in +@@ -205,8 +205,18 @@ mkdir -p "${LOADER_ENTRY%/*}" || { + have_initrd=yes + done + +- # Try "initrd", generated by dracut in its kernel-install hook, if no initrds were supplied +- [ -z "$have_initrd" ] && [ -f "$ENTRY_DIR_ABS/initrd" ] && echo "initrd $ENTRY_DIR/initrd" ++ # Try a few variations that are generated by various initrd generators in their kernel-install hooks if ++ # no initrds were supplied. ++ ++ if [ -z "$have_initrd" ] && [ -f "$ENTRY_DIR_ABS/initrd" ]; then ++ echo "initrd $ENTRY_DIR/initrd" ++ have_initrd=yes ++ fi ++ ++ if [ -z "$have_initrd" ] && [ -f "$BOOT_ROOT/initramfs-$KERNEL_VERSION.img" ]; then ++ echo "initrd /initramfs-$KERNEL_VERSION.img" ++ have_initrd=yes ++ fi + : + } >"$LOADER_ENTRY" || { + echo "Error: could not create loader entry '$LOADER_ENTRY'." >&2 diff --git a/systemd.spec b/systemd.spec index 210c1f7..fc511ba 100644 --- a/systemd.spec +++ b/systemd.spec @@ -119,6 +119,8 @@ Patch0010: https://github.com/systemd/systemd/pull/26494.patch # Requested in https://bugzilla.redhat.com/show_bug.cgi?id=2298422 Patch0011: https://github.com/systemd/systemd/pull/33738.patch +Patch0012: https://github.com/systemd/systemd/pull/33861.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch From 53118d2112c2dc686a04aefc564f9e062caba33d Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 29 Jul 2024 19:00:12 +0200 Subject: [PATCH 168/327] Backport patch to only read /proc/cmdline when not in container --- 33864.patch | 39 +++++++++++++++++++++++++++++++++++++++ systemd.spec | 1 + 2 files changed, 40 insertions(+) create mode 100644 33864.patch diff --git a/33864.patch b/33864.patch new file mode 100644 index 0000000..290af4c --- /dev/null +++ b/33864.patch @@ -0,0 +1,39 @@ +From 94a2999f250e3f7579883f5c79815b80398043cd Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Mon, 29 Jul 2024 17:13:28 +0200 +Subject: [PATCH] kernel-install: Only read cmdline from /proc/cmdline when not + in container + +If we're running from within a container, we're very likely not going +to want to use the kernel command line from /proc/cmdline, so let's add +a check to see if we're running from a container to decide whether we'll +use the kernel command line from /proc/cmdline. +--- + src/kernel-install/90-loaderentry.install.in | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/kernel-install/90-loaderentry.install.in b/src/kernel-install/90-loaderentry.install.in +index 4ef6aca169c1a..79427684cc5c9 100755 +--- a/src/kernel-install/90-loaderentry.install.in ++++ b/src/kernel-install/90-loaderentry.install.in +@@ -79,8 +79,10 @@ elif [ -f /etc/kernel/cmdline ]; then + BOOT_OPTIONS="$(tr -s "$IFS" ' ' Date: Tue, 20 Aug 2024 18:42:34 +0200 Subject: [PATCH 169/327] Disable integration of userdb in sshd --- systemd.spec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/systemd.spec b/systemd.spec index 63d5c95..8f88804 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1005,6 +1005,13 @@ mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ rm %{buildroot}/usr/lib/sysusers.d/basic.conf %endif +# Disable sshd_config.d/20-systemd-userdb.conf for now. +# This option may override an existing AuthorizedKeysCommand setting +# (or be ineffective, depending on the order of configuration). +# See https://github.com/systemd/systemd/issues/33648. +rm %{buildroot}/etc/ssh/sshd_config.d/20-systemd-userdb.conf +mv %{buildroot}/usr/lib/tmpfiles.d/20-systemd-userdb.conf{,.example} + %find_lang %{name} # Split files in build root into rpms From d38cacfd3af154d18f4ead14db8fb8d3108498ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 20 Aug 2024 19:04:55 +0200 Subject: [PATCH 170/327] Version 256.5 - Includes the patches for the kernel change with kernel threads in leaf cgroups (https://github.com/systemd/systemd/pull/33885) - Various smaller fixes --- 33861.patch | 38 -------------------------------------- 33864.patch | 39 --------------------------------------- sources | 2 +- systemd.spec | 5 +---- 4 files changed, 2 insertions(+), 82 deletions(-) delete mode 100644 33861.patch delete mode 100644 33864.patch diff --git a/33861.patch b/33861.patch deleted file mode 100644 index b443387..0000000 --- a/33861.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 1310492f7a58db4315390db174da65aef699aa91 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Mon, 29 Jul 2024 15:41:51 +0200 -Subject: [PATCH] kernel-install: Try some more initrd variants in - 90-loaderentry.install - -On CentOS/Fedora, dracut is configured to write the initrd to -/boot/initramfs-$KERNEL_VERSION...img so let's check for that as well -if no initrds were supplied. ---- - src/kernel-install/90-loaderentry.install.in | 14 ++++++++++++-- - 1 file changed, 12 insertions(+), 2 deletions(-) - -diff --git a/src/kernel-install/90-loaderentry.install.in b/src/kernel-install/90-loaderentry.install.in -index 4ef6aca169c1a..84f7a4a97fb43 100755 ---- a/src/kernel-install/90-loaderentry.install.in -+++ b/src/kernel-install/90-loaderentry.install.in -@@ -205,8 +205,18 @@ mkdir -p "${LOADER_ENTRY%/*}" || { - have_initrd=yes - done - -- # Try "initrd", generated by dracut in its kernel-install hook, if no initrds were supplied -- [ -z "$have_initrd" ] && [ -f "$ENTRY_DIR_ABS/initrd" ] && echo "initrd $ENTRY_DIR/initrd" -+ # Try a few variations that are generated by various initrd generators in their kernel-install hooks if -+ # no initrds were supplied. -+ -+ if [ -z "$have_initrd" ] && [ -f "$ENTRY_DIR_ABS/initrd" ]; then -+ echo "initrd $ENTRY_DIR/initrd" -+ have_initrd=yes -+ fi -+ -+ if [ -z "$have_initrd" ] && [ -f "$BOOT_ROOT/initramfs-$KERNEL_VERSION.img" ]; then -+ echo "initrd /initramfs-$KERNEL_VERSION.img" -+ have_initrd=yes -+ fi - : - } >"$LOADER_ENTRY" || { - echo "Error: could not create loader entry '$LOADER_ENTRY'." >&2 diff --git a/33864.patch b/33864.patch deleted file mode 100644 index 290af4c..0000000 --- a/33864.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 94a2999f250e3f7579883f5c79815b80398043cd Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Mon, 29 Jul 2024 17:13:28 +0200 -Subject: [PATCH] kernel-install: Only read cmdline from /proc/cmdline when not - in container - -If we're running from within a container, we're very likely not going -to want to use the kernel command line from /proc/cmdline, so let's add -a check to see if we're running from a container to decide whether we'll -use the kernel command line from /proc/cmdline. ---- - src/kernel-install/90-loaderentry.install.in | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/kernel-install/90-loaderentry.install.in b/src/kernel-install/90-loaderentry.install.in -index 4ef6aca169c1a..79427684cc5c9 100755 ---- a/src/kernel-install/90-loaderentry.install.in -+++ b/src/kernel-install/90-loaderentry.install.in -@@ -79,8 +79,10 @@ elif [ -f /etc/kernel/cmdline ]; then - BOOT_OPTIONS="$(tr -s "$IFS" ' ' Date: Sat, 24 Aug 2024 08:29:48 -0700 Subject: [PATCH 171/327] Do not require grubby on CentOS Stream 9 This is a fixup for 12d1f050295e2e88235a5478b07eebdbda461ae3. --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 1865706..524109a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -419,8 +419,10 @@ Obsoletes: systemd < 245.6-1 Provides: udev = %{version} Provides: udev%{_isa} = %{version} Obsoletes: udev < 183 +%if 0%{?fedora} || 0%{?rhel} >= 10 Requires: (grubby > 8.40-72 if grubby) Requires: (sdubby > 1.0-3 if sdubby) +%endif # A backport of systemd-timesyncd is shipped as a separate package in EPEL so # let's make sure we properly handle that. %if 0%{?rhel} From 28076e6232412aa7138e09aaec8c0a414faa3dce Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 27 Aug 2024 15:04:08 +0200 Subject: [PATCH 172/327] Only make python3-pillow Recommends on Fedora python3-pillow is not available in CentOS Stream 9/10 so let's not mark it as Recommends. --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 524109a..2ebce1d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -497,7 +497,9 @@ Requires: python3dist(pefile) Requires: python3dist(zstd) %endif Requires: python3dist(cryptography) +%if 0%{?fedora} Recommends: python3dist(pillow) +%endif # for tests %ifarch riscv64 From 196ec98228ac7ba72652635e29fbdfdf1b88a2a4 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 28 Aug 2024 10:22:26 +0200 Subject: [PATCH 173/327] Drop %upstream conditionalization for patches rpm will imply --noprep when using --build-in-place in rpm 4.20 and we're switching the mkosi rpm builds to use --noprep as well on older rpm versions. This means we don't need to gate out patch applications anymore with the %upstream macro. --- systemd.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 2ebce1d..0b107ef 100644 --- a/systemd.spec +++ b/systemd.spec @@ -108,7 +108,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. -%if %{without upstream} %if 0%{?fedora} < 40 && 0%{?rhel} < 10 # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 @@ -125,7 +124,6 @@ Patch0491: https://github.com/systemd/systemd/pull/30846.patch # Soft-disable tmpfiles --purge until a good use case comes up. Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch -%endif # Adjust upstream config to use our shared stack Patch0499: fedora-use-system-auth-in-pam-systemd-user.patch From abb115a9057a0ae7acf8c4dd6d9d79423b89a591 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 28 Aug 2024 10:23:54 +0200 Subject: [PATCH 174/327] Do not use patch to modify systemd-user pam config file We still want the Fedora systemd-user pam config when building with --noprep so let's install the pam config file using a regular source instead of patching the one provided by systemd. --- ...-use-system-auth-in-pam-systemd-user.patch | 31 ------------------- systemd-user | 14 +++++++++ systemd.spec | 7 +++-- 3 files changed, 18 insertions(+), 34 deletions(-) delete mode 100644 fedora-use-system-auth-in-pam-systemd-user.patch create mode 100644 systemd-user diff --git a/fedora-use-system-auth-in-pam-systemd-user.patch b/fedora-use-system-auth-in-pam-systemd-user.patch deleted file mode 100644 index df820e2..0000000 --- a/fedora-use-system-auth-in-pam-systemd-user.patch +++ /dev/null @@ -1,31 +0,0 @@ -From c4b803dc60b63a35c977d39610b7872175ec03bd Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 14 Dec 2022 22:24:53 +0100 -Subject: [PATCH] fedora: use system-auth in pam systemd-user - ---- - src/login/systemd-user.in | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in -index 8a3c9e0165..74ef5f2552 100644 ---- a/src/login/systemd-user.in -+++ b/src/login/systemd-user.in -@@ -7,7 +7,7 @@ - -account sufficient pam_systemd_home.so - {% endif %} - account sufficient pam_unix.so no_pass_expiry --account required pam_permit.so -+account include system-auth - - {% if HAVE_SELINUX %} - session required pam_selinux.so close -@@ -20,4 +20,4 @@ session required pam_namespace.so - -session optional pam_systemd_home.so - {% endif %} - session optional pam_umask.so silent --session optional pam_systemd.so -+session include system-auth --- -2.41.0 - diff --git a/systemd-user b/systemd-user new file mode 100644 index 0000000..82dcd32 --- /dev/null +++ b/systemd-user @@ -0,0 +1,14 @@ +# Used by systemd --user instances. + +-account sufficient pam_systemd_home.so +account sufficient pam_unix.so no_pass_expiry +account include system-auth + +session required pam_selinux.so close +session required pam_selinux.so nottys open +session required pam_loginuid.so +session optional pam_keyinit.so force revoke +session required pam_namespace.so +-session optional pam_systemd_home.so +session optional pam_umask.so silent +session include system-auth diff --git a/systemd.spec b/systemd.spec index 0b107ef..456f4f9 100644 --- a/systemd.spec +++ b/systemd.spec @@ -96,6 +96,8 @@ Source24: sysusers.generate-pre.sh Source25: 98-default-mac-none.link +Source26: systemd-user + %if 0 GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip @@ -125,9 +127,6 @@ Patch0491: https://github.com/systemd/systemd/pull/30846.patch # Soft-disable tmpfiles --purge until a good use case comes up. Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch -# Adjust upstream config to use our shared stack -Patch0499: fedora-use-system-auth-in-pam-systemd-user.patch - %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 %endif @@ -1011,6 +1010,8 @@ rm %{buildroot}/usr/lib/sysusers.d/basic.conf rm %{buildroot}/etc/ssh/sshd_config.d/20-systemd-userdb.conf mv %{buildroot}/usr/lib/tmpfiles.d/20-systemd-userdb.conf{,.example} +install -m 0644 -t %{buildroot}%{_prefix}/lib/pam.d/ %{SOURCE26} + %find_lang %{name} # Split files in build root into rpms From a67221c3f0d0b81b9b5b3230a71d09044342f1a4 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 28 Aug 2024 11:57:41 +0200 Subject: [PATCH 175/327] Always build ukify package Even on non-uefi architectures, ukify can be used to build UKIs for UEFI images. For example, mkosi can use it to build UKIs on s390x. To enable this use case, let's always build ukify, but with a conditional dependency on systemd-boot only on arches that support UEFI. --- 34154.patch | 27 +++++++++++++++++++++++++++ split-files.py | 2 +- systemd.spec | 18 ++++++++++++------ 3 files changed, 40 insertions(+), 7 deletions(-) create mode 100644 34154.patch diff --git a/34154.patch b/34154.patch new file mode 100644 index 0000000..acab80c --- /dev/null +++ b/34154.patch @@ -0,0 +1,27 @@ +From e3486e1494ab4bc23df39cae8b4bda6182265408 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 28 Aug 2024 14:08:30 +0200 +Subject: [PATCH] ukify: Skip test on architectures without UEFI + +--- + src/ukify/test/test_ukify.py | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/ukify/test/test_ukify.py b/src/ukify/test/test_ukify.py +index bbd26c0d42343..a08996cb55cf6 100755 +--- a/src/ukify/test/test_ukify.py ++++ b/src/ukify/test/test_ukify.py +@@ -45,6 +45,13 @@ + sys.path.append(os.path.dirname(__file__) + '/..') + import ukify + ++# Skip if we're running on an architecture that does not use UEFI. ++try: ++ ukify.guess_efi_arch() ++except ValueError as e: ++ print(str(e), file=sys.stderr) ++ sys.exit(77) ++ + build_root = os.getenv('PROJECT_BUILD_ROOT') + try: + slow_tests = bool(int(os.getenv('SYSTEMD_SLOW_TESTS', '1'))) diff --git a/split-files.py b/split-files.py index 3f66ada..51400fd 100644 --- a/split-files.py +++ b/split-files.py @@ -260,6 +260,6 @@ for file in files(buildroot): if [print(f'ERROR: no file names were written to {o.name}') for name, o in outputs.items() if (o.tell() == 0 and - not (no_bootloader and name in ('ukify', 'boot'))) + not (no_bootloader and name == 'boot')) ]: sys.exit(1) diff --git a/systemd.spec b/systemd.spec index 456f4f9..614db47 100644 --- a/systemd.spec +++ b/systemd.spec @@ -120,6 +120,9 @@ Patch0010: https://github.com/systemd/systemd/pull/26494.patch # Requested in https://bugzilla.redhat.com/show_bug.cgi?id=2298422 Patch0011: https://github.com/systemd/systemd/pull/33738.patch +# Make test-ukify skip itself on architectures without UEFI. +Patch0012: https://github.com/systemd/systemd/pull/34154.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch @@ -483,12 +486,16 @@ This package also provides systemd-timesyncd, a network time protocol daemon. It also contains tools to manage encrypted home areas and secrets bound to the machine, and to create or grow partitions and make file systems automatically. -%if 0%{?want_bootloader} %package ukify Summary: Tool to build Unified Kernel Images Requires: %{name} = %{version}-%{release} -Requires: systemd-boot +Requires: (systemd-boot if %{shrink:( + filesystem(x86-32) or + filesystem(x86-64) or + filesystem(aarch64) or + filesystem(riscv64) +)}) Requires: python3dist(pefile) %if 0%{?fedora} Requires: python3dist(zstd) @@ -512,6 +519,7 @@ This package provides ukify, a script that combines a kernel image, an initrd, with a command line, and possibly PCR measurements and other metadata, into a Unified Kernel Image (UKI). +%if 0%{?want_bootloader} %package boot-unsigned Summary: UEFI boot manager (unsigned version) @@ -826,10 +834,8 @@ CONFIGURE_OPTS=( # For now, let's build the bootloader in the same places where we # built with gnu-efi. Later on, we might want to extend coverage, but # considering that that support is untested, let's not do this now. - # Note, ukify requires bootloader, let's also explicitly enable/disable it - # here for https://github.com/systemd/systemd/pull/24175. -Dbootloader=%[%{?want_bootloader}?"enabled":"disabled"] - -Dukify=%[%{?want_bootloader}?"enabled":"disabled"] + -Dukify=enabled ) %if %{without lto} @@ -1265,8 +1271,8 @@ fi %files udev -f .file-list-udev -%if 0%{?want_bootloader} %files ukify -f .file-list-ukify +%if 0%{?want_bootloader} %files boot-unsigned -f .file-list-boot %endif From ce99022f7b7c6b545cdbfac2436e578d41ca3162 Mon Sep 17 00:00:00 2001 From: Matteo Croce Date: Thu, 12 Sep 2024 01:18:42 +0200 Subject: [PATCH 176/327] Version 256.6 Bump version and remove already present ukify patch --- 34154.patch | 27 --------------------------- sources | 2 +- systemd.spec | 5 +---- 3 files changed, 2 insertions(+), 32 deletions(-) delete mode 100644 34154.patch diff --git a/34154.patch b/34154.patch deleted file mode 100644 index acab80c..0000000 --- a/34154.patch +++ /dev/null @@ -1,27 +0,0 @@ -From e3486e1494ab4bc23df39cae8b4bda6182265408 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 28 Aug 2024 14:08:30 +0200 -Subject: [PATCH] ukify: Skip test on architectures without UEFI - ---- - src/ukify/test/test_ukify.py | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/ukify/test/test_ukify.py b/src/ukify/test/test_ukify.py -index bbd26c0d42343..a08996cb55cf6 100755 ---- a/src/ukify/test/test_ukify.py -+++ b/src/ukify/test/test_ukify.py -@@ -45,6 +45,13 @@ - sys.path.append(os.path.dirname(__file__) + '/..') - import ukify - -+# Skip if we're running on an architecture that does not use UEFI. -+try: -+ ukify.guess_efi_arch() -+except ValueError as e: -+ print(str(e), file=sys.stderr) -+ sys.exit(77) -+ - build_root = os.getenv('PROJECT_BUILD_ROOT') - try: - slow_tests = bool(int(os.getenv('SYSTEMD_SLOW_TESTS', '1'))) diff --git a/sources b/sources index 87067ab..ad04ada 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256.5.tar.gz) = 40558194e05a17b218adf3d6df48b738c866855d43d09c1e9381c2c568a44a8f1617b64476736fc7e34416ad9e8d25dc023cf9de090b4ef9079866919377009f +SHA512 (systemd-256.6.tar.gz) = 99d0fad02cab3559e081dabc2797d1d66bbc21daf9aaec847aeb6bce289456ff9c8599a34563c9bfa3826db36ae9ab30836b09bae00bf1a410b54d0bad9bd4dc diff --git a/systemd.spec b/systemd.spec index 614db47..2e4c79d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256.5} +Version: %{?version_override}%{!?version_override:256.6} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -120,9 +120,6 @@ Patch0010: https://github.com/systemd/systemd/pull/26494.patch # Requested in https://bugzilla.redhat.com/show_bug.cgi?id=2298422 Patch0011: https://github.com/systemd/systemd/pull/33738.patch -# Make test-ukify skip itself on architectures without UEFI. -Patch0012: https://github.com/systemd/systemd/pull/34154.patch - # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch From 5a82129a41aef1f8c7f5b58b695dd8d88bc2b333 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 20 Sep 2024 17:45:09 +0200 Subject: [PATCH 177/327] Reword some descriptions Also reflow %descriptions to 80 columns. [skip changelog] --- systemd.spec | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/systemd.spec b/systemd.spec index 2e4c79d..cb4f895 100644 --- a/systemd.spec +++ b/systemd.spec @@ -635,8 +635,8 @@ Requires: python3dist(psutil) License: LGPL-2.1-or-later %description tests -"Installed tests" that are usually run as part of the build system. They can be -useful to test systemd internals. +Systemd unit tests used to test the internal implementation after a build. +Different binaries test different parts of the codebase. %package standalone-repart Summary: Standalone systemd-repart binary for use on systems without systemd @@ -646,9 +646,9 @@ Suggests: coreutils-single RemovePathPostfixes: .standalone %description standalone-repart -Standalone systemd-repart binary with no dependencies on the systemd-shared library or -other libraries from systemd-libs. This package conflicts with the main systemd -package and is meant for use on systems without systemd. +Standalone systemd-repart binary with no dependencies on the systemd-shared +library or other libraries from systemd-libs. This package conflicts with the +main systemd package and is meant for use on systems without systemd. %package standalone-tmpfiles Summary: Standalone systemd-tmpfiles binary for use on systems without systemd @@ -658,9 +658,9 @@ Suggests: coreutils-single RemovePathPostfixes: .standalone %description standalone-tmpfiles -Standalone systemd-tmpfiles binary with no dependencies on the systemd-shared library or -other libraries from systemd-libs. This package conflicts with the main systemd -package and is meant for use on systems without systemd. +Standalone systemd-tmpfiles binary with no dependencies on the systemd-shared +library or other libraries from systemd-libs. This package conflicts with the +main systemd package and is meant for use on systems without systemd. %package standalone-sysusers Summary: Standalone systemd-sysusers binary for use on systems without systemd @@ -670,21 +670,21 @@ Suggests: coreutils-single RemovePathPostfixes: .standalone %description standalone-sysusers -Standalone systemd-sysusers binary with no dependencies on the systemd-shared library or -other libraries from systemd-libs. This package conflicts with the main systemd -package and is meant for use on systems without systemd. +Standalone systemd-sysusers binary with no dependencies on the systemd-shared +library or other libraries from systemd-libs. This package conflicts with the +main systemd package and is meant for use on systems without systemd. %package standalone-shutdown -Summary: Standalone systemd-shutdown binary for use on systems without systemd +Summary: Standalone systemd-shutdown binary for use in exitrds Provides: %{name}-shutdown = %{version}-%{release} Conflicts: %{name} Suggests: coreutils-single RemovePathPostfixes: .standalone %description standalone-shutdown -Standalone systemd-shutdown binary with no dependencies on the systemd-shared library or -other libraries from systemd-libs. This package conflicts with the main systemd -package and is meant for use in exitrds. +Standalone systemd-shutdown binary with no dependencies on the systemd-shared +library or other libraries from systemd-libs. This package conflicts with the +main systemd package and is meant for use in exitrds. %prep %if %{defined branch} From bedc0270e72071dd027f998629f6d633700c5b89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 24 Sep 2024 16:22:27 +0200 Subject: [PATCH 178/327] Move yum/dnf protection removal config file under /usr https://github.com/uapi-group/specifications/issues/76 Actually, add a new file under /usr, but keep the old file in /etc because it's still needed for dnf. The new file in the new location is useful because it means that we get the correct behaviour even when /etc is emptied (on systems with new dnf version). dnf5 reads the new location: https://github.com/rpm-software-management/dnf5/issues/1107 https://github.com/rpm-software-management/dnf5/pull/1110 --- systemd.spec | 17 ++++++++++++----- yum-protect-systemd.conf | 2 -- 2 files changed, 12 insertions(+), 7 deletions(-) delete mode 100644 yum-protect-systemd.conf diff --git a/systemd.spec b/systemd.spec index cb4f895..b1d69a4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -71,9 +71,6 @@ Source2: split-files.py Source3: purge-nobody-user Source4: test_sysusers_defined.py -# Prevent accidental removal of the systemd package -Source5: yum-protect-systemd.conf - Source6: inittab Source7: sysctl.conf.README Source8: systemd-journal-remote.xml @@ -942,8 +939,18 @@ touch %{buildroot}%{_localstatedir}/lib/systemd/random-seed touch %{buildroot}%{_localstatedir}/lib/systemd/timesync/clock touch %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload/state -# Install yum protection fragment -install -Dm0644 %{SOURCE5} %{buildroot}/etc/dnf/protected.d/systemd.conf +# Install yum protection config. Old location in /etc. +mkdir -p %{buildroot}/etc/dnf/protected.d/ +cat >%{buildroot}/etc/dnf/protected.d/systemd.conf <%{buildroot}/usr/share/dnf5/libdnf.conf.d/protect-systemd.conf < Date: Fri, 11 Oct 2024 18:32:58 +0200 Subject: [PATCH 179/327] Version 256.7 - Various small fixes in many components - Documentation updates --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index ad04ada..db248bb 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256.6.tar.gz) = 99d0fad02cab3559e081dabc2797d1d66bbc21daf9aaec847aeb6bce289456ff9c8599a34563c9bfa3826db36ae9ab30836b09bae00bf1a410b54d0bad9bd4dc +SHA512 (systemd-256.7.tar.gz) = 2ff3805a7d97780a716b23ddeea3722a85aba6326ecee527e53e9d35510a0ffa5ec0bf0cdbf8f3409bb9c6832406916f63eb7e8305db5f67c284e5590c642422 diff --git a/systemd.spec b/systemd.spec index b1d69a4..b06d182 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256.6} +Version: %{?version_override}%{!?version_override:256.7} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From e42eed4afd6267cd954d393d8eec79e0e7573de0 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 24 Oct 2024 18:11:05 +0900 Subject: [PATCH 180/327] test_sysusers_defined: support new ! line flag for creating fully locked accounts For https://github.com/systemd/systemd/pull/34876. --- test_sysusers_defined.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test_sysusers_defined.py b/test_sysusers_defined.py index 2754578..6f04f15 100755 --- a/test_sysusers_defined.py +++ b/test_sysusers_defined.py @@ -11,7 +11,7 @@ def parse_sysusers_file(filename): continue words = line.split() match words[0]: - case 'u': + case 'u'|'u!': users.add(words[1]) case 'g': groups.add(words[1]) From 009c64d6a2bfc60153d1c418f384cf527bccb2a0 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Thu, 24 Oct 2024 09:24:58 +0200 Subject: [PATCH 181/327] Use %systemd_preun in systemd-resolved With that, systemd-resolved.service is not only disabled but also stopped on package uninstall. ... (rhbz#2305391) --- systemd.spec | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index b06d182..22bc752 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1185,10 +1185,8 @@ fi %systemd_post systemd-resolved.service %preun resolved +%systemd_preun systemd-resolved.service if [ $1 -eq 0 ] ; then - systemctl disable --quiet \ - systemd-resolved.service \ - >/dev/null || : if [ -L /etc/resolv.conf ] && \ realpath /etc/resolv.conf | grep ^/run/systemd/resolve/; then rm -f /etc/resolv.conf # no longer useful From 86ca699d18c427aee4b8ceb89ea303f124f878b6 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 11 Oct 2024 11:09:41 +0200 Subject: [PATCH 182/327] Backport user manager reexec changes This drastically simplifier reexecs of user managers by using systemctl reload to do a user manager reexec. This means we don't need systemd-run, a pam session or systemd-stdio-bridge anymore to do a user manager reexec and all job tracking is handled by pid 1 instead of bash. --- systemd.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systemd.spec b/systemd.spec index 22bc752..78db443 100644 --- a/systemd.spec +++ b/systemd.spec @@ -117,6 +117,9 @@ Patch0010: https://github.com/systemd/systemd/pull/26494.patch # Requested in https://bugzilla.redhat.com/show_bug.cgi?id=2298422 Patch0011: https://github.com/systemd/systemd/pull/33738.patch +# Simplify user manager upgrades +Patch0012: https://github.com/systemd/systemd/pull/34707.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch From 8f44e8097dbafa1e5857ab594aa823ec82f8ff46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 7 Nov 2024 11:45:37 +0100 Subject: [PATCH 183/327] Add forgotten patch [skip changelog] --- 34707.patch | 233 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 233 insertions(+) create mode 100644 34707.patch diff --git a/34707.patch b/34707.patch new file mode 100644 index 0000000..5d8e278 --- /dev/null +++ b/34707.patch @@ -0,0 +1,233 @@ +From da81a108653e2ef19102698dbc0184bd18b084d9 Mon Sep 17 00:00:00 2001 +From: Mike Yuan +Date: Thu, 10 Oct 2024 21:16:05 +0200 +Subject: [PATCH 1/4] core/manager: still send out STATUS=Ready for user + manager + +This effectively reverts 37d15cd132f3a8a0bf42fb252c1604e804171ff2. + +The offending commit wrongly assumed that the second READY=1 +notification is for system scope only, but it also serves the purpose +of flushing out previous STATUS= containing user unit job status. +--- + src/core/manager.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 2789f0e3d0c9c..456ad46135b72 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -3885,7 +3885,7 @@ static void manager_notify_finished(Manager *m) { + log_taint_string(m); + } + +-static void manager_send_ready_user_scope(Manager *m) { ++static void manager_send_ready_on_basic_target(Manager *m) { + int r; + + assert(m); +@@ -3904,18 +3904,18 @@ static void manager_send_ready_user_scope(Manager *m) { + m->status_ready = false; + } + +-static void manager_send_ready_system_scope(Manager *m) { ++static void manager_send_ready_on_idle(Manager *m) { + int r; + + assert(m); + +- if (!MANAGER_IS_SYSTEM(m)) +- return; +- + /* Skip the notification if nothing changed. */ + if (m->ready_sent && m->status_ready) + return; + ++ /* Note that for user managers, we might have already sent READY=1 in manager_send_ready_user_scope(). ++ * But we still need to flush STATUS=. The second READY=1 will be treated as a noop so it doesn't ++ * hurt to send it twice. */ + r = sd_notify(/* unset_environment= */ false, + "READY=1\n" + "STATUS=Ready."); +@@ -3940,7 +3940,7 @@ static void manager_check_basic_target(Manager *m) { + return; + + /* For user managers, send out READY=1 as soon as we reach basic.target */ +- manager_send_ready_user_scope(m); ++ manager_send_ready_on_basic_target(m); + + /* Log the taint string as soon as we reach basic.target */ + log_taint_string(m); +@@ -3971,7 +3971,7 @@ void manager_check_finished(Manager *m) { + if (hashmap_buckets(m->jobs) > hashmap_size(m->units) / 10) + m->jobs = hashmap_free(m->jobs); + +- manager_send_ready_system_scope(m); ++ manager_send_ready_on_idle(m); + + /* Notify Type=idle units that we are done now */ + manager_close_idle_pipe(m); + +From 155098a702c4f6de6b1dca534661492625773fed Mon Sep 17 00:00:00 2001 +From: Mike Yuan +Date: Thu, 10 Oct 2024 21:06:35 +0200 +Subject: [PATCH 2/4] core/manager-serialize: drop serialization for + Manager.ready_sent + +This field indicates whether READY=1 has been sent to +the service manager/supervisor. Whenever we reload/reexec/soft-reboot, +manager_send_reloading() always resets it to false first, +so that READY=1 is sent after reloading finishes. Hence +we utterly get "false" at all times. Kill it. +--- + src/core/manager-serialize.c | 12 +----------- + 1 file changed, 1 insertion(+), 11 deletions(-) + +diff --git a/src/core/manager-serialize.c b/src/core/manager-serialize.c +index 62dfce93a0a85..3f624619dfd19 100644 +--- a/src/core/manager-serialize.c ++++ b/src/core/manager-serialize.c +@@ -92,7 +92,6 @@ int manager_serialize( + (void) serialize_item_format(f, "current-job-id", "%" PRIu32, m->current_job_id); + (void) serialize_item_format(f, "n-installed-jobs", "%u", m->n_installed_jobs); + (void) serialize_item_format(f, "n-failed-jobs", "%u", m->n_failed_jobs); +- (void) serialize_bool(f, "ready-sent", m->ready_sent); + (void) serialize_bool(f, "taint-logged", m->taint_logged); + (void) serialize_bool(f, "service-watchdogs", m->service_watchdogs); + +@@ -356,15 +355,6 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { + else + m->n_failed_jobs += n; + +- } else if ((val = startswith(l, "ready-sent="))) { +- int b; +- +- b = parse_boolean(val); +- if (b < 0) +- log_notice("Failed to parse ready-sent flag '%s', ignoring.", val); +- else +- m->ready_sent = m->ready_sent || b; +- + } else if ((val = startswith(l, "taint-logged="))) { + int b; + +@@ -558,7 +548,7 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { + + if (q < _MANAGER_TIMESTAMP_MAX) /* found it */ + (void) deserialize_dual_timestamp(val, m->timestamps + q); +- else if (!STARTSWITH_SET(l, "kdbus-fd=", "honor-device-enumeration=")) /* ignore deprecated values */ ++ else if (!STARTSWITH_SET(l, "kdbus-fd=", "honor-device-enumeration=", "ready-sent=")) /* ignore deprecated values */ + log_notice("Unknown serialization item '%s', ignoring.", l); + } + } + +From a375e145190482e8a2f0971bffb332e31211622f Mon Sep 17 00:00:00 2001 +From: Mike Yuan +Date: Thu, 10 Oct 2024 21:32:17 +0200 +Subject: [PATCH 3/4] units/{user,capsule}@.service: issue daemon-reexec when + notify-reloading + +Closes #28367 (but not really in the exact form, see below) + +We have the problem of restarting all user manager instances +after upgrade. Current approaches involve systemctl kill +with SIGRTMIN+25, which is async and feels rather ugly [1][2]; +or systemctl --machine=user@ --user, which requires entering +each user session. Neither is particularly elegant. +Instead, let's just signal daemon-reexec when user@.service +is reloaded from system manager. Our long goal of dropping +daemon-reload in favor of reexec (see TODO) is unlikely to happen +due to user dbus restrictions, but here the synchronization +is done via READY=1. + +[1] https://gitlab.archlinux.org/archlinux/packaging/packages/systemd/-/blob/main/systemd.install?ref_type=heads#L37 +[2] https://salsa.debian.org/systemd-team/systemd/-/blob/debian/master/debian/systemd.postinst#L24 + +#28367 would not really work for us now I come to think about it, +because all processes will be reparented to pid1 as soon as +original user manager process exits. This alternative approach +seems good enough for our use case. +--- + units/capsule@.service.in | 4 ++++ + units/user@.service.in | 4 ++++ + 2 files changed, 8 insertions(+) + +diff --git a/units/capsule@.service.in b/units/capsule@.service.in +index f2bb9e3a45a83..a64298786e490 100644 +--- a/units/capsule@.service.in ++++ b/units/capsule@.service.in +@@ -23,6 +23,10 @@ StateDirectory=capsules/%i + RuntimeDirectory=capsules/%i + LogExtraFields=CAPSULE=%i + Slice=capsule.slice ++# Reexecute the manager on service reload, instead of reloading. ++# This provides a synchronous method for restarting all user manager ++# instances after upgrade. ++ReloadSignal=RTMIN+25 + KillMode=mixed + Delegate=pids memory cpu + DelegateSubgroup=init.scope +diff --git a/units/user@.service.in b/units/user@.service.in +index 5695465747217..381ab2a0db54e 100644 +--- a/units/user@.service.in ++++ b/units/user@.service.in +@@ -20,6 +20,10 @@ PAMName=systemd-user + Type=notify-reload + ExecStart={{LIBEXECDIR}}/systemd --user + Slice=user-%i.slice ++# Reexecute the manager on service reload, instead of reloading. ++# This provides a synchronous method for restarting all user manager ++# instances after upgrade. ++ReloadSignal=RTMIN+25 + KillMode=mixed + Delegate=pids memory cpu + DelegateSubgroup=init.scope + +From 2d0af8bc354f4a1429cebedfb387af72c88720a0 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 10 Oct 2024 22:37:39 +0200 +Subject: [PATCH 4/4] rpm/systemd-update-helper: Use systemctl reload to + reexec/reload user managers + +Let's always use systemctl reload to reexec and reload user managers +now that it always implies a reexec. This moves all the job management +logic to pid 1 instead of bash and reduces the complexity of the logic +as we remove systemd-run, pam and systemd-stdio-bridge from the equation. +--- + src/rpm/systemd-update-helper.in | 20 ++++---------------- + 1 file changed, 4 insertions(+), 16 deletions(-) + +diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in +index c81e16c3d3ffb..8af914935261a 100755 +--- a/src/rpm/systemd-update-helper.in ++++ b/src/rpm/systemd-update-helper.in +@@ -107,25 +107,13 @@ case "$command" in + + [ -d /run/systemd/system ] || exit 0 + +- users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') +- +- if [[ "$command" =~ reexec ]]; then +- for user in $users; do +- SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ +- systemctl --user -M "$user@" daemon-reexec & +- done +- wait +- fi +- +- if [[ "$command" =~ reload ]]; then +- for user in $users; do +- SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ +- systemctl --user -M "$user@" daemon-reload & +- done +- wait ++ if [[ "$command" =~ reexec|reload ]]; then ++ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s systemctl reload "user@*.service" + fi + + if [[ "$command" =~ restart ]]; then ++ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') ++ + for user in $users; do + SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ + systemctl --user -M "$user@" reload-or-restart --marked & From 8dafa3810b3cec0dd297b8686fb4a00c6972712e Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Wed, 6 Nov 2024 14:29:38 -0500 Subject: [PATCH 184/327] Disable OpenSSL v3 ENGINE on RHEL RHEL 10+ does not provide and defines OPENSSL_NO_ENGINE. https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 78db443..f3e717e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -172,7 +172,7 @@ BuildRequires: libcurl-devel BuildRequires: kmod-devel BuildRequires: elfutils-devel BuildRequires: openssl-devel -%if 0%{?fedora} >= 41 || 0%{?rhel} >= 11 +%if 0%{?fedora} >= 41 BuildRequires: openssl-devel-engine %endif %if %{with gnutls} From 834ba50e798a42be20b00d4553ba2ddb91f7ffd0 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 3 Oct 2024 16:42:29 +0200 Subject: [PATCH 185/327] Use %posttrans instead of %postun to restart services Anything we put in a %postun script needs two releases of the rpm before it is invoked. The reason for using %postun to restart services is because it runs after the old version has been removed so we can be sure all remaining dropins and such files from the old version have been removed. %posttrans gives us the same guarantee but the %posttrans of the new version will run on install and upgrade which means the changes will be applied immediately instead of having to release twice before the changes take effect. We define the systemd_posttrans_with_restart macro in the spec because we can't use the upstream one as we ship it ourselves. --- systemd.spec | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/systemd.spec b/systemd.spec index f3e717e..6a962cd 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1039,6 +1039,16 @@ meson test -C %{_vpath_builddir} -t 6 --print-errorlogs %include %{SOURCE1} +# This macro is newly added upstream so we can't rely on it being always being available +# in the systemd-rpm-macros yet so we define it ourselves. +%global systemd_posttrans_with_restart() \ +%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_posttrans_with_restart}} \ +if [ $1 -ge 2 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then \ + # Package upgrade, not install \ + /usr/lib/systemd/systemd-update-helper mark-restart-system-units %* || : \ +fi \ +%{nil} + %post systemd-machine-id-setup &>/dev/null || : @@ -1062,8 +1072,8 @@ systemd-tmpfiles --create &>/dev/null || : systemctl preset-all &>/dev/null || : systemctl --global preset-all &>/dev/null || : -%postun -if [ $1 -ge 1 ]; then +%posttrans +if [ $1 -ge 2 ]; then [ -w %{_localstatedir} ] && journalctl --update-catalog || : systemctl daemon-reexec || : @@ -1071,13 +1081,13 @@ if [ $1 -ge 1 ]; then systemd-tmpfiles --create &>/dev/null || : fi -%systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service +%systemd_posttrans_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service # FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558) # This is the expanded form of %%systemd_user_daemon_reexec. We # can't use the macro because we define it ourselves. -if [ $1 -ge 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then +if [ $1 -ge 2 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then # Package upgrade, not uninstall /usr/lib/systemd/systemd-update-helper user-reexec || : fi @@ -1124,11 +1134,10 @@ grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null && %preun udev %systemd_preun %udev_services -%postun udev +%posttrans udev # Restart some services. # Others are either oneshot services, or sockets, and restarting them causes issues (#1378974) -%systemd_postun_with_restart systemd-udevd.service systemd-timesyncd.service - +%systemd_posttrans_with_restart systemd-udevd.service systemd-timesyncd.service %global journal_remote_units_restart systemd-journal-gatewayd.service systemd-journal-remote.service systemd-journal-upload.service %global journal_remote_units_norestart systemd-journal-gatewayd.socket systemd-journal-remote.socket @@ -1146,8 +1155,8 @@ if [ $1 -eq 1 ] ; then fi fi -%postun journal-remote -%systemd_postun_with_restart %journal_remote_units_restart +%posttrans journal-remote +%systemd_posttrans_with_restart %journal_remote_units_restart %firewalld_reload %post networkd @@ -1169,9 +1178,8 @@ fi %preun networkd %systemd_preun systemd-networkd.service systemd-networkd-wait-online.service -%postun networkd -%systemd_postun_with_restart systemd-networkd.service -%systemd_postun systemd-networkd-wait-online.service +%posttrans networkd +%systemd_posttrans_with_restart systemd-networkd.service %post resolved [ $1 -eq 1 ] || exit 0 @@ -1200,10 +1208,8 @@ if [ $1 -eq 0 ] ; then fi fi -%postun resolved -%systemd_postun_with_restart systemd-resolved.service - %posttrans resolved +%systemd_posttrans_with_restart systemd-resolved.service [ -e %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation ] || exit 0 rm %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation # Initial installation From ea947ce068a67be565245a295db738d66c4af954 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 7 Nov 2024 16:13:20 +0100 Subject: [PATCH 186/327] Version 257~rc1 --- ...-tmpfiles-make-purge-hard-to-mis-use.patch | 27 +- 33738.patch | 37 --- 34707.patch | 233 ------------------ systemd.spec | 8 +- 4 files changed, 15 insertions(+), 290 deletions(-) delete mode 100644 33738.patch delete mode 100644 34707.patch diff --git a/0001-tmpfiles-make-purge-hard-to-mis-use.patch b/0001-tmpfiles-make-purge-hard-to-mis-use.patch index 033b575..79964e8 100644 --- a/0001-tmpfiles-make-purge-hard-to-mis-use.patch +++ b/0001-tmpfiles-make-purge-hard-to-mis-use.patch @@ -1,4 +1,4 @@ -From 1e788a7fb535a37a8268aa7dc5130f670eb72a6b Mon Sep 17 00:00:00 2001 +From 45cfee930ab4067348cea5244c9c2dc31c64d14d Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 23 Jul 2024 13:14:05 +0200 Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use @@ -10,10 +10,10 @@ Follow-up for https://github.com/systemd/systemd/pull/33383. 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c -index 8cc8c1ccd6..14048545db 100644 +index 5a4f989668..c5b544f1df 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c -@@ -4197,6 +4197,7 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4213,6 +4213,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_IMAGE_POLICY, ARG_REPLACE, ARG_DRY_RUN, @@ -21,7 +21,7 @@ index 8cc8c1ccd6..14048545db 100644 ARG_NO_PAGER, }; -@@ -4220,10 +4221,18 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4236,10 +4237,18 @@ static int parse_argv(int argc, char *argv[]) { { "replace", required_argument, NULL, ARG_REPLACE }, { "dry-run", no_argument, NULL, ARG_DRY_RUN }, { "no-pager", no_argument, NULL, ARG_NO_PAGER }, @@ -40,7 +40,7 @@ index 8cc8c1ccd6..14048545db 100644 assert(argc >= 0); assert(argv); -@@ -4330,6 +4339,10 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4346,6 +4355,10 @@ static int parse_argv(int argc, char *argv[]) { arg_dry_run = true; break; @@ -51,7 +51,7 @@ index 8cc8c1ccd6..14048545db 100644 case ARG_NO_PAGER: arg_pager_flags |= PAGER_DISABLE; break; -@@ -4349,6 +4362,10 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4365,6 +4378,10 @@ static int parse_argv(int argc, char *argv[]) { return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Refusing --purge without specification of a configuration file."); @@ -63,26 +63,27 @@ index 8cc8c1ccd6..14048545db 100644 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Option --replace= is not supported with --cat-config/--tldr."); diff --git a/test/units/TEST-22-TMPFILES.18.sh b/test/units/TEST-22-TMPFILES.18.sh -index 5d24197c81..de23bbb95f 100755 +index c81f6bd0ef..dd536172d4 100755 --- a/test/units/TEST-22-TMPFILES.18.sh +++ b/test/units/TEST-22-TMPFILES.18.sh -@@ -21,7 +21,7 @@ systemd-tmpfiles --purge --dry-run - <<<"$c" - test -f /tmp/somedir/somefile +@@ -24,7 +24,7 @@ test -f /tmp/somedir/somefile grep -q baz /tmp/somedir/somefile + grep -q qux /tmp/someotherfile -systemd-tmpfiles --purge - <<<"$c" +systemd-tmpfiles --purge --destroy-data - <<<"$c" test ! -f /tmp/somedir/somefile test ! -d /tmp/somedir/ - -@@ -29,6 +29,6 @@ systemd-tmpfiles --create --purge --dry-run - <<<"$c" - test ! -f /tmp/somedir/somefile + grep -q qux /tmp/someotherfile +@@ -34,7 +34,7 @@ test ! -f /tmp/somedir/somefile test ! -d /tmp/somedir/ + grep -q qux /tmp/someotherfile -systemd-tmpfiles --create --purge - <<<"$c" +systemd-tmpfiles --create --destroy-data --purge - <<<"$c" test -f /tmp/somedir/somefile grep -q baz /tmp/somedir/somefile + grep -q qux /tmp/someotherfile -- -2.45.2 +2.47.0 diff --git a/33738.patch b/33738.patch deleted file mode 100644 index 58ab604..0000000 --- a/33738.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 69c5d6bea7cc2168a2a483d232aa9a77202173f0 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Tue, 16 Jul 2024 17:46:09 +0200 -Subject: [PATCH] rules: Add uaccess tag to /dev/udmabuf - -In some cases userspace may need to create dmabuffers from userspace -on such example is the software ISP part of libcamera which needs to -allocate dma-buffers for the output of the software ISP. - -At first the plan was to allow console users access to /dev/dma_heap/*, -this was discussed with various kernel folks here: -https://lore.kernel.org/all/bb372250-e8b8-4458-bc99-dd8365b06991@redhat.com/ - -Giving console users access to the dma_heap's was deemed a bad idea -because memory allocated this way is not accounted in cgroup limits. - -Giving access to /dev/udmabuf OTOH was deemed acceptable so that -is what this patch adds. - -Resolves: #32662 ---- - rules.d/70-uaccess.rules.in | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/rules.d/70-uaccess.rules.in b/rules.d/70-uaccess.rules.in -index b82ce04a39d38..e683bb1114461 100644 ---- a/rules.d/70-uaccess.rules.in -+++ b/rules.d/70-uaccess.rules.in -@@ -34,6 +34,8 @@ SUBSYSTEM=="sound", TAG+="uaccess", \ - SUBSYSTEM=="video4linux", TAG+="uaccess" - SUBSYSTEM=="dvb", TAG+="uaccess" - SUBSYSTEM=="media", TAG+="uaccess" -+# libcamera software ISP used with some cams requires udmabuf access -+KERNEL=="udmabuf", TAG+="uaccess" - - # industrial cameras, some webcams, camcorders, set-top boxes, TV sets, audio devices, and more - SUBSYSTEM=="firewire", TEST=="units", ENV{IEEE1394_UNIT_FUNCTION_MIDI}=="1", TAG+="uaccess" diff --git a/34707.patch b/34707.patch deleted file mode 100644 index 5d8e278..0000000 --- a/34707.patch +++ /dev/null @@ -1,233 +0,0 @@ -From da81a108653e2ef19102698dbc0184bd18b084d9 Mon Sep 17 00:00:00 2001 -From: Mike Yuan -Date: Thu, 10 Oct 2024 21:16:05 +0200 -Subject: [PATCH 1/4] core/manager: still send out STATUS=Ready for user - manager - -This effectively reverts 37d15cd132f3a8a0bf42fb252c1604e804171ff2. - -The offending commit wrongly assumed that the second READY=1 -notification is for system scope only, but it also serves the purpose -of flushing out previous STATUS= containing user unit job status. ---- - src/core/manager.