From e42eed4afd6267cd954d393d8eec79e0e7573de0 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 24 Oct 2024 18:11:05 +0900 Subject: [PATCH 001/148] test_sysusers_defined: support new ! line flag for creating fully locked accounts For https://github.com/systemd/systemd/pull/34876. --- test_sysusers_defined.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test_sysusers_defined.py b/test_sysusers_defined.py index 2754578..6f04f15 100755 --- a/test_sysusers_defined.py +++ b/test_sysusers_defined.py @@ -11,7 +11,7 @@ def parse_sysusers_file(filename): continue words = line.split() match words[0]: - case 'u': + case 'u'|'u!': users.add(words[1]) case 'g': groups.add(words[1]) From 009c64d6a2bfc60153d1c418f384cf527bccb2a0 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Thu, 24 Oct 2024 09:24:58 +0200 Subject: [PATCH 002/148] Use %systemd_preun in systemd-resolved With that, systemd-resolved.service is not only disabled but also stopped on package uninstall. ... (rhbz#2305391) --- systemd.spec | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index b06d182..22bc752 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1185,10 +1185,8 @@ fi %systemd_post systemd-resolved.service %preun resolved +%systemd_preun systemd-resolved.service if [ $1 -eq 0 ] ; then - systemctl disable --quiet \ - systemd-resolved.service \ - >/dev/null || : if [ -L /etc/resolv.conf ] && \ realpath /etc/resolv.conf | grep ^/run/systemd/resolve/; then rm -f /etc/resolv.conf # no longer useful From 86ca699d18c427aee4b8ceb89ea303f124f878b6 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 11 Oct 2024 11:09:41 +0200 Subject: [PATCH 003/148] Backport user manager reexec changes This drastically simplifier reexecs of user managers by using systemctl reload to do a user manager reexec. This means we don't need systemd-run, a pam session or systemd-stdio-bridge anymore to do a user manager reexec and all job tracking is handled by pid 1 instead of bash. --- systemd.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systemd.spec b/systemd.spec index 22bc752..78db443 100644 --- a/systemd.spec +++ b/systemd.spec @@ -117,6 +117,9 @@ Patch0010: https://github.com/systemd/systemd/pull/26494.patch # Requested in https://bugzilla.redhat.com/show_bug.cgi?id=2298422 Patch0011: https://github.com/systemd/systemd/pull/33738.patch +# Simplify user manager upgrades +Patch0012: https://github.com/systemd/systemd/pull/34707.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch From 8f44e8097dbafa1e5857ab594aa823ec82f8ff46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 7 Nov 2024 11:45:37 +0100 Subject: [PATCH 004/148] Add forgotten patch [skip changelog] --- 34707.patch | 233 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 233 insertions(+) create mode 100644 34707.patch diff --git a/34707.patch b/34707.patch new file mode 100644 index 0000000..5d8e278 --- /dev/null +++ b/34707.patch @@ -0,0 +1,233 @@ +From da81a108653e2ef19102698dbc0184bd18b084d9 Mon Sep 17 00:00:00 2001 +From: Mike Yuan +Date: Thu, 10 Oct 2024 21:16:05 +0200 +Subject: [PATCH 1/4] core/manager: still send out STATUS=Ready for user + manager + +This effectively reverts 37d15cd132f3a8a0bf42fb252c1604e804171ff2. + +The offending commit wrongly assumed that the second READY=1 +notification is for system scope only, but it also serves the purpose +of flushing out previous STATUS= containing user unit job status. +--- + src/core/manager.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 2789f0e3d0c9c..456ad46135b72 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -3885,7 +3885,7 @@ static void manager_notify_finished(Manager *m) { + log_taint_string(m); + } + +-static void manager_send_ready_user_scope(Manager *m) { ++static void manager_send_ready_on_basic_target(Manager *m) { + int r; + + assert(m); +@@ -3904,18 +3904,18 @@ static void manager_send_ready_user_scope(Manager *m) { + m->status_ready = false; + } + +-static void manager_send_ready_system_scope(Manager *m) { ++static void manager_send_ready_on_idle(Manager *m) { + int r; + + assert(m); + +- if (!MANAGER_IS_SYSTEM(m)) +- return; +- + /* Skip the notification if nothing changed. */ + if (m->ready_sent && m->status_ready) + return; + ++ /* Note that for user managers, we might have already sent READY=1 in manager_send_ready_user_scope(). ++ * But we still need to flush STATUS=. The second READY=1 will be treated as a noop so it doesn't ++ * hurt to send it twice. */ + r = sd_notify(/* unset_environment= */ false, + "READY=1\n" + "STATUS=Ready."); +@@ -3940,7 +3940,7 @@ static void manager_check_basic_target(Manager *m) { + return; + + /* For user managers, send out READY=1 as soon as we reach basic.target */ +- manager_send_ready_user_scope(m); ++ manager_send_ready_on_basic_target(m); + + /* Log the taint string as soon as we reach basic.target */ + log_taint_string(m); +@@ -3971,7 +3971,7 @@ void manager_check_finished(Manager *m) { + if (hashmap_buckets(m->jobs) > hashmap_size(m->units) / 10) + m->jobs = hashmap_free(m->jobs); + +- manager_send_ready_system_scope(m); ++ manager_send_ready_on_idle(m); + + /* Notify Type=idle units that we are done now */ + manager_close_idle_pipe(m); + +From 155098a702c4f6de6b1dca534661492625773fed Mon Sep 17 00:00:00 2001 +From: Mike Yuan +Date: Thu, 10 Oct 2024 21:06:35 +0200 +Subject: [PATCH 2/4] core/manager-serialize: drop serialization for + Manager.ready_sent + +This field indicates whether READY=1 has been sent to +the service manager/supervisor. Whenever we reload/reexec/soft-reboot, +manager_send_reloading() always resets it to false first, +so that READY=1 is sent after reloading finishes. Hence +we utterly get "false" at all times. Kill it. +--- + src/core/manager-serialize.c | 12 +----------- + 1 file changed, 1 insertion(+), 11 deletions(-) + +diff --git a/src/core/manager-serialize.c b/src/core/manager-serialize.c +index 62dfce93a0a85..3f624619dfd19 100644 +--- a/src/core/manager-serialize.c ++++ b/src/core/manager-serialize.c +@@ -92,7 +92,6 @@ int manager_serialize( + (void) serialize_item_format(f, "current-job-id", "%" PRIu32, m->current_job_id); + (void) serialize_item_format(f, "n-installed-jobs", "%u", m->n_installed_jobs); + (void) serialize_item_format(f, "n-failed-jobs", "%u", m->n_failed_jobs); +- (void) serialize_bool(f, "ready-sent", m->ready_sent); + (void) serialize_bool(f, "taint-logged", m->taint_logged); + (void) serialize_bool(f, "service-watchdogs", m->service_watchdogs); + +@@ -356,15 +355,6 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { + else + m->n_failed_jobs += n; + +- } else if ((val = startswith(l, "ready-sent="))) { +- int b; +- +- b = parse_boolean(val); +- if (b < 0) +- log_notice("Failed to parse ready-sent flag '%s', ignoring.", val); +- else +- m->ready_sent = m->ready_sent || b; +- + } else if ((val = startswith(l, "taint-logged="))) { + int b; + +@@ -558,7 +548,7 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { + + if (q < _MANAGER_TIMESTAMP_MAX) /* found it */ + (void) deserialize_dual_timestamp(val, m->timestamps + q); +- else if (!STARTSWITH_SET(l, "kdbus-fd=", "honor-device-enumeration=")) /* ignore deprecated values */ ++ else if (!STARTSWITH_SET(l, "kdbus-fd=", "honor-device-enumeration=", "ready-sent=")) /* ignore deprecated values */ + log_notice("Unknown serialization item '%s', ignoring.", l); + } + } + +From a375e145190482e8a2f0971bffb332e31211622f Mon Sep 17 00:00:00 2001 +From: Mike Yuan +Date: Thu, 10 Oct 2024 21:32:17 +0200 +Subject: [PATCH 3/4] units/{user,capsule}@.service: issue daemon-reexec when + notify-reloading + +Closes #28367 (but not really in the exact form, see below) + +We have the problem of restarting all user manager instances +after upgrade. Current approaches involve systemctl kill +with SIGRTMIN+25, which is async and feels rather ugly [1][2]; +or systemctl --machine=user@ --user, which requires entering +each user session. Neither is particularly elegant. +Instead, let's just signal daemon-reexec when user@.service +is reloaded from system manager. Our long goal of dropping +daemon-reload in favor of reexec (see TODO) is unlikely to happen +due to user dbus restrictions, but here the synchronization +is done via READY=1. + +[1] https://gitlab.archlinux.org/archlinux/packaging/packages/systemd/-/blob/main/systemd.install?ref_type=heads#L37 +[2] https://salsa.debian.org/systemd-team/systemd/-/blob/debian/master/debian/systemd.postinst#L24 + +#28367 would not really work for us now I come to think about it, +because all processes will be reparented to pid1 as soon as +original user manager process exits. This alternative approach +seems good enough for our use case. +--- + units/capsule@.service.in | 4 ++++ + units/user@.service.in | 4 ++++ + 2 files changed, 8 insertions(+) + +diff --git a/units/capsule@.service.in b/units/capsule@.service.in +index f2bb9e3a45a83..a64298786e490 100644 +--- a/units/capsule@.service.in ++++ b/units/capsule@.service.in +@@ -23,6 +23,10 @@ StateDirectory=capsules/%i + RuntimeDirectory=capsules/%i + LogExtraFields=CAPSULE=%i + Slice=capsule.slice ++# Reexecute the manager on service reload, instead of reloading. ++# This provides a synchronous method for restarting all user manager ++# instances after upgrade. ++ReloadSignal=RTMIN+25 + KillMode=mixed + Delegate=pids memory cpu + DelegateSubgroup=init.scope +diff --git a/units/user@.service.in b/units/user@.service.in +index 5695465747217..381ab2a0db54e 100644 +--- a/units/user@.service.in ++++ b/units/user@.service.in +@@ -20,6 +20,10 @@ PAMName=systemd-user + Type=notify-reload + ExecStart={{LIBEXECDIR}}/systemd --user + Slice=user-%i.slice ++# Reexecute the manager on service reload, instead of reloading. ++# This provides a synchronous method for restarting all user manager ++# instances after upgrade. ++ReloadSignal=RTMIN+25 + KillMode=mixed + Delegate=pids memory cpu + DelegateSubgroup=init.scope + +From 2d0af8bc354f4a1429cebedfb387af72c88720a0 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 10 Oct 2024 22:37:39 +0200 +Subject: [PATCH 4/4] rpm/systemd-update-helper: Use systemctl reload to + reexec/reload user managers + +Let's always use systemctl reload to reexec and reload user managers +now that it always implies a reexec. This moves all the job management +logic to pid 1 instead of bash and reduces the complexity of the logic +as we remove systemd-run, pam and systemd-stdio-bridge from the equation. +--- + src/rpm/systemd-update-helper.in | 20 ++++---------------- + 1 file changed, 4 insertions(+), 16 deletions(-) + +diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in +index c81e16c3d3ffb..8af914935261a 100755 +--- a/src/rpm/systemd-update-helper.in ++++ b/src/rpm/systemd-update-helper.in +@@ -107,25 +107,13 @@ case "$command" in + + [ -d /run/systemd/system ] || exit 0 + +- users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') +- +- if [[ "$command" =~ reexec ]]; then +- for user in $users; do +- SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ +- systemctl --user -M "$user@" daemon-reexec & +- done +- wait +- fi +- +- if [[ "$command" =~ reload ]]; then +- for user in $users; do +- SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ +- systemctl --user -M "$user@" daemon-reload & +- done +- wait ++ if [[ "$command" =~ reexec|reload ]]; then ++ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s systemctl reload "user@*.service" + fi + + if [[ "$command" =~ restart ]]; then ++ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') ++ + for user in $users; do + SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ + systemctl --user -M "$user@" reload-or-restart --marked & From 8dafa3810b3cec0dd297b8686fb4a00c6972712e Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Wed, 6 Nov 2024 14:29:38 -0500 Subject: [PATCH 005/148] Disable OpenSSL v3 ENGINE on RHEL RHEL 10+ does not provide and defines OPENSSL_NO_ENGINE. https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 78db443..f3e717e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -172,7 +172,7 @@ BuildRequires: libcurl-devel BuildRequires: kmod-devel BuildRequires: elfutils-devel BuildRequires: openssl-devel -%if 0%{?fedora} >= 41 || 0%{?rhel} >= 11 +%if 0%{?fedora} >= 41 BuildRequires: openssl-devel-engine %endif %if %{with gnutls} From 834ba50e798a42be20b00d4553ba2ddb91f7ffd0 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 3 Oct 2024 16:42:29 +0200 Subject: [PATCH 006/148] Use %posttrans instead of %postun to restart services Anything we put in a %postun script needs two releases of the rpm before it is invoked. The reason for using %postun to restart services is because it runs after the old version has been removed so we can be sure all remaining dropins and such files from the old version have been removed. %posttrans gives us the same guarantee but the %posttrans of the new version will run on install and upgrade which means the changes will be applied immediately instead of having to release twice before the changes take effect. We define the systemd_posttrans_with_restart macro in the spec because we can't use the upstream one as we ship it ourselves. --- systemd.spec | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/systemd.spec b/systemd.spec index f3e717e..6a962cd 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1039,6 +1039,16 @@ meson test -C %{_vpath_builddir} -t 6 --print-errorlogs %include %{SOURCE1} +# This macro is newly added upstream so we can't rely on it being always being available +# in the systemd-rpm-macros yet so we define it ourselves. +%global systemd_posttrans_with_restart() \ +%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_posttrans_with_restart}} \ +if [ $1 -ge 2 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then \ + # Package upgrade, not install \ + /usr/lib/systemd/systemd-update-helper mark-restart-system-units %* || : \ +fi \ +%{nil} + %post systemd-machine-id-setup &>/dev/null || : @@ -1062,8 +1072,8 @@ systemd-tmpfiles --create &>/dev/null || : systemctl preset-all &>/dev/null || : systemctl --global preset-all &>/dev/null || : -%postun -if [ $1 -ge 1 ]; then +%posttrans +if [ $1 -ge 2 ]; then [ -w %{_localstatedir} ] && journalctl --update-catalog || : systemctl daemon-reexec || : @@ -1071,13 +1081,13 @@ if [ $1 -ge 1 ]; then systemd-tmpfiles --create &>/dev/null || : fi -%systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service +%systemd_posttrans_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service # FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558) # This is the expanded form of %%systemd_user_daemon_reexec. We # can't use the macro because we define it ourselves. -if [ $1 -ge 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then +if [ $1 -ge 2 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then # Package upgrade, not uninstall /usr/lib/systemd/systemd-update-helper user-reexec || : fi @@ -1124,11 +1134,10 @@ grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null && %preun udev %systemd_preun %udev_services -%postun udev +%posttrans udev # Restart some services. # Others are either oneshot services, or sockets, and restarting them causes issues (#1378974) -%systemd_postun_with_restart systemd-udevd.service systemd-timesyncd.service - +%systemd_posttrans_with_restart systemd-udevd.service systemd-timesyncd.service %global journal_remote_units_restart systemd-journal-gatewayd.service systemd-journal-remote.service systemd-journal-upload.service %global journal_remote_units_norestart systemd-journal-gatewayd.socket systemd-journal-remote.socket @@ -1146,8 +1155,8 @@ if [ $1 -eq 1 ] ; then fi fi -%postun journal-remote -%systemd_postun_with_restart %journal_remote_units_restart +%posttrans journal-remote +%systemd_posttrans_with_restart %journal_remote_units_restart %firewalld_reload %post networkd @@ -1169,9 +1178,8 @@ fi %preun networkd %systemd_preun systemd-networkd.service systemd-networkd-wait-online.service -%postun networkd -%systemd_postun_with_restart systemd-networkd.service -%systemd_postun systemd-networkd-wait-online.service +%posttrans networkd +%systemd_posttrans_with_restart systemd-networkd.service %post resolved [ $1 -eq 1 ] || exit 0 @@ -1200,10 +1208,8 @@ if [ $1 -eq 0 ] ; then fi fi -%postun resolved -%systemd_postun_with_restart systemd-resolved.service - %posttrans resolved +%systemd_posttrans_with_restart systemd-resolved.service [ -e %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation ] || exit 0 rm %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation # Initial installation From ea947ce068a67be565245a295db738d66c4af954 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 7 Nov 2024 16:13:20 +0100 Subject: [PATCH 007/148] Version 257~rc1 --- ...-tmpfiles-make-purge-hard-to-mis-use.patch | 27 +- 33738.patch | 37 --- 34707.patch | 233 ------------------ systemd.spec | 8 +- 4 files changed, 15 insertions(+), 290 deletions(-) delete mode 100644 33738.patch delete mode 100644 34707.patch diff --git a/0001-tmpfiles-make-purge-hard-to-mis-use.patch b/0001-tmpfiles-make-purge-hard-to-mis-use.patch index 033b575..79964e8 100644 --- a/0001-tmpfiles-make-purge-hard-to-mis-use.patch +++ b/0001-tmpfiles-make-purge-hard-to-mis-use.patch @@ -1,4 +1,4 @@ -From 1e788a7fb535a37a8268aa7dc5130f670eb72a6b Mon Sep 17 00:00:00 2001 +From 45cfee930ab4067348cea5244c9c2dc31c64d14d Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 23 Jul 2024 13:14:05 +0200 Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use @@ -10,10 +10,10 @@ Follow-up for https://github.com/systemd/systemd/pull/33383. 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c -index 8cc8c1ccd6..14048545db 100644 +index 5a4f989668..c5b544f1df 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c -@@ -4197,6 +4197,7 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4213,6 +4213,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_IMAGE_POLICY, ARG_REPLACE, ARG_DRY_RUN, @@ -21,7 +21,7 @@ index 8cc8c1ccd6..14048545db 100644 ARG_NO_PAGER, }; -@@ -4220,10 +4221,18 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4236,10 +4237,18 @@ static int parse_argv(int argc, char *argv[]) { { "replace", required_argument, NULL, ARG_REPLACE }, { "dry-run", no_argument, NULL, ARG_DRY_RUN }, { "no-pager", no_argument, NULL, ARG_NO_PAGER }, @@ -40,7 +40,7 @@ index 8cc8c1ccd6..14048545db 100644 assert(argc >= 0); assert(argv); -@@ -4330,6 +4339,10 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4346,6 +4355,10 @@ static int parse_argv(int argc, char *argv[]) { arg_dry_run = true; break; @@ -51,7 +51,7 @@ index 8cc8c1ccd6..14048545db 100644 case ARG_NO_PAGER: arg_pager_flags |= PAGER_DISABLE; break; -@@ -4349,6 +4362,10 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4365,6 +4378,10 @@ static int parse_argv(int argc, char *argv[]) { return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Refusing --purge without specification of a configuration file."); @@ -63,26 +63,27 @@ index 8cc8c1ccd6..14048545db 100644 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Option --replace= is not supported with --cat-config/--tldr."); diff --git a/test/units/TEST-22-TMPFILES.18.sh b/test/units/TEST-22-TMPFILES.18.sh -index 5d24197c81..de23bbb95f 100755 +index c81f6bd0ef..dd536172d4 100755 --- a/test/units/TEST-22-TMPFILES.18.sh +++ b/test/units/TEST-22-TMPFILES.18.sh -@@ -21,7 +21,7 @@ systemd-tmpfiles --purge --dry-run - <<<"$c" - test -f /tmp/somedir/somefile +@@ -24,7 +24,7 @@ test -f /tmp/somedir/somefile grep -q baz /tmp/somedir/somefile + grep -q qux /tmp/someotherfile -systemd-tmpfiles --purge - <<<"$c" +systemd-tmpfiles --purge --destroy-data - <<<"$c" test ! -f /tmp/somedir/somefile test ! -d /tmp/somedir/ - -@@ -29,6 +29,6 @@ systemd-tmpfiles --create --purge --dry-run - <<<"$c" - test ! -f /tmp/somedir/somefile + grep -q qux /tmp/someotherfile +@@ -34,7 +34,7 @@ test ! -f /tmp/somedir/somefile test ! -d /tmp/somedir/ + grep -q qux /tmp/someotherfile -systemd-tmpfiles --create --purge - <<<"$c" +systemd-tmpfiles --create --destroy-data --purge - <<<"$c" test -f /tmp/somedir/somefile grep -q baz /tmp/somedir/somefile + grep -q qux /tmp/someotherfile -- -2.45.2 +2.47.0 diff --git a/33738.patch b/33738.patch deleted file mode 100644 index 58ab604..0000000 --- a/33738.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 69c5d6bea7cc2168a2a483d232aa9a77202173f0 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Tue, 16 Jul 2024 17:46:09 +0200 -Subject: [PATCH] rules: Add uaccess tag to /dev/udmabuf - -In some cases userspace may need to create dmabuffers from userspace -on such example is the software ISP part of libcamera which needs to -allocate dma-buffers for the output of the software ISP. - -At first the plan was to allow console users access to /dev/dma_heap/*, -this was discussed with various kernel folks here: -https://lore.kernel.org/all/bb372250-e8b8-4458-bc99-dd8365b06991@redhat.com/ - -Giving console users access to the dma_heap's was deemed a bad idea -because memory allocated this way is not accounted in cgroup limits. - -Giving access to /dev/udmabuf OTOH was deemed acceptable so that -is what this patch adds. - -Resolves: #32662 ---- - rules.d/70-uaccess.rules.in | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/rules.d/70-uaccess.rules.in b/rules.d/70-uaccess.rules.in -index b82ce04a39d38..e683bb1114461 100644 ---- a/rules.d/70-uaccess.rules.in -+++ b/rules.d/70-uaccess.rules.in -@@ -34,6 +34,8 @@ SUBSYSTEM=="sound", TAG+="uaccess", \ - SUBSYSTEM=="video4linux", TAG+="uaccess" - SUBSYSTEM=="dvb", TAG+="uaccess" - SUBSYSTEM=="media", TAG+="uaccess" -+# libcamera software ISP used with some cams requires udmabuf access -+KERNEL=="udmabuf", TAG+="uaccess" - - # industrial cameras, some webcams, camcorders, set-top boxes, TV sets, audio devices, and more - SUBSYSTEM=="firewire", TEST=="units", ENV{IEEE1394_UNIT_FUNCTION_MIDI}=="1", TAG+="uaccess" diff --git a/34707.patch b/34707.patch deleted file mode 100644 index 5d8e278..0000000 --- a/34707.patch +++ /dev/null @@ -1,233 +0,0 @@ -From da81a108653e2ef19102698dbc0184bd18b084d9 Mon Sep 17 00:00:00 2001 -From: Mike Yuan -Date: Thu, 10 Oct 2024 21:16:05 +0200 -Subject: [PATCH 1/4] core/manager: still send out STATUS=Ready for user - manager - -This effectively reverts 37d15cd132f3a8a0bf42fb252c1604e804171ff2. - -The offending commit wrongly assumed that the second READY=1 -notification is for system scope only, but it also serves the purpose -of flushing out previous STATUS= containing user unit job status. ---- - src/core/manager.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/src/core/manager.c b/src/core/manager.c -index 2789f0e3d0c9c..456ad46135b72 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -3885,7 +3885,7 @@ static void manager_notify_finished(Manager *m) { - log_taint_string(m); - } - --static void manager_send_ready_user_scope(Manager *m) { -+static void manager_send_ready_on_basic_target(Manager *m) { - int r; - - assert(m); -@@ -3904,18 +3904,18 @@ static void manager_send_ready_user_scope(Manager *m) { - m->status_ready = false; - } - --static void manager_send_ready_system_scope(Manager *m) { -+static void manager_send_ready_on_idle(Manager *m) { - int r; - - assert(m); - -- if (!MANAGER_IS_SYSTEM(m)) -- return; -- - /* Skip the notification if nothing changed. */ - if (m->ready_sent && m->status_ready) - return; - -+ /* Note that for user managers, we might have already sent READY=1 in manager_send_ready_user_scope(). -+ * But we still need to flush STATUS=. The second READY=1 will be treated as a noop so it doesn't -+ * hurt to send it twice. */ - r = sd_notify(/* unset_environment= */ false, - "READY=1\n" - "STATUS=Ready."); -@@ -3940,7 +3940,7 @@ static void manager_check_basic_target(Manager *m) { - return; - - /* For user managers, send out READY=1 as soon as we reach basic.target */ -- manager_send_ready_user_scope(m); -+ manager_send_ready_on_basic_target(m); - - /* Log the taint string as soon as we reach basic.target */ - log_taint_string(m); -@@ -3971,7 +3971,7 @@ void manager_check_finished(Manager *m) { - if (hashmap_buckets(m->jobs) > hashmap_size(m->units) / 10) - m->jobs = hashmap_free(m->jobs); - -- manager_send_ready_system_scope(m); -+ manager_send_ready_on_idle(m); - - /* Notify Type=idle units that we are done now */ - manager_close_idle_pipe(m); - -From 155098a702c4f6de6b1dca534661492625773fed Mon Sep 17 00:00:00 2001 -From: Mike Yuan -Date: Thu, 10 Oct 2024 21:06:35 +0200 -Subject: [PATCH 2/4] core/manager-serialize: drop serialization for - Manager.ready_sent - -This field indicates whether READY=1 has been sent to -the service manager/supervisor. Whenever we reload/reexec/soft-reboot, -manager_send_reloading() always resets it to false first, -so that READY=1 is sent after reloading finishes. Hence -we utterly get "false" at all times. Kill it. ---- - src/core/manager-serialize.c | 12 +----------- - 1 file changed, 1 insertion(+), 11 deletions(-) - -diff --git a/src/core/manager-serialize.c b/src/core/manager-serialize.c -index 62dfce93a0a85..3f624619dfd19 100644 ---- a/src/core/manager-serialize.c -+++ b/src/core/manager-serialize.c -@@ -92,7 +92,6 @@ int manager_serialize( - (void) serialize_item_format(f, "current-job-id", "%" PRIu32, m->current_job_id); - (void) serialize_item_format(f, "n-installed-jobs", "%u", m->n_installed_jobs); - (void) serialize_item_format(f, "n-failed-jobs", "%u", m->n_failed_jobs); -- (void) serialize_bool(f, "ready-sent", m->ready_sent); - (void) serialize_bool(f, "taint-logged", m->taint_logged); - (void) serialize_bool(f, "service-watchdogs", m->service_watchdogs); - -@@ -356,15 +355,6 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { - else - m->n_failed_jobs += n; - -- } else if ((val = startswith(l, "ready-sent="))) { -- int b; -- -- b = parse_boolean(val); -- if (b < 0) -- log_notice("Failed to parse ready-sent flag '%s', ignoring.", val); -- else -- m->ready_sent = m->ready_sent || b; -- - } else if ((val = startswith(l, "taint-logged="))) { - int b; - -@@ -558,7 +548,7 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { - - if (q < _MANAGER_TIMESTAMP_MAX) /* found it */ - (void) deserialize_dual_timestamp(val, m->timestamps + q); -- else if (!STARTSWITH_SET(l, "kdbus-fd=", "honor-device-enumeration=")) /* ignore deprecated values */ -+ else if (!STARTSWITH_SET(l, "kdbus-fd=", "honor-device-enumeration=", "ready-sent=")) /* ignore deprecated values */ - log_notice("Unknown serialization item '%s', ignoring.", l); - } - } - -From a375e145190482e8a2f0971bffb332e31211622f Mon Sep 17 00:00:00 2001 -From: Mike Yuan -Date: Thu, 10 Oct 2024 21:32:17 +0200 -Subject: [PATCH 3/4] units/{user,capsule}@.service: issue daemon-reexec when - notify-reloading - -Closes #28367 (but not really in the exact form, see below) - -We have the problem of restarting all user manager instances -after upgrade. Current approaches involve systemctl kill -with SIGRTMIN+25, which is async and feels rather ugly [1][2]; -or systemctl --machine=user@ --user, which requires entering -each user session. Neither is particularly elegant. -Instead, let's just signal daemon-reexec when user@.service -is reloaded from system manager. Our long goal of dropping -daemon-reload in favor of reexec (see TODO) is unlikely to happen -due to user dbus restrictions, but here the synchronization -is done via READY=1. - -[1] https://gitlab.archlinux.org/archlinux/packaging/packages/systemd/-/blob/main/systemd.install?ref_type=heads#L37 -[2] https://salsa.debian.org/systemd-team/systemd/-/blob/debian/master/debian/systemd.postinst#L24 - -#28367 would not really work for us now I come to think about it, -because all processes will be reparented to pid1 as soon as -original user manager process exits. This alternative approach -seems good enough for our use case. ---- - units/capsule@.service.in | 4 ++++ - units/user@.service.in | 4 ++++ - 2 files changed, 8 insertions(+) - -diff --git a/units/capsule@.service.in b/units/capsule@.service.in -index f2bb9e3a45a83..a64298786e490 100644 ---- a/units/capsule@.service.in -+++ b/units/capsule@.service.in -@@ -23,6 +23,10 @@ StateDirectory=capsules/%i - RuntimeDirectory=capsules/%i - LogExtraFields=CAPSULE=%i - Slice=capsule.slice -+# Reexecute the manager on service reload, instead of reloading. -+# This provides a synchronous method for restarting all user manager -+# instances after upgrade. -+ReloadSignal=RTMIN+25 - KillMode=mixed - Delegate=pids memory cpu - DelegateSubgroup=init.scope -diff --git a/units/user@.service.in b/units/user@.service.in -index 5695465747217..381ab2a0db54e 100644 ---- a/units/user@.service.in -+++ b/units/user@.service.in -@@ -20,6 +20,10 @@ PAMName=systemd-user - Type=notify-reload - ExecStart={{LIBEXECDIR}}/systemd --user - Slice=user-%i.slice -+# Reexecute the manager on service reload, instead of reloading. -+# This provides a synchronous method for restarting all user manager -+# instances after upgrade. -+ReloadSignal=RTMIN+25 - KillMode=mixed - Delegate=pids memory cpu - DelegateSubgroup=init.scope - -From 2d0af8bc354f4a1429cebedfb387af72c88720a0 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 10 Oct 2024 22:37:39 +0200 -Subject: [PATCH 4/4] rpm/systemd-update-helper: Use systemctl reload to - reexec/reload user managers - -Let's always use systemctl reload to reexec and reload user managers -now that it always implies a reexec. This moves all the job management -logic to pid 1 instead of bash and reduces the complexity of the logic -as we remove systemd-run, pam and systemd-stdio-bridge from the equation. ---- - src/rpm/systemd-update-helper.in | 20 ++++---------------- - 1 file changed, 4 insertions(+), 16 deletions(-) - -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -index c81e16c3d3ffb..8af914935261a 100755 ---- a/src/rpm/systemd-update-helper.in -+++ b/src/rpm/systemd-update-helper.in -@@ -107,25 +107,13 @@ case "$command" in - - [ -d /run/systemd/system ] || exit 0 - -- users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') -- -- if [[ "$command" =~ reexec ]]; then -- for user in $users; do -- SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ -- systemctl --user -M "$user@" daemon-reexec & -- done -- wait -- fi -- -- if [[ "$command" =~ reload ]]; then -- for user in $users; do -- SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ -- systemctl --user -M "$user@" daemon-reload & -- done -- wait -+ if [[ "$command" =~ reexec|reload ]]; then -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s systemctl reload "user@*.service" - fi - - if [[ "$command" =~ restart ]]; then -+ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') -+ - for user in $users; do - SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ - systemctl --user -M "$user@" reload-or-restart --marked & diff --git a/systemd.spec b/systemd.spec index 6a962cd..6d2f175 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256.7} +Version: %{?version_override}%{!?version_override:257~rc1} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -114,12 +114,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ Patch0010: https://github.com/systemd/systemd/pull/26494.patch %endif -# Requested in https://bugzilla.redhat.com/show_bug.cgi?id=2298422 -Patch0011: https://github.com/systemd/systemd/pull/33738.patch - -# Simplify user manager upgrades -Patch0012: https://github.com/systemd/systemd/pull/34707.patch - # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch From 0c236cedb9e18fbbf8962aa418d3036a94834159 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 7 Nov 2024 17:14:33 +0100 Subject: [PATCH 008/148] Upload sources [skip changelog] --- sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources b/sources index db248bb..9708ba2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256.7.tar.gz) = 2ff3805a7d97780a716b23ddeea3722a85aba6326ecee527e53e9d35510a0ffa5ec0bf0cdbf8f3409bb9c6832406916f63eb7e8305db5f67c284e5590c642422 +SHA512 (systemd-257-rc1.tar.gz) = c0326d27fed08af116a27309872a00aa85bc91445c17c4b15a17c1c27f5b40277074c3424c8654fc555cdfda42872a4720595a46e99ea00b86434a2ad6015c92 From 6162965002f9e6052e0ce8d6810028da4679e55a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 14 Nov 2024 11:21:39 +0100 Subject: [PATCH 009/148] Disable freezing of user sessions ... (rhbz#2321268) --- systemd.spec | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/systemd.spec b/systemd.spec index 6d2f175..3eebc2f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1019,6 +1019,15 @@ mv %{buildroot}/usr/lib/tmpfiles.d/20-systemd-userdb.conf{,.example} install -m 0644 -t %{buildroot}%{_prefix}/lib/pam.d/ %{SOURCE26} +# Disable freezing of user sessions while we're working out the details. +mkdir -p %{buildroot}/usr/lib/systemd/system/service.d/ +cat >>%{buildroot}/usr/lib/systemd/system/service.d/50-keep-warm.conf < Date: Fri, 15 Nov 2024 21:42:10 +0100 Subject: [PATCH 010/148] Version 257~rc2 - Changes in systemd-measure, systemd-networkd, documentation, systemd-sysupdated, systemd-sbsign, systemd-boot, systemd-stub, systemd-nspawn, run0, ukify - Hardware database update --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 9708ba2..c30dd34 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257-rc1.tar.gz) = c0326d27fed08af116a27309872a00aa85bc91445c17c4b15a17c1c27f5b40277074c3424c8654fc555cdfda42872a4720595a46e99ea00b86434a2ad6015c92 +SHA512 (systemd-257-rc2.tar.gz) = 31e4e01a2df738fddbe609ffcff97452ddaa0829521f063b981e628c4616d77ced32bcf29fdfb5cd68562d774627ab25e854156eade249bad31d968be31b2efd diff --git a/systemd.spec b/systemd.spec index 3eebc2f..8f83d67 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:257~rc1} +Version: %{?version_override}%{!?version_override:257~rc2} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From 7bd1d09f7fd16d20a041de0eb9af7cc8dbef6a99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 15 Nov 2024 22:05:21 +0100 Subject: [PATCH 011/148] Change sysusers u! lines to u because we don't have support in rpm --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index 8f83d67..9503f7e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -689,6 +689,10 @@ main systemd package and is meant for use in exitrds. %autosetup -n %{name}-%{version_no_tilde} -p1 %endif +# Disable user lockdown until rpm implements it natively. +# https://github.com/rpm-software-management/rpm/issues/3450 +sed -r -i 's/^u!/u/' sysusers.d/*.conf* + %build %global ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} From 37c10f5b0337af1efeaa33296b31a8c1a6bdc2b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 19 Nov 2024 13:16:16 +0100 Subject: [PATCH 012/148] Pull in qemu from systemd-container Based on https://gitlab.archlinux.org/archlinux/packaging/packages/systemd/-/issues/27. --- systemd.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 9503f7e..0447dd5 100644 --- a/systemd.spec +++ b/systemd.spec @@ -540,7 +540,11 @@ Requires: %{name}%{_isa} = %{version}-%{release} Requires(post): systemd%{_isa} = %{version}-%{release} Requires(preun): systemd%{_isa} = %{version}-%{release} Requires(postun): systemd%{_isa} = %{version}-%{release} -# obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) +# For systemd-vmspawn which uses qemu: +Recommends: qemu-kvm +Recommends: qemu-device-display-virtio-gpu +Recommends: qemu-device-display-virtio-vga +# Obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) Obsoletes: %{name} < 229-5 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) Suggests: libcurl-minimal From 243a05542994b2b39d8d2fd521be748ece734eab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 26 Nov 2024 10:04:35 +0100 Subject: [PATCH 013/148] Make systemd-network-generator co-owned by -udev and -networkd ... (rhbz#2328723) The files systemd-networkd-generator generates are read by udev (.link files) and by networkd (.netdev, .netdev files). We can't move it to systemd-networkd subpackage only, because that would potentially break the corner case of people having systemd-udev installed and using the generator, but not systemd-networkd. And there is no dependency from systemd-networkd to systemd-udev. I think this is correct, because networkd can be used in containers without udev. But the generator is not useful without either of those two daemons, so let's move it to make the core package a bit lighter. --- split-files.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/split-files.py b/split-files.py index 51400fd..b08c2bd 100644 --- a/split-files.py +++ b/split-files.py @@ -154,6 +154,9 @@ for file in files(buildroot): and os.path.exists(f'./{n}.example')): o = outputs['networkd-defaults'] + # Files that are "consumed" by systemd-networkd go into the -networkd + # subpackage. As a special case, network-generator is co-owned also by + # the -udev subpackage because systemd-udevd reads .link files. elif re.search(r'''/usr/lib/systemd/network/.*\.network| networkd| networkctl| @@ -164,6 +167,8 @@ for file in files(buildroot): systemd\.netdev ''', n, re.X): o = outputs['networkd'] + elif 'network-generator' in n: + o = (outputs['networkd'], outputs['udev']) elif '.so.' in n: o = outputs['libs'] @@ -255,7 +260,10 @@ for file in files(buildroot): suffix = '*' if '/man/' in n else '' - print(f'{prefix}{n}{suffix}', file=o) + if not isinstance(o, tuple): + o = (o,) + for file in o: + print(f'{prefix}{n}{suffix}', file=file) if [print(f'ERROR: no file names were written to {o.name}') for name, o in outputs.items() From 04f0a692da310691844c8313b2649b99dfab61e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 28 Nov 2024 00:17:19 +0100 Subject: [PATCH 014/148] Version 257~rc3 - A bunch of small fixes here and there: virtualization detection, udev, systemd-networked, pid1. - Includes a hardware database update. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index c30dd34..a2bd4e2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257-rc2.tar.gz) = 31e4e01a2df738fddbe609ffcff97452ddaa0829521f063b981e628c4616d77ced32bcf29fdfb5cd68562d774627ab25e854156eade249bad31d968be31b2efd +SHA512 (systemd-257-rc3.tar.gz) = 28235d685187a2dc1534d0cea6b4ccba7965316aa8023a656301dd1c555366b65ce227f7a2d05cf8a6c03e3a5ef65280f6b32d99b67eb3111781583b00ba31c8 diff --git a/systemd.spec b/systemd.spec index 0447dd5..891d905 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:257~rc2} +Version: %{?version_override}%{!?version_override:257~rc3} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From 53cfdea02aa6fdf50730ef2cfab215aa4c74db9d Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 30 Nov 2024 00:00:19 +0900 Subject: [PATCH 015/148] Update tmpfiles --destroy-data patch This adds one more --destroy-data switch to make the test pass. --- 0001-tmpfiles-make-purge-hard-to-mis-use.patch | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/0001-tmpfiles-make-purge-hard-to-mis-use.patch b/0001-tmpfiles-make-purge-hard-to-mis-use.patch index 79964e8..e34df8c 100644 --- a/0001-tmpfiles-make-purge-hard-to-mis-use.patch +++ b/0001-tmpfiles-make-purge-hard-to-mis-use.patch @@ -1,4 +1,4 @@ -From 45cfee930ab4067348cea5244c9c2dc31c64d14d Mon Sep 17 00:00:00 2001 +From 248b69d63068cabd7463c325d2ecc3db3239272e Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 23 Jul 2024 13:14:05 +0200 Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use @@ -6,11 +6,11 @@ Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use Follow-up for https://github.com/systemd/systemd/pull/33383. --- src/tmpfiles/tmpfiles.c | 17 +++++++++++++++++ - test/units/TEST-22-TMPFILES.18.sh | 4 ++-- - 2 files changed, 19 insertions(+), 2 deletions(-) + test/units/TEST-22-TMPFILES.18.sh | 6 +++--- + 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c -index 5a4f989668..c5b544f1df 100644 +index 86bf16356d..539c18f5e0 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -4213,6 +4213,7 @@ static int parse_argv(int argc, char *argv[]) { @@ -63,7 +63,7 @@ index 5a4f989668..c5b544f1df 100644 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Option --replace= is not supported with --cat-config/--tldr."); diff --git a/test/units/TEST-22-TMPFILES.18.sh b/test/units/TEST-22-TMPFILES.18.sh -index c81f6bd0ef..dd536172d4 100755 +index c81f6bd0ef..1eb264a279 100755 --- a/test/units/TEST-22-TMPFILES.18.sh +++ b/test/units/TEST-22-TMPFILES.18.sh @@ -24,7 +24,7 @@ test -f /tmp/somedir/somefile @@ -75,7 +75,7 @@ index c81f6bd0ef..dd536172d4 100755 test ! -f /tmp/somedir/somefile test ! -d /tmp/somedir/ grep -q qux /tmp/someotherfile -@@ -34,7 +34,7 @@ test ! -f /tmp/somedir/somefile +@@ -34,12 +34,12 @@ test ! -f /tmp/somedir/somefile test ! -d /tmp/somedir/ grep -q qux /tmp/someotherfile @@ -84,6 +84,12 @@ index c81f6bd0ef..dd536172d4 100755 test -f /tmp/somedir/somefile grep -q baz /tmp/somedir/somefile grep -q qux /tmp/someotherfile + +-systemd-tmpfiles --purge - <<<"$c" ++systemd-tmpfiles --purge --destroy-data - <<<"$c" + test ! -f /tmp/somedir/somefile + test ! -d /tmp/somedir/ + grep -q qux /tmp/someotherfile -- 2.47.0 From 8dc31eaf041f4ec6e0aa75a3c45d993f49f6c9c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 3 Dec 2024 14:11:24 +0100 Subject: [PATCH 016/148] Recommend qemu-kvm-core instead of qemu-kvm ... (rhbz#2329979) --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 891d905..97b40e3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -541,7 +541,7 @@ Requires(post): systemd%{_isa} = %{version}-%{release} Requires(preun): systemd%{_isa} = %{version}-%{release} Requires(postun): systemd%{_isa} = %{version}-%{release} # For systemd-vmspawn which uses qemu: -Recommends: qemu-kvm +Recommends: qemu-kvm-core Recommends: qemu-device-display-virtio-gpu Recommends: qemu-device-display-virtio-vga # Obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) From 433efb38f49a016733c805b2dba914c39ed99ec8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 4 Dec 2024 11:38:32 +0100 Subject: [PATCH 017/148] Only apply the new Recommends in fedora Our mkosi.conf.d/10-centos-fedora/mkosi.prepare script tries to install the soft dependencies too. The build fails in centos 9 and 10: Error: Unable to find a match: qemu-device-display-virtio-gpu qemu-device-display-virtio-vga [skip changelog] --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 97b40e3..716b31a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -542,8 +542,10 @@ Requires(preun): systemd%{_isa} = %{version}-%{release} Requires(postun): systemd%{_isa} = %{version}-%{release} # For systemd-vmspawn which uses qemu: Recommends: qemu-kvm-core +%if 0%{?fedora} Recommends: qemu-device-display-virtio-gpu Recommends: qemu-device-display-virtio-vga +%endif # Obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) Obsoletes: %{name} < 229-5 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) From 31aaef8e173b34a128bac1a44b5119b782435db3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 5 Dec 2024 12:50:39 +0100 Subject: [PATCH 018/148] Enable slow tests during build The build is slow anyway, so the difference shouldn't matter. But more tests is better. The build logs show that slow tests were disabled. Inspired by https://github.com/systemd/systemd/issues/34471. --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index 716b31a..45da1f7 100644 --- a/systemd.spec +++ b/systemd.spec @@ -727,6 +727,7 @@ VMLINUX_H_PATH=$(%python3 -c '%find_vmlinux_h') CONFIGURE_OPTS=( -Dmode=%[%{with upstream}?"developer":"release"] + -Dslow-tests=true -Dsysvinit-path=/etc/rc.d/init.d -Drc-local=/etc/rc.d/rc.local -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' From c2f5f4a68a3fbc54885c22d42287ed588345b4b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 10 Dec 2024 21:23:13 +0100 Subject: [PATCH 019/148] Version 257 - A bunch of small fixes in various components: systemd itself, systemd-cryptenroll, sd-varlink, sd-boot, documentation, tests - Includes an update of the hardware database --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index a2bd4e2..30a8993 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257-rc3.tar.gz) = 28235d685187a2dc1534d0cea6b4ccba7965316aa8023a656301dd1c555366b65ce227f7a2d05cf8a6c03e3a5ef65280f6b32d99b67eb3111781583b00ba31c8 +SHA512 (systemd-257.tar.gz) = 5f95367e004e44c6a7448d2c0a04d0c4ad90f0e5052b84b362a8886e3d761ef1d5bf9db98408598a75303d18d041beaa0a9bc312c7451ab957b8d1ae7b88678c diff --git a/systemd.spec b/systemd.spec index 45da1f7..1b0ef00 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:257~rc3} +Version: %{?version_override}%{!?version_override:257} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From bd8339bf00caf230a0a620369fe844dc83af7a13 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 16 Dec 2024 03:33:22 +0900 Subject: [PATCH 020/148] sysusers: support new ! line flag for creating fully locked accounts For https://github.com/systemd/systemd/pull/34876. Follow-ups for e42eed4afd6267cd954d393d8eec79e0e7573de0. --- sysusers.generate-pre.sh | 2 +- sysusers.prov | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh index 4a87d53..944abff 100755 --- a/sysusers.generate-pre.sh +++ b/sysusers.generate-pre.sh @@ -69,7 +69,7 @@ parse() { [ -z "$line" ] && continue eval "arr=( $line )" case "${arr[0]}" in - ('u') + ('u'|'u!') if [[ "${arr[2]}" == *":"* ]]; then user "${arr[1]}" "${arr[2]%:*}" "${arr[3]}" "${arr[2]#*:}" "${arr[4]}" "${arr[5]}" else diff --git a/sysusers.prov b/sysusers.prov index f12e929..7b3d704 100755 --- a/sysusers.prov +++ b/sysusers.prov @@ -42,7 +42,7 @@ parse() { [ -z "$line" ] && continue set -- $line case "$1" in - ('u') + ('u'|'u!') process_u "$2" "$3" ;; ('g') From 35e6814ef43aa546222e8fbea18f46e27199498c Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 16 Dec 2024 04:16:57 +0900 Subject: [PATCH 021/148] Add patch for test-time-util --- ...e-util-fix-truncation-of-usec-to-sec.patch | 58 +++++++++++++++++++ systemd.spec | 3 + 2 files changed, 61 insertions(+) create mode 100644 0002-test-time-util-fix-truncation-of-usec-to-sec.patch diff --git a/0002-test-time-util-fix-truncation-of-usec-to-sec.patch b/0002-test-time-util-fix-truncation-of-usec-to-sec.patch new file mode 100644 index 0000000..7b91ac5 --- /dev/null +++ b/0002-test-time-util-fix-truncation-of-usec-to-sec.patch @@ -0,0 +1,58 @@ +From 3f1d499964abb6a4c0141d7ea8f852829880adff Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sat, 14 Dec 2024 16:49:54 +0900 +Subject: [PATCH] test-time-util: fix truncation of usec to sec + +Also +- use ASSERT_XYZ() macros, +- log tzname[] on failure. +--- + src/test/test-time-util.c | 18 +++++++++++------- + 1 file changed, 11 insertions(+), 7 deletions(-) + +diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c +index d761261e24..d717ca94d2 100644 +--- a/src/test/test-time-util.c ++++ b/src/test/test-time-util.c +@@ -393,27 +393,31 @@ TEST(format_timestamp) { + static void test_format_timestamp_impl(usec_t x) { + bool success, override; + const char *xx, *yy; +- usec_t y; ++ usec_t y, x_sec, y_sec; + + xx = FORMAT_TIMESTAMP(x); +- assert_se(xx); +- assert_se(parse_timestamp(xx, &y) >= 0); ++ ASSERT_NOT_NULL(xx); ++ ASSERT_OK(parse_timestamp(xx, &y)); + yy = FORMAT_TIMESTAMP(y); +- assert_se(yy); ++ ASSERT_NOT_NULL(yy); + +- success = (x / USEC_PER_SEC == y / USEC_PER_SEC) && streq(xx, yy); ++ x_sec = x / USEC_PER_SEC; ++ y_sec = y / USEC_PER_SEC; ++ success = (x_sec == y_sec) && streq(xx, yy); + /* Workaround for https://github.com/systemd/systemd/issues/28472 + * and https://github.com/systemd/systemd/pull/35471. */ + override = !success && + (STRPTR_IN_SET(tzname[0], "CAT", "EAT", "WET") || + STRPTR_IN_SET(tzname[1], "CAT", "EAT", "WET")) && +- DIV_ROUND_UP(x > y ? x - y : y - x, USEC_PER_SEC) == 3600; /* 1 hour, ignore fractional second */ ++ (x_sec > y_sec ? x_sec - y_sec : y_sec - x_sec) == 3600; /* 1 hour, ignore fractional second */ + log_full(success ? LOG_DEBUG : override ? LOG_WARNING : LOG_ERR, + "@" USEC_FMT " → %s → @" USEC_FMT " → %s%s", + x, xx, y, yy, + override ? ", ignoring." : ""); + if (!override) { +- assert_se(x / USEC_PER_SEC == y / USEC_PER_SEC); ++ if (!success) ++ log_warning("tzname[0]=\"%s\", tzname[1]=\"%s\"", tzname[0], tzname[1]); ++ ASSERT_EQ(x_sec, y_sec); + ASSERT_STREQ(xx, yy); + } + } +-- +2.47.1 + diff --git a/systemd.spec b/systemd.spec index 1b0ef00..1313d23 100644 --- a/systemd.spec +++ b/systemd.spec @@ -121,6 +121,9 @@ Patch0491: https://github.com/systemd/systemd/pull/30846.patch # Soft-disable tmpfiles --purge until a good use case comes up. Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch +# https://github.com/systemd/systemd/pull/35615 +Patch0493: 0002-test-time-util-fix-truncation-of-usec-to-sec.patch + %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 %endif From 62abb21906759fba1b2120456843329fd9c7423e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 20 Dec 2024 09:05:23 +0100 Subject: [PATCH 022/148] Version 257.1 - A bunch of post-release fixes, incl. for systemd-resolved, tpm2 support, systemd-networkd, systemd-logind, journalct. - Should fix rhbz#2325780. --- ...e-util-fix-truncation-of-usec-to-sec.patch | 58 ------------------- sources | 2 +- systemd.spec | 5 +- 3 files changed, 2 insertions(+), 63 deletions(-) delete mode 100644 0002-test-time-util-fix-truncation-of-usec-to-sec.patch diff --git a/0002-test-time-util-fix-truncation-of-usec-to-sec.patch b/0002-test-time-util-fix-truncation-of-usec-to-sec.patch deleted file mode 100644 index 7b91ac5..0000000 --- a/0002-test-time-util-fix-truncation-of-usec-to-sec.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 3f1d499964abb6a4c0141d7ea8f852829880adff Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 14 Dec 2024 16:49:54 +0900 -Subject: [PATCH] test-time-util: fix truncation of usec to sec - -Also -- use ASSERT_XYZ() macros, -- log tzname[] on failure. ---- - src/test/test-time-util.c | 18 +++++++++++------- - 1 file changed, 11 insertions(+), 7 deletions(-) - -diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c -index d761261e24..d717ca94d2 100644 ---- a/src/test/test-time-util.c -+++ b/src/test/test-time-util.c -@@ -393,27 +393,31 @@ TEST(format_timestamp) { - static void test_format_timestamp_impl(usec_t x) { - bool success, override; - const char *xx, *yy; -- usec_t y; -+ usec_t y, x_sec, y_sec; - - xx = FORMAT_TIMESTAMP(x); -- assert_se(xx); -- assert_se(parse_timestamp(xx, &y) >= 0); -+ ASSERT_NOT_NULL(xx); -+ ASSERT_OK(parse_timestamp(xx, &y)); - yy = FORMAT_TIMESTAMP(y); -- assert_se(yy); -+ ASSERT_NOT_NULL(yy); - -- success = (x / USEC_PER_SEC == y / USEC_PER_SEC) && streq(xx, yy); -+ x_sec = x / USEC_PER_SEC; -+ y_sec = y / USEC_PER_SEC; -+ success = (x_sec == y_sec) && streq(xx, yy); - /* Workaround for https://github.com/systemd/systemd/issues/28472 - * and https://github.com/systemd/systemd/pull/35471. */ - override = !success && - (STRPTR_IN_SET(tzname[0], "CAT", "EAT", "WET") || - STRPTR_IN_SET(tzname[1], "CAT", "EAT", "WET")) && -- DIV_ROUND_UP(x > y ? x - y : y - x, USEC_PER_SEC) == 3600; /* 1 hour, ignore fractional second */ -+ (x_sec > y_sec ? x_sec - y_sec : y_sec - x_sec) == 3600; /* 1 hour, ignore fractional second */ - log_full(success ? LOG_DEBUG : override ? LOG_WARNING : LOG_ERR, - "@" USEC_FMT " → %s → @" USEC_FMT " → %s%s", - x, xx, y, yy, - override ? ", ignoring." : ""); - if (!override) { -- assert_se(x / USEC_PER_SEC == y / USEC_PER_SEC); -+ if (!success) -+ log_warning("tzname[0]=\"%s\", tzname[1]=\"%s\"", tzname[0], tzname[1]); -+ ASSERT_EQ(x_sec, y_sec); - ASSERT_STREQ(xx, yy); - } - } --- -2.47.1 - diff --git a/sources b/sources index 30a8993..165fa9d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.tar.gz) = 5f95367e004e44c6a7448d2c0a04d0c4ad90f0e5052b84b362a8886e3d761ef1d5bf9db98408598a75303d18d041beaa0a9bc312c7451ab957b8d1ae7b88678c +SHA512 (systemd-257.1.tar.gz) = dded7555077f85d0f8106b72cc46604fbe4249452be6b2d55800770b6deb2a3a122697c5a5f23b22dab416e8c050e53fc30d59dfd3bfd7c9fbbdab3162e8ebe5 diff --git a/systemd.spec b/systemd.spec index 1313d23..b9563f2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:257} +Version: %{?version_override}%{!?version_override:257.1} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -121,9 +121,6 @@ Patch0491: https://github.com/systemd/systemd/pull/30846.patch # Soft-disable tmpfiles --purge until a good use case comes up. Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch -# https://github.com/systemd/systemd/pull/35615 -Patch0493: 0002-test-time-util-fix-truncation-of-usec-to-sec.patch - %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 %endif From fc47a92e4a3828d6b3fc7901b481135a87132cd7 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 13 Dec 2024 16:04:18 +0100 Subject: [PATCH 023/148] Re-enable upstream behaviour of systemd-tmpfiles --purge From the 257 release notes: * The --purge switch of systemd-tmpfiles (which was added in v256) has been reworked: it will now only apply to tmpfiles.d/ lines marked with the new "$" flag. This is an incompatible change, and means any tmpfiles.d/ files which shall be used together with --purge need to be updated accordingly. This change has been made to make it harder to accidentally delete too many files when using --purge incorrectly. The feature is now sufficiently hard to misuse that we can drop the patch. --- ...-tmpfiles-make-purge-hard-to-mis-use.patch | 95 ------------------- systemd.spec | 3 - 2 files changed, 98 deletions(-) delete mode 100644 0001-tmpfiles-make-purge-hard-to-mis-use.patch diff --git a/0001-tmpfiles-make-purge-hard-to-mis-use.patch b/0001-tmpfiles-make-purge-hard-to-mis-use.patch deleted file mode 100644 index e34df8c..0000000 --- a/0001-tmpfiles-make-purge-hard-to-mis-use.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 248b69d63068cabd7463c325d2ecc3db3239272e Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Tue, 23 Jul 2024 13:14:05 +0200 -Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use - -Follow-up for https://github.com/systemd/systemd/pull/33383. ---- - src/tmpfiles/tmpfiles.c | 17 +++++++++++++++++ - test/units/TEST-22-TMPFILES.18.sh | 6 +++--- - 2 files changed, 20 insertions(+), 3 deletions(-) - -diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c -index 86bf16356d..539c18f5e0 100644 ---- a/src/tmpfiles/tmpfiles.c -+++ b/src/tmpfiles/tmpfiles.c -@@ -4213,6 +4213,7 @@ static int parse_argv(int argc, char *argv[]) { - ARG_IMAGE_POLICY, - ARG_REPLACE, - ARG_DRY_RUN, -+ ARG_DESTROY_DATA, - ARG_NO_PAGER, - }; - -@@ -4236,10 +4237,18 @@ static int parse_argv(int argc, char *argv[]) { - { "replace", required_argument, NULL, ARG_REPLACE }, - { "dry-run", no_argument, NULL, ARG_DRY_RUN }, - { "no-pager", no_argument, NULL, ARG_NO_PAGER }, -+ -+ /* This is not documented on purpose. -+ * If you think --purge should be allowed without jumping through hoops, -+ * consider opening a bug report with the description of the use case. -+ */ -+ { "destroy-data", no_argument, NULL, ARG_DESTROY_DATA }, -+ - {} - }; - - int c, r; -+ bool destroy_data = false; - - assert(argc >= 0); - assert(argv); -@@ -4346,6 +4355,10 @@ static int parse_argv(int argc, char *argv[]) { - arg_dry_run = true; - break; - -+ case ARG_DESTROY_DATA: -+ destroy_data = true; -+ break; -+ - case ARG_NO_PAGER: - arg_pager_flags |= PAGER_DISABLE; - break; -@@ -4365,6 +4378,10 @@ static int parse_argv(int argc, char *argv[]) { - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Refusing --purge without specification of a configuration file."); - -+ if (FLAGS_SET(arg_operation, OPERATION_PURGE) && !arg_dry_run && !destroy_data) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), -+ "Refusing --purge without --destroy-data."); -+ - if (arg_replace && arg_cat_flags != CAT_CONFIG_OFF) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Option --replace= is not supported with --cat-config/--tldr."); -diff --git a/test/units/TEST-22-TMPFILES.18.sh b/test/units/TEST-22-TMPFILES.18.sh -index c81f6bd0ef..1eb264a279 100755 ---- a/test/units/TEST-22-TMPFILES.18.sh -+++ b/test/units/TEST-22-TMPFILES.18.sh -@@ -24,7 +24,7 @@ test -f /tmp/somedir/somefile - grep -q baz /tmp/somedir/somefile - grep -q qux /tmp/someotherfile - --systemd-tmpfiles --purge - <<<"$c" -+systemd-tmpfiles --purge --destroy-data - <<<"$c" - test ! -f /tmp/somedir/somefile - test ! -d /tmp/somedir/ - grep -q qux /tmp/someotherfile -@@ -34,12 +34,12 @@ test ! -f /tmp/somedir/somefile - test ! -d /tmp/somedir/ - grep -q qux /tmp/someotherfile - --systemd-tmpfiles --create --purge - <<<"$c" -+systemd-tmpfiles --create --destroy-data --purge - <<<"$c" - test -f /tmp/somedir/somefile - grep -q baz /tmp/somedir/somefile - grep -q qux /tmp/someotherfile - --systemd-tmpfiles --purge - <<<"$c" -+systemd-tmpfiles --purge --destroy-data - <<<"$c" - test ! -f /tmp/somedir/somefile - test ! -d /tmp/somedir/ - grep -q qux /tmp/someotherfile --- -2.47.0 - diff --git a/systemd.spec b/systemd.spec index b9563f2..b5ba89e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -118,9 +118,6 @@ Patch0010: https://github.com/systemd/systemd/pull/26494.