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/src/core/manager.c b/src/core/manager.c -index 2789f0e3d0c9c..456ad46135b72 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -3885,7 +3885,7 @@ static void manager_notify_finished(Manager *m) { - log_taint_string(m); - } - --static void manager_send_ready_user_scope(Manager *m) { -+static void manager_send_ready_on_basic_target(Manager *m) { - int r; - - assert(m); -@@ -3904,18 +3904,18 @@ static void manager_send_ready_user_scope(Manager *m) { - m->status_ready = false; - } - --static void manager_send_ready_system_scope(Manager *m) { -+static void manager_send_ready_on_idle(Manager *m) { - int r; - - assert(m); - -- if (!MANAGER_IS_SYSTEM(m)) -- return; -- - /* Skip the notification if nothing changed. */ - if (m->ready_sent && m->status_ready) - return; - -+ /* Note that for user managers, we might have already sent READY=1 in manager_send_ready_user_scope(). -+ * But we still need to flush STATUS=. The second READY=1 will be treated as a noop so it doesn't -+ * hurt to send it twice. */ - r = sd_notify(/* unset_environment= */ false, - "READY=1\n" - "STATUS=Ready."); -@@ -3940,7 +3940,7 @@ static void manager_check_basic_target(Manager *m) { - return; - - /* For user managers, send out READY=1 as soon as we reach basic.target */ -- manager_send_ready_user_scope(m); -+ manager_send_ready_on_basic_target(m); - - /* Log the taint string as soon as we reach basic.target */ - log_taint_string(m); -@@ -3971,7 +3971,7 @@ void manager_check_finished(Manager *m) { - if (hashmap_buckets(m->jobs) > hashmap_size(m->units) / 10) - m->jobs = hashmap_free(m->jobs); - -- manager_send_ready_system_scope(m); -+ manager_send_ready_on_idle(m); - - /* Notify Type=idle units that we are done now */ - manager_close_idle_pipe(m); - -From 155098a702c4f6de6b1dca534661492625773fed Mon Sep 17 00:00:00 2001 -From: Mike Yuan -Date: Thu, 10 Oct 2024 21:06:35 +0200 -Subject: [PATCH 2/4] core/manager-serialize: drop serialization for - Manager.ready_sent - -This field indicates whether READY=1 has been sent to -the service manager/supervisor. Whenever we reload/reexec/soft-reboot, -manager_send_reloading() always resets it to false first, -so that READY=1 is sent after reloading finishes. Hence -we utterly get "false" at all times. Kill it. ---- - src/core/manager-serialize.c | 12 +----------- - 1 file changed, 1 insertion(+), 11 deletions(-) - -diff --git a/src/core/manager-serialize.c b/src/core/manager-serialize.c -index 62dfce93a0a85..3f624619dfd19 100644 ---- a/src/core/manager-serialize.c -+++ b/src/core/manager-serialize.c -@@ -92,7 +92,6 @@ int manager_serialize( - (void) serialize_item_format(f, "current-job-id", "%" PRIu32, m->current_job_id); - (void) serialize_item_format(f, "n-installed-jobs", "%u", m->n_installed_jobs); - (void) serialize_item_format(f, "n-failed-jobs", "%u", m->n_failed_jobs); -- (void) serialize_bool(f, "ready-sent", m->ready_sent); - (void) serialize_bool(f, "taint-logged", m->taint_logged); - (void) serialize_bool(f, "service-watchdogs", m->service_watchdogs); - -@@ -356,15 +355,6 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { - else - m->n_failed_jobs += n; - -- } else if ((val = startswith(l, "ready-sent="))) { -- int b; -- -- b = parse_boolean(val); -- if (b < 0) -- log_notice("Failed to parse ready-sent flag '%s', ignoring.", val); -- else -- m->ready_sent = m->ready_sent || b; -- - } else if ((val = startswith(l, "taint-logged="))) { - int b; - -@@ -558,7 +548,7 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { - - if (q < _MANAGER_TIMESTAMP_MAX) /* found it */ - (void) deserialize_dual_timestamp(val, m->timestamps + q); -- else if (!STARTSWITH_SET(l, "kdbus-fd=", "honor-device-enumeration=")) /* ignore deprecated values */ -+ else if (!STARTSWITH_SET(l, "kdbus-fd=", "honor-device-enumeration=", "ready-sent=")) /* ignore deprecated values */ - log_notice("Unknown serialization item '%s', ignoring.", l); - } - } - -From a375e145190482e8a2f0971bffb332e31211622f Mon Sep 17 00:00:00 2001 -From: Mike Yuan -Date: Thu, 10 Oct 2024 21:32:17 +0200 -Subject: [PATCH 3/4] units/{user,capsule}@.service: issue daemon-reexec when - notify-reloading - -Closes #28367 (but not really in the exact form, see below) - -We have the problem of restarting all user manager instances -after upgrade. Current approaches involve systemctl kill -with SIGRTMIN+25, which is async and feels rather ugly [1][2]; -or systemctl --machine=user@ --user, which requires entering -each user session. Neither is particularly elegant. -Instead, let's just signal daemon-reexec when user@.service -is reloaded from system manager. Our long goal of dropping -daemon-reload in favor of reexec (see TODO) is unlikely to happen -due to user dbus restrictions, but here the synchronization -is done via READY=1. - -[1] https://gitlab.archlinux.org/archlinux/packaging/packages/systemd/-/blob/main/systemd.install?ref_type=heads#L37 -[2] https://salsa.debian.org/systemd-team/systemd/-/blob/debian/master/debian/systemd.postinst#L24 - -#28367 would not really work for us now I come to think about it, -because all processes will be reparented to pid1 as soon as -original user manager process exits. This alternative approach -seems good enough for our use case. ---- - units/capsule@.service.in | 4 ++++ - units/user@.service.in | 4 ++++ - 2 files changed, 8 insertions(+) - -diff --git a/units/capsule@.service.in b/units/capsule@.service.in -index f2bb9e3a45a83..a64298786e490 100644 ---- a/units/capsule@.service.in -+++ b/units/capsule@.service.in -@@ -23,6 +23,10 @@ StateDirectory=capsules/%i - RuntimeDirectory=capsules/%i - LogExtraFields=CAPSULE=%i - Slice=capsule.slice -+# Reexecute the manager on service reload, instead of reloading. -+# This provides a synchronous method for restarting all user manager -+# instances after upgrade. -+ReloadSignal=RTMIN+25 - KillMode=mixed - Delegate=pids memory cpu - DelegateSubgroup=init.scope -diff --git a/units/user@.service.in b/units/user@.service.in -index 5695465747217..381ab2a0db54e 100644 ---- a/units/user@.service.in -+++ b/units/user@.service.in -@@ -20,6 +20,10 @@ PAMName=systemd-user - Type=notify-reload - ExecStart={{LIBEXECDIR}}/systemd --user - Slice=user-%i.slice -+# Reexecute the manager on service reload, instead of reloading. -+# This provides a synchronous method for restarting all user manager -+# instances after upgrade. -+ReloadSignal=RTMIN+25 - KillMode=mixed - Delegate=pids memory cpu - DelegateSubgroup=init.scope - -From 2d0af8bc354f4a1429cebedfb387af72c88720a0 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 10 Oct 2024 22:37:39 +0200 -Subject: [PATCH 4/4] rpm/systemd-update-helper: Use systemctl reload to - reexec/reload user managers - -Let's always use systemctl reload to reexec and reload user managers -now that it always implies a reexec. This moves all the job management -logic to pid 1 instead of bash and reduces the complexity of the logic -as we remove systemd-run, pam and systemd-stdio-bridge from the equation. ---- - src/rpm/systemd-update-helper.in | 20 ++++---------------- - 1 file changed, 4 insertions(+), 16 deletions(-) - -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -index c81e16c3d3ffb..8af914935261a 100755 ---- a/src/rpm/systemd-update-helper.in -+++ b/src/rpm/systemd-update-helper.in -@@ -107,25 +107,13 @@ case "$command" in - - [ -d /run/systemd/system ] || exit 0 - -- users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') -- -- if [[ "$command" =~ reexec ]]; then -- for user in $users; do -- SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ -- systemctl --user -M "$user@" daemon-reexec & -- done -- wait -- fi -- -- if [[ "$command" =~ reload ]]; then -- for user in $users; do -- SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ -- systemctl --user -M "$user@" daemon-reload & -- done -- wait -+ if [[ "$command" =~ reexec|reload ]]; then -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s systemctl reload "user@*.service" - fi - - if [[ "$command" =~ restart ]]; then -+ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') -+ - for user in $users; do - SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ - systemctl --user -M "$user@" reload-or-restart --marked & diff --git a/systemd.spec b/systemd.spec index 6a962cd..6d2f175 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256.7} +Version: %{?version_override}%{!?version_override:257~rc1} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -114,12 +114,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ Patch0010: https://github.com/systemd/systemd/pull/26494.patch %endif -# Requested in https://bugzilla.redhat.com/show_bug.cgi?id=2298422 -Patch0011: https://github.com/systemd/systemd/pull/33738.patch - -# Simplify user manager upgrades -Patch0012: https://github.com/systemd/systemd/pull/34707.patch - # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch From 0c236cedb9e18fbbf8962aa418d3036a94834159 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 7 Nov 2024 17:14:33 +0100 Subject: [PATCH 187/327] Upload sources [skip changelog] --- sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources b/sources index db248bb..9708ba2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256.7.tar.gz) = 2ff3805a7d97780a716b23ddeea3722a85aba6326ecee527e53e9d35510a0ffa5ec0bf0cdbf8f3409bb9c6832406916f63eb7e8305db5f67c284e5590c642422 +SHA512 (systemd-257-rc1.tar.gz) = c0326d27fed08af116a27309872a00aa85bc91445c17c4b15a17c1c27f5b40277074c3424c8654fc555cdfda42872a4720595a46e99ea00b86434a2ad6015c92 From 6162965002f9e6052e0ce8d6810028da4679e55a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 14 Nov 2024 11:21:39 +0100 Subject: [PATCH 188/327] Disable freezing of user sessions ... (rhbz#2321268) --- systemd.spec | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/systemd.spec b/systemd.spec index 6d2f175..3eebc2f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1019,6 +1019,15 @@ mv %{buildroot}/usr/lib/tmpfiles.d/20-systemd-userdb.conf{,.example} install -m 0644 -t %{buildroot}%{_prefix}/lib/pam.d/ %{SOURCE26} +# Disable freezing of user sessions while we're working out the details. +mkdir -p %{buildroot}/usr/lib/systemd/system/service.d/ +cat >>%{buildroot}/usr/lib/systemd/system/service.d/50-keep-warm.conf < Date: Fri, 15 Nov 2024 21:42:10 +0100 Subject: [PATCH 189/327] Version 257~rc2 - Changes in systemd-measure, systemd-networkd, documentation, systemd-sysupdated, systemd-sbsign, systemd-boot, systemd-stub, systemd-nspawn, run0, ukify - Hardware database update --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 9708ba2..c30dd34 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257-rc1.tar.gz) = c0326d27fed08af116a27309872a00aa85bc91445c17c4b15a17c1c27f5b40277074c3424c8654fc555cdfda42872a4720595a46e99ea00b86434a2ad6015c92 +SHA512 (systemd-257-rc2.tar.gz) = 31e4e01a2df738fddbe609ffcff97452ddaa0829521f063b981e628c4616d77ced32bcf29fdfb5cd68562d774627ab25e854156eade249bad31d968be31b2efd diff --git a/systemd.spec b/systemd.spec index 3eebc2f..8f83d67 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:257~rc1} +Version: %{?version_override}%{!?version_override:257~rc2} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From 7bd1d09f7fd16d20a041de0eb9af7cc8dbef6a99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 15 Nov 2024 22:05:21 +0100 Subject: [PATCH 190/327] Change sysusers u! lines to u because we don't have support in rpm --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index 8f83d67..9503f7e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -689,6 +689,10 @@ main systemd package and is meant for use in exitrds. %autosetup -n %{name}-%{version_no_tilde} -p1 %endif +# Disable user lockdown until rpm implements it natively. +# https://github.com/rpm-software-management/rpm/issues/3450 +sed -r -i 's/^u!/u/' sysusers.d/*.conf* + %build %global ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} From 37c10f5b0337af1efeaa33296b31a8c1a6bdc2b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 19 Nov 2024 13:16:16 +0100 Subject: [PATCH 191/327] Pull in qemu from systemd-container Based on https://gitlab.archlinux.org/archlinux/packaging/packages/systemd/-/issues/27. --- systemd.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 9503f7e..0447dd5 100644 --- a/systemd.spec +++ b/systemd.spec @@ -540,7 +540,11 @@ Requires: %{name}%{_isa} = %{version}-%{release} Requires(post): systemd%{_isa} = %{version}-%{release} Requires(preun): systemd%{_isa} = %{version}-%{release} Requires(postun): systemd%{_isa} = %{version}-%{release} -# obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) +# For systemd-vmspawn which uses qemu: +Recommends: qemu-kvm +Recommends: qemu-device-display-virtio-gpu +Recommends: qemu-device-display-virtio-vga +# Obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) Obsoletes: %{name} < 229-5 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) Suggests: libcurl-minimal From 243a05542994b2b39d8d2fd521be748ece734eab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 26 Nov 2024 10:04:35 +0100 Subject: [PATCH 192/327] Make systemd-network-generator co-owned by -udev and -networkd ... (rhbz#2328723) The files systemd-networkd-generator generates are read by udev (.link files) and by networkd (.netdev, .netdev files). We can't move it to systemd-networkd subpackage only, because that would potentially break the corner case of people having systemd-udev installed and using the generator, but not systemd-networkd. And there is no dependency from systemd-networkd to systemd-udev. I think this is correct, because networkd can be used in containers without udev. But the generator is not useful without either of those two daemons, so let's move it to make the core package a bit lighter. --- split-files.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/split-files.py b/split-files.py index 51400fd..b08c2bd 100644 --- a/split-files.py +++ b/split-files.py @@ -154,6 +154,9 @@ for file in files(buildroot): and os.path.exists(f'./{n}.example')): o = outputs['networkd-defaults'] + # Files that are "consumed" by systemd-networkd go into the -networkd + # subpackage. As a special case, network-generator is co-owned also by + # the -udev subpackage because systemd-udevd reads .link files. elif re.search(r'''/usr/lib/systemd/network/.*\.network| networkd| networkctl| @@ -164,6 +167,8 @@ for file in files(buildroot): systemd\.netdev ''', n, re.X): o = outputs['networkd'] + elif 'network-generator' in n: + o = (outputs['networkd'], outputs['udev']) elif '.so.' in n: o = outputs['libs'] @@ -255,7 +260,10 @@ for file in files(buildroot): suffix = '*' if '/man/' in n else '' - print(f'{prefix}{n}{suffix}', file=o) + if not isinstance(o, tuple): + o = (o,) + for file in o: + print(f'{prefix}{n}{suffix}', file=file) if [print(f'ERROR: no file names were written to {o.name}') for name, o in outputs.items() From 04f0a692da310691844c8313b2649b99dfab61e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 28 Nov 2024 00:17:19 +0100 Subject: [PATCH 193/327] Version 257~rc3 - A bunch of small fixes here and there: virtualization detection, udev, systemd-networked, pid1. - Includes a hardware database update. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index c30dd34..a2bd4e2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257-rc2.tar.gz) = 31e4e01a2df738fddbe609ffcff97452ddaa0829521f063b981e628c4616d77ced32bcf29fdfb5cd68562d774627ab25e854156eade249bad31d968be31b2efd +SHA512 (systemd-257-rc3.tar.gz) = 28235d685187a2dc1534d0cea6b4ccba7965316aa8023a656301dd1c555366b65ce227f7a2d05cf8a6c03e3a5ef65280f6b32d99b67eb3111781583b00ba31c8 diff --git a/systemd.spec b/systemd.spec index 0447dd5..891d905 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:257~rc2} +Version: %{?version_override}%{!?version_override:257~rc3} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From 53cfdea02aa6fdf50730ef2cfab215aa4c74db9d Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 30 Nov 2024 00:00:19 +0900 Subject: [PATCH 194/327] Update tmpfiles --destroy-data patch This adds one more --destroy-data switch to make the test pass. --- 0001-tmpfiles-make-purge-hard-to-mis-use.patch | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/0001-tmpfiles-make-purge-hard-to-mis-use.patch b/0001-tmpfiles-make-purge-hard-to-mis-use.patch index 79964e8..e34df8c 100644 --- a/0001-tmpfiles-make-purge-hard-to-mis-use.patch +++ b/0001-tmpfiles-make-purge-hard-to-mis-use.patch @@ -1,4 +1,4 @@ -From 45cfee930ab4067348cea5244c9c2dc31c64d14d Mon Sep 17 00:00:00 2001 +From 248b69d63068cabd7463c325d2ecc3db3239272e Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 23 Jul 2024 13:14:05 +0200 Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use @@ -6,11 +6,11 @@ Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use Follow-up for https://github.com/systemd/systemd/pull/33383. --- src/tmpfiles/tmpfiles.c | 17 +++++++++++++++++ - test/units/TEST-22-TMPFILES.18.sh | 4 ++-- - 2 files changed, 19 insertions(+), 2 deletions(-) + test/units/TEST-22-TMPFILES.18.sh | 6 +++--- + 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c -index 5a4f989668..c5b544f1df 100644 +index 86bf16356d..539c18f5e0 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -4213,6 +4213,7 @@ static int parse_argv(int argc, char *argv[]) { @@ -63,7 +63,7 @@ index 5a4f989668..c5b544f1df 100644 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Option --replace= is not supported with --cat-config/--tldr."); diff --git a/test/units/TEST-22-TMPFILES.18.sh b/test/units/TEST-22-TMPFILES.18.sh -index c81f6bd0ef..dd536172d4 100755 +index c81f6bd0ef..1eb264a279 100755 --- a/test/units/TEST-22-TMPFILES.18.sh +++ b/test/units/TEST-22-TMPFILES.18.sh @@ -24,7 +24,7 @@ test -f /tmp/somedir/somefile @@ -75,7 +75,7 @@ index c81f6bd0ef..dd536172d4 100755 test ! -f /tmp/somedir/somefile test ! -d /tmp/somedir/ grep -q qux /tmp/someotherfile -@@ -34,7 +34,7 @@ test ! -f /tmp/somedir/somefile +@@ -34,12 +34,12 @@ test ! -f /tmp/somedir/somefile test ! -d /tmp/somedir/ grep -q qux /tmp/someotherfile @@ -84,6 +84,12 @@ index c81f6bd0ef..dd536172d4 100755 test -f /tmp/somedir/somefile grep -q baz /tmp/somedir/somefile grep -q qux /tmp/someotherfile + +-systemd-tmpfiles --purge - <<<"$c" ++systemd-tmpfiles --purge --destroy-data - <<<"$c" + test ! -f /tmp/somedir/somefile + test ! -d /tmp/somedir/ + grep -q qux /tmp/someotherfile -- 2.47.0 From 8dc31eaf041f4ec6e0aa75a3c45d993f49f6c9c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 3 Dec 2024 14:11:24 +0100 Subject: [PATCH 195/327] Recommend qemu-kvm-core instead of qemu-kvm ... (rhbz#2329979) --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 891d905..97b40e3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -541,7 +541,7 @@ Requires(post): systemd%{_isa} = %{version}-%{release} Requires(preun): systemd%{_isa} = %{version}-%{release} Requires(postun): systemd%{_isa} = %{version}-%{release} # For systemd-vmspawn which uses qemu: -Recommends: qemu-kvm +Recommends: qemu-kvm-core Recommends: qemu-device-display-virtio-gpu Recommends: qemu-device-display-virtio-vga # Obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) From 433efb38f49a016733c805b2dba914c39ed99ec8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 4 Dec 2024 11:38:32 +0100 Subject: [PATCH 196/327] Only apply the new Recommends in fedora Our mkosi.conf.d/10-centos-fedora/mkosi.prepare script tries to install the soft dependencies too. The build fails in centos 9 and 10: Error: Unable to find a match: qemu-device-display-virtio-gpu qemu-device-display-virtio-vga [skip changelog] --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 97b40e3..716b31a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -542,8 +542,10 @@ Requires(preun): systemd%{_isa} = %{version}-%{release} Requires(postun): systemd%{_isa} = %{version}-%{release} # For systemd-vmspawn which uses qemu: Recommends: qemu-kvm-core +%if 0%{?fedora} Recommends: qemu-device-display-virtio-gpu Recommends: qemu-device-display-virtio-vga +%endif # Obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) Obsoletes: %{name} < 229-5 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) From 31aaef8e173b34a128bac1a44b5119b782435db3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 5 Dec 2024 12:50:39 +0100 Subject: [PATCH 197/327] Enable slow tests during build The build is slow anyway, so the difference shouldn't matter. But more tests is better. The build logs show that slow tests were disabled. Inspired by https://github.com/systemd/systemd/issues/34471. --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index 716b31a..45da1f7 100644 --- a/systemd.spec +++ b/systemd.spec @@ -727,6 +727,7 @@ VMLINUX_H_PATH=$(%python3 -c '%find_vmlinux_h') CONFIGURE_OPTS=( -Dmode=%[%{with upstream}?"developer":"release"] + -Dslow-tests=true -Dsysvinit-path=/etc/rc.d/init.d -Drc-local=/etc/rc.d/rc.local -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' From c2f5f4a68a3fbc54885c22d42287ed588345b4b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 10 Dec 2024 21:23:13 +0100 Subject: [PATCH 198/327] Version 257 - A bunch of small fixes in various components: systemd itself, systemd-cryptenroll, sd-varlink, sd-boot, documentation, tests - Includes an update of the hardware database --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index a2bd4e2..30a8993 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257-rc3.tar.gz) = 28235d685187a2dc1534d0cea6b4ccba7965316aa8023a656301dd1c555366b65ce227f7a2d05cf8a6c03e3a5ef65280f6b32d99b67eb3111781583b00ba31c8 +SHA512 (systemd-257.tar.gz) = 5f95367e004e44c6a7448d2c0a04d0c4ad90f0e5052b84b362a8886e3d761ef1d5bf9db98408598a75303d18d041beaa0a9bc312c7451ab957b8d1ae7b88678c diff --git a/systemd.spec b/systemd.spec index 45da1f7..1b0ef00 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:257~rc3} +Version: %{?version_override}%{!?version_override:257} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From bd8339bf00caf230a0a620369fe844dc83af7a13 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 16 Dec 2024 03:33:22 +0900 Subject: [PATCH 199/327] sysusers: support new ! line flag for creating fully locked accounts For https://github.com/systemd/systemd/pull/34876. Follow-ups for e42eed4afd6267cd954d393d8eec79e0e7573de0. --- sysusers.generate-pre.sh | 2 +- sysusers.prov | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh index 4a87d53..944abff 100755 --- a/sysusers.generate-pre.sh +++ b/sysusers.generate-pre.sh @@ -69,7 +69,7 @@ parse() { [ -z "$line" ] && continue eval "arr=( $line )" case "${arr[0]}" in - ('u') + ('u'|'u!') if [[ "${arr[2]}" == *":"* ]]; then user "${arr[1]}" "${arr[2]%:*}" "${arr[3]}" "${arr[2]#*:}" "${arr[4]}" "${arr[5]}" else diff --git a/sysusers.prov b/sysusers.prov index f12e929..7b3d704 100755 --- a/sysusers.prov +++ b/sysusers.prov @@ -42,7 +42,7 @@ parse() { [ -z "$line" ] && continue set -- $line case "$1" in - ('u') + ('u'|'u!') process_u "$2" "$3" ;; ('g') From 35e6814ef43aa546222e8fbea18f46e27199498c Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 16 Dec 2024 04:16:57 +0900 Subject: [PATCH 200/327] Add patch for test-time-util --- ...e-util-fix-truncation-of-usec-to-sec.patch | 58 +++++++++++++++++++ systemd.spec | 3 + 2 files changed, 61 insertions(+) create mode 100644 0002-test-time-util-fix-truncation-of-usec-to-sec.patch diff --git a/0002-test-time-util-fix-truncation-of-usec-to-sec.patch b/0002-test-time-util-fix-truncation-of-usec-to-sec.patch new file mode 100644 index 0000000..7b91ac5 --- /dev/null +++ b/0002-test-time-util-fix-truncation-of-usec-to-sec.patch @@ -0,0 +1,58 @@ +From 3f1d499964abb6a4c0141d7ea8f852829880adff Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sat, 14 Dec 2024 16:49:54 +0900 +Subject: [PATCH] test-time-util: fix truncation of usec to sec + +Also +- use ASSERT_XYZ() macros, +- log tzname[] on failure. +--- + src/test/test-time-util.c | 18 +++++++++++------- + 1 file changed, 11 insertions(+), 7 deletions(-) + +diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c +index d761261e24..d717ca94d2 100644 +--- a/src/test/test-time-util.c ++++ b/src/test/test-time-util.c +@@ -393,27 +393,31 @@ TEST(format_timestamp) { + static void test_format_timestamp_impl(usec_t x) { + bool success, override; + const char *xx, *yy; +- usec_t y; ++ usec_t y, x_sec, y_sec; + + xx = FORMAT_TIMESTAMP(x); +- assert_se(xx); +- assert_se(parse_timestamp(xx, &y) >= 0); ++ ASSERT_NOT_NULL(xx); ++ ASSERT_OK(parse_timestamp(xx, &y)); + yy = FORMAT_TIMESTAMP(y); +- assert_se(yy); ++ ASSERT_NOT_NULL(yy); + +- success = (x / USEC_PER_SEC == y / USEC_PER_SEC) && streq(xx, yy); ++ x_sec = x / USEC_PER_SEC; ++ y_sec = y / USEC_PER_SEC; ++ success = (x_sec == y_sec) && streq(xx, yy); + /* Workaround for https://github.com/systemd/systemd/issues/28472 + * and https://github.com/systemd/systemd/pull/35471. */ + override = !success && + (STRPTR_IN_SET(tzname[0], "CAT", "EAT", "WET") || + STRPTR_IN_SET(tzname[1], "CAT", "EAT", "WET")) && +- DIV_ROUND_UP(x > y ? x - y : y - x, USEC_PER_SEC) == 3600; /* 1 hour, ignore fractional second */ ++ (x_sec > y_sec ? x_sec - y_sec : y_sec - x_sec) == 3600; /* 1 hour, ignore fractional second */ + log_full(success ? LOG_DEBUG : override ? LOG_WARNING : LOG_ERR, + "@" USEC_FMT " → %s → @" USEC_FMT " → %s%s", + x, xx, y, yy, + override ? ", ignoring." : ""); + if (!override) { +- assert_se(x / USEC_PER_SEC == y / USEC_PER_SEC); ++ if (!success) ++ log_warning("tzname[0]=\"%s\", tzname[1]=\"%s\"", tzname[0], tzname[1]); ++ ASSERT_EQ(x_sec, y_sec); + ASSERT_STREQ(xx, yy); + } + } +-- +2.47.1 + diff --git a/systemd.spec b/systemd.spec index 1b0ef00..1313d23 100644 --- a/systemd.spec +++ b/systemd.spec @@ -121,6 +121,9 @@ Patch0491: https://github.com/systemd/systemd/pull/30846.patch # Soft-disable tmpfiles --purge until a good use case comes up. Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch +# https://github.com/systemd/systemd/pull/35615 +Patch0493: 0002-test-time-util-fix-truncation-of-usec-to-sec.patch + %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 %endif From 62abb21906759fba1b2120456843329fd9c7423e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 20 Dec 2024 09:05:23 +0100 Subject: [PATCH 201/327] Version 257.1 - A bunch of post-release fixes, incl. for systemd-resolved, tpm2 support, systemd-networkd, systemd-logind, journalct. - Should fix rhbz#2325780. --- ...e-util-fix-truncation-of-usec-to-sec.patch | 58 ------------------- sources | 2 +- systemd.spec | 5 +- 3 files changed, 2 insertions(+), 63 deletions(-) delete mode 100644 0002-test-time-util-fix-truncation-of-usec-to-sec.patch diff --git a/0002-test-time-util-fix-truncation-of-usec-to-sec.patch b/0002-test-time-util-fix-truncation-of-usec-to-sec.patch deleted file mode 100644 index 7b91ac5..0000000 --- a/0002-test-time-util-fix-truncation-of-usec-to-sec.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 3f1d499964abb6a4c0141d7ea8f852829880adff Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 14 Dec 2024 16:49:54 +0900 -Subject: [PATCH] test-time-util: fix truncation of usec to sec - -Also -- use ASSERT_XYZ() macros, -- log tzname[] on failure. ---- - src/test/test-time-util.c | 18 +++++++++++------- - 1 file changed, 11 insertions(+), 7 deletions(-) - -diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c -index d761261e24..d717ca94d2 100644 ---- a/src/test/test-time-util.c -+++ b/src/test/test-time-util.c -@@ -393,27 +393,31 @@ TEST(format_timestamp) { - static void test_format_timestamp_impl(usec_t x) { - bool success, override; - const char *xx, *yy; -- usec_t y; -+ usec_t y, x_sec, y_sec; - - xx = FORMAT_TIMESTAMP(x); -- assert_se(xx); -- assert_se(parse_timestamp(xx, &y) >= 0); -+ ASSERT_NOT_NULL(xx); -+ ASSERT_OK(parse_timestamp(xx, &y)); - yy = FORMAT_TIMESTAMP(y); -- assert_se(yy); -+ ASSERT_NOT_NULL(yy); - -- success = (x / USEC_PER_SEC == y / USEC_PER_SEC) && streq(xx, yy); -+ x_sec = x / USEC_PER_SEC; -+ y_sec = y / USEC_PER_SEC; -+ success = (x_sec == y_sec) && streq(xx, yy); - /* Workaround for https://github.com/systemd/systemd/issues/28472 - * and https://github.com/systemd/systemd/pull/35471. */ - override = !success && - (STRPTR_IN_SET(tzname[0], "CAT", "EAT", "WET") || - STRPTR_IN_SET(tzname[1], "CAT", "EAT", "WET")) && -- DIV_ROUND_UP(x > y ? x - y : y - x, USEC_PER_SEC) == 3600; /* 1 hour, ignore fractional second */ -+ (x_sec > y_sec ? x_sec - y_sec : y_sec - x_sec) == 3600; /* 1 hour, ignore fractional second */ - log_full(success ? LOG_DEBUG : override ? LOG_WARNING : LOG_ERR, - "@" USEC_FMT " → %s → @" USEC_FMT " → %s%s", - x, xx, y, yy, - override ? ", ignoring." : ""); - if (!override) { -- assert_se(x / USEC_PER_SEC == y / USEC_PER_SEC); -+ if (!success) -+ log_warning("tzname[0]=\"%s\", tzname[1]=\"%s\"", tzname[0], tzname[1]); -+ ASSERT_EQ(x_sec, y_sec); - ASSERT_STREQ(xx, yy); - } - } --- -2.47.1 - diff --git a/sources b/sources index 30a8993..165fa9d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.tar.gz) = 5f95367e004e44c6a7448d2c0a04d0c4ad90f0e5052b84b362a8886e3d761ef1d5bf9db98408598a75303d18d041beaa0a9bc312c7451ab957b8d1ae7b88678c +SHA512 (systemd-257.1.tar.gz) = dded7555077f85d0f8106b72cc46604fbe4249452be6b2d55800770b6deb2a3a122697c5a5f23b22dab416e8c050e53fc30d59dfd3bfd7c9fbbdab3162e8ebe5 diff --git a/systemd.spec b/systemd.spec index 1313d23..b9563f2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:257} +Version: %{?version_override}%{!?version_override:257.1} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -121,9 +121,6 @@ Patch0491: https://github.com/systemd/systemd/pull/30846.patch # Soft-disable tmpfiles --purge until a good use case comes up. Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch -# https://github.com/systemd/systemd/pull/35615 -Patch0493: 0002-test-time-util-fix-truncation-of-usec-to-sec.patch - %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 %endif From fc47a92e4a3828d6b3fc7901b481135a87132cd7 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 13 Dec 2024 16:04:18 +0100 Subject: [PATCH 202/327] Re-enable upstream behaviour of systemd-tmpfiles --purge From the 257 release notes: * The --purge switch of systemd-tmpfiles (which was added in v256) has been reworked: it will now only apply to tmpfiles.d/ lines marked with the new "$" flag. This is an incompatible change, and means any tmpfiles.d/ files which shall be used together with --purge need to be updated accordingly. This change has been made to make it harder to accidentally delete too many files when using --purge incorrectly. The feature is now sufficiently hard to misuse that we can drop the patch. --- ...-tmpfiles-make-purge-hard-to-mis-use.patch | 95 ------------------- systemd.spec | 3 - 2 files changed, 98 deletions(-) delete mode 100644 0001-tmpfiles-make-purge-hard-to-mis-use.patch diff --git a/0001-tmpfiles-make-purge-hard-to-mis-use.patch b/0001-tmpfiles-make-purge-hard-to-mis-use.patch deleted file mode 100644 index e34df8c..0000000 --- a/0001-tmpfiles-make-purge-hard-to-mis-use.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 248b69d63068cabd7463c325d2ecc3db3239272e Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Tue, 23 Jul 2024 13:14:05 +0200 -Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use - -Follow-up for https://github.com/systemd/systemd/pull/33383. ---- - src/tmpfiles/tmpfiles.c | 17 +++++++++++++++++ - test/units/TEST-22-TMPFILES.18.sh | 6 +++--- - 2 files changed, 20 insertions(+), 3 deletions(-) - -diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c -index 86bf16356d..539c18f5e0 100644 ---- a/src/tmpfiles/tmpfiles.c -+++ b/src/tmpfiles/tmpfiles.c -@@ -4213,6 +4213,7 @@ static int parse_argv(int argc, char *argv[]) { - ARG_IMAGE_POLICY, - ARG_REPLACE, - ARG_DRY_RUN, -+ ARG_DESTROY_DATA, - ARG_NO_PAGER, - }; - -@@ -4236,10 +4237,18 @@ static int parse_argv(int argc, char *argv[]) { - { "replace", required_argument, NULL, ARG_REPLACE }, - { "dry-run", no_argument, NULL, ARG_DRY_RUN }, - { "no-pager", no_argument, NULL, ARG_NO_PAGER }, -+ -+ /* This is not documented on purpose. -+ * If you think --purge should be allowed without jumping through hoops, -+ * consider opening a bug report with the description of the use case. -+ */ -+ { "destroy-data", no_argument, NULL, ARG_DESTROY_DATA }, -+ - {} - }; - - int c, r; -+ bool destroy_data = false; - - assert(argc >= 0); - assert(argv); -@@ -4346,6 +4355,10 @@ static int parse_argv(int argc, char *argv[]) { - arg_dry_run = true; - break; - -+ case ARG_DESTROY_DATA: -+ destroy_data = true; -+ break; -+ - case ARG_NO_PAGER: - arg_pager_flags |= PAGER_DISABLE; - break; -@@ -4365,6 +4378,10 @@ static int parse_argv(int argc, char *argv[]) { - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Refusing --purge without specification of a configuration file."); - -+ if (FLAGS_SET(arg_operation, OPERATION_PURGE) && !arg_dry_run && !destroy_data) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), -+ "Refusing --purge without --destroy-data."); -+ - if (arg_replace && arg_cat_flags != CAT_CONFIG_OFF) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Option --replace= is not supported with --cat-config/--tldr."); -diff --git a/test/units/TEST-22-TMPFILES.18.sh b/test/units/TEST-22-TMPFILES.18.sh -index c81f6bd0ef..1eb264a279 100755 ---- a/test/units/TEST-22-TMPFILES.18.sh -+++ b/test/units/TEST-22-TMPFILES.18.sh -@@ -24,7 +24,7 @@ test -f /tmp/somedir/somefile - grep -q baz /tmp/somedir/somefile - grep -q qux /tmp/someotherfile - --systemd-tmpfiles --purge - <<<"$c" -+systemd-tmpfiles --purge --destroy-data - <<<"$c" - test ! -f /tmp/somedir/somefile - test ! -d /tmp/somedir/ - grep -q qux /tmp/someotherfile -@@ -34,12 +34,12 @@ test ! -f /tmp/somedir/somefile - test ! -d /tmp/somedir/ - grep -q qux /tmp/someotherfile - --systemd-tmpfiles --create --purge - <<<"$c" -+systemd-tmpfiles --create --destroy-data --purge - <<<"$c" - test -f /tmp/somedir/somefile - grep -q baz /tmp/somedir/somefile - grep -q qux /tmp/someotherfile - --systemd-tmpfiles --purge - <<<"$c" -+systemd-tmpfiles --purge --destroy-data - <<<"$c" - test ! -f /tmp/somedir/somefile - test ! -d /tmp/somedir/ - grep -q qux /tmp/someotherfile --- -2.47.0 - diff --git a/systemd.spec b/systemd.spec index b9563f2..b5ba89e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -118,9 +118,6 @@ Patch0010: https://github.com/systemd/systemd/pull/26494.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch -# Soft-disable tmpfiles --purge until a good use case comes up. -Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch - %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 %endif From e157552c6c76837026108842300c6e95963d453d Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 6 Jan 2025 14:35:05 +0100 Subject: [PATCH 203/327] Always build in release mode Building with %upstream doesn't necessarily imply we want a developer build, so let's always build in release mode. If needed %meson_extra_configure_options can be used to override this and build in developer mode after all. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index b5ba89e..ff1d95a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -723,7 +723,7 @@ VMLINUX_H_PATH=$(%python3 -c '%find_vmlinux_h') %endif CONFIGURE_OPTS=( - -Dmode=%[%{with upstream}?"developer":"release"] + -Dmode=release -Dslow-tests=true -Dsysvinit-path=/etc/rc.d/init.d -Drc-local=/etc/rc.d/rc.local From 133ae30e33b0eb25da572a93e19f19726210d3bb Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 6 Jan 2025 14:37:23 +0100 Subject: [PATCH 204/327] Drop patches based on %upstream macro instead of patch number Let's use the %upstream macro to gate patches which are backports of upstream instead of relying on patch numbers. We'll build with %upstream defined in packit so that patches which should not be applied on upstream builds are skipped. --- systemd.spec | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/systemd.spec b/systemd.spec index ff1d95a..3faeeb1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -101,12 +101,6 @@ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done| GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py >hwdb.patch %endif -# Backports of patches from upstream (0000–0499) -# -# Any patches which are "in preparation" upstream should be listed here, rather -# than in the next section. Packit CI will drop any patches in this range before -# applying upstream pull requests. - %if 0%{?fedora} < 40 && 0%{?rhel} < 10 # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 @@ -114,9 +108,13 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ Patch0010: https://github.com/systemd/systemd/pull/26494.patch %endif +%if %{without upstream} + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 -Patch0491: https://github.com/systemd/systemd/pull/30846.patch +Patch0011: https://github.com/systemd/systemd/pull/30846.patch + +%endif %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 From fd860fd12d2662797540fd428f1d601a108e1cdc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Thu, 2 Jan 2025 13:55:00 +0100 Subject: [PATCH 205/327] Drop a build dependency on a linter package: pytest-flakes See https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#_linters Also, the package is orphaned. --- systemd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 3faeeb1..456ebb0 100644 --- a/systemd.spec +++ b/systemd.spec @@ -197,7 +197,6 @@ BuildRequires: python3dist(lxml) BuildRequires: python3dist(pefile) %if 0%{?fedora} BuildRequires: python3dist(pillow) -BuildRequires: python3dist(pytest-flakes) %endif BuildRequires: python3dist(pytest) %if 0%{?want_bootloader} From 3386f5d70426c129dd01b39f7b95fc2dc4e150d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 7 Jan 2025 18:03:50 +0100 Subject: [PATCH 206/327] Rename source .abignore file OBS does not support files with names starting with a dot. https://fedoraproject.org/wiki/How_to_filter_libabigail_reports does not make it really clear if the file can renamed. (The first part of the paragraph implies a positive answer, the second is unclear.) Let's see how this goes. --- .abignore => libabigail.abignore | 0 systemd.spec | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) rename .abignore => libabigail.abignore (100%) diff --git a/.abignore b/libabigail.abignore similarity index 100% rename from .abignore rename to libabigail.abignore diff --git a/systemd.spec b/systemd.spec index 456ebb0..60c3242 100644 --- a/systemd.spec +++ b/systemd.spec @@ -78,7 +78,7 @@ Source9: systemd-journal-gatewayd.xml Source10: 20-yama-ptrace.conf Source11: systemd-udev-trigger-no-reload.conf # https://fedoraproject.org/wiki/How_to_filter_libabigail_reports -Source13: .abignore +Source13: libabigail.abignore Source14: 10-oomd-defaults.conf Source15: 10-oomd-per-slice-defaults.conf @@ -963,7 +963,7 @@ install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE10} # https://bugzilla.redhat.com/show_bug.cgi?id=1378974 install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE11} -install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/ %{SOURCE13} +install -Dm0644 %{SOURCE13} %{buildroot}%{_prefix}/lib/systemd/.abignore # systemd-oomd default configuration install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14} From c7379c94601ff1eae2ef471ec0f72dc7b039a02f Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 8 Jan 2025 04:29:25 +0900 Subject: [PATCH 207/327] Replace 'udevadm hwdb' with systemd-hwdb systemd-hwdb was added in v219 (released in 2015) and 'udevadm hwdb' was deprecated in v253. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 60c3242..f214d21 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1126,7 +1126,7 @@ if [ -f %{_localstatedir}/lib/systemd/clock ]; then mv %{_localstatedir}/lib/systemd/clock %{_localstatedir}/lib/systemd/timesync/. fi -udevadm hwdb --update &>/dev/null +systemd-hwdb update &>/dev/null %systemd_post %udev_services From e570cd53dfd776c33de51538cd8783e42f752369 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 7 Jan 2025 19:51:44 +0000 Subject: [PATCH 208/327] spec: drop trailing whitespace [skip changelog] --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index f214d21..b526871 100644 --- a/systemd.spec +++ b/systemd.spec @@ -45,7 +45,7 @@ Name: systemd Url: https://systemd.io -# Allow users to specify the version and release when building the rpm by +# Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. Version: %{?version_override}%{!?version_override:257.1} Release: %autorelease From 4df2711a9f69c979dd8731d8bcd05872afae4a20 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 7 Jan 2025 19:50:18 +0000 Subject: [PATCH 209/327] Add bcond for OBS-specific quirks The version substitution system is not able to fully subst the current Version field due to the inline use of macros, so you end up with like: 257-123-gabcd257.1 instead of: 257-123-gabcd I.e., the hard-coded 257.1 gets appended to the OBS-specified version. If it was simply hardcoded as 257.1 it would work, but the inline macros throw it off. [skip changelog] --- systemd.spec | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/systemd.spec b/systemd.spec index b526871..0b19b99 100644 --- a/systemd.spec +++ b/systemd.spec @@ -32,6 +32,9 @@ # Build from git main %bcond upstream 0 +# Build with OBS-specific quirks +%bcond obs 0 + # When bootstrap, libcryptsetup is disabled # but auto-features causes many options to be turned on # that depend on libcryptsetup (e.g. libcryptsetup-plugins, homed) @@ -47,7 +50,13 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. +# But don't do that on OBS, otherwise the version subst fails, and will be +# like 257-123-gabcd257.1 instead of 257-123-gabcd +%if %{without obs} Version: %{?version_override}%{!?version_override:257.1} +%else +Version: %{?version_override}%{!?version_override:%(cat meson.version)} +%endif Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From 3a9c32b8a982bb6a767e39041fc93960f64c5ffc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 8 Jan 2025 12:43:11 +0100 Subject: [PATCH 210/327] Version 257.2 - Fixes for assertion crashes and memory access issues in pid1 and systemd-machined, and other fixes for systemd-repart, systemd-resolved, systemd-stdio-bridge, systemctl, journalctl, sd-device, hibernation, and the hardware database. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 165fa9d..b8843e6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.1.tar.gz) = dded7555077f85d0f8106b72cc46604fbe4249452be6b2d55800770b6deb2a3a122697c5a5f23b22dab416e8c050e53fc30d59dfd3bfd7c9fbbdab3162e8ebe5 +SHA512 (systemd-257.2.tar.gz) = 4f47fcd9a4148101ee7b85cf5908a04ec9e025dc7a5a2e8e61c05439cfd427851b6d356bb96a0dfae55566bbf6d3c93a13251d220840c09296e94f80bd4a5945 diff --git a/systemd.spec b/systemd.spec index 0b19b99..e13a5b3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -53,7 +53,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:257.1} +Version: %{?version_override}%{!?version_override:257.2} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From 1814bfe7949a56db5918c6785d2c46a8eda1e026 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 8 Jan 2025 15:50:45 +0100 Subject: [PATCH 211/327] remove STI test The test fails because of the same reason as the installability test, it tries to install every subpackage which fails because the standalone subpackages conflict with all the other packages. Given there's no owner for the test, nobody looks at or seems interested in the results, STI itself will likely be deprecated soon (https://fedoraproject.org/wiki/Changes/DeprecateSTI) and systemd's upstream integration tests will soon support checking for AVC denials (https://github.com/systemd/systemd/pull/35921), let's remove the STI test. --- tests/tests-reboot.yml | 50 ------------------------------------------ 1 file changed, 50 deletions(-) delete mode 100644 tests/tests-reboot.yml diff --git a/tests/tests-reboot.yml b/tests/tests-reboot.yml deleted file mode 100644 index 94ea8a5..0000000 --- a/tests/tests-reboot.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -- hosts: localhost - vars: - - artifacts: "{{ lookup('env', 'TEST_ARTIFACTS')|default('./artifacts', true) }}" - tags: - - classic - tasks: - # switch SELinux to permissive mode - - name: Get default kernel - command: "grubby --default-kernel" - register: default_kernel - - debug: msg="{{ default_kernel.stdout }}" - - name: Set permissive mode - command: "grubby --args=enforcing=0 --update-kernel {{ default_kernel.stdout }}" - - - name: reboot - block: - - name: restart host - shell: sleep 2 && shutdown -r now "Ansible updates triggered" - async: 1 - poll: 0 - ignore_errors: true - - - name: wait for host to come back - wait_for_connection: - delay: 10 - timeout: 300 - - - name: Re-create /tmp/artifacts - command: mkdir /tmp/artifacts - - - name: Gather SELinux denials since boot - shell: | - result=pass - dmesg | grep -i -e type=1300 -e type=1400 > /tmp/avc.log && result=fail - ausearch -m avc -m selinux_err -m user_avc -ts boot &>> /tmp/avc.log - grep -q '' /tmp/avc.log || result=fail - echo -e "\nresults:\n- test: reboot and collect AVC\n result: $result\n logs:\n - avc.log\n\n" > /tmp/results.yml - ( [ $result = "pass" ] && echo PASS test-reboot || echo FAIL test-reboot ) > /tmp/test.log - - always: - - name: Pull out the artifacts - fetch: - dest: "{{ artifacts }}/" - src: "{{ item }}" - flat: yes - with_items: - - /tmp/test.log - - /tmp/avc.log - - /tmp/results.yml From 30f50b18709d84b6f7830febf2c13b1465a75340 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 10 Jan 2025 17:02:55 +0100 Subject: [PATCH 212/327] Drop patch numbers In the past, we used patch numbers to skip some patches in upstream CI builds. The upstream bcond is now used for this instead, so we can drop the numbering to make it easier to add an remove patches. [skip changelog] --- systemd.spec | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/systemd.spec b/systemd.spec index e13a5b3..eeb632c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -104,25 +104,17 @@ Source25: 98-default-mac-none.link Source26: systemd-user -%if 0 -GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable -i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip -GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py >hwdb.patch -%endif - %if 0%{?fedora} < 40 && 0%{?rhel} < 10 # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 # Drop when dracut-060 is available. -Patch0010: https://github.com/systemd/systemd/pull/26494.patch +Patch: https://github.com/systemd/systemd/pull/26494.patch %endif %if %{without upstream} - # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 -Patch0011: https://github.com/systemd/systemd/pull/30846.patch - +Patch: https://github.com/systemd/systemd/pull/30846.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From b1bd57ecce6d56e22e74eded8377faa5326ddccb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 10 Jan 2025 17:05:52 +0100 Subject: [PATCH 213/327] Revert use of PrivateTmp=disconnected ... (rhbz#2334015, https://github.com/coreos/fedora-coreos-tracker/issues/1857) --- ...-PrivateTmp-disconnected-instead-of-.patch | 69 +++++++++++++++++++ systemd.spec | 6 ++ 2 files changed, 75 insertions(+) create mode 100644 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch diff --git a/0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch b/0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch new file mode 100644 index 0000000..eca67f0 --- /dev/null +++ b/0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch @@ -0,0 +1,69 @@ +From 0792bb7a9d25a1ab8a5f208f2f5cea8a362dc1c6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 10 Jan 2025 17:00:08 +0100 +Subject: [PATCH] Revert "units: use PrivateTmp=disconnected instead of 'yes' + if DefaultDependencies=no" + +This reverts commit 1f6e1928488d461d19fd1e4b4d645b0ea5ea8bf5. +--- + units/systemd-coredump@.service.in | 2 +- + units/systemd-oomd.service.in | 2 +- + units/systemd-resolved.service.in | 2 +- + units/systemd-timesyncd.service.in | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in +index c74dc7a5a1..fa3206d07b 100644 +--- a/units/systemd-coredump@.service.in ++++ b/units/systemd-coredump@.service.in +@@ -26,7 +26,7 @@ NoNewPrivileges=yes + OOMScoreAdjust=500 + PrivateDevices=yes + PrivateNetwork=yes +-PrivateTmp=disconnected ++PrivateTmp=yes + ProtectControlGroups=yes + ProtectHome=read-only + ProtectHostname=yes +diff --git a/units/systemd-oomd.service.in b/units/systemd-oomd.service.in +index 670d5e6140..82bd6245f8 100644 +--- a/units/systemd-oomd.service.in ++++ b/units/systemd-oomd.service.in +@@ -37,7 +37,7 @@ MemoryLow=64M + NoNewPrivileges=yes + OOMScoreAdjust=-900 + PrivateDevices=yes +-PrivateTmp=disconnected ++PrivateTmp=yes + ProtectClock=yes + ProtectHome=yes + ProtectHostname=yes +diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in +index e181b2528a..4aa0788ac4 100644 +--- a/units/systemd-resolved.service.in ++++ b/units/systemd-resolved.service.in +@@ -29,7 +29,7 @@ LockPersonality=yes + MemoryDenyWriteExecute=yes + NoNewPrivileges=yes + PrivateDevices=yes +-PrivateTmp=disconnected ++PrivateTmp=yes + ProtectClock=yes + ProtectControlGroups=yes + ProtectHome=yes +diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in +index 835d6327e7..cf233fbffd 100644 +--- a/units/systemd-timesyncd.service.in ++++ b/units/systemd-timesyncd.service.in +@@ -31,7 +31,7 @@ LockPersonality=yes + MemoryDenyWriteExecute=yes + NoNewPrivileges=yes + PrivateDevices=yes +-PrivateTmp=disconnected ++PrivateTmp=yes + ProtectProc=invisible + ProtectControlGroups=yes + ProtectHome=yes +-- +2.47.1 + diff --git a/systemd.spec b/systemd.spec index eeb632c..1910a32 100644 --- a/systemd.spec +++ b/systemd.spec @@ -112,6 +112,12 @@ Patch: https://github.com/systemd/systemd/pull/26494.patch %endif %if %{without upstream} +# Temporarily drop use of PrivateTmp=disconnected. This is causing failures +# in various places: +# https://bugzilla.redhat.com/show_bug.cgi?id=2334015 +# https://github.com/coreos/fedora-coreos-tracker/issues/1857 +Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch From 20cc578e59c292a3c5ceaf43cac2c248aa26b9b7 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 8 Jan 2025 00:46:28 +0000 Subject: [PATCH 214/327] Enable signing systemd-boot on OBS builds On OBS the https://github.com/openSUSE/pesign-obs-integration package is the way to get binaries signed. Build depend on it, and call its hook. Also rename and change the description and provides of the package, given it is signed. [skip changelog] --- systemd.spec | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/systemd.spec b/systemd.spec index 1910a32..2fba134 100644 --- a/systemd.spec +++ b/systemd.spec @@ -237,6 +237,10 @@ BuildRequires: xen-devel %endif %endif +%if %{with obs} +BuildRequires: pesign-obs-integration +%endif + Requires(post): coreutils Requires(post): grep # systemd-machine-id-setup requires libssl @@ -512,6 +516,7 @@ with a command line, and possibly PCR measurements and other metadata, into a Unified Kernel Image (UKI). %if 0%{?want_bootloader} +%if %{without obs} %package boot-unsigned Summary: UEFI boot manager (unsigned version) @@ -532,6 +537,27 @@ line. systemd-boot supports systems with UEFI firmware only. This package contains the unsigned version. Install systemd-boot instead to get the version that works with Secure Boot. +%else +%package boot +Summary: UEFI boot manager (signed version) + +Provides: systemd-boot-signed-%{efi_arch} = %version-%release +Provides: systemd-boot = %version-%release +Provides: systemd-boot%{_isa} = %version-%release +# A provides with just the version, no release or dist, used to build systemd-boot +Provides: version(systemd-boot-signed) = %version +Provides: version(systemd-boot-signed)%{_isa} = %version + +# self-obsoletes to install both packages after split of systemd-boot +Obsoletes: systemd-udev < 252.2^ + +%description boot +systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a +graphical menu to select the entry to boot and an editor for the kernel command +line. systemd-boot supports systems with UEFI firmware only. + +This package contains the signed version. +%endif %endif %package container @@ -1045,6 +1071,11 @@ EOF # Split files in build root into rpms python3 %{SOURCE2} %buildroot %{!?want_bootloader:--no-bootloader} +# Stage sd-boot binaries for signing +%if %{with obs} && 0%{?want_bootloader} +BRP_PESIGN_FILES=/usr/lib/systemd/boot/efi/systemd-boot%{efi_arch}.efi BRP_PESIGN_PACKAGES=systemd-boot /usr/lib/rpm/brp-suse.d/brp-99-pesign +%endif + %check %if %{with tests} meson test -C %{_vpath_builddir} -t 6 --print-errorlogs @@ -1299,7 +1330,11 @@ fi %files ukify -f .file-list-ukify %if 0%{?want_bootloader} +%if %{without obs} %files boot-unsigned -f .file-list-boot +%else +%files boot -f .file-list-boot +%endif %endif %files container -f .file-list-container From cddeca136f617641ce81c448ae7a66c4682f719f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 12 Jan 2025 16:24:13 +0100 Subject: [PATCH 215/327] Rebuilt for the bin-sbin merge (2nd attempt) https://fedoraproject.org/wiki/Changes/Unify_bin_and_sbin From fd36e4c562f9a0bda309405fd199e91e1f51f2eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 12 Jan 2025 18:23:30 +0100 Subject: [PATCH 216/327] Rebuilt for the bin-sbin merge (2nd attempt) This time in the side tag. [skip changelog] From a7eec4d33deb2605ebc5d2c0cc433ce035bbd2f1 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 8 Jan 2025 14:15:18 +0100 Subject: [PATCH 217/327] Run upstream integration test suite with Fedora CI Let's add a tmt plan to read the upstream fmf metadata which contains a single test to run the upstream integration tests. To make this work, we also add a downstream patch with some fmf test script fixes that landed after 257.2 was released. We request virtualization support so we can run qemu based integration tests in qemu with KVM. --- .fmf/version | 1 + 35938.patch | 879 +++++++++++++++++++++++++++++++++++++++++++++ plans/upstream.fmf | 16 + systemd.spec | 3 + 4 files changed, 899 insertions(+) create mode 100644 .fmf/version create mode 100644 35938.patch create mode 100644 plans/upstream.fmf diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/35938.patch b/35938.patch new file mode 100644 index 0000000..7f9f9be --- /dev/null +++ b/35938.patch @@ -0,0 +1,879 @@ +From 1f21bbecade2c74a02ec8e2d5ebc8757752ea7b2 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 8 Jan 2025 10:25:05 +0100 +Subject: [PATCH 01/22] fmf: Don't fail if we can't put selinux in permissive + mode + +The tests might be running unprivileged or in an environment without +selinux so let's not fail if we can't put it in permissive mode. + +(cherry picked from commit 0250db0139b159cb9e6c1a87ad91ffdd03e80236) +--- + test/fmf/integration-tests/test.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 4984fb119b571..fe139567bdf06 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -4,8 +4,8 @@ + set -eux + set -o pipefail + +-# Switch SELinux to permissive, since the tests don't set proper contexts +-setenforce 0 ++# Switch SELinux to permissive if possible, since the tests don't set proper contexts ++setenforce 0 || true + + # Allow running the integration tests downstream in dist-git with something like + # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: + +From 006ff34ef7d27aa10fd7343dacd1663f25561799 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 8 Jan 2025 10:25:50 +0100 +Subject: [PATCH 02/22] fmf: Fix dist-git example + +All that's needed is dist-git-source: true so remove the other settings +that aren't required. + +(cherry picked from commit 0a85b3757968a2750286119760244e017c990263) +--- + test/fmf/integration-tests/test.sh | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index fe139567bdf06..73771d4237207 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -13,9 +13,6 @@ setenforce 0 || true + # summary: systemd Fedora test suite + # discover: + # how: fmf +-# url: https://github.com/systemd/systemd +-# ref: main +-# path: test/fmf + # dist-git-source: true + # dist-git-install-builddeps: false + # prepare: + +From fc5028ef24af77c9bf0965bb9e3518cdc1041797 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 8 Jan 2025 10:38:21 +0100 +Subject: [PATCH 03/22] fmf: Fix glob + +Globs inside quotes aren't expanded and we need the glob to be more +specific to avoid matching multiple entries inside the tmt source +directory. + +(cherry picked from commit fc1b08dee2ccf706580fa448e66831d1e853d054) +--- + test/fmf/integration-tests/test.sh | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 73771d4237207..0a1595fa97268 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -23,8 +23,11 @@ setenforce 0 || true + # execute: + # how: tmt + ++shopt -s extglob ++ + if [[ -n "${TMT_SOURCE_DIR:-}" ]]; then +- pushd "$TMT_SOURCE_DIR/*/" ++ # Match either directories ending with branch names (e.g. systemd-fmf) or releases (e.g systemd-257.1). ++ pushd "$TMT_SOURCE_DIR"/systemd-+([0-9a-z.~])/ + elif [[ -n "${PACKIT_TARGET_URL:-}" ]]; then + # Prepare systemd source tree + git clone "$PACKIT_TARGET_URL" systemd --branch "$PACKIT_TARGET_BRANCH" + +From bff09b9634e0160bd33302eec1c25438cdba2af5 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 8 Jan 2025 12:12:15 +0100 +Subject: [PATCH 04/22] fmf: Only mess with /etc/yum.repos.d when running + within testing farm + +If running tmt locally to debug the test script, make sure we don't +mess with /etc/yum.repos.d. + +(cherry picked from commit 8e3347f3bd3d9a01b8f39b0858eab74084ecf20a) +--- + test/fmf/integration-tests/test.sh | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 0a1595fa97268..347cd219a458a 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -63,6 +63,11 @@ Release=${VERSION_ID:-rawhide} + [Build] + ToolsTreeDistribution=$ID + ToolsTreeRelease=${VERSION_ID:-rawhide} ++EOF ++ ++if [[ -n "${TESTING_FARM_REQUEST_ID:-}" ]]; then ++ tee --append mkosi.local.conf <> /etc/yum.repos.d/copr_build* ++ # Ensure packages built for this test have highest priority ++ echo -e "\npriority=1" >> /etc/yum.repos.d/copr_build* + +-# Disable mkosi's own repository logic +-touch /etc/yum.repos.d/mkosi.repo ++ # Disable mkosi's own repository logic ++ touch /etc/yum.repos.d/mkosi.repo ++fi + + # TODO: drop once BTRFS regression is fixed in kernel 6.13 + sed -i "s/Format=btrfs/Format=ext4/" mkosi.repart/10-root.conf + +From d0b9af0f2bb5f8891eb4def4ec201bf527fe2096 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 8 Jan 2025 16:41:46 +0100 +Subject: [PATCH 05/22] fmf: Dump CPU and memory information + +(cherry picked from commit 44368f84d7ddbec7a50648a65c27cb6a31090a29) +--- + test/fmf/integration-tests/test.sh | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 347cd219a458a..4545090c3c1ab 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -7,6 +7,10 @@ set -o pipefail + # Switch SELinux to permissive if possible, since the tests don't set proper contexts + setenforce 0 || true + ++echo "CPU and Memory information:" ++lscpu ++lsmem ++ + # Allow running the integration tests downstream in dist-git with something like + # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: + # + +From c8cd705e5ed0a1f1fe642772a7605b36f30215a1 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 8 Jan 2025 13:31:11 +0100 +Subject: [PATCH 06/22] TEST-06-SELINUX: Add knob to allow checking for AVCs + +When running the integration tests downstream, it's useful to be +able to test that a new systemd version doesn't introduce any AVC +denials, so let's add a knob to make that possible. + +(cherry picked from commit de19520ec979902fd457515d1a795210fdaedf93) +--- + test/README.testsuite | 10 ++++++++++ + test/fmf/integration-tests/test.sh | 7 +++++++ + test/units/TEST-06-SELINUX.sh | 4 ++++ + 3 files changed, 21 insertions(+) + +diff --git a/test/README.testsuite b/test/README.testsuite +index da2d17a6dba7c..6b367aa6738fa 100644 +--- a/test/README.testsuite ++++ b/test/README.testsuite +@@ -151,6 +151,16 @@ that make use of `run_testcases`. + + `TEST_SKIP_TESTCASE=testcase`: takes a space separated list of testcases to skip. + ++### SELinux AVCs ++ ++To have `TEST-06-SELINUX` check for SELinux denials, write the following to ++mkosi.local.conf: ++ ++```conf ++[Runtime] ++KernelCommandLineExtra=systemd.setenv=TEST_SELINUX_CHECK_AVCS=1 ++``` ++ + ## Ubuntu CI + + New PRs submitted to the project are run through regression tests, and one set +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 4545090c3c1ab..fccfa15c72821 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -69,6 +69,13 @@ ToolsTreeDistribution=$ID + ToolsTreeRelease=${VERSION_ID:-rawhide} + EOF + ++if [[ -n "${TEST_SELINUX_CHECK_AVCS:-}" ]]; then ++ tee --append mkosi.local.conf < +Date: Wed, 8 Jan 2025 16:03:06 +0100 +Subject: [PATCH 07/22] fmf: Force SELinux relabel when running within testing + farm + +We expect to run as root within testing farm and to have permissions +to do selinux relabelling so let's enable it explicitly. + +(cherry picked from commit e1c883bf32f3922bfc977701062e353c0a0a4ac5) +--- + test/fmf/integration-tests/test.sh | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index fccfa15c72821..8cea79cf30274 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -78,6 +78,9 @@ fi + + if [[ -n "${TESTING_FARM_REQUEST_ID:-}" ]]; then + tee --append mkosi.local.conf < +Date: Thu, 9 Jan 2025 11:27:51 +0100 +Subject: [PATCH 08/22] test: Drop set -x from integration-test-setup.sh + +(cherry picked from commit 90538ede55ac9d40dc513f64f052c687672cae89) +--- + test/integration-test-setup.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/integration-test-setup.sh b/test/integration-test-setup.sh +index d7c384a97cf48..c67f938acf26f 100755 +--- a/test/integration-test-setup.sh ++++ b/test/integration-test-setup.sh +@@ -1,6 +1,6 @@ + #!/usr/bin/env bash + # SPDX-License-Identifier: LGPL-2.1-or-later +-set -eux ++set -eu + set -o pipefail + + case "$1" in + +From 9f6617a1a086ecbdd4abb29d4a5b4eada05eb9c4 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 9 Jan 2025 11:28:15 +0100 +Subject: [PATCH 09/22] test: Only plug in integration-test-setup.sh in + interactive mode + +If we're not running interactively, there's no point in the features +from integration-test-setup.sh which are intended for interactive +development and debugging so lets skip adding it in that case. + +(cherry picked from commit 794d456cf402a35290d6562c21f0ff846511026c) +--- + test/integration-test-wrapper.py | 9 +++++++++ + test/test.service.in | 2 -- + 2 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py +index ef6df8840f50d..5fa0325b889e5 100755 +--- a/test/integration-test-wrapper.py ++++ b/test/integration-test-wrapper.py +@@ -459,6 +459,15 @@ def main() -> None: + """ + ) + ++ if sys.stderr.isatty(): ++ dropin += textwrap.dedent( ++ """ ++ [Service] ++ ExecStartPre=/usr/lib/systemd/tests/testdata/integration-test-setup.sh setup ++ ExecStopPost=/usr/lib/systemd/tests/testdata/integration-test-setup.sh finalize ++ """ ++ ) ++ + cmd = [ + args.mkosi, + '--directory', os.fspath(args.meson_source_dir), +diff --git a/test/test.service.in b/test/test.service.in +index 6400be0700288..75f703698f687 100644 +--- a/test/test.service.in ++++ b/test/test.service.in +@@ -7,9 +7,7 @@ Before=getty-pre.target + + [Service] + ExecStartPre=rm -f /failed /testok +-ExecStartPre=/usr/lib/systemd/tests/testdata/integration-test-setup.sh setup + ExecStart=@command@ +-ExecStopPost=/usr/lib/systemd/tests/testdata/integration-test-setup.sh finalize + Type=oneshot + MemoryAccounting=@memory-accounting@ + StateDirectory=%N + +From 2aa2a0c9d166fd7a77c027852255bf248fe63aa0 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Tue, 7 Jan 2025 15:01:02 +0100 +Subject: [PATCH 10/22] mkosi: Re-enable TEST-21-DFUZZER when running with + sanitizers + +Similar to how CentOS CI did it previously, let's only run +TEST-21-DFUZZER when built with sanitizers for maximum effect. + +(cherry picked from commit 103e92810a4bd3f01d2a49d85ef9575d60a8d244) +--- + .github/workflows/mkosi.yml | 8 ++++++++ + test/TEST-21-DFUZZER/meson.build | 1 - + 2 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml +index a043022ce05a1..592ed41051458 100644 +--- a/.github/workflows/mkosi.yml ++++ b/.github/workflows/mkosi.yml +@@ -61,6 +61,7 @@ jobs: + cflags: "-O2 -D_FORTIFY_SOURCE=3" + relabel: no + vm: 1 ++ skip: TEST-21-DFUZZER + - distro: debian + release: testing + sanitizers: "" +@@ -68,6 +69,7 @@ jobs: + cflags: "-Og" + relabel: no + vm: 0 ++ skip: TEST-21-DFUZZER + - distro: ubuntu + release: noble + sanitizers: "" +@@ -75,6 +77,7 @@ jobs: + cflags: "-Og" + relabel: no + vm: 0 ++ skip: TEST-21-DFUZZER + - distro: fedora + release: "41" + sanitizers: "" +@@ -82,6 +85,7 @@ jobs: + cflags: "-Og" + relabel: yes + vm: 0 ++ skip: TEST-21-DFUZZER + - distro: fedora + release: rawhide + sanitizers: address,undefined +@@ -96,6 +100,7 @@ jobs: + cflags: "-Og" + relabel: no + vm: 0 ++ skip: TEST-21-DFUZZER + - distro: centos + release: "9" + sanitizers: "" +@@ -103,6 +108,7 @@ jobs: + cflags: "-Og" + relabel: yes + vm: 0 ++ skip: TEST-21-DFUZZER + - distro: centos + release: "10" + sanitizers: "" +@@ -110,6 +116,7 @@ jobs: + cflags: "-Og" + relabel: yes + vm: 0 ++ skip: TEST-21-DFUZZER + + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 +@@ -195,6 +202,7 @@ jobs: + mkosi sandbox \ + env \ + TEST_PREFER_QEMU=${{ matrix.vm }} \ ++ TEST_SKIP=${{ matrix.skip }} \ + meson test \ + -C build \ + --no-rebuild \ +diff --git a/test/TEST-21-DFUZZER/meson.build b/test/TEST-21-DFUZZER/meson.build +index f57be63380222..932f0c5f0e407 100644 +--- a/test/TEST-21-DFUZZER/meson.build ++++ b/test/TEST-21-DFUZZER/meson.build +@@ -6,6 +6,5 @@ integration_tests += [ + 'timeout' : 3600, + 'priority' : 50, + 'vm' : true, +- 'enabled' : false, + }, + ] + +From 0d6306c37144494e8b029a5f73aec40372587203 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 9 Jan 2025 15:13:18 +0100 +Subject: [PATCH 11/22] fmf: Move meson logs and failed test journals to test + artifacts dir + +(cherry picked from commit 0e444c948e7d8ddbdec83116b68af7d876e2d2f6) +--- + test/fmf/integration-tests/test.sh | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 8cea79cf30274..762016f2a5c1c 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -125,6 +125,11 @@ mkosi -f sandbox \ + --suite integration-tests \ + --print-errorlogs \ + --no-stdsplit \ +- --num-processes "$(($(nproc) - 1))" ++ --num-processes "$(($(nproc) - 1))" && EC=0 || EC=$? ++ ++find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; ++find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; + + popd ++ ++exit "$EC" + +From 80d2d53b0d8573b69597a37f6ced38df97ad2746 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 9 Jan 2025 15:24:51 +0100 +Subject: [PATCH 12/22] fmf: Log clock source + +(cherry picked from commit 6e761c5a93278fc719a66f7c984af9608b836991) +--- + test/fmf/integration-tests/test.sh | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 762016f2a5c1c..d1e43b1d7dbc9 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -11,6 +11,8 @@ echo "CPU and Memory information:" + lscpu + lsmem + ++echo "Clock source: $(cat /sys/devices/system/clocksource/clocksource0/current_clocksource)" ++ + # Allow running the integration tests downstream in dist-git with something like + # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: + # + +From 0584ff62f23838d2a85d48ce22a56aeb61e6f3e7 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 9 Jan 2025 16:24:22 +0100 +Subject: [PATCH 13/22] tree-wide: Fix python formatting + +The new release of ruff formats a few more things which causes linter +failures in CI so let's fix those formatting nits. + +(cherry picked from commit 96403d5121d93dd47dbe9dab5b90ff973e664ac3) +--- + src/ukify/ukify.py | 6 +++--- + test/integration-test-wrapper.py | 6 +++--- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py +index 3f36aa7af6b08..be4e30eb8e36e 100755 +--- a/src/ukify/ukify.py ++++ b/src/ukify/ukify.py +@@ -763,7 +763,7 @@ def call_systemd_measure(uki: UKI, opts: UkifyConfig, profile_start: int = 0) -> + cmd = [ + measure_tool, + 'calculate', +- *(f"--{s.name.removeprefix('.')}={s.content}" for s in to_measure.values()), ++ *(f'--{s.name.removeprefix(".")}={s.content}' for s in to_measure.values()), + *(f'--bank={bank}' for bank in banks), + # For measurement, the keys are not relevant, so we can lump all the phase paths + # into one call to systemd-measure calculate. +@@ -786,7 +786,7 @@ def call_systemd_measure(uki: UKI, opts: UkifyConfig, profile_start: int = 0) -> + cmd = [ + measure_tool, + 'sign', +- *(f"--{s.name.removeprefix('.')}={s.content}" for s in to_measure.values()), ++ *(f'--{s.name.removeprefix(".")}={s.content}' for s in to_measure.values()), + *(f'--bank={bank}' for bank in banks), + ] + +@@ -1284,7 +1284,7 @@ def make_uki(opts: UkifyConfig) -> None: + os.umask(umask := os.umask(0)) + os.chmod(opts.output, 0o777 & ~umask) + +- print(f"Wrote {'signed' if sign_args_present else 'unsigned'} {opts.output}") ++ print(f'Wrote {"signed" if sign_args_present else "unsigned"} {opts.output}') + + + @contextlib.contextmanager +diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py +index 5fa0325b889e5..d9d92fcba3b0e 100755 +--- a/test/integration-test-wrapper.py ++++ b/test/integration-test-wrapper.py +@@ -429,7 +429,7 @@ def main() -> None: + dropin += textwrap.dedent( + f""" + [Service] +- Environment=TEST_MATCH_SUBTEST={os.environ["TEST_MATCH_SUBTEST"]} ++ Environment=TEST_MATCH_SUBTEST={os.environ['TEST_MATCH_SUBTEST']} + """ + ) + +@@ -437,7 +437,7 @@ def main() -> None: + dropin += textwrap.dedent( + f""" + [Service] +- Environment=TEST_MATCH_TESTCASE={os.environ["TEST_MATCH_TESTCASE"]} ++ Environment=TEST_MATCH_TESTCASE={os.environ['TEST_MATCH_TESTCASE']} + """ + ) + +@@ -568,7 +568,7 @@ def main() -> None: + + ops += [f'journalctl --file {journal_file} --no-hostname -o short-monotonic -u {args.unit} -p info'] + +- print("Test failed, relevant logs can be viewed with: \n\n" f"{(' && '.join(ops))}\n", file=sys.stderr) ++ print(f'Test failed, relevant logs can be viewed with: \n\n{(" && ".join(ops))}\n', file=sys.stderr) + + # 0 also means we failed so translate that to a non-zero exit code to mark the test as failed. + exit(result.returncode or 1) + +From eb15a87fb0ba3d37b58e0b74f6c796f6d632c273 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 10 Jan 2025 14:27:33 +0100 +Subject: [PATCH 14/22] test: Add option to save in progress test journals to + /tmp + +The journal isn't the best at being fast, especially when writing +to disk and not to memory, which can cause integration tests to +grind to a halt on beefy systems due to all the systemd-journal-remote +instances not being able to write journal entries to disk fast enough. + +Let's introduce an option to allow writing in progress test journals +to use /tmp which can be used on beefy systems with lots of memory to +speed things up. + +(cherry picked from commit e49fdecd161b3d391e55311652fda3220d851fa1) +--- + test/README.testsuite | 4 ++++ + test/integration-test-wrapper.py | 12 +++++++++++- + 2 files changed, 15 insertions(+), 1 deletion(-) + +diff --git a/test/README.testsuite b/test/README.testsuite +index 6b367aa6738fa..e33c08f33a20e 100644 +--- a/test/README.testsuite ++++ b/test/README.testsuite +@@ -151,6 +151,10 @@ that make use of `run_testcases`. + + `TEST_SKIP_TESTCASE=testcase`: takes a space separated list of testcases to skip. + ++`TEST_JOURNAL_USE_TMP=1`: Write test journal to `/tmp` while the test is in ++progress and only move the journal to its final location in the build directory ++(`$BUILD_DIR/test/journal`) when the test is finished. ++ + ### SELinux AVCs + + To have `TEST-06-SELINUX` check for SELinux denials, write the following to +diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py +index d9d92fcba3b0e..1c28cf3776e80 100755 +--- a/test/integration-test-wrapper.py ++++ b/test/integration-test-wrapper.py +@@ -10,6 +10,7 @@ + import os + import re + import shlex ++import shutil + import subprocess + import sys + import tempfile +@@ -441,7 +442,11 @@ def main() -> None: + """ + ) + +- journal_file = (args.meson_build_dir / (f'test/journal/{name}.journal')).absolute() ++ if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': ++ journal_file = Path(f'/tmp/systemd-integration-tests/journal/{name.journal}') ++ else: ++ journal_file = (args.meson_build_dir / f'test/journal/{name}.journal').absolute() ++ + journal_file.unlink(missing_ok=True) + + if not sys.stderr.isatty(): +@@ -551,6 +556,11 @@ def main() -> None: + ): + journal_file.unlink(missing_ok=True) + ++ if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': ++ dst = args.meson_build_dir / f'test/journal/{name}.journal' ++ dst.parent.mkdir(parents=True, exist_ok=True) ++ shutil.move(journal_file, dst) ++ + if shell or (result.returncode in (args.exit_code, 77) and not coredumps and not sanitizer): + exit(0 if shell or result.returncode == args.exit_code else 77) + + +From ce86b8086e92c84e33385fb48467384abe74ca6d Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 10 Jan 2025 14:29:58 +0100 +Subject: [PATCH 15/22] test: Don't register machines with machined unless + we're in interactive mode + +(cherry picked from commit 84b30442d257102a9a39122f9a537fa48fb0bfda) +--- + test/integration-test-wrapper.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py +index 1c28cf3776e80..94904cfbc4c05 100755 +--- a/test/integration-test-wrapper.py ++++ b/test/integration-test-wrapper.py +@@ -516,7 +516,7 @@ def main() -> None: + ] + ), + '--credential', f"journal.storage={'persistent' if sys.stderr.isatty() else args.storage}", +- *(['--runtime-build-sources=no'] if not sys.stderr.isatty() else []), ++ *(['--runtime-build-sources=no', '--register=no'] if not sys.stderr.isatty() else []), + 'vm' if args.vm or os.getuid() != 0 or os.getenv('TEST_PREFER_QEMU', '0') == '1' else 'boot', + ] # fmt: skip + + +From 504eee6eb099c80b48d8bf7e82ca9e0d6549e076 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 10 Jan 2025 14:51:24 +0100 +Subject: [PATCH 16/22] test: Move StateDirectory= directive into dropin + +The integration-test-setup calls require StateDirectory= but some +tests override the test unit used which then won't have StateDirectory= +so let's move StateDirectory= into the dropin as well to avoid this +issue. + +(cherry picked from commit 1f17ec0ed419627a686ee6e719ac7f55cf082ada) +--- + test/integration-test-wrapper.py | 1 + + test/test.service.in | 1 - + 2 files changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py +index 94904cfbc4c05..610c34c903425 100755 +--- a/test/integration-test-wrapper.py ++++ b/test/integration-test-wrapper.py +@@ -470,6 +470,7 @@ def main() -> None: + [Service] + ExecStartPre=/usr/lib/systemd/tests/testdata/integration-test-setup.sh setup + ExecStopPost=/usr/lib/systemd/tests/testdata/integration-test-setup.sh finalize ++ StateDirectory=%N + """ + ) + +diff --git a/test/test.service.in b/test/test.service.in +index 75f703698f687..790c513da4338 100644 +--- a/test/test.service.in ++++ b/test/test.service.in +@@ -10,4 +10,3 @@ ExecStartPre=rm -f /failed /testok + ExecStart=@command@ + Type=oneshot + MemoryAccounting=@memory-accounting@ +-StateDirectory=%N + +From 4fc1059282f5e39b3385fe175d377de96461f68b Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 10 Jan 2025 15:26:37 +0100 +Subject: [PATCH 17/22] fmf: Bump inotify limits to avoid systemd-nspawn + failures + +(cherry picked from commit c32a8cdaa0f03ae29e9edade1213cc2001b28000) +--- + test/fmf/integration-tests/test.sh | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index d1e43b1d7dbc9..34bf1abfa8943 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -13,6 +13,10 @@ lsmem + + echo "Clock source: $(cat /sys/devices/system/clocksource/clocksource0/current_clocksource)" + ++# Bump inotify limits so nspawn containers don't run out of inotify file descriptors. ++sysctl fs.inotify.max_user_watches=65536 ++sysctl fs.inotify.max_user_instances=1024 ++ + # Allow running the integration tests downstream in dist-git with something like + # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: + # + +From 7f3639f9a0ead8ea70f2d975de4271bb7d8ab05b Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 10 Jan 2025 15:26:54 +0100 +Subject: [PATCH 18/22] fmf: Use different heuristic on beefy systems + +If we save journals in /tmp, we can run a larger number of tests in +parallel so let's make use of the larger number of CPUs if the tests +run on a beefy machine. + +(cherry picked from commit 53546c71fe0a1b30ee296df84bb8c3577f5675a4) +--- + test/fmf/integration-tests/test.sh | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 34bf1abfa8943..06a98bfd7a0be 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -116,6 +116,14 @@ if [[ ! -e /dev/kvm ]]; then + export TEST_NO_QEMU=1 + fi + ++NPROC="$(nproc)" ++if [[ "$NPROC" -ge 10 ]]; then ++ export TEST_JOURNAL_USE_TMP=1 ++ NPROC="$((NPROC / 3))" ++else ++ NPROC="$((NPROC - 1))" ++fi ++ + # Create missing mountpoint for mkosi sandbox. + mkdir -p /etc/pacman.d/gnupg + +@@ -131,7 +139,7 @@ mkosi -f sandbox \ + --suite integration-tests \ + --print-errorlogs \ + --no-stdsplit \ +- --num-processes "$(($(nproc) - 1))" && EC=0 || EC=$? ++ --num-processes "$NPROC" && EC=0 || EC=$? + + find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; + find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; + +From 3661dcc1cbf43dca2a9a77c3dffe50cbe1a7ea18 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 10 Jan 2025 15:29:28 +0100 +Subject: [PATCH 19/22] fmf: Skip TEST-21-DFUZZER + +Similar to Github Actions, since we don't build with sanitizers in +the packit job, let's skip TEST-21-DFUZZER. + +(cherry picked from commit e0c2fd6a3345d26afdf4159406c38cd9101d2e0d) +--- + test/fmf/integration-tests/test.sh | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 06a98bfd7a0be..f82961f9599d0 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -124,6 +124,10 @@ else + NPROC="$((NPROC - 1))" + fi + ++# This test is only really useful if we're building with sanitizers and takes a long time, so let's skip it ++# for now. ++export TEST_SKIP="TEST-21-DFUZZER" ++ + # Create missing mountpoint for mkosi sandbox. + mkdir -p /etc/pacman.d/gnupg + + +From 25c8ee9dc089b593940cefefb2dba7660768a7a8 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Mon, 13 Jan 2025 10:33:20 +0100 +Subject: [PATCH 20/22] test: Fix bug in integration test wrapper + +(cherry picked from commit 79ac78e3680a425d86c7a90e6846c630c9583b48) +--- + test/integration-test-wrapper.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py +index 610c34c903425..5321faef57818 100755 +--- a/test/integration-test-wrapper.py ++++ b/test/integration-test-wrapper.py +@@ -443,7 +443,7 @@ def main() -> None: + ) + + if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': +- journal_file = Path(f'/tmp/systemd-integration-tests/journal/{name.journal}') ++ journal_file = Path(f'/tmp/systemd-integration-tests/journal/{name}.journal') + else: + journal_file = (args.meson_build_dir / f'test/journal/{name}.journal').absolute() + + +From 051ad7661f7cf29b6cbf99c70a6a504f777bc240 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Tue, 14 Jan 2025 09:52:40 +0100 +Subject: [PATCH 21/22] test: Only move journal file if we didn't just unlink + it + +(cherry picked from commit 1d77ac19cfa1c9b194d7e9805430ab6fd38ba97e) +--- + test/integration-test-wrapper.py | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py +index 5321faef57818..a7bf5ea6060d4 100755 +--- a/test/integration-test-wrapper.py ++++ b/test/integration-test-wrapper.py +@@ -556,8 +556,7 @@ def main() -> None: + and not sanitizer + ): + journal_file.unlink(missing_ok=True) +- +- if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': ++ elif os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': + dst = args.meson_build_dir / f'test/journal/{name}.journal' + dst.parent.mkdir(parents=True, exist_ok=True) + shutil.move(journal_file, dst) + +From 6cd2c87e4ef1379520c98316ac5d6bcf21ef1bd1 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Tue, 14 Jan 2025 11:41:17 +0100 +Subject: [PATCH 22/22] fmf: Only move logs if corresponding directory exists + +Otherwise find fails with an error. + +(cherry picked from commit 3c2fa8e0501f9f39b3b7ca0506a7d548a39af928) +--- + test/fmf/integration-tests/test.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index f82961f9599d0..aff79340f79fe 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -145,8 +145,8 @@ mkosi -f sandbox \ + --no-stdsplit \ + --num-processes "$NPROC" && EC=0 || EC=$? + +-find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; +-find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; ++[[ -d build/meson-logs ]] && find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; ++[[ -d build/test/journal ]] && find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; + + popd + diff --git a/plans/upstream.fmf b/plans/upstream.fmf new file mode 100644 index 0000000..fd348ad --- /dev/null +++ b/plans/upstream.fmf @@ -0,0 +1,16 @@ +summary: systemd upstream test suite +discover: + how: fmf + dist-git-source: true + dist-git-install-builddeps: false +prepare: + - name: systemd + how: install + exclude: + - systemd-standalone-.* +execute: + how: tmt +provision: + hardware: + virtualization: + is-supported: true diff --git a/systemd.spec b/systemd.spec index 2fba134..14df243 100644 --- a/systemd.spec +++ b/systemd.spec @@ -121,6 +121,9 @@ Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch + +# Backport various fmf fixes to allow running the integration tests in Fedora CI. +Patch: https://github.com/systemd/systemd/pull/35938.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From 01e5bc1c93907a41421f3744211e9be645747695 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 14 Jan 2025 21:47:40 +0000 Subject: [PATCH 218/327] Set SBAT in sd-boot when building on OBS We are doing self-signing, so don't tag the EFI binaries as if they were Fedora's, since they are not. Set upstream-specific tags, that are the same for all distros built on OBS.. [skip changelog] --- systemd.spec | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/systemd.spec b/systemd.spec index 14df243..4ba5825 100644 --- a/systemd.spec +++ b/systemd.spec @@ -868,6 +868,11 @@ CONFIGURE_OPTS=( # considering that that support is untested, let's not do this now. -Dbootloader=%[%{?want_bootloader}?"enabled":"disabled"] -Dukify=enabled +%if 0%{?want_bootloader} && %{with obs} + -Dsbat-distro-url=https://github.com/systemd/systemd + -Dsbat-distro=upstream + -Dsbat-distro-summary='Upstream build from git' +%endif ) %if %{without lto} From aa5546e9ed9b3fe92efb29bae842da997d153cf8 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 16 Jan 2025 12:29:01 +0100 Subject: [PATCH 219/327] Add a few mkosi artifact directories to .gitignore --- .gitignore | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitignore b/.gitignore index 6cf7897..ca73e11 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,7 @@ /systemd-*.tar.xz /systemd-*.tar.gz /*.rpm +/mkosi.output/ +/mkosi.cache/ +/mkosi.builddir/ +/mkosi.local.conf From f257050dddc1c86fe4358f7b663ec0fe0ab1c407 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 16 Jan 2025 12:29:21 +0100 Subject: [PATCH 220/327] Add a .editorconfig file --- .editorconfig | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .editorconfig diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..1b58baf --- /dev/null +++ b/.editorconfig @@ -0,0 +1,11 @@ +root = true + +[*] +charset = utf-8 +indent_size = 4 +indent_style = space +insert_final_newline = true +trim_trailing_whitespace = true + +[*.{yml,yaml}] +indent_size = 2 From c7fecc18eba700cc97b04394f67afd0b4e965781 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 16 Jan 2025 22:14:36 +0100 Subject: [PATCH 221/327] Skip test_sysusers_defined on upstream builds --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index 4ba5825..c513a1c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1050,9 +1050,13 @@ mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ %endif %if 0%{?fedora} >= 41 +%if %{without upstream} # This requires https://pagure.io/setup/pull-request/50 # and https://src.fedoraproject.org/rpms/setup/pull-request/10. +# We skip this on upstream builds so that new users and groups +# can be added without breaking the build. %{python3} %{SOURCE4} /usr/lib/sysusers.d/20-setup-{users,groups}.conf %{buildroot}/usr/lib/sysusers.d/basic.conf +%endif rm %{buildroot}/usr/lib/sysusers.d/basic.conf %endif From e54ec2f978a1408b15ea25d8ff28961860e541bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 17 Jan 2025 14:04:00 +0100 Subject: [PATCH 222/327] Trim changelog entries that are not relevant to users --- changelog | 153 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 153 insertions(+) diff --git a/changelog b/changelog index fb6584d..216ab62 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,156 @@ +* Sun Jan 12 2025 Zbigniew Jędrzejewski-Szmek - 257.2-6 +- Rebuilt for the bin-sbin merge (2nd attempt) + +* Fri Jan 10 2025 Zbigniew Jędrzejewski-Szmek - 257.2-4 +- Revert use of PrivateTmp=disconnected (rhbz#2334015, + https://github.com/coreos/fedora-coreos-tracker/issues/1857) + +* Wed Jan 08 2025 Zbigniew Jędrzejewski-Szmek - 257.2-1 +- Version 257.2 +- Fixes for assertion crashes and memory access issues in pid1 and systemd- + machined, and other fixes for systemd-repart, systemd-resolved, systemd- + stdio-bridge, systemctl, journalctl, sd-device, hibernation, and the + hardware database. + +* Tue Jan 07 2025 Yu Watanabe - 257.1-7 +- Replace 'udevadm hwdb' with systemd-hwdb + +* Tue Jan 07 2025 Zbigniew Jędrzejewski-Szmek - 257.1-6 +- Rename source .abignore file + +* Fri Dec 20 2024 Daan De Meyer - 257.1-2 +- Re-enable upstream behaviour of systemd-tmpfiles --purge + +* Fri Dec 20 2024 Zbigniew Jędrzejewski-Szmek - 257.1-1 +- Version 257.1 +- A bunch of post-release fixes, incl. for systemd-resolved, tpm2 support, + systemd-networkd, systemd-logind, journalct. +- Should fix rhbz#2325780. + +* Sun Dec 15 2024 Yu Watanabe - 257-3 +- Add patch for test-time-util + +* Sun Dec 15 2024 Yu Watanabe - 257-2 +- sysusers: support new ! line flag for creating fully locked accounts + +* Tue Dec 10 2024 Zbigniew Jędrzejewski-Szmek - 257-1 +- Version 257 +- A bunch of small fixes in various components: systemd itself, systemd- + cryptenroll, sd-varlink, sd-boot, documentation, tests +- Includes an update of the hardware database + +* Thu Dec 05 2024 Zbigniew Jędrzejewski-Szmek - 257~rc3-5 +- Enable slow tests during build + +* Tue Dec 03 2024 Zbigniew Jędrzejewski-Szmek - 257~rc3-3 +- Recommend qemu-kvm-core instead of qemu-kvm (rhbz#2329979) + +* Fri Nov 29 2024 Yu Watanabe - 257~rc3-2 +- Update tmpfiles --destroy-data patch + +* Wed Nov 27 2024 Zbigniew Jędrzejewski-Szmek - 257~rc3-1 +- Version 257~rc3 +- A bunch of small fixes here and there: virtualization detection, udev, + systemd-networked, pid1. +- Includes a hardware database update. + +* Tue Nov 26 2024 Zbigniew Jędrzejewski-Szmek - 257~rc2-4 +- Make systemd-network-generator co-owned by -udev and -networkd + (rhbz#2328723) + +* Tue Nov 19 2024 Zbigniew Jędrzejewski-Szmek - 257~rc2-3 +- Pull in qemu from systemd-container + +* Fri Nov 15 2024 Zbigniew Jędrzejewski-Szmek - 257~rc2-2 +- Change sysusers u! lines to u because we don't have support in rpm + +* Fri Nov 15 2024 Zbigniew Jędrzejewski-Szmek - 257~rc2-1 +- Version 257~rc2 +- Changes in systemd-measure, systemd-networkd, documentation, systemd- + sysupdated, systemd-sbsign, systemd-boot, systemd-stub, systemd-nspawn, + run0, ukify +- Hardware database update + +* Fri Nov 15 2024 Zbigniew Jędrzejewski-Szmek - 257~rc1-3 +- Disable freezing of user sessions (rhbz#2321268) + +* Thu Nov 07 2024 Zbigniew Jędrzejewski-Szmek - 257~rc1-1 +- Version 257~rc1 + +* Thu Nov 07 2024 Daan De Meyer - 256.7-7 +- Use %%posttrans instead of %%postun to restart services + +* Thu Nov 07 2024 Yaakov Selkowitz - 256.7-6 +- Disable OpenSSL v3 ENGINE on RHEL + +* Tue Nov 05 2024 Daan De Meyer - 256.7-4 +- Backport user manager reexec changes + +* Tue Nov 05 2024 David Tardon - 256.7-3 +- Use %%systemd_preun in systemd-resolved + +* Thu Oct 24 2024 Yu Watanabe - 256.7-2 +- test_sysusers_defined: support new ! line flag for creating fully locked + accounts + +* Fri Oct 11 2024 Zbigniew Jędrzejewski-Szmek - 256.7-1 +- Version 256.7 +- Various small fixes in many components +- Documentation updates + +* Tue Sep 24 2024 Zbigniew Jędrzejewski-Szmek - 256.6-3 +- Move yum/dnf protection removal config file under /usr + +* Thu Sep 12 2024 Matteo Croce - 256.6-1 +- Version 256.6 + +* Thu Aug 29 2024 Daan De Meyer - 256.5-6 +- Always build ukify package + +* Wed Aug 28 2024 Daan De Meyer - 256.5-5 +- Do not use patch to modify systemd-user pam config file + +* Tue Aug 27 2024 Daan De Meyer - 256.5-3 +- Only make python3-pillow Recommends on Fedora + +* Sat Aug 24 2024 Davide Cavalca - 256.5-2 +- Do not require grubby on CentOS Stream 9 + +* Tue Aug 20 2024 Zbigniew Jędrzejewski-Szmek - 256.5-1 +- Version 256.5 +- Includes the patches for the kernel change with kernel threads in leaf + cgroups (https://github.com/systemd/systemd/pull/33885) +- Various smaller fixes + +* Tue Aug 20 2024 Zbigniew Jędrzejewski-Szmek - 256.4-4 +- Disable integration of userdb in sshd + +* Mon Jul 29 2024 Daan De Meyer - 256.4-3 +- Backport patch to only read /proc/cmdline when not in container + +* Mon Jul 29 2024 Daan De Meyer - 256.4-2 +- Backport upstream patch to try more initrd variants in + 90-loaderentry.install + +* Thu Jul 25 2024 Zbigniew Jędrzejewski-Szmek - 256.4-1 +- Version 256.4 +- Hardware db update +- Minor fixes for systemd-udevd and varlink protocol + +* Tue Jul 23 2024 Daan De Meyer - 256.3-3 +- Update tmpfiles --destroy-data patch + +* Tue Jul 23 2024 Zbigniew Jędrzejewski-Szmek - 256.3-1 +- Version 256.3 +- A bunch of fixes for systemd (pid1) +- Various upgrades related to running tests in mkosi + +* Sat Jul 20 2024 Daan De Meyer - 256.2-17 +- Simplify BFQ scheduler enablement + +* Sat Jul 20 2024 Fedora Release Engineering - 256.2-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + * Wed Jul 17 2024 Zbigniew Jędrzejewski-Szmek - 256.2-9 - Backport udma buffer access patch (rhbz#2298422) From d0973df8633edfe039c8040d1773f7e89c7dd2f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 17 Jan 2025 14:00:44 +0100 Subject: [PATCH 223/327] Backport patch to emit audit events from systemd-sysusers A second patch is backported to avoid conflict and also because it seems reasoanble to backport. --- ...ot-give-up-if-the-first-attempt-at-c.patch | 75 +++++ ...dit-events-for-user-and-group-creati.patch | 287 ++++++++++++++++++ systemd.spec | 5 + 3 files changed, 367 insertions(+) create mode 100644 0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch create mode 100644 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch diff --git a/0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch b/0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch new file mode 100644 index 0000000..76c2be1 --- /dev/null +++ b/0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch @@ -0,0 +1,75 @@ +From 8ed12b37afea9ccc36789aad2cef0d60eb6c5073 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 18 Dec 2024 22:27:29 +0900 +Subject: [PATCH 1/2] update-utmp: do not give up if the first attempt at + connecting bus failed +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Otherwise, the program exits with failure if the first attempt in run() failed: +``` +Dec 18 20:27:37 systemd-update-utmp[254]: Bus n/a: changing state UNSET → OPENING +Dec 18 20:27:37 systemd-update-utmp[254]: sd-bus: starting bus by connecting to /run/systemd/private... +Dec 18 20:27:37 systemd-update-utmp[254]: Bus n/a: changing state OPENING → CLOSED +Dec 18 20:27:37 systemd-update-utmp[254]: Failed to get D-Bus connection: Connection refused +``` + +(cherry picked from commit 85d040dabd2cc67c89b7ed6157429b8f6f2240f4) +--- + src/update-utmp/update-utmp.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/src/update-utmp/update-utmp.c b/src/update-utmp/update-utmp.c +index e40843cf35..a10e6d478a 100644 +--- a/src/update-utmp/update-utmp.c ++++ b/src/update-utmp/update-utmp.c +@@ -53,6 +53,12 @@ static int get_startup_monotonic_time(Context *c, usec_t *ret) { + assert(c); + assert(ret); + ++ if (!c->bus) { ++ r = bus_connect_system_systemd(&c->bus); ++ if (r < 0) ++ return log_warning_errno(r, "Failed to get D-Bus connection, ignoring: %m"); ++ } ++ + r = bus_get_property_trivial( + c->bus, + bus_systemd_mgr, +@@ -94,10 +100,13 @@ static int get_current_runlevel(Context *c) { + UINT64_C(100) * USEC_PER_MSEC + + random_u64_range(UINT64_C(1900) * USEC_PER_MSEC * n_attempts / MAX_ATTEMPTS); + (void) usleep_safe(usec); ++ } + ++ if (!c->bus) { + r = bus_connect_system_systemd(&c->bus); + if (r == -ECONNREFUSED && n_attempts < 64) { +- log_debug_errno(r, "Failed to reconnect to system bus, retrying after a slight delay: %m"); ++ log_debug_errno(r, "Failed to %s to system bus, retrying after a slight delay: %m", ++ n_attempts <= 1 ? "connect" : "reconnect"); + continue; + } + if (r < 0) +@@ -251,7 +260,6 @@ static int run(int argc, char *argv[]) { + .audit_fd = -EBADF, + #endif + }; +- int r; + + log_setup(); + +@@ -264,9 +272,6 @@ static int run(int argc, char *argv[]) { + log_full_errno(IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT) ? LOG_DEBUG : LOG_WARNING, + errno, "Failed to connect to audit log, ignoring: %m"); + #endif +- r = bus_connect_system_systemd(&c.bus); +- if (r < 0) +- return log_error_errno(r, "Failed to get D-Bus connection: %m"); + + return dispatch_verb(argc, argv, verbs, &c); + } +-- +2.47.1 + diff --git a/0002-sysusers-emit-audit-events-for-user-and-group-creati.patch b/0002-sysusers-emit-audit-events-for-user-and-group-creati.patch new file mode 100644 index 0000000..d442f5a --- /dev/null +++ b/0002-sysusers-emit-audit-events-for-user-and-group-creati.patch @@ -0,0 +1,287 @@ +From 398049208b4aae5f2a9f0d4914dee6ab6e101118 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 10 Jan 2025 15:35:13 +0100 +Subject: [PATCH 2/2] sysusers: emit audit events for user and group creation + +Background: Fedora/RHEL are switching to sysusers.d metadata for creation of +users and groups for system users defined by packages +(https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers). +Packages carry sysusers files. During package installation, rpm calls an +program to execute on this config. This program may either be +/usr/lib/rpm/sysusers.sh which calls useradd/groupadd, or +/usr/bin/systemd-sysusers. To match the functionality provided by +useradd/groupadd from the shadow-utils project, systemd-sysusers must emit +audit events so that it provides a drop-in replacement. + +systemd-sysuers will emit audit events AUDIT_ADD_USER/AUDIT_ADD_GROUP when +adding users and groups. The operation "names" are copied from shadow-utils in +Fedora (which has a patch to change them from the upstream version), so the +format of the events that is generated on success should be identical. + +The helper code is shared between sysusers and utmp-wtmp. I changed the +audit_fd variable to be unconditional. This way we can avoid ugly iffdefery +every time the variable would be used. The cost is that 4 bytes of unused +storage might be present. This is negligible, and the compiler might even be +able to optimize that away if it inlines things. +--- + src/basic/audit-util.h | 33 +++++++++++++++++++++ + src/sysusers/meson.build | 2 ++ + src/sysusers/sysusers.c | 56 +++++++++++++++++++++++++++++++++++ + src/update-utmp/update-utmp.c | 23 ++------------ + 4 files changed, 94 insertions(+), 20 deletions(-) + +diff --git a/src/basic/audit-util.h b/src/basic/audit-util.h +index 9a74e4f102..d8ecf14f69 100644 +--- a/src/basic/audit-util.h ++++ b/src/basic/audit-util.h +@@ -1,10 +1,16 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + #pragma once + ++#if HAVE_AUDIT ++# include ++#endif ++ + #include + #include + #include + ++#include "errno-util.h" ++#include "log.h" + #include "pidref.h" + + #define AUDIT_SESSION_INVALID UINT32_MAX +@@ -17,3 +23,30 @@ bool use_audit(void); + static inline bool audit_session_is_valid(uint32_t id) { + return id > 0 && id != AUDIT_SESSION_INVALID; + } ++ ++/* The wrappers for audit_open() and audit_close() are inline functions so that we don't get a spurious ++ * linkage to libaudit in libbasic, but we also don't need to create a separate source file for two very ++ * short functions. */ ++ ++static inline int close_audit_fd(int fd) { ++#if HAVE_AUDIT ++ if (fd >= 0) ++ audit_close(fd); ++#else ++ assert(fd < 0); ++#endif ++ return -EBADF; ++} ++ ++static inline int open_audit_fd_or_warn(void) { ++ int fd = -EBADF; ++ ++#if HAVE_AUDIT ++ /* If the kernel lacks netlink or audit support, don't worry about it. */ ++ fd = audit_open(); ++ if (fd < 0) ++ return log_full_errno(ERRNO_IS_NOT_SUPPORTED(errno) ? LOG_DEBUG : LOG_WARNING, ++ errno, "Failed to connect to audit log, ignoring: %m"); ++#endif ++ return fd; ++} +diff --git a/src/sysusers/meson.build b/src/sysusers/meson.build +index 123ff41d3f..c968f55110 100644 +--- a/src/sysusers/meson.build ++++ b/src/sysusers/meson.build +@@ -9,6 +9,7 @@ executables += [ + 'name' : 'systemd-sysusers', + 'public' : true, + 'sources' : files('sysusers.c'), ++ 'dependencies' : libaudit, + }, + executable_template + { + 'name' : 'systemd-sysusers.standalone', +@@ -20,6 +21,7 @@ executables += [ + libshared_static, + libsystemd_static, + ], ++ 'dependencies' : libaudit, + 'build_by_default' : have_standalone_binaries, + 'install' : have_standalone_binaries, + }, +diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c +index 44253483db..84eb9fc0c3 100644 +--- a/src/sysusers/sysusers.c ++++ b/src/sysusers/sysusers.c +@@ -3,6 +3,7 @@ + #include + + #include "alloc-util.h" ++#include "audit-util.h" + #include "build.h" + #include "chase.h" + #include "conf-files.h" +@@ -106,6 +107,8 @@ STATIC_DESTRUCTOR_REGISTER(arg_image, freep); + STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep); + + typedef struct Context { ++ int audit_fd; ++ + OrderedHashmap *users, *groups; + OrderedHashmap *todo_uids, *todo_gids; + OrderedHashmap *members; +@@ -126,6 +129,8 @@ typedef struct Context { + static void context_done(Context *c) { + assert(c); + ++ c->audit_fd = close_audit_fd(c->audit_fd); ++ + ordered_hashmap_free(c->groups); + ordered_hashmap_free(c->users); + ordered_hashmap_free(c->members); +@@ -163,6 +168,48 @@ static void maybe_emit_login_defs_warning(Context *c) { + c->login_defs_need_warning = false; + } + ++static void log_audit_accounts(Context *c, ItemType what) { ++#if HAVE_AUDIT ++ assert(c); ++ assert(IN_SET(what, ADD_USER, ADD_GROUP)); ++ ++ if (arg_dry_run || c->audit_fd < 0) ++ return; ++ ++ Item *i; ++ int type = what == ADD_USER ? AUDIT_ADD_USER : AUDIT_ADD_GROUP; ++ const char *op = what == ADD_USER ? "adding-user" : "adding-group"; ++ ++ /* Notes: ++ * ++ * The op must not contain whitespace. The format with a dash matches what Fedora shadow-utils uses. ++ * ++ * We send id == -1, even though we know the number, in particular on success. This is because if we ++ * send the id, the generated audit message will not contain the name. The name seems more useful ++ * than the number, hence send just the name: ++ * ++ * type=ADD_USER msg=audit(01/10/2025 16:02:00.639:3854) : ++ * pid=3846380 uid=root auid=zbyszek ses=2 msg='op=adding-user id=unknown(952) exe=systemd-sysusers ... res=success' ++ * vs. ++ * type=ADD_USER msg=audit(01/10/2025 16:03:15.457:3908) : ++ * pid=3846607 uid=root auid=zbyszek ses=2 msg='op=adding-user acct=foo5 exe=systemd-sysusers ... res=success' ++ */ ++ ++ ORDERED_HASHMAP_FOREACH(i, what == ADD_USER ? c->todo_uids : c->todo_gids) ++ audit_log_acct_message( ++ c->audit_fd, ++ type, ++ program_invocation_short_name, ++ op, ++ i->name, ++ /* id= */ (unsigned) -1, ++ /* host= */ NULL, ++ /* addr= */ NULL, ++ /* tty= */ NULL, ++ /* success= */ 1); ++#endif ++} ++ + static int load_user_database(Context *c) { + _cleanup_fclose_ FILE *f = NULL; + const char *passwd_path; +@@ -971,6 +1018,8 @@ static int write_files(Context *c) { + group_tmp, group_path); + group_tmp = mfree(group_tmp); + } ++ /* OK, we have written the group entries successfully */ ++ log_audit_accounts(c, ADD_GROUP); + if (gshadow) { + r = rename_and_apply_smack_floor_label(gshadow_tmp, gshadow_path); + if (r < 0) +@@ -988,6 +1037,8 @@ static int write_files(Context *c) { + + passwd_tmp = mfree(passwd_tmp); + } ++ /* OK, we have written the user entries successfully */ ++ log_audit_accounts(c, ADD_USER); + if (shadow) { + r = rename_and_apply_smack_floor_label(shadow_tmp, shadow_path); + if (r < 0) +@@ -2232,6 +2283,7 @@ static int run(int argc, char *argv[]) { + #endif + _cleanup_close_ int lock = -EBADF; + _cleanup_(context_done) Context c = { ++ .audit_fd = -EBADF, + .search_uid = UID_INVALID, + }; + +@@ -2281,6 +2333,10 @@ static int run(int argc, char *argv[]) { + assert(!arg_image); + #endif + ++ /* Prepare to emit audit events, but only if we're operating on the host system. */ ++ if (!arg_root) ++ c.audit_fd = open_audit_fd_or_warn(); ++ + /* If command line arguments are specified along with --replace, read all configuration files and + * insert the positional arguments at the specified place. Otherwise, if command line arguments are + * specified, execute just them, and finally, without --replace= or any positional arguments, just +diff --git a/src/update-utmp/update-utmp.c b/src/update-utmp/update-utmp.c +index a10e6d478a..6df9414063 100644 +--- a/src/update-utmp/update-utmp.c ++++ b/src/update-utmp/update-utmp.c +@@ -5,12 +5,9 @@ + #include + #include + +-#if HAVE_AUDIT +-#include +-#endif +- + #include "sd-bus.h" + ++#include "audit-util.h" + #include "alloc-util.h" + #include "bus-error.h" + #include "bus-locator.h" +@@ -30,20 +27,14 @@ + + typedef struct Context { + sd_bus *bus; +-#if HAVE_AUDIT + int audit_fd; +-#endif + } Context; + + static void context_clear(Context *c) { + assert(c); + + c->bus = sd_bus_flush_close_unref(c->bus); +-#if HAVE_AUDIT +- if (c->audit_fd >= 0) +- audit_close(c->audit_fd); +- c->audit_fd = -EBADF; +-#endif ++ c->audit_fd = close_audit_fd(c->audit_fd); + } + + static int get_startup_monotonic_time(Context *c, usec_t *ret) { +@@ -256,22 +247,14 @@ static int run(int argc, char *argv[]) { + }; + + _cleanup_(context_clear) Context c = { +-#if HAVE_AUDIT + .audit_fd = -EBADF, +-#endif + }; + + log_setup(); + + umask(0022); + +-#if HAVE_AUDIT +- /* If the kernel lacks netlink or audit support, don't worry about it. */ +- c.audit_fd = audit_open(); +- if (c.audit_fd < 0) +- log_full_errno(IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT) ? LOG_DEBUG : LOG_WARNING, +- errno, "Failed to connect to audit log, ignoring: %m"); +-#endif ++ c.audit_fd = open_audit_fd_or_warn(); + + return dispatch_verb(argc, argv, verbs, &c); + } +-- +2.47.1 + diff --git a/systemd.spec b/systemd.spec index c513a1c..8b7735e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -118,6 +118,11 @@ Patch: https://github.com/systemd/systemd/pull/26494.patch # https://github.com/coreos/fedora-coreos-tracker/issues/1857 Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch +# Backport of sysusers audit support for +# https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers. +Patch: 0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch +Patch: 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch From cc9bce7893d956c5e0a5041e0890150b21c0d6d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 21 Jan 2025 21:57:39 +0100 Subject: [PATCH 224/327] Drop override of $PATH in the user manager We had the override so that the user would have /usr/bin:/usr/sbin, which root had /usr/sbin:/usr/bin. Now that /usr/sbin and /usr/bin are merged, we don't want this. This should fix the issue reported in https://discussion.fedoraproject.org/t/f40-change-proposal-unify-usr-bin-and-usr-sbin-system-wide/99853/25. --- systemd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 8b7735e..e41fab3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -767,7 +767,6 @@ CONFIGURE_OPTS=( -Drc-local=/etc/rc.d/rc.local -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' -Ddns-servers= - -Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin -Dservice-watchdog= -Ddev-kvm-mode=0666 -Dkmod=enabled From de4ae54a3486ca1e0139fc3efdb862883dd6d01a Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Mon, 27 Jan 2025 13:49:04 -0800 Subject: [PATCH 225/327] Backport PR #36194 to add Georgian mapping to kbd-model-map Signed-off-by: Adam Williamson --- ...kbd-model-map-add-a-georgian-mapping.patch | 26 +++++++++++++++++++ systemd.spec | 5 ++++ 2 files changed, 31 insertions(+) create mode 100644 0001-kbd-model-map-add-a-georgian-mapping.patch diff --git a/0001-kbd-model-map-add-a-georgian-mapping.patch b/0001-kbd-model-map-add-a-georgian-mapping.patch new file mode 100644 index 0000000..29d2b40 --- /dev/null +++ b/0001-kbd-model-map-add-a-georgian-mapping.patch @@ -0,0 +1,26 @@ +From d8a47df70daaf1694efe6734348827b57911d65f Mon Sep 17 00:00:00 2001 +From: Adam Williamson +Date: Fri, 10 Jan 2025 13:01:47 -0800 +Subject: [PATCH] kbd-model-map: add a georgian mapping + +https://github.com/legionus/kbd/pull/127 adds a Georgian mapping +to kbd. console-setup already has one. Let's support it here, so +it's used for Georgian installs on distros that use this table. + +Signed-off-by: Adam Williamson +--- + src/locale/kbd-model-map | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/locale/kbd-model-map b/src/locale/kbd-model-map +index 279d1a36d8..612f6d749a 100644 +--- a/src/locale/kbd-model-map ++++ b/src/locale/kbd-model-map +@@ -70,3 +70,4 @@ khmer kh,us pc105 - terminate:ctrl_alt_bksp + es-dvorak es microsoftpro dvorak terminate:ctrl_alt_bksp + lv lv pc105 apostrophe terminate:ctrl_alt_bksp + lv-tilde lv pc105 tilde terminate:ctrl_alt_bksp ++ge ge,us pc105 - terminate:ctrl_alt_bksp +-- +2.47.1 + diff --git a/systemd.spec b/systemd.spec index e41fab3..ed0f857 100644 --- a/systemd.spec +++ b/systemd.spec @@ -131,6 +131,11 @@ Patch: https://github.com/systemd/systemd/pull/30846.patch Patch: https://github.com/systemd/systemd/pull/35938.patch %endif +# https://github.com/systemd/systemd/pull/36194 +# https://bugzilla.redhat.com/show_bug.cgi?id=2336875 +# add Georgian mapping to kbd-model-map +Patch: 0001-kbd-model-map-add-a-georgian-mapping.patch + %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 %endif From 1ffa7bf7c74e09fa42525f17e9da5f51c72ada02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 28 Jan 2025 10:08:50 +0100 Subject: [PATCH 226/327] Make Georgian mapping patch downstream-only [skip changelog] --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index ed0f857..484fc46 100644 --- a/systemd.spec +++ b/systemd.spec @@ -129,12 +129,12 @@ Patch: https://github.com/systemd/systemd/pull/30846.patch # Backport various fmf fixes to allow running the integration tests in Fedora CI. Patch: https://github.com/systemd/systemd/pull/35938.patch -%endif # https://github.com/systemd/systemd/pull/36194 # https://bugzilla.redhat.com/show_bug.cgi?id=2336875 # add Georgian mapping to kbd-model-map Patch: 0001-kbd-model-map-add-a-georgian-mapping.patch +%endif %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 From d66f99791591eb8be0825173326aa0af64598f0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Sat, 1 Feb 2025 19:57:43 +0100 Subject: [PATCH 227/327] Add explicit BR: libxcrypt-devel MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Björn Esser --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index 484fc46..dfe0393 100644 --- a/systemd.spec +++ b/systemd.spec @@ -149,6 +149,7 @@ BuildRequires: libcap-devel BuildRequires: libmount-devel BuildRequires: libfdisk-devel BuildRequires: libpwquality-devel +BuildRequires: libxcrypt-devel BuildRequires: pam-devel BuildRequires: libselinux-devel BuildRequires: audit-libs-devel From 2c0b984bf41db96b6e80ef53947aeb878b326cbb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 13 Feb 2025 20:27:12 +0100 Subject: [PATCH 228/327] Version 257.3 - updates to systemd, systemctl, systemd-udev, systemd-sbsign, systemd-machined, systemd-resolved, systemd-firstboot, systemd-sysupdate, systemd-repart, systemd-vmspawn, systemd-networkd, systemd-update-utmp, systemd-tmpfiles, systemd-logind, bootctl, varlink, ukify, homectl, userdbctl, UKI support, sd-stub, log messages, man pages - the hwdb is updated from mainline at 2025-02-07 - resolves rhbz#2345544 --- ...kbd-model-map-add-a-georgian-mapping.patch | 26 - 35938.patch | 879 ------------------ sources | 2 +- systemd.spec | 10 +- 4 files changed, 2 insertions(+), 915 deletions(-) delete mode 100644 0001-kbd-model-map-add-a-georgian-mapping.patch delete mode 100644 35938.patch diff --git a/0001-kbd-model-map-add-a-georgian-mapping.patch b/0001-kbd-model-map-add-a-georgian-mapping.patch deleted file mode 100644 index 29d2b40..0000000 --- a/0001-kbd-model-map-add-a-georgian-mapping.patch +++ /dev/null @@ -1,26 +0,0 @@ -From d8a47df70daaf1694efe6734348827b57911d65f Mon Sep 17 00:00:00 2001 -From: Adam Williamson -Date: Fri, 10 Jan 2025 13:01:47 -0800 -Subject: [PATCH] kbd-model-map: add a georgian mapping - -https://github.com/legionus/kbd/pull/127 adds a Georgian mapping -to kbd. console-setup already has one. Let's support it here, so -it's used for Georgian installs on distros that use this table. - -Signed-off-by: Adam Williamson ---- - src/locale/kbd-model-map | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/locale/kbd-model-map b/src/locale/kbd-model-map -index 279d1a36d8..612f6d749a 100644 ---- a/src/locale/kbd-model-map -+++ b/src/locale/kbd-model-map -@@ -70,3 +70,4 @@ khmer kh,us pc105 - terminate:ctrl_alt_bksp - es-dvorak es microsoftpro dvorak terminate:ctrl_alt_bksp - lv lv pc105 apostrophe terminate:ctrl_alt_bksp - lv-tilde lv pc105 tilde terminate:ctrl_alt_bksp -+ge ge,us pc105 - terminate:ctrl_alt_bksp --- -2.47.1 - diff --git a/35938.patch b/35938.patch deleted file mode 100644 index 7f9f9be..0000000 --- a/35938.patch +++ /dev/null @@ -1,879 +0,0 @@ -From 1f21bbecade2c74a02ec8e2d5ebc8757752ea7b2 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 8 Jan 2025 10:25:05 +0100 -Subject: [PATCH 01/22] fmf: Don't fail if we can't put selinux in permissive - mode - -The tests might be running unprivileged or in an environment without -selinux so let's not fail if we can't put it in permissive mode. - -(cherry picked from commit 0250db0139b159cb9e6c1a87ad91ffdd03e80236) ---- - test/fmf/integration-tests/test.sh | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 4984fb119b571..fe139567bdf06 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -4,8 +4,8 @@ - set -eux - set -o pipefail - --# Switch SELinux to permissive, since the tests don't set proper contexts --setenforce 0 -+# Switch SELinux to permissive if possible, since the tests don't set proper contexts -+setenforce 0 || true - - # Allow running the integration tests downstream in dist-git with something like - # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: - -From 006ff34ef7d27aa10fd7343dacd1663f25561799 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 8 Jan 2025 10:25:50 +0100 -Subject: [PATCH 02/22] fmf: Fix dist-git example - -All that's needed is dist-git-source: true so remove the other settings -that aren't required. - -(cherry picked from commit 0a85b3757968a2750286119760244e017c990263) ---- - test/fmf/integration-tests/test.sh | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index fe139567bdf06..73771d4237207 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -13,9 +13,6 @@ setenforce 0 || true - # summary: systemd Fedora test suite - # discover: - # how: fmf --# url: https://github.com/systemd/systemd --# ref: main --# path: test/fmf - # dist-git-source: true - # dist-git-install-builddeps: false - # prepare: - -From fc5028ef24af77c9bf0965bb9e3518cdc1041797 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 8 Jan 2025 10:38:21 +0100 -Subject: [PATCH 03/22] fmf: Fix glob - -Globs inside quotes aren't expanded and we need the glob to be more -specific to avoid matching multiple entries inside the tmt source -directory. - -(cherry picked from commit fc1b08dee2ccf706580fa448e66831d1e853d054) ---- - test/fmf/integration-tests/test.sh | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 73771d4237207..0a1595fa97268 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -23,8 +23,11 @@ setenforce 0 || true - # execute: - # how: tmt - -+shopt -s extglob -+ - if [[ -n "${TMT_SOURCE_DIR:-}" ]]; then -- pushd "$TMT_SOURCE_DIR/*/" -+ # Match either directories ending with branch names (e.g. systemd-fmf) or releases (e.g systemd-257.1). -+ pushd "$TMT_SOURCE_DIR"/systemd-+([0-9a-z.~])/ - elif [[ -n "${PACKIT_TARGET_URL:-}" ]]; then - # Prepare systemd source tree - git clone "$PACKIT_TARGET_URL" systemd --branch "$PACKIT_TARGET_BRANCH" - -From bff09b9634e0160bd33302eec1c25438cdba2af5 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 8 Jan 2025 12:12:15 +0100 -Subject: [PATCH 04/22] fmf: Only mess with /etc/yum.repos.d when running - within testing farm - -If running tmt locally to debug the test script, make sure we don't -mess with /etc/yum.repos.d. - -(cherry picked from commit 8e3347f3bd3d9a01b8f39b0858eab74084ecf20a) ---- - test/fmf/integration-tests/test.sh | 18 ++++++++++++------ - 1 file changed, 12 insertions(+), 6 deletions(-) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 0a1595fa97268..347cd219a458a 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -63,6 +63,11 @@ Release=${VERSION_ID:-rawhide} - [Build] - ToolsTreeDistribution=$ID - ToolsTreeRelease=${VERSION_ID:-rawhide} -+EOF -+ -+if [[ -n "${TESTING_FARM_REQUEST_ID:-}" ]]; then -+ tee --append mkosi.local.conf <> /etc/yum.repos.d/copr_build* -+ # Ensure packages built for this test have highest priority -+ echo -e "\npriority=1" >> /etc/yum.repos.d/copr_build* - --# Disable mkosi's own repository logic --touch /etc/yum.repos.d/mkosi.repo -+ # Disable mkosi's own repository logic -+ touch /etc/yum.repos.d/mkosi.repo -+fi - - # TODO: drop once BTRFS regression is fixed in kernel 6.13 - sed -i "s/Format=btrfs/Format=ext4/" mkosi.repart/10-root.conf - -From d0b9af0f2bb5f8891eb4def4ec201bf527fe2096 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 8 Jan 2025 16:41:46 +0100 -Subject: [PATCH 05/22] fmf: Dump CPU and memory information - -(cherry picked from commit 44368f84d7ddbec7a50648a65c27cb6a31090a29) ---- - test/fmf/integration-tests/test.sh | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 347cd219a458a..4545090c3c1ab 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -7,6 +7,10 @@ set -o pipefail - # Switch SELinux to permissive if possible, since the tests don't set proper contexts - setenforce 0 || true - -+echo "CPU and Memory information:" -+lscpu -+lsmem -+ - # Allow running the integration tests downstream in dist-git with something like - # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: - # - -From c8cd705e5ed0a1f1fe642772a7605b36f30215a1 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 8 Jan 2025 13:31:11 +0100 -Subject: [PATCH 06/22] TEST-06-SELINUX: Add knob to allow checking for AVCs - -When running the integration tests downstream, it's useful to be -able to test that a new systemd version doesn't introduce any AVC -denials, so let's add a knob to make that possible. - -(cherry picked from commit de19520ec979902fd457515d1a795210fdaedf93) ---- - test/README.testsuite | 10 ++++++++++ - test/fmf/integration-tests/test.sh | 7 +++++++ - test/units/TEST-06-SELINUX.sh | 4 ++++ - 3 files changed, 21 insertions(+) - -diff --git a/test/README.testsuite b/test/README.testsuite -index da2d17a6dba7c..6b367aa6738fa 100644 ---- a/test/README.testsuite -+++ b/test/README.testsuite -@@ -151,6 +151,16 @@ that make use of `run_testcases`. - - `TEST_SKIP_TESTCASE=testcase`: takes a space separated list of testcases to skip. - -+### SELinux AVCs -+ -+To have `TEST-06-SELINUX` check for SELinux denials, write the following to -+mkosi.local.conf: -+ -+```conf -+[Runtime] -+KernelCommandLineExtra=systemd.setenv=TEST_SELINUX_CHECK_AVCS=1 -+``` -+ - ## Ubuntu CI - - New PRs submitted to the project are run through regression tests, and one set -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 4545090c3c1ab..fccfa15c72821 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -69,6 +69,13 @@ ToolsTreeDistribution=$ID - ToolsTreeRelease=${VERSION_ID:-rawhide} - EOF - -+if [[ -n "${TEST_SELINUX_CHECK_AVCS:-}" ]]; then -+ tee --append mkosi.local.conf < -Date: Wed, 8 Jan 2025 16:03:06 +0100 -Subject: [PATCH 07/22] fmf: Force SELinux relabel when running within testing - farm - -We expect to run as root within testing farm and to have permissions -to do selinux relabelling so let's enable it explicitly. - -(cherry picked from commit e1c883bf32f3922bfc977701062e353c0a0a4ac5) ---- - test/fmf/integration-tests/test.sh | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index fccfa15c72821..8cea79cf30274 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -78,6 +78,9 @@ fi - - if [[ -n "${TESTING_FARM_REQUEST_ID:-}" ]]; then - tee --append mkosi.local.conf < -Date: Thu, 9 Jan 2025 11:27:51 +0100 -Subject: [PATCH 08/22] test: Drop set -x from integration-test-setup.sh - -(cherry picked from commit 90538ede55ac9d40dc513f64f052c687672cae89) ---- - test/integration-test-setup.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/test/integration-test-setup.sh b/test/integration-test-setup.sh -index d7c384a97cf48..c67f938acf26f 100755 ---- a/test/integration-test-setup.sh -+++ b/test/integration-test-setup.sh -@@ -1,6 +1,6 @@ - #!/usr/bin/env bash - # SPDX-License-Identifier: LGPL-2.1-or-later --set -eux -+set -eu - set -o pipefail - - case "$1" in - -From 9f6617a1a086ecbdd4abb29d4a5b4eada05eb9c4 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 9 Jan 2025 11:28:15 +0100 -Subject: [PATCH 09/22] test: Only plug in integration-test-setup.sh in - interactive mode - -If we're not running interactively, there's no point in the features -from integration-test-setup.sh which are intended for interactive -development and debugging so lets skip adding it in that case. - -(cherry picked from commit 794d456cf402a35290d6562c21f0ff846511026c) ---- - test/integration-test-wrapper.py | 9 +++++++++ - test/test.service.in | 2 -- - 2 files changed, 9 insertions(+), 2 deletions(-) - -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index ef6df8840f50d..5fa0325b889e5 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -459,6 +459,15 @@ def main() -> None: - """ - ) - -+ if sys.stderr.isatty(): -+ dropin += textwrap.dedent( -+ """ -+ [Service] -+ ExecStartPre=/usr/lib/systemd/tests/testdata/integration-test-setup.sh setup -+ ExecStopPost=/usr/lib/systemd/tests/testdata/integration-test-setup.sh finalize -+ """ -+ ) -+ - cmd = [ - args.mkosi, - '--directory', os.fspath(args.meson_source_dir), -diff --git a/test/test.service.in b/test/test.service.in -index 6400be0700288..75f703698f687 100644 ---- a/test/test.service.in -+++ b/test/test.service.in -@@ -7,9 +7,7 @@ Before=getty-pre.target - - [Service] - ExecStartPre=rm -f /failed /testok --ExecStartPre=/usr/lib/systemd/tests/testdata/integration-test-setup.sh setup - ExecStart=@command@ --ExecStopPost=/usr/lib/systemd/tests/testdata/integration-test-setup.sh finalize - Type=oneshot - MemoryAccounting=@memory-accounting@ - StateDirectory=%N - -From 2aa2a0c9d166fd7a77c027852255bf248fe63aa0 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Tue, 7 Jan 2025 15:01:02 +0100 -Subject: [PATCH 10/22] mkosi: Re-enable TEST-21-DFUZZER when running with - sanitizers - -Similar to how CentOS CI did it previously, let's only run -TEST-21-DFUZZER when built with sanitizers for maximum effect. - -(cherry picked from commit 103e92810a4bd3f01d2a49d85ef9575d60a8d244) ---- - .github/workflows/mkosi.yml | 8 ++++++++ - test/TEST-21-DFUZZER/meson.build | 1 - - 2 files changed, 8 insertions(+), 1 deletion(-) - -diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml -index a043022ce05a1..592ed41051458 100644 ---- a/.github/workflows/mkosi.yml -+++ b/.github/workflows/mkosi.yml -@@ -61,6 +61,7 @@ jobs: - cflags: "-O2 -D_FORTIFY_SOURCE=3" - relabel: no - vm: 1 -+ skip: TEST-21-DFUZZER - - distro: debian - release: testing - sanitizers: "" -@@ -68,6 +69,7 @@ jobs: - cflags: "-Og" - relabel: no - vm: 0 -+ skip: TEST-21-DFUZZER - - distro: ubuntu - release: noble - sanitizers: "" -@@ -75,6 +77,7 @@ jobs: - cflags: "-Og" - relabel: no - vm: 0 -+ skip: TEST-21-DFUZZER - - distro: fedora - release: "41" - sanitizers: "" -@@ -82,6 +85,7 @@ jobs: - cflags: "-Og" - relabel: yes - vm: 0 -+ skip: TEST-21-DFUZZER - - distro: fedora - release: rawhide - sanitizers: address,undefined -@@ -96,6 +100,7 @@ jobs: - cflags: "-Og" - relabel: no - vm: 0 -+ skip: TEST-21-DFUZZER - - distro: centos - release: "9" - sanitizers: "" -@@ -103,6 +108,7 @@ jobs: - cflags: "-Og" - relabel: yes - vm: 0 -+ skip: TEST-21-DFUZZER - - distro: centos - release: "10" - sanitizers: "" -@@ -110,6 +116,7 @@ jobs: - cflags: "-Og" - relabel: yes - vm: 0 -+ skip: TEST-21-DFUZZER - - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 -@@ -195,6 +202,7 @@ jobs: - mkosi sandbox \ - env \ - TEST_PREFER_QEMU=${{ matrix.vm }} \ -+ TEST_SKIP=${{ matrix.skip }} \ - meson test \ - -C build \ - --no-rebuild \ -diff --git a/test/TEST-21-DFUZZER/meson.build b/test/TEST-21-DFUZZER/meson.build -index f57be63380222..932f0c5f0e407 100644 ---- a/test/TEST-21-DFUZZER/meson.build -+++ b/test/TEST-21-DFUZZER/meson.build -@@ -6,6 +6,5 @@ integration_tests += [ - 'timeout' : 3600, - 'priority' : 50, - 'vm' : true, -- 'enabled' : false, - }, - ] - -From 0d6306c37144494e8b029a5f73aec40372587203 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 9 Jan 2025 15:13:18 +0100 -Subject: [PATCH 11/22] fmf: Move meson logs and failed test journals to test - artifacts dir - -(cherry picked from commit 0e444c948e7d8ddbdec83116b68af7d876e2d2f6) ---- - test/fmf/integration-tests/test.sh | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 8cea79cf30274..762016f2a5c1c 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -125,6 +125,11 @@ mkosi -f sandbox \ - --suite integration-tests \ - --print-errorlogs \ - --no-stdsplit \ -- --num-processes "$(($(nproc) - 1))" -+ --num-processes "$(($(nproc) - 1))" && EC=0 || EC=$? -+ -+find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; -+find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; - - popd -+ -+exit "$EC" - -From 80d2d53b0d8573b69597a37f6ced38df97ad2746 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 9 Jan 2025 15:24:51 +0100 -Subject: [PATCH 12/22] fmf: Log clock source - -(cherry picked from commit 6e761c5a93278fc719a66f7c984af9608b836991) ---- - test/fmf/integration-tests/test.sh | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 762016f2a5c1c..d1e43b1d7dbc9 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -11,6 +11,8 @@ echo "CPU and Memory information:" - lscpu - lsmem - -+echo "Clock source: $(cat /sys/devices/system/clocksource/clocksource0/current_clocksource)" -+ - # Allow running the integration tests downstream in dist-git with something like - # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: - # - -From 0584ff62f23838d2a85d48ce22a56aeb61e6f3e7 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 9 Jan 2025 16:24:22 +0100 -Subject: [PATCH 13/22] tree-wide: Fix python formatting - -The new release of ruff formats a few more things which causes linter -failures in CI so let's fix those formatting nits. - -(cherry picked from commit 96403d5121d93dd47dbe9dab5b90ff973e664ac3) ---- - src/ukify/ukify.py | 6 +++--- - test/integration-test-wrapper.py | 6 +++--- - 2 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py -index 3f36aa7af6b08..be4e30eb8e36e 100755 ---- a/src/ukify/ukify.py -+++ b/src/ukify/ukify.py -@@ -763,7 +763,7 @@ def call_systemd_measure(uki: UKI, opts: UkifyConfig, profile_start: int = 0) -> - cmd = [ - measure_tool, - 'calculate', -- *(f"--{s.name.removeprefix('.')}={s.content}" for s in to_measure.values()), -+ *(f'--{s.name.removeprefix(".")}={s.content}' for s in to_measure.values()), - *(f'--bank={bank}' for bank in banks), - # For measurement, the keys are not relevant, so we can lump all the phase paths - # into one call to systemd-measure calculate. -@@ -786,7 +786,7 @@ def call_systemd_measure(uki: UKI, opts: UkifyConfig, profile_start: int = 0) -> - cmd = [ - measure_tool, - 'sign', -- *(f"--{s.name.removeprefix('.')}={s.content}" for s in to_measure.values()), -+ *(f'--{s.name.removeprefix(".")}={s.content}' for s in to_measure.values()), - *(f'--bank={bank}' for bank in banks), - ] - -@@ -1284,7 +1284,7 @@ def make_uki(opts: UkifyConfig) -> None: - os.umask(umask := os.umask(0)) - os.chmod(opts.output, 0o777 & ~umask) - -- print(f"Wrote {'signed' if sign_args_present else 'unsigned'} {opts.output}") -+ print(f'Wrote {"signed" if sign_args_present else "unsigned"} {opts.output}') - - - @contextlib.contextmanager -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index 5fa0325b889e5..d9d92fcba3b0e 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -429,7 +429,7 @@ def main() -> None: - dropin += textwrap.dedent( - f""" - [Service] -- Environment=TEST_MATCH_SUBTEST={os.environ["TEST_MATCH_SUBTEST"]} -+ Environment=TEST_MATCH_SUBTEST={os.environ['TEST_MATCH_SUBTEST']} - """ - ) - -@@ -437,7 +437,7 @@ def main() -> None: - dropin += textwrap.dedent( - f""" - [Service] -- Environment=TEST_MATCH_TESTCASE={os.environ["TEST_MATCH_TESTCASE"]} -+ Environment=TEST_MATCH_TESTCASE={os.environ['TEST_MATCH_TESTCASE']} - """ - ) - -@@ -568,7 +568,7 @@ def main() -> None: - - ops += [f'journalctl --file {journal_file} --no-hostname -o short-monotonic -u {args.unit} -p info'] - -- print("Test failed, relevant logs can be viewed with: \n\n" f"{(' && '.join(ops))}\n", file=sys.stderr) -+ print(f'Test failed, relevant logs can be viewed with: \n\n{(" && ".join(ops))}\n', file=sys.stderr) - - # 0 also means we failed so translate that to a non-zero exit code to mark the test as failed. - exit(result.returncode or 1) - -From eb15a87fb0ba3d37b58e0b74f6c796f6d632c273 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 10 Jan 2025 14:27:33 +0100 -Subject: [PATCH 14/22] test: Add option to save in progress test journals to - /tmp - -The journal isn't the best at being fast, especially when writing -to disk and not to memory, which can cause integration tests to -grind to a halt on beefy systems due to all the systemd-journal-remote -instances not being able to write journal entries to disk fast enough. - -Let's introduce an option to allow writing in progress test journals -to use /tmp which can be used on beefy systems with lots of memory to -speed things up. - -(cherry picked from commit e49fdecd161b3d391e55311652fda3220d851fa1) ---- - test/README.testsuite | 4 ++++ - test/integration-test-wrapper.py | 12 +++++++++++- - 2 files changed, 15 insertions(+), 1 deletion(-) - -diff --git a/test/README.testsuite b/test/README.testsuite -index 6b367aa6738fa..e33c08f33a20e 100644 ---- a/test/README.testsuite -+++ b/test/README.testsuite -@@ -151,6 +151,10 @@ that make use of `run_testcases`. - - `TEST_SKIP_TESTCASE=testcase`: takes a space separated list of testcases to skip. - -+`TEST_JOURNAL_USE_TMP=1`: Write test journal to `/tmp` while the test is in -+progress and only move the journal to its final location in the build directory -+(`$BUILD_DIR/test/journal`) when the test is finished. -+ - ### SELinux AVCs - - To have `TEST-06-SELINUX` check for SELinux denials, write the following to -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index d9d92fcba3b0e..1c28cf3776e80 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -10,6 +10,7 @@ - import os - import re - import shlex -+import shutil - import subprocess - import sys - import tempfile -@@ -441,7 +442,11 @@ def main() -> None: - """ - ) - -- journal_file = (args.meson_build_dir / (f'test/journal/{name}.journal')).absolute() -+ if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': -+ journal_file = Path(f'/tmp/systemd-integration-tests/journal/{name.journal}') -+ else: -+ journal_file = (args.meson_build_dir / f'test/journal/{name}.journal').absolute() -+ - journal_file.unlink(missing_ok=True) - - if not sys.stderr.isatty(): -@@ -551,6 +556,11 @@ def main() -> None: - ): - journal_file.unlink(missing_ok=True) - -+ if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': -+ dst = args.meson_build_dir / f'test/journal/{name}.journal' -+ dst.parent.mkdir(parents=True, exist_ok=True) -+ shutil.move(journal_file, dst) -+ - if shell or (result.returncode in (args.exit_code, 77) and not coredumps and not sanitizer): - exit(0 if shell or result.returncode == args.exit_code else 77) - - -From ce86b8086e92c84e33385fb48467384abe74ca6d Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 10 Jan 2025 14:29:58 +0100 -Subject: [PATCH 15/22] test: Don't register machines with machined unless - we're in interactive mode - -(cherry picked from commit 84b30442d257102a9a39122f9a537fa48fb0bfda) ---- - test/integration-test-wrapper.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index 1c28cf3776e80..94904cfbc4c05 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -516,7 +516,7 @@ def main() -> None: - ] - ), - '--credential', f"journal.storage={'persistent' if sys.stderr.isatty() else args.storage}", -- *(['--runtime-build-sources=no'] if not sys.stderr.isatty() else []), -+ *(['--runtime-build-sources=no', '--register=no'] if not sys.stderr.isatty() else []), - 'vm' if args.vm or os.getuid() != 0 or os.getenv('TEST_PREFER_QEMU', '0') == '1' else 'boot', - ] # fmt: skip - - -From 504eee6eb099c80b48d8bf7e82ca9e0d6549e076 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 10 Jan 2025 14:51:24 +0100 -Subject: [PATCH 16/22] test: Move StateDirectory= directive into dropin - -The integration-test-setup calls require StateDirectory= but some -tests override the test unit used which then won't have StateDirectory= -so let's move StateDirectory= into the dropin as well to avoid this -issue. - -(cherry picked from commit 1f17ec0ed419627a686ee6e719ac7f55cf082ada) ---- - test/integration-test-wrapper.py | 1 + - test/test.service.in | 1 - - 2 files changed, 1 insertion(+), 1 deletion(-) - -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index 94904cfbc4c05..610c34c903425 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -470,6 +470,7 @@ def main() -> None: - [Service] - ExecStartPre=/usr/lib/systemd/tests/testdata/integration-test-setup.sh setup - ExecStopPost=/usr/lib/systemd/tests/testdata/integration-test-setup.sh finalize -+ StateDirectory=%N - """ - ) - -diff --git a/test/test.service.in b/test/test.service.in -index 75f703698f687..790c513da4338 100644 ---- a/test/test.service.in -+++ b/test/test.service.in -@@ -10,4 +10,3 @@ ExecStartPre=rm -f /failed /testok - ExecStart=@command@ - Type=oneshot - MemoryAccounting=@memory-accounting@ --StateDirectory=%N - -From 4fc1059282f5e39b3385fe175d377de96461f68b Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 10 Jan 2025 15:26:37 +0100 -Subject: [PATCH 17/22] fmf: Bump inotify limits to avoid systemd-nspawn - failures - -(cherry picked from commit c32a8cdaa0f03ae29e9edade1213cc2001b28000) ---- - test/fmf/integration-tests/test.sh | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index d1e43b1d7dbc9..34bf1abfa8943 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -13,6 +13,10 @@ lsmem - - echo "Clock source: $(cat /sys/devices/system/clocksource/clocksource0/current_clocksource)" - -+# Bump inotify limits so nspawn containers don't run out of inotify file descriptors. -+sysctl fs.inotify.max_user_watches=65536 -+sysctl fs.inotify.max_user_instances=1024 -+ - # Allow running the integration tests downstream in dist-git with something like - # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: - # - -From 7f3639f9a0ead8ea70f2d975de4271bb7d8ab05b Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 10 Jan 2025 15:26:54 +0100 -Subject: [PATCH 18/22] fmf: Use different heuristic on beefy systems - -If we save journals in /tmp, we can run a larger number of tests in -parallel so let's make use of the larger number of CPUs if the tests -run on a beefy machine. - -(cherry picked from commit 53546c71fe0a1b30ee296df84bb8c3577f5675a4) ---- - test/fmf/integration-tests/test.sh | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 34bf1abfa8943..06a98bfd7a0be 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -116,6 +116,14 @@ if [[ ! -e /dev/kvm ]]; then - export TEST_NO_QEMU=1 - fi - -+NPROC="$(nproc)" -+if [[ "$NPROC" -ge 10 ]]; then -+ export TEST_JOURNAL_USE_TMP=1 -+ NPROC="$((NPROC / 3))" -+else -+ NPROC="$((NPROC - 1))" -+fi -+ - # Create missing mountpoint for mkosi sandbox. - mkdir -p /etc/pacman.d/gnupg - -@@ -131,7 +139,7 @@ mkosi -f sandbox \ - --suite integration-tests \ - --print-errorlogs \ - --no-stdsplit \ -- --num-processes "$(($(nproc) - 1))" && EC=0 || EC=$? -+ --num-processes "$NPROC" && EC=0 || EC=$? - - find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; - find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; - -From 3661dcc1cbf43dca2a9a77c3dffe50cbe1a7ea18 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 10 Jan 2025 15:29:28 +0100 -Subject: [PATCH 19/22] fmf: Skip TEST-21-DFUZZER - -Similar to Github Actions, since we don't build with sanitizers in -the packit job, let's skip TEST-21-DFUZZER. - -(cherry picked from commit e0c2fd6a3345d26afdf4159406c38cd9101d2e0d) ---- - test/fmf/integration-tests/test.sh | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 06a98bfd7a0be..f82961f9599d0 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -124,6 +124,10 @@ else - NPROC="$((NPROC - 1))" - fi - -+# This test is only really useful if we're building with sanitizers and takes a long time, so let's skip it -+# for now. -+export TEST_SKIP="TEST-21-DFUZZER" -+ - # Create missing mountpoint for mkosi sandbox. - mkdir -p /etc/pacman.d/gnupg - - -From 25c8ee9dc089b593940cefefb2dba7660768a7a8 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Mon, 13 Jan 2025 10:33:20 +0100 -Subject: [PATCH 20/22] test: Fix bug in integration test wrapper - -(cherry picked from commit 79ac78e3680a425d86c7a90e6846c630c9583b48) ---- - test/integration-test-wrapper.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index 610c34c903425..5321faef57818 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -443,7 +443,7 @@ def main() -> None: - ) - - if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': -- journal_file = Path(f'/tmp/systemd-integration-tests/journal/{name.journal}') -+ journal_file = Path(f'/tmp/systemd-integration-tests/journal/{name}.journal') - else: - journal_file = (args.meson_build_dir / f'test/journal/{name}.journal').absolute() - - -From 051ad7661f7cf29b6cbf99c70a6a504f777bc240 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Tue, 14 Jan 2025 09:52:40 +0100 -Subject: [PATCH 21/22] test: Only move journal file if we didn't just unlink - it - -(cherry picked from commit 1d77ac19cfa1c9b194d7e9805430ab6fd38ba97e) ---- - test/integration-test-wrapper.py | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index 5321faef57818..a7bf5ea6060d4 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -556,8 +556,7 @@ def main() -> None: - and not sanitizer - ): - journal_file.unlink(missing_ok=True) -- -- if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': -+ elif os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': - dst = args.meson_build_dir / f'test/journal/{name}.journal' - dst.parent.mkdir(parents=True, exist_ok=True) - shutil.move(journal_file, dst) - -From 6cd2c87e4ef1379520c98316ac5d6bcf21ef1bd1 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Tue, 14 Jan 2025 11:41:17 +0100 -Subject: [PATCH 22/22] fmf: Only move logs if corresponding directory exists - -Otherwise find fails with an error. - -(cherry picked from commit 3c2fa8e0501f9f39b3b7ca0506a7d548a39af928) ---- - test/fmf/integration-tests/test.sh | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index f82961f9599d0..aff79340f79fe 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -145,8 +145,8 @@ mkosi -f sandbox \ - --no-stdsplit \ - --num-processes "$NPROC" && EC=0 || EC=$? - --find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; --find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; -+[[ -d build/meson-logs ]] && find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; -+[[ -d build/test/journal ]] && find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; - - popd - diff --git a/sources b/sources index b8843e6..ab9fabe 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.2.tar.gz) = 4f47fcd9a4148101ee7b85cf5908a04ec9e025dc7a5a2e8e61c05439cfd427851b6d356bb96a0dfae55566bbf6d3c93a13251d220840c09296e94f80bd4a5945 +SHA512 (systemd-257.3.tar.gz) = ef395998df4b24537147fa3b2e3ae2d100d3345f386fc39018bca0fe8092b7874bf9a6e6058a142342b3a0caebe1312ea9519bcbb4327a9d3649f593c49b3dab diff --git a/systemd.spec b/systemd.spec index dfe0393..b69e405 100644 --- a/systemd.spec +++ b/systemd.spec @@ -53,7 +53,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:257.2} +Version: %{?version_override}%{!?version_override:257.3} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif @@ -126,14 +126,6 @@ Patch: 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch - -# Backport various fmf fixes to allow running the integration tests in Fedora CI. -Patch: https://github.com/systemd/systemd/pull/35938.patch - -# https://github.com/systemd/systemd/pull/36194 -# https://bugzilla.redhat.com/show_bug.cgi?id=2336875 -# add Georgian mapping to kbd-model-map -Patch: 0001-kbd-model-map-add-a-georgian-mapping.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From 49ec9f3286e6c18e48f3ee3a08da950d0113f853 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 13 Feb 2025 20:56:21 +0100 Subject: [PATCH 229/327] Move some files into subpackages - systemd-ac-power is moved to systemd-udev - portablectl and importctl are moved to systemd-container (rhbz#2345551) ac-power clearly is only useful for real hardware. portablectl and importctl are niche tools that don't need to be in the main package (even though they could theoretically be used not for containers). --- split-files.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/split-files.py b/split-files.py index b08c2bd..2cdc655 100644 --- a/split-files.py +++ b/split-files.py @@ -137,6 +137,8 @@ for file in files(buildroot): elif re.search(r'''mymachines| machinectl| + importctl| + portablectl| systemd-nspawn| systemd-vmspawn| import-pubring.gpg| @@ -178,6 +180,7 @@ for file in files(buildroot): elif re.search(r'''udev(?!\.pc)| hwdb| + ac-power| bootctl| boot-update| bless-boot| From 5c40e0872889b20108072a64845b2c87aa162e1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 13 Feb 2025 21:10:02 +0100 Subject: [PATCH 230/327] Remove patch that is already upstream [skip changelog] --- ...ot-give-up-if-the-first-attempt-at-c.patch | 75 ------------------- systemd.spec | 1 - 2 files changed, 76 deletions(-) delete mode 100644 0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch diff --git a/0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch b/0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch deleted file mode 100644 index 76c2be1..0000000 --- a/0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 8ed12b37afea9ccc36789aad2cef0d60eb6c5073 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 18 Dec 2024 22:27:29 +0900 -Subject: [PATCH 1/2] update-utmp: do not give up if the first attempt at - connecting bus failed -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Otherwise, the program exits with failure if the first attempt in run() failed: -``` -Dec 18 20:27:37 systemd-update-utmp[254]: Bus n/a: changing state UNSET → OPENING -Dec 18 20:27:37 systemd-update-utmp[254]: sd-bus: starting bus by connecting to /run/systemd/private... -Dec 18 20:27:37 systemd-update-utmp[254]: Bus n/a: changing state OPENING → CLOSED -Dec 18 20:27:37 systemd-update-utmp[254]: Failed to get D-Bus connection: Connection refused -``` - -(cherry picked from commit 85d040dabd2cc67c89b7ed6157429b8f6f2240f4) ---- - src/update-utmp/update-utmp.c | 15 ++++++++++----- - 1 file changed, 10 insertions(+), 5 deletions(-) - -diff --git a/src/update-utmp/update-utmp.c b/src/update-utmp/update-utmp.c -index e40843cf35..a10e6d478a 100644 ---- a/src/update-utmp/update-utmp.c -+++ b/src/update-utmp/update-utmp.c -@@ -53,6 +53,12 @@ static int get_startup_monotonic_time(Context *c, usec_t *ret) { - assert(c); - assert(ret); - -+ if (!c->bus) { -+ r = bus_connect_system_systemd(&c->bus); -+ if (r < 0) -+ return log_warning_errno(r, "Failed to get D-Bus connection, ignoring: %m"); -+ } -+ - r = bus_get_property_trivial( - c->bus, - bus_systemd_mgr, -@@ -94,10 +100,13 @@ static int get_current_runlevel(Context *c) { - UINT64_C(100) * USEC_PER_MSEC + - random_u64_range(UINT64_C(1900) * USEC_PER_MSEC * n_attempts / MAX_ATTEMPTS); - (void) usleep_safe(usec); -+ } - -+ if (!c->bus) { - r = bus_connect_system_systemd(&c->bus); - if (r == -ECONNREFUSED && n_attempts < 64) { -- log_debug_errno(r, "Failed to reconnect to system bus, retrying after a slight delay: %m"); -+ log_debug_errno(r, "Failed to %s to system bus, retrying after a slight delay: %m", -+ n_attempts <= 1 ? "connect" : "reconnect"); - continue; - } - if (r < 0) -@@ -251,7 +260,6 @@ static int run(int argc, char *argv[]) { - .audit_fd = -EBADF, - #endif - }; -- int r; - - log_setup(); - -@@ -264,9 +272,6 @@ static int run(int argc, char *argv[]) { - log_full_errno(IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT) ? LOG_DEBUG : LOG_WARNING, - errno, "Failed to connect to audit log, ignoring: %m"); - #endif -- r = bus_connect_system_systemd(&c.bus); -- if (r < 0) -- return log_error_errno(r, "Failed to get D-Bus connection: %m"); - - return dispatch_verb(argc, argv, verbs, &c); - } --- -2.47.1 - diff --git a/systemd.spec b/systemd.spec index b69e405..2e85244 100644 --- a/systemd.spec +++ b/systemd.spec @@ -120,7 +120,6 @@ Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch # Backport of sysusers audit support for # https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers. -Patch: 0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch Patch: 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch # Those are downstream-only patches, but we don't want them in packit builds: From 3671a5cc790f4aa82cbf1a179a15e11a96b76438 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 14 Feb 2025 13:54:12 +0100 Subject: [PATCH 231/327] Move more auxiliary files into subpackages Follow-up for rhbz#2345551. Also split up some nested patterns into separate lines for readability. --- split-files.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/split-files.py b/split-files.py index 2cdc655..c1fc623 100644 --- a/split-files.py +++ b/split-files.py @@ -140,9 +140,17 @@ for file in files(buildroot): importctl| portablectl| systemd-nspawn| + systemd\.nspawn| systemd-vmspawn| + systemd-dissect| import-pubring.gpg| - systemd-(machined|import|pull)| + systemd-machined| + systemd-import| + systemd-export| + systemd-pull| + systemd-mountfsd| + systemd-mountwork| + systemd-nsresource| /machine.slice| /machines.target| var-lib-machines.mount| From ac9c438e27441491195cc924e77f5045226394c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 14 Feb 2025 19:02:31 +0100 Subject: [PATCH 232/327] Use dynamic spec generation for triggers This way we don't need a separate Source. --- systemd.spec | 13 ++------ triggers.systemd | 87 ------------------------------------------------ 2 files changed, 2 insertions(+), 98 deletions(-) delete mode 100644 triggers.systemd diff --git a/systemd.spec b/systemd.spec index 2e85244..204bf40 100644 --- a/systemd.spec +++ b/systemd.spec @@ -73,9 +73,6 @@ Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{s %else Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %endif -# This file must be available before %%prep. -# It is generated during systemd build and can be found in build/src/core/. -Source1: triggers.systemd Source2: split-files.py Source3: purge-nobody-user Source4: test_sysusers_defined.py @@ -884,12 +881,8 @@ CONFIGURE_OPTS=( %meson_build -new_triggers=%{_vpath_builddir}/src/rpm/triggers.systemd.sh -if ! diff -u %{SOURCE1} ${new_triggers}; then - echo -e "\n\n\nWARNING: triggers.systemd in Source1 is different!" - echo -e " cp $PWD/${new_triggers} %{SOURCE1}\n\n\n" - sleep 5 -fi +# Include the triggers +cp %{_vpath_builddir}/src/rpm/triggers.systemd.sh %{specpartsdir}/triggers.specpart sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user @@ -1096,8 +1089,6 @@ meson test -C %{_vpath_builddir} -t 6 --print-errorlogs ############################################################################################# -%include %{SOURCE1} - # This macro is newly added upstream so we can't rely on it being always being available # in the systemd-rpm-macros yet so we define it ourselves. %global systemd_posttrans_with_restart() \ diff --git a/triggers.systemd b/triggers.systemd deleted file mode 100644 index f8bb078..0000000 --- a/triggers.systemd +++ /dev/null @@ -1,87 +0,0 @@ -# -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */ -# SPDX-License-Identifier: LGPL-2.1-or-later -# -# This file is part of systemd. -# -# Copyright 2018 Neal Gompa - -# The contents of this are an example to be copied into systemd.spec. -# -# Minimum rpm version supported: 4.14.0 - -%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system -# This script will run after any package is initially installed or -# upgraded. We care about the case where a package is initially -# installed, because other cases are covered by the *un scriptlets, -# so sometimes we will reload needlessly. -/usr/lib/systemd/systemd-update-helper system-reload-restart || : - -%transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user -/usr/lib/systemd/systemd-update-helper user-reload-restart || : - -%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system -# On removal, we need to run daemon-reload after any units have been -# removed. -# On upgrade, we need to run daemon-reload after any new unit files -# have been installed, but before %postun scripts in packages get -# executed. -/usr/lib/systemd/systemd-update-helper system-reload || : - -%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user -# Execute daemon-reload in user managers. -/usr/lib/systemd/systemd-update-helper user-reload || : - -%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system -# We restart remaining system services that should be restarted here. -/usr/lib/systemd/systemd-update-helper system-restart || : - -%transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user /etc/systemd/user -# We restart remaining user services that should be restarted here. -/usr/lib/systemd/systemd-update-helper user-restart || : - -%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d -# This script will process files installed in /usr/lib/sysusers.d to create -# specified users automatically. The priority is set such that it -# will run before the tmpfiles file trigger. -systemd-sysusers || : - -%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d -# This script will automatically invoke hwdb update if files have been -# installed or updated in /usr/lib/udev/hwdb.d. -systemd-hwdb update || : - -%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog -# This script will automatically invoke journal catalog update if files -# have been installed or updated in /usr/lib/systemd/catalog. -journalctl --update-catalog || : - -%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d -# This script will automatically apply binfmt rules if files have been -# installed or updated in /usr/lib/binfmt.d. -if test -d "/run/systemd/system"; then - # systemd-binfmt might fail if binfmt_misc kernel module is not loaded - # during install - /usr/lib/systemd/systemd-binfmt || : -fi - -%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d -# This script will process files installed in /usr/lib/tmpfiles.d to create -# tmpfiles automatically. The priority is set such that it will run -# after the sysusers file trigger, but before any other triggers. -if test -d "/run/systemd/system"; then - systemd-tmpfiles --create || : -fi - -%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d -# This script will automatically update udev with new rules if files -# have been installed or updated in /usr/lib/udev/rules.d. -if test -e /run/udev/control; then - udevadm control --reload || : -fi - -%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d -# This script will automatically apply sysctl rules if files have been -# installed or updated in /usr/lib/sysctl.d. -if test -d "/run/systemd/system"; then - /usr/lib/systemd/systemd-sysctl || : -fi From eba17216783bac0e531a29ad3ac330147ed31d95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 14 Feb 2025 19:33:03 +0100 Subject: [PATCH 233/327] Split out -sysusers and -shared ... (rhbz#2344322) rpm-libs has Requires:/usr/bin/systemd-sysusers. We split split out /usr/bin/systemd-sysusers (the normal version) to a subpackage, and the shared library /usr/lib64/systemd/libsystemd-shared-257.2-14.fc42.so to a second subpackage. (In preparation for maybe making further splits later.) systemd-sysusers+libsystemd-shared.so is 4.8MB, but libsystemd-shared.so also pulls in a bunch of libraries. We'll find out what the actual change in installation footprint (compared to systemd-standalone-sysusers) really is when we build some images with the new split. --- split-files.py | 14 +++++++++++++- systemd.spec | 28 +++++++++++++++++++++++++--- 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/split-files.py b/split-files.py index c1fc623..9114c99 100644 --- a/split-files.py +++ b/split-files.py @@ -57,12 +57,14 @@ def files(root): outputs = {suffix: open(f'.file-list-{suffix}', 'w') for suffix in ( + 'shared', 'libs', 'udev', 'ukify', 'boot', 'pam', 'rpm-macros', + 'sysusers', 'devel', 'container', 'networkd', @@ -122,8 +124,10 @@ for file in files(buildroot): o = outputs['tests'] elif 'ukify' in n: o = outputs['ukify'] - elif re.search(r'/libsystemd-(shared|core)-.