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch -# Soft-disable tmpfiles --purge until a good use case comes up. -Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch - %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 %endif From e157552c6c76837026108842300c6e95963d453d Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 6 Jan 2025 14:35:05 +0100 Subject: [PATCH 024/148] Always build in release mode Building with %upstream doesn't necessarily imply we want a developer build, so let's always build in release mode. If needed %meson_extra_configure_options can be used to override this and build in developer mode after all. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index b5ba89e..ff1d95a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -723,7 +723,7 @@ VMLINUX_H_PATH=$(%python3 -c '%find_vmlinux_h') %endif CONFIGURE_OPTS=( - -Dmode=%[%{with upstream}?"developer":"release"] + -Dmode=release -Dslow-tests=true -Dsysvinit-path=/etc/rc.d/init.d -Drc-local=/etc/rc.d/rc.local From 133ae30e33b0eb25da572a93e19f19726210d3bb Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 6 Jan 2025 14:37:23 +0100 Subject: [PATCH 025/148] Drop patches based on %upstream macro instead of patch number Let's use the %upstream macro to gate patches which are backports of upstream instead of relying on patch numbers. We'll build with %upstream defined in packit so that patches which should not be applied on upstream builds are skipped. --- systemd.spec | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/systemd.spec b/systemd.spec index ff1d95a..3faeeb1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -101,12 +101,6 @@ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done| GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py >hwdb.patch %endif -# Backports of patches from upstream (0000–0499) -# -# Any patches which are "in preparation" upstream should be listed here, rather -# than in the next section. Packit CI will drop any patches in this range before -# applying upstream pull requests. - %if 0%{?fedora} < 40 && 0%{?rhel} < 10 # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 @@ -114,9 +108,13 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ Patch0010: https://github.com/systemd/systemd/pull/26494.patch %endif +%if %{without upstream} + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 -Patch0491: https://github.com/systemd/systemd/pull/30846.patch +Patch0011: https://github.com/systemd/systemd/pull/30846.patch + +%endif %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 From fd860fd12d2662797540fd428f1d601a108e1cdc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Thu, 2 Jan 2025 13:55:00 +0100 Subject: [PATCH 026/148] Drop a build dependency on a linter package: pytest-flakes See https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#_linters Also, the package is orphaned. --- systemd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 3faeeb1..456ebb0 100644 --- a/systemd.spec +++ b/systemd.spec @@ -197,7 +197,6 @@ BuildRequires: python3dist(lxml) BuildRequires: python3dist(pefile) %if 0%{?fedora} BuildRequires: python3dist(pillow) -BuildRequires: python3dist(pytest-flakes) %endif BuildRequires: python3dist(pytest) %if 0%{?want_bootloader} From 3386f5d70426c129dd01b39f7b95fc2dc4e150d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 7 Jan 2025 18:03:50 +0100 Subject: [PATCH 027/148] Rename source .abignore file OBS does not support files with names starting with a dot. https://fedoraproject.org/wiki/How_to_filter_libabigail_reports does not make it really clear if the file can renamed. (The first part of the paragraph implies a positive answer, the second is unclear.) Let's see how this goes. --- .abignore => libabigail.abignore | 0 systemd.spec | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) rename .abignore => libabigail.abignore (100%) diff --git a/.abignore b/libabigail.abignore similarity index 100% rename from .abignore rename to libabigail.abignore diff --git a/systemd.spec b/systemd.spec index 456ebb0..60c3242 100644 --- a/systemd.spec +++ b/systemd.spec @@ -78,7 +78,7 @@ Source9: systemd-journal-gatewayd.xml Source10: 20-yama-ptrace.conf Source11: systemd-udev-trigger-no-reload.conf # https://fedoraproject.org/wiki/How_to_filter_libabigail_reports -Source13: .abignore +Source13: libabigail.abignore Source14: 10-oomd-defaults.conf Source15: 10-oomd-per-slice-defaults.conf @@ -963,7 +963,7 @@ install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE10} # https://bugzilla.redhat.com/show_bug.cgi?id=1378974 install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE11} -install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/ %{SOURCE13} +install -Dm0644 %{SOURCE13} %{buildroot}%{_prefix}/lib/systemd/.abignore # systemd-oomd default configuration install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14} From c7379c94601ff1eae2ef471ec0f72dc7b039a02f Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 8 Jan 2025 04:29:25 +0900 Subject: [PATCH 028/148] Replace 'udevadm hwdb' with systemd-hwdb systemd-hwdb was added in v219 (released in 2015) and 'udevadm hwdb' was deprecated in v253. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 60c3242..f214d21 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1126,7 +1126,7 @@ if [ -f %{_localstatedir}/lib/systemd/clock ]; then mv %{_localstatedir}/lib/systemd/clock %{_localstatedir}/lib/systemd/timesync/. fi -udevadm hwdb --update &>/dev/null +systemd-hwdb update &>/dev/null %systemd_post %udev_services From e570cd53dfd776c33de51538cd8783e42f752369 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 7 Jan 2025 19:51:44 +0000 Subject: [PATCH 029/148] spec: drop trailing whitespace [skip changelog] --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index f214d21..b526871 100644 --- a/systemd.spec +++ b/systemd.spec @@ -45,7 +45,7 @@ Name: systemd Url: https://systemd.io -# Allow users to specify the version and release when building the rpm by +# Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. Version: %{?version_override}%{!?version_override:257.1} Release: %autorelease From 4df2711a9f69c979dd8731d8bcd05872afae4a20 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 7 Jan 2025 19:50:18 +0000 Subject: [PATCH 030/148] Add bcond for OBS-specific quirks The version substitution system is not able to fully subst the current Version field due to the inline use of macros, so you end up with like: 257-123-gabcd257.1 instead of: 257-123-gabcd I.e., the hard-coded 257.1 gets appended to the OBS-specified version. If it was simply hardcoded as 257.1 it would work, but the inline macros throw it off. [skip changelog] --- systemd.spec | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/systemd.spec b/systemd.spec index b526871..0b19b99 100644 --- a/systemd.spec +++ b/systemd.spec @@ -32,6 +32,9 @@ # Build from git main %bcond upstream 0 +# Build with OBS-specific quirks +%bcond obs 0 + # When bootstrap, libcryptsetup is disabled # but auto-features causes many options to be turned on # that depend on libcryptsetup (e.g. libcryptsetup-plugins, homed) @@ -47,7 +50,13 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. +# But don't do that on OBS, otherwise the version subst fails, and will be +# like 257-123-gabcd257.1 instead of 257-123-gabcd +%if %{without obs} Version: %{?version_override}%{!?version_override:257.1} +%else +Version: %{?version_override}%{!?version_override:%(cat meson.version)} +%endif Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From 3a9c32b8a982bb6a767e39041fc93960f64c5ffc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 8 Jan 2025 12:43:11 +0100 Subject: [PATCH 031/148] Version 257.2 - Fixes for assertion crashes and memory access issues in pid1 and systemd-machined, and other fixes for systemd-repart, systemd-resolved, systemd-stdio-bridge, systemctl, journalctl, sd-device, hibernation, and the hardware database. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 165fa9d..b8843e6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.1.tar.gz) = dded7555077f85d0f8106b72cc46604fbe4249452be6b2d55800770b6deb2a3a122697c5a5f23b22dab416e8c050e53fc30d59dfd3bfd7c9fbbdab3162e8ebe5 +SHA512 (systemd-257.2.tar.gz) = 4f47fcd9a4148101ee7b85cf5908a04ec9e025dc7a5a2e8e61c05439cfd427851b6d356bb96a0dfae55566bbf6d3c93a13251d220840c09296e94f80bd4a5945 diff --git a/systemd.spec b/systemd.spec index 0b19b99..e13a5b3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -53,7 +53,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:257.1} +Version: %{?version_override}%{!?version_override:257.2} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From 1814bfe7949a56db5918c6785d2c46a8eda1e026 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 8 Jan 2025 15:50:45 +0100 Subject: [PATCH 032/148] remove STI test The test fails because of the same reason as the installability test, it tries to install every subpackage which fails because the standalone subpackages conflict with all the other packages. Given there's no owner for the test, nobody looks at or seems interested in the results, STI itself will likely be deprecated soon (https://fedoraproject.org/wiki/Changes/DeprecateSTI) and systemd's upstream integration tests will soon support checking for AVC denials (https://github.com/systemd/systemd/pull/35921), let's remove the STI test. --- tests/tests-reboot.yml | 50 ------------------------------------------ 1 file changed, 50 deletions(-) delete mode 100644 tests/tests-reboot.yml diff --git a/tests/tests-reboot.yml b/tests/tests-reboot.yml deleted file mode 100644 index 94ea8a5..0000000 --- a/tests/tests-reboot.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -- hosts: localhost - vars: - - artifacts: "{{ lookup('env', 'TEST_ARTIFACTS')|default('./artifacts', true) }}" - tags: - - classic - tasks: - # switch SELinux to permissive mode - - name: Get default kernel - command: "grubby --default-kernel" - register: default_kernel - - debug: msg="{{ default_kernel.stdout }}" - - name: Set permissive mode - command: "grubby --args=enforcing=0 --update-kernel {{ default_kernel.stdout }}" - - - name: reboot - block: - - name: restart host - shell: sleep 2 && shutdown -r now "Ansible updates triggered" - async: 1 - poll: 0 - ignore_errors: true - - - name: wait for host to come back - wait_for_connection: - delay: 10 - timeout: 300 - - - name: Re-create /tmp/artifacts - command: mkdir /tmp/artifacts - - - name: Gather SELinux denials since boot - shell: | - result=pass - dmesg | grep -i -e type=1300 -e type=1400 > /tmp/avc.log && result=fail - ausearch -m avc -m selinux_err -m user_avc -ts boot &>> /tmp/avc.log - grep -q '' /tmp/avc.log || result=fail - echo -e "\nresults:\n- test: reboot and collect AVC\n result: $result\n logs:\n - avc.log\n\n" > /tmp/results.yml - ( [ $result = "pass" ] && echo PASS test-reboot || echo FAIL test-reboot ) > /tmp/test.log - - always: - - name: Pull out the artifacts - fetch: - dest: "{{ artifacts }}/" - src: "{{ item }}" - flat: yes - with_items: - - /tmp/test.log - - /tmp/avc.log - - /tmp/results.yml From 30f50b18709d84b6f7830febf2c13b1465a75340 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 10 Jan 2025 17:02:55 +0100 Subject: [PATCH 033/148] Drop patch numbers In the past, we used patch numbers to skip some patches in upstream CI builds. The upstream bcond is now used for this instead, so we can drop the numbering to make it easier to add an remove patches. [skip changelog] --- systemd.spec | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/systemd.spec b/systemd.spec index e13a5b3..eeb632c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -104,25 +104,17 @@ Source25: 98-default-mac-none.link Source26: systemd-user -%if 0 -GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable -i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip -GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py >hwdb.patch -%endif - %if 0%{?fedora} < 40 && 0%{?rhel} < 10 # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 # Drop when dracut-060 is available. -Patch0010: https://github.com/systemd/systemd/pull/26494.patch +Patch: https://github.com/systemd/systemd/pull/26494.patch %endif %if %{without upstream} - # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 -Patch0011: https://github.com/systemd/systemd/pull/30846.patch - +Patch: https://github.com/systemd/systemd/pull/30846.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From b1bd57ecce6d56e22e74eded8377faa5326ddccb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 10 Jan 2025 17:05:52 +0100 Subject: [PATCH 034/148] Revert use of PrivateTmp=disconnected ... (rhbz#2334015, https://github.com/coreos/fedora-coreos-tracker/issues/1857) --- ...-PrivateTmp-disconnected-instead-of-.patch | 69 +++++++++++++++++++ systemd.spec | 6 ++ 2 files changed, 75 insertions(+) create mode 100644 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch diff --git a/0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch b/0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch new file mode 100644 index 0000000..eca67f0 --- /dev/null +++ b/0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch @@ -0,0 +1,69 @@ +From 0792bb7a9d25a1ab8a5f208f2f5cea8a362dc1c6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 10 Jan 2025 17:00:08 +0100 +Subject: [PATCH] Revert "units: use PrivateTmp=disconnected instead of 'yes' + if DefaultDependencies=no" + +This reverts commit 1f6e1928488d461d19fd1e4b4d645b0ea5ea8bf5. +--- + units/systemd-coredump@.service.in | 2 +- + units/systemd-oomd.service.in | 2 +- + units/systemd-resolved.service.in | 2 +- + units/systemd-timesyncd.service.in | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in +index c74dc7a5a1..fa3206d07b 100644 +--- a/units/systemd-coredump@.service.in ++++ b/units/systemd-coredump@.service.in +@@ -26,7 +26,7 @@ NoNewPrivileges=yes + OOMScoreAdjust=500 + PrivateDevices=yes + PrivateNetwork=yes +-PrivateTmp=disconnected ++PrivateTmp=yes + ProtectControlGroups=yes + ProtectHome=read-only + ProtectHostname=yes +diff --git a/units/systemd-oomd.service.in b/units/systemd-oomd.service.in +index 670d5e6140..82bd6245f8 100644 +--- a/units/systemd-oomd.service.in ++++ b/units/systemd-oomd.service.in +@@ -37,7 +37,7 @@ MemoryLow=64M + NoNewPrivileges=yes + OOMScoreAdjust=-900 + PrivateDevices=yes +-PrivateTmp=disconnected ++PrivateTmp=yes + ProtectClock=yes + ProtectHome=yes + ProtectHostname=yes +diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in +index e181b2528a..4aa0788ac4 100644 +--- a/units/systemd-resolved.service.in ++++ b/units/systemd-resolved.service.in +@@ -29,7 +29,7 @@ LockPersonality=yes + MemoryDenyWriteExecute=yes + NoNewPrivileges=yes + PrivateDevices=yes +-PrivateTmp=disconnected ++PrivateTmp=yes + ProtectClock=yes + ProtectControlGroups=yes + ProtectHome=yes +diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in +index 835d6327e7..cf233fbffd 100644 +--- a/units/systemd-timesyncd.service.in ++++ b/units/systemd-timesyncd.service.in +@@ -31,7 +31,7 @@ LockPersonality=yes + MemoryDenyWriteExecute=yes + NoNewPrivileges=yes + PrivateDevices=yes +-PrivateTmp=disconnected ++PrivateTmp=yes + ProtectProc=invisible + ProtectControlGroups=yes + ProtectHome=yes +-- +2.47.1 + diff --git a/systemd.spec b/systemd.spec index eeb632c..1910a32 100644 --- a/systemd.spec +++ b/systemd.spec @@ -112,6 +112,12 @@ Patch: https://github.com/systemd/systemd/pull/26494.patch %endif %if %{without upstream} +# Temporarily drop use of PrivateTmp=disconnected. This is causing failures +# in various places: +# https://bugzilla.redhat.com/show_bug.cgi?id=2334015 +# https://github.com/coreos/fedora-coreos-tracker/issues/1857 +Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch From 20cc578e59c292a3c5ceaf43cac2c248aa26b9b7 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 8 Jan 2025 00:46:28 +0000 Subject: [PATCH 035/148] Enable signing systemd-boot on OBS builds On OBS the https://github.com/openSUSE/pesign-obs-integration package is the way to get binaries signed. Build depend on it, and call its hook. Also rename and change the description and provides of the package, given it is signed. [skip changelog] --- systemd.spec | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/systemd.spec b/systemd.spec index 1910a32..2fba134 100644 --- a/systemd.spec +++ b/systemd.spec @@ -237,6 +237,10 @@ BuildRequires: xen-devel %endif %endif +%if %{with obs} +BuildRequires: pesign-obs-integration +%endif + Requires(post): coreutils Requires(post): grep # systemd-machine-id-setup requires libssl @@ -512,6 +516,7 @@ with a command line, and possibly PCR measurements and other metadata, into a Unified Kernel Image (UKI). %if 0%{?want_bootloader} +%if %{without obs} %package boot-unsigned Summary: UEFI boot manager (unsigned version) @@ -532,6 +537,27 @@ line. systemd-boot supports systems with UEFI firmware only. This package contains the unsigned version. Install systemd-boot instead to get the version that works with Secure Boot. +%else +%package boot +Summary: UEFI boot manager (signed version) + +Provides: systemd-boot-signed-%{efi_arch} = %version-%release +Provides: systemd-boot = %version-%release +Provides: systemd-boot%{_isa} = %version-%release +# A provides with just the version, no release or dist, used to build systemd-boot +Provides: version(systemd-boot-signed) = %version +Provides: version(systemd-boot-signed)%{_isa} = %version + +# self-obsoletes to install both packages after split of systemd-boot +Obsoletes: systemd-udev < 252.2^ + +%description boot +systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a +graphical menu to select the entry to boot and an editor for the kernel command +line. systemd-boot supports systems with UEFI firmware only. + +This package contains the signed version. +%endif %endif %package container @@ -1045,6 +1071,11 @@ EOF # Split files in build root into rpms python3 %{SOURCE2} %buildroot %{!?want_bootloader:--no-bootloader} +# Stage sd-boot binaries for signing +%if %{with obs} && 0%{?want_bootloader} +BRP_PESIGN_FILES=/usr/lib/systemd/boot/efi/systemd-boot%{efi_arch}.efi BRP_PESIGN_PACKAGES=systemd-boot /usr/lib/rpm/brp-suse.d/brp-99-pesign +%endif + %check %if %{with tests} meson test -C %{_vpath_builddir} -t 6 --print-errorlogs @@ -1299,7 +1330,11 @@ fi %files ukify -f .file-list-ukify %if 0%{?want_bootloader} +%if %{without obs} %files boot-unsigned -f .file-list-boot +%else +%files boot -f .file-list-boot +%endif %endif %files container -f .file-list-container From cddeca136f617641ce81c448ae7a66c4682f719f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 12 Jan 2025 16:24:13 +0100 Subject: [PATCH 036/148] Rebuilt for the bin-sbin merge (2nd attempt) https://fedoraproject.org/wiki/Changes/Unify_bin_and_sbin From fd36e4c562f9a0bda309405fd199e91e1f51f2eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 12 Jan 2025 18:23:30 +0100 Subject: [PATCH 037/148] Rebuilt for the bin-sbin merge (2nd attempt) This time in the side tag. [skip changelog] From a7eec4d33deb2605ebc5d2c0cc433ce035bbd2f1 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 8 Jan 2025 14:15:18 +0100 Subject: [PATCH 038/148] Run upstream integration test suite with Fedora CI Let's add a tmt plan to read the upstream fmf metadata which contains a single test to run the upstream integration tests. To make this work, we also add a downstream patch with some fmf test script fixes that landed after 257.2 was released. We request virtualization support so we can run qemu based integration tests in qemu with KVM. --- .fmf/version | 1 + 35938.patch | 879 +++++++++++++++++++++++++++++++++++++++++++++ plans/upstream.fmf | 16 + systemd.spec | 3 + 4 files changed, 899 insertions(+) create mode 100644 .fmf/version create mode 100644 35938.patch create mode 100644 plans/upstream.fmf diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/35938.patch b/35938.patch new file mode 100644 index 0000000..7f9f9be --- /dev/null +++ b/35938.patch @@ -0,0 +1,879 @@ +From 1f21bbecade2c74a02ec8e2d5ebc8757752ea7b2 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 8 Jan 2025 10:25:05 +0100 +Subject: [PATCH 01/22] fmf: Don't fail if we can't put selinux in permissive + mode + +The tests might be running unprivileged or in an environment without +selinux so let's not fail if we can't put it in permissive mode. + +(cherry picked from commit 0250db0139b159cb9e6c1a87ad91ffdd03e80236) +--- + test/fmf/integration-tests/test.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 4984fb119b571..fe139567bdf06 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -4,8 +4,8 @@ + set -eux + set -o pipefail + +-# Switch SELinux to permissive, since the tests don't set proper contexts +-setenforce 0 ++# Switch SELinux to permissive if possible, since the tests don't set proper contexts ++setenforce 0 || true + + # Allow running the integration tests downstream in dist-git with something like + # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: + +From 006ff34ef7d27aa10fd7343dacd1663f25561799 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 8 Jan 2025 10:25:50 +0100 +Subject: [PATCH 02/22] fmf: Fix dist-git example + +All that's needed is dist-git-source: true so remove the other settings +that aren't required. + +(cherry picked from commit 0a85b3757968a2750286119760244e017c990263) +--- + test/fmf/integration-tests/test.sh | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index fe139567bdf06..73771d4237207 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -13,9 +13,6 @@ setenforce 0 || true + # summary: systemd Fedora test suite + # discover: + # how: fmf +-# url: https://github.com/systemd/systemd +-# ref: main +-# path: test/fmf + # dist-git-source: true + # dist-git-install-builddeps: false + # prepare: + +From fc5028ef24af77c9bf0965bb9e3518cdc1041797 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 8 Jan 2025 10:38:21 +0100 +Subject: [PATCH 03/22] fmf: Fix glob + +Globs inside quotes aren't expanded and we need the glob to be more +specific to avoid matching multiple entries inside the tmt source +directory. + +(cherry picked from commit fc1b08dee2ccf706580fa448e66831d1e853d054) +--- + test/fmf/integration-tests/test.sh | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 73771d4237207..0a1595fa97268 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -23,8 +23,11 @@ setenforce 0 || true + # execute: + # how: tmt + ++shopt -s extglob ++ + if [[ -n "${TMT_SOURCE_DIR:-}" ]]; then +- pushd "$TMT_SOURCE_DIR/*/" ++ # Match either directories ending with branch names (e.g. systemd-fmf) or releases (e.g systemd-257.1). ++ pushd "$TMT_SOURCE_DIR"/systemd-+([0-9a-z.~])/ + elif [[ -n "${PACKIT_TARGET_URL:-}" ]]; then + # Prepare systemd source tree + git clone "$PACKIT_TARGET_URL" systemd --branch "$PACKIT_TARGET_BRANCH" + +From bff09b9634e0160bd33302eec1c25438cdba2af5 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 8 Jan 2025 12:12:15 +0100 +Subject: [PATCH 04/22] fmf: Only mess with /etc/yum.repos.d when running + within testing farm + +If running tmt locally to debug the test script, make sure we don't +mess with /etc/yum.repos.d. + +(cherry picked from commit 8e3347f3bd3d9a01b8f39b0858eab74084ecf20a) +--- + test/fmf/integration-tests/test.sh | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 0a1595fa97268..347cd219a458a 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -63,6 +63,11 @@ Release=${VERSION_ID:-rawhide} + [Build] + ToolsTreeDistribution=$ID + ToolsTreeRelease=${VERSION_ID:-rawhide} ++EOF ++ ++if [[ -n "${TESTING_FARM_REQUEST_ID:-}" ]]; then ++ tee --append mkosi.local.conf <> /etc/yum.repos.d/copr_build* ++ # Ensure packages built for this test have highest priority ++ echo -e "\npriority=1" >> /etc/yum.repos.d/copr_build* + +-# Disable mkosi's own repository logic +-touch /etc/yum.repos.d/mkosi.repo ++ # Disable mkosi's own repository logic ++ touch /etc/yum.repos.d/mkosi.repo ++fi + + # TODO: drop once BTRFS regression is fixed in kernel 6.13 + sed -i "s/Format=btrfs/Format=ext4/" mkosi.repart/10-root.conf + +From d0b9af0f2bb5f8891eb4def4ec201bf527fe2096 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 8 Jan 2025 16:41:46 +0100 +Subject: [PATCH 05/22] fmf: Dump CPU and memory information + +(cherry picked from commit 44368f84d7ddbec7a50648a65c27cb6a31090a29) +--- + test/fmf/integration-tests/test.sh | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 347cd219a458a..4545090c3c1ab 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -7,6 +7,10 @@ set -o pipefail + # Switch SELinux to permissive if possible, since the tests don't set proper contexts + setenforce 0 || true + ++echo "CPU and Memory information:" ++lscpu ++lsmem ++ + # Allow running the integration tests downstream in dist-git with something like + # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: + # + +From c8cd705e5ed0a1f1fe642772a7605b36f30215a1 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 8 Jan 2025 13:31:11 +0100 +Subject: [PATCH 06/22] TEST-06-SELINUX: Add knob to allow checking for AVCs + +When running the integration tests downstream, it's useful to be +able to test that a new systemd version doesn't introduce any AVC +denials, so let's add a knob to make that possible. + +(cherry picked from commit de19520ec979902fd457515d1a795210fdaedf93) +--- + test/README.testsuite | 10 ++++++++++ + test/fmf/integration-tests/test.sh | 7 +++++++ + test/units/TEST-06-SELINUX.sh | 4 ++++ + 3 files changed, 21 insertions(+) + +diff --git a/test/README.testsuite b/test/README.testsuite +index da2d17a6dba7c..6b367aa6738fa 100644 +--- a/test/README.testsuite ++++ b/test/README.testsuite +@@ -151,6 +151,16 @@ that make use of `run_testcases`. + + `TEST_SKIP_TESTCASE=testcase`: takes a space separated list of testcases to skip. + ++### SELinux AVCs ++ ++To have `TEST-06-SELINUX` check for SELinux denials, write the following to ++mkosi.local.conf: ++ ++```conf ++[Runtime] ++KernelCommandLineExtra=systemd.setenv=TEST_SELINUX_CHECK_AVCS=1 ++``` ++ + ## Ubuntu CI + + New PRs submitted to the project are run through regression tests, and one set +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 4545090c3c1ab..fccfa15c72821 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -69,6 +69,13 @@ ToolsTreeDistribution=$ID + ToolsTreeRelease=${VERSION_ID:-rawhide} + EOF + ++if [[ -n "${TEST_SELINUX_CHECK_AVCS:-}" ]]; then ++ tee --append mkosi.local.conf < +Date: Wed, 8 Jan 2025 16:03:06 +0100 +Subject: [PATCH 07/22] fmf: Force SELinux relabel when running within testing + farm + +We expect to run as root within testing farm and to have permissions +to do selinux relabelling so let's enable it explicitly. + +(cherry picked from commit e1c883bf32f3922bfc977701062e353c0a0a4ac5) +--- + test/fmf/integration-tests/test.sh | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index fccfa15c72821..8cea79cf30274 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -78,6 +78,9 @@ fi + + if [[ -n "${TESTING_FARM_REQUEST_ID:-}" ]]; then + tee --append mkosi.local.conf < +Date: Thu, 9 Jan 2025 11:27:51 +0100 +Subject: [PATCH 08/22] test: Drop set -x from integration-test-setup.sh + +(cherry picked from commit 90538ede55ac9d40dc513f64f052c687672cae89) +--- + test/integration-test-setup.