*\.so$', n): + elif re.search(r'/libsystemd-core-.*\.so$', n): o = outputs['main'] + elif re.search(r'/libsystemd-shared-.*\.so$', n): + o = outputs['shared'] elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n): o = outputs['udev'] elif re.search(r'/lib.*\.pc|/man3/|/usr/include|\.so$', n): @@ -135,6 +139,14 @@ for file in files(buildroot): ''', n, re.X): o = outputs['remote'] + # Just the binary, the dir, and the man page. + elif re.search(r'''systemd-sysusers$| + sysusers\.d$| + man/.*sysusers\.d\.5| + man/.*systemd-sysusers\.8 + ''', n, re.X): + o = outputs['sysusers'] + elif re.search(r'''mymachines| machinectl| importctl| diff --git a/systemd.spec b/systemd.spec index 204bf40..a3310a2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -253,6 +253,8 @@ Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) Requires: %{name}-libs%{_isa} = %{version}-%{release} %{?fedora:Recommends: %{name}-networkd = %{version}-%{release}} %{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} +Requires: %{name}-shared%{_isa} = %{version}-%{release} +Requires: %{name}-sysusers%{_isa} = %{version}-%{release} Recommends: diffutils Requires: (util-linux-core or util-linux) Provides: /bin/systemctl @@ -264,7 +266,7 @@ Provides: system-setup-keyboard = 0.9 # systemd-sysv-convert was removed in f20: https://fedorahosted.org/fpc/ticket/308 Obsoletes: systemd-sysv < 206 # self-obsoletes so that dnf will install new subpackages on upgrade (#1260394) -Obsoletes: %{name} < 249~~ +Obsoletes: systemd < 257.3-4 Provides: systemd-sysv = 206 Conflicts: initscripts < 9.56.1 %if 0%{?fedora} @@ -290,8 +292,6 @@ Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 Conflicts: %{name}-standalone-tmpfiles Provides: %{name}-tmpfiles = %{version}-%{release} -Conflicts: %{name}-standalone-sysusers -Provides: %{name}-sysusers = %{version}-%{release} Conflicts: %{name}-standalone-shutdown Provides: %{name}-shutdown = %{version}-%{release} @@ -371,6 +371,13 @@ Provides: nss-myhostname%{_isa} = 0.4 %description libs Libraries for systemd and udev. +%package shared +Summary: Internal systemd shared library +License: LGPL-2.1-or-later AND MIT + +%description shared +Internal libraries used by various systemd binaries. + %package pam Summary: systemd PAM module Requires: %{name} = %{version}-%{release} @@ -389,6 +396,15 @@ See https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_systemd for information how to use those macros. +%package sysusers +Summary: systemd-sysusers program +Requires: %{name}-shared%{_isa} = %{version}-%{release} +Conflicts: %{name}-standalone-sysusers +Obsoletes: systemd < 257.3-4 + +%description sysusers +This package contains the systemd-sysusers program. + %package devel Summary: Development headers for systemd License: LGPL-2.1-or-later AND MIT @@ -1322,10 +1338,16 @@ fi %files libs -f .file-list-libs %license LICENSE.LGPL2.1 +%files shared -f .file-list-shared +%license LICENSE.LGPL2.1 +%license LICENSES/MIT.txt + %files pam -f .file-list-pam %files rpm-macros -f .file-list-rpm-macros +%files sysusers -f .file-list-sysusers + %files resolved -f .file-list-resolve %files devel -f .file-list-devel From 6201755b365a7cf57aa925490e88624dacfd0e70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 16 Feb 2025 14:30:07 +0100 Subject: [PATCH 234/327] Allow co-installation of systemd-sysusers-standalone and systemd Previously, /usr/bin/systemd-sysusers was provided by both systemd and systemd-standalone-sysusers, creating a file conflict, and the packages declared Conflicts. This changed when systemd-sysusers was split out to a separate subpackage. So we don't need the Conflicts and can allow a "cross installation" of systemd-sysusers-standalone and and the other "normal" systemd subpackages. This should solve https://bugzilla.redhat.com/show_bug.cgi?id=2344322 without requiring changes in the container definitions. (Though those changes probably should be made anyway. If we end up installing systemd, we probably want to use shared systemd-sysusers, to avoid wasting space.) --- systemd.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index a3310a2..af3e1cb 100644 --- a/systemd.spec +++ b/systemd.spec @@ -254,7 +254,10 @@ Requires: %{name}-libs%{_isa} = %{version}-%{release} %{?fedora:Recommends: %{name}-networkd = %{version}-%{release}} %{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} Requires: %{name}-shared%{_isa} = %{version}-%{release} -Requires: %{name}-sysusers%{_isa} = %{version}-%{release} +Requires: /usr/bin/systemd-sysusers +# The standalone version doesn't Provide the _isa suffix, +# so this biases towards the common version. +Recommends: %{name}-sysusers%{_isa} = %{version}-%{release} Recommends: diffutils Requires: (util-linux-core or util-linux) Provides: /bin/systemctl @@ -710,7 +713,6 @@ main systemd package and is meant for use on systems without systemd. %package standalone-sysusers Summary: Standalone systemd-sysusers binary for use on systems without systemd Provides: %{name}-sysusers = %{version}-%{release} -Conflicts: %{name} Suggests: coreutils-single RemovePathPostfixes: .standalone From 6c7c4a510d8337f6d5e3e5ad08ee56ecb69335bd Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 19 Feb 2025 09:41:47 +0100 Subject: [PATCH 235/327] Do not use dynamic spec generation for non-upstream builds This reverts commit ac9c438e27441491195cc924e77f5045226394c9. --- systemd.spec | 18 ++++++++++ triggers.systemd | 87 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100644 triggers.systemd diff --git a/systemd.spec b/systemd.spec index af3e1cb..2340972 100644 --- a/systemd.spec +++ b/systemd.spec @@ -73,6 +73,9 @@ Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{s %else Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %endif +# This file must be available before %%prep. +# It is generated during systemd build and can be found at build/src/rpm/triggers.systemd.sh. +Source1: triggers.systemd Source2: split-files.py Source3: purge-nobody-user Source4: test_sysusers_defined.py @@ -899,8 +902,19 @@ CONFIGURE_OPTS=( %meson_build +# If dynamic spec generation is available, directly pick up the triggers +# from the build directory for upstream builds. +%if %{with upstream} && (0%{?fedora} >= 41 || 0%{?rhel} >= 11) # Include the triggers cp %{_vpath_builddir}/src/rpm/triggers.systemd.sh %{specpartsdir}/triggers.specpart +%else +new_triggers=%{_vpath_builddir}/src/rpm/triggers.systemd.sh +if ! diff -u %{SOURCE1} ${new_triggers}; then + echo -e "\n\n\nWARNING: triggers.systemd in Source1 is different!" + echo -e " cp $PWD/${new_triggers} %{SOURCE1}\n\n\n" + sleep 5 +fi +%endif sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user @@ -1107,6 +1121,10 @@ meson test -C %{_vpath_builddir} -t 6 --print-errorlogs ############################################################################################# +%if %{without upstream} || (0%{?fedora} < 41 && 0%{?rhel} < 11) +%include %{SOURCE1} +%endif + # This macro is newly added upstream so we can't rely on it being always being available # in the systemd-rpm-macros yet so we define it ourselves. %global systemd_posttrans_with_restart() \ diff --git a/triggers.systemd b/triggers.systemd new file mode 100644 index 0000000..f8bb078 --- /dev/null +++ b/triggers.systemd @@ -0,0 +1,87 @@ +# -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# Copyright 2018 Neal Gompa + +# The contents of this are an example to be copied into systemd.spec. +# +# Minimum rpm version supported: 4.14.0 + +%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system +# This script will run after any package is initially installed or +# upgraded. We care about the case where a package is initially +# installed, because other cases are covered by the *un scriptlets, +# so sometimes we will reload needlessly. +/usr/lib/systemd/systemd-update-helper system-reload-restart || : + +%transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user +/usr/lib/systemd/systemd-update-helper user-reload-restart || : + +%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system +# On removal, we need to run daemon-reload after any units have been +# removed. +# On upgrade, we need to run daemon-reload after any new unit files +# have been installed, but before %postun scripts in packages get +# executed. +/usr/lib/systemd/systemd-update-helper system-reload || : + +%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user +# Execute daemon-reload in user managers. +/usr/lib/systemd/systemd-update-helper user-reload || : + +%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system +# We restart remaining system services that should be restarted here. +/usr/lib/systemd/systemd-update-helper system-restart || : + +%transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user /etc/systemd/user +# We restart remaining user services that should be restarted here. +/usr/lib/systemd/systemd-update-helper user-restart || : + +%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d +# This script will process files installed in /usr/lib/sysusers.d to create +# specified users automatically. The priority is set such that it +# will run before the tmpfiles file trigger. +systemd-sysusers || : + +%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d +# This script will automatically invoke hwdb update if files have been +# installed or updated in /usr/lib/udev/hwdb.d. +systemd-hwdb update || : + +%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog +# This script will automatically invoke journal catalog update if files +# have been installed or updated in /usr/lib/systemd/catalog. +journalctl --update-catalog || : + +%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d +# This script will automatically apply binfmt rules if files have been +# installed or updated in /usr/lib/binfmt.d. +if test -d "/run/systemd/system"; then + # systemd-binfmt might fail if binfmt_misc kernel module is not loaded + # during install + /usr/lib/systemd/systemd-binfmt || : +fi + +%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d +# This script will process files installed in /usr/lib/tmpfiles.d to create +# tmpfiles automatically. The priority is set such that it will run +# after the sysusers file trigger, but before any other triggers. +if test -d "/run/systemd/system"; then + systemd-tmpfiles --create || : +fi + +%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d +# This script will automatically update udev with new rules if files +# have been installed or updated in /usr/lib/udev/rules.d. +if test -e /run/udev/control; then + udevadm control --reload || : +fi + +%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d +# This script will automatically apply sysctl rules if files have been +# installed or updated in /usr/lib/sysctl.d. +if test -d "/run/systemd/system"; then + /usr/lib/systemd/systemd-sysctl || : +fi From 5671cf6132e2a1b915b39fe5a46a1fe9b6fa50bf Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 25 Feb 2025 13:18:40 +0100 Subject: [PATCH 236/327] List the fallback Source0 first packit will only rewrite the first Source0 that it finds, so we list the Source0 that gets used if neither %branch nor %commit are defined first. --- systemd.spec | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index 2340972..4e4020a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -66,12 +66,14 @@ License: LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later Summary: System and Service Manager # download tarballs with "spectool -g systemd.spec" -%if %{defined branch} +# packit will always rewrite the first Source0 it finds, ignoring any conditionals so list +# the fallback source that's used if neither %%branch nor %%commit are defined first. +%if %{undefined branch} && %{undefined commit} +Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz +%elif %{defined branch} Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz %elif %{defined commit} Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{shortcommit}.tar.gz -%else -Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %endif # This file must be available before %%prep. # It is generated during systemd build and can be found at build/src/rpm/triggers.systemd.sh. From 9b6884d2e1c1664cf07ef90e28ab072eda61431f Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 25 Feb 2025 17:25:34 +0100 Subject: [PATCH 237/327] Stop using version_no_tilde for github archives None of the systemd git tags have tildes in them, so there's no need to use version_no_tilde for these. This is another change to make packit work as the archive it sets up for us based on the systemd upstream packit config file does have a tilde in its name which then makes %prep fail as we transform the tilde to a hyphen and then fail to find the systemd source directory. """ + /usr/lib/rpm/rpmuncompress -x /builddir/build/SOURCES/systemd-258~devel.tar.gz + STATUS=0 + '[' 0 -ne 0 ']' + cd systemd-258-devel /var/tmp/rpm-tmp.gw7KSw: line 42: cd: systemd-258-devel: No such file or directory """ --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 4e4020a..1f39a7a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -69,7 +69,7 @@ Summary: System and Service Manager # packit will always rewrite the first Source0 it finds, ignoring any conditionals so list # the fallback source that's used if neither %%branch nor %%commit are defined first. %if %{undefined branch} && %{undefined commit} -Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz +Source0: https://github.com/systemd/systemd/archive/v%{version}/%{name}-%{version}.tar.gz %elif %{defined branch} Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz %elif %{defined commit} @@ -744,7 +744,7 @@ main systemd package and is meant for use in exitrds. %elif %{defined commit} %autosetup -n %{name}-%{commit} -p1 %else -%autosetup -n %{name}-%{version_no_tilde} -p1 +%autosetup -n %{name}-%{version} -p1 %endif # Disable user lockdown until rpm implements it natively. From 8230f501b6cc6e47f2073a388f0f61c1c204013c Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 3 Mar 2025 21:46:20 +0100 Subject: [PATCH 238/327] Make sure we pull in libbpf >= 1.5.0 if libbpf is installed libbpf 1.4.0 + systemd 257 + a newer kernel results in segmentation faults in libbpf 1.4.0, so let's explicitly pull in libbpf 1.5.0 or newer to avoid this issue. Fixes https://pagure.io/centos-sig-hyperscale/package-bugs/issue/22 --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index 1f39a7a..0000937 100644 --- a/systemd.spec +++ b/systemd.spec @@ -265,6 +265,7 @@ Requires: /usr/bin/systemd-sysusers Recommends: %{name}-sysusers%{_isa} = %{version}-%{release} Recommends: diffutils Requires: (util-linux-core or util-linux) +Requires: (libbpf >= 1.5.0 if libbpf) Provides: /bin/systemctl Provides: /sbin/shutdown Provides: syslog From 0d95af264fda2c8b3ecfedf9cc45ee450c933753 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 4 Mar 2025 13:02:20 +0100 Subject: [PATCH 239/327] Include epoch in versioned libbpf dependency """ $ rpmdev-vercmp '2:1.4.6-1.fc42' '1.5.0' 2:1.4.6-1.fc42 > 1.5.0 $ rpmdev-vercmp '2:1.4.6-1.fc42' '2:1.5.0' 2:1.4.6-1.fc42 < 2:1.5.0 """ --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 0000937..371ea43 100644 --- a/systemd.spec +++ b/systemd.spec @@ -265,7 +265,7 @@ Requires: /usr/bin/systemd-sysusers Recommends: %{name}-sysusers%{_isa} = %{version}-%{release} Recommends: diffutils Requires: (util-linux-core or util-linux) -Requires: (libbpf >= 1.5.0 if libbpf) +Requires: (libbpf >= 2:1.5.0 if libbpf) Provides: /bin/systemctl Provides: /sbin/shutdown Provides: syslog From 1f8d2b0ebd8942b390f65a1a82f8b8b746d965cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 25 Feb 2025 11:47:02 +0100 Subject: [PATCH 240/327] Make self-obsoletes for the sysusers split conditional In CI builds we have %version that it smaller than 257.3-4 when the split happened, and this causes problems when the packages are installed: Failed to resolve the transaction: Problem: package systemd-sysusers-257-1.20250225060108317145.pr36507.1659.g4635c37946.fc43.x86_64 from @commandline obsoletes systemd < 257.3-4 provided by systemd-257-1.20250225060108317145.pr36507.1659.g4635c37946.fc43.x86_64 from @commandline - conflicting requests I'm not sure if we even need the self-Obsoletes. We have a Requires and Recommends in the main systemd package that will cause on of the providers of /usr/bin/systemd-sysusers to be installed, and the non-standalone version is preferred. But it's possible that if recommends are disabled, the non-standalone package could be installed for some reason. So let's keep the self-Obsoletes for now. Another caveat is that it's not clear if v-string comparisons require %[] as a wrapper. Some chat in #fedora-devel suggested that that's the case, but things seem to work without it. --- systemd.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 371ea43..cc7c33b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -274,9 +274,11 @@ Obsoletes: system-setup-keyboard < 0.9 Provides: system-setup-keyboard = 0.9 # systemd-sysv-convert was removed in f20: https://fedorahosted.org/fpc/ticket/308 Obsoletes: systemd-sysv < 206 +Provides: systemd-sysv = 206 +%if v"%{version}" >= v"257.3" # self-obsoletes so that dnf will install new subpackages on upgrade (#1260394) Obsoletes: systemd < 257.3-4 -Provides: systemd-sysv = 206 +%endif Conflicts: initscripts < 9.56.1 %if 0%{?fedora} Conflicts: fedora-release < 23-0.12 @@ -409,7 +411,9 @@ for information how to use those macros. Summary: systemd-sysusers program Requires: %{name}-shared%{_isa} = %{version}-%{release} Conflicts: %{name}-standalone-sysusers +%if v"%{version}" >= v"257.3" Obsoletes: systemd < 257.3-4 +%endif %description sysusers This package contains the systemd-sysusers program. From ec182495e7ffaffa5d85feb2e25d1f6dd3ca47ae Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 5 Mar 2025 12:31:55 +0100 Subject: [PATCH 241/327] Drop libbpf versioned dependency version to 1.4.7 We don't need 1.5.0 to avoid the libbpf crash, the latest libbpf 1.4 patch release (1.4.7) also has the necessary fixes, so relax the requirement a little to allow builds on Fedora 41 to succeed. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index cc7c33b..4a6d0e3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -265,7 +265,7 @@ Requires: /usr/bin/systemd-sysusers Recommends: %{name}-sysusers%{_isa} = %{version}-%{release} Recommends: diffutils Requires: (util-linux-core or util-linux) -Requires: (libbpf >= 2:1.5.0 if libbpf) +Requires: (libbpf >= 2:1.4.7 if libbpf) Provides: /bin/systemctl Provides: /sbin/shutdown Provides: syslog From 4ab2a9e539b0346d0d9d370308d7c5e79bff9541 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 5 Mar 2025 17:47:54 +0100 Subject: [PATCH 242/327] Drop old self-Obsoletes and provides We had a bunch of Obsolets on self. This is useful when a subpackage is split out to make it optional, and we want to install both the original subpackage and the subpackage on ugprades. If both new subpackages have Obsoletes on the old name, dnf will install both. But we don't need to keep this infinitely, it's mostly useful for the duration of a single stable release. Apparatenly, those Obsoletes cause problems with downgrades. The most recently added case is for the split of systemd-sysusers. But we have an alternative mechanism in place: systemd Requires /usr/bin/systemd-sysusers, and this path is provided by systemd-sysusers and systemd-standalone-sysusers, with a bias towards systemd-sysusers. So we should be able to drop the self-Obsoletes without a change in functionality. Also, drop some old Provides where 'dnf repoquery' indicates it is not used by anything. Actually, only 'timedatex'. All the other ones are used by one spec or another. --- systemd.spec | 33 --------------------------------- 1 file changed, 33 deletions(-) diff --git a/systemd.spec b/systemd.spec index 4a6d0e3..ecaa80b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -275,10 +275,6 @@ Provides: system-setup-keyboard = 0.9 # systemd-sysv-convert was removed in f20: https://fedorahosted.org/fpc/ticket/308 Obsoletes: systemd-sysv < 206 Provides: systemd-sysv = 206 -%if v"%{version}" >= v"257.3" -# self-obsoletes so that dnf will install new subpackages on upgrade (#1260394) -Obsoletes: systemd < 257.3-4 -%endif Conflicts: initscripts < 9.56.1 %if 0%{?fedora} Conflicts: fedora-release < 23-0.12 @@ -299,8 +295,6 @@ Conflicts: dracut < 060-2 Conflicts: dracut < 059-16 %endif -Obsoletes: timedatex < 0.6-3 -Provides: timedatex = 0.6-3 Conflicts: %{name}-standalone-tmpfiles Provides: %{name}-tmpfiles = %{version}-%{release} Conflicts: %{name}-standalone-shutdown @@ -371,11 +365,6 @@ This package was built from the %(c=%version; echo "v${c%.*}-stable") branch of %package libs Summary: systemd libraries License: LGPL-2.1-or-later AND MIT -Obsoletes: libudev < 183 -Obsoletes: systemd < 185-4 -Conflicts: systemd < 185-4 -Obsoletes: systemd-compat-libs < 230 -Obsoletes: nss-myhostname < 0.4 Provides: nss-myhostname = 0.4 Provides: nss-myhostname%{_isa} = 0.4 @@ -411,9 +400,6 @@ for information how to use those macros. Summary: systemd-sysusers program Requires: %{name}-shared%{_isa} = %{version}-%{release} Conflicts: %{name}-standalone-sysusers -%if v"%{version}" >= v"257.3" -Obsoletes: systemd < 257.3-4 -%endif %description sysusers This package contains the systemd-sysusers program. @@ -425,7 +411,6 @@ Requires: %{name}-libs%{_isa} = %{version}-%{release} Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) Provides: libudev-devel = %{version} Provides: libudev-devel%{_isa} = %{version} -Obsoletes: libudev-devel < 183 %description devel Development headers and auxiliary files for developing applications linking @@ -441,11 +426,8 @@ Requires(preun): systemd%{_isa} = %{version}-%{release} Requires(postun): systemd%{_isa} = %{version}-%{release} Requires(post): grep Requires: kmod >= 18-4 -# https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1 -Obsoletes: systemd < 245.6-1 Provides: udev = %{version} Provides: udev%{_isa} = %{version} -Obsoletes: udev < 183 %if 0%{?fedora} || 0%{?rhel} >= 10 Requires: (grubby > 8.40-72 if grubby) Requires: (sdubby > 1.0-3 if sdubby) @@ -490,9 +472,6 @@ Requires: kbd Provides: u2f-hidraw-policy = 1.0.2-40 Obsoletes: u2f-hidraw-policy < 1.0.2-40 -# self-obsoletes to install both packages after split of systemd-boot -Obsoletes: systemd-udev < 252.2^ - Conflicts: %{name}-standalone-repart Provides: %{name}-repart = %{version}-%{release} @@ -558,9 +537,6 @@ Provides: systemd-boot%{_isa} = %version-%release Provides: version(systemd-boot-unsigned) = %version Provides: version(systemd-boot-unsigned)%{_isa} = %version -# self-obsoletes to install both packages after split of systemd-boot -Obsoletes: systemd-udev < 252.2^ - %description boot-unsigned systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a graphical menu to select the entry to boot and an editor for the kernel command @@ -579,9 +555,6 @@ Provides: systemd-boot%{_isa} = %version-%release Provides: version(systemd-boot-signed) = %version Provides: version(systemd-boot-signed)%{_isa} = %version -# self-obsoletes to install both packages after split of systemd-boot -Obsoletes: systemd-udev < 252.2^ - %description boot systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a graphical menu to select the entry to boot and an editor for the kernel command @@ -604,8 +577,6 @@ Recommends: qemu-kvm-core Recommends: qemu-device-display-virtio-gpu Recommends: qemu-device-display-virtio-vga %endif -# Obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) -Obsoletes: %{name} < 229-5 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) Suggests: libcurl-minimal License: LGPL-2.1-or-later @@ -624,7 +595,6 @@ License: LGPL-2.1-or-later Requires: firewalld-filesystem Provides: %{name}-journal-gateway = %{version}-%{release} Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} -Obsoletes: %{name}-journal-gateway < 227-7 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) Suggests: libcurl-minimal @@ -640,8 +610,6 @@ Summary: System daemon that manages network configurations Requires: %{name}%{_isa} = %{version}-%{release} %{?fedora:Recommends: %{name}-udev = %{version}-%{release}} License: LGPL-2.1-or-later -# https://src.fedoraproject.org/rpms/systemd/pull-request/34 -Obsoletes: systemd < 246.6-2 %description networkd systemd-networkd is a system service that manages networks. It detects and @@ -662,7 +630,6 @@ enabled for this to have any effect. %package resolved Summary: Network Name Resolution manager Requires: %{name}%{_isa} = %{version}-%{release} -Obsoletes: %{name} < 249~~ Requires: libidn2.so.0%{?elf_suffix} Requires: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} Requires(posttrans): grep From 1bdfa29ce262bd10b0096538f32d275e8016cc4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 6 Mar 2025 09:30:31 +0100 Subject: [PATCH 243/327] Neuter sysusers macros https://pagure.io/packaging-committee/pull-request/1436 was merged, packaging guidelines describe the new method as the default option for f42+. --- macros.sysusers | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/macros.sysusers b/macros.sysusers index d8d8c1d..534b0e7 100644 --- a/macros.sysusers +++ b/macros.sysusers @@ -2,9 +2,9 @@ # # Turn a sysusers.d file into macros specified by # https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation +# +# After https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers, +# those macros are not needed anymore. -%sysusers_requires_compat Requires(pre): shadow-utils - -%sysusers_create_compat() \ -%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \ -%{nil} +%sysusers_requires_compat %nil +%sysusers_create_compat() %nil From 0a3907745e2960c3ce6155bce7ff8bbf64ce72c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 7 Mar 2025 09:33:55 +0100 Subject: [PATCH 244/327] Version 257.4 - Fixes for systemd itself, systemd-dissect, systemd-sbsign, systemd-networkd, systemd-repart, systemd-tmpfiles, systemd-id128, systemd-resolved, ukify, internal shared library, fido2 code, virtualization detection, shell completions, documentation. - Adds new DNSSEC anchor key for systemd-resolved. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index ab9fabe..828efd5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.3.tar.gz) = ef395998df4b24537147fa3b2e3ae2d100d3345f386fc39018bca0fe8092b7874bf9a6e6058a142342b3a0caebe1312ea9519bcbb4327a9d3649f593c49b3dab +SHA512 (systemd-257.4.tar.gz) = dfa0f6de38fa30daffabf6b02d6533ca4e7027188186d7e2e9648b99dad5c4afa30773138f18a34111e7bb2e6ddae8302284429b98b580e757dc67535846afbe diff --git a/systemd.spec b/systemd.spec index ecaa80b..463fa36 100644 --- a/systemd.spec +++ b/systemd.spec @@ -53,7 +53,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:257.3} +Version: %{?version_override}%{!?version_override:257.4} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From e825459f2dcd3ea653e6e3d5ab675e2c2f9e78dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 7 Mar 2025 11:17:57 +0100 Subject: [PATCH 245/327] Change python-zstd depenedency to python-zstandard There is no BuildRequires dependency. I think we don't have any tests which would require this. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 463fa36..3dcfa8c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -504,7 +504,7 @@ Requires: (systemd-boot if %{shrink:( )}) Requires: python3dist(pefile) %if 0%{?fedora} -Requires: python3dist(zstd) +Requires: python3dist(zstandard) %endif Requires: python3dist(cryptography) %if 0%{?fedora} From d22561d59ede6e2942428708ae028bcfe422ad98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 7 Mar 2025 11:25:27 +0100 Subject: [PATCH 246/327] Also drop auxiliary files related to sysusers compat And in non-Fedora builds, undo the neutering of sysusers macros. Downstreams like CentosStream did not go through the same changes as Fedora but they may use packages built from the rawhide branch. --- macros.sysusers.compat | 10 ++++++++++ systemd.spec | 7 ++++++- 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 macros.sysusers.compat diff --git a/macros.sysusers.compat b/macros.sysusers.compat new file mode 100644 index 0000000..d8d8c1d --- /dev/null +++ b/macros.sysusers.compat @@ -0,0 +1,10 @@ +# RPM macros for packages creating system accounts +# +# Turn a sysusers.d file into macros specified by +# https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation + +%sysusers_requires_compat Requires(pre): shadow-utils + +%sysusers_create_compat() \ +%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \ +%{nil} diff --git a/systemd.spec b/systemd.spec index 3dcfa8c..012df9d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -97,6 +97,7 @@ Source16: 10-timeout-abort.conf Source17: 10-map-count.conf Source18: 60-block-scheduler.rules +Source20: macros.sysusers.compat Source21: macros.sysusers Source22: sysusers.attr Source23: sysusers.prov @@ -1027,13 +1028,17 @@ install -Dm0644 -t %{buildroot}%{_prefix}/lib/udev/rules.d/ %{SOURCE18} sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py -install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/macros.d/ %{SOURCE21} +%if 0%{fedora} >= 42 +install -m 0644 -D %{SOURCE21} %{buildroot}%{_rpmconfigdir}/macros.d/macros.sysusers +%else +install -m 0644 -D %{SOURCE20} %{buildroot}%{_rpmconfigdir}/macros.d/macros.sysusers # Use rpm's own sysusers provides where available %if ! (0%{?fedora} >= 39 || 0%{?rhel} >= 10) install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/fileattrs/ %{SOURCE22} install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE23} %endif install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24} +%endif # https://bugzilla.redhat.com/show_bug.cgi?id=2107754 install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25} From 7bc5883654e6ead7f43e0df2a1511db625caeda3 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 7 Mar 2025 12:37:17 +0100 Subject: [PATCH 247/327] Fix missing question mark --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 012df9d..a87de66 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1028,7 +1028,7 @@ install -Dm0644 -t %{buildroot}%{_prefix}/lib/udev/rules.d/ %{SOURCE18} sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py -%if 0%{fedora} >= 42 +%if 0%{?fedora} >= 42 install -m 0644 -D %{SOURCE21} %{buildroot}%{_rpmconfigdir}/macros.d/macros.sysusers %else install -m 0644 -D %{SOURCE20} %{buildroot}%{_rpmconfigdir}/macros.d/macros.sysusers From 38b41a729ea836133d7e53a4c0cc8e5fee7e2b8a Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 7 Mar 2025 12:05:42 +0100 Subject: [PATCH 248/327] Clean up debuginfo files as well in %clean When using --build-in-place + debuginfo these get written to the source directory so let's make sure we clean them up as well. --- systemd.spec | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index a87de66..145b35b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1384,10 +1384,16 @@ fi %files standalone-shutdown -f .file-list-standalone-shutdown %clean -rm -rf $RPM_BUILD_ROOT -rm -f 10-timeout-abort.conf.user -rm -f .file-list-* -rm -f %{name}.lang +rm -rf \ + $RPM_BUILD_ROOT \ + 10-timeout-abort.conf.user \ + .file-list-* \ + %{name}.lang \ + debugfiles.list \ + debuglinks.list \ + debugsourcefiles.list \ + debugsources.list \ + elfbins.list %changelog %autochangelog From d366b5965725a7ff1cd586e1ae2539e4cfc404db Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 20 Mar 2025 10:20:16 +0100 Subject: [PATCH 249/327] Fix test_sysusers_defined check https://src.fedoraproject.org/rpms/setup/c/7ced36d60b67c9e74f7951123225200597e3d2fa?branch=rawhide merged the two setup sysusers files into one and changed the name, so let's adapt the test_sysusers_defined check for those changes. --- systemd.spec | 2 +- test_sysusers_defined.py | 6 +----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/systemd.spec b/systemd.spec index 145b35b..5187e35 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1060,7 +1060,7 @@ mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ # and https://src.fedoraproject.org/rpms/setup/pull-request/10. # We skip this on upstream builds so that new users and groups # can be added without breaking the build. -%{python3} %{SOURCE4} /usr/lib/sysusers.d/20-setup-{users,groups}.conf %{buildroot}/usr/lib/sysusers.d/basic.conf +%{python3} %{SOURCE4} /usr/lib/sysusers.d/setup.conf %{buildroot}/usr/lib/sysusers.d/basic.conf %endif rm %{buildroot}/usr/lib/sysusers.d/basic.conf %endif diff --git a/test_sysusers_defined.py b/test_sysusers_defined.py index 6f04f15..7ea2fea 100755 --- a/test_sysusers_defined.py +++ b/test_sysusers_defined.py @@ -22,11 +22,7 @@ def parse_sysusers_file(filename): return users, groups setup_users, setup_groups = parse_sysusers_file(sys.argv[1]) -setup_users2, setup_groups2 = parse_sysusers_file(sys.argv[2]) -setup_users |= setup_users2 -setup_groups |= setup_groups2 - -basic_users, basic_groups = parse_sysusers_file(sys.argv[3]) +basic_users, basic_groups = parse_sysusers_file(sys.argv[2]) if d := basic_users - setup_users: exit(f'We have new users: {d}') From e346d9f33e530bd5e05885621b837073ea090cc4 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Thu, 20 Mar 2025 19:15:52 -0400 Subject: [PATCH 250/327] Limit sdubby dependency to Fedora dnf repoclosure raises an error even when a boolean dependency is missing. While technically a bug in dnf, since these dependencies are already conditional, simply adjusting the condition is simplest. https://github.com/rpm-software-management/dnf-plugins-core/issues/549 --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 145b35b..0655c6e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -431,6 +431,8 @@ Provides: udev = %{version} Provides: udev%{_isa} = %{version} %if 0%{?fedora} || 0%{?rhel} >= 10 Requires: (grubby > 8.40-72 if grubby) +%endif +%if 0%{?fedora} Requires: (sdubby > 1.0-3 if sdubby) %endif # A backport of systemd-timesyncd is shipped as a separate package in EPEL so From 3e9051124e4447c238ae65af9ad1562924aeb18a Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 20 Mar 2025 09:34:33 +0100 Subject: [PATCH 251/327] Migrate fmf metadata and test script from the upstream repository Primarily, this allows us to get rid of dist-git-source which makes the fmf stuff reusable for CentOS Stream in gitlab which we'd like to make use of in the systemd backport in the Hyperscale SIG. Also in general making the integration touch points with Fedora CI and the other systems as small as possible seems like a good thing. --- plans/run-integration-tests.sh | 114 +++++++++++++++++++++++++++++++++ plans/upstream.fmf | 28 ++++---- 2 files changed, 131 insertions(+), 11 deletions(-) create mode 100755 plans/run-integration-tests.sh diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh new file mode 100755 index 0000000..a06b3a3 --- /dev/null +++ b/plans/run-integration-tests.sh @@ -0,0 +1,114 @@ +#!/bin/bash + +set -eux +set -o pipefail + +# Switch SELinux to permissive if possible, since the tests don't set proper contexts +setenforce 0 || true + +echo "CPU and Memory information:" +lscpu +lsmem + +echo "Clock source: $(cat /sys/devices/system/clocksource/clocksource0/current_clocksource)" + +# Bump inotify limits if we can so nspawn containers don't run out of inotify file descriptors. +sysctl fs.inotify.max_user_watches=65536 || true +sysctl fs.inotify.max_user_instances=1024 || true + +if [[ -n "${KOJI_TASK_ID:-}" ]]; then + koji download-task --noprogress --arch="src,noarch,$(rpm --eval '%{_arch}')" "$KOJI_TASK_ID" +elif [[ -n "${CBS_TASK_ID:-}" ]]; then + cbs download-task --noprogress --arch="src,noarch,$(rpm --eval '%{_arch}')" "$CBS_TASK_ID" +elif [[ -n "${PACKIT_SRPM_URL:-}" ]]; then + COPR_BUILD_ID="$(basename "$(dirname "$PACKIT_SRPM_URL")")" + COPR_CHROOT="$(basename "$(dirname "$(dirname "$PACKIT_BUILD_LOG_URL")")")" + copr download-build --rpms --chroot "$COPR_CHROOT" "$COPR_BUILD_ID" + mv "$COPR_CHROOT"/* . +else + echo "Not running within packit and no CBS/koji task ID provided" + exit 1 +fi + +mkdir systemd +rpm2cpio ./systemd-*.src.rpm | cpio --to-stdout --extract './systemd-*.tar.gz' | tar xz --strip-components=1 -C systemd +pushd systemd + +# Now prepare mkosi at the same version required by the systemd repo. +git clone https://github.com/systemd/mkosi +mkosi_hash="$(grep systemd/mkosi@ .github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" +git -C mkosi checkout "$mkosi_hash" + +export PATH="$PWD/mkosi/bin:$PATH" + +# shellcheck source=/dev/null +. /etc/os-release || . /usr/lib/os-release + +tee mkosi.local.conf < Date: Fri, 21 Mar 2025 14:38:40 +0100 Subject: [PATCH 252/327] Use old setup sysusers files on Fedora < 43 --- systemd.spec | 4 ++++ test_sysusers_defined.py | 10 ++++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 74a2b08..e637cf8 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1062,7 +1062,11 @@ mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ # and https://src.fedoraproject.org/rpms/setup/pull-request/10. # We skip this on upstream builds so that new users and groups # can be added without breaking the build. +%if 0%{?fedora} >= 43 %{python3} %{SOURCE4} /usr/lib/sysusers.d/setup.conf %{buildroot}/usr/lib/sysusers.d/basic.conf +%else +%{python3} %{SOURCE4} /usr/lib/sysusers.d/20-setup-{users,groups}.conf %{buildroot}/usr/lib/sysusers.d/basic.conf +%endif %endif rm %{buildroot}/usr/lib/sysusers.d/basic.conf %endif diff --git a/test_sysusers_defined.py b/test_sysusers_defined.py index 7ea2fea..f6358fb 100755 --- a/test_sysusers_defined.py +++ b/test_sysusers_defined.py @@ -21,8 +21,14 @@ def parse_sysusers_file(filename): assert False return users, groups -setup_users, setup_groups = parse_sysusers_file(sys.argv[1]) -basic_users, basic_groups = parse_sysusers_file(sys.argv[2]) +setup_users, setup_groups = set(), set() + +for arg in sys.argv[1:-1]: + users, groups = parse_sysusers_file(arg) + setup_users |= users + setup_groups |= groups + +basic_users, basic_groups = parse_sysusers_file(sys.argv[-1]) if d := basic_users - setup_users: exit(f'We have new users: {d}') From 2ecfbec1a444a2ec9e3dab91d04565330cf809ea Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 21 Mar 2025 15:59:32 +0100 Subject: [PATCH 253/327] Support specifying extra mkosi repositories to the test script --- plans/run-integration-tests.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index a06b3a3..79bf71c 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -61,6 +61,16 @@ Environment=NO_BUILD=1 WithTests=yes EOF +if [[ -n "${MKOSI_REPOSITORIES:-}" ]]; then + tee --append mkosi.local.conf < Date: Fri, 21 Mar 2025 21:40:07 +0100 Subject: [PATCH 254/327] Make the source tarball glob in the test script more generic If we download the main branch from github by defining %branch, the source tarball will be named main.tar.gz, so let's make the tarball pattern more generic to match. --- plans/run-integration-tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 79bf71c..32751ab 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -31,7 +31,7 @@ else fi mkdir systemd -rpm2cpio ./systemd-*.src.rpm | cpio --to-stdout --extract './systemd-*.tar.gz' | tar xz --strip-components=1 -C systemd +rpm2cpio ./systemd-*.src.rpm | cpio --to-stdout --extract './*.tar.gz' | tar xz --strip-components=1 -C systemd pushd systemd # Now prepare mkosi at the same version required by the systemd repo. From 6f0d03443d2f5695e05146e3bd17f6dab84ab459 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 14 Mar 2025 17:40:59 +0100 Subject: [PATCH 255/327] Fix paths for /usr/sbin/nologin and related progs I noticed that systemd-sysusers creates accounts with /usr/bin/nologin. On merged systems is fine, but would not work for systems where /usr/sbin is still a separate directory and /usr/bin/nologin does not exist. This problem occurs because the meson configuration script discovers the location using $PATH, which on recent builds results in /usr/bin always. Just specify all the paths so that we don't depend on the presence and order of paths in $PATH. --- systemd.spec | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/systemd.spec b/systemd.spec index e637cf8..7767e1f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -859,6 +859,19 @@ CONFIGURE_OPTS=( -Dsystemd-resolve-uid=193 # -Dsystemd-timesync-uid=, not set yet + # Make sure we use the original paths to maintain compatibility + # with unmerged systems + -Dquotaon-path=/usr/sbin/quotaon + -Dquotacheck-path=/usr/sbin/quotacheck + -Dkmod-path=/usr/bin/kmod + -Dkexec-path=/usr/sbin/kexec + -Dsulogin-path=/usr/sbin/sulogin + -Dmount-path=/usr/bin/mount + -Dumount-path=/usr/bin/umount + -Dloadkeys-path=/usr/bin/loadkeys + -Dsetfont-path=/usr/bin/setfont + -Dnologin-path=/usr/sbin/nologin + # For now, let's build the bootloader in the same places where we # built with gnu-efi. Later on, we might want to extend coverage, but # considering that that support is untested, let's not do this now. From d1380dc1146fd81a42dcf685ef4e69780db6fb2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 22 Mar 2025 20:08:53 +0100 Subject: [PATCH 256/327] Add more services to %post for udev and networkd Noticed in https://bugzilla.redhat.com/show_bug.cgi?id=2348669#c25. Most of those units listed don't have an [Install] section, and of those that have, almost all were disabled by default. This might be something to fix, e.g. we might want to enable systemd-udev-load-credentials.service, this is something to consider. But it's clearer if we list all the units that those packages ship. In priciple somebody might ship a preset to enable them. Anyway, the impact of this change is much smaller than might seem at first. But systemd-network-generator.service has an [Install] section and is preset to true, so not listing it in the scriptlets was a visible bug. There's the additional caveat that systemd-network-generator.service is coowned by two packages. The current system does not have a way of handling this properly, because unit enablement is tied to the package install state. Let's just call the scriptlet for this unit twice for now. I think that's not going to cause any real problem. --- systemd.spec | 115 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 111 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index 7767e1f..72afb14 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1187,7 +1187,106 @@ systemctl daemon-reexec || : # a different package version. systemctl --no-reload preset systemd-journald-audit.socket &>/dev/null || : -%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-homed.service %{?want_bootloader:systemd-boot-update.service} systemd-oomd.service systemd-portabled.service systemd-pstore.service systemd-timesyncd.service remote-cryptsetup.target +%global udev_services %{shrink: + cryptsetup-pre.target + cryptsetup.target + hibernate.target + hybrid-sleep.target + initrd-cleanup.service + initrd-fs.target + initrd-parse-etc.service + initrd-root-device.target + initrd-root-fs.target + initrd-switch-root.service + initrd-switch-root.target + initrd-udevadm-cleanup-db.service + initrd-usr-fs.target + initrd.target + integritysetup-pre.target + integritysetup.target + kmod-static-nodes.service + proc-sys-fs-binfmt_misc.automount + proc-sys-fs-binfmt_misc.mount + quotaon-root.service + quotaon@.service + remote-cryptsetup.target + remote-veritysetup.target + sleep.target + suspend-then-hibernate.target + suspend.target + system-systemd\x2dcryptsetup.slice + system-systemd\x2dveritysetup.slice + systemd-backlight@.service + systemd-binfmt.service + systemd-bless-boot.service + systemd-bsod.service + systemd-coredump.socket + systemd-coredump@.service + systemd-fsck-root.service + systemd-fsck@.service + systemd-growfs-root.service + systemd-growfs@.service + systemd-hibernate-clear.service + systemd-hibernate-resume.service + systemd-hibernate.service + systemd-homed-activate.service + systemd-homed-firstboot.service + systemd-homed.service + systemd-hwdb-update.service + systemd-hybrid-sleep.service + systemd-modules-load.service + systemd-network-generator.service + systemd-oomd.service + systemd-oomd.socket + systemd-pcrextend.socket + systemd-pcrextend@.service + systemd-pcrfs-root.service + systemd-pcrfs@.service + systemd-pcrlock-file-system.service + systemd-pcrlock-firmware-code.service + systemd-pcrlock-firmware-config.service + systemd-pcrlock-machine-id.service + systemd-pcrlock-make-policy.service + systemd-pcrlock-secureboot-authority.service + systemd-pcrlock-secureboot-policy.service + systemd-pcrlock.socket + systemd-pcrlock@.service + systemd-pcrmachine.service + systemd-pcrphase-initrd.service + systemd-pcrphase-sysinit.service + systemd-pcrphase.service + systemd-portabled.service + systemd-pstore.service + systemd-quotacheck-root.service + systemd-quotacheck@.service + systemd-random-seed.service + systemd-remount-fs.service + systemd-repart.service + systemd-rfkill.service + systemd-rfkill.socket + systemd-suspend-then-hibernate.service + systemd-suspend.service + systemd-sysctl.service + systemd-timesyncd.service + systemd-tmpfiles-setup-dev-early.service + systemd-tmpfiles-setup-dev.service + systemd-udev-load-credentials.service + systemd-udev-settle.service + systemd-udev-trigger.service + systemd-udevd-control.socket + systemd-udevd-kernel.socket + systemd-udevd.service + systemd-vconsole-setup.service + systemd-volatile-root.service + veritysetup-pre.target + veritysetup.target + %{?want_bootloader: + systemd-boot-random-seed.service + systemd-boot-update.service + systemd-bootctl.socket + systemd-bootctl@.service + } + } %post udev # Move old stuff around in /var/lib @@ -1221,7 +1320,7 @@ grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null && %posttrans udev # Restart some services. # Others are either oneshot services, or sockets, and restarting them causes issues (#1378974) -%systemd_posttrans_with_restart systemd-udevd.service systemd-timesyncd.service +%systemd_posttrans_with_restart systemd-udevd.service systemd-timesyncd.service systemd-homed.service systemd-oomd.service systemd-portabled.service %global journal_remote_units_restart systemd-journal-gatewayd.service systemd-journal-remote.service systemd-journal-upload.service %global journal_remote_units_norestart systemd-journal-gatewayd.socket systemd-journal-remote.socket @@ -1243,6 +1342,14 @@ fi %systemd_posttrans_with_restart %journal_remote_units_restart %firewalld_reload +%global networkd_services %{shrink: + systemd-networkd.service + systemd-networkd.socket + systemd-networkd-wait-online.service + systemd-network-generator.service + systemd-networkd-persistent-storage.service + } + %post networkd # systemd-networkd was split out in systemd-246.6-2. # Ideally, we would have a trigger scriptlet to record enablement @@ -1256,11 +1363,11 @@ fi if [ $1 -eq 1 ] && ls /usr/lib/systemd/libsystemd-shared-24[0-6].so &>/dev/null; then echo "Skipping presets for systemd-networkd.service, seems we are upgrading from old systemd." else - %systemd_post systemd-networkd.service systemd-networkd-wait-online.service + %systemd_post %networkd_services fi %preun networkd -%systemd_preun systemd-networkd.service systemd-networkd-wait-online.service +%systemd_preun %networkd_services %posttrans networkd %systemd_posttrans_with_restart systemd-networkd.service From 59378485beb32bb6da06040a45049b3d09355524 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 21 Mar 2025 11:24:54 +0100 Subject: [PATCH 257/327] Remove purge-nobody-user script The corresponding change proposal is from 2018. Enough time has passed since then that we don't need to carry this around anymore --- purge-nobody-user | 101 ---------------------------------------------- split-files.py | 1 - systemd.spec | 3 -- 3 files changed, 105 deletions(-) delete mode 100755 purge-nobody-user diff --git a/purge-nobody-user b/purge-nobody-user deleted file mode 100755 index 66404fe..0000000 --- a/purge-nobody-user +++ /dev/null @@ -1,101 +0,0 @@ -#!/bin/bash -eu - -if [ $UID -ne 0 ]; then - echo "WARNING: This script needs to run as root to be effective" - exit 1 -fi - -export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 - -if [ "${1:-}" = "--ignore-journal" ]; then - shift - ignore_journal=1 -else - ignore_journal=0 -fi - -echo "Checking processes..." -if ps h -u 99 | grep .; then - echo "ERROR: ps reports processes with UID 99!" - exit 2 -fi -echo "... not found" - -echo "Checking UTMP..." -if w -h 199 | grep . ; then - echo "ERROR: w reports UID 99 as active!" - exit 2 -fi -if w -h nobody | grep . ; then - echo "ERROR: w reports user nobody as active!" - exit 2 -fi -echo "... not found" - -echo "Checking the journal..." -if [ "$ignore_journal" = 0 ] && journalctl -q -b -n10 _UID=99 | grep . ; then - echo "ERROR: journalctl reports messages from UID 99 in current boot!" - exit 2 -fi -echo "... not found" - -echo "Looking for files in /etc, /run, /tmp, and /var..." -if find /etc /run /tmp /var -uid 99 -print | grep -m 10 . ; then - echo "ERROR: found files belonging to UID 99" - exit 2 -fi -echo "... not found" - -echo "Checking if nobody is defined correctly..." -if getent passwd nobody | - grep '^nobody:[x*]:65534:65534:.