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/integration-test-setup.sh b/test/integration-test-setup.sh +index d7c384a97cf48..c67f938acf26f 100755 +--- a/test/integration-test-setup.sh ++++ b/test/integration-test-setup.sh +@@ -1,6 +1,6 @@ + #!/usr/bin/env bash + # SPDX-License-Identifier: LGPL-2.1-or-later +-set -eux ++set -eu + set -o pipefail + + case "$1" in + +From 9f6617a1a086ecbdd4abb29d4a5b4eada05eb9c4 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 9 Jan 2025 11:28:15 +0100 +Subject: [PATCH 09/22] test: Only plug in integration-test-setup.sh in + interactive mode + +If we're not running interactively, there's no point in the features +from integration-test-setup.sh which are intended for interactive +development and debugging so lets skip adding it in that case. + +(cherry picked from commit 794d456cf402a35290d6562c21f0ff846511026c) +--- + test/integration-test-wrapper.py | 9 +++++++++ + test/test.service.in | 2 -- + 2 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py +index ef6df8840f50d..5fa0325b889e5 100755 +--- a/test/integration-test-wrapper.py ++++ b/test/integration-test-wrapper.py +@@ -459,6 +459,15 @@ def main() -> None: + """ + ) + ++ if sys.stderr.isatty(): ++ dropin += textwrap.dedent( ++ """ ++ [Service] ++ ExecStartPre=/usr/lib/systemd/tests/testdata/integration-test-setup.sh setup ++ ExecStopPost=/usr/lib/systemd/tests/testdata/integration-test-setup.sh finalize ++ """ ++ ) ++ + cmd = [ + args.mkosi, + '--directory', os.fspath(args.meson_source_dir), +diff --git a/test/test.service.in b/test/test.service.in +index 6400be0700288..75f703698f687 100644 +--- a/test/test.service.in ++++ b/test/test.service.in +@@ -7,9 +7,7 @@ Before=getty-pre.target + + [Service] + ExecStartPre=rm -f /failed /testok +-ExecStartPre=/usr/lib/systemd/tests/testdata/integration-test-setup.sh setup + ExecStart=@command@ +-ExecStopPost=/usr/lib/systemd/tests/testdata/integration-test-setup.sh finalize + Type=oneshot + MemoryAccounting=@memory-accounting@ + StateDirectory=%N + +From 2aa2a0c9d166fd7a77c027852255bf248fe63aa0 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Tue, 7 Jan 2025 15:01:02 +0100 +Subject: [PATCH 10/22] mkosi: Re-enable TEST-21-DFUZZER when running with + sanitizers + +Similar to how CentOS CI did it previously, let's only run +TEST-21-DFUZZER when built with sanitizers for maximum effect. + +(cherry picked from commit 103e92810a4bd3f01d2a49d85ef9575d60a8d244) +--- + .github/workflows/mkosi.yml | 8 ++++++++ + test/TEST-21-DFUZZER/meson.build | 1 - + 2 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml +index a043022ce05a1..592ed41051458 100644 +--- a/.github/workflows/mkosi.yml ++++ b/.github/workflows/mkosi.yml +@@ -61,6 +61,7 @@ jobs: + cflags: "-O2 -D_FORTIFY_SOURCE=3" + relabel: no + vm: 1 ++ skip: TEST-21-DFUZZER + - distro: debian + release: testing + sanitizers: "" +@@ -68,6 +69,7 @@ jobs: + cflags: "-Og" + relabel: no + vm: 0 ++ skip: TEST-21-DFUZZER + - distro: ubuntu + release: noble + sanitizers: "" +@@ -75,6 +77,7 @@ jobs: + cflags: "-Og" + relabel: no + vm: 0 ++ skip: TEST-21-DFUZZER + - distro: fedora + release: "41" + sanitizers: "" +@@ -82,6 +85,7 @@ jobs: + cflags: "-Og" + relabel: yes + vm: 0 ++ skip: TEST-21-DFUZZER + - distro: fedora + release: rawhide + sanitizers: address,undefined +@@ -96,6 +100,7 @@ jobs: + cflags: "-Og" + relabel: no + vm: 0 ++ skip: TEST-21-DFUZZER + - distro: centos + release: "9" + sanitizers: "" +@@ -103,6 +108,7 @@ jobs: + cflags: "-Og" + relabel: yes + vm: 0 ++ skip: TEST-21-DFUZZER + - distro: centos + release: "10" + sanitizers: "" +@@ -110,6 +116,7 @@ jobs: + cflags: "-Og" + relabel: yes + vm: 0 ++ skip: TEST-21-DFUZZER + + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 +@@ -195,6 +202,7 @@ jobs: + mkosi sandbox \ + env \ + TEST_PREFER_QEMU=${{ matrix.vm }} \ ++ TEST_SKIP=${{ matrix.skip }} \ + meson test \ + -C build \ + --no-rebuild \ +diff --git a/test/TEST-21-DFUZZER/meson.build b/test/TEST-21-DFUZZER/meson.build +index f57be63380222..932f0c5f0e407 100644 +--- a/test/TEST-21-DFUZZER/meson.build ++++ b/test/TEST-21-DFUZZER/meson.build +@@ -6,6 +6,5 @@ integration_tests += [ + 'timeout' : 3600, + 'priority' : 50, + 'vm' : true, +- 'enabled' : false, + }, + ] + +From 0d6306c37144494e8b029a5f73aec40372587203 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 9 Jan 2025 15:13:18 +0100 +Subject: [PATCH 11/22] fmf: Move meson logs and failed test journals to test + artifacts dir + +(cherry picked from commit 0e444c948e7d8ddbdec83116b68af7d876e2d2f6) +--- + test/fmf/integration-tests/test.sh | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 8cea79cf30274..762016f2a5c1c 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -125,6 +125,11 @@ mkosi -f sandbox \ + --suite integration-tests \ + --print-errorlogs \ + --no-stdsplit \ +- --num-processes "$(($(nproc) - 1))" ++ --num-processes "$(($(nproc) - 1))" && EC=0 || EC=$? ++ ++find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; ++find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; + + popd ++ ++exit "$EC" + +From 80d2d53b0d8573b69597a37f6ced38df97ad2746 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 9 Jan 2025 15:24:51 +0100 +Subject: [PATCH 12/22] fmf: Log clock source + +(cherry picked from commit 6e761c5a93278fc719a66f7c984af9608b836991) +--- + test/fmf/integration-tests/test.sh | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 762016f2a5c1c..d1e43b1d7dbc9 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -11,6 +11,8 @@ echo "CPU and Memory information:" + lscpu + lsmem + ++echo "Clock source: $(cat /sys/devices/system/clocksource/clocksource0/current_clocksource)" ++ + # Allow running the integration tests downstream in dist-git with something like + # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: + # + +From 0584ff62f23838d2a85d48ce22a56aeb61e6f3e7 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 9 Jan 2025 16:24:22 +0100 +Subject: [PATCH 13/22] tree-wide: Fix python formatting + +The new release of ruff formats a few more things which causes linter +failures in CI so let's fix those formatting nits. + +(cherry picked from commit 96403d5121d93dd47dbe9dab5b90ff973e664ac3) +--- + src/ukify/ukify.py | 6 +++--- + test/integration-test-wrapper.py | 6 +++--- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py +index 3f36aa7af6b08..be4e30eb8e36e 100755 +--- a/src/ukify/ukify.py ++++ b/src/ukify/ukify.py +@@ -763,7 +763,7 @@ def call_systemd_measure(uki: UKI, opts: UkifyConfig, profile_start: int = 0) -> + cmd = [ + measure_tool, + 'calculate', +- *(f"--{s.name.removeprefix('.')}={s.content}" for s in to_measure.values()), ++ *(f'--{s.name.removeprefix(".")}={s.content}' for s in to_measure.values()), + *(f'--bank={bank}' for bank in banks), + # For measurement, the keys are not relevant, so we can lump all the phase paths + # into one call to systemd-measure calculate. +@@ -786,7 +786,7 @@ def call_systemd_measure(uki: UKI, opts: UkifyConfig, profile_start: int = 0) -> + cmd = [ + measure_tool, + 'sign', +- *(f"--{s.name.removeprefix('.')}={s.content}" for s in to_measure.values()), ++ *(f'--{s.name.removeprefix(".")}={s.content}' for s in to_measure.values()), + *(f'--bank={bank}' for bank in banks), + ] + +@@ -1284,7 +1284,7 @@ def make_uki(opts: UkifyConfig) -> None: + os.umask(umask := os.umask(0)) + os.chmod(opts.output, 0o777 & ~umask) + +- print(f"Wrote {'signed' if sign_args_present else 'unsigned'} {opts.output}") ++ print(f'Wrote {"signed" if sign_args_present else "unsigned"} {opts.output}') + + + @contextlib.contextmanager +diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py +index 5fa0325b889e5..d9d92fcba3b0e 100755 +--- a/test/integration-test-wrapper.py ++++ b/test/integration-test-wrapper.py +@@ -429,7 +429,7 @@ def main() -> None: + dropin += textwrap.dedent( + f""" + [Service] +- Environment=TEST_MATCH_SUBTEST={os.environ["TEST_MATCH_SUBTEST"]} ++ Environment=TEST_MATCH_SUBTEST={os.environ['TEST_MATCH_SUBTEST']} + """ + ) + +@@ -437,7 +437,7 @@ def main() -> None: + dropin += textwrap.dedent( + f""" + [Service] +- Environment=TEST_MATCH_TESTCASE={os.environ["TEST_MATCH_TESTCASE"]} ++ Environment=TEST_MATCH_TESTCASE={os.environ['TEST_MATCH_TESTCASE']} + """ + ) + +@@ -568,7 +568,7 @@ def main() -> None: + + ops += [f'journalctl --file {journal_file} --no-hostname -o short-monotonic -u {args.unit} -p info'] + +- print("Test failed, relevant logs can be viewed with: \n\n" f"{(' && '.join(ops))}\n", file=sys.stderr) ++ print(f'Test failed, relevant logs can be viewed with: \n\n{(" && ".join(ops))}\n', file=sys.stderr) + + # 0 also means we failed so translate that to a non-zero exit code to mark the test as failed. + exit(result.returncode or 1) + +From eb15a87fb0ba3d37b58e0b74f6c796f6d632c273 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 10 Jan 2025 14:27:33 +0100 +Subject: [PATCH 14/22] test: Add option to save in progress test journals to + /tmp + +The journal isn't the best at being fast, especially when writing +to disk and not to memory, which can cause integration tests to +grind to a halt on beefy systems due to all the systemd-journal-remote +instances not being able to write journal entries to disk fast enough. + +Let's introduce an option to allow writing in progress test journals +to use /tmp which can be used on beefy systems with lots of memory to +speed things up. + +(cherry picked from commit e49fdecd161b3d391e55311652fda3220d851fa1) +--- + test/README.testsuite | 4 ++++ + test/integration-test-wrapper.py | 12 +++++++++++- + 2 files changed, 15 insertions(+), 1 deletion(-) + +diff --git a/test/README.testsuite b/test/README.testsuite +index 6b367aa6738fa..e33c08f33a20e 100644 +--- a/test/README.testsuite ++++ b/test/README.testsuite +@@ -151,6 +151,10 @@ that make use of `run_testcases`. + + `TEST_SKIP_TESTCASE=testcase`: takes a space separated list of testcases to skip. + ++`TEST_JOURNAL_USE_TMP=1`: Write test journal to `/tmp` while the test is in ++progress and only move the journal to its final location in the build directory ++(`$BUILD_DIR/test/journal`) when the test is finished. ++ + ### SELinux AVCs + + To have `TEST-06-SELINUX` check for SELinux denials, write the following to +diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py +index d9d92fcba3b0e..1c28cf3776e80 100755 +--- a/test/integration-test-wrapper.py ++++ b/test/integration-test-wrapper.py +@@ -10,6 +10,7 @@ + import os + import re + import shlex ++import shutil + import subprocess + import sys + import tempfile +@@ -441,7 +442,11 @@ def main() -> None: + """ + ) + +- journal_file = (args.meson_build_dir / (f'test/journal/{name}.journal')).absolute() ++ if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': ++ journal_file = Path(f'/tmp/systemd-integration-tests/journal/{name.journal}') ++ else: ++ journal_file = (args.meson_build_dir / f'test/journal/{name}.journal').absolute() ++ + journal_file.unlink(missing_ok=True) + + if not sys.stderr.isatty(): +@@ -551,6 +556,11 @@ def main() -> None: + ): + journal_file.unlink(missing_ok=True) + ++ if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': ++ dst = args.meson_build_dir / f'test/journal/{name}.journal' ++ dst.parent.mkdir(parents=True, exist_ok=True) ++ shutil.move(journal_file, dst) ++ + if shell or (result.returncode in (args.exit_code, 77) and not coredumps and not sanitizer): + exit(0 if shell or result.returncode == args.exit_code else 77) + + +From ce86b8086e92c84e33385fb48467384abe74ca6d Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 10 Jan 2025 14:29:58 +0100 +Subject: [PATCH 15/22] test: Don't register machines with machined unless + we're in interactive mode + +(cherry picked from commit 84b30442d257102a9a39122f9a537fa48fb0bfda) +--- + test/integration-test-wrapper.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py +index 1c28cf3776e80..94904cfbc4c05 100755 +--- a/test/integration-test-wrapper.py ++++ b/test/integration-test-wrapper.py +@@ -516,7 +516,7 @@ def main() -> None: + ] + ), + '--credential', f"journal.storage={'persistent' if sys.stderr.isatty() else args.storage}", +- *(['--runtime-build-sources=no'] if not sys.stderr.isatty() else []), ++ *(['--runtime-build-sources=no', '--register=no'] if not sys.stderr.isatty() else []), + 'vm' if args.vm or os.getuid() != 0 or os.getenv('TEST_PREFER_QEMU', '0') == '1' else 'boot', + ] # fmt: skip + + +From 504eee6eb099c80b48d8bf7e82ca9e0d6549e076 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 10 Jan 2025 14:51:24 +0100 +Subject: [PATCH 16/22] test: Move StateDirectory= directive into dropin + +The integration-test-setup calls require StateDirectory= but some +tests override the test unit used which then won't have StateDirectory= +so let's move StateDirectory= into the dropin as well to avoid this +issue. + +(cherry picked from commit 1f17ec0ed419627a686ee6e719ac7f55cf082ada) +--- + test/integration-test-wrapper.py | 1 + + test/test.service.in | 1 - + 2 files changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py +index 94904cfbc4c05..610c34c903425 100755 +--- a/test/integration-test-wrapper.py ++++ b/test/integration-test-wrapper.py +@@ -470,6 +470,7 @@ def main() -> None: + [Service] + ExecStartPre=/usr/lib/systemd/tests/testdata/integration-test-setup.sh setup + ExecStopPost=/usr/lib/systemd/tests/testdata/integration-test-setup.sh finalize ++ StateDirectory=%N + """ + ) + +diff --git a/test/test.service.in b/test/test.service.in +index 75f703698f687..790c513da4338 100644 +--- a/test/test.service.in ++++ b/test/test.service.in +@@ -10,4 +10,3 @@ ExecStartPre=rm -f /failed /testok + ExecStart=@command@ + Type=oneshot + MemoryAccounting=@memory-accounting@ +-StateDirectory=%N + +From 4fc1059282f5e39b3385fe175d377de96461f68b Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 10 Jan 2025 15:26:37 +0100 +Subject: [PATCH 17/22] fmf: Bump inotify limits to avoid systemd-nspawn + failures + +(cherry picked from commit c32a8cdaa0f03ae29e9edade1213cc2001b28000) +--- + test/fmf/integration-tests/test.sh | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index d1e43b1d7dbc9..34bf1abfa8943 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -13,6 +13,10 @@ lsmem + + echo "Clock source: $(cat /sys/devices/system/clocksource/clocksource0/current_clocksource)" + ++# Bump inotify limits so nspawn containers don't run out of inotify file descriptors. ++sysctl fs.inotify.max_user_watches=65536 ++sysctl fs.inotify.max_user_instances=1024 ++ + # Allow running the integration tests downstream in dist-git with something like + # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: + # + +From 7f3639f9a0ead8ea70f2d975de4271bb7d8ab05b Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 10 Jan 2025 15:26:54 +0100 +Subject: [PATCH 18/22] fmf: Use different heuristic on beefy systems + +If we save journals in /tmp, we can run a larger number of tests in +parallel so let's make use of the larger number of CPUs if the tests +run on a beefy machine. + +(cherry picked from commit 53546c71fe0a1b30ee296df84bb8c3577f5675a4) +--- + test/fmf/integration-tests/test.sh | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 34bf1abfa8943..06a98bfd7a0be 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -116,6 +116,14 @@ if [[ ! -e /dev/kvm ]]; then + export TEST_NO_QEMU=1 + fi + ++NPROC="$(nproc)" ++if [[ "$NPROC" -ge 10 ]]; then ++ export TEST_JOURNAL_USE_TMP=1 ++ NPROC="$((NPROC / 3))" ++else ++ NPROC="$((NPROC - 1))" ++fi ++ + # Create missing mountpoint for mkosi sandbox. + mkdir -p /etc/pacman.d/gnupg + +@@ -131,7 +139,7 @@ mkosi -f sandbox \ + --suite integration-tests \ + --print-errorlogs \ + --no-stdsplit \ +- --num-processes "$(($(nproc) - 1))" && EC=0 || EC=$? ++ --num-processes "$NPROC" && EC=0 || EC=$? + + find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; + find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; + +From 3661dcc1cbf43dca2a9a77c3dffe50cbe1a7ea18 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 10 Jan 2025 15:29:28 +0100 +Subject: [PATCH 19/22] fmf: Skip TEST-21-DFUZZER + +Similar to Github Actions, since we don't build with sanitizers in +the packit job, let's skip TEST-21-DFUZZER. + +(cherry picked from commit e0c2fd6a3345d26afdf4159406c38cd9101d2e0d) +--- + test/fmf/integration-tests/test.sh | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 06a98bfd7a0be..f82961f9599d0 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -124,6 +124,10 @@ else + NPROC="$((NPROC - 1))" + fi + ++# This test is only really useful if we're building with sanitizers and takes a long time, so let's skip it ++# for now. ++export TEST_SKIP="TEST-21-DFUZZER" ++ + # Create missing mountpoint for mkosi sandbox. + mkdir -p /etc/pacman.d/gnupg + + +From 25c8ee9dc089b593940cefefb2dba7660768a7a8 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Mon, 13 Jan 2025 10:33:20 +0100 +Subject: [PATCH 20/22] test: Fix bug in integration test wrapper + +(cherry picked from commit 79ac78e3680a425d86c7a90e6846c630c9583b48) +--- + test/integration-test-wrapper.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py +index 610c34c903425..5321faef57818 100755 +--- a/test/integration-test-wrapper.py ++++ b/test/integration-test-wrapper.py +@@ -443,7 +443,7 @@ def main() -> None: + ) + + if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': +- journal_file = Path(f'/tmp/systemd-integration-tests/journal/{name.journal}') ++ journal_file = Path(f'/tmp/systemd-integration-tests/journal/{name}.journal') + else: + journal_file = (args.meson_build_dir / f'test/journal/{name}.journal').absolute() + + +From 051ad7661f7cf29b6cbf99c70a6a504f777bc240 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Tue, 14 Jan 2025 09:52:40 +0100 +Subject: [PATCH 21/22] test: Only move journal file if we didn't just unlink + it + +(cherry picked from commit 1d77ac19cfa1c9b194d7e9805430ab6fd38ba97e) +--- + test/integration-test-wrapper.py | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py +index 5321faef57818..a7bf5ea6060d4 100755 +--- a/test/integration-test-wrapper.py ++++ b/test/integration-test-wrapper.py +@@ -556,8 +556,7 @@ def main() -> None: + and not sanitizer + ): + journal_file.unlink(missing_ok=True) +- +- if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': ++ elif os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': + dst = args.meson_build_dir / f'test/journal/{name}.journal' + dst.parent.mkdir(parents=True, exist_ok=True) + shutil.move(journal_file, dst) + +From 6cd2c87e4ef1379520c98316ac5d6bcf21ef1bd1 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Tue, 14 Jan 2025 11:41:17 +0100 +Subject: [PATCH 22/22] fmf: Only move logs if corresponding directory exists + +Otherwise find fails with an error. + +(cherry picked from commit 3c2fa8e0501f9f39b3b7ca0506a7d548a39af928) +--- + test/fmf/integration-tests/test.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index f82961f9599d0..aff79340f79fe 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -145,8 +145,8 @@ mkosi -f sandbox \ + --no-stdsplit \ + --num-processes "$NPROC" && EC=0 || EC=$? + +-find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; +-find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; ++[[ -d build/meson-logs ]] && find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; ++[[ -d build/test/journal ]] && find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; + + popd + diff --git a/plans/upstream.fmf b/plans/upstream.fmf new file mode 100644 index 0000000..fd348ad --- /dev/null +++ b/plans/upstream.fmf @@ -0,0 +1,16 @@ +summary: systemd upstream test suite +discover: + how: fmf + dist-git-source: true + dist-git-install-builddeps: false +prepare: + - name: systemd + how: install + exclude: + - systemd-standalone-.* +execute: + how: tmt +provision: + hardware: + virtualization: + is-supported: true diff --git a/systemd.spec b/systemd.spec index 2fba134..14df243 100644 --- a/systemd.spec +++ b/systemd.spec @@ -121,6 +121,9 @@ Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch + +# Backport various fmf fixes to allow running the integration tests in Fedora CI. +Patch: https://github.com/systemd/systemd/pull/35938.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From 01e5bc1c93907a41421f3744211e9be645747695 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 14 Jan 2025 21:47:40 +0000 Subject: [PATCH 039/148] Set SBAT in sd-boot when building on OBS We are doing self-signing, so don't tag the EFI binaries as if they were Fedora's, since they are not. Set upstream-specific tags, that are the same for all distros built on OBS.. [skip changelog] --- systemd.spec | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/systemd.spec b/systemd.spec index 14df243..4ba5825 100644 --- a/systemd.spec +++ b/systemd.spec @@ -868,6 +868,11 @@ CONFIGURE_OPTS=( # considering that that support is untested, let's not do this now. -Dbootloader=%[%{?want_bootloader}?"enabled":"disabled"] -Dukify=enabled +%if 0%{?want_bootloader} && %{with obs} + -Dsbat-distro-url=https://github.com/systemd/systemd + -Dsbat-distro=upstream + -Dsbat-distro-summary='Upstream build from git' +%endif ) %if %{without lto} From aa5546e9ed9b3fe92efb29bae842da997d153cf8 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 16 Jan 2025 12:29:01 +0100 Subject: [PATCH 040/148] Add a few mkosi artifact directories to .gitignore --- .gitignore | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitignore b/.gitignore index 6cf7897..ca73e11 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,7 @@ /systemd-*.tar.xz /systemd-*.tar.gz /*.rpm +/mkosi.output/ +/mkosi.cache/ +/mkosi.builddir/ +/mkosi.local.conf From f257050dddc1c86fe4358f7b663ec0fe0ab1c407 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 16 Jan 2025 12:29:21 +0100 Subject: [PATCH 041/148] Add a .editorconfig file --- .editorconfig | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .editorconfig diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..1b58baf --- /dev/null +++ b/.editorconfig @@ -0,0 +1,11 @@ +root = true + +[*] +charset = utf-8 +indent_size = 4 +indent_style = space +insert_final_newline = true +trim_trailing_whitespace = true + +[*.{yml,yaml}] +indent_size = 2 From c7fecc18eba700cc97b04394f67afd0b4e965781 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 16 Jan 2025 22:14:36 +0100 Subject: [PATCH 042/148] Skip test_sysusers_defined on upstream builds --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index 4ba5825..c513a1c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1050,9 +1050,13 @@ mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ %endif %if 0%{?fedora} >= 41 +%if %{without upstream} # This requires https://pagure.io/setup/pull-request/50 # and https://src.fedoraproject.org/rpms/setup/pull-request/10. +# We skip this on upstream builds so that new users and groups +# can be added without breaking the build. %{python3} %{SOURCE4} /usr/lib/sysusers.d/20-setup-{users,groups}.conf %{buildroot}/usr/lib/sysusers.d/basic.conf +%endif rm %{buildroot}/usr/lib/sysusers.d/basic.conf %endif From e54ec2f978a1408b15ea25d8ff28961860e541bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 17 Jan 2025 14:04:00 +0100 Subject: [PATCH 043/148] Trim changelog entries that are not relevant to users --- changelog | 153 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 153 insertions(+) diff --git a/changelog b/changelog index fb6584d..216ab62 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,156 @@ +* Sun Jan 12 2025 Zbigniew Jędrzejewski-Szmek - 257.2-6 +- Rebuilt for the bin-sbin merge (2nd attempt) + +* Fri Jan 10 2025 Zbigniew Jędrzejewski-Szmek - 257.2-4 +- Revert use of PrivateTmp=disconnected (rhbz#2334015, + https://github.com/coreos/fedora-coreos-tracker/issues/1857) + +* Wed Jan 08 2025 Zbigniew Jędrzejewski-Szmek - 257.2-1 +- Version 257.2 +- Fixes for assertion crashes and memory access issues in pid1 and systemd- + machined, and other fixes for systemd-repart, systemd-resolved, systemd- + stdio-bridge, systemctl, journalctl, sd-device, hibernation, and the + hardware database. + +* Tue Jan 07 2025 Yu Watanabe - 257.1-7 +- Replace 'udevadm hwdb' with systemd-hwdb + +* Tue Jan 07 2025 Zbigniew Jędrzejewski-Szmek - 257.1-6 +- Rename source .abignore file + +* Fri Dec 20 2024 Daan De Meyer - 257.1-2 +- Re-enable upstream behaviour of systemd-tmpfiles --purge + +* Fri Dec 20 2024 Zbigniew Jędrzejewski-Szmek - 257.1-1 +- Version 257.1 +- A bunch of post-release fixes, incl. for systemd-resolved, tpm2 support, + systemd-networkd, systemd-logind, journalct. +- Should fix rhbz#2325780. + +* Sun Dec 15 2024 Yu Watanabe - 257-3 +- Add patch for test-time-util + +* Sun Dec 15 2024 Yu Watanabe - 257-2 +- sysusers: support new ! line flag for creating fully locked accounts + +* Tue Dec 10 2024 Zbigniew Jędrzejewski-Szmek - 257-1 +- Version 257 +- A bunch of small fixes in various components: systemd itself, systemd- + cryptenroll, sd-varlink, sd-boot, documentation, tests +- Includes an update of the hardware database + +* Thu Dec 05 2024 Zbigniew Jędrzejewski-Szmek - 257~rc3-5 +- Enable slow tests during build + +* Tue Dec 03 2024 Zbigniew Jędrzejewski-Szmek - 257~rc3-3 +- Recommend qemu-kvm-core instead of qemu-kvm (rhbz#2329979) + +* Fri Nov 29 2024 Yu Watanabe - 257~rc3-2 +- Update tmpfiles --destroy-data patch + +* Wed Nov 27 2024 Zbigniew Jędrzejewski-Szmek - 257~rc3-1 +- Version 257~rc3 +- A bunch of small fixes here and there: virtualization detection, udev, + systemd-networked, pid1. +- Includes a hardware database update. + +* Tue Nov 26 2024 Zbigniew Jędrzejewski-Szmek - 257~rc2-4 +- Make systemd-network-generator co-owned by -udev and -networkd + (rhbz#2328723) + +* Tue Nov 19 2024 Zbigniew Jędrzejewski-Szmek - 257~rc2-3 +- Pull in qemu from systemd-container + +* Fri Nov 15 2024 Zbigniew Jędrzejewski-Szmek - 257~rc2-2 +- Change sysusers u! lines to u because we don't have support in rpm + +* Fri Nov 15 2024 Zbigniew Jędrzejewski-Szmek - 257~rc2-1 +- Version 257~rc2 +- Changes in systemd-measure, systemd-networkd, documentation, systemd- + sysupdated, systemd-sbsign, systemd-boot, systemd-stub, systemd-nspawn, + run0, ukify +- Hardware database update + +* Fri Nov 15 2024 Zbigniew Jędrzejewski-Szmek - 257~rc1-3 +- Disable freezing of user sessions (rhbz#2321268) + +* Thu Nov 07 2024 Zbigniew Jędrzejewski-Szmek - 257~rc1-1 +- Version 257~rc1 + +* Thu Nov 07 2024 Daan De Meyer - 256.7-7 +- Use %%posttrans instead of %%postun to restart services + +* Thu Nov 07 2024 Yaakov Selkowitz - 256.7-6 +- Disable OpenSSL v3 ENGINE on RHEL + +* Tue Nov 05 2024 Daan De Meyer - 256.7-4 +- Backport user manager reexec changes + +* Tue Nov 05 2024 David Tardon - 256.7-3 +- Use %%systemd_preun in systemd-resolved + +* Thu Oct 24 2024 Yu Watanabe - 256.7-2 +- test_sysusers_defined: support new ! line flag for creating fully locked + accounts + +* Fri Oct 11 2024 Zbigniew Jędrzejewski-Szmek - 256.7-1 +- Version 256.7 +- Various small fixes in many components +- Documentation updates + +* Tue Sep 24 2024 Zbigniew Jędrzejewski-Szmek - 256.6-3 +- Move yum/dnf protection removal config file under /usr + +* Thu Sep 12 2024 Matteo Croce - 256.6-1 +- Version 256.6 + +* Thu Aug 29 2024 Daan De Meyer - 256.5-6 +- Always build ukify package + +* Wed Aug 28 2024 Daan De Meyer - 256.5-5 +- Do not use patch to modify systemd-user pam config file + +* Tue Aug 27 2024 Daan De Meyer - 256.5-3 +- Only make python3-pillow Recommends on Fedora + +* Sat Aug 24 2024 Davide Cavalca - 256.5-2 +- Do not require grubby on CentOS Stream 9 + +* Tue Aug 20 2024 Zbigniew Jędrzejewski-Szmek - 256.5-1 +- Version 256.5 +- Includes the patches for the kernel change with kernel threads in leaf + cgroups (https://github.com/systemd/systemd/pull/33885) +- Various smaller fixes + +* Tue Aug 20 2024 Zbigniew Jędrzejewski-Szmek - 256.4-4 +- Disable integration of userdb in sshd + +* Mon Jul 29 2024 Daan De Meyer - 256.4-3 +- Backport patch to only read /proc/cmdline when not in container + +* Mon Jul 29 2024 Daan De Meyer - 256.4-2 +- Backport upstream patch to try more initrd variants in + 90-loaderentry.install + +* Thu Jul 25 2024 Zbigniew Jędrzejewski-Szmek - 256.4-1 +- Version 256.4 +- Hardware db update +- Minor fixes for systemd-udevd and varlink protocol + +* Tue Jul 23 2024 Daan De Meyer - 256.3-3 +- Update tmpfiles --destroy-data patch + +* Tue Jul 23 2024 Zbigniew Jędrzejewski-Szmek - 256.3-1 +- Version 256.3 +- A bunch of fixes for systemd (pid1) +- Various upgrades related to running tests in mkosi + +* Sat Jul 20 2024 Daan De Meyer - 256.2-17 +- Simplify BFQ scheduler enablement + +* Sat Jul 20 2024 Fedora Release Engineering - 256.2-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + * Wed Jul 17 2024 Zbigniew Jędrzejewski-Szmek - 256.2-9 - Backport udma buffer access patch (rhbz#2298422) From d0973df8633edfe039c8040d1773f7e89c7dd2f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 17 Jan 2025 14:00:44 +0100 Subject: [PATCH 044/148] Backport patch to emit audit events from systemd-sysusers A second patch is backported to avoid conflict and also because it seems reasoanble to backport. --- ...ot-give-up-if-the-first-attempt-at-c.patch | 75 +++++ ...dit-events-for-user-and-group-creati.patch | 287 ++++++++++++++++++ systemd.spec | 5 + 3 files changed, 367 insertions(+) create mode 100644 0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch create mode 100644 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch diff --git a/0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch b/0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch new file mode 100644 index 0000000..76c2be1 --- /dev/null +++ b/0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch @@ -0,0 +1,75 @@ +From 8ed12b37afea9ccc36789aad2cef0d60eb6c5073 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 18 Dec 2024 22:27:29 +0900 +Subject: [PATCH 1/2] update-utmp: do not give up if the first attempt at + connecting bus failed +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Otherwise, the program exits with failure if the first attempt in run() failed: +``` +Dec 18 20:27:37 systemd-update-utmp[254]: Bus n/a: changing state UNSET → OPENING +Dec 18 20:27:37 systemd-update-utmp[254]: sd-bus: starting bus by connecting to /run/systemd/private... +Dec 18 20:27:37 systemd-update-utmp[254]: Bus n/a: changing state OPENING → CLOSED +Dec 18 20:27:37 systemd-update-utmp[254]: Failed to get D-Bus connection: Connection refused +``` + +(cherry picked from commit 85d040dabd2cc67c89b7ed6157429b8f6f2240f4) +--- + src/update-utmp/update-utmp.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/src/update-utmp/update-utmp.c b/src/update-utmp/update-utmp.c +index e40843cf35..a10e6d478a 100644 +--- a/src/update-utmp/update-utmp.c ++++ b/src/update-utmp/update-utmp.c +@@ -53,6 +53,12 @@ static int get_startup_monotonic_time(Context *c, usec_t *ret) { + assert(c); + assert(ret); + ++ if (!c->bus) { ++ r = bus_connect_system_systemd(&c->bus); ++ if (r < 0) ++ return log_warning_errno(r, "Failed to get D-Bus connection, ignoring: %m"); ++ } ++ + r = bus_get_property_trivial( + c->bus, + bus_systemd_mgr, +@@ -94,10 +100,13 @@ static int get_current_runlevel(Context *c) { + UINT64_C(100) * USEC_PER_MSEC + + random_u64_range(UINT64_C(1900) * USEC_PER_MSEC * n_attempts / MAX_ATTEMPTS); + (void) usleep_safe(usec); ++ } + ++ if (!c->bus) { + r = bus_connect_system_systemd(&c->bus); + if (r == -ECONNREFUSED && n_attempts < 64) { +- log_debug_errno(r, "Failed to reconnect to system bus, retrying after a slight delay: %m"); ++ log_debug_errno(r, "Failed to %s to system bus, retrying after a slight delay: %m", ++ n_attempts <= 1 ? "connect" : "reconnect"); + continue; + } + if (r < 0) +@@ -251,7 +260,6 @@ static int run(int argc, char *argv[]) { + .audit_fd = -EBADF, + #endif + }; +- int r; + + log_setup(); + +@@ -264,9 +272,6 @@ static int run(int argc, char *argv[]) { + log_full_errno(IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT) ? LOG_DEBUG : LOG_WARNING, + errno, "Failed to connect to audit log, ignoring: %m"); + #endif +- r = bus_connect_system_systemd(&c.bus); +- if (r < 0) +- return log_error_errno(r, "Failed to get D-Bus connection: %m"); + + return dispatch_verb(argc, argv, verbs, &c); + } +-- +2.47.1 + diff --git a/0002-sysusers-emit-audit-events-for-user-and-group-creati.patch b/0002-sysusers-emit-audit-events-for-user-and-group-creati.patch new file mode 100644 index 0000000..d442f5a --- /dev/null +++ b/0002-sysusers-emit-audit-events-for-user-and-group-creati.patch @@ -0,0 +1,287 @@ +From 398049208b4aae5f2a9f0d4914dee6ab6e101118 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 10 Jan 2025 15:35:13 +0100 +Subject: [PATCH 2/2] sysusers: emit audit events for user and group creation + +Background: Fedora/RHEL are switching to sysusers.d metadata for creation of +users and groups for system users defined by packages +(https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers). +Packages carry sysusers files. During package installation, rpm calls an +program to execute on this config. This program may either be +/usr/lib/rpm/sysusers.sh which calls useradd/groupadd, or +/usr/bin/systemd-sysusers. To match the functionality provided by +useradd/groupadd from the shadow-utils project, systemd-sysusers must emit +audit events so that it provides a drop-in replacement. + +systemd-sysuers will emit audit events AUDIT_ADD_USER/AUDIT_ADD_GROUP when +adding users and groups. The operation "names" are copied from shadow-utils in +Fedora (which has a patch to change them from the upstream version), so the +format of the events that is generated on success should be identical. + +The helper code is shared between sysusers and utmp-wtmp. I changed the +audit_fd variable to be unconditional. This way we can avoid ugly iffdefery +every time the variable would be used. The cost is that 4 bytes of unused +storage might be present. This is negligible, and the compiler might even be +able to optimize that away if it inlines things. +--- + src/basic/audit-util.h | 33 +++++++++++++++++++++ + src/sysusers/meson.build | 2 ++ + src/sysusers/sysusers.c | 56 +++++++++++++++++++++++++++++++++++ + src/update-utmp/update-utmp.c | 23 ++------------ + 4 files changed, 94 insertions(+), 20 deletions(-) + +diff --git a/src/basic/audit-util.h b/src/basic/audit-util.h +index 9a74e4f102..d8ecf14f69 100644 +--- a/src/basic/audit-util.h ++++ b/src/basic/audit-util.h +@@ -1,10 +1,16 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + #pragma once + ++#if HAVE_AUDIT ++# include ++#endif ++ + #include + #include + #include + ++#include "errno-util.h" ++#include "log.h" + #include "pidref.h" + + #define AUDIT_SESSION_INVALID UINT32_MAX +@@ -17,3 +23,30 @@ bool use_audit(void); + static inline bool audit_session_is_valid(uint32_t id) { + return id > 0 && id != AUDIT_SESSION_INVALID; + } ++ ++/* The wrappers for audit_open() and audit_close() are inline functions so that we don't get a spurious ++ * linkage to libaudit in libbasic, but we also don't need to create a separate source file for two very ++ * short functions. */ ++ ++static inline int close_audit_fd(int fd) { ++#if HAVE_AUDIT ++ if (fd >= 0) ++ audit_close(fd); ++#else ++ assert(fd < 0); ++#endif ++ return -EBADF; ++} ++ ++static inline int open_audit_fd_or_warn(void) { ++ int fd = -EBADF; ++ ++#if HAVE_AUDIT ++ /* If the kernel lacks netlink or audit support, don't worry about it. */ ++ fd = audit_open(); ++ if (fd < 0) ++ return log_full_errno(ERRNO_IS_NOT_SUPPORTED(errno) ? LOG_DEBUG : LOG_WARNING, ++ errno, "Failed to connect to audit log, ignoring: %m"); ++#endif ++ return fd; ++} +diff --git a/src/sysusers/meson.build b/src/sysusers/meson.build +index 123ff41d3f..c968f55110 100644 +--- a/src/sysusers/meson.build ++++ b/src/sysusers/meson.build +@@ -9,6 +9,7 @@ executables += [ + 'name' : 'systemd-sysusers', + 'public' : true, + 'sources' : files('sysusers.c'), ++ 'dependencies' : libaudit, + }, + executable_template + { + 'name' : 'systemd-sysusers.standalone', +@@ -20,6 +21,7 @@ executables += [ + libshared_static, + libsystemd_static, + ], ++ 'dependencies' : libaudit, + 'build_by_default' : have_standalone_binaries, + 'install' : have_standalone_binaries, + }, +diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c +index 44253483db..84eb9fc0c3 100644 +--- a/src/sysusers/sysusers.c ++++ b/src/sysusers/sysusers.c +@@ -3,6 +3,7 @@ + #include + + #include "alloc-util.h" ++#include "audit-util.h" + #include "build.h" + #include "chase.h" + #include "conf-files.h" +@@ -106,6 +107,8 @@ STATIC_DESTRUCTOR_REGISTER(arg_image, freep); + STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep); + + typedef struct Context { ++ int audit_fd; ++ + OrderedHashmap *users, *groups; + OrderedHashmap *todo_uids, *todo_gids; + OrderedHashmap *members; +@@ -126,6 +129,8 @@ typedef struct Context { + static void context_done(Context *c) { + assert(c); + ++ c->audit_fd = close_audit_fd(c->audit_fd); ++ + ordered_hashmap_free(c->groups); + ordered_hashmap_free(c->users); + ordered_hashmap_free(c->members); +@@ -163,6 +168,48 @@ static void maybe_emit_login_defs_warning(Context *c) { + c->login_defs_need_warning = false; + } + ++static void log_audit_accounts(Context *c, ItemType what) { ++#if HAVE_AUDIT ++ assert(c); ++ assert(IN_SET(what, ADD_USER, ADD_GROUP)); ++ ++ if (arg_dry_run || c->audit_fd < 0) ++ return; ++ ++ Item *i; ++ int type = what == ADD_USER ? AUDIT_ADD_USER : AUDIT_ADD_GROUP; ++ const char *op = what == ADD_USER ? "adding-user" : "adding-group"; ++ ++ /* Notes: ++ * ++ * The op must not contain whitespace. The format with a dash matches what Fedora shadow-utils uses. ++ * ++ * We send id == -1, even though we know the number, in particular on success. This is because if we ++ * send the id, the generated audit message will not contain the name. The name seems more useful ++ * than the number, hence send just the name: ++ * ++ * type=ADD_USER msg=audit(01/10/2025 16:02:00.639:3854) : ++ * pid=3846380 uid=root auid=zbyszek ses=2 msg='op=adding-user id=unknown(952) exe=systemd-sysusers ... res=success' ++ * vs. ++ * type=ADD_USER msg=audit(01/10/2025 16:03:15.457:3908) : ++ * pid=3846607 uid=root auid=zbyszek ses=2 msg='op=adding-user acct=foo5 exe=systemd-sysusers ... res=success' ++ */ ++ ++ ORDERED_HASHMAP_FOREACH(i, what == ADD_USER ? c->todo_uids : c->todo_gids) ++ audit_log_acct_message( ++ c->audit_fd, ++ type, ++ program_invocation_short_name, ++ op, ++ i->name, ++ /* id= */ (unsigned) -1, ++ /* host= */ NULL, ++ /* addr= */ NULL, ++ /* tty= */ NULL, ++ /* success= */ 1); ++#endif ++} ++ + static int load_user_database(Context *c) { + _cleanup_fclose_ FILE *f = NULL; + const char *passwd_path; +@@ -971,6 +1018,8 @@ static int write_files(Context *c) { + group_tmp, group_path); + group_tmp = mfree(group_tmp); + } ++ /* OK, we have written the group entries successfully */ ++ log_audit_accounts(c, ADD_GROUP); + if (gshadow) { + r = rename_and_apply_smack_floor_label(gshadow_tmp, gshadow_path); + if (r < 0) +@@ -988,6 +1037,8 @@ static int write_files(Context *c) { + + passwd_tmp = mfree(passwd_tmp); + } ++ /* OK, we have written the user entries successfully */ ++ log_audit_accounts(c, ADD_USER); + if (shadow) { + r = rename_and_apply_smack_floor_label(shadow_tmp, shadow_path); + if (r < 0) +@@ -2232,6 +2283,7 @@ static int run(int argc, char *argv[]) { + #endif + _cleanup_close_ int lock = -EBADF; + _cleanup_(context_done) Context c = { ++ .audit_fd = -EBADF, + .search_uid = UID_INVALID, + }; + +@@ -2281,6 +2333,10 @@ static int run(int argc, char *argv[]) { + assert(!arg_image); + #endif + ++ /* Prepare to emit audit events, but only if we're operating on the host system. */ ++ if (!arg_root) ++ c.audit_fd = open_audit_fd_or_warn(); ++ + /* If command line arguments are specified along with --replace, read all configuration files and + * insert the positional arguments at the specified place. Otherwise, if command line arguments are + * specified, execute just them, and finally, without --replace= or any positional arguments, just +diff --git a/src/update-utmp/update-utmp.c b/src/update-utmp/update-utmp.c +index a10e6d478a..6df9414063 100644 +--- a/src/update-utmp/update-utmp.c ++++ b/src/update-utmp/update-utmp.c +@@ -5,12 +5,9 @@ + #include + #include + +-#if HAVE_AUDIT +-#include +-#endif +- + #include "sd-bus.h" + ++#include "audit-util.h" + #include "alloc-util.h" + #include "bus-error.h" + #include "bus-locator.h" +@@ -30,20 +27,14 @@ + + typedef struct Context { + sd_bus *bus; +-#if HAVE_AUDIT + int audit_fd; +-#endif + } Context; + + static void context_clear(Context *c) { + assert(c); + + c->bus = sd_bus_flush_close_unref(c->bus); +-#if HAVE_AUDIT +- if (c->audit_fd >= 0) +- audit_close(c->audit_fd); +- c->audit_fd = -EBADF; +-#endif ++ c->audit_fd = close_audit_fd(c->audit_fd); + } + + static int get_startup_monotonic_time(Context *c, usec_t *ret) { +@@ -256,22 +247,14 @@ static int run(int argc, char *argv[]) { + }; + + _cleanup_(context_clear) Context c = { +-#if HAVE_AUDIT + .audit_fd = -EBADF, +-#endif + }; + + log_setup(); + + umask(0022); + +-#if HAVE_AUDIT +- /* If the kernel lacks netlink or audit support, don't worry about it. */ +- c.audit_fd = audit_open(); +- if (c.audit_fd < 0) +- log_full_errno(IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT) ? LOG_DEBUG : LOG_WARNING, +- errno, "Failed to connect to audit log, ignoring: %m"); +-#endif ++ c.audit_fd = open_audit_fd_or_warn(); + + return dispatch_verb(argc, argv, verbs, &c); + } +-- +2.47.1 + diff --git a/systemd.spec b/systemd.spec index c513a1c..8b7735e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -118,6 +118,11 @@ Patch: https://github.com/systemd/systemd/pull/26494.patch # https://github.com/coreos/fedora-coreos-tracker/issues/1857 Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch +# Backport of sysusers audit support for +# https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers. +Patch: 0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch +Patch: 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch From cc9bce7893d956c5e0a5041e0890150b21c0d6d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 21 Jan 2025 21:57:39 +0100 Subject: [PATCH 045/148] Drop override of $PATH in the user manager We had the override so that the user would have /usr/bin:/usr/sbin, which root had /usr/sbin:/usr/bin. Now that /usr/sbin and /usr/bin are merged, we don't want this. This should fix the issue reported in https://discussion.fedoraproject.org/t/f40-change-proposal-unify-usr-bin-and-usr-sbin-system-wide/99853/25. --- systemd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 8b7735e..e41fab3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -767,7 +767,6 @@ CONFIGURE_OPTS=( -Drc-local=/etc/rc.d/rc.local -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' -Ddns-servers= - -Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin -Dservice-watchdog= -Ddev-kvm-mode=0666 -Dkmod=enabled From de4ae54a3486ca1e0139fc3efdb862883dd6d01a Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Mon, 27 Jan 2025 13:49:04 -0800 Subject: [PATCH 046/148] Backport PR #36194 to add Georgian mapping to kbd-model-map Signed-off-by: Adam Williamson --- ...kbd-model-map-add-a-georgian-mapping.patch | 26 +++++++++++++++++++ systemd.spec | 5 ++++ 2 files changed, 31 insertions(+) create mode 100644 0001-kbd-model-map-add-a-georgian-mapping.patch diff --git a/0001-kbd-model-map-add-a-georgian-mapping.patch b/0001-kbd-model-map-add-a-georgian-mapping.patch new file mode 100644 index 0000000..29d2b40 --- /dev/null +++ b/0001-kbd-model-map-add-a-georgian-mapping.patch @@ -0,0 +1,26 @@ +From d8a47df70daaf1694efe6734348827b57911d65f Mon Sep 17 00:00:00 2001 +From: Adam Williamson +Date: Fri, 10 Jan 2025 13:01:47 -0800 +Subject: [PATCH] kbd-model-map: add a georgian mapping + +https://github.com/legionus/kbd/pull/127 adds a Georgian mapping +to kbd. console-setup already has one. Let's support it here, so +it's used for Georgian installs on distros that use this table. + +Signed-off-by: Adam Williamson +--- + src/locale/kbd-model-map | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/locale/kbd-model-map b/src/locale/kbd-model-map +index 279d1a36d8..612f6d749a 100644 +--- a/src/locale/kbd-model-map ++++ b/src/locale/kbd-model-map +@@ -70,3 +70,4 @@ khmer kh,us pc105 - terminate:ctrl_alt_bksp + es-dvorak es microsoftpro dvorak terminate:ctrl_alt_bksp + lv lv pc105 apostrophe terminate:ctrl_alt_bksp + lv-tilde lv pc105 tilde terminate:ctrl_alt_bksp ++ge ge,us pc105 - terminate:ctrl_alt_bksp +-- +2.47.1 + diff --git a/systemd.spec b/systemd.spec index e41fab3..ed0f857 100644 --- a/systemd.spec +++ b/systemd.spec @@ -131,6 +131,11 @@ Patch: https://github.com/systemd/systemd/pull/30846.patch Patch: https://github.com/systemd/systemd/pull/35938.patch %endif +# https://github.com/systemd/systemd/pull/36194 +# https://bugzilla.redhat.com/show_bug.cgi?id=2336875 +# add Georgian mapping to kbd-model-map +Patch: 0001-kbd-model-map-add-a-georgian-mapping.patch + %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 %endif From 1ffa7bf7c74e09fa42525f17e9da5f51c72ada02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 28 Jan 2025 10:08:50 +0100 Subject: [PATCH 047/148] Make Georgian mapping patch downstream-only [skip changelog] --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index ed0f857..484fc46 100644 --- a/systemd.spec +++ b/systemd.spec @@ -129,12 +129,12 @@ Patch: https://github.com/systemd/systemd/pull/30846.patch # Backport various fmf fixes to allow running the integration tests in Fedora CI. Patch: https://github.com/systemd/systemd/pull/35938.patch -%endif # https://github.com/systemd/systemd/pull/36194 # https://bugzilla.redhat.com/show_bug.cgi?id=2336875 # add Georgian mapping to kbd-model-map Patch: 0001-kbd-model-map-add-a-georgian-mapping.patch +%endif %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 From d66f99791591eb8be0825173326aa0af64598f0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Sat, 1 Feb 2025 19:57:43 +0100 Subject: [PATCH 048/148] Add explicit BR: libxcrypt-devel MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Björn Esser --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index 484fc46..dfe0393 100644 --- a/systemd.spec +++ b/systemd.spec @@ -149,6 +149,7 @@ BuildRequires: libcap-devel BuildRequires: libmount-devel BuildRequires: libfdisk-devel BuildRequires: libpwquality-devel +BuildRequires: libxcrypt-devel BuildRequires: pam-devel BuildRequires: libselinux-devel BuildRequires: audit-libs-devel From 2c0b984bf41db96b6e80ef53947aeb878b326cbb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 13 Feb 2025 20:27:12 +0100 Subject: [PATCH 049/148] Version 257.3 - updates to systemd, systemctl, systemd-udev, systemd-sbsign, systemd-machined, systemd-resolved, systemd-firstboot, systemd-sysupdate, systemd-repart, systemd-vmspawn, systemd-networkd, systemd-update-utmp, systemd-tmpfiles, systemd-logind, bootctl, varlink, ukify, homectl, userdbctl, UKI support, sd-stub, log messages, man pages - the hwdb is updated from mainline at 2025-02-07 - resolves rhbz#2345544 --- ...kbd-model-map-add-a-georgian-mapping.patch | 26 - 35938.patch | 879 ------------------ sources | 2 +- systemd.spec | 10 +- 4 files changed, 2 insertions(+), 915 deletions(-) delete mode 100644 0001-kbd-model-map-add-a-georgian-mapping.patch delete mode 100644 35938.patch diff --git a/0001-kbd-model-map-add-a-georgian-mapping.patch b/0001-kbd-model-map-add-a-georgian-mapping.patch deleted file mode 100644 index 29d2b40..0000000 --- a/0001-kbd-model-map-add-a-georgian-mapping.patch +++ /dev/null @@ -1,26 +0,0 @@ -From d8a47df70daaf1694efe6734348827b57911d65f Mon Sep 17 00:00:00 2001 -From: Adam Williamson -Date: Fri, 10 Jan 2025 13:01:47 -0800 -Subject: [PATCH] kbd-model-map: add a georgian mapping - -https://github.com/legionus/kbd/pull/127 adds a Georgian mapping -to kbd. console-setup already has one. Let's support it here, so -it's used for Georgian installs on distros that use this table. - -Signed-off-by: Adam Williamson ---- - src/locale/kbd-model-map | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/locale/kbd-model-map b/src/locale/kbd-model-map -index 279d1a36d8..612f6d749a 100644 ---- a/src/locale/kbd-model-map -+++ b/src/locale/kbd-model-map -@@ -70,3 +70,4 @@ khmer kh,us pc105 - terminate:ctrl_alt_bksp - es-dvorak es microsoftpro dvorak terminate:ctrl_alt_bksp - lv lv pc105 apostrophe terminate:ctrl_alt_bksp - lv-tilde lv pc105 tilde terminate:ctrl_alt_bksp -+ge ge,us pc105 - terminate:ctrl_alt_bksp --- -2.47.1 - diff --git a/35938.patch b/35938.patch deleted file mode 100644 index 7f9f9be..0000000 --- a/35938.patch +++ /dev/null @@ -1,879 +0,0 @@ -From 1f21bbecade2c74a02ec8e2d5ebc8757752ea7b2 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 8 Jan 2025 10:25:05 +0100 -Subject: [PATCH 01/22] fmf: Don't fail if we can't put selinux in permissive - mode - -The tests might be running unprivileged or in an environment without -selinux so let's not fail if we can't put it in permissive mode. - -(cherry picked from commit 0250db0139b159cb9e6c1a87ad91ffdd03e80236) ---- - test/fmf/integration-tests/test.sh | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 4984fb119b571..fe139567bdf06 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -4,8 +4,8 @@ - set -eux - set -o pipefail - --# Switch SELinux to permissive, since the tests don't set proper contexts --setenforce 0 -+# Switch SELinux to permissive if possible, since the tests don't set proper contexts -+setenforce 0 || true - - # Allow running the integration tests downstream in dist-git with something like - # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: - -From 006ff34ef7d27aa10fd7343dacd1663f25561799 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 8 Jan 2025 10:25:50 +0100 -Subject: [PATCH 02/22] fmf: Fix dist-git example - -All that's needed is dist-git-source: true so remove the other settings -that aren't required. - -(cherry picked from commit 0a85b3757968a2750286119760244e017c990263) ---- - test/fmf/integration-tests/test.sh | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index fe139567bdf06..73771d4237207 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -13,9 +13,6 @@ setenforce 0 || true - # summary: systemd Fedora test suite - # discover: - # how: fmf --# url: https://github.com/systemd/systemd --# ref: main --# path: test/fmf - # dist-git-source: true - # dist-git-install-builddeps: false - # prepare: - -From fc5028ef24af77c9bf0965bb9e3518cdc1041797 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 8 Jan 2025 10:38:21 +0100 -Subject: [PATCH 03/22] fmf: Fix glob - -Globs inside quotes aren't expanded and we need the glob to be more -specific to avoid matching multiple entries inside the tmt source -directory. - -(cherry picked from commit fc1b08dee2ccf706580fa448e66831d1e853d054) ---- - test/fmf/integration-tests/test.sh | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 73771d4237207..0a1595fa97268 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -23,8 +23,11 @@ setenforce 0 || true - # execute: - # how: tmt - -+shopt -s extglob -+ - if [[ -n "${TMT_SOURCE_DIR:-}" ]]; then -- pushd "$TMT_SOURCE_DIR/*/" -+ # Match either directories ending with branch names (e.g. systemd-fmf) or releases (e.g systemd-257.1). -+ pushd "$TMT_SOURCE_DIR"/systemd-+([0-9a-z.~])/ - elif [[ -n "${PACKIT_TARGET_URL:-}" ]]; then - # Prepare systemd source tree - git clone "$PACKIT_TARGET_URL" systemd --branch "$PACKIT_TARGET_BRANCH" - -From bff09b9634e0160bd33302eec1c25438cdba2af5 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 8 Jan 2025 12:12:15 +0100 -Subject: [PATCH 04/22] fmf: Only mess with /etc/yum.repos.d when running - within testing farm - -If running tmt locally to debug the test script, make sure we don't -mess with /etc/yum.repos.d. - -(cherry picked from commit 8e3347f3bd3d9a01b8f39b0858eab74084ecf20a) ---- - test/fmf/integration-tests/test.sh | 18 ++++++++++++------ - 1 file changed, 12 insertions(+), 6 deletions(-) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 0a1595fa97268..347cd219a458a 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -63,6 +63,11 @@ Release=${VERSION_ID:-rawhide} - [Build] - ToolsTreeDistribution=$ID - ToolsTreeRelease=${VERSION_ID:-rawhide} -+EOF -+ -+if [[ -n "${TESTING_FARM_REQUEST_ID:-}" ]]; then -+ tee --append mkosi.local.conf <> /etc/yum.repos.d/copr_build* -+ # Ensure packages built for this test have highest priority -+ echo -e "\npriority=1" >> /etc/yum.repos.d/copr_build* - --# Disable mkosi's own repository logic --touch /etc/yum.repos.d/mkosi.repo -+ # Disable mkosi's own repository logic -+ touch /etc/yum.repos.d/mkosi.repo -+fi - - # TODO: drop once BTRFS regression is fixed in kernel 6.13 - sed -i "s/Format=btrfs/Format=ext4/" mkosi.repart/10-root.conf - -From d0b9af0f2bb5f8891eb4def4ec201bf527fe2096 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 8 Jan 2025 16:41:46 +0100 -Subject: [PATCH 05/22] fmf: Dump CPU and memory information - -(cherry picked from commit 44368f84d7ddbec7a50648a65c27cb6a31090a29) ---- - test/fmf/integration-tests/test.sh | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 347cd219a458a..4545090c3c1ab 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -7,6 +7,10 @@ set -o pipefail - # Switch SELinux to permissive if possible, since the tests don't set proper contexts - setenforce 0 || true - -+echo "CPU and Memory information:" -+lscpu -+lsmem -+ - # Allow running the integration tests downstream in dist-git with something like - # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: - # - -From c8cd705e5ed0a1f1fe642772a7605b36f30215a1 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 8 Jan 2025 13:31:11 +0100 -Subject: [PATCH 06/22] TEST-06-SELINUX: Add knob to allow checking for AVCs - -When running the integration tests downstream, it's useful to be -able to test that a new systemd version doesn't introduce any AVC -denials, so let's add a knob to make that possible. - -(cherry picked from commit de19520ec979902fd457515d1a795210fdaedf93) ---- - test/README.testsuite | 10 ++++++++++ - test/fmf/integration-tests/test.sh | 7 +++++++ - test/units/TEST-06-SELINUX.sh | 4 ++++ - 3 files changed, 21 insertions(+) - -diff --git a/test/README.testsuite b/test/README.testsuite -index da2d17a6dba7c..6b367aa6738fa 100644 ---- a/test/README.testsuite -+++ b/test/README.testsuite -@@ -151,6 +151,16 @@ that make use of `run_testcases`. - - `TEST_SKIP_TESTCASE=testcase`: takes a space separated list of testcases to skip. - -+### SELinux AVCs -+ -+To have `TEST-06-SELINUX` check for SELinux denials, write the following to -+mkosi.local.conf: -+ -+```conf -+[Runtime] -+KernelCommandLineExtra=systemd.setenv=TEST_SELINUX_CHECK_AVCS=1 -+``` -+ - ## Ubuntu CI - - New PRs submitted to the project are run through regression tests, and one set -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 4545090c3c1ab..fccfa15c72821 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -69,6 +69,13 @@ ToolsTreeDistribution=$ID - ToolsTreeRelease=${VERSION_ID:-rawhide} - EOF - -+if [[ -n "${TEST_SELINUX_CHECK_AVCS:-}" ]]; then -+ tee --append mkosi.local.conf < -Date: Wed, 8 Jan 2025 16:03:06 +0100 -Subject: [PATCH 07/22] fmf: Force SELinux relabel when running within testing - farm - -We expect to run as root within testing farm and to have permissions -to do selinux relabelling so let's enable it explicitly. - -(cherry picked from commit e1c883bf32f3922bfc977701062e353c0a0a4ac5) ---- - test/fmf/integration-tests/test.sh | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index fccfa15c72821..8cea79cf30274 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -78,6 +78,9 @@ fi - - if [[ -n "${TESTING_FARM_REQUEST_ID:-}" ]]; then - tee --append mkosi.local.conf < -Date: Thu, 9 Jan 2025 11:27:51 +0100 -Subject: [PATCH 08/22] test: Drop set -x from integration-test-setup.sh - -(cherry picked from commit 90538ede55ac9d40dc513f64f052c687672cae89) ---- - test/integration-test-setup.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/test/integration-test-setup.sh b/test/integration-test-setup.sh -index d7c384a97cf48..c67f938acf26f 100755 ---- a/test/integration-test-setup.sh -+++ b/test/integration-test-setup.sh -@@ -1,6 +1,6 @@ - #!