*:/:/sbin/nologin'; -then - echo "OK, nothing to do." - exit 0 -else - echo "NOTICE: User nobody is not defined correctly" -fi - -echo "Checking if nfsnobody or something else is using the uid..." -if getent passwd 65534 | grep . ; then - echo "NOTICE: will have to remove this user" -else - echo "... not found" -fi - -if [ "${1:-}" = "-x" ]; then - if getent passwd nobody >/dev/null; then - # this will remove both the user and the group. - ( set -x - userdel nobody - ) - fi - - if getent passwd 65534 >/dev/null; then - # Make sure the uid is unused. This should free gid too. - name="$(getent passwd 65534 | cut -d: -f1)" - ( set -x - userdel "$name" - ) - fi - - if grep -qE '^(passwd|group):.*\bsss\b' /etc/nsswitch.conf; then - echo "Sleeping, so sss can catch up" - sleep 3 - fi - - if getent group 65534; then - # Make sure the gid is unused, even if uid wasn't. - name="$(getent group 65534 | cut -d: -f1)" - ( set -x - groupdel "$name" - ) - fi - - # systemd-sysusers uses the same gid and uid - ( set -x - systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin' - ) -else - echo "Pass '-x' to perform changes" -fi diff --git a/split-files.py b/split-files.py index 9114c99..61c539e 100644 --- a/split-files.py +++ b/split-files.py @@ -7,7 +7,6 @@ known_files = ''' %ghost %config(noreplace) /etc/crypttab %ghost %attr(0444,root,root) /etc/udev/hwdb.bin /etc/inittab -/usr/lib/systemd/purge-nobody-user # This directory is owned by openssh-server, but we don't want to introduce # a dependency. So let's copy the config and co-own the directory. %dir %attr(0700,root,root) /etc/ssh/sshd_config.d diff --git a/systemd.spec b/systemd.spec index 72afb14..78bf380 100644 --- a/systemd.spec +++ b/systemd.spec @@ -79,7 +79,6 @@ Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{s # It is generated during systemd build and can be found at build/src/rpm/triggers.systemd.sh. Source1: triggers.systemd Source2: split-files.py -Source3: purge-nobody-user Source4: test_sysusers_defined.py Source6: inittab @@ -940,8 +939,6 @@ touch %{buildroot}/etc/systemd/coredump.conf \ %{buildroot}/etc/udev/udev.conf \ %{buildroot}/etc/udev/iocost.conf -install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3} - # /etc/initab install -Dm0644 -t %{buildroot}/etc/ %{SOURCE6} From 13d523f84d5607b0e062101239cb853949fbffdb Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 24 Mar 2025 14:09:10 +0100 Subject: [PATCH 258/327] Relax dependencies from noarch packages on archful packages for OBS builds In OBS, noarch packages are shared between all architectures and independent architectures can be rebuilt automatically without all the other architectures getting rebuilt. This can result in the noarch packages being newer than the archful packages for some architectures, which means our current strict deps from the noarch packages on the archful packages can't be satisfied. To address this problem, let's relax the dependencies from the noarch packages on the archful packages for OBS builds. Let's only do this for OBS builds because this isn't an issue on Fedora as it's impossible to build a package for only some of the architectures. --- systemd.spec | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index 78bf380..59c906d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -46,6 +46,23 @@ # autorelease correctly if the macro is conditionalized in the Release field. %{?release_override:%global autorelease %{release_override}%{?dist}} +# In OBS, noarch packages are shared between all architectures and +# independent architectures can be rebuilt automatically without all +# the other architectures getting rebuilt. This can result in the noarch +# packages being newer than the archful packages for some architectures, +# which means our current strict deps from the noarch packages on the +# archful packages can't be satisfied. +# +# To address this problem, let's relax the dependencies from the noarch +# packages on the archful packages for OBS builds. Let's only do this for +# OBS builds because this isn't an issue on Fedora as it's impossible to +# build a package for only some of the architectures. +%if %{with obs} +%define noarch_requires_version %{version} +%else +%define noarch_requires_version %{version}-%{release} +%endif + Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by @@ -496,7 +513,7 @@ machine, and to create or grow partitions and make file systems automatically. %package ukify Summary: Tool to build Unified Kernel Images -Requires: %{name} = %{version}-%{release} +Requires: %{name} = %{noarch_requires_version} Requires: (systemd-boot if %{shrink:( filesystem(x86-32) or @@ -620,7 +637,7 @@ devices. %package networkd-defaults Summary: Configure network interfaces with networkd by default -Requires: %{name}-networkd = %{version}-%{release} +Requires: %{name}-networkd = %{noarch_requires_version} License: MIT-0 BuildArch: noarch @@ -643,7 +660,7 @@ resolver, as well as an LLMNR and MulticastDNS resolver and responder. %package oomd-defaults Summary: Configuration files for systemd-oomd -Requires: %{name}-udev = %{version}-%{release} +Requires: %{name}-udev = %{noarch_requires_version} License: LGPL-2.1-or-later BuildArch: noarch From 617952132de4ed882b9b00ceeed077f843130f91 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 27 Mar 2025 21:48:29 +0100 Subject: [PATCH 259/327] Run integration testsuite standalone if available [skip changelog] --- plans/run-integration-tests.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 32751ab..9f8bd5f 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -104,7 +104,11 @@ export TEST_SKIP="TEST-21-DFUZZER" mkosi summary mkosi -f sandbox -- true -mkosi sandbox -- meson setup --buildtype=debugoptimized -Dintegration-tests=true build +if [[ -d test/integration-tests/standalone ]]; then + mkosi sandbox -- meson setup build test/integration-tests/standalone +else + mkosi sandbox -- meson setup -Dintegration-tests=true build +fi mkosi genkey mkosi -f mkosi sandbox -- \ From e2b2ea3776bda9d537cf01012c8b236cdfad4230 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 3 Apr 2025 09:36:37 +0200 Subject: [PATCH 260/327] fmf: Use mkosi/mkosi.local.conf if the mkosi/ directory exists https://github.com/systemd/systemd/pull/36954 will move all the mkosi configuration in the systemd repository into a mkosi/ subdirectory. This means we have to put mkosi.local.conf in that subdirectory as well, so check if the mkosi/ directory exists and put mkosi.local.conf in there if it exists. The mkosi/ directory will conflict with our checkout of mkosi so we move that checkout one level up. Additionally, we can't use .. anymore as the package directory as that only works when mkosi.local.conf is in the top level directory of the repository so we use an absolute path instead. --- plans/run-integration-tests.sh | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 9f8bd5f..1393b72 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -30,39 +30,48 @@ else exit 1 fi +PACKAGEDIR="$PWD" + mkdir systemd rpm2cpio ./systemd-*.src.rpm | cpio --to-stdout --extract './*.tar.gz' | tar xz --strip-components=1 -C systemd -pushd systemd # Now prepare mkosi at the same version required by the systemd repo. git clone https://github.com/systemd/mkosi -mkosi_hash="$(grep systemd/mkosi@ .github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" +mkosi_hash="$(grep systemd/mkosi@ systemd/.github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" git -C mkosi checkout "$mkosi_hash" export PATH="$PWD/mkosi/bin:$PATH" +pushd systemd + # shellcheck source=/dev/null . /etc/os-release || . /usr/lib/os-release -tee mkosi.local.conf < Date: Thu, 3 Apr 2025 09:58:17 +0200 Subject: [PATCH 261/327] Don't try to modify mkosi.repart config if mkosi conf is in subdir [skip changelog] --- plans/run-integration-tests.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 1393b72..976ceda 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -90,8 +90,13 @@ fi # Create missing mountpoint for mkosi sandbox. mkdir -p /etc/pacman.d/gnupg -# TODO: drop once BTRFS regression is fixed -sed -i "s/Format=btrfs/Format=ext4/" mkosi.repart/10-root.conf +# We don't bother with this change if the mkosi configuration is +# in mkosi/ as if that's the case then we know for sure that the +# upstream has this fix as well. +# TODO: drop once BTRFS regression is fixed. +if [[ -f mkosi.repart/10-root.conf ]]; then + sed -i "s/Format=btrfs/Format=ext4/" mkosi.repart/10-root.conf +fi # If we don't have KVM, skip running in qemu, as it's too slow. But try to load the module first. modprobe kvm || true From cc473d807fe58c6a1cd9ade1162517fed66f6090 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 3 Apr 2025 13:05:38 +0200 Subject: [PATCH 262/327] fmf: Check out mkosi to some directory in /var/tmp Using the source tree of the spec can still lead to conflicts if a mkosi/ directory exists there (which is the case in the hyperscale systemd spec repo), so let's check out mkosi in /var/tmp to ensure we don't conflict. --- plans/run-integration-tests.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 976ceda..b3651ba 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -36,11 +36,11 @@ mkdir systemd rpm2cpio ./systemd-*.src.rpm | cpio --to-stdout --extract './*.tar.gz' | tar xz --strip-components=1 -C systemd # Now prepare mkosi at the same version required by the systemd repo. -git clone https://github.com/systemd/mkosi +git clone https://github.com/systemd/mkosi /var/tmp/systemd-integration-tests-mkosi mkosi_hash="$(grep systemd/mkosi@ systemd/.github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" -git -C mkosi checkout "$mkosi_hash" +git -C /var/tmp/systemd-integration-tests-mkosi checkout "$mkosi_hash" -export PATH="$PWD/mkosi/bin:$PATH" +export PATH="/var/tmp/systemd-integration-tests-mkosi/bin:$PATH" pushd systemd From 1126a7c6b80b9d89e7488e5409d4ef549416072a Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 3 Apr 2025 15:23:17 +0200 Subject: [PATCH 263/327] Download commit archives via full sha instead of short one Both work and if we do full sha we can retrieve the full sha from the source filename in the source rpm later on which is useful for various use cases. [skip changelog] --- systemd.spec | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index 59c906d..ecef8f6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,6 +1,3 @@ -#global commit 1781de18ab8ebc3e42a607851d8effb3b0355c87 -%{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} - # We ship a .pc file but don't want to have a dep on pkg-config. We # strip the automatically generated dep here and instead co-own the # directory. @@ -90,7 +87,7 @@ Source0: https://github.com/systemd/systemd/archive/v%{version}/%{name}-% %elif %{defined branch} Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz %elif %{defined commit} -Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{shortcommit}.tar.gz +Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{commit}.tar.gz %endif # This file must be available before %%prep. # It is generated during systemd build and can be found at build/src/rpm/triggers.systemd.sh. From 08ce156d74460867657fb9b201c8be93d31e07de Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 3 Apr 2025 16:32:38 +0200 Subject: [PATCH 264/327] fmf: Run mkosi genkey before mkosi summary Otherwise mkosi summary might fail because the key/cert don't exist yet. [skip changelog] --- plans/run-integration-tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index b3651ba..9d2e852 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -116,6 +116,7 @@ fi # for now. export TEST_SKIP="TEST-21-DFUZZER" +mkosi genkey mkosi summary mkosi -f sandbox -- true if [[ -d test/integration-tests/standalone ]]; then @@ -123,7 +124,6 @@ if [[ -d test/integration-tests/standalone ]]; then else mkosi sandbox -- meson setup -Dintegration-tests=true build fi -mkosi genkey mkosi -f mkosi sandbox -- \ meson test \ From 6646d13acae64665f63354cd60ecf963ee563b96 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 8 Apr 2025 22:02:11 +0200 Subject: [PATCH 265/327] fmf: Run tests from systemd-tests rpm if possible Running from the source tarball implies running with unpatched tests, whereas the same files from the systemd-tests package (which now contains the mkosi and integration test files) will be patched. [skip changelog] --- plans/run-integration-tests.sh | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 9d2e852..9a90fa7 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -32,18 +32,28 @@ fi PACKAGEDIR="$PWD" -mkdir systemd -rpm2cpio ./systemd-*.src.rpm | cpio --to-stdout --extract './*.tar.gz' | tar xz --strip-components=1 -C systemd +# TODO: Remove fallback once v257.6 is released. Also stop downloading source rpms then. + +# This will match both the regular and the debuginfo rpm so make sure we select only the +# non-debuginfo rpm. +RPMS=(systemd-tests-*.rpm) +rpm2cpio "${RPMS[0]}" | cpio --make-directories --extract +if [[ -d usr/lib/systemd/tests/mkosi ]]; then + pushd usr/lib/systemd/tests + mkosi_hash="$(grep "MinimumVersion=commit:" mkosi/mkosi.conf | sed "s|MinimumVersion=commit:||g")" +else + mkdir systemd + rpm2cpio systemd-*.src.rpm | cpio --to-stdout --extract './*.tar.gz' | tar xz --strip-components=1 -C systemd + pushd systemd + mkosi_hash="$(grep systemd/mkosi@ .github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" +fi # Now prepare mkosi at the same version required by the systemd repo. git clone https://github.com/systemd/mkosi /var/tmp/systemd-integration-tests-mkosi -mkosi_hash="$(grep systemd/mkosi@ systemd/.github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" git -C /var/tmp/systemd-integration-tests-mkosi checkout "$mkosi_hash" export PATH="/var/tmp/systemd-integration-tests-mkosi/bin:$PATH" -pushd systemd - # shellcheck source=/dev/null . /etc/os-release || . /usr/lib/os-release @@ -119,7 +129,9 @@ export TEST_SKIP="TEST-21-DFUZZER" mkosi genkey mkosi summary mkosi -f sandbox -- true -if [[ -d test/integration-tests/standalone ]]; then +if [[ -d integration-tests/standalone ]]; then + mkosi sandbox -- meson setup build integration-tests/standalone +elif [[ -d test/integration-tests/standalone ]]; then mkosi sandbox -- meson setup build test/integration-tests/standalone else mkosi sandbox -- meson setup -Dintegration-tests=true build From d30447702396fee8fb4a94ce4e779eaac1aab5ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 9 Apr 2025 22:35:03 +0200 Subject: [PATCH 266/327] Version 257.5 - A lot of small fixes in various components --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 828efd5..eb2dbfc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.4.tar.gz) = dfa0f6de38fa30daffabf6b02d6533ca4e7027188186d7e2e9648b99dad5c4afa30773138f18a34111e7bb2e6ddae8302284429b98b580e757dc67535846afbe +SHA512 (systemd-257.5.tar.gz) = 9e5352c20c9edac53f302a534532035185139998628ed0a85411f440df47f1dd7cce6651aec787484809bb1aa2825008d062714c37936cbfd08451fbe29a998f diff --git a/systemd.spec b/systemd.spec index ecef8f6..95ff25e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -67,7 +67,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:257.4} +Version: %{?version_override}%{!?version_override:257.5} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From f6b814cc0fad58ed1c2e8df7918489bf4217dfaa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 10 Apr 2025 15:52:59 +0200 Subject: [PATCH 267/327] Backport CI fix --- ...imit-the-number-of-iterations-when-t.patch | 62 +++++++++++++++++++ systemd.spec | 3 + 2 files changed, 65 insertions(+) create mode 100644 0001-test-sd-device-limit-the-number-of-iterations-when-t.patch diff --git a/0001-test-sd-device-limit-the-number-of-iterations-when-t.patch b/0001-test-sd-device-limit-the-number-of-iterations-when-t.patch new file mode 100644 index 0000000..8b9dddc --- /dev/null +++ b/0001-test-sd-device-limit-the-number-of-iterations-when-t.patch @@ -0,0 +1,62 @@ +From e35435b0a11e6c61c8c43b0cf8dc65a563b4a670 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 10 Apr 2025 13:51:21 +0200 +Subject: [PATCH] test-sd-device: limit the number of iterations when testing + device parent/child functions + +The test "hangs" and times out on some arm64 machines. It actually works as +expected, but the machine has 2016 children under /sys/devices/system/memory/, +and the tests do a double loop over this, which is slow enough to hit the 120 s +limit. Add a limit on the number of iterations. + +Another option would be to exclude "memory" subsystem. But we may have other +subsystems which have the same problem in the future, so I think it'll be more +robust to not try to limit the fix to a specific subsystem. + +(cherry picked from commit 74cb65e45fbf3468cf6b522e4b4fa568d95f12c6) +--- + src/libsystemd/sd-device/test-sd-device.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/libsystemd/sd-device/test-sd-device.c b/src/libsystemd/sd-device/test-sd-device.c +index 620615b6bb..aa235cf8d0 100644 +--- a/src/libsystemd/sd-device/test-sd-device.c ++++ b/src/libsystemd/sd-device/test-sd-device.c +@@ -456,6 +456,8 @@ static void check_parent_match(sd_device_enumerator *e, sd_device *dev) { + + TEST(sd_device_enumerator_add_match_parent) { + _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; ++ /* Some devices have thousands of children. Avoid spending too much time in the double loop below. */ ++ unsigned iterations = 200; + int r; + + assert_se(sd_device_enumerator_new(&e) >= 0); +@@ -473,6 +475,9 @@ TEST(sd_device_enumerator_add_match_parent) { + const char *syspath; + sd_device *parent; + ++ if (iterations-- == 0) ++ break; ++ + assert_se(sd_device_get_syspath(dev, &syspath) >= 0); + + r = sd_device_get_parent(dev, &parent); +@@ -501,6 +506,8 @@ TEST(sd_device_enumerator_add_match_parent) { + + TEST(sd_device_get_child) { + _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; ++ /* Some devices have thousands of children. Avoid spending too much time in the double loop below. */ ++ unsigned iterations = 3000; + int r; + + assert_se(sd_device_enumerator_new(&e) >= 0); +@@ -534,6 +541,9 @@ TEST(sd_device_get_child) { + FOREACH_DEVICE_CHILD_WITH_SUFFIX(parent, child, suffix) { + const char *s; + ++ if (iterations-- == 0) ++ return; ++ + assert_se(child); + assert_se(suffix); + diff --git a/systemd.spec b/systemd.spec index 95ff25e..1cb135b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -141,6 +141,9 @@ Patch: 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch + +# Backport of CI fix +Patch: 0001-test-sd-device-limit-the-number-of-iterations-when-t.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From f6af46db12a93d9bc8ab097f2fe2b4887543ff80 Mon Sep 17 00:00:00 2001 From: LuK1337 Date: Fri, 18 Apr 2025 00:18:57 +0200 Subject: [PATCH 268/327] Backport adb/fastboot udev rules (BZ#2356537) --- 36939.patch | 44 ++++++++++++++++++++++++++++++++++++++++++++ systemd.spec | 4 ++++ 2 files changed, 48 insertions(+) create mode 100644 36939.patch diff --git a/36939.patch b/36939.patch new file mode 100644 index 0000000..a90d8cc --- /dev/null +++ b/36939.patch @@ -0,0 +1,44 @@ +From 1bd33efc903923b551cfde93457d0c446f7ec253 Mon Sep 17 00:00:00 2001 +From: LuK1337 +Date: Tue, 1 Apr 2025 22:23:06 +0200 +Subject: [PATCH] rules: Make ADB and fastboot work out-of-the-box + +https://android.googlesource.com/platform/packages/modules/adb/+/d0db47dcdf941673f405e1095e6ffb5e565902e5/adb.h#199 +https://android.googlesource.com/platform/system/core/+/7199051aaf0ddfa2849650933119307327d8669c/fastboot/fastboot.cpp#244 +--- + rules.d/70-uaccess.rules.in | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/rules.d/70-uaccess.rules.in b/rules.d/70-uaccess.rules.in +index 046f169e447b9..96b61cec32b25 100644 +--- a/rules.d/70-uaccess.rules.in ++++ b/rules.d/70-uaccess.rules.in +@@ -77,6 +77,20 @@ ENV{DDC_DEVICE}=="?*", TAG+="uaccess" + # media player raw devices (for user-mode drivers, Android SDK, etc.) + SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="uaccess" + ++# Android devices (ADB DbC, ADB, Fastboot) ++# Used to interact with devices over Android Debug Bridge and Fastboot protocols, see: ++# * https://developer.android.com/tools/adb ++# * https://source.android.com/docs/setup/test/running ++# * https://source.android.com/docs/setup/test/flash ++# ++# The bInterfaceClass and bInterfaceSubClass used are documented in source code here: ++# * https://android.googlesource.com/platform/packages/modules/adb/+/d0db47dcdf941673f405e1095e6ffb5e565902e5/adb.h#199 ++# * https://android.googlesource.com/platform/system/core/+/7199051aaf0ddfa2849650933119307327d8669c/fastboot/fastboot.cpp#244 ++# ++# Since it's using a generic vendor specific interface class, this can potentially result ++# in a rare case where non-ADB/Fastboot device ends up with an ID_DEBUG_APPLIANCE="android". ++SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:dc0201:*|*:ff4201:*|*:ff4203:*", ENV{ID_DEBUG_APPLIANCE}="android" ++ + # software-defined radio communication devices + ENV{ID_SOFTWARE_RADIO}=="?*", TAG+="uaccess" + +@@ -111,4 +125,7 @@ SUBSYSTEM=="hidraw", ENV{ID_HARDWARE_WALLET}=="1", TAG+="uaccess" + # As defined in https://en.wikipedia.org/wiki/3Dconnexion + SUBSYSTEM=="hidraw", ENV{ID_INPUT_3D_MOUSE}=="1", TAG+="uaccess" + ++# Debug interfaces (e.g. Android Debug Bridge) ++ENV{ID_DEBUG_APPLIANCE}=="?*", TAG+="uaccess" ++ + LABEL="uaccess_end" diff --git a/systemd.spec b/systemd.spec index 1cb135b..fa5ad80 100644 --- a/systemd.spec +++ b/systemd.spec @@ -138,6 +138,10 @@ Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch # https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers. Patch: 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch +# Backport of adb/fastboot udev rules: +# https://bugzilla.redhat.com/show_bug.cgi?id=2356537 +Patch: https://github.com/systemd/systemd/pull/36939.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch From 451184cbea3d4dfc9310fd6abe47221d942ad0ab Mon Sep 17 00:00:00 2001 From: LuK1337 Date: Fri, 2 May 2025 09:54:13 +0200 Subject: [PATCH 269/327] Revert "Disable freezing of user sessions" This breaks suspend on my machine as of Linux 6.14, furthermore both linked issues in rhbz#2321268 are closed and fixed in Linux upstream. This reverts commit 6162965002f9e6052e0ce8d6810028da4679e55a. --- systemd.spec | 9 --------- 1 file changed, 9 deletions(-) diff --git a/systemd.spec b/systemd.spec index fa5ad80..4949a58 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1111,15 +1111,6 @@ mv %{buildroot}/usr/lib/tmpfiles.d/20-systemd-userdb.conf{,.example} install -m 0644 -t %{buildroot}%{_prefix}/lib/pam.d/ %{SOURCE26} -# Disable freezing of user sessions while we're working out the details. -mkdir -p %{buildroot}/usr/lib/systemd/system/service.d/ -cat >>%{buildroot}/usr/lib/systemd/system/service.d/50-keep-warm.conf < Date: Thu, 8 May 2025 14:14:40 +0200 Subject: [PATCH 270/327] Move mount.ddi symlinks to -container subpackage Those symlinks point to systemd-dissect, so with just the main subpackage installed, the symlink was dangling. --- split-files.py | 1 + 1 file changed, 1 insertion(+) diff --git a/split-files.py b/split-files.py index 61c539e..9afeaeb 100644 --- a/split-files.py +++ b/split-files.py @@ -148,6 +148,7 @@ for file in files(buildroot): elif re.search(r'''mymachines| machinectl| + mount.ddi| importctl| portablectl| systemd-nspawn| From 5a53eac13c5e0c1c1700957420fd19ecf4a6aab9 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Tue, 20 May 2025 12:48:35 +0200 Subject: [PATCH 271/327] Package pcrlock files together with systemd-pcrlock ... (rhbz#2366948) --- split-files.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/split-files.py b/split-files.py index 9afeaeb..0cf0f6c 100644 --- a/split-files.py +++ b/split-files.py @@ -129,7 +129,7 @@ for file in files(buildroot): o = outputs['shared'] elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n): o = outputs['udev'] - elif re.search(r'/lib.*\.pc|/man3/|/usr/include|\.so$', n): + elif re.search(r'/lib.*\.pc$|/man3/|/usr/include|\.so$', n): o = outputs['devel'] elif re.search(r'''journal-(remote|gateway|upload)| systemd-remote\.conf| @@ -234,7 +234,8 @@ for file in files(buildroot): integritytab| remount-fs| /initrd| - systemd-pcr| + systemd[.-]pcr| + /pcrlock\.d| systemd-measure| /boot$| /kernel/| From ed6b885327a9a46dc692576220e2187b9b6ff0e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 29 May 2025 18:57:50 +0200 Subject: [PATCH 272/327] Version 257.6 - Fix for local information disclosure in systemd-coredump (CVE-2025-4598) - Fixes for systemd itself, run0, systemd-networkd, "secure" pager, man pages, shell completions, sd-boot, sd-varlink - Hardware database update --- ...imit-the-number-of-iterations-when-t.patch | 62 ------------------- 36939.patch | 44 ------------- sources | 2 +- systemd.spec | 12 +--- 4 files changed, 4 insertions(+), 116 deletions(-) delete mode 100644 0001-test-sd-device-limit-the-number-of-iterations-when-t.patch delete mode 100644 36939.patch diff --git a/0001-test-sd-device-limit-the-number-of-iterations-when-t.patch b/0001-test-sd-device-limit-the-number-of-iterations-when-t.patch deleted file mode 100644 index 8b9dddc..0000000 --- a/0001-test-sd-device-limit-the-number-of-iterations-when-t.patch +++ /dev/null @@ -1,62 +0,0 @@ -From e35435b0a11e6c61c8c43b0cf8dc65a563b4a670 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 10 Apr 2025 13:51:21 +0200 -Subject: [PATCH] test-sd-device: limit the number of iterations when testing - device parent/child functions - -The test "hangs" and times out on some arm64 machines. It actually works as -expected, but the machine has 2016 children under /sys/devices/system/memory/, -and the tests do a double loop over this, which is slow enough to hit the 120 s -limit. Add a limit on the number of iterations. - -Another option would be to exclude "memory" subsystem. But we may have other -subsystems which have the same problem in the future, so I think it'll be more -robust to not try to limit the fix to a specific subsystem. - -(cherry picked from commit 74cb65e45fbf3468cf6b522e4b4fa568d95f12c6) ---- - src/libsystemd/sd-device/test-sd-device.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/src/libsystemd/sd-device/test-sd-device.c b/src/libsystemd/sd-device/test-sd-device.c -index 620615b6bb..aa235cf8d0 100644 ---- a/src/libsystemd/sd-device/test-sd-device.c -+++ b/src/libsystemd/sd-device/test-sd-device.c -@@ -456,6 +456,8 @@ static void check_parent_match(sd_device_enumerator *e, sd_device *dev) { - - TEST(sd_device_enumerator_add_match_parent) { - _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; -+ /* Some devices have thousands of children. Avoid spending too much time in the double loop below. */ -+ unsigned iterations = 200; - int r; - - assert_se(sd_device_enumerator_new(&e) >= 0); -@@ -473,6 +475,9 @@ TEST(sd_device_enumerator_add_match_parent) { - const char *syspath; - sd_device *parent; - -+ if (iterations-- == 0) -+ break; -+ - assert_se(sd_device_get_syspath(dev, &syspath) >= 0); - - r = sd_device_get_parent(dev, &parent); -@@ -501,6 +506,8 @@ TEST(sd_device_enumerator_add_match_parent) { - - TEST(sd_device_get_child) { - _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; -+ /* Some devices have thousands of children. Avoid spending too much time in the double loop below. */ -+ unsigned iterations = 3000; - int r; - - assert_se(sd_device_enumerator_new(&e) >= 0); -@@ -534,6 +541,9 @@ TEST(sd_device_get_child) { - FOREACH_DEVICE_CHILD_WITH_SUFFIX(parent, child, suffix) { - const char *s; - -+ if (iterations-- == 0) -+ return; -+ - assert_se(child); - assert_se(suffix); - diff --git a/36939.patch b/36939.patch deleted file mode 100644 index a90d8cc..0000000 --- a/36939.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 1bd33efc903923b551cfde93457d0c446f7ec253 Mon Sep 17 00:00:00 2001 -From: LuK1337 -Date: Tue, 1 Apr 2025 22:23:06 +0200 -Subject: [PATCH] rules: Make ADB and fastboot work out-of-the-box - -https://android.googlesource.com/platform/packages/modules/adb/+/d0db47dcdf941673f405e1095e6ffb5e565902e5/adb.h#199 -https://android.googlesource.com/platform/system/core/+/7199051aaf0ddfa2849650933119307327d8669c/fastboot/fastboot.cpp#244 ---- - rules.d/70-uaccess.rules.in | 17 +++++++++++++++++ - 1 file changed, 17 insertions(+) - -diff --git a/rules.d/70-uaccess.rules.in b/rules.d/70-uaccess.rules.in -index 046f169e447b9..96b61cec32b25 100644 ---- a/rules.d/70-uaccess.rules.in -+++ b/rules.d/70-uaccess.rules.in -@@ -77,6 +77,20 @@ ENV{DDC_DEVICE}=="?*", TAG+="uaccess" - # media player raw devices (for user-mode drivers, Android SDK, etc.) - SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="uaccess" - -+# Android devices (ADB DbC, ADB, Fastboot) -+# Used to interact with devices over Android Debug Bridge and Fastboot protocols, see: -+# * https://developer.android.com/tools/adb -+# * https://source.android.com/docs/setup/test/running -+# * https://source.android.com/docs/setup/test/flash -+# -+# The bInterfaceClass and bInterfaceSubClass used are documented in source code here: -+# * https://android.googlesource.com/platform/packages/modules/adb/+/d0db47dcdf941673f405e1095e6ffb5e565902e5/adb.h#199 -+# * https://android.googlesource.com/platform/system/core/+/7199051aaf0ddfa2849650933119307327d8669c/fastboot/fastboot.cpp#244 -+# -+# Since it's using a generic vendor specific interface class, this can potentially result -+# in a rare case where non-ADB/Fastboot device ends up with an ID_DEBUG_APPLIANCE="android". -+SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:dc0201:*|*:ff4201:*|*:ff4203:*", ENV{ID_DEBUG_APPLIANCE}="android" -+ - # software-defined radio communication devices - ENV{ID_SOFTWARE_RADIO}=="?*", TAG+="uaccess" - -@@ -111,4 +125,7 @@ SUBSYSTEM=="hidraw", ENV{ID_HARDWARE_WALLET}=="1", TAG+="uaccess" - # As defined in https://en.wikipedia.org/wiki/3Dconnexion - SUBSYSTEM=="hidraw", ENV{ID_INPUT_3D_MOUSE}=="1", TAG+="uaccess" - -+# Debug interfaces (e.g. Android Debug Bridge) -+ENV{ID_DEBUG_APPLIANCE}=="?*", TAG+="uaccess" -+ - LABEL="uaccess_end" diff --git a/sources b/sources index eb2dbfc..3600679 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.5.tar.gz) = 9e5352c20c9edac53f302a534532035185139998628ed0a85411f440df47f1dd7cce6651aec787484809bb1aa2825008d062714c37936cbfd08451fbe29a998f +SHA512 (systemd-257.6.tar.gz) = ceed65196d4235f53db00f5970eadff79149629d8c34f79593d0b326ece536ea0b4f97192458989b5fccbd9438bb2dbb0abda2a5e6c3449a709c9a0889e29d3d diff --git a/systemd.spec b/systemd.spec index 4949a58..990e4b1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -67,7 +67,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:257.5} +Version: %{?version_override}%{!?version_override:257.6} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif @@ -128,6 +128,8 @@ Patch: https://github.com/systemd/systemd/pull/26494.patch %endif %if %{without upstream} +# Those are downstream-only patches, but we don't want them in packit builds. + # Temporarily drop use of PrivateTmp=disconnected. This is causing failures # in various places: # https://bugzilla.redhat.com/show_bug.cgi?id=2334015 @@ -138,16 +140,8 @@ Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch # https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers. Patch: 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch -# Backport of adb/fastboot udev rules: -# https://bugzilla.redhat.com/show_bug.cgi?id=2356537 -Patch: https://github.com/systemd/systemd/pull/36939.patch - -# Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch - -# Backport of CI fix -Patch: 0001-test-sd-device-limit-the-number-of-iterations-when-t.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From 92c16c1daba4375f394b256d6dc2198232edbc87 Mon Sep 17 00:00:00 2001 From: Matteo Croce Date: Wed, 16 Apr 2025 15:39:33 +0200 Subject: [PATCH 273/327] Let systemd-{sysusers,shared} conflict with older systemd When downgrading to package versions before 257.3-6 we have this error: Error: Transaction test error: file /usr/bin/systemd-sysusers from install of systemd-257-9.el10.x86_64 conflicts with file from package systemd-sysusers-258~devel-20250416115850.el10.x86_64 Add Conflicts on systemd-sysusers subpackage to allow downgrades across version 257.3-6. --- systemd.spec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/systemd.spec b/systemd.spec index 990e4b1..977a88f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -389,6 +389,10 @@ Libraries for systemd and udev. %package shared Summary: Internal systemd shared library License: LGPL-2.1-or-later AND MIT +# in 257.3-6 /usr/lib64/systemd/libsystemd-shared-257.2-14.fc42.so +# was moved from package systemd to systemd-shared. +# Add a conflit to allow downgrades across this change. +Conflicts: %{name} < 257.3-6 %description shared Internal libraries used by various systemd binaries. @@ -415,6 +419,9 @@ for information how to use those macros. Summary: systemd-sysusers program Requires: %{name}-shared%{_isa} = %{version}-%{release} Conflicts: %{name}-standalone-sysusers +# in 257.3-6 /usr/bin/systemd-sysusers was moved from package systemd +# to systemd-sysusers. Add a conflit to allow downgrades across this change. +Conflicts: %{name} < 257.3-6 %description sysusers This package contains the systemd-sysusers program. From 7de88c66bdc26920db570e67ef74e579f8461d9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 5 Jun 2025 01:08:22 +0200 Subject: [PATCH 274/327] Do not mark symlinks as %ghost When testing build reproducibility, we got the following result: + rpmdiff cache/rpms/systemd-257.6-1.fc43/systemd-257.6-1.fc43.x86_64.rpm \ cache/build/systemd-257.6-1.fc43/rebuild/systemd-257.6-1.fc43.x86_64.rpm ......V..F. /etc/xdg/systemd/user This is because we'd apply %ghost to a symlink to a directory, if the directory stat reported 0 blocks. It seems that this depends on the filesystem type or something and didn't pop up in previous rebuilds. The first chunk is a noop to increase clarity. The resulting difference from this patch in the file list: $ diff -u systemd-257.6-build/systemd-257.6/.file-list-main{.0,} -%config(noreplace) %ghost /etc/xdg/systemd/user +%config(noreplace) /etc/xdg/systemd/user --- split-files.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/split-files.py b/split-files.py index 0cf0f6c..d533c51 100644 --- a/split-files.py +++ b/split-files.py @@ -270,13 +270,13 @@ for file in files(buildroot): if n in known_files: prefix = known_files[n].split()[:-1] - elif file.is_dir() and not file.is_symlink(): + elif file.is_dir(follow_symlinks=False): prefix = ['%dir'] elif 'README' in n: prefix = ['%doc'] elif n.startswith('/etc'): prefix = ['%config(noreplace)'] - if file.stat().st_size == 0: + if not file.is_symlink() and file.stat().st_size == 0: prefix += ['%ghost'] else: prefix = [] From 5d30fd3b269b979fb982df7439aac568ddf5e53c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 26 Jun 2025 14:17:05 +0200 Subject: [PATCH 275/327] Version 257.7 - Fixes for systemd itself, systemd-repart, systemd-resolved, systemd-vmspawn, systemd-networkd, resolvectl, bootctl, the shared library code, man pages, shell completions, and tests. - Hardware database is updated. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 3600679..5c43434 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.6.tar.gz) = ceed65196d4235f53db00f5970eadff79149629d8c34f79593d0b326ece536ea0b4f97192458989b5fccbd9438bb2dbb0abda2a5e6c3449a709c9a0889e29d3d +SHA512 (systemd-257.7.tar.gz) = fdc7c0153432b261ad8018c869dc714ce1d6d2a8428bdec46f7c5f120b196d3a553a375ae433f0c166c57b6e8b3c56549f585349b7b6ff83c2a86a32982d8411 diff --git a/systemd.spec b/systemd.spec index 977a88f..d57bd48 100644 --- a/systemd.spec +++ b/systemd.spec @@ -67,7 +67,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:257.6} +Version: %{?version_override}%{!?version_override:257.7} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From 40b38a04d27fd2a8b6fc277df67e14a0abbb3cfc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 2 Jul 2025 16:21:29 +0200 Subject: [PATCH 276/327] Build docs on 64-bit architectures only In the light of the recent discussion about dropping i686 packages, let's stop building our docs there. This reduces the amount of tools needed in the mock root. Unfortunately we need to move the man page out of the noarch ukify subpackage, because it needs to be the same on all architectures where it is built. --- split-files.py | 2 +- systemd.spec | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/split-files.py b/split-files.py index d533c51..5b20b85 100644 --- a/split-files.py +++ b/split-files.py @@ -121,7 +121,7 @@ for file in files(buildroot): o = outputs['rpm-macros'] elif '/usr/lib/systemd/tests' in n: o = outputs['tests'] - elif 'ukify' in n: + elif 'ukify' in n and '/man/' not in n: o = outputs['ukify'] elif re.search(r'/libsystemd-core-.*\.so$', n): o = outputs['main'] diff --git a/systemd.spec b/systemd.spec index d57bd48..056f7a6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -24,7 +24,8 @@ %bcond bootstrap 0 %bcond tests 1 %bcond lto 1 -%bcond docs 1 +# Build docs on 64-bit architectures only +%bcond docs %[%{?__isa_bits} >= 64] # Build from git main %bcond upstream 0 From ed7d2f11320e3d185bb378abdf422541b845bad4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 8 Jul 2025 12:50:10 +0200 Subject: [PATCH 277/327] Add "test" that LTO effectively removes unused code from shared lib --- systemd.spec | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/systemd.spec b/systemd.spec index 056f7a6..9f1c661 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1128,6 +1128,14 @@ BRP_PESIGN_FILES=/usr/lib/systemd/boot/efi/systemd-boot%{efi_arch}.efi BRP_PESIG meson test -C %{_vpath_builddir} -t 6 --print-errorlogs %endif +%if %{with lto} +# Make sure that LTO is effective at removing unused code. When compiled +# without LTO, we end up with all of libbasic_static.a in libsystemd.so. +# For example, all the configuration stuff is not needed for libsystemd.so. +# Make sure it is gone. +(! strings %{buildroot}%{_libdir}/libsystemd.so | grep Config) +%endif + ############################################################################################# %if %{without upstream} || (0%{?fedora} < 41 && 0%{?rhel} < 11) From 98cc5fd91a04856a5d5c6a4c41f3294327e14146 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 23 Jul 2025 22:50:45 +0200 Subject: [PATCH 278/327] Version 258~rc1 - See https://raw.githubusercontent.com/systemd/systemd/v258-rc1/NEWS. Too many changes to list or discuss here. --- ...dit-events-for-user-and-group-creati.patch | 287 ------------------ 30846.patch | 15 +- sources | 2 +- split-files.py | 2 +- systemd.spec | 15 +- 5 files changed, 17 insertions(+), 304 deletions(-) delete mode 100644 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch diff --git a/0002-sysusers-emit-audit-events-for-user-and-group-creati.patch b/0002-sysusers-emit-audit-events-for-user-and-group-creati.patch deleted file mode 100644 index d442f5a..0000000 --- a/0002-sysusers-emit-audit-events-for-user-and-group-creati.patch +++ /dev/null @@ -1,287 +0,0 @@ -From 398049208b4aae5f2a9f0d4914dee6ab6e101118 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 10 Jan 2025 15:35:13 +0100 -Subject: [PATCH 2/2] sysusers: emit audit events for user and group creation - -Background: Fedora/RHEL are switching to sysusers.d metadata for creation of -users and groups for system users defined by packages -(https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers). -Packages carry sysusers files. During package installation, rpm calls an -program to execute on this config. This program may either be -/usr/lib/rpm/sysusers.sh which calls useradd/groupadd, or -/usr/bin/systemd-sysusers. To match the functionality provided by -useradd/groupadd from the shadow-utils project, systemd-sysusers must emit -audit events so that it provides a drop-in replacement. - -systemd-sysuers will emit audit events AUDIT_ADD_USER/AUDIT_ADD_GROUP when -adding users and groups. The operation "names" are copied from shadow-utils in -Fedora (which has a patch to change them from the upstream version), so the -format of the events that is generated on success should be identical. - -The helper code is shared between sysusers and utmp-wtmp. I changed the -audit_fd variable to be unconditional. This way we can avoid ugly iffdefery -every time the variable would be used. The cost is that 4 bytes of unused -storage might be present. This is negligible, and the compiler might even be -able to optimize that away if it inlines things. ---- - src/basic/audit-util.h | 33 +++++++++++++++++++++ - src/sysusers/meson.build | 2 ++ - src/sysusers/sysusers.c | 56 +++++++++++++++++++++++++++++++++++ - src/update-utmp/update-utmp.c | 23 ++------------ - 4 files changed, 94 insertions(+), 20 deletions(-) - -diff --git a/src/basic/audit-util.h b/src/basic/audit-util.h -index 9a74e4f102..d8ecf14f69 100644 ---- a/src/basic/audit-util.h -+++ b/src/basic/audit-util.h -@@ -1,10 +1,16 @@ - /* SPDX-License-Identifier: LGPL-2.1-or-later */ - #pragma once - -+#if HAVE_AUDIT -+# include -+#endif -+ - #include - #include - #include - -+#include "errno-util.h" -+#include "log.h" - #include "pidref.h" - - #define AUDIT_SESSION_INVALID UINT32_MAX -@@ -17,3 +23,30 @@ bool use_audit(void); - static inline bool audit_session_is_valid(uint32_t id) { - return id > 0 && id != AUDIT_SESSION_INVALID; - } -+ -+/* The wrappers for audit_open() and audit_close() are inline functions so that we don't get a spurious -+ * linkage to libaudit in libbasic, but we also don't need to create a separate source file for two very -+ * short functions. */ -+ -+static inline int close_audit_fd(int fd) { -+#if HAVE_AUDIT -+ if (fd >= 0) -+ audit_close(fd); -+#else -+ assert(fd < 0); -+#endif -+ return -EBADF; -+} -+ -+static inline int open_audit_fd_or_warn(void) { -+ int fd = -EBADF; -+ -+#if HAVE_AUDIT -+ /* If the kernel lacks netlink or audit support, don't worry about it. */ -+ fd = audit_open(); -+ if (fd < 0) -+ return log_full_errno(ERRNO_IS_NOT_SUPPORTED(errno) ? LOG_DEBUG : LOG_WARNING, -+ errno, "Failed to connect to audit log, ignoring: %m"); -+#endif -+ return fd; -+} -diff --git a/src/sysusers/meson.build b/src/sysusers/meson.build -index 123ff41d3f..c968f55110 100644 ---- a/src/sysusers/meson.build -+++ b/src/sysusers/meson.build -@@ -9,6 +9,7 @@ executables += [ - 'name' : 'systemd-sysusers', - 'public' : true, - 'sources' : files('sysusers.c'), -+ 'dependencies' : libaudit, - }, - executable_template + { - 'name' : 'systemd-sysusers.standalone', -@@ -20,6 +21,7 @@ executables += [ - libshared_static, - libsystemd_static, - ], -+ 'dependencies' : libaudit, - 'build_by_default' : have_standalone_binaries, - 'install' : have_standalone_binaries, - }, -diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c -index 44253483db..84eb9fc0c3 100644 ---- a/src/sysusers/sysusers.c -+++ b/src/sysusers/sysusers.c -@@ -3,6 +3,7 @@ - #include - - #include "alloc-util.h" -+#include "audit-util.h" - #include "build.h" - #include "chase.h" - #include "conf-files.h" -@@ -106,6 +107,8 @@ STATIC_DESTRUCTOR_REGISTER(arg_image, freep); - STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep); - - typedef struct Context { -+ int audit_fd; -+ - OrderedHashmap *users, *groups; - OrderedHashmap *todo_uids, *todo_gids; - OrderedHashmap *members; -@@ -126,6 +129,8 @@ typedef struct Context { - static void context_done(Context *c) { - assert(c); - -+ c->audit_fd = close_audit_fd(c->audit_fd); -+ - ordered_hashmap_free(c->groups); - ordered_hashmap_free(c->users); - ordered_hashmap_free(c->members); -@@ -163,6 +168,48 @@ static void maybe_emit_login_defs_warning(Context *c) { - c->login_defs_need_warning = false; - } - -+static void log_audit_accounts(Context *c, ItemType what) { -+#if HAVE_AUDIT -+ assert(c); -+ assert(IN_SET(what, ADD_USER, ADD_GROUP)); -+ -+ if (arg_dry_run || c->audit_fd < 0) -+ return; -+ -+ Item *i; -+ int type = what == ADD_USER ? AUDIT_ADD_USER : AUDIT_ADD_GROUP; -+ const char *op = what == ADD_USER ? "adding-user" : "adding-group"; -+ -+ /* Notes: -+ * -+ * The op must not contain whitespace. The format with a dash matches what Fedora shadow-utils uses. -+ * -+ * We send id == -1, even though we know the number, in particular on success. This is because if we -+ * send the id, the generated audit message will not contain the name. The name seems more useful -+ * than the number, hence send just the name: -+ * -+ * type=ADD_USER msg=audit(01/10/2025 16:02:00.639:3854) : -+ * pid=3846380 uid=root auid=zbyszek ses=2 msg='op=adding-user id=unknown(952) exe=systemd-sysusers ... res=success' -+ * vs. -+ * type=ADD_USER msg=audit(01/10/2025 16:03:15.457:3908) : -+ * pid=3846607 uid=root auid=zbyszek ses=2 msg='op=adding-user acct=foo5 exe=systemd-sysusers ... res=success' -+ */ -+ -+ ORDERED_HASHMAP_FOREACH(i, what == ADD_USER ? c->todo_uids : c->todo_gids) -+ audit_log_acct_message( -+ c->audit_fd, -+ type, -+ program_invocation_short_name, -+ op, -+ i->name, -+ /* id= */ (unsigned) -1, -+ /* host= */ NULL, -+ /* addr= */ NULL, -+ /* tty= */ NULL, -+ /* success= */ 1); -+#endif -+} -+ - static int load_user_database(Context *c) { - _cleanup_fclose_ FILE *f = NULL; - const char *passwd_path; -@@ -971,6 +1018,8 @@ static int write_files(Context *c) { - group_tmp, group_path); - group_tmp = mfree(group_tmp); - } -+ /* OK, we have written the group entries successfully */ -+ log_audit_accounts(c, ADD_GROUP); - if (gshadow) { - r = rename_and_apply_smack_floor_label(gshadow_tmp, gshadow_path); - if (r < 0) -@@ -988,6 +1037,8 @@ static int write_files(Context *c) { - - passwd_tmp = mfree(passwd_tmp); - } -+ /* OK, we have written the user entries successfully */ -+ log_audit_accounts(c, ADD_USER); - if (shadow) { - r = rename_and_apply_smack_floor_label(shadow_tmp, shadow_path); - if (r < 0) -@@ -2232,6 +2283,7 @@ static int run(int argc, char *argv[]) { - #endif - _cleanup_close_ int lock = -EBADF; - _cleanup_(context_done) Context c = { -+ .audit_fd = -EBADF, - .search_uid = UID_INVALID, - }; - -@@ -2281,6 +2333,10 @@ static int run(int argc, char *argv[]) { - assert(!arg_image); - #endif - -+ /* Prepare to emit audit events, but only if we're operating on the host system. */ -+ if (!arg_root) -+ c.audit_fd = open_audit_fd_or_warn(); -+ - /* If command line arguments are specified along with --replace, read all configuration files and - * insert the positional arguments at the specified place. Otherwise, if command line arguments are - * specified, execute just them, and finally, without --replace= or any positional arguments, just -diff --git a/src/update-utmp/update-utmp.c b/src/update-utmp/update-utmp.c -index a10e6d478a..6df9414063 100644 ---- a/src/update-utmp/update-utmp.c -+++ b/src/update-utmp/update-utmp.c -@@ -5,12 +5,9 @@ - #include - #include - --#if HAVE_AUDIT --#include --#endif -- - #include "sd-bus.h" - -+#include "audit-util.h" - #include "alloc-util.h" - #include "bus-error.h" - #include "bus-locator.h" -@@ -30,20 +27,14 @@ - - typedef struct Context { - sd_bus *bus; --#if HAVE_AUDIT - int audit_fd; --#endif - } Context; - - static void context_clear(Context *c) { - assert(c); - - c->bus = sd_bus_flush_close_unref(c->bus); --#if HAVE_AUDIT -- if (c->audit_fd >= 0) -- audit_close(c->audit_fd); -- c->audit_fd = -EBADF; --#endif -+ c->audit_fd = close_audit_fd(c->audit_fd); - } - - static int get_startup_monotonic_time(Context *c, usec_t *ret) { -@@ -256,22 +247,14 @@ static int run(int argc, char *argv[]) { - }; - - _cleanup_(context_clear) Context c = { --#if HAVE_AUDIT - .audit_fd = -EBADF, --#endif - }; - - log_setup(); - - umask(0022); - --#if HAVE_AUDIT -- /* If the kernel lacks netlink or audit support, don't worry about it. */ -- c.audit_fd = audit_open(); -- if (c.audit_fd < 0) -- log_full_errno(IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT) ? LOG_DEBUG : LOG_WARNING, -- errno, "Failed to connect to audit log, ignoring: %m"); --#endif -+ c.audit_fd = open_audit_fd_or_warn(); - - return dispatch_verb(argc, argv, verbs, &c); - } --- -2.47.1 - diff --git a/30846.patch b/30846.patch index ca9cffb..77da69f 100644 --- a/30846.patch +++ b/30846.patch @@ -1,4 +1,4 @@ -From 9e3d6b193d79ce447cd329617ada941f331570a9 Mon Sep 17 00:00:00 2001 +From 07bedc8f93277f705622625f440a1f56ccff1cd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 9 Jan 2024 11:28:04 +0100 Subject: [PATCH] journal: again create user journals for users with high uids @@ -39,17 +39,18 @@ revert the change to fix user systems. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843. --- - src/basic/uid-classification.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + src/basic/uid-classification.