/usr/bin/env bash - # SPDX-License-Identifier: LGPL-2.1-or-later --set -eux -+set -eu - set -o pipefail - - case "$1" in - -From 9f6617a1a086ecbdd4abb29d4a5b4eada05eb9c4 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 9 Jan 2025 11:28:15 +0100 -Subject: [PATCH 09/22] test: Only plug in integration-test-setup.sh in - interactive mode - -If we're not running interactively, there's no point in the features -from integration-test-setup.sh which are intended for interactive -development and debugging so lets skip adding it in that case. - -(cherry picked from commit 794d456cf402a35290d6562c21f0ff846511026c) ---- - test/integration-test-wrapper.py | 9 +++++++++ - test/test.service.in | 2 -- - 2 files changed, 9 insertions(+), 2 deletions(-) - -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index ef6df8840f50d..5fa0325b889e5 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -459,6 +459,15 @@ def main() -> None: - """ - ) - -+ if sys.stderr.isatty(): -+ dropin += textwrap.dedent( -+ """ -+ [Service] -+ ExecStartPre=/usr/lib/systemd/tests/testdata/integration-test-setup.sh setup -+ ExecStopPost=/usr/lib/systemd/tests/testdata/integration-test-setup.sh finalize -+ """ -+ ) -+ - cmd = [ - args.mkosi, - '--directory', os.fspath(args.meson_source_dir), -diff --git a/test/test.service.in b/test/test.service.in -index 6400be0700288..75f703698f687 100644 ---- a/test/test.service.in -+++ b/test/test.service.in -@@ -7,9 +7,7 @@ Before=getty-pre.target - - [Service] - ExecStartPre=rm -f /failed /testok --ExecStartPre=/usr/lib/systemd/tests/testdata/integration-test-setup.sh setup - ExecStart=@command@ --ExecStopPost=/usr/lib/systemd/tests/testdata/integration-test-setup.sh finalize - Type=oneshot - MemoryAccounting=@memory-accounting@ - StateDirectory=%N - -From 2aa2a0c9d166fd7a77c027852255bf248fe63aa0 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Tue, 7 Jan 2025 15:01:02 +0100 -Subject: [PATCH 10/22] mkosi: Re-enable TEST-21-DFUZZER when running with - sanitizers - -Similar to how CentOS CI did it previously, let's only run -TEST-21-DFUZZER when built with sanitizers for maximum effect. - -(cherry picked from commit 103e92810a4bd3f01d2a49d85ef9575d60a8d244) ---- - .github/workflows/mkosi.yml | 8 ++++++++ - test/TEST-21-DFUZZER/meson.build | 1 - - 2 files changed, 8 insertions(+), 1 deletion(-) - -diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml -index a043022ce05a1..592ed41051458 100644 ---- a/.github/workflows/mkosi.yml -+++ b/.github/workflows/mkosi.yml -@@ -61,6 +61,7 @@ jobs: - cflags: "-O2 -D_FORTIFY_SOURCE=3" - relabel: no - vm: 1 -+ skip: TEST-21-DFUZZER - - distro: debian - release: testing - sanitizers: "" -@@ -68,6 +69,7 @@ jobs: - cflags: "-Og" - relabel: no - vm: 0 -+ skip: TEST-21-DFUZZER - - distro: ubuntu - release: noble - sanitizers: "" -@@ -75,6 +77,7 @@ jobs: - cflags: "-Og" - relabel: no - vm: 0 -+ skip: TEST-21-DFUZZER - - distro: fedora - release: "41" - sanitizers: "" -@@ -82,6 +85,7 @@ jobs: - cflags: "-Og" - relabel: yes - vm: 0 -+ skip: TEST-21-DFUZZER - - distro: fedora - release: rawhide - sanitizers: address,undefined -@@ -96,6 +100,7 @@ jobs: - cflags: "-Og" - relabel: no - vm: 0 -+ skip: TEST-21-DFUZZER - - distro: centos - release: "9" - sanitizers: "" -@@ -103,6 +108,7 @@ jobs: - cflags: "-Og" - relabel: yes - vm: 0 -+ skip: TEST-21-DFUZZER - - distro: centos - release: "10" - sanitizers: "" -@@ -110,6 +116,7 @@ jobs: - cflags: "-Og" - relabel: yes - vm: 0 -+ skip: TEST-21-DFUZZER - - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 -@@ -195,6 +202,7 @@ jobs: - mkosi sandbox \ - env \ - TEST_PREFER_QEMU=${{ matrix.vm }} \ -+ TEST_SKIP=${{ matrix.skip }} \ - meson test \ - -C build \ - --no-rebuild \ -diff --git a/test/TEST-21-DFUZZER/meson.build b/test/TEST-21-DFUZZER/meson.build -index f57be63380222..932f0c5f0e407 100644 ---- a/test/TEST-21-DFUZZER/meson.build -+++ b/test/TEST-21-DFUZZER/meson.build -@@ -6,6 +6,5 @@ integration_tests += [ - 'timeout' : 3600, - 'priority' : 50, - 'vm' : true, -- 'enabled' : false, - }, - ] - -From 0d6306c37144494e8b029a5f73aec40372587203 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 9 Jan 2025 15:13:18 +0100 -Subject: [PATCH 11/22] fmf: Move meson logs and failed test journals to test - artifacts dir - -(cherry picked from commit 0e444c948e7d8ddbdec83116b68af7d876e2d2f6) ---- - test/fmf/integration-tests/test.sh | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 8cea79cf30274..762016f2a5c1c 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -125,6 +125,11 @@ mkosi -f sandbox \ - --suite integration-tests \ - --print-errorlogs \ - --no-stdsplit \ -- --num-processes "$(($(nproc) - 1))" -+ --num-processes "$(($(nproc) - 1))" && EC=0 || EC=$? -+ -+find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; -+find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; - - popd -+ -+exit "$EC" - -From 80d2d53b0d8573b69597a37f6ced38df97ad2746 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 9 Jan 2025 15:24:51 +0100 -Subject: [PATCH 12/22] fmf: Log clock source - -(cherry picked from commit 6e761c5a93278fc719a66f7c984af9608b836991) ---- - test/fmf/integration-tests/test.sh | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 762016f2a5c1c..d1e43b1d7dbc9 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -11,6 +11,8 @@ echo "CPU and Memory information:" - lscpu - lsmem - -+echo "Clock source: $(cat /sys/devices/system/clocksource/clocksource0/current_clocksource)" -+ - # Allow running the integration tests downstream in dist-git with something like - # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: - # - -From 0584ff62f23838d2a85d48ce22a56aeb61e6f3e7 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 9 Jan 2025 16:24:22 +0100 -Subject: [PATCH 13/22] tree-wide: Fix python formatting - -The new release of ruff formats a few more things which causes linter -failures in CI so let's fix those formatting nits. - -(cherry picked from commit 96403d5121d93dd47dbe9dab5b90ff973e664ac3) ---- - src/ukify/ukify.py | 6 +++--- - test/integration-test-wrapper.py | 6 +++--- - 2 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py -index 3f36aa7af6b08..be4e30eb8e36e 100755 ---- a/src/ukify/ukify.py -+++ b/src/ukify/ukify.py -@@ -763,7 +763,7 @@ def call_systemd_measure(uki: UKI, opts: UkifyConfig, profile_start: int = 0) -> - cmd = [ - measure_tool, - 'calculate', -- *(f"--{s.name.removeprefix('.')}={s.content}" for s in to_measure.values()), -+ *(f'--{s.name.removeprefix(".")}={s.content}' for s in to_measure.values()), - *(f'--bank={bank}' for bank in banks), - # For measurement, the keys are not relevant, so we can lump all the phase paths - # into one call to systemd-measure calculate. -@@ -786,7 +786,7 @@ def call_systemd_measure(uki: UKI, opts: UkifyConfig, profile_start: int = 0) -> - cmd = [ - measure_tool, - 'sign', -- *(f"--{s.name.removeprefix('.')}={s.content}" for s in to_measure.values()), -+ *(f'--{s.name.removeprefix(".")}={s.content}' for s in to_measure.values()), - *(f'--bank={bank}' for bank in banks), - ] - -@@ -1284,7 +1284,7 @@ def make_uki(opts: UkifyConfig) -> None: - os.umask(umask := os.umask(0)) - os.chmod(opts.output, 0o777 & ~umask) - -- print(f"Wrote {'signed' if sign_args_present else 'unsigned'} {opts.output}") -+ print(f'Wrote {"signed" if sign_args_present else "unsigned"} {opts.output}') - - - @contextlib.contextmanager -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index 5fa0325b889e5..d9d92fcba3b0e 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -429,7 +429,7 @@ def main() -> None: - dropin += textwrap.dedent( - f""" - [Service] -- Environment=TEST_MATCH_SUBTEST={os.environ["TEST_MATCH_SUBTEST"]} -+ Environment=TEST_MATCH_SUBTEST={os.environ['TEST_MATCH_SUBTEST']} - """ - ) - -@@ -437,7 +437,7 @@ def main() -> None: - dropin += textwrap.dedent( - f""" - [Service] -- Environment=TEST_MATCH_TESTCASE={os.environ["TEST_MATCH_TESTCASE"]} -+ Environment=TEST_MATCH_TESTCASE={os.environ['TEST_MATCH_TESTCASE']} - """ - ) - -@@ -568,7 +568,7 @@ def main() -> None: - - ops += [f'journalctl --file {journal_file} --no-hostname -o short-monotonic -u {args.unit} -p info'] - -- print("Test failed, relevant logs can be viewed with: \n\n" f"{(' && '.join(ops))}\n", file=sys.stderr) -+ print(f'Test failed, relevant logs can be viewed with: \n\n{(" && ".join(ops))}\n', file=sys.stderr) - - # 0 also means we failed so translate that to a non-zero exit code to mark the test as failed. - exit(result.returncode or 1) - -From eb15a87fb0ba3d37b58e0b74f6c796f6d632c273 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 10 Jan 2025 14:27:33 +0100 -Subject: [PATCH 14/22] test: Add option to save in progress test journals to - /tmp - -The journal isn't the best at being fast, especially when writing -to disk and not to memory, which can cause integration tests to -grind to a halt on beefy systems due to all the systemd-journal-remote -instances not being able to write journal entries to disk fast enough. - -Let's introduce an option to allow writing in progress test journals -to use /tmp which can be used on beefy systems with lots of memory to -speed things up. - -(cherry picked from commit e49fdecd161b3d391e55311652fda3220d851fa1) ---- - test/README.testsuite | 4 ++++ - test/integration-test-wrapper.py | 12 +++++++++++- - 2 files changed, 15 insertions(+), 1 deletion(-) - -diff --git a/test/README.testsuite b/test/README.testsuite -index 6b367aa6738fa..e33c08f33a20e 100644 ---- a/test/README.testsuite -+++ b/test/README.testsuite -@@ -151,6 +151,10 @@ that make use of `run_testcases`. - - `TEST_SKIP_TESTCASE=testcase`: takes a space separated list of testcases to skip. - -+`TEST_JOURNAL_USE_TMP=1`: Write test journal to `/tmp` while the test is in -+progress and only move the journal to its final location in the build directory -+(`$BUILD_DIR/test/journal`) when the test is finished. -+ - ### SELinux AVCs - - To have `TEST-06-SELINUX` check for SELinux denials, write the following to -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index d9d92fcba3b0e..1c28cf3776e80 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -10,6 +10,7 @@ - import os - import re - import shlex -+import shutil - import subprocess - import sys - import tempfile -@@ -441,7 +442,11 @@ def main() -> None: - """ - ) - -- journal_file = (args.meson_build_dir / (f'test/journal/{name}.journal')).absolute() -+ if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': -+ journal_file = Path(f'/tmp/systemd-integration-tests/journal/{name.journal}') -+ else: -+ journal_file = (args.meson_build_dir / f'test/journal/{name}.journal').absolute() -+ - journal_file.unlink(missing_ok=True) - - if not sys.stderr.isatty(): -@@ -551,6 +556,11 @@ def main() -> None: - ): - journal_file.unlink(missing_ok=True) - -+ if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': -+ dst = args.meson_build_dir / f'test/journal/{name}.journal' -+ dst.parent.mkdir(parents=True, exist_ok=True) -+ shutil.move(journal_file, dst) -+ - if shell or (result.returncode in (args.exit_code, 77) and not coredumps and not sanitizer): - exit(0 if shell or result.returncode == args.exit_code else 77) - - -From ce86b8086e92c84e33385fb48467384abe74ca6d Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 10 Jan 2025 14:29:58 +0100 -Subject: [PATCH 15/22] test: Don't register machines with machined unless - we're in interactive mode - -(cherry picked from commit 84b30442d257102a9a39122f9a537fa48fb0bfda) ---- - test/integration-test-wrapper.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index 1c28cf3776e80..94904cfbc4c05 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -516,7 +516,7 @@ def main() -> None: - ] - ), - '--credential', f"journal.storage={'persistent' if sys.stderr.isatty() else args.storage}", -- *(['--runtime-build-sources=no'] if not sys.stderr.isatty() else []), -+ *(['--runtime-build-sources=no', '--register=no'] if not sys.stderr.isatty() else []), - 'vm' if args.vm or os.getuid() != 0 or os.getenv('TEST_PREFER_QEMU', '0') == '1' else 'boot', - ] # fmt: skip - - -From 504eee6eb099c80b48d8bf7e82ca9e0d6549e076 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 10 Jan 2025 14:51:24 +0100 -Subject: [PATCH 16/22] test: Move StateDirectory= directive into dropin - -The integration-test-setup calls require StateDirectory= but some -tests override the test unit used which then won't have StateDirectory= -so let's move StateDirectory= into the dropin as well to avoid this -issue. - -(cherry picked from commit 1f17ec0ed419627a686ee6e719ac7f55cf082ada) ---- - test/integration-test-wrapper.py | 1 + - test/test.service.in | 1 - - 2 files changed, 1 insertion(+), 1 deletion(-) - -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index 94904cfbc4c05..610c34c903425 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -470,6 +470,7 @@ def main() -> None: - [Service] - ExecStartPre=/usr/lib/systemd/tests/testdata/integration-test-setup.sh setup - ExecStopPost=/usr/lib/systemd/tests/testdata/integration-test-setup.sh finalize -+ StateDirectory=%N - """ - ) - -diff --git a/test/test.service.in b/test/test.service.in -index 75f703698f687..790c513da4338 100644 ---- a/test/test.service.in -+++ b/test/test.service.in -@@ -10,4 +10,3 @@ ExecStartPre=rm -f /failed /testok - ExecStart=@command@ - Type=oneshot - MemoryAccounting=@memory-accounting@ --StateDirectory=%N - -From 4fc1059282f5e39b3385fe175d377de96461f68b Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 10 Jan 2025 15:26:37 +0100 -Subject: [PATCH 17/22] fmf: Bump inotify limits to avoid systemd-nspawn - failures - -(cherry picked from commit c32a8cdaa0f03ae29e9edade1213cc2001b28000) ---- - test/fmf/integration-tests/test.sh | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index d1e43b1d7dbc9..34bf1abfa8943 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -13,6 +13,10 @@ lsmem - - echo "Clock source: $(cat /sys/devices/system/clocksource/clocksource0/current_clocksource)" - -+# Bump inotify limits so nspawn containers don't run out of inotify file descriptors. -+sysctl fs.inotify.max_user_watches=65536 -+sysctl fs.inotify.max_user_instances=1024 -+ - # Allow running the integration tests downstream in dist-git with something like - # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: - # - -From 7f3639f9a0ead8ea70f2d975de4271bb7d8ab05b Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 10 Jan 2025 15:26:54 +0100 -Subject: [PATCH 18/22] fmf: Use different heuristic on beefy systems - -If we save journals in /tmp, we can run a larger number of tests in -parallel so let's make use of the larger number of CPUs if the tests -run on a beefy machine. - -(cherry picked from commit 53546c71fe0a1b30ee296df84bb8c3577f5675a4) ---- - test/fmf/integration-tests/test.sh | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 34bf1abfa8943..06a98bfd7a0be 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -116,6 +116,14 @@ if [[ ! -e /dev/kvm ]]; then - export TEST_NO_QEMU=1 - fi - -+NPROC="$(nproc)" -+if [[ "$NPROC" -ge 10 ]]; then -+ export TEST_JOURNAL_USE_TMP=1 -+ NPROC="$((NPROC / 3))" -+else -+ NPROC="$((NPROC - 1))" -+fi -+ - # Create missing mountpoint for mkosi sandbox. - mkdir -p /etc/pacman.d/gnupg - -@@ -131,7 +139,7 @@ mkosi -f sandbox \ - --suite integration-tests \ - --print-errorlogs \ - --no-stdsplit \ -- --num-processes "$(($(nproc) - 1))" && EC=0 || EC=$? -+ --num-processes "$NPROC" && EC=0 || EC=$? - - find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; - find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; - -From 3661dcc1cbf43dca2a9a77c3dffe50cbe1a7ea18 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 10 Jan 2025 15:29:28 +0100 -Subject: [PATCH 19/22] fmf: Skip TEST-21-DFUZZER - -Similar to Github Actions, since we don't build with sanitizers in -the packit job, let's skip TEST-21-DFUZZER. - -(cherry picked from commit e0c2fd6a3345d26afdf4159406c38cd9101d2e0d) ---- - test/fmf/integration-tests/test.sh | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 06a98bfd7a0be..f82961f9599d0 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -124,6 +124,10 @@ else - NPROC="$((NPROC - 1))" - fi - -+# This test is only really useful if we're building with sanitizers and takes a long time, so let's skip it -+# for now. -+export TEST_SKIP="TEST-21-DFUZZER" -+ - # Create missing mountpoint for mkosi sandbox. - mkdir -p /etc/pacman.d/gnupg - - -From 25c8ee9dc089b593940cefefb2dba7660768a7a8 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Mon, 13 Jan 2025 10:33:20 +0100 -Subject: [PATCH 20/22] test: Fix bug in integration test wrapper - -(cherry picked from commit 79ac78e3680a425d86c7a90e6846c630c9583b48) ---- - test/integration-test-wrapper.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index 610c34c903425..5321faef57818 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -443,7 +443,7 @@ def main() -> None: - ) - - if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': -- journal_file = Path(f'/tmp/systemd-integration-tests/journal/{name.journal}') -+ journal_file = Path(f'/tmp/systemd-integration-tests/journal/{name}.journal') - else: - journal_file = (args.meson_build_dir / f'test/journal/{name}.journal').absolute() - - -From 051ad7661f7cf29b6cbf99c70a6a504f777bc240 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Tue, 14 Jan 2025 09:52:40 +0100 -Subject: [PATCH 21/22] test: Only move journal file if we didn't just unlink - it - -(cherry picked from commit 1d77ac19cfa1c9b194d7e9805430ab6fd38ba97e) ---- - test/integration-test-wrapper.py | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index 5321faef57818..a7bf5ea6060d4 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -556,8 +556,7 @@ def main() -> None: - and not sanitizer - ): - journal_file.unlink(missing_ok=True) -- -- if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': -+ elif os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': - dst = args.meson_build_dir / f'test/journal/{name}.journal' - dst.parent.mkdir(parents=True, exist_ok=True) - shutil.move(journal_file, dst) - -From 6cd2c87e4ef1379520c98316ac5d6bcf21ef1bd1 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Tue, 14 Jan 2025 11:41:17 +0100 -Subject: [PATCH 22/22] fmf: Only move logs if corresponding directory exists - -Otherwise find fails with an error. - -(cherry picked from commit 3c2fa8e0501f9f39b3b7ca0506a7d548a39af928) ---- - test/fmf/integration-tests/test.sh | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index f82961f9599d0..aff79340f79fe 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -145,8 +145,8 @@ mkosi -f sandbox \ - --no-stdsplit \ - --num-processes "$NPROC" && EC=0 || EC=$? - --find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; --find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; -+[[ -d build/meson-logs ]] && find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; -+[[ -d build/test/journal ]] && find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; - - popd - diff --git a/sources b/sources index b8843e6..ab9fabe 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.2.tar.gz) = 4f47fcd9a4148101ee7b85cf5908a04ec9e025dc7a5a2e8e61c05439cfd427851b6d356bb96a0dfae55566bbf6d3c93a13251d220840c09296e94f80bd4a5945 +SHA512 (systemd-257.3.tar.gz) = ef395998df4b24537147fa3b2e3ae2d100d3345f386fc39018bca0fe8092b7874bf9a6e6058a142342b3a0caebe1312ea9519bcbb4327a9d3649f593c49b3dab diff --git a/systemd.spec b/systemd.spec index dfe0393..b69e405 100644 --- a/systemd.spec +++ b/systemd.spec @@ -53,7 +53,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:257.2} +Version: %{?version_override}%{!?version_override:257.3} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif @@ -126,14 +126,6 @@ Patch: 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch - -# Backport various fmf fixes to allow running the integration tests in Fedora CI. -Patch: https://github.com/systemd/systemd/pull/35938.patch - -# https://github.com/systemd/systemd/pull/36194 -# https://bugzilla.redhat.com/show_bug.cgi?id=2336875 -# add Georgian mapping to kbd-model-map -Patch: 0001-kbd-model-map-add-a-georgian-mapping.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From 49ec9f3286e6c18e48f3ee3a08da950d0113f853 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 13 Feb 2025 20:56:21 +0100 Subject: [PATCH 050/148] Move some files into subpackages - systemd-ac-power is moved to systemd-udev - portablectl and importctl are moved to systemd-container (rhbz#2345551) ac-power clearly is only useful for real hardware. portablectl and importctl are niche tools that don't need to be in the main package (even though they could theoretically be used not for containers). --- split-files.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/split-files.py b/split-files.py index b08c2bd..2cdc655 100644 --- a/split-files.py +++ b/split-files.py @@ -137,6 +137,8 @@ for file in files(buildroot): elif re.search(r'''mymachines| machinectl| + importctl| + portablectl| systemd-nspawn| systemd-vmspawn| import-pubring.gpg| @@ -178,6 +180,7 @@ for file in files(buildroot): elif re.search(r'''udev(?!\.pc)| hwdb| + ac-power| bootctl| boot-update| bless-boot| From 5c40e0872889b20108072a64845b2c87aa162e1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 13 Feb 2025 21:10:02 +0100 Subject: [PATCH 051/148] Remove patch that is already upstream [skip changelog] --- ...ot-give-up-if-the-first-attempt-at-c.patch | 75 ------------------- systemd.spec | 1 - 2 files changed, 76 deletions(-) delete mode 100644 0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch diff --git a/0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch b/0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch deleted file mode 100644 index 76c2be1..0000000 --- a/0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 8ed12b37afea9ccc36789aad2cef0d60eb6c5073 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 18 Dec 2024 22:27:29 +0900 -Subject: [PATCH 1/2] update-utmp: do not give up if the first attempt at - connecting bus failed -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Otherwise, the program exits with failure if the first attempt in run() failed: -``` -Dec 18 20:27:37 systemd-update-utmp[254]: Bus n/a: changing state UNSET → OPENING -Dec 18 20:27:37 systemd-update-utmp[254]: sd-bus: starting bus by connecting to /run/systemd/private... -Dec 18 20:27:37 systemd-update-utmp[254]: Bus n/a: changing state OPENING → CLOSED -Dec 18 20:27:37 systemd-update-utmp[254]: Failed to get D-Bus connection: Connection refused -``` - -(cherry picked from commit 85d040dabd2cc67c89b7ed6157429b8f6f2240f4) ---- - src/update-utmp/update-utmp.c | 15 ++++++++++----- - 1 file changed, 10 insertions(+), 5 deletions(-) - -diff --git a/src/update-utmp/update-utmp.c b/src/update-utmp/update-utmp.c -index e40843cf35..a10e6d478a 100644 ---- a/src/update-utmp/update-utmp.c -+++ b/src/update-utmp/update-utmp.c -@@ -53,6 +53,12 @@ static int get_startup_monotonic_time(Context *c, usec_t *ret) { - assert(c); - assert(ret); - -+ if (!c->bus) { -+ r = bus_connect_system_systemd(&c->bus); -+ if (r < 0) -+ return log_warning_errno(r, "Failed to get D-Bus connection, ignoring: %m"); -+ } -+ - r = bus_get_property_trivial( - c->bus, - bus_systemd_mgr, -@@ -94,10 +100,13 @@ static int get_current_runlevel(Context *c) { - UINT64_C(100) * USEC_PER_MSEC + - random_u64_range(UINT64_C(1900) * USEC_PER_MSEC * n_attempts / MAX_ATTEMPTS); - (void) usleep_safe(usec); -+ } - -+ if (!c->bus) { - r = bus_connect_system_systemd(&c->bus); - if (r == -ECONNREFUSED && n_attempts < 64) { -- log_debug_errno(r, "Failed to reconnect to system bus, retrying after a slight delay: %m"); -+ log_debug_errno(r, "Failed to %s to system bus, retrying after a slight delay: %m", -+ n_attempts <= 1 ? "connect" : "reconnect"); - continue; - } - if (r < 0) -@@ -251,7 +260,6 @@ static int run(int argc, char *argv[]) { - .audit_fd = -EBADF, - #endif - }; -- int r; - - log_setup(); - -@@ -264,9 +272,6 @@ static int run(int argc, char *argv[]) { - log_full_errno(IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT) ? LOG_DEBUG : LOG_WARNING, - errno, "Failed to connect to audit log, ignoring: %m"); - #endif -- r = bus_connect_system_systemd(&c.bus); -- if (r < 0) -- return log_error_errno(r, "Failed to get D-Bus connection: %m"); - - return dispatch_verb(argc, argv, verbs, &c); - } --- -2.47.1 - diff --git a/systemd.spec b/systemd.spec index b69e405..2e85244 100644 --- a/systemd.spec +++ b/systemd.spec @@ -120,7 +120,6 @@ Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch # Backport of sysusers audit support for # https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers. -Patch: 0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch Patch: 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch # Those are downstream-only patches, but we don't want them in packit builds: From 3671a5cc790f4aa82cbf1a179a15e11a96b76438 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 14 Feb 2025 13:54:12 +0100 Subject: [PATCH 052/148] Move more auxiliary files into subpackages Follow-up for rhbz#2345551. Also split up some nested patterns into separate lines for readability. --- split-files.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/split-files.py b/split-files.py index 2cdc655..c1fc623 100644 --- a/split-files.py +++ b/split-files.py @@ -140,9 +140,17 @@ for file in files(buildroot): importctl| portablectl| systemd-nspawn| + systemd\.nspawn| systemd-vmspawn| + systemd-dissect| import-pubring.gpg| - systemd-(machined|import|pull)| + systemd-machined| + systemd-import| + systemd-export| + systemd-pull| + systemd-mountfsd| + systemd-mountwork| + systemd-nsresource| /machine.slice| /machines.target| var-lib-machines.mount| From ac9c438e27441491195cc924e77f5045226394c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 14 Feb 2025 19:02:31 +0100 Subject: [PATCH 053/148] Use dynamic spec generation for triggers This way we don't need a separate Source. --- systemd.spec | 13 ++------ triggers.systemd | 87 ------------------------------------------------ 2 files changed, 2 insertions(+), 98 deletions(-) delete mode 100644 triggers.systemd diff --git a/systemd.spec b/systemd.spec index 2e85244..204bf40 100644 --- a/systemd.spec +++ b/systemd.spec @@ -73,9 +73,6 @@ Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{s %else Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %endif -# This file must be available before %%prep. -# It is generated during systemd build and can be found in build/src/core/. -Source1: triggers.systemd Source2: split-files.py Source3: purge-nobody-user Source4: test_sysusers_defined.py @@ -884,12 +881,8 @@ CONFIGURE_OPTS=( %meson_build -new_triggers=%{_vpath_builddir}/src/rpm/triggers.systemd.sh -if ! diff -u %{SOURCE1} ${new_triggers}; then - echo -e "\n\n\nWARNING: triggers.systemd in Source1 is different!" - echo -e " cp $PWD/${new_triggers} %{SOURCE1}\n\n\n" - sleep 5 -fi +# Include the triggers +cp %{_vpath_builddir}/src/rpm/triggers.systemd.sh %{specpartsdir}/triggers.specpart sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user @@ -1096,8 +1089,6 @@ meson test -C %{_vpath_builddir} -t 6 --print-errorlogs ############################################################################################# -%include %{SOURCE1} - # This macro is newly added upstream so we can't rely on it being always being available # in the systemd-rpm-macros yet so we define it ourselves. %global systemd_posttrans_with_restart() \ diff --git a/triggers.systemd b/triggers.systemd deleted file mode 100644 index f8bb078..0000000 --- a/triggers.systemd +++ /dev/null @@ -1,87 +0,0 @@ -# -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */ -# SPDX-License-Identifier: LGPL-2.1-or-later -# -# This file is part of systemd. -# -# Copyright 2018 Neal Gompa - -# The contents of this are an example to be copied into systemd.spec. -# -# Minimum rpm version supported: 4.14.0 - -%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system -# This script will run after any package is initially installed or -# upgraded. We care about the case where a package is initially -# installed, because other cases are covered by the *un scriptlets, -# so sometimes we will reload needlessly. -/usr/lib/systemd/systemd-update-helper system-reload-restart || : - -%transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user -/usr/lib/systemd/systemd-update-helper user-reload-restart || : - -%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system -# On removal, we need to run daemon-reload after any units have been -# removed. -# On upgrade, we need to run daemon-reload after any new unit files -# have been installed, but before %postun scripts in packages get -# executed. -/usr/lib/systemd/systemd-update-helper system-reload || : - -%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user -# Execute daemon-reload in user managers. -/usr/lib/systemd/systemd-update-helper user-reload || : - -%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system -# We restart remaining system services that should be restarted here. -/usr/lib/systemd/systemd-update-helper system-restart || : - -%transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user /etc/systemd/user -# We restart remaining user services that should be restarted here. -/usr/lib/systemd/systemd-update-helper user-restart || : - -%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d -# This script will process files installed in /usr/lib/sysusers.d to create -# specified users automatically. The priority is set such that it -# will run before the tmpfiles file trigger. -systemd-sysusers || : - -%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d -# This script will automatically invoke hwdb update if files have been -# installed or updated in /usr/lib/udev/hwdb.d. -systemd-hwdb update || : - -%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog -# This script will automatically invoke journal catalog update if files -# have been installed or updated in /usr/lib/systemd/catalog. -journalctl --update-catalog || : - -%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d -# This script will automatically apply binfmt rules if files have been -# installed or updated in /usr/lib/binfmt.d. -if test -d "/run/systemd/system"; then - # systemd-binfmt might fail if binfmt_misc kernel module is not loaded - # during install - /usr/lib/systemd/systemd-binfmt || : -fi - -%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d -# This script will process files installed in /usr/lib/tmpfiles.d to create -# tmpfiles automatically. The priority is set such that it will run -# after the sysusers file trigger, but before any other triggers. -if test -d "/run/systemd/system"; then - systemd-tmpfiles --create || : -fi - -%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d -# This script will automatically update udev with new rules if files -# have been installed or updated in /usr/lib/udev/rules.d. -if test -e /run/udev/control; then - udevadm control --reload || : -fi - -%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d -# This script will automatically apply sysctl rules if files have been -# installed or updated in /usr/lib/sysctl.d. -if test -d "/run/systemd/system"; then - /usr/lib/systemd/systemd-sysctl || : -fi From eba17216783bac0e531a29ad3ac330147ed31d95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 14 Feb 2025 19:33:03 +0100 Subject: [PATCH 054/148] Split out -sysusers and -shared ... (rhbz#2344322) rpm-libs has Requires:/usr/bin/systemd-sysusers. We split split out /usr/bin/systemd-sysusers (the normal version) to a subpackage, and the shared library /usr/lib64/systemd/libsystemd-shared-257.2-14.fc42.so to a second subpackage. (In preparation for maybe making further splits later.) systemd-sysusers+libsystemd-shared.so is 4.8MB, but libsystemd-shared.so also pulls in a bunch of libraries. We'll find out what the actual change in installation footprint (compared to systemd-standalone-sysusers) really is when we build some images with the new split. --- split-files.py | 14 +++++++++++++- systemd.spec | 28 +++++++++++++++++++++++++--- 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/split-files.py b/split-files.py index c1fc623..9114c99 100644 --- a/split-files.py +++ b/split-files.py @@ -57,12 +57,14 @@ def files(root): outputs = {suffix: open(f'.file-list-{suffix}', 'w') for suffix in ( + 'shared', 'libs', 'udev', 'ukify', 'boot', 'pam', 'rpm-macros', + 'sysusers', 'devel', 'container', 'networkd', @@ -122,8 +124,10 @@ for file in files(buildroot): o = outputs['tests'] elif 'ukify' in n: o = outputs['ukify'] - elif re.search(r'/libsystemd-(shared|core)-.*\.so$', n): + elif re.search(r'/libsystemd-core-.*\.so$', n): o = outputs['main'] + elif re.search(r'/libsystemd-shared-.*\.so$', n): + o = outputs['shared'] elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n): o = outputs['udev'] elif re.search(r'/lib.*\.pc|/man3/|/usr/include|\.so$', n): @@ -135,6 +139,14 @@ for file in files(buildroot): ''', n, re.X): o = outputs['remote'] + # Just the binary, the dir, and the man page. + elif re.search(r'''systemd-sysusers$| + sysusers\.d$| + man/.*sysusers\.d\.5| + man/.*systemd-sysusers\.8 + ''', n, re.X): + o = outputs['sysusers'] + elif re.search(r'''mymachines| machinectl| importctl| diff --git a/systemd.spec b/systemd.spec index 204bf40..a3310a2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -253,6 +253,8 @@ Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) Requires: %{name}-libs%{_isa} = %{version}-%{release} %{?fedora:Recommends: %{name}-networkd = %{version}-%{release}} %{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} +Requires: %{name}-shared%{_isa} = %{version}-%{release} +Requires: %{name}-sysusers%{_isa} = %{version}-%{release} Recommends: diffutils Requires: (util-linux-core or util-linux) Provides: /bin/systemctl @@ -264,7 +266,7 @@ Provides: system-setup-keyboard = 0.9 # systemd-sysv-convert was removed in f20: https://fedorahosted.org/fpc/ticket/308 Obsoletes: systemd-sysv < 206 # self-obsoletes so that dnf will install new subpackages on upgrade (#1260394) -Obsoletes: %{name} < 249~~ +Obsoletes: systemd < 257.3-4 Provides: systemd-sysv = 206 Conflicts: initscripts < 9.56.1 %if 0%{?fedora} @@ -290,8 +292,6 @@ Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 Conflicts: %{name}-standalone-tmpfiles Provides: %{name}-tmpfiles = %{version}-%{release} -Conflicts: %{name}-standalone-sysusers -Provides: %{name}-sysusers = %{version}-%{release} Conflicts: %{name}-standalone-shutdown Provides: %{name}-shutdown = %{version}-%{release} @@ -371,6 +371,13 @@ Provides: nss-myhostname%{_isa} = 0.4 %description libs Libraries for systemd and udev. +%package shared +Summary: Internal systemd shared library +License: LGPL-2.1-or-later AND MIT + +%description shared +Internal libraries used by various systemd binaries. + %package pam Summary: systemd PAM module Requires: %{name} = %{version}-%{release} @@ -389,6 +396,15 @@ See https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_systemd for information how to use those macros. +%package sysusers +Summary: systemd-sysusers program +Requires: %{name}-shared%{_isa} = %{version}-%{release} +Conflicts: %{name}-standalone-sysusers +Obsoletes: systemd < 257.3-4 + +%description sysusers +This package contains the systemd-sysusers program. + %package devel Summary: Development headers for systemd License: LGPL-2.1-or-later AND MIT @@ -1322,10 +1338,16 @@ fi %files libs -f .file-list-libs %license LICENSE.LGPL2.1 +%files shared -f .file-list-shared +%license LICENSE.LGPL2.1 +%license LICENSES/MIT.txt + %files pam -f .file-list-pam %files rpm-macros -f .file-list-rpm-macros +%files sysusers -f .file-list-sysusers + %files resolved -f .file-list-resolve %files devel -f .file-list-devel From 6201755b365a7cf57aa925490e88624dacfd0e70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 16 Feb 2025 14:30:07 +0100 Subject: [PATCH 055/148] Allow co-installation of systemd-sysusers-standalone and systemd Previously, /usr/bin/systemd-sysusers was provided by both systemd and systemd-standalone-sysusers, creating a file conflict, and the packages declared Conflicts. This changed when systemd-sysusers was split out to a separate subpackage. So we don't need the Conflicts and can allow a "cross installation" of systemd-sysusers-standalone and and the other "normal" systemd subpackages. This should solve https://bugzilla.redhat.com/show_bug.cgi?id=2344322 without requiring changes in the container definitions. (Though those changes probably should be made anyway. If we end up installing systemd, we probably want to use shared systemd-sysusers, to avoid wasting space.) --- systemd.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index a3310a2..af3e1cb 100644 --- a/systemd.spec +++ b/systemd.spec @@ -254,7 +254,10 @@ Requires: %{name}-libs%{_isa} = %{version}-%{release} %{?fedora:Recommends: %{name}-networkd = %{version}-%{release}} %{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} Requires: %{name}-shared%{_isa} = %{version}-%{release} -Requires: %{name}-sysusers%{_isa} = %{version}-%{release} +Requires: /usr/bin/systemd-sysusers +# The standalone version doesn't Provide the _isa suffix, +# so this biases towards the common version. +Recommends: %{name}-sysusers%{_isa} = %{version}-%{release} Recommends: diffutils Requires: (util-linux-core or util-linux) Provides: /bin/systemctl @@ -710,7 +713,6 @@ main systemd package and is meant for use on systems without systemd. %package standalone-sysusers Summary: Standalone systemd-sysusers binary for use on systems without systemd Provides: %{name}-sysusers = %{version}-%{release} -Conflicts: %{name} Suggests: coreutils-single RemovePathPostfixes: .standalone From 6c7c4a510d8337f6d5e3e5ad08ee56ecb69335bd Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 19 Feb 2025 09:41:47 +0100 Subject: [PATCH 056/148] Do not use dynamic spec generation for non-upstream builds This reverts commit ac9c438e27441491195cc924e77f5045226394c9. --- systemd.spec | 18 ++++++++++ triggers.systemd | 87 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100644 triggers.systemd diff --git a/systemd.spec b/systemd.spec index af3e1cb..2340972 100644 --- a/systemd.spec +++ b/systemd.spec @@ -73,6 +73,9 @@ Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{s %else Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %endif +# This file must be available before %%prep. +# It is generated during systemd build and can be found at build/src/rpm/triggers.systemd.sh. +Source1: triggers.systemd Source2: split-files.py Source3: purge-nobody-user Source4: test_sysusers_defined.py @@ -899,8 +902,19 @@ CONFIGURE_OPTS=( %meson_build +# If dynamic spec generation is available, directly pick up the triggers +# from the build directory for upstream builds. +%if %{with upstream} && (0%{?fedora} >= 41 || 0%{?rhel} >= 11) # Include the triggers cp %{_vpath_builddir}/src/rpm/triggers.systemd.sh %{specpartsdir}/triggers.specpart +%else +new_triggers=%{_vpath_builddir}/src/rpm/triggers.systemd.sh +if ! diff -u %{SOURCE1} ${new_triggers}; then + echo -e "\n\n\nWARNING: triggers.systemd in Source1 is different!" + echo -e " cp $PWD/${new_triggers} %{SOURCE1}\n\n\n" + sleep 5 +fi +%endif sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user @@ -1107,6 +1121,10 @@ meson test -C %{_vpath_builddir} -t 6 --print-errorlogs ############################################################################################# +%if %{without upstream} || (0%{?fedora} < 41 && 0%{?rhel} < 11) +%include %{SOURCE1} +%endif + # This macro is newly added upstream so we can't rely on it being always being available # in the systemd-rpm-macros yet so we define it ourselves. %global systemd_posttrans_with_restart() \ diff --git a/triggers.systemd b/triggers.systemd new file mode 100644 index 0000000..f8bb078 --- /dev/null +++ b/triggers.systemd @@ -0,0 +1,87 @@ +# -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# Copyright 2018 Neal Gompa + +# The contents of this are an example to be copied into systemd.spec. +# +# Minimum rpm version supported: 4.14.0 + +%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system +# This script will run after any package is initially installed or +# upgraded. We care about the case where a package is initially +# installed, because other cases are covered by the *un scriptlets, +# so sometimes we will reload needlessly. +/usr/lib/systemd/systemd-update-helper system-reload-restart || : + +%transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user +/usr/lib/systemd/systemd-update-helper user-reload-restart || : + +%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system +# On removal, we need to run daemon-reload after any units have been +# removed. +# On upgrade, we need to run daemon-reload after any new unit files +# have been installed, but before %postun scripts in packages get +# executed. +/usr/lib/systemd/systemd-update-helper system-reload || : + +%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user +# Execute daemon-reload in user managers. +/usr/lib/systemd/systemd-update-helper user-reload || : + +%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system +# We restart remaining system services that should be restarted here. +/usr/lib/systemd/systemd-update-helper system-restart || : + +%transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user /etc/systemd/user +# We restart remaining user services that should be restarted here. +/usr/lib/systemd/systemd-update-helper user-restart || : + +%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d +# This script will process files installed in /usr/lib/sysusers.d to create +# specified users automatically. The priority is set such that it +# will run before the tmpfiles file trigger. +systemd-sysusers || : + +%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d +# This script will automatically invoke hwdb update if files have been +# installed or updated in /usr/lib/udev/hwdb.d. +systemd-hwdb update || : + +%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog +# This script will automatically invoke journal catalog update if files +# have been installed or updated in /usr/lib/systemd/catalog. +journalctl --update-catalog || : + +%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d +# This script will automatically apply binfmt rules if files have been +# installed or updated in /usr/lib/binfmt.d. +if test -d "/run/systemd/system"; then + # systemd-binfmt might fail if binfmt_misc kernel module is not loaded + # during install + /usr/lib/systemd/systemd-binfmt || : +fi + +%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d +# This script will process files installed in /usr/lib/tmpfiles.d to create +# tmpfiles automatically. The priority is set such that it will run +# after the sysusers file trigger, but before any other triggers. +if test -d "/run/systemd/system"; then + systemd-tmpfiles --create || : +fi + +%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d +# This script will automatically update udev with new rules if files +# have been installed or updated in /usr/lib/udev/rules.d. +if test -e /run/udev/control; then + udevadm control --reload || : +fi + +%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d +# This script will automatically apply sysctl rules if files have been +# installed or updated in /usr/lib/sysctl.d. +if test -d "/run/systemd/system"; then + /usr/lib/systemd/systemd-sysctl || : +fi From 5671cf6132e2a1b915b39fe5a46a1fe9b6fa50bf Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 25 Feb 2025 13:18:40 +0100 Subject: [PATCH 057/148] List the fallback Source0 first packit will only rewrite the first Source0 that it finds, so we list the Source0 that gets used if neither %branch nor %commit are defined first. --- systemd.spec | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index 2340972..4e4020a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -66,12 +66,14 @@ License: LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later Summary: System and Service Manager # download tarballs with "spectool -g systemd.spec" -%if %{defined branch} +# packit will always rewrite the first Source0 it finds, ignoring any conditionals so list +# the fallback source that's used if neither %%branch nor %%commit are defined first. +%if %{undefined branch} && %{undefined commit} +Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz +%elif %{defined branch} Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz %elif %{defined commit} Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{shortcommit}.tar.gz -%else -Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %endif # This file must be available before %%prep. # It is generated during systemd build and can be found at build/src/rpm/triggers.systemd.sh. From 9b6884d2e1c1664cf07ef90e28ab072eda61431f Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 25 Feb 2025 17:25:34 +0100 Subject: [PATCH 058/148] Stop using version_no_tilde for github archives None of the systemd git tags have tildes in them, so there's no need to use version_no_tilde for these. This is another change to make packit work as the archive it sets up for us based on the systemd upstream packit config file does have a tilde in its name which then makes %prep fail as we transform the tilde to a hyphen and then fail to find the systemd source directory. """ + /usr/lib/rpm/rpmuncompress -x /builddir/build/SOURCES/systemd-258~devel.tar.gz + STATUS=0 + '[' 0 -ne 0 ']' + cd systemd-258-devel /var/tmp/rpm-tmp.gw7KSw: line 42: cd: systemd-258-devel: No such file or directory """ --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 4e4020a..1f39a7a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -69,7 +69,7 @@ Summary: System and Service Manager # packit will always rewrite the first Source0 it finds, ignoring any conditionals so list # the fallback source that's used if neither %%branch nor %%commit are defined first. %if %{undefined branch} && %{undefined commit} -Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz +Source0: https://github.com/systemd/systemd/archive/v%{version}/%{name}-%{version}.tar.gz %elif %{defined branch} Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz %elif %{defined commit} @@ -744,7 +744,7 @@ main systemd package and is meant for use in exitrds. %elif %{defined commit} %autosetup -n %{name}-%{commit} -p1 %else -%autosetup -n %{name}-%{version_no_tilde} -p1 +%autosetup -n %{name}-%{version} -p1 %endif # Disable user lockdown until rpm implements it natively. From 8230f501b6cc6e47f2073a388f0f61c1c204013c Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 3 Mar 2025 21:46:20 +0100 Subject: [PATCH 059/148] Make sure we pull in libbpf >= 1.5.0 if libbpf is installed libbpf 1.4.0 + systemd 257 + a newer kernel results in segmentation faults in libbpf 1.4.0, so let's explicitly pull in libbpf 1.5.0 or newer to avoid this issue. Fixes https://pagure.io/centos-sig-hyperscale/package-bugs/issue/22 --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index 1f39a7a..0000937 100644 --- a/systemd.spec +++ b/systemd.spec @@ -265,6 +265,7 @@ Requires: /usr/bin/systemd-sysusers Recommends: %{name}-sysusers%{_isa} = %{version}-%{release} Recommends: diffutils Requires: (util-linux-core or util-linux) +Requires: (libbpf >= 1.5.0 if libbpf) Provides: /bin/systemctl Provides: /sbin/shutdown Provides: syslog From 0d95af264fda2c8b3ecfedf9cc45ee450c933753 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 4 Mar 2025 13:02:20 +0100 Subject: [PATCH 060/148] Include epoch in versioned libbpf dependency """ $ rpmdev-vercmp '2:1.4.6-1.fc42' '1.5.0' 2:1.4.6-1.fc42 > 1.5.0 $ rpmdev-vercmp '2:1.4.6-1.fc42' '2:1.5.0' 2:1.4.6-1.fc42 < 2:1.5.0 """ --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 0000937..371ea43 100644 --- a/systemd.spec +++ b/systemd.spec @@ -265,7 +265,7 @@ Requires: /usr/bin/systemd-sysusers Recommends: %{name}-sysusers%{_isa} = %{version}-%{release} Recommends: diffutils Requires: (util-linux-core or util-linux) -Requires: (libbpf >= 1.5.0 if libbpf) +Requires: (libbpf >= 2:1.5.0 if libbpf) Provides: /bin/systemctl Provides: /sbin/shutdown Provides: syslog From 1f8d2b0ebd8942b390f65a1a82f8b8b746d965cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 25 Feb 2025 11:47:02 +0100 Subject: [PATCH 061/148] Make self-obsoletes for the sysusers split conditional In CI builds we have %version that it smaller than 257.3-4 when the split happened, and this causes problems when the packages are installed: Failed to resolve the transaction: Problem: package systemd-sysusers-257-1.20250225060108317145.pr36507.1659.g4635c37946.fc43.x86_64 from @commandline obsoletes systemd < 257.3-4 provided by systemd-257-1.20250225060108317145.pr36507.1659.g4635c37946.fc43.x86_64 from @commandline - conflicting requests I'm not sure if we even need the self-Obsoletes. We have a Requires and Recommends in the main systemd package that will cause on of the providers of /usr/bin/systemd-sysusers to be installed, and the non-standalone version is preferred. But it's possible that if recommends are disabled, the non-standalone package could be installed for some reason. So let's keep the self-Obsoletes for now. Another caveat is that it's not clear if v-string comparisons require %[] as a wrapper. Some chat in #fedora-devel suggested that that's the case, but things seem to work without it. --- systemd.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 371ea43..cc7c33b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -274,9 +274,11 @@ Obsoletes: system-setup-keyboard < 0.9 Provides: system-setup-keyboard = 0.9 # systemd-sysv-convert was removed in f20: https://fedorahosted.org/fpc/ticket/308 Obsoletes: systemd-sysv < 206 +Provides: systemd-sysv = 206 +%if v"%{version}" >= v"257.3" # self-obsoletes so that dnf will install new subpackages on upgrade (#1260394) Obsoletes: systemd < 257.3-4 -Provides: systemd-sysv = 206 +%endif Conflicts: initscripts < 9.56.1 %if 0%{?fedora} Conflicts: fedora-release < 23-0.12 @@ -409,7 +411,9 @@ for information how to use those macros. Summary: systemd-sysusers program Requires: %{name}-shared%{_isa} = %{version}-%{release} Conflicts: %{name}-standalone-sysusers +%if v"%{version}" >= v"257.3" Obsoletes: systemd < 257.3-4 +%endif %description sysusers This package contains the systemd-sysusers program. From ec182495e7ffaffa5d85feb2e25d1f6dd3ca47ae Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 5 Mar 2025 12:31:55 +0100 Subject: [PATCH 062/148] Drop libbpf versioned dependency version to 1.4.7 We don't need 1.5.0 to avoid the libbpf crash, the latest libbpf 1.4 patch release (1.4.7) also has the necessary fixes, so relax the requirement a little to allow builds on Fedora 41 to succeed. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index cc7c33b..4a6d0e3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -265,7 +265,7 @@ Requires: /usr/bin/systemd-sysusers Recommends: %{name}-sysusers%{_isa} = %{version}-%{release} Recommends: diffutils Requires: (util-linux-core or util-linux) -Requires: (libbpf >= 2:1.5.0 if libbpf) +Requires: (libbpf >= 2:1.4.7 if libbpf) Provides: /bin/systemctl Provides: /sbin/shutdown Provides: syslog From 4ab2a9e539b0346d0d9d370308d7c5e79bff9541 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 5 Mar 2025 17:47:54 +0100 Subject: [PATCH 063/148] Drop old self-Obsoletes and provides We had a bunch of Obsolets on self. This is useful when a subpackage is split out to make it optional, and we want to install both the original subpackage and the subpackage on ugprades. If both new subpackages have Obsoletes on the old name, dnf will install both. But we don't need to keep this infinitely, it's mostly useful for the duration of a single stable release. Apparatenly, those Obsoletes cause problems with downgrades. The most recently added case is for the split of systemd-sysusers. But we have an alternative mechanism in place: systemd Requires /usr/bin/systemd-sysusers, and this path is provided by systemd-sysusers and systemd-standalone-sysusers, with a bias towards systemd-sysusers. So we should be able to drop the self-Obsoletes without a change in functionality. Also, drop some old Provides where 'dnf repoquery' indicates it is not used by anything. Actually, only 'timedatex'. All the other ones are used by one spec or another. --- systemd.spec | 33 --------------------------------- 1 file changed, 33 deletions(-) diff --git a/systemd.spec b/systemd.spec index 4a6d0e3..ecaa80b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -275,10 +275,6 @@ Provides: system-setup-keyboard = 0.9 # systemd-sysv-convert was removed in f20: https://fedorahosted.org/fpc/ticket/308 Obsoletes: systemd-sysv < 206 Provides: systemd-sysv = 206 -%if v"%{version}" >= v"257.3" -# self-obsoletes so that dnf will install new subpackages on upgrade (#1260394) -Obsoletes: systemd < 257.3-4 -%endif Conflicts: initscripts < 9.56.1 %if 0%{?fedora} Conflicts: fedora-release < 23-0.12 @@ -299,8 +295,6 @@ Conflicts: dracut < 060-2 Conflicts: dracut < 059-16 %endif -Obsoletes: timedatex < 0.6-3 -Provides: timedatex = 0.6-3 Conflicts: %{name}-standalone-tmpfiles Provides: %{name}-tmpfiles = %{version}-%{release} Conflicts: %{name}-standalone-shutdown @@ -371,11 +365,6 @@ This package was built from the %(c=%version; echo "v${c%.