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/basic/uid-classification.c b/src/basic/uid-classification.c -index e2d2cebc6de27..2c8b06c0d3088 100644 +index 203ce2c68a..2eb384395d 100644 --- a/src/basic/uid-classification.c +++ b/src/basic/uid-classification.c -@@ -127,5 +127,5 @@ bool uid_for_system_journal(uid_t uid) { +@@ -129,5 +129,6 @@ bool uid_for_system_journal(uid_t uid) { /* Returns true if the specified UID shall get its data stored in the system journal. */ -- return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY || uid_is_container(uid); -+ return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY; +- return uid_is_system(uid) || uid_is_dynamic(uid) || uid_is_greeter(uid) || uid == UID_NOBODY || uid_is_container(uid) || uid_is_foreign(uid); ++ return uid_is_system(uid) || uid_is_dynamic(uid) || uid_is_greeter(uid) || uid == UID_NOBODY || uid_is_foreign(uid); ++ } diff --git a/sources b/sources index 5c43434..f685aed 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.7.tar.gz) = fdc7c0153432b261ad8018c869dc714ce1d6d2a8428bdec46f7c5f120b196d3a553a375ae433f0c166c57b6e8b3c56549f585349b7b6ff83c2a86a32982d8411 +SHA512 (systemd-258-rc1.tar.gz) = 4dff1d4de6deb085cfa6827208692fe84a3adfe04f048d7a88e6f980ce11afee3cc53f2e7f1bc878480f24a085c0acff84b64c150032dde235a279c742dbff08 diff --git a/split-files.py b/split-files.py index 5b20b85..8405956 100644 --- a/split-files.py +++ b/split-files.py @@ -155,7 +155,7 @@ for file in files(buildroot): systemd\.nspawn| systemd-vmspawn| systemd-dissect| - import-pubring.gpg| + import-pubring| systemd-machined| systemd-import| systemd-export| diff --git a/systemd.spec b/systemd.spec index 9f1c661..cbbce96 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:257.7} +Version: %{?version_override}%{!?version_override:258~rc1} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif @@ -84,7 +84,7 @@ Summary: System and Service Manager # packit will always rewrite the first Source0 it finds, ignoring any conditionals so list # the fallback source that's used if neither %%branch nor %%commit are defined first. %if %{undefined branch} && %{undefined commit} -Source0: https://github.com/systemd/systemd/archive/v%{version}/%{name}-%{version}.tar.gz +Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %elif %{defined branch} Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz %elif %{defined commit} @@ -137,10 +137,6 @@ Patch: https://github.com/systemd/systemd/pull/26494.patch # https://github.com/coreos/fedora-coreos-tracker/issues/1857 Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch -# Backport of sysusers audit support for -# https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers. -Patch: 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch - # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch %endif @@ -500,6 +496,10 @@ Obsoletes: u2f-hidraw-policy < 1.0.2-40 Conflicts: %{name}-standalone-repart Provides: %{name}-repart = %{version}-%{release} +# Newer versions of those are required to support X11 keycode remapping +Conflicts: xorg-x11-drv-evdev < 2.11.0 +Conflicts: xorg-x11-drv-libinput < 1.5.0 + %if "%{_sbindir}" == "%{_bindir}" # Compat symlinks for Requires in other packages. # We rely on filesystem to create the symlinks for us. @@ -741,7 +741,7 @@ main systemd package and is meant for use in exitrds. %elif %{defined commit} %autosetup -n %{name}-%{commit} -p1 %else -%autosetup -n %{name}-%{version} -p1 +%autosetup -n %{name}-%{version_no_tilde} -p1 %endif # Disable user lockdown until rpm implements it natively. @@ -804,7 +804,6 @@ CONFIGURE_OPTS=( -Dacl=enabled -Dsmack=true -Dopenssl=enabled - -Dcryptolib=openssl -Dp11kit=enabled -Dgcrypt=disabled -Daudit=enabled From 8d1645af7549815a89b8262621be4c95afa4201f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 25 Jul 2025 14:08:10 +0200 Subject: [PATCH 279/327] Use again %{version} when building in OBS %{version_no_tilde} no work. [skip changelog] --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index cbbce96..5911992 100644 --- a/systemd.spec +++ b/systemd.spec @@ -740,6 +740,8 @@ main systemd package and is meant for use in exitrds. %autosetup -n %{name}-%{branch} -p1 %elif %{defined commit} %autosetup -n %{name}-%{commit} -p1 +%elif %{with obs} +%autosetup -n %{name}-%{version} -p1 %else %autosetup -n %{name}-%{version_no_tilde} -p1 %endif From 2ace9416e85dd4759f7c0db4bb79d2bc9302dd77 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 25 Jul 2025 18:05:35 +0200 Subject: [PATCH 280/327] obs: also use version with tilde for Source0 [skip changelog] --- systemd.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 5911992..e15b511 100644 --- a/systemd.spec +++ b/systemd.spec @@ -83,7 +83,9 @@ Summary: System and Service Manager # download tarballs with "spectool -g systemd.spec" # packit will always rewrite the first Source0 it finds, ignoring any conditionals so list # the fallback source that's used if neither %%branch nor %%commit are defined first. -%if %{undefined branch} && %{undefined commit} +%if %{with obs} +Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version}.tar.gz +%elif %{undefined branch} && %{undefined commit} Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %elif %{defined branch} Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz From be7a4d0863f5747ca49396db08fec55397d390c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 6 Aug 2025 08:56:51 +0200 Subject: [PATCH 281/327] Version 258~rc2 --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index f685aed..2cde49e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-258-rc1.tar.gz) = 4dff1d4de6deb085cfa6827208692fe84a3adfe04f048d7a88e6f980ce11afee3cc53f2e7f1bc878480f24a085c0acff84b64c150032dde235a279c742dbff08 +SHA512 (systemd-258-rc2.tar.gz) = d864f756fe3288f09b917498fc1a075abe0708f894ff9e5a8fd9d5204f76437e1539a168f55ef2542af33b6e3e9aba8567d0eadb11b936f57be40d209b678c92 diff --git a/systemd.spec b/systemd.spec index e15b511..2363513 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:258~rc1} +Version: %{?version_override}%{!?version_override:258~rc2} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From 1bdb4efe409c912031dba2e44ba5e2b92875cdb7 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 8 Aug 2025 01:59:13 +0100 Subject: [PATCH 282/327] obs: switch to xz for compression [skip changelog] --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 2363513..740cdd8 100644 --- a/systemd.spec +++ b/systemd.spec @@ -84,7 +84,7 @@ Summary: System and Service Manager # packit will always rewrite the first Source0 it finds, ignoring any conditionals so list # the fallback source that's used if neither %%branch nor %%commit are defined first. %if %{with obs} -Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version}.tar.gz +Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version}.tar.xz %elif %{undefined branch} && %{undefined commit} Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %elif %{defined branch} From 50936458a75224fab9b33c5abbae480d14f9bf16 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 8 Aug 2025 01:59:49 +0100 Subject: [PATCH 283/327] obs: move recipe files in place The RPM recipe files for SUSE and Fedora conflict and cannot be both unpacked at the same time (e.g.: triggers.systemd, systemd.spec, etc). The tarballs creation are unconditional. This means the same project build cannot build for both Fedora and SUSE. All other distros can co-habitate in the same project, so that a single repository checkout, single trigger, single everything is used. By storing the RPM recipe files in a separate directory it means they don't conflict anymore, and they are moved in place in the right recipe at the right time. This allows building fedora/suse/centos/debian/ubuntu/arch from a single project. [skip changelog] --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 740cdd8..50eff92 100644 --- a/systemd.spec +++ b/systemd.spec @@ -743,6 +743,8 @@ main systemd package and is meant for use in exitrds. %elif %{defined commit} %autosetup -n %{name}-%{commit} -p1 %elif %{with obs} +# Recipe files in the OBS build are in a distro-specific dir, as they conflict (e.g. with SUSE ones) +mv %{_sourcedir}/%{name}.fedora/* %{_sourcedir} %autosetup -n %{name}-%{version} -p1 %else %autosetup -n %{name}-%{version_no_tilde} -p1 From 1f5ed0da1f0b235e13a06a23fda53eae0d43a9d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 20 Aug 2025 17:01:17 +0200 Subject: [PATCH 284/327] Version 258~rc3 - A large number of fixes in various components - Hardware database and syscall numbers are updated --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 2cde49e..cc03c85 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-258-rc2.tar.gz) = d864f756fe3288f09b917498fc1a075abe0708f894ff9e5a8fd9d5204f76437e1539a168f55ef2542af33b6e3e9aba8567d0eadb11b936f57be40d209b678c92 +SHA512 (systemd-258-rc3.tar.gz) = 166ea5c16dbacdaff6ab205417a2d43a2df7aad4a69c933453beea3cc9a2ac584b147d4bb4bda00e56d8b7bc3db723a29a1818a53c475b494947a60f8608fbbc diff --git a/systemd.spec b/systemd.spec index 50eff92..4e18207 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:258~rc2} +Version: %{?version_override}%{!?version_override:258~rc3} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From 5acde9f1fd649ae82e9ee38e0be18947197dabec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 26 Aug 2025 15:15:17 +0200 Subject: [PATCH 285/327] Add workaround patch to hopefully pass podman CI tests --- 38724.patch | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++ systemd.spec | 2 ++ 2 files changed, 66 insertions(+) create mode 100644 38724.patch diff --git a/38724.patch b/38724.patch new file mode 100644 index 0000000..c639cd0 --- /dev/null +++ b/38724.patch @@ -0,0 +1,64 @@ +From 5bc3a82e81355a0aa1fd25bb6232145f868fac12 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 26 Aug 2025 15:00:02 +0200 +Subject: [PATCH] debug: disable ioctl(PIDFD_GET_INFO) + +In https://bodhi.fedoraproject.org/updates/FEDORA-2025-a0ce059969 it was +reported that the tests fail: + +> Rootless podman tests all show something like this eventually +> +> OCI runtime error: crun: join keyctl `7509a871d2ab7df6549f5cb5bd2d4daf990cc45c0022f116bd0882966ae53f30`: Disk quota exceeded +> +> Each container creates its own keyring but I assume they get leaked so at one +> point we run our of available keyrings and all following tests fail like +> that. Given I only see this on this update and from looking at the podman +> tests logs it only starts happening after we run a bunch of our own systemd +> services I wonder if systemd maybe leaks keyrings and thus it fails? + +After some very tediuos bisecting, I got the answer that +dcf0ef3f42b0ea12e199540a4088bd582875ddfa is the first bad commit. This doesn't +make much sense. I thought that maybe the answer is wrong somehow, or the fd we +pass in has problems, but everything seems to work correctly. Both +pidfd_get_pid_ioctl and pidfd_get_pid_fdinfo work fine and return the same +answer. Nevertheless, skipping the call to pidfd_get_pid_ioctl makes the +problem go away. + +bisection recipe: +1. compile systemd, systemd-executor, pam_systemd: + $ ninja -C build systemd systemd-executor pam_systemd.so + (Not all intermediate commits compile :) ) +2. use the compiled manager for the user running the tests: + # /etc/systemd/system/user@1000.service.d/override.conf + [Service] + ExecStart= + ExecStart=/home/fedora/src/systemd/build/systemd --user +3. install the new code: + # cp ~fedora/src/systemd/build/pam_systemd.so /usr/lib64/security/ && systemctl restart user@1000 +3. log out and log in again (via ssh) +4. run the test: + $ grep -Ec '[a-f0-9]{64}: empty' /proc/keys && podman run -it fedora date && grep -Ec '[a-f0-9]{64}: empty' /proc/keys + 17 + Tue Aug 26 12:47:44 UTC 2025 + 18 + +It seems that both the pam module and the user manager somehow matter. + +This smells like a kernel bug or some strange race condition. +--- + src/basic/pidfd-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/pidfd-util.c b/src/basic/pidfd-util.c +index 9910819aa79d9..b317be267f445 100644 +--- a/src/basic/pidfd-util.c ++++ b/src/basic/pidfd-util.c +@@ -74,7 +74,7 @@ int pidfd_get_namespace(int fd, unsigned long ns_type_cmd) { + } + + static int pidfd_get_info(int fd, struct pidfd_info *info) { +- static bool cached_supported = true; ++ static bool cached_supported = false; + + assert(fd >= 0); + assert(info); diff --git a/systemd.spec b/systemd.spec index 4e18207..a739a69 100644 --- a/systemd.spec +++ b/systemd.spec @@ -141,6 +141,8 @@ Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch + +Patch: https://github.com/systemd/systemd/pull/38724.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From 2289d65726d86bf523b1d565e274b15d8c978a3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 3 Sep 2025 08:02:02 +0200 Subject: [PATCH 286/327] Fix unit name in scriptlet [80/89] Installing systemd-udev-0:258~rc3-1.fc44.x86_64 >>> Running %post scriptlet: systemd-udev-0:258~rc3-1.fc44.x86_64 >>> Finished %post scriptlet: systemd-udev-0:258~rc3-1.fc44.x86_64 >>> Scriptlet output: >>> Failed to preset unit: Unit system-systemdx2dcryptsetup.slice does not exist --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index a739a69..8ec0b31 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1240,8 +1240,8 @@ systemctl --no-reload preset systemd-journald-audit.socket &>/dev/null || : sleep.target suspend-then-hibernate.target suspend.target - system-systemd\x2dcryptsetup.slice - system-systemd\x2dveritysetup.slice + system-systemd\\x2dcryptsetup.slice + system-systemd\\x2dveritysetup.slice systemd-backlight@.service systemd-binfmt.service systemd-bless-boot.service From 327e54e42196c4ed3d0655b40aabed492c75e2bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 4 Sep 2025 13:56:28 +0200 Subject: [PATCH 287/327] Add to patch to create userdb root directory with correct label The upstream PR was closed with the intent to force the SELinux policy to be updated instead. While we're waiting for that to happen, include the patch here. --- 38769.patch | 42 ++++++++++++++++++++++++++++++++++++++++++ systemd.spec | 4 ++++ 2 files changed, 46 insertions(+) create mode 100644 38769.patch diff --git a/38769.patch b/38769.patch new file mode 100644 index 0000000..35b50e4 --- /dev/null +++ b/38769.patch @@ -0,0 +1,42 @@ +From e4e1e425394dcef01317c42b34c133768c26b765 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Sat, 30 Aug 2025 13:55:56 +0200 +Subject: [PATCH] core: create userdb root directory with correct label + +Set up the /run/systemd/userdb directory with the default SELinux context +on creation. + +With version 257.7-1 on Debian the directory was automatically created with the +correct label. Starting with version 258 (only tested with 258~rc3-1) it no +longer is. Regression introduced in 736349958efe34089131ca88950e2e5bb391d36a. + +[zjs: edited the patch to apply comments from review and update the description.] +--- + src/core/varlink.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/core/varlink.c b/src/core/varlink.c +index 8c6b95e31d1d5..110b281842373 100644 +--- a/src/core/varlink.c ++++ b/src/core/varlink.c +@@ -6,6 +6,7 @@ + #include "errno-util.h" + #include "json-util.h" + #include "manager.h" ++#include "mkdir-label.h" + #include "path-util.h" + #include "pidref.h" + #include "string-util.h" +@@ -424,7 +425,11 @@ static int manager_varlink_init_system(Manager *m) { + if (!fresh && varlink_server_contains_socket(m->varlink_server, address)) + continue; + +- r = sd_varlink_server_listen_address(m->varlink_server, address, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); ++ r = mkdir_parents_label(address, 0755); ++ if (r < 0) ++ log_warning_errno(r, "Failed to create parent directory of '%s', ignoring: %m", address); ++ ++ r = sd_varlink_server_listen_address(m->varlink_server, address, 0666); + if (r < 0) + return log_error_errno(r, "Failed to bind to varlink socket '%s': %m", address); + } diff --git a/systemd.spec b/systemd.spec index 8ec0b31..cf580d0 100644 --- a/systemd.spec +++ b/systemd.spec @@ -143,6 +143,10 @@ Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch Patch: https://github.com/systemd/systemd/pull/30846.patch Patch: https://github.com/systemd/systemd/pull/38724.patch + +# userdb: create userdb root directory with correct label +# We can drop this after SELinux policy is updated to handle the transition. +Patch: https://github.com/systemd/systemd/pull/38769.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From b442086d5fc7c7a478be064ab380a50fed9b9c86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 5 Sep 2025 15:14:21 +0200 Subject: [PATCH 288/327] Version 258~rc4 --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index cc03c85..b6fda1a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-258-rc3.tar.gz) = 166ea5c16dbacdaff6ab205417a2d43a2df7aad4a69c933453beea3cc9a2ac584b147d4bb4bda00e56d8b7bc3db723a29a1818a53c475b494947a60f8608fbbc +SHA512 (systemd-258-rc4.tar.gz) = 2fa7e0b9e7deb449ecd4fd6e8a22b5cf896ac5662f3ac3ca04db34254d6fb6409582f996ad7fa065939241377268f9742e3ff3b75e9f55f98e3a6c48058d323a diff --git a/systemd.spec b/systemd.spec index cf580d0..edc747f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:258~rc3} +Version: %{?version_override}%{!?version_override:258~rc4} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From cceac934914337911c799174ac9dd96c881d5f66 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 12 Sep 2025 10:36:06 +0200 Subject: [PATCH 289/327] Pre-create /etc/userdb directory An admin can create users in this directory instead of /etc/passwd. As the .user file can contain hashed password, only root should be able to read the files. --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index edc747f..0ecedf4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1005,6 +1005,7 @@ touch %{buildroot}%{_sysconfdir}/machine-info touch %{buildroot}%{_sysconfdir}/localtime mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d touch %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/00-keyboard.conf +install -d -m 0700 %{buildroot}%{_sysconfdir}/userdb # Make sure the shutdown/sleep drop-in dirs exist mkdir -p %{buildroot}%{pkgdir}/system-shutdown/ From 8a446daec74122d234c39b7571dc50d3935ef6f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 17 Sep 2025 15:29:03 +0200 Subject: [PATCH 290/327] =?UTF-8?q?Version=20258=20=F0=9F=92=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - See https://raw.githubusercontent.com/systemd/systemd/v258/NEWS for the final list of changes. --- sources | 2 +- systemd.spec | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/sources b/sources index b6fda1a..68b70a3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-258-rc4.tar.gz) = 2fa7e0b9e7deb449ecd4fd6e8a22b5cf896ac5662f3ac3ca04db34254d6fb6409582f996ad7fa065939241377268f9742e3ff3b75e9f55f98e3a6c48058d323a +SHA512 (systemd-258.tar.gz) = c488354da1c170ad02e10926f561d1985c3c3393fec878562f295ef764fdf3a1b2877c3b2549253f19bf23e357be6e443a50b937f60f4677f286d3402d611b85 diff --git a/systemd.spec b/systemd.spec index 0ecedf4..04fcf73 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:258~rc4} +Version: %{?version_override}%{!?version_override:258} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif @@ -142,6 +142,7 @@ Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch +# Workaround for a kernel issue. Fixed in kernel-core-6.17.0-0.rc3.31.fc44.x86_64. Patch: https://github.com/systemd/systemd/pull/38724.patch # userdb: create userdb root directory with correct label From 88877a418450c16c1c85c680687da05f403af7bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 27 Sep 2025 14:37:48 +0300 Subject: [PATCH 291/327] Require systemd-networkd and systemd-udev to be in the same version ... (rhbz#2397579) In https://bugzilla.redhat.com/show_bug.cgi?id=2397579 users are doing a partial upgrade (seemingly) and that fails because of a file conflict. Add Conflicts to prevent such partial upgrades. --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 04fcf73..c1a8f7e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -469,6 +469,7 @@ Conflicts: systemd-timesyncd < %{version}-%{release} Obsoletes: systemd-timesyncd < %{version}-%{release} Provides: systemd-timesyncd = %{version}-%{release} %endif +Conflicts: systemd-networkd < %{version}-%{release} # Libkmod is used to load modules. Assume that if we need udevd, we certainly # want to load modules, so make this into a hard dependency here. @@ -643,6 +644,7 @@ systemd-journal-upload. Summary: System daemon that manages network configurations Requires: %{name}%{_isa} = %{version}-%{release} %{?fedora:Recommends: %{name}-udev = %{version}-%{release}} +Conflicts: systemd-udev < %{version}-%{release} License: LGPL-2.1-or-later %description networkd From a3e9e2798227f4811f4953204ae5e631ea1d9442 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 27 Sep 2025 14:40:28 +0300 Subject: [PATCH 292/327] Change '%{systemd}' to systemd in Conflicts/Provides/Requires/Recommends MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We were using both styles… Having a macro creates some mental overhead for little gain. Switch to the fixed string everywhere. [skip changelog] --- systemd.spec | 78 ++++++++++++++++++++++++++-------------------------- 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/systemd.spec b/systemd.spec index c1a8f7e..56933ed 100644 --- a/systemd.spec +++ b/systemd.spec @@ -274,16 +274,16 @@ Requires(post): grep # systemd-machine-id-setup requires libssl Requires(post): openssl-libs Requires: dbus >= 1.9.18 -Requires: %{name}-pam%{_isa} = %{version}-%{release} -Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) -Requires: %{name}-libs%{_isa} = %{version}-%{release} -%{?fedora:Recommends: %{name}-networkd = %{version}-%{release}} -%{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} -Requires: %{name}-shared%{_isa} = %{version}-%{release} +Requires: systemd-pam%{_isa} = %{version}-%{release} +Requires(meta): (systemd-rpm-macros = %{version}-%{release} if rpm-build) +Requires: systemd-libs%{_isa} = %{version}-%{release} +%{?fedora:Recommends: systemd-networkd = %{version}-%{release}} +%{?fedora:Recommends: systemd-resolved = %{version}-%{release}} +Requires: systemd-shared%{_isa} = %{version}-%{release} Requires: /usr/bin/systemd-sysusers # The standalone version doesn't Provide the _isa suffix, # so this biases towards the common version. -Recommends: %{name}-sysusers%{_isa} = %{version}-%{release} +Recommends: systemd-sysusers%{_isa} = %{version}-%{release} Recommends: diffutils Requires: (util-linux-core or util-linux) Requires: (libbpf >= 2:1.4.7 if libbpf) @@ -316,10 +316,10 @@ Conflicts: dracut < 060-2 Conflicts: dracut < 059-16 %endif -Conflicts: %{name}-standalone-tmpfiles -Provides: %{name}-tmpfiles = %{version}-%{release} -Conflicts: %{name}-standalone-shutdown -Provides: %{name}-shutdown = %{version}-%{release} +Conflicts: systemd-standalone-tmpfiles +Provides: systemd-tmpfiles = %{version}-%{release} +Conflicts: systemd-standalone-shutdown +Provides: systemd-shutdown = %{version}-%{release} %if "%{_sbindir}" == "%{_bindir}" # Compat symlinks for Requires in other packages. @@ -398,14 +398,14 @@ License: LGPL-2.1-or-later AND MIT # in 257.3-6 /usr/lib64/systemd/libsystemd-shared-257.2-14.fc42.so # was moved from package systemd to systemd-shared. # Add a conflit to allow downgrades across this change. -Conflicts: %{name} < 257.3-6 +Conflicts: systemd < 257.3-6 %description shared Internal libraries used by various systemd binaries. %package pam Summary: systemd PAM module -Requires: %{name} = %{version}-%{release} +Requires: systemd = %{version}-%{release} %description pam Systemd PAM module registers the session with systemd-logind. @@ -423,11 +423,11 @@ for information how to use those macros. %package sysusers Summary: systemd-sysusers program -Requires: %{name}-shared%{_isa} = %{version}-%{release} -Conflicts: %{name}-standalone-sysusers +Requires: systemd-shared%{_isa} = %{version}-%{release} +Conflicts: systemd-standalone-sysusers # in 257.3-6 /usr/bin/systemd-sysusers was moved from package systemd # to systemd-sysusers. Add a conflit to allow downgrades across this change. -Conflicts: %{name} < 257.3-6 +Conflicts: systemd < 257.3-6 %description sysusers This package contains the systemd-sysusers program. @@ -435,8 +435,8 @@ This package contains the systemd-sysusers program. %package devel Summary: Development headers for systemd License: LGPL-2.1-or-later AND MIT -Requires: %{name}-libs%{_isa} = %{version}-%{release} -Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) +Requires: systemd-libs%{_isa} = %{version}-%{release} +Requires(meta): (systemd-rpm-macros = %{version}-%{release} if rpm-build) Provides: libudev-devel = %{version} Provides: libudev-devel%{_isa} = %{version} @@ -503,8 +503,8 @@ Requires: kbd Provides: u2f-hidraw-policy = 1.0.2-40 Obsoletes: u2f-hidraw-policy < 1.0.2-40 -Conflicts: %{name}-standalone-repart -Provides: %{name}-repart = %{version}-%{release} +Conflicts: systemd-standalone-repart +Provides: systemd-repart = %{version}-%{release} # Newer versions of those are required to support X11 keycode remapping Conflicts: xorg-x11-drv-evdev < 2.11.0 @@ -529,7 +529,7 @@ machine, and to create or grow partitions and make file systems automatically. %package ukify Summary: Tool to build Unified Kernel Images -Requires: %{name} = %{noarch_requires_version} +Requires: systemd = %{noarch_requires_version} Requires: (systemd-boot if %{shrink:( filesystem(x86-32) or @@ -602,7 +602,7 @@ This package contains the signed version. %package container # Name is the same as in Debian Summary: Tools for containers and VMs -Requires: %{name}%{_isa} = %{version}-%{release} +Requires: systemd%{_isa} = %{version}-%{release} Requires(post): systemd%{_isa} = %{version}-%{release} Requires(preun): systemd%{_isa} = %{version}-%{release} Requires(postun): systemd%{_isa} = %{version}-%{release} @@ -625,11 +625,11 @@ systemd-machined, and systemd-importd. %package journal-remote # Name is the same as in Debian Summary: Tools to send journal events over the network -Requires: %{name}%{_isa} = %{version}-%{release} +Requires: systemd%{_isa} = %{version}-%{release} License: LGPL-2.1-or-later Requires: firewalld-filesystem -Provides: %{name}-journal-gateway = %{version}-%{release} -Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} +Provides: systemd-journal-gateway = %{version}-%{release} +Provides: systemd-journal-gateway%{_isa} = %{version}-%{release} # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) Suggests: libcurl-minimal @@ -642,8 +642,8 @@ systemd-journal-upload. %package networkd Summary: System daemon that manages network configurations -Requires: %{name}%{_isa} = %{version}-%{release} -%{?fedora:Recommends: %{name}-udev = %{version}-%{release}} +Requires: systemd%{_isa} = %{version}-%{release} +%{?fedora:Recommends: systemd-udev = %{version}-%{release}} Conflicts: systemd-udev < %{version}-%{release} License: LGPL-2.1-or-later @@ -654,7 +654,7 @@ devices. %package networkd-defaults Summary: Configure network interfaces with networkd by default -Requires: %{name}-networkd = %{noarch_requires_version} +Requires: systemd-networkd = %{noarch_requires_version} License: MIT-0 BuildArch: noarch @@ -665,7 +665,7 @@ enabled for this to have any effect. %package resolved Summary: Network Name Resolution manager -Requires: %{name}%{_isa} = %{version}-%{release} +Requires: systemd%{_isa} = %{version}-%{release} Requires: libidn2.so.0%{?elf_suffix} Requires: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} Requires(posttrans): grep @@ -677,7 +677,7 @@ resolver, as well as an LLMNR and MulticastDNS resolver and responder. %package oomd-defaults Summary: Configuration files for systemd-oomd -Requires: %{name}-udev = %{noarch_requires_version} +Requires: systemd-udev = %{noarch_requires_version} License: LGPL-2.1-or-later BuildArch: noarch @@ -687,10 +687,10 @@ a userspace out-of-memory (OOM) killer. %package tests Summary: Internal unit tests for systemd -Requires: %{name}%{_isa} = %{version}-%{release} +Requires: systemd%{_isa} = %{version}-%{release} # This dependency is provided transitively. Also add it explicitly to # appease rpminspect, https://github.com/rpminspect/rpminspect/issues/1231: -Requires: %{name}-libs%{_isa} = %{version}-%{release} +Requires: systemd-libs%{_isa} = %{version}-%{release} Requires: python3dist(psutil) License: LGPL-2.1-or-later @@ -701,8 +701,8 @@ Different binaries test different parts of the codebase. %package standalone-repart Summary: Standalone systemd-repart binary for use on systems without systemd -Provides: %{name}-repart = %{version}-%{release} -Conflicts: %{name}-udev +Provides: systemd-repart = %{version}-%{release} +Conflicts: systemd-udev Suggests: coreutils-single RemovePathPostfixes: .standalone @@ -713,8 +713,8 @@ main systemd package and is meant for use on systems without systemd. %package standalone-tmpfiles Summary: Standalone systemd-tmpfiles binary for use on systems without systemd -Provides: %{name}-tmpfiles = %{version}-%{release} -Conflicts: %{name} +Provides: systemd-tmpfiles = %{version}-%{release} +Conflicts: systemd Suggests: coreutils-single RemovePathPostfixes: .standalone @@ -725,7 +725,7 @@ main systemd package and is meant for use on systems without systemd. %package standalone-sysusers Summary: Standalone systemd-sysusers binary for use on systems without systemd -Provides: %{name}-sysusers = %{version}-%{release} +Provides: systemd-sysusers = %{version}-%{release} Suggests: coreutils-single RemovePathPostfixes: .standalone @@ -736,8 +736,8 @@ main systemd package and is meant for use on systems without systemd. %package standalone-shutdown Summary: Standalone systemd-shutdown binary for use in exitrds -Provides: %{name}-shutdown = %{version}-%{release} -Conflicts: %{name} +Provides: systemd-shutdown = %{version}-%{release} +Conflicts: systemd Suggests: coreutils-single RemovePathPostfixes: .standalone From 593a204189b195d530f5cc643465c7711dac7acf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 13 Oct 2025 17:09:52 +0200 Subject: [PATCH 293/327] Version 258.1 - This is the first (large) batch of fixes after v258: - fixes for boot loader and early boot code - fixes for systemd itself, systemd-udevd, systemd-logind, systemd-machined, and library code - unprivileged operation in systemd-machined is disabled for now - lots of documentation and shell-completion fixes - includes an hwdb update --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 68b70a3..6b4fe22 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-258.tar.gz) = c488354da1c170ad02e10926f561d1985c3c3393fec878562f295ef764fdf3a1b2877c3b2549253f19bf23e357be6e443a50b937f60f4677f286d3402d611b85 +SHA512 (systemd-258.1.tar.gz) = 0fd62724d4b9cc0789445f3072a7052f52533e2a928cb4a6c3d7375169d087f9cc3941f37c9f208c870042f4e32d90a17cfbb96930a31ac875b41aa7efac8f53 diff --git a/systemd.spec b/systemd.spec index 56933ed..1387788 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:258} +Version: %{?version_override}%{!?version_override:258.1} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From db38445a7ec7e885b070727cc489586e2e67ef21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 13 Oct 2025 17:15:42 +0200 Subject: [PATCH 294/327] Drop two patches with workaround (selinux, kernel) --- ...-PrivateTmp-disconnected-instead-of-.patch | 69 ------------------- 38724.patch | 64 ----------------- systemd.spec | 10 +-- 3 files changed, 1 insertion(+), 142 deletions(-) delete mode 100644 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch delete mode 100644 38724.patch diff --git a/0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch b/0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch deleted file mode 100644 index eca67f0..0000000 --- a/0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 0792bb7a9d25a1ab8a5f208f2f5cea8a362dc1c6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 10 Jan 2025 17:00:08 +0100 -Subject: [PATCH] Revert "units: use PrivateTmp=disconnected instead of 'yes' - if DefaultDependencies=no" - -This reverts commit 1f6e1928488d461d19fd1e4b4d645b0ea5ea8bf5. ---- - units/systemd-coredump@.service.in | 2 +- - units/systemd-oomd.service.in | 2 +- - units/systemd-resolved.service.in | 2 +- - units/systemd-timesyncd.service.in | 2 +- - 4 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in -index c74dc7a5a1..fa3206d07b 100644 ---- a/units/systemd-coredump@.service.in -+++ b/units/systemd-coredump@.service.in -@@ -26,7 +26,7 @@ NoNewPrivileges=yes - OOMScoreAdjust=500 - PrivateDevices=yes - PrivateNetwork=yes --PrivateTmp=disconnected -+PrivateTmp=yes - ProtectControlGroups=yes - ProtectHome=read-only - ProtectHostname=yes -diff --git a/units/systemd-oomd.service.in b/units/systemd-oomd.service.in -index 670d5e6140..82bd6245f8 100644 ---- a/units/systemd-oomd.service.in -+++ b/units/systemd-oomd.service.in -@@ -37,7 +37,7 @@ MemoryLow=64M - NoNewPrivileges=yes - OOMScoreAdjust=-900 - PrivateDevices=yes --PrivateTmp=disconnected -+PrivateTmp=yes - ProtectClock=yes - ProtectHome=yes - ProtectHostname=yes -diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in -index e181b2528a..4aa0788ac4 100644 ---- a/units/systemd-resolved.service.in -+++ b/units/systemd-resolved.service.in -@@ -29,7 +29,7 @@ LockPersonality=yes - MemoryDenyWriteExecute=yes - NoNewPrivileges=yes - PrivateDevices=yes --PrivateTmp=disconnected -+PrivateTmp=yes - ProtectClock=yes - ProtectControlGroups=yes - ProtectHome=yes -diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in -index 835d6327e7..cf233fbffd 100644 ---- a/units/systemd-timesyncd.service.in -+++ b/units/systemd-timesyncd.service.in -@@ -31,7 +31,7 @@ LockPersonality=yes - MemoryDenyWriteExecute=yes - NoNewPrivileges=yes - PrivateDevices=yes --PrivateTmp=disconnected -+PrivateTmp=yes - ProtectProc=invisible - ProtectControlGroups=yes - ProtectHome=yes --- -2.47.1 - diff --git a/38724.patch b/38724.patch deleted file mode 100644 index c639cd0..0000000 --- a/38724.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 5bc3a82e81355a0aa1fd25bb6232145f868fac12 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 26 Aug 2025 15:00:02 +0200 -Subject: [PATCH] debug: disable ioctl(PIDFD_GET_INFO) - -In https://bodhi.fedoraproject.org/updates/FEDORA-2025-a0ce059969 it was -reported that the tests fail: - -> Rootless podman tests all show something like this eventually -> -> OCI runtime error: crun: join keyctl `7509a871d2ab7df6549f5cb5bd2d4daf990cc45c0022f116bd0882966ae53f30`: Disk quota exceeded -> -> Each container creates its own keyring but I assume they get leaked so at one -> point we run our of available keyrings and all following tests fail like -> that. Given I only see this on this update and from looking at the podman -> tests logs it only starts happening after we run a bunch of our own systemd -> services I wonder if systemd maybe leaks keyrings and thus it fails? - -After some very tediuos bisecting, I got the answer that -dcf0ef3f42b0ea12e199540a4088bd582875ddfa is the first bad commit. This doesn't -make much sense. I thought that maybe the answer is wrong somehow, or the fd we -pass in has problems, but everything seems to work correctly. Both -pidfd_get_pid_ioctl and pidfd_get_pid_fdinfo work fine and return the same -answer. Nevertheless, skipping the call to pidfd_get_pid_ioctl makes the -problem go away. - -bisection recipe: -1. compile systemd, systemd-executor, pam_systemd: - $ ninja -C build systemd systemd-executor pam_systemd.so - (Not all intermediate commits compile :) ) -2. use the compiled manager for the user running the tests: - # /etc/systemd/system/user@1000.service.d/override.conf - [Service] - ExecStart= - ExecStart=/home/fedora/src/systemd/build/systemd --user -3. install the new code: - # cp ~fedora/src/systemd/build/pam_systemd.so /usr/lib64/security/ && systemctl restart user@1000 -3. log out and log in again (via ssh) -4. run the test: - $ grep -Ec '[a-f0-9]{64}: empty' /proc/keys && podman run -it fedora date && grep -Ec '[a-f0-9]{64}: empty' /proc/keys - 17 - Tue Aug 26 12:47:44 UTC 2025 - 18 - -It seems that both the pam module and the user manager somehow matter. - -This smells like a kernel bug or some strange race condition. ---- - src/basic/pidfd-util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/pidfd-util.c b/src/basic/pidfd-util.c -index 9910819aa79d9..b317be267f445 100644 ---- a/src/basic/pidfd-util.c -+++ b/src/basic/pidfd-util.c -@@ -74,7 +74,7 @@ int pidfd_get_namespace(int fd, unsigned long ns_type_cmd) { - } - - static int pidfd_get_info(int fd, struct pidfd_info *info) { -- static bool cached_supported = true; -+ static bool cached_supported = false; - - assert(fd >= 0); - assert(info); diff --git a/systemd.spec b/systemd.spec index 1387788..5bbc38d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -133,18 +133,10 @@ Patch: https://github.com/systemd/systemd/pull/26494.patch %if %{without upstream} # Those are downstream-only patches, but we don't want them in packit builds. -# Temporarily drop use of PrivateTmp=disconnected. This is causing failures -# in various places: -# https://bugzilla.redhat.com/show_bug.cgi?id=2334015 -# https://github.com/coreos/fedora-coreos-tracker/issues/1857 -Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch - +# Create user journals for users with high UIDs # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch -# Workaround for a kernel issue. Fixed in kernel-core-6.17.0-0.rc3.31.fc44.x86_64. -Patch: https://github.com/systemd/systemd/pull/38724.patch - # userdb: create userdb root directory with correct label # We can drop this after SELinux policy is updated to handle the transition. Patch: https://github.com/systemd/systemd/pull/38769.patch From 79c9db1bc8f2f0c95cc8af38c5b495c815778b2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 15 Oct 2025 13:54:29 +0200 Subject: [PATCH 295/327] Require systemd-libs and systemd-shared to be in the same version ... (rhbz#2404143) --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 5bbc38d..166d95b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -380,6 +380,7 @@ Summary: systemd libraries License: LGPL-2.1-or-later AND MIT Provides: nss-myhostname = 0.4 Provides: nss-myhostname%{_isa} = 0.4 +Conflicts: systemd-shared < %{version}-%{release} %description libs Libraries for systemd and udev. @@ -391,6 +392,7 @@ License: LGPL-2.1-or-later AND MIT # was moved from package systemd to systemd-shared. # Add a conflit to allow downgrades across this change. Conflicts: systemd < 257.3-6 +Conflicts: systemd-libs < %{version}-%{release} %description shared Internal libraries used by various systemd binaries. From 2e1a6c7474502ca63c677cd7070b6e13e6329057 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Zaoral?= Date: Mon, 20 Oct 2025 16:00:31 +0200 Subject: [PATCH 296/327] Require python3-zstandard in ELN Related: https://issues.redhat.com/browse/RHEL-103523 --- systemd.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 166d95b..be35a41 100644 --- a/systemd.spec +++ b/systemd.spec @@ -532,9 +532,7 @@ Requires: (systemd-boot if %{shrink:( filesystem(riscv64) )}) Requires: python3dist(pefile) -%if 0%{?fedora} Requires: python3dist(zstandard) -%endif Requires: python3dist(cryptography) %if 0%{?fedora} Recommends: python3dist(pillow) From f8932309d95f37b0f81c54a8d38010ced60ae99b Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 21 Oct 2025 13:06:49 +0200 Subject: [PATCH 297/327] Drop backwards compat logic from integration tests script --- plans/run-integration-tests.sh | 60 ++++++++-------------------------- 1 file changed, 14 insertions(+), 46 deletions(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 9a90fa7..46ea433 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -17,9 +17,9 @@ sysctl fs.inotify.max_user_watches=65536 || true sysctl fs.inotify.max_user_instances=1024 || true if [[ -n "${KOJI_TASK_ID:-}" ]]; then - koji download-task --noprogress --arch="src,noarch,$(rpm --eval '%{_arch}')" "$KOJI_TASK_ID" + koji download-task --noprogress --arch="noarch,$(rpm --eval '%{_arch}')" "$KOJI_TASK_ID" elif [[ -n "${CBS_TASK_ID:-}" ]]; then - cbs download-task --noprogress --arch="src,noarch,$(rpm --eval '%{_arch}')" "$CBS_TASK_ID" + cbs download-task --noprogress --arch="noarch,$(rpm --eval '%{_arch}')" "$CBS_TASK_ID" elif [[ -n "${PACKIT_SRPM_URL:-}" ]]; then COPR_BUILD_ID="$(basename "$(dirname "$PACKIT_SRPM_URL")")" COPR_CHROOT="$(basename "$(dirname "$(dirname "$PACKIT_BUILD_LOG_URL")")")" @@ -32,21 +32,12 @@ fi PACKAGEDIR="$PWD" -# TODO: Remove fallback once v257.6 is released. Also stop downloading source rpms then. - # This will match both the regular and the debuginfo rpm so make sure we select only the # non-debuginfo rpm. RPMS=(systemd-tests-*.rpm) rpm2cpio "${RPMS[0]}" | cpio --make-directories --extract -if [[ -d usr/lib/systemd/tests/mkosi ]]; then - pushd usr/lib/systemd/tests - mkosi_hash="$(grep "MinimumVersion=commit:" mkosi/mkosi.conf | sed "s|MinimumVersion=commit:||g")" -else - mkdir systemd - rpm2cpio systemd-*.src.rpm | cpio --to-stdout --extract './*.tar.gz' | tar xz --strip-components=1 -C systemd - pushd systemd - mkosi_hash="$(grep systemd/mkosi@ .github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" -fi +pushd usr/lib/systemd/tests +mkosi_hash="$(grep "MinimumVersion=commit:" mkosi/mkosi.conf | sed "s|MinimumVersion=commit:||g")" # Now prepare mkosi at the same version required by the systemd repo. git clone https://github.com/systemd/mkosi /var/tmp/systemd-integration-tests-mkosi @@ -57,13 +48,7 @@ export PATH="/var/tmp/systemd-integration-tests-mkosi/bin:$PATH" # shellcheck source=/dev/null . /etc/os-release || . /usr/lib/os-release -if [[ -d mkosi ]]; then - LOCAL_CONF=mkosi/mkosi.local.conf -else - LOCAL_CONF=mkosi.local.conf -fi - -tee "$LOCAL_CONF" < Date: Thu, 23 Oct 2025 20:40:58 +0200 Subject: [PATCH 298/327] Require systemd-rpm-macros for build We use our own macros. They get pulled into the buildroot in Fedora builds, but we shouldn't rely on this. In OBS builds, they are not pulled in and the build fails. --- systemd.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systemd.spec b/systemd.spec index be35a41..f1a8d6c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -161,6 +161,9 @@ BuildRequires: libselinux-devel BuildRequires: audit-libs-devel %if %{without bootstrap} BuildRequires: cryptsetup-devel +# Require (previous version) of our macros package. +# We use the %%systemd_{post,preun,…} macros for various services. +BuildRequires: systemd-rpm-macros %endif BuildRequires: dbus-devel BuildRequires: util-linux From ea1d871ecd6c2fe063523840c1e4cf9bcf200e32 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 29 Oct 2025 10:32:12 +0100 Subject: [PATCH 299/327] Add missing networkd socket units systemd-networkd-resolve-hook.socket will be introduced by https://github.com/systemd/systemd/pull/39293 but we need the spec to handle the socket for the upgrade/downgrade test to pass so adding it early behind the upstream bcond. --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index f1a8d6c..b433af5 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1374,6 +1374,8 @@ fi %global networkd_services %{shrink: systemd-networkd.service systemd-networkd.socket + systemd-networkd-varlink.socket + %[%{with upstream}?"systemd-networkd-resolve-hook.socket":""] systemd-networkd-wait-online.service systemd-network-generator.service systemd-networkd-persistent-storage.service From 1d3b89210552dcc25f89519045fb54439176ac25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 23 Oct 2025 23:36:16 +0200 Subject: [PATCH 300/327] Enable sysupdate and sysupdated The files will land in the -udev subpackage. --- split-files.py | 1 + systemd.spec | 2 ++ 2 files changed, 3 insertions(+) diff --git a/split-files.py b/split-files.py index 8405956..38bde60 100644 --- a/split-files.py +++ b/split-files.py @@ -245,6 +245,7 @@ for file in files(buildroot): sysctl| coredump| homed|home1| + sysupdate|updatctl| oomd| portabled|portable1 ''', n, re.X): # coredumpctl, homectl, portablectl are included in the main package because diff --git a/systemd.spec b/systemd.spec index b433af5..9e756a3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -832,6 +832,8 @@ CONFIGURE_OPTS=( -Dlibfido2=enabled -Dxenctrl=%[0%{?have_xen}?"enabled":"disabled"] -Defi=true + -Dsysupdate=enabled + -Dsysupdated=enabled -Dtpm=true -Dtpm2=enabled -Dhwdb=true From dffbf2beba916ad79eeb2ccff9768ab48855a2eb Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 3 Nov 2025 11:17:40 +0100 Subject: [PATCH 301/327] Make sure fallback source is listed first 2ace9416e85dd4759f7c0db4bb79d2bc9302dd77 broke packit as the fallback url wasn't listed first anymore. Make sure the fallback URL is listed first again as clearly documented just above the conditionals. --- systemd.spec | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index 9e756a3..ce57011 100644 --- a/systemd.spec +++ b/systemd.spec @@ -82,15 +82,15 @@ Summary: System and Service Manager # download tarballs with "spectool -g systemd.spec" # packit will always rewrite the first Source0 it finds, ignoring any conditionals so list -# the fallback source that's used if neither %%branch nor %%commit are defined first. -%if %{with obs} -Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version}.tar.xz -%elif %{undefined branch} && %{undefined commit} +# the fallback source that's used if neither %%branch, %%commit or %%obs are defined first. +%if %{undefined branch} && %{undefined commit} && %{without obs} Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %elif %{defined branch} Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz %elif %{defined commit} Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{commit}.tar.gz +%elif %{with obs} +Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version}.tar.xz %endif # This file must be available before %%prep. # It is generated during systemd build and can be found at build/src/rpm/triggers.systemd.sh. From 8e2833a5b64f7e2ce62ea0a2d0ec9e393e718dfa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Nov 2025 12:08:50 +0100 Subject: [PATCH 302/327] Automatically figure out the name of the top-level tar dir --- systemd.spec | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/systemd.spec b/systemd.spec index ce57011..fcb9a44 100644 --- a/systemd.spec +++ b/systemd.spec @@ -742,18 +742,15 @@ library or other libraries from systemd-libs. This package conflicts with the main systemd package and is meant for use in exitrds. %prep -%if %{defined branch} -%autosetup -n %{name}-%{branch} -p1 -%elif %{defined commit} -%autosetup -n %{name}-%{commit} -p1 -%elif %{with obs} +%if %{with obs} # Recipe files in the OBS build are in a distro-specific dir, as they conflict (e.g. with SUSE ones) mv %{_sourcedir}/%{name}.fedora/* %{_sourcedir} -%autosetup -n %{name}-%{version} -p1 -%else -%autosetup -n %{name}-%{version_no_tilde} -p1 %endif +# Automatically figure out the name of the top-level directory. +# rpm really should do this automatically. +%autosetup -n %(tar -tf %{SOURCE0} | head -n1) -p1 + # Disable user lockdown until rpm implements it natively. # https://github.com/rpm-software-management/rpm/issues/3450 sed -r -i 's/^u!/u/' sysusers.d/*.conf* From fe18084a0583d134e424d70acb341860e69e8540 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 3 Nov 2025 14:33:02 +0100 Subject: [PATCH 303/327] Remove hack to stop systemd-networkd-resolve-hook.socket This didn't end up working, so drop the hack as we have a better fix coming up in https://github.com/systemd/systemd/pull/39415. --- systemd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index fcb9a44..24abac1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1374,7 +1374,6 @@ fi systemd-networkd.service systemd-networkd.socket systemd-networkd-varlink.socket - %[%{with upstream}?"systemd-networkd-resolve-hook.socket":""] systemd-networkd-wait-online.service systemd-network-generator.service systemd-networkd-persistent-storage.service From b17d9c3474f6cd4c07e01ffdfedf6a93c157d859 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 4 Nov 2025 16:18:12 +0100 Subject: [PATCH 304/327] Use %autosetup -C This is supported since rpm 4.20 but not advertised much. --- systemd.spec | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index 24abac1..3356f27 100644 --- a/systemd.spec +++ b/systemd.spec @@ -747,9 +747,7 @@ main systemd package and is meant for use in exitrds. mv %{_sourcedir}/%{name}.fedora/* %{_sourcedir} %endif -# Automatically figure out the name of the top-level directory. -# rpm really should do this automatically. -%autosetup -n %(tar -tf %{SOURCE0} | head -n1) -p1 +%autosetup -C -p1 # Disable user lockdown until rpm implements it natively. # https://github.com/rpm-software-management/rpm/issues/3450 From 256463d69051665ea25d584a35ea817f94e18a41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 5 Nov 2025 17:55:32 +0100 Subject: [PATCH 305/327] Restore runlevelX.target units ... (rhbz#2411195) --- ...vert-units-drop-runlevel-0-6-.target.patch | 87 +++++++++++++++++++ systemd.spec | 4 + 2 files changed, 91 insertions(+) create mode 100644 0001-Revert-units-drop-runlevel-0-6-.target.patch diff --git a/0001-Revert-units-drop-runlevel-0-6-.target.patch b/0001-Revert-units-drop-runlevel-0-6-.target.patch new file mode 100644 index 0000000..4180211 --- /dev/null +++ b/0001-Revert-units-drop-runlevel-0-6-.target.patch @@ -0,0 +1,87 @@ +From 27f4f96c4e56744ecbffec0595236e1441278804 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 5 Nov 2025 17:52:16 +0100 +Subject: [PATCH] Revert "units: drop runlevel[0-6].target" + +This partially reverts commit e58ba80a40fb6e96543d56774a5bc5aa9cdadbf3. +The unit are still needed for compat. +--- + units/meson.build | 27 ++++++++++++++++++++++----- + 1 file changed, 22 insertions(+), 5 deletions(-) + +diff --git a/units/meson.build b/units/meson.build +index 4f47a3b2bd..34b3222f11 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -1,5 +1,7 @@ + # SPDX-License-Identifier: LGPL-2.1-or-later + ++with_runlevels = conf.get('HAVE_SYSV_COMPAT') == 1 ++ + units = [ + { 'file' : 'basic.target' }, + { 'file' : 'blockdev@.target' }, +@@ -49,7 +51,7 @@ units = [ + }, + { + 'file' : 'graphical.target', +- 'symlinks' : ['default.target'], ++ 'symlinks' : ['default.target'] + (with_runlevels ? ['runlevel5.target'] : []), + }, + { 'file' : 'halt.target' }, + { +@@ -142,14 +144,20 @@ units = [ + 'conditions' : ['ENABLE_MACHINED'], + }, + { 'file' : 'modprobe@.service' }, +- { 'file' : 'multi-user.target' }, ++ { ++ 'file' : 'multi-user.target', ++ 'symlinks' : with_runlevels ? ['runlevel2.target', 'runlevel3.target', 'runlevel4.target'] : [], ++ }, + { 'file' : 'network-online.target' }, + { 'file' : 'network-pre.target' }, + { 'file' : 'network.target' }, + { 'file' : 'nss-lookup.target' }, + { 'file' : 'nss-user-lookup.target' }, + { 'file' : 'paths.target' }, +- { 'file' : 'poweroff.target' }, ++ { ++ 'file' : 'poweroff.target', ++ 'symlinks' : with_runlevels ? ['runlevel0.target'] : [], ++ }, + { 'file' : 'printer.target' }, + { + 'file' : 'proc-sys-fs-binfmt_misc.automount', +@@ -174,7 +182,7 @@ units = [ + }, + { + 'file' : 'reboot.target', +- 'symlinks' : ['ctrl-alt-del.target'], ++ 'symlinks' : ['ctrl-alt-del.target'] + (with_runlevels ? ['runlevel6.target'] : []), + }, + { + 'file' : 'remote-cryptsetup.target', +@@ -194,7 +202,10 @@ units = [ + 'symlinks' : ['initrd-root-device.target.wants/'], + }, + { 'file' : 'rescue.service.in' }, +- { 'file' : 'rescue.target' }, ++ { ++ 'file' : 'rescue.target', ++ 'symlinks' : with_runlevels ? ['runlevel1.target'] : [], ++ }, + { 'file' : 'rpcbind.target' }, + { 'file' : 'serial-getty@.service.in' }, + { 'file' : 'shutdown.target' }, +@@ -972,4 +983,10 @@ else + dbussessionservicedir / 'org.freedesktop.systemd1.service')) + endif + ++if conf.get('HAVE_SYSV_COMPAT') == 1 ++ foreach i : [1, 2, 3, 4, 5] ++ install_emptydir(systemunitdir / 'runlevel@0@.target.wants'.format(i)) ++ endforeach ++endif ++ + subdir('user') diff --git a/systemd.spec b/systemd.spec index 3356f27..c8fcbfb 100644 --- a/systemd.spec +++ b/systemd.spec @@ -137,6 +137,10 @@ Patch: https://github.com/systemd/systemd/pull/26494.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch +# Again create runlevelX.target. Dropping those files breaks upgrades. +# https://bugzilla.redhat.com/show_bug.cgi?id=2411195 +Patch: 0001-Revert-units-drop-runlevel-0-6-.target.patch + # userdb: create userdb root directory with correct label # We can drop this after SELinux policy is updated to handle the transition. Patch: https://github.com/systemd/systemd/pull/38769.patch From 1a7506a1051c8361714463825b83febcb04b5639 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 7 Nov 2025 14:02:48 +0100 Subject: [PATCH 306/327] Version 258.2 - A bunch of fixes in many components. - Stop creating user namespace for system services (rhbz#2391343) - Systemd trigger scriptlets are updated --- sources | 2 +- systemd.spec | 2 +- triggers.systemd | 30 ++++++++++++++---------------- 3 files changed, 16 insertions(+), 18 deletions(-) diff --git a/sources b/sources index 6b4fe22..a9f4297 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-258.1.tar.gz) = 0fd62724d4b9cc0789445f3072a7052f52533e2a928cb4a6c3d7375169d087f9cc3941f37c9f208c870042f4e32d90a17cfbb96930a31ac875b41aa7efac8f53 +SHA512 (systemd-258.2.tar.gz) = 1dc016a5a037aec2682e08d2add0dcf8d03db15b45ce8c6b677898f734aefd4694ce18e588d579e42514071fc4c167b2bf53808478b2bd3856b257c9fbcde45d diff --git a/systemd.spec b/systemd.spec index c8fcbfb..f5fbd50 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:258.1} +Version: %{?version_override}%{!?version_override:258.2} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif diff --git a/triggers.systemd b/triggers.systemd index f8bb078..28ddc1f 100644 --- a/triggers.systemd +++ b/triggers.systemd @@ -9,17 +9,17 @@ # # Minimum rpm version supported: 4.14.0 -%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system +%transfiletriggerin -P 900900 -- /usr/lib/systemd/system/ /etc/systemd/system/ # This script will run after any package is initially installed or # upgraded. We care about the case where a package is initially # installed, because other cases are covered by the *un scriptlets, # so sometimes we will reload needlessly. /usr/lib/systemd/systemd-update-helper system-reload-restart || : -%transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user +%transfiletriggerin -P 900899 -- /usr/lib/systemd/user/ /etc/systemd/user/ /usr/lib/systemd/systemd-update-helper user-reload-restart || : -%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system +%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system/ /etc/systemd/system/ # On removal, we need to run daemon-reload after any units have been # removed. # On upgrade, we need to run daemon-reload after any new unit files @@ -27,35 +27,35 @@ # executed. /usr/lib/systemd/systemd-update-helper system-reload || : -%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user +%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user/ /etc/systemd/user/ # Execute daemon-reload in user managers. /usr/lib/systemd/systemd-update-helper user-reload || : -%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system +%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system/ /etc/systemd/system/ # We restart remaining system services that should be restarted here. /usr/lib/systemd/systemd-update-helper system-restart || : -%transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user /etc/systemd/user +%transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user/ /etc/systemd/user/ # We restart remaining user services that should be restarted here. /usr/lib/systemd/systemd-update-helper user-restart || : -%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d +%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d/ # This script will process files installed in /usr/lib/sysusers.d to create # specified users automatically. The priority is set such that it # will run before the tmpfiles file trigger. systemd-sysusers || : -%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d +%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d/ # This script will automatically invoke hwdb update if files have been # installed or updated in /usr/lib/udev/hwdb.d. systemd-hwdb update || : -%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog +%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog/ # This script will automatically invoke journal catalog update if files # have been installed or updated in /usr/lib/systemd/catalog. journalctl --update-catalog || : -%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d +%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d/ # This script will automatically apply binfmt rules if files have been # installed or updated in /usr/lib/binfmt.d. if test -d "/run/systemd/system"; then @@ -64,7 +64,7 @@ if test -d "/run/systemd/system"; then /usr/lib/systemd/systemd-binfmt || : fi -%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d +%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d/ # This script will process files installed in /usr/lib/tmpfiles.d to create # tmpfiles automatically. The priority is set such that it will run # after the sysusers file trigger, but before any other triggers. @@ -72,14 +72,12 @@ if test -d "/run/systemd/system"; then systemd-tmpfiles --create || : fi -%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d +%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d/ # This script will automatically update udev with new rules if files # have been installed or updated in /usr/lib/udev/rules.d. -if test -e /run/udev/control; then - udevadm control --reload || : -fi +/usr/lib/systemd/systemd-update-helper mark-reload-system-units systemd-udevd.service || : -%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d +%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d/ # This script will automatically apply sysctl rules if files have been # installed or updated in /usr/lib/sysctl.d. if test -d "/run/systemd/system"; then From e455d82fd898e87fbd4cc848437a6582fdcab7f6 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 25 Sep 2025 10:34:15 +0200 Subject: [PATCH 307/327] Add various extra explicit Requires Upstream is moving towards making a lot more libraries dlopen() style dependencies. Let's make sure to add these as Requires to corresponding packages so they still get pulled in. --- systemd.spec | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/systemd.spec b/systemd.spec index f5fbd50..03acb85 100644 --- a/systemd.spec +++ b/systemd.spec @@ -333,6 +333,12 @@ Provides: /usr/sbin/shutdown Provides: /usr/sbin/telinit %endif +# libmount is always required, even in containers, so make it a hard dependency. +Requires: libmount.so.1%{?elf_suffix} +Requires: libmount.so.1(MOUNT_2.26)%{?elf_bits} +# Various systemd services have syscall filters so make libseccomp a hard dependency. +Requires: libseccomp.so.2%{?elf_suffix} + # Recommends to replace normal Requires deps for stuff that is dlopen()ed Recommends: libxkbcommon.so.0%{?elf_suffix} Recommends: libidn2.so.0%{?elf_suffix} @@ -476,6 +482,9 @@ Conflicts: systemd-networkd < %{version}-%{release} # want to load modules, so make this into a hard dependency here. Requires: libkmod.so.2%{?elf_suffix} Requires: libkmod.so.2(LIBKMOD_5)%{?elf_bits} +# udev uses libblkid in various builtins so make it a hard dependency. +Requires: libblkid.so.1%{?elf_suffix} +Requires: libblkid.so.1(BLKID_2.30)%{?elf_bits} # Recommends to replace normal Requires deps for stuff that is dlopen()ed # used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home From a0acca210d8f62039d6a419431f9b198fddc4302 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 17 Nov 2025 20:39:22 +0100 Subject: [PATCH 308/327] Version 259~rc1 - See https://raw.githubusercontent.com/systemd/systemd/v259-rc1/NEWS. Too many changes to list or discuss here. --- ...vert-units-drop-runlevel-0-6-.target.patch | 19 ++++++++++--------- 38769.patch | 10 +++++----- sources | 2 +- systemd.spec | 2 +- 4 files changed, 17 insertions(+), 16 deletions(-) diff --git a/0001-Revert-units-drop-runlevel-0-6-.target.patch b/0001-Revert-units-drop-runlevel-0-6-.target.patch index 4180211..5a4dacd 100644 --- a/0001-Revert-units-drop-runlevel-0-6-.target.patch +++ b/0001-Revert-units-drop-runlevel-0-6-.target.patch @@ -1,4 +1,4 @@ -From 27f4f96c4e56744ecbffec0595236e1441278804 Mon Sep 17 00:00:00 2001 +From 5b18cc5d62e6225c373aa36f6ff9a8f3539387e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 5 Nov 2025 17:52:16 +0100 Subject: [PATCH] Revert "units: drop runlevel[0-6].target" @@ -10,7 +10,7 @@ The unit are still needed for compat. 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/units/meson.build b/units/meson.build -index 4f47a3b2bd..34b3222f11 100644 +index 2e04c4aa2b..46eaac4073 100644 --- a/units/meson.build +++ b/units/meson.build @@ -1,5 +1,7 @@ @@ -30,7 +30,7 @@ index 4f47a3b2bd..34b3222f11 100644 }, { 'file' : 'halt.target' }, { -@@ -142,14 +144,20 @@ units = [ +@@ -142,7 +144,10 @@ units = [ 'conditions' : ['ENABLE_MACHINED'], }, { 'file' : 'modprobe@.service' }, @@ -39,9 +39,10 @@ index 4f47a3b2bd..34b3222f11 100644 + 'file' : 'multi-user.target', + 'symlinks' : with_runlevels ? ['runlevel2.target', 'runlevel3.target', 'runlevel4.target'] : [], + }, - { 'file' : 'network-online.target' }, - { 'file' : 'network-pre.target' }, - { 'file' : 'network.target' }, + { + 'file' : 'systemd-mute-console.socket', + 'symlinks' : ['sockets.target.wants/'] +@@ -155,7 +160,10 @@ units = [ { 'file' : 'nss-lookup.target' }, { 'file' : 'nss-user-lookup.target' }, { 'file' : 'paths.target' }, @@ -53,7 +54,7 @@ index 4f47a3b2bd..34b3222f11 100644 { 'file' : 'printer.target' }, { 'file' : 'proc-sys-fs-binfmt_misc.automount', -@@ -174,7 +182,7 @@ units = [ +@@ -180,7 +188,7 @@ units = [ }, { 'file' : 'reboot.target', @@ -62,7 +63,7 @@ index 4f47a3b2bd..34b3222f11 100644 }, { 'file' : 'remote-cryptsetup.target', -@@ -194,7 +202,10 @@ units = [ +@@ -200,7 +208,10 @@ units = [ 'symlinks' : ['initrd-root-device.target.wants/'], }, { 'file' : 'rescue.service.in' }, @@ -74,7 +75,7 @@ index 4f47a3b2bd..34b3222f11 100644 { 'file' : 'rpcbind.target' }, { 'file' : 'serial-getty@.service.in' }, { 'file' : 'shutdown.target' }, -@@ -972,4 +983,10 @@ else +@@ -1001,4 +1012,10 @@ else dbussessionservicedir / 'org.freedesktop.systemd1.service')) endif diff --git a/38769.patch b/38769.patch index 35b50e4..09a7423 100644 --- a/38769.patch +++ b/38769.patch @@ -1,4 +1,4 @@ -From e4e1e425394dcef01317c42b34c133768c26b765 Mon Sep 17 00:00:00 2001 +From 00d70f36a0866660693347009446b7f872a05bf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Sat, 30 Aug 2025 13:55:56 +0200 Subject: [PATCH] core: create userdb root directory with correct label @@ -16,18 +16,18 @@ longer is. Regression introduced in 736349958efe34089131ca88950e2e5bb391d36a. 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/core/varlink.c b/src/core/varlink.c -index 8c6b95e31d1d5..110b281842373 100644 +index 99f12c59e5..71a8ffd0e5 100644 --- a/src/core/varlink.c +++ b/src/core/varlink.c -@@ -6,6 +6,7 @@ +@@ -5,6 +5,7 @@ + #include "constants.h" #include "errno-util.h" - #include "json-util.h" #include "manager.h" +#include "mkdir-label.h" #include "path-util.h" #include "pidref.h" #include "string-util.h" -@@ -424,7 +425,11 @@ static int manager_varlink_init_system(Manager *m) { +@@ -441,7 +442,11 @@ static int manager_varlink_init_system(Manager *m) { if (!fresh && varlink_server_contains_socket(m->varlink_server, address)) continue; diff --git a/sources b/sources index a9f4297..752c9ae 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-258.2.tar.gz) = 1dc016a5a037aec2682e08d2add0dcf8d03db15b45ce8c6b677898f734aefd4694ce18e588d579e42514071fc4c167b2bf53808478b2bd3856b257c9fbcde45d +SHA512 (systemd-259-rc1.tar.gz) = 18a4305e0577647993dacf2369f374af5af67268c62aa49eb93680b6bb7986bd6d48f00328d20913c8eaa8204f4cbe47296e5087688290ae46910b909b307042 diff --git a/systemd.spec b/systemd.spec index 03acb85..4645686 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:258.2} +Version: %{?version_override}%{!?version_override:259~rc1} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From 044cff4700898340708ff684614f48e3b3faec9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 17 Nov 2025 21:20:23 +0100 Subject: [PATCH 309/327] Allow empower group This will need to be patched into setup. --- systemd.spec | 5 +++-- test_sysusers_defined.py | 7 +++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index 4645686..f49d0cc 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1116,12 +1116,13 @@ mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ # We skip this on upstream builds so that new users and groups # can be added without breaking the build. %if 0%{?fedora} >= 43 -%{python3} %{SOURCE4} /usr/lib/sysusers.d/setup.conf %{buildroot}/usr/lib/sysusers.d/basic.conf +IGNORED=empower \ + %{python3} %{SOURCE4} /usr/lib/sysusers.d/setup.conf %{buildroot}/usr/lib/sysusers.d/basic.conf %else %{python3} %{SOURCE4} /usr/lib/sysusers.d/20-setup-{users,groups}.conf %{buildroot}/usr/lib/sysusers.d/basic.conf %endif %endif -rm %{buildroot}/usr/lib/sysusers.d/basic.conf +sed -n -r -i '1,7p; /can .do.|empower/p' %{buildroot}/usr/lib/sysusers.d/basic.conf %endif # Disable sshd_config.d/20-systemd-userdb.conf for now. diff --git a/test_sysusers_defined.py b/test_sysusers_defined.py index f6358fb..3c1e04f 100755 --- a/test_sysusers_defined.py +++ b/test_sysusers_defined.py @@ -1,5 +1,6 @@ #!/usr/bin/python +import os import sys def parse_sysusers_file(filename): @@ -30,7 +31,9 @@ for arg in sys.argv[1:-1]: basic_users, basic_groups = parse_sysusers_file(sys.argv[-1]) -if d := basic_users - setup_users: +ignored = set(os.getenv('IGNORED', '').split()) + +if d := basic_users - setup_users - ignored: exit(f'We have new users: {d}') -if d := basic_groups - setup_groups: +if d := basic_groups - setup_groups - ignored: exit(f'We have new groups: {d}') From f9916b6fd1399261371c7fb1255a2be4dc8c4a25 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 20 Nov 2025 13:37:45 +0100 Subject: [PATCH 310/327] Revert "Use %autosetup -C" This effectively reverts commit b17d9c3474f6cd4c07e01ffdfedf6a93c157d859. --- systemd.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index f49d0cc..f4c1b30 100644 --- a/systemd.spec +++ b/systemd.spec @@ -760,7 +760,9 @@ main systemd package and is meant for use in exitrds. mv %{_sourcedir}/%{name}.fedora/* %{_sourcedir} %endif -%autosetup -C -p1 +# Automatically figure out the name of the top-level directory. +# TODO: Use %%autosetup -C once we can depend on rpm >= 4.20. +%autosetup -n %(tar -tf %{SOURCE0} | head -n1) -p1 # Disable user lockdown until rpm implements it natively. # https://github.com/rpm-software-management/rpm/issues/3450 From 12f95f807fef5075a8842dd107f83b4c41d5ac26 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 20 Nov 2025 14:11:10 +0100 Subject: [PATCH 311/327] Wrap %autosetup in %_build_in_place check The shell expansion we use to determine the top-level directory will get expanded even if we don't execute %prep, so add a %_build_in_place check to make sure we don't try to search for the top-level directory if --build-in-place is set. --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index f4c1b30..868b09b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -762,7 +762,9 @@ mv %{_sourcedir}/%{name}.fedora/* %{_sourcedir} # Automatically figure out the name of the top-level directory. # TODO: Use %%autosetup -C once we can depend on rpm >= 4.20. +%if %{undefined _build_in_place} %autosetup -n %(tar -tf %{SOURCE0} | head -n1) -p1 +%endif # Disable user lockdown until rpm implements it natively. # https://github.com/rpm-software-management/rpm/issues/3450 From 9ac8c363070586c41877b782d1c7f1b408a1f0ec Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 19 Nov 2025 23:13:54 +0100 Subject: [PATCH 312/327] Set meson auto features to auto when building for upstream We don't want new options to be forcefully enabled if we don't have the dependencies available. --- systemd.spec | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/systemd.spec b/systemd.spec index 868b09b..eda018e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -38,6 +38,11 @@ # that depend on libcryptsetup (e.g. libcryptsetup-plugins, homed) %if %{with bootstrap} %global __meson_auto_features disabled +# If we're building for upstream, don't unconditionally enable all +# new features as new features might be introduced for which we're +# missing build dependencies. +%elif %{with upstream} +%global __meson_auto_features auto %endif # Override %%autorelease. This is ugly, but rpmautospec doesn't implement From ddb6474e949910c9c6972f96862551f41902fc58 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Fri, 21 Nov 2025 15:07:07 +0100 Subject: [PATCH 313/327] Drop provides for removed sysvinit tools ... (rhbz#2413557) --- systemd.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index eda018e..3afd8bc 100644 --- a/systemd.spec +++ b/systemd.spec @@ -333,9 +333,7 @@ Provides: /usr/sbin/halt Provides: /usr/sbin/init Provides: /usr/sbin/poweroff Provides: /usr/sbin/reboot -Provides: /usr/sbin/runlevel Provides: /usr/sbin/shutdown -Provides: /usr/sbin/telinit %endif # libmount is always required, even in containers, so make it a hard dependency. From 33b38cdbc74dadf280448a0693677595cb78f4c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 26 Nov 2025 15:29:29 +0100 Subject: [PATCH 314/327] Suppress errors from tar MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Without this, 'spectool -g …' will print to the console. [skip changelog] --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 3afd8bc..50f58c0 100644 --- a/systemd.spec +++ b/systemd.spec @@ -766,7 +766,7 @@ mv %{_sourcedir}/%{name}.fedora/* %{_sourcedir} # Automatically figure out the name of the top-level directory. # TODO: Use %%autosetup -C once we can depend on rpm >= 4.20. %if %{undefined _build_in_place} -%autosetup -n %(tar -tf %{SOURCE0} | head -n1) -p1 +%autosetup -n %(tar -tf %{SOURCE0} 2>/dev/null | head -n1) -p1 %endif # Disable user lockdown until rpm implements it natively. From 7e409130ee736cfe54b8d03a94b7d53b2e0d9f89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 26 Nov 2025 15:47:05 +0100 Subject: [PATCH 315/327] Version 259~rc2 This has a bunch of fixes for various issues reported with -rc1, in particular varlink socket communication. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 752c9ae..d50c204 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-259-rc1.tar.gz) = 18a4305e0577647993dacf2369f374af5af67268c62aa49eb93680b6bb7986bd6d48f00328d20913c8eaa8204f4cbe47296e5087688290ae46910b909b307042 +SHA512 (systemd-259-rc2.tar.gz) = 667fe1deff5020f751f3721472f2b3a1dfc32e3d10a78b5efd1673b7a42b3d445ab504687e6cd2f42dc5cbfc5c42ba3a435939ec5957c9e73833486112f9bd91 diff --git a/systemd.spec b/systemd.spec index 50f58c0..38eccf6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -73,7 +73,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:259~rc1} +Version: %{?version_override}%{!?version_override:259~rc2} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From 0289127dae861518d708cf1a3b83e0745a303630 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 26 Nov 2025 22:35:50 +0100 Subject: [PATCH 316/327] Patch machined to continue after selinux denial --- ...cription-to-varlink-server-unify-err.patch | 53 +++++++++++++++++++ ...continue-without-resolve.hook-socket.patch | 30 +++++++++++ systemd.spec | 4 ++ 3 files changed, 87 insertions(+) create mode 100644 0001-machined-add-description-to-varlink-server-unify-err.patch create mode 100644 0002-machined-continue-without-resolve.hook-socket.patch diff --git a/0001-machined-add-description-to-varlink-server-unify-err.patch b/0001-machined-add-description-to-varlink-server-unify-err.patch new file mode 100644 index 0000000..27f0e38 --- /dev/null +++ b/0001-machined-add-description-to-varlink-server-unify-err.patch @@ -0,0 +1,53 @@ +From b984311d5c993d4d90c67b225b68b115301b565a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 26 Nov 2025 22:11:24 +0100 +Subject: [PATCH 1/2] machined: add description to varlink server, unify error + messages + +manager_varlink_init_resolve_hook and +manager_varlink_init_userdb are very similar, but one +didn't set a description and the other one had an error message +which didn't print the offending path. +--- + src/machine/machined-varlink.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c +index f4714c545d..cf87065443 100644 +--- a/src/machine/machined-varlink.c ++++ b/src/machine/machined-varlink.c +@@ -745,6 +745,8 @@ static int manager_varlink_init_userdb(Manager *m) { + if (r < 0) + return log_error_errno(r, "Failed to allocate varlink server object: %m"); + ++ (void) sd_varlink_server_set_description(s, "varlink-userdb"); ++ + r = sd_varlink_server_add_interface(s, &vl_interface_io_systemd_UserDatabase); + if (r < 0) + return log_error_errno(r, "Failed to add UserDatabase interface to varlink server: %m"); +@@ -757,9 +759,10 @@ static int manager_varlink_init_userdb(Manager *m) { + if (r < 0) + return log_error_errno(r, "Failed to register varlink methods: %m"); + +- r = sd_varlink_server_listen_address(s, "/run/systemd/userdb/io.systemd.Machine", 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); ++ const char *path = "/run/systemd/userdb/io.systemd.Machine"; ++ r = sd_varlink_server_listen_address(s, path, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); + if (r < 0) +- return log_error_errno(r, "Failed to bind to varlink socket '/run/systemd/userdb/io.systemd.Machine': %m"); ++ return log_error_errno(r, "Failed to bind to varlink socket %s: %m", path); + + r = sd_varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); + if (r < 0) +@@ -889,9 +892,10 @@ static int manager_varlink_init_resolve_hook(Manager *m) { + if (r < 0) + return log_error_errno(r, "Failed to bind on resolve hook disconnection events: %m"); + +- r = sd_varlink_server_listen_address(s, "/run/systemd/resolve.hook/io.systemd.Machine", 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); ++ const char *path = "/run/systemd/resolve.hook/io.systemd.Machine"; ++ r = sd_varlink_server_listen_address(s, path, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); + if (r < 0) +- return log_error_errno(r, "Failed to bind to varlink socket: %m"); ++ return log_error_errno(r, "Failed to bind to varlink socket %s: %m", path); + + r = sd_varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); + if (r < 0) diff --git a/0002-machined-continue-without-resolve.hook-socket.patch b/0002-machined-continue-without-resolve.hook-socket.patch new file mode 100644 index 0000000..f1c12e0 --- /dev/null +++ b/0002-machined-continue-without-resolve.hook-socket.patch @@ -0,0 +1,30 @@ +From 74f2ac66b118a7f5d0fb0d9b4444f951466cd30d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 26 Nov 2025 22:29:53 +0100 +Subject: [PATCH 2/2] machined: continue without resolve.hook socket + +--- + src/machine/machined-varlink.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c +index cf87065443..bae0577122 100644 +--- a/src/machine/machined-varlink.c ++++ b/src/machine/machined-varlink.c +@@ -894,8 +894,14 @@ static int manager_varlink_init_resolve_hook(Manager *m) { + + const char *path = "/run/systemd/resolve.hook/io.systemd.Machine"; + r = sd_varlink_server_listen_address(s, path, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); +- if (r < 0) +- return log_error_errno(r, "Failed to bind to varlink socket %s: %m", path); ++ if (r < 0) { ++ bool ignore = ERRNO_IS_NEG_PRIVILEGE(r); ++ log_full_errno(ignore ? LOG_WARNING : LOG_ERR, ++ r, ++ "Failed to bind to varlink socket %s%s: %m", ++ path, ignore ? ", ignoring" : ""); ++ return ignore ? 0 : r; ++ } + + r = sd_varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); + if (r < 0) diff --git a/systemd.spec b/systemd.spec index 38eccf6..0949cb1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -149,6 +149,10 @@ Patch: 0001-Revert-units-drop-runlevel-0-6-.target.patch # userdb: create userdb root directory with correct label # We can drop this after SELinux policy is updated to handle the transition. Patch: https://github.com/systemd/systemd/pull/38769.patch + +# Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2415701 +Patch: 0001-machined-add-description-to-varlink-server-unify-err.patch +Patch: 0002-machined-continue-without-resolve.hook-socket.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From b562e38e22a8e558de31947d2ba08b17458f5385 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 28 Nov 2025 12:50:05 +0100 Subject: [PATCH 317/327] Fix use of removed $LOCAL_CONF variable Follow up for f8932309d95f37b0f81c54a8d38010ced60ae99b [skip changelog] --- plans/run-integration-tests.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 46ea433..e3f0059 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -66,7 +66,7 @@ WithTests=yes EOF if [[ -n "${MKOSI_REPOSITORIES:-}" ]]; then - tee --append "$LOCAL_CONF" < Date: Fri, 28 Nov 2025 14:52:38 +0100 Subject: [PATCH 318/327] Check if --max-lines is supported by meson --- plans/run-integration-tests.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index e3f0059..9e7f83e 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -105,14 +105,19 @@ mkosi summary mkosi -f box -- true mkosi box -- meson setup build integration-tests/standalone mkosi -f +if [[ "$(mkosi box -- meson test --help)" == *"--max-lines"* ]]; then + MAX_LINES=(--max-lines 300) +else + MAX_LINES=() +fi mkosi box -- \ meson test \ -C build \ --setup=integration \ --print-errorlogs \ --no-stdsplit \ - --max-lines 300 \ - --num-processes "$NPROC" && EC=0 || EC=$? + --num-processes "$NPROC" \ + "${MAX_LINES[@]}" && EC=0 || EC=$? [[ -d build/meson-logs ]] && find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; [[ -d build/test/journal ]] && find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; From bf8019c840e86edf4371b7b1d0ce9968bb99515f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 10 Dec 2025 22:55:22 +0100 Subject: [PATCH 319/327] Version 259~rc3 Various fixes for various issues reported with -rc2. --- ...vert-units-drop-runlevel-0-6-.target.patch | 4 +- ...cription-to-varlink-server-unify-err.patch | 53 ------------------- ...continue-without-resolve.hook-socket.patch | 22 ++++---- sources | 2 +- systemd.spec | 3 +- 5 files changed, 16 insertions(+), 68 deletions(-) delete mode 100644 0001-machined-add-description-to-varlink-server-unify-err.patch diff --git a/0001-Revert-units-drop-runlevel-0-6-.target.patch b/0001-Revert-units-drop-runlevel-0-6-.target.patch index 5a4dacd..faf8341 100644 --- a/0001-Revert-units-drop-runlevel-0-6-.target.patch +++ b/0001-Revert-units-drop-runlevel-0-6-.target.patch @@ -1,7 +1,7 @@ -From 5b18cc5d62e6225c373aa36f6ff9a8f3539387e0 Mon Sep 17 00:00:00 2001 +From 61750e265ce3f7783a8dba831e91140f84ad89f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 5 Nov 2025 17:52:16 +0100 -Subject: [PATCH] Revert "units: drop runlevel[0-6].target" +Subject: [PATCH 1/3] Revert "units: drop runlevel[0-6].target" This partially reverts commit e58ba80a40fb6e96543d56774a5bc5aa9cdadbf3. The unit are still needed for compat. diff --git a/0001-machined-add-description-to-varlink-server-unify-err.patch b/0001-machined-add-description-to-varlink-server-unify-err.patch deleted file mode 100644 index 27f0e38..0000000 --- a/0001-machined-add-description-to-varlink-server-unify-err.patch +++ /dev/null @@ -1,53 +0,0 @@ -From b984311d5c993d4d90c67b225b68b115301b565a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 26 Nov 2025 22:11:24 +0100 -Subject: [PATCH 1/2] machined: add description to varlink server, unify error - messages - -manager_varlink_init_resolve_hook and -manager_varlink_init_userdb are very similar, but one -didn't set a description and the other one had an error message -which didn't print the offending path. ---- - src/machine/machined-varlink.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c -index f4714c545d..cf87065443 100644 ---- a/src/machine/machined-varlink.c -+++ b/src/machine/machined-varlink.c -@@ -745,6 +745,8 @@ static int manager_varlink_init_userdb(Manager *m) { - if (r < 0) - return log_error_errno(r, "Failed to allocate varlink server object: %m"); - -+ (void) sd_varlink_server_set_description(s, "varlink-userdb"); -+ - r = sd_varlink_server_add_interface(s, &vl_interface_io_systemd_UserDatabase); - if (r < 0) - return log_error_errno(r, "Failed to add UserDatabase interface to varlink server: %m"); -@@ -757,9 +759,10 @@ static int manager_varlink_init_userdb(Manager *m) { - if (r < 0) - return log_error_errno(r, "Failed to register varlink methods: %m"); - -- r = sd_varlink_server_listen_address(s, "/run/systemd/userdb/io.systemd.Machine", 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); -+ const char *path = "/run/systemd/userdb/io.systemd.Machine"; -+ r = sd_varlink_server_listen_address(s, path, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); - if (r < 0) -- return log_error_errno(r, "Failed to bind to varlink socket '/run/systemd/userdb/io.systemd.Machine': %m"); -+ return log_error_errno(r, "Failed to bind to varlink socket %s: %m", path); - - r = sd_varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); - if (r < 0) -@@ -889,9 +892,10 @@ static int manager_varlink_init_resolve_hook(Manager *m) { - if (r < 0) - return log_error_errno(r, "Failed to bind on resolve hook disconnection events: %m"); - -- r = sd_varlink_server_listen_address(s, "/run/systemd/resolve.hook/io.systemd.Machine", 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); -+ const char *path = "/run/systemd/resolve.hook/io.systemd.Machine"; -+ r = sd_varlink_server_listen_address(s, path, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); - if (r < 0) -- return log_error_errno(r, "Failed to bind to varlink socket: %m"); -+ return log_error_errno(r, "Failed to bind to varlink socket %s: %m", path); - - r = sd_varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); - if (r < 0) diff --git a/0002-machined-continue-without-resolve.hook-socket.patch b/0002-machined-continue-without-resolve.hook-socket.patch index f1c12e0..2903c5e 100644 --- a/0002-machined-continue-without-resolve.hook-socket.patch +++ b/0002-machined-continue-without-resolve.hook-socket.patch @@ -1,28 +1,30 @@ -From 74f2ac66b118a7f5d0fb0d9b4444f951466cd30d Mon Sep 17 00:00:00 2001 +From 8d6d86d1d7e45eeae921e88adde55d6524027c96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 26 Nov 2025 22:29:53 +0100 -Subject: [PATCH 2/2] machined: continue without resolve.hook socket +Subject: [PATCH 3/3] machined: continue without resolve.hook socket --- - src/machine/machined-varlink.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) + src/machine/machined-varlink.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c -index cf87065443..bae0577122 100644 +index f83cbb8562..0b30cd0531 100644 --- a/src/machine/machined-varlink.c +++ b/src/machine/machined-varlink.c -@@ -894,8 +894,14 @@ static int manager_varlink_init_resolve_hook(Manager *m) { +@@ -894,9 +894,15 @@ static int manager_varlink_init_resolve_hook(Manager *m) { - const char *path = "/run/systemd/resolve.hook/io.systemd.Machine"; - r = sd_varlink_server_listen_address(s, path, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); + r = sd_varlink_server_listen_address(s, VARLINK_PATH_MACHINED_RESOLVE_HOOK, + 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); - if (r < 0) -- return log_error_errno(r, "Failed to bind to varlink socket %s: %m", path); +- return log_error_errno(r, "Failed to bind to varlink socket %s: %m", +- VARLINK_PATH_MACHINED_RESOLVE_HOOK); + if (r < 0) { + bool ignore = ERRNO_IS_NEG_PRIVILEGE(r); + log_full_errno(ignore ? LOG_WARNING : LOG_ERR, + r, + "Failed to bind to varlink socket %s%s: %m", -+ path, ignore ? ", ignoring" : ""); ++ VARLINK_PATH_MACHINED_RESOLVE_HOOK, ++ ignore ? ", ignoring" : ""); + return ignore ? 0 : r; + } diff --git a/sources b/sources index d50c204..6c92dff 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-259-rc2.tar.gz) = 667fe1deff5020f751f3721472f2b3a1dfc32e3d10a78b5efd1673b7a42b3d445ab504687e6cd2f42dc5cbfc5c42ba3a435939ec5957c9e73833486112f9bd91 +SHA512 (systemd-259-rc3.tar.gz) = 31f979204e0db13233b766bf0956fb02f8f1165c00eb6721d833a28e59eaa3929c624542a61313cd254bcaefc206cbf562f252f8c94a78c332333852fbbbbb2b diff --git a/systemd.spec b/systemd.spec index 0949cb1..ab31da9 100644 --- a/systemd.spec +++ b/systemd.spec @@ -73,7 +73,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:259~rc2} +Version: %{?version_override}%{!?version_override:259~rc3} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif @@ -151,7 +151,6 @@ Patch: 0001-Revert-units-drop-runlevel-0-6-.target.patch Patch: https://github.com/systemd/systemd/pull/38769.patch # Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2415701 -Patch: 0001-machined-add-description-to-varlink-server-unify-err.patch Patch: 0002-machined-continue-without-resolve.hook-socket.patch %endif From 4f5b5a961543cc907a48f24cc6647fa100679139 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 18 Dec 2025 10:34:39 +0100 Subject: [PATCH 320/327] Version 259 - Some bugfixes since -rc3, in particular in the area of image creation and loading of libraries --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 6c92dff..af6ddf0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-259-rc3.tar.gz) = 31f979204e0db13233b766bf0956fb02f8f1165c00eb6721d833a28e59eaa3929c624542a61313cd254bcaefc206cbf562f252f8c94a78c332333852fbbbbb2b +SHA512 (systemd-259.tar.gz) = ef46b13661df43e3cfbeee1bc22f0b1eb902e8ebe39c19868c465efd08b35a199c2a2cd9d8021a6bc4d692fa0c6e0eab3f13eecd6ce24dde81d3945464a25b50 diff --git a/systemd.spec b/systemd.spec index ab31da9..0cc5357 100644 --- a/systemd.spec +++ b/systemd.spec @@ -73,7 +73,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:259~rc3} +Version: %{?version_override}%{!?version_override:259} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From 0c8ea706f96b053bcf38856d3c517e78805f1519 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 1 Dec 2025 13:26:24 +0100 Subject: [PATCH 321/327] Fix links to patches These patches were modified downstream yet the links were never updated [skip changelog] --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 0cc5357..f20339f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -140,7 +140,7 @@ Patch: https://github.com/systemd/systemd/pull/26494.patch # Create user journals for users with high UIDs # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 -Patch: https://github.com/systemd/systemd/pull/30846.patch +Patch: 30846.patch # Again create runlevelX.target. Dropping those files breaks upgrades. # https://bugzilla.redhat.com/show_bug.cgi?id=2411195 @@ -148,7 +148,7 @@ Patch: 0001-Revert-units-drop-runlevel-0-6-.target.patch # userdb: create userdb root directory with correct label # We can drop this after SELinux policy is updated to handle the transition. -Patch: https://github.com/systemd/systemd/pull/38769.patch +Patch: 38769.patch # Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2415701 Patch: 0002-machined-continue-without-resolve.hook-socket.patch From 56377438ba63df532f6e77874b942dc641544ed0 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 19 Dec 2025 00:10:52 +0000 Subject: [PATCH 322/327] Disable sysinit-path for upstream builds [skip changelog] --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index f20339f..d3117a1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -805,7 +805,9 @@ VMLINUX_H_PATH=$(%python3 -c '%find_vmlinux_h') CONFIGURE_OPTS=( -Dmode=release -Dslow-tests=true +%if %{without upstream} -Dsysvinit-path=/etc/rc.d/init.d +%endif -Drc-local=/etc/rc.d/rc.local -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' -Ddns-servers= From cac8dde28a1298bbc2bee40e9ab3b9308392f691 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 19 Dec 2025 11:40:52 +0100 Subject: [PATCH 323/327] test: Allow passing in extra tests to skip via TEST_SKIP [skip changelog] --- plans/run-integration-tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 9e7f83e..6d2ee37 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -98,7 +98,7 @@ fi # This test is only really useful if we're building with sanitizers and takes a long time, so let's skip it # for now. -export TEST_SKIP="TEST-21-DFUZZER" +export TEST_SKIP="TEST-21-DFUZZER ${TEST_SKIP:-}" mkosi genkey mkosi summary From c0520291971673fd0c64ff3cbaf2ac344db2a3c8 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 19 Dec 2025 16:17:01 +0100 Subject: [PATCH 324/327] Drop libcap-devel BuildRequires Not required anymore since v259. --- systemd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index d3117a1..d4088d9 100644 --- a/systemd.spec +++ b/systemd.spec @@ -163,7 +163,6 @@ BuildRequires: gcc-c++ BuildRequires: clang BuildRequires: coreutils BuildRequires: rpmdevtools -BuildRequires: libcap-devel BuildRequires: libmount-devel BuildRequires: libfdisk-devel BuildRequires: libpwquality-devel From 67538c79f250eecbd904aa87e72a44cb3b5ef6f4 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 19 Dec 2025 16:17:26 +0100 Subject: [PATCH 325/327] Make dbus and systemd-pam recommended dependencies Neither dbus nor pam are required in the initrd so let's make both recommended dependencies instead of required dependencies so that we can build initrds without either of them getting pulled in. --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index d4088d9..9122e0f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -279,8 +279,8 @@ Requires(post): coreutils Requires(post): grep # systemd-machine-id-setup requires libssl Requires(post): openssl-libs -Requires: dbus >= 1.9.18 -Requires: systemd-pam%{_isa} = %{version}-%{release} +Recommends: dbus >= 1.9.18 +Recommends: systemd-pam%{_isa} = %{version}-%{release} Requires(meta): (systemd-rpm-macros = %{version}-%{release} if rpm-build) Requires: systemd-libs%{_isa} = %{version}-%{release} %{?fedora:Recommends: systemd-networkd = %{version}-%{release}} From 399885597ce9f7cc63673c3369086021f0b01176 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 20 Dec 2025 18:35:48 +0100 Subject: [PATCH 326/327] Revert "Disable sysinit-path for upstream builds" This reverts commit 56377438ba63df532f6e77874b942dc641544ed0. Dropping of the option currently doesn't disable anything, it just moves the file. I don't think we gain anything by moving the file and actually this causes problems [1], so let's just return to status quo ante. [1] file /etc/init.d conflicts between attempted installs of systemd-259.999+69+g6ceb76bfc-2548.1.x86_64 and chkconfig-1.33-3.fc44.x86_64 [skip changelog] --- systemd.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 9122e0f..af79bf0 100644 --- a/systemd.spec +++ b/systemd.spec @@ -804,9 +804,7 @@ VMLINUX_H_PATH=$(%python3 -c '%find_vmlinux_h') CONFIGURE_OPTS=( -Dmode=release -Dslow-tests=true -%if %{without upstream} -Dsysvinit-path=/etc/rc.d/init.d -%endif -Drc-local=/etc/rc.d/rc.local -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' -Ddns-servers= From f353d244fd5a7bb972ab1bb0884a5e8ccc8b4faf Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Mon, 12 Jan 2026 16:22:10 +0100 Subject: [PATCH 327/327] Add 2 patches for automatic aarch64 DTB selection change --- ...rel-section-when-os-release-is-empty.patch | 112 ++++++++++++++++++ ...inter-deref-when-there-are-no-initrd.patch | 51 ++++++++ systemd.spec | 6 + 3 files changed, 169 insertions(+) create mode 100644 0003-ukify-omit-.osrel-section-when-os-release-is-empty.patch create mode 100644 0004-stub-Fix-NULL-pointer-deref-when-there-are-no-initrd.patch diff --git a/0003-ukify-omit-.osrel-section-when-os-release-is-empty.patch b/0003-ukify-omit-.osrel-section-when-os-release-is-empty.patch new file mode 100644 index 0000000..5f4a1dd --- /dev/null +++ b/0003-ukify-omit-.osrel-section-when-os-release-is-empty.patch @@ -0,0 +1,112 @@ +From 75890d949f92c412c0936b8536b2e0dc8f7dfb40 Mon Sep 17 00:00:00 2001 +From: Nick Rosbrook +Date: Fri, 19 Dec 2025 11:01:49 -0500 +Subject: [PATCH] ukify: omit .osrel section when --os-release= is empty + +The primary motivation for this is to allow users of ukify to build +UKI-like objects, without having them later be detected as a UKI by +tools like kernel-install and bootctl. + +The common code used by these tools to determine if a PE binary is a UKI +checks that both .osrel and .linux sections are present. Hence, adding +a mechansim to skip .osrel provides a way to avoid being labeled a UKI. +--- + man/ukify.xml | 5 ++++- + src/ukify/test/test_ukify.py | 15 +++++++++++---- + src/ukify/ukify.py | 10 +++++++++- + 3 files changed, 24 insertions(+), 6 deletions(-) + +diff --git a/man/ukify.xml b/man/ukify.xml +index 829761642d..7462c5c92f 100644 +--- a/man/ukify.xml ++++ b/man/ukify.xml +@@ -365,7 +365,10 @@ + The os-release description (the .osrel section). The argument + may be a literal string, or @ followed by a path name. If not specified, the + os-release5 file +- will be picked up from the host system. ++ will be picked up from the host system. If explicitly set to an empty string, the ".osrel" section ++ is omitted from the UKI (this is not recommended in most cases, and causes the resulting artifact ++ to not be recognized as a UKI by other tools like kernel-install ++ and bootctl). + + + +diff --git a/src/ukify/test/test_ukify.py b/src/ukify/test/test_ukify.py +index f75ef0c891..224a38569f 100755 +--- a/src/ukify/test/test_ukify.py ++++ b/src/ukify/test/test_ukify.py +@@ -641,7 +641,7 @@ def test_efi_signing_pesign(kernel_initrd, tmp_path): + + shutil.rmtree(tmp_path) + +-def test_inspect(kernel_initrd, tmp_path, capsys): ++def test_inspect(kernel_initrd, tmp_path, capsys, osrel=True): + if kernel_initrd is None: + pytest.skip('linux+initrd not found') + if not shutil.which('sbsign'): +@@ -653,7 +653,7 @@ def test_inspect(kernel_initrd, tmp_path, capsys): + + output = f'{tmp_path}/signed2.efi' + uname_arg='1.2.3' +- osrel_arg='Linux' ++ osrel_arg='Linux' if osrel else '' + cmdline_arg='ARG1 ARG2 ARG3' + + args = [ +@@ -680,8 +680,12 @@ def test_inspect(kernel_initrd, tmp_path, capsys): + + text = capsys.readouterr().out + +- expected_osrel = f'.osrel:\n size: {len(osrel_arg)}' +- assert expected_osrel in text ++ if osrel: ++ expected_osrel = f'.osrel:\n size: {len(osrel_arg)}' ++ assert expected_osrel in text ++ else: ++ assert '.osrel:' not in text ++ + expected_cmdline = f'.cmdline:\n size: {len(cmdline_arg)}' + assert expected_cmdline in text + expected_uname = f'.uname:\n size: {len(uname_arg)}' +@@ -694,6 +698,9 @@ def test_inspect(kernel_initrd, tmp_path, capsys): + + shutil.rmtree(tmp_path) + ++def test_inspect_no_osrel(kernel_initrd, tmp_path, capsys): ++ test_inspect(kernel_initrd, tmp_path, capsys, osrel=False) ++ + @pytest.mark.skipif(not slow_tests, reason='slow') + def test_pcr_signing(kernel_initrd, tmp_path): + if kernel_initrd is None: +diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py +index c98f8e2a5d..b7542c7eca 100755 +--- a/src/ukify/ukify.py ++++ b/src/ukify/ukify.py +@@ -1477,6 +1477,9 @@ def make_uki(opts: UkifyConfig) -> None: + '.profile', + } + ++ if not opts.os_release: ++ to_import.remove('.osrel') ++ + for profile in opts.join_profiles: + pe = pefile.PE(profile, fast_load=True) + prev_len = len(uki.sections) +@@ -2412,7 +2415,12 @@ def finalize_options(opts: argparse.Namespace) -> None: + + opts.os_release = resolve_at_path(opts.os_release) + +- if not opts.os_release and opts.linux: ++ if opts.os_release == '': ++ # If --os-release= with an empty string was passed, treat that as ++ # explicitly disabling the .osrel section, and do not fallback to the ++ # system's os-release files. ++ pass ++ elif opts.os_release is None and opts.linux: + p = Path('/etc/os-release') + if not p.exists(): + p = Path('/usr/lib/os-release') +-- +2.52.0 + diff --git a/0004-stub-Fix-NULL-pointer-deref-when-there-are-no-initrd.patch b/0004-stub-Fix-NULL-pointer-deref-when-there-are-no-initrd.patch new file mode 100644 index 0000000..d6f362f --- /dev/null +++ b/0004-stub-Fix-NULL-pointer-deref-when-there-are-no-initrd.patch @@ -0,0 +1,51 @@ +From e57e599e6b11039ab6484e5622b3deae20bfd678 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Mon, 12 Jan 2026 14:56:36 +0100 +Subject: [PATCH] stub: Fix NULL pointer deref when there are no initrds + +When n_all_initrds == 0, then all_initrds is unmodified from its initial +value of: + + _cleanup_free_ struct iovec *all_initrds = NULL; + +and in the else block of the "if (n_all_initrds > 1)" the NULL is +dereferenced: + + final_initrd = all_initrds[0]; + +Leading to the stub crashing due to a NULL pointer deref. + +Fix this by initializing final_initrd to all 0s and only +running the else block if (n_all_initrds == 1). +--- + src/boot/stub.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/boot/stub.c b/src/boot/stub.c +index 06ecbc7d18..65950262c6 100644 +--- a/src/boot/stub.c ++++ b/src/boot/stub.c +@@ -1302,9 +1302,9 @@ static EFI_STATUS run(EFI_HANDLE image) { + + /* Combine the initrds into one */ + _cleanup_pages_ Pages initrd_pages = {}; +- struct iovec final_initrd; ++ struct iovec final_initrd = {}; + if (n_all_initrds > 1) { +- /* There will always be a base initrd, if this counter is higher, we need to combine them */ ++ /* If there is more then 1 initrd we need to combine them */ + err = combine_initrds(all_initrds, n_all_initrds, &initrd_pages, &final_initrd.iov_len); + if (err != EFI_SUCCESS) + return err; +@@ -1313,7 +1313,7 @@ static EFI_STATUS run(EFI_HANDLE image) { + + /* Given these might be large let's free them explicitly before we pass control to Linux */ + initrds_free(&initrds); +- } else ++ } else if (n_all_initrds == 1) + final_initrd = all_initrds[0]; + + struct iovec kernel = IOVEC_MAKE( +-- +2.52.0 + diff --git a/systemd.spec b/systemd.spec index af79bf0..afd6432 100644 --- a/systemd.spec +++ b/systemd.spec @@ -152,6 +152,12 @@ Patch: 38769.patch # Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2415701 Patch: 0002-machined-continue-without-resolve.hook-socket.patch + +# 2 patches for https://fedoraproject.org/wiki/Changes/Automatic_DTB_selection_for_aarch64_EFI_systems +# Upstream commit: https://github.com/systemd/systemd/commit/75890d949f92c412c0936b8536b2e0dc8f7dfb40 +Patch: 0003-ukify-omit-.osrel-section-when-os-release-is-empty.patch +# Upstream PR: https://github.com/systemd/systemd/pull/40329 +Patch: 0004-stub-Fix-NULL-pointer-deref-when-there-are-no-initrd.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64