*}-stable") branch of %package libs Summary: systemd libraries License: LGPL-2.1-or-later AND MIT -Obsoletes: libudev < 183 -Obsoletes: systemd < 185-4 -Conflicts: systemd < 185-4 -Obsoletes: systemd-compat-libs < 230 -Obsoletes: nss-myhostname < 0.4 Provides: nss-myhostname = 0.4 Provides: nss-myhostname%{_isa} = 0.4 @@ -411,9 +400,6 @@ for information how to use those macros. Summary: systemd-sysusers program Requires: %{name}-shared%{_isa} = %{version}-%{release} Conflicts: %{name}-standalone-sysusers -%if v"%{version}" >= v"257.3" -Obsoletes: systemd < 257.3-4 -%endif %description sysusers This package contains the systemd-sysusers program. @@ -425,7 +411,6 @@ Requires: %{name}-libs%{_isa} = %{version}-%{release} Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) Provides: libudev-devel = %{version} Provides: libudev-devel%{_isa} = %{version} -Obsoletes: libudev-devel < 183 %description devel Development headers and auxiliary files for developing applications linking @@ -441,11 +426,8 @@ Requires(preun): systemd%{_isa} = %{version}-%{release} Requires(postun): systemd%{_isa} = %{version}-%{release} Requires(post): grep Requires: kmod >= 18-4 -# https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1 -Obsoletes: systemd < 245.6-1 Provides: udev = %{version} Provides: udev%{_isa} = %{version} -Obsoletes: udev < 183 %if 0%{?fedora} || 0%{?rhel} >= 10 Requires: (grubby > 8.40-72 if grubby) Requires: (sdubby > 1.0-3 if sdubby) @@ -490,9 +472,6 @@ Requires: kbd Provides: u2f-hidraw-policy = 1.0.2-40 Obsoletes: u2f-hidraw-policy < 1.0.2-40 -# self-obsoletes to install both packages after split of systemd-boot -Obsoletes: systemd-udev < 252.2^ - Conflicts: %{name}-standalone-repart Provides: %{name}-repart = %{version}-%{release} @@ -558,9 +537,6 @@ Provides: systemd-boot%{_isa} = %version-%release Provides: version(systemd-boot-unsigned) = %version Provides: version(systemd-boot-unsigned)%{_isa} = %version -# self-obsoletes to install both packages after split of systemd-boot -Obsoletes: systemd-udev < 252.2^ - %description boot-unsigned systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a graphical menu to select the entry to boot and an editor for the kernel command @@ -579,9 +555,6 @@ Provides: systemd-boot%{_isa} = %version-%release Provides: version(systemd-boot-signed) = %version Provides: version(systemd-boot-signed)%{_isa} = %version -# self-obsoletes to install both packages after split of systemd-boot -Obsoletes: systemd-udev < 252.2^ - %description boot systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a graphical menu to select the entry to boot and an editor for the kernel command @@ -604,8 +577,6 @@ Recommends: qemu-kvm-core Recommends: qemu-device-display-virtio-gpu Recommends: qemu-device-display-virtio-vga %endif -# Obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) -Obsoletes: %{name} < 229-5 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) Suggests: libcurl-minimal License: LGPL-2.1-or-later @@ -624,7 +595,6 @@ License: LGPL-2.1-or-later Requires: firewalld-filesystem Provides: %{name}-journal-gateway = %{version}-%{release} Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} -Obsoletes: %{name}-journal-gateway < 227-7 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) Suggests: libcurl-minimal @@ -640,8 +610,6 @@ Summary: System daemon that manages network configurations Requires: %{name}%{_isa} = %{version}-%{release} %{?fedora:Recommends: %{name}-udev = %{version}-%{release}} License: LGPL-2.1-or-later -# https://src.fedoraproject.org/rpms/systemd/pull-request/34 -Obsoletes: systemd < 246.6-2 %description networkd systemd-networkd is a system service that manages networks. It detects and @@ -662,7 +630,6 @@ enabled for this to have any effect. %package resolved Summary: Network Name Resolution manager Requires: %{name}%{_isa} = %{version}-%{release} -Obsoletes: %{name} < 249~~ Requires: libidn2.so.0%{?elf_suffix} Requires: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} Requires(posttrans): grep From 1bdfa29ce262bd10b0096538f32d275e8016cc4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 6 Mar 2025 09:30:31 +0100 Subject: [PATCH 064/148] Neuter sysusers macros https://pagure.io/packaging-committee/pull-request/1436 was merged, packaging guidelines describe the new method as the default option for f42+. --- macros.sysusers | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/macros.sysusers b/macros.sysusers index d8d8c1d..534b0e7 100644 --- a/macros.sysusers +++ b/macros.sysusers @@ -2,9 +2,9 @@ # # Turn a sysusers.d file into macros specified by # https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation +# +# After https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers, +# those macros are not needed anymore. -%sysusers_requires_compat Requires(pre): shadow-utils - -%sysusers_create_compat() \ -%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \ -%{nil} +%sysusers_requires_compat %nil +%sysusers_create_compat() %nil From 0a3907745e2960c3ce6155bce7ff8bbf64ce72c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 7 Mar 2025 09:33:55 +0100 Subject: [PATCH 065/148] Version 257.4 - Fixes for systemd itself, systemd-dissect, systemd-sbsign, systemd-networkd, systemd-repart, systemd-tmpfiles, systemd-id128, systemd-resolved, ukify, internal shared library, fido2 code, virtualization detection, shell completions, documentation. - Adds new DNSSEC anchor key for systemd-resolved. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index ab9fabe..828efd5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.3.tar.gz) = ef395998df4b24537147fa3b2e3ae2d100d3345f386fc39018bca0fe8092b7874bf9a6e6058a142342b3a0caebe1312ea9519bcbb4327a9d3649f593c49b3dab +SHA512 (systemd-257.4.tar.gz) = dfa0f6de38fa30daffabf6b02d6533ca4e7027188186d7e2e9648b99dad5c4afa30773138f18a34111e7bb2e6ddae8302284429b98b580e757dc67535846afbe diff --git a/systemd.spec b/systemd.spec index ecaa80b..463fa36 100644 --- a/systemd.spec +++ b/systemd.spec @@ -53,7 +53,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:257.3} +Version: %{?version_override}%{!?version_override:257.4} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From e825459f2dcd3ea653e6e3d5ab675e2c2f9e78dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 7 Mar 2025 11:17:57 +0100 Subject: [PATCH 066/148] Change python-zstd depenedency to python-zstandard There is no BuildRequires dependency. I think we don't have any tests which would require this. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 463fa36..3dcfa8c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -504,7 +504,7 @@ Requires: (systemd-boot if %{shrink:( )}) Requires: python3dist(pefile) %if 0%{?fedora} -Requires: python3dist(zstd) +Requires: python3dist(zstandard) %endif Requires: python3dist(cryptography) %if 0%{?fedora} From d22561d59ede6e2942428708ae028bcfe422ad98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 7 Mar 2025 11:25:27 +0100 Subject: [PATCH 067/148] Also drop auxiliary files related to sysusers compat And in non-Fedora builds, undo the neutering of sysusers macros. Downstreams like CentosStream did not go through the same changes as Fedora but they may use packages built from the rawhide branch. --- macros.sysusers.compat | 10 ++++++++++ systemd.spec | 7 ++++++- 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 macros.sysusers.compat diff --git a/macros.sysusers.compat b/macros.sysusers.compat new file mode 100644 index 0000000..d8d8c1d --- /dev/null +++ b/macros.sysusers.compat @@ -0,0 +1,10 @@ +# RPM macros for packages creating system accounts +# +# Turn a sysusers.d file into macros specified by +# https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation + +%sysusers_requires_compat Requires(pre): shadow-utils + +%sysusers_create_compat() \ +%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \ +%{nil} diff --git a/systemd.spec b/systemd.spec index 3dcfa8c..012df9d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -97,6 +97,7 @@ Source16: 10-timeout-abort.conf Source17: 10-map-count.conf Source18: 60-block-scheduler.rules +Source20: macros.sysusers.compat Source21: macros.sysusers Source22: sysusers.attr Source23: sysusers.prov @@ -1027,13 +1028,17 @@ install -Dm0644 -t %{buildroot}%{_prefix}/lib/udev/rules.d/ %{SOURCE18} sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py -install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/macros.d/ %{SOURCE21} +%if 0%{fedora} >= 42 +install -m 0644 -D %{SOURCE21} %{buildroot}%{_rpmconfigdir}/macros.d/macros.sysusers +%else +install -m 0644 -D %{SOURCE20} %{buildroot}%{_rpmconfigdir}/macros.d/macros.sysusers # Use rpm's own sysusers provides where available %if ! (0%{?fedora} >= 39 || 0%{?rhel} >= 10) install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/fileattrs/ %{SOURCE22} install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE23} %endif install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24} +%endif # https://bugzilla.redhat.com/show_bug.cgi?id=2107754 install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25} From 7bc5883654e6ead7f43e0df2a1511db625caeda3 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 7 Mar 2025 12:37:17 +0100 Subject: [PATCH 068/148] Fix missing question mark --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 012df9d..a87de66 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1028,7 +1028,7 @@ install -Dm0644 -t %{buildroot}%{_prefix}/lib/udev/rules.d/ %{SOURCE18} sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py -%if 0%{fedora} >= 42 +%if 0%{?fedora} >= 42 install -m 0644 -D %{SOURCE21} %{buildroot}%{_rpmconfigdir}/macros.d/macros.sysusers %else install -m 0644 -D %{SOURCE20} %{buildroot}%{_rpmconfigdir}/macros.d/macros.sysusers From 38b41a729ea836133d7e53a4c0cc8e5fee7e2b8a Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 7 Mar 2025 12:05:42 +0100 Subject: [PATCH 069/148] Clean up debuginfo files as well in %clean When using --build-in-place + debuginfo these get written to the source directory so let's make sure we clean them up as well. --- systemd.spec | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index a87de66..145b35b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1384,10 +1384,16 @@ fi %files standalone-shutdown -f .file-list-standalone-shutdown %clean -rm -rf $RPM_BUILD_ROOT -rm -f 10-timeout-abort.conf.user -rm -f .file-list-* -rm -f %{name}.lang +rm -rf \ + $RPM_BUILD_ROOT \ + 10-timeout-abort.conf.user \ + .file-list-* \ + %{name}.lang \ + debugfiles.list \ + debuglinks.list \ + debugsourcefiles.list \ + debugsources.list \ + elfbins.list %changelog %autochangelog From d366b5965725a7ff1cd586e1ae2539e4cfc404db Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 20 Mar 2025 10:20:16 +0100 Subject: [PATCH 070/148] Fix test_sysusers_defined check https://src.fedoraproject.org/rpms/setup/c/7ced36d60b67c9e74f7951123225200597e3d2fa?branch=rawhide merged the two setup sysusers files into one and changed the name, so let's adapt the test_sysusers_defined check for those changes. --- systemd.spec | 2 +- test_sysusers_defined.py | 6 +----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/systemd.spec b/systemd.spec index 145b35b..5187e35 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1060,7 +1060,7 @@ mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ # and https://src.fedoraproject.org/rpms/setup/pull-request/10. # We skip this on upstream builds so that new users and groups # can be added without breaking the build. -%{python3} %{SOURCE4} /usr/lib/sysusers.d/20-setup-{users,groups}.conf %{buildroot}/usr/lib/sysusers.d/basic.conf +%{python3} %{SOURCE4} /usr/lib/sysusers.d/setup.conf %{buildroot}/usr/lib/sysusers.d/basic.conf %endif rm %{buildroot}/usr/lib/sysusers.d/basic.conf %endif diff --git a/test_sysusers_defined.py b/test_sysusers_defined.py index 6f04f15..7ea2fea 100755 --- a/test_sysusers_defined.py +++ b/test_sysusers_defined.py @@ -22,11 +22,7 @@ def parse_sysusers_file(filename): return users, groups setup_users, setup_groups = parse_sysusers_file(sys.argv[1]) -setup_users2, setup_groups2 = parse_sysusers_file(sys.argv[2]) -setup_users |= setup_users2 -setup_groups |= setup_groups2 - -basic_users, basic_groups = parse_sysusers_file(sys.argv[3]) +basic_users, basic_groups = parse_sysusers_file(sys.argv[2]) if d := basic_users - setup_users: exit(f'We have new users: {d}') From e346d9f33e530bd5e05885621b837073ea090cc4 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Thu, 20 Mar 2025 19:15:52 -0400 Subject: [PATCH 071/148] Limit sdubby dependency to Fedora dnf repoclosure raises an error even when a boolean dependency is missing. While technically a bug in dnf, since these dependencies are already conditional, simply adjusting the condition is simplest. https://github.com/rpm-software-management/dnf-plugins-core/issues/549 --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 145b35b..0655c6e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -431,6 +431,8 @@ Provides: udev = %{version} Provides: udev%{_isa} = %{version} %if 0%{?fedora} || 0%{?rhel} >= 10 Requires: (grubby > 8.40-72 if grubby) +%endif +%if 0%{?fedora} Requires: (sdubby > 1.0-3 if sdubby) %endif # A backport of systemd-timesyncd is shipped as a separate package in EPEL so From 3e9051124e4447c238ae65af9ad1562924aeb18a Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 20 Mar 2025 09:34:33 +0100 Subject: [PATCH 072/148] Migrate fmf metadata and test script from the upstream repository Primarily, this allows us to get rid of dist-git-source which makes the fmf stuff reusable for CentOS Stream in gitlab which we'd like to make use of in the systemd backport in the Hyperscale SIG. Also in general making the integration touch points with Fedora CI and the other systems as small as possible seems like a good thing. --- plans/run-integration-tests.sh | 114 +++++++++++++++++++++++++++++++++ plans/upstream.fmf | 28 ++++---- 2 files changed, 131 insertions(+), 11 deletions(-) create mode 100755 plans/run-integration-tests.sh diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh new file mode 100755 index 0000000..a06b3a3 --- /dev/null +++ b/plans/run-integration-tests.sh @@ -0,0 +1,114 @@ +#!/bin/bash + +set -eux +set -o pipefail + +# Switch SELinux to permissive if possible, since the tests don't set proper contexts +setenforce 0 || true + +echo "CPU and Memory information:" +lscpu +lsmem + +echo "Clock source: $(cat /sys/devices/system/clocksource/clocksource0/current_clocksource)" + +# Bump inotify limits if we can so nspawn containers don't run out of inotify file descriptors. +sysctl fs.inotify.max_user_watches=65536 || true +sysctl fs.inotify.max_user_instances=1024 || true + +if [[ -n "${KOJI_TASK_ID:-}" ]]; then + koji download-task --noprogress --arch="src,noarch,$(rpm --eval '%{_arch}')" "$KOJI_TASK_ID" +elif [[ -n "${CBS_TASK_ID:-}" ]]; then + cbs download-task --noprogress --arch="src,noarch,$(rpm --eval '%{_arch}')" "$CBS_TASK_ID" +elif [[ -n "${PACKIT_SRPM_URL:-}" ]]; then + COPR_BUILD_ID="$(basename "$(dirname "$PACKIT_SRPM_URL")")" + COPR_CHROOT="$(basename "$(dirname "$(dirname "$PACKIT_BUILD_LOG_URL")")")" + copr download-build --rpms --chroot "$COPR_CHROOT" "$COPR_BUILD_ID" + mv "$COPR_CHROOT"/* . +else + echo "Not running within packit and no CBS/koji task ID provided" + exit 1 +fi + +mkdir systemd +rpm2cpio ./systemd-*.src.rpm | cpio --to-stdout --extract './systemd-*.tar.gz' | tar xz --strip-components=1 -C systemd +pushd systemd + +# Now prepare mkosi at the same version required by the systemd repo. +git clone https://github.com/systemd/mkosi +mkosi_hash="$(grep systemd/mkosi@ .github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" +git -C mkosi checkout "$mkosi_hash" + +export PATH="$PWD/mkosi/bin:$PATH" + +# shellcheck source=/dev/null +. /etc/os-release || . /usr/lib/os-release + +tee mkosi.local.conf < Date: Fri, 21 Mar 2025 14:38:40 +0100 Subject: [PATCH 073/148] Use old setup sysusers files on Fedora < 43 --- systemd.spec | 4 ++++ test_sysusers_defined.py | 10 ++++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 74a2b08..e637cf8 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1062,7 +1062,11 @@ mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ # and https://src.fedoraproject.org/rpms/setup/pull-request/10. # We skip this on upstream builds so that new users and groups # can be added without breaking the build. +%if 0%{?fedora} >= 43 %{python3} %{SOURCE4} /usr/lib/sysusers.d/setup.conf %{buildroot}/usr/lib/sysusers.d/basic.conf +%else +%{python3} %{SOURCE4} /usr/lib/sysusers.d/20-setup-{users,groups}.conf %{buildroot}/usr/lib/sysusers.d/basic.conf +%endif %endif rm %{buildroot}/usr/lib/sysusers.d/basic.conf %endif diff --git a/test_sysusers_defined.py b/test_sysusers_defined.py index 7ea2fea..f6358fb 100755 --- a/test_sysusers_defined.py +++ b/test_sysusers_defined.py @@ -21,8 +21,14 @@ def parse_sysusers_file(filename): assert False return users, groups -setup_users, setup_groups = parse_sysusers_file(sys.argv[1]) -basic_users, basic_groups = parse_sysusers_file(sys.argv[2]) +setup_users, setup_groups = set(), set() + +for arg in sys.argv[1:-1]: + users, groups = parse_sysusers_file(arg) + setup_users |= users + setup_groups |= groups + +basic_users, basic_groups = parse_sysusers_file(sys.argv[-1]) if d := basic_users - setup_users: exit(f'We have new users: {d}') From 2ecfbec1a444a2ec9e3dab91d04565330cf809ea Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 21 Mar 2025 15:59:32 +0100 Subject: [PATCH 074/148] Support specifying extra mkosi repositories to the test script --- plans/run-integration-tests.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index a06b3a3..79bf71c 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -61,6 +61,16 @@ Environment=NO_BUILD=1 WithTests=yes EOF +if [[ -n "${MKOSI_REPOSITORIES:-}" ]]; then + tee --append mkosi.local.conf < Date: Fri, 21 Mar 2025 21:40:07 +0100 Subject: [PATCH 075/148] Make the source tarball glob in the test script more generic If we download the main branch from github by defining %branch, the source tarball will be named main.tar.gz, so let's make the tarball pattern more generic to match. --- plans/run-integration-tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 79bf71c..32751ab 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -31,7 +31,7 @@ else fi mkdir systemd -rpm2cpio ./systemd-*.src.rpm | cpio --to-stdout --extract './systemd-*.tar.gz' | tar xz --strip-components=1 -C systemd +rpm2cpio ./systemd-*.src.rpm | cpio --to-stdout --extract './*.tar.gz' | tar xz --strip-components=1 -C systemd pushd systemd # Now prepare mkosi at the same version required by the systemd repo. From 6f0d03443d2f5695e05146e3bd17f6dab84ab459 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 14 Mar 2025 17:40:59 +0100 Subject: [PATCH 076/148] Fix paths for /usr/sbin/nologin and related progs I noticed that systemd-sysusers creates accounts with /usr/bin/nologin. On merged systems is fine, but would not work for systems where /usr/sbin is still a separate directory and /usr/bin/nologin does not exist. This problem occurs because the meson configuration script discovers the location using $PATH, which on recent builds results in /usr/bin always. Just specify all the paths so that we don't depend on the presence and order of paths in $PATH. --- systemd.spec | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/systemd.spec b/systemd.spec index e637cf8..7767e1f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -859,6 +859,19 @@ CONFIGURE_OPTS=( -Dsystemd-resolve-uid=193 # -Dsystemd-timesync-uid=, not set yet + # Make sure we use the original paths to maintain compatibility + # with unmerged systems + -Dquotaon-path=/usr/sbin/quotaon + -Dquotacheck-path=/usr/sbin/quotacheck + -Dkmod-path=/usr/bin/kmod + -Dkexec-path=/usr/sbin/kexec + -Dsulogin-path=/usr/sbin/sulogin + -Dmount-path=/usr/bin/mount + -Dumount-path=/usr/bin/umount + -Dloadkeys-path=/usr/bin/loadkeys + -Dsetfont-path=/usr/bin/setfont + -Dnologin-path=/usr/sbin/nologin + # For now, let's build the bootloader in the same places where we # built with gnu-efi. Later on, we might want to extend coverage, but # considering that that support is untested, let's not do this now. From d1380dc1146fd81a42dcf685ef4e69780db6fb2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 22 Mar 2025 20:08:53 +0100 Subject: [PATCH 077/148] Add more services to %post for udev and networkd Noticed in https://bugzilla.redhat.com/show_bug.cgi?id=2348669#c25. Most of those units listed don't have an [Install] section, and of those that have, almost all were disabled by default. This might be something to fix, e.g. we might want to enable systemd-udev-load-credentials.service, this is something to consider. But it's clearer if we list all the units that those packages ship. In priciple somebody might ship a preset to enable them. Anyway, the impact of this change is much smaller than might seem at first. But systemd-network-generator.service has an [Install] section and is preset to true, so not listing it in the scriptlets was a visible bug. There's the additional caveat that systemd-network-generator.service is coowned by two packages. The current system does not have a way of handling this properly, because unit enablement is tied to the package install state. Let's just call the scriptlet for this unit twice for now. I think that's not going to cause any real problem. --- systemd.spec | 115 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 111 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index 7767e1f..72afb14 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1187,7 +1187,106 @@ systemctl daemon-reexec || : # a different package version. systemctl --no-reload preset systemd-journald-audit.socket &>/dev/null || : -%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-homed.service %{?want_bootloader:systemd-boot-update.service} systemd-oomd.service systemd-portabled.service systemd-pstore.service systemd-timesyncd.service remote-cryptsetup.target +%global udev_services %{shrink: + cryptsetup-pre.target + cryptsetup.target + hibernate.target + hybrid-sleep.target + initrd-cleanup.service + initrd-fs.target + initrd-parse-etc.service + initrd-root-device.target + initrd-root-fs.target + initrd-switch-root.service + initrd-switch-root.target + initrd-udevadm-cleanup-db.service + initrd-usr-fs.target + initrd.target + integritysetup-pre.target + integritysetup.target + kmod-static-nodes.service + proc-sys-fs-binfmt_misc.automount + proc-sys-fs-binfmt_misc.mount + quotaon-root.service + quotaon@.service + remote-cryptsetup.target + remote-veritysetup.target + sleep.target + suspend-then-hibernate.target + suspend.target + system-systemd\x2dcryptsetup.slice + system-systemd\x2dveritysetup.slice + systemd-backlight@.service + systemd-binfmt.service + systemd-bless-boot.service + systemd-bsod.service + systemd-coredump.socket + systemd-coredump@.service + systemd-fsck-root.service + systemd-fsck@.service + systemd-growfs-root.service + systemd-growfs@.service + systemd-hibernate-clear.service + systemd-hibernate-resume.service + systemd-hibernate.service + systemd-homed-activate.service + systemd-homed-firstboot.service + systemd-homed.service + systemd-hwdb-update.service + systemd-hybrid-sleep.service + systemd-modules-load.service + systemd-network-generator.service + systemd-oomd.service + systemd-oomd.socket + systemd-pcrextend.socket + systemd-pcrextend@.service + systemd-pcrfs-root.service + systemd-pcrfs@.service + systemd-pcrlock-file-system.service + systemd-pcrlock-firmware-code.service + systemd-pcrlock-firmware-config.service + systemd-pcrlock-machine-id.service + systemd-pcrlock-make-policy.service + systemd-pcrlock-secureboot-authority.service + systemd-pcrlock-secureboot-policy.service + systemd-pcrlock.socket + systemd-pcrlock@.service + systemd-pcrmachine.service + systemd-pcrphase-initrd.service + systemd-pcrphase-sysinit.service + systemd-pcrphase.service + systemd-portabled.service + systemd-pstore.service + systemd-quotacheck-root.service + systemd-quotacheck@.service + systemd-random-seed.service + systemd-remount-fs.service + systemd-repart.service + systemd-rfkill.service + systemd-rfkill.socket + systemd-suspend-then-hibernate.service + systemd-suspend.service + systemd-sysctl.service + systemd-timesyncd.service + systemd-tmpfiles-setup-dev-early.service + systemd-tmpfiles-setup-dev.service + systemd-udev-load-credentials.service + systemd-udev-settle.service + systemd-udev-trigger.service + systemd-udevd-control.socket + systemd-udevd-kernel.socket + systemd-udevd.service + systemd-vconsole-setup.service + systemd-volatile-root.service + veritysetup-pre.target + veritysetup.target + %{?want_bootloader: + systemd-boot-random-seed.service + systemd-boot-update.service + systemd-bootctl.socket + systemd-bootctl@.service + } + } %post udev # Move old stuff around in /var/lib @@ -1221,7 +1320,7 @@ grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null && %posttrans udev # Restart some services. # Others are either oneshot services, or sockets, and restarting them causes issues (#1378974) -%systemd_posttrans_with_restart systemd-udevd.service systemd-timesyncd.service +%systemd_posttrans_with_restart systemd-udevd.service systemd-timesyncd.service systemd-homed.service systemd-oomd.service systemd-portabled.service %global journal_remote_units_restart systemd-journal-gatewayd.service systemd-journal-remote.service systemd-journal-upload.service %global journal_remote_units_norestart systemd-journal-gatewayd.socket systemd-journal-remote.socket @@ -1243,6 +1342,14 @@ fi %systemd_posttrans_with_restart %journal_remote_units_restart %firewalld_reload +%global networkd_services %{shrink: + systemd-networkd.service + systemd-networkd.socket + systemd-networkd-wait-online.service + systemd-network-generator.service + systemd-networkd-persistent-storage.service + } + %post networkd # systemd-networkd was split out in systemd-246.6-2. # Ideally, we would have a trigger scriptlet to record enablement @@ -1256,11 +1363,11 @@ fi if [ $1 -eq 1 ] && ls /usr/lib/systemd/libsystemd-shared-24[0-6].so &>/dev/null; then echo "Skipping presets for systemd-networkd.service, seems we are upgrading from old systemd." else - %systemd_post systemd-networkd.service systemd-networkd-wait-online.service + %systemd_post %networkd_services fi %preun networkd -%systemd_preun systemd-networkd.service systemd-networkd-wait-online.service +%systemd_preun %networkd_services %posttrans networkd %systemd_posttrans_with_restart systemd-networkd.service From 59378485beb32bb6da06040a45049b3d09355524 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 21 Mar 2025 11:24:54 +0100 Subject: [PATCH 078/148] Remove purge-nobody-user script The corresponding change proposal is from 2018. Enough time has passed since then that we don't need to carry this around anymore --- purge-nobody-user | 101 ---------------------------------------------- split-files.py | 1 - systemd.spec | 3 -- 3 files changed, 105 deletions(-) delete mode 100755 purge-nobody-user diff --git a/purge-nobody-user b/purge-nobody-user deleted file mode 100755 index 66404fe..0000000 --- a/purge-nobody-user +++ /dev/null @@ -1,101 +0,0 @@ -#!/bin/bash -eu - -if [ $UID -ne 0 ]; then - echo "WARNING: This script needs to run as root to be effective" - exit 1 -fi - -export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 - -if [ "${1:-}" = "--ignore-journal" ]; then - shift - ignore_journal=1 -else - ignore_journal=0 -fi - -echo "Checking processes..." -if ps h -u 99 | grep .; then - echo "ERROR: ps reports processes with UID 99!" - exit 2 -fi -echo "... not found" - -echo "Checking UTMP..." -if w -h 199 | grep . ; then - echo "ERROR: w reports UID 99 as active!" - exit 2 -fi -if w -h nobody | grep . ; then - echo "ERROR: w reports user nobody as active!" - exit 2 -fi -echo "... not found" - -echo "Checking the journal..." -if [ "$ignore_journal" = 0 ] && journalctl -q -b -n10 _UID=99 | grep . ; then - echo "ERROR: journalctl reports messages from UID 99 in current boot!" - exit 2 -fi -echo "... not found" - -echo "Looking for files in /etc, /run, /tmp, and /var..." -if find /etc /run /tmp /var -uid 99 -print | grep -m 10 . ; then - echo "ERROR: found files belonging to UID 99" - exit 2 -fi -echo "... not found" - -echo "Checking if nobody is defined correctly..." -if getent passwd nobody | - grep '^nobody:[x*]:65534:65534:.*:/:/sbin/nologin'; -then - echo "OK, nothing to do." - exit 0 -else - echo "NOTICE: User nobody is not defined correctly" -fi - -echo "Checking if nfsnobody or something else is using the uid..." -if getent passwd 65534 | grep . ; then - echo "NOTICE: will have to remove this user" -else - echo "... not found" -fi - -if [ "${1:-}" = "-x" ]; then - if getent passwd nobody >/dev/null; then - # this will remove both the user and the group. - ( set -x - userdel nobody - ) - fi - - if getent passwd 65534 >/dev/null; then - # Make sure the uid is unused. This should free gid too. - name="$(getent passwd 65534 | cut -d: -f1)" - ( set -x - userdel "$name" - ) - fi - - if grep -qE '^(passwd|group):.*\bsss\b' /etc/nsswitch.conf; then - echo "Sleeping, so sss can catch up" - sleep 3 - fi - - if getent group 65534; then - # Make sure the gid is unused, even if uid wasn't. - name="$(getent group 65534 | cut -d: -f1)" - ( set -x - groupdel "$name" - ) - fi - - # systemd-sysusers uses the same gid and uid - ( set -x - systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin' - ) -else - echo "Pass '-x' to perform changes" -fi diff --git a/split-files.py b/split-files.py index 9114c99..61c539e 100644 --- a/split-files.py +++ b/split-files.py @@ -7,7 +7,6 @@ known_files = ''' %ghost %config(noreplace) /etc/crypttab %ghost %attr(0444,root,root) /etc/udev/hwdb.bin /etc/inittab -/usr/lib/systemd/purge-nobody-user # This directory is owned by openssh-server, but we don't want to introduce # a dependency. So let's copy the config and co-own the directory. %dir %attr(0700,root,root) /etc/ssh/sshd_config.d diff --git a/systemd.spec b/systemd.spec index 72afb14..78bf380 100644 --- a/systemd.spec +++ b/systemd.spec @@ -79,7 +79,6 @@ Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{s # It is generated during systemd build and can be found at build/src/rpm/triggers.systemd.sh. Source1: triggers.systemd Source2: split-files.py -Source3: purge-nobody-user Source4: test_sysusers_defined.py Source6: inittab @@ -940,8 +939,6 @@ touch %{buildroot}/etc/systemd/coredump.conf \ %{buildroot}/etc/udev/udev.conf \ %{buildroot}/etc/udev/iocost.conf -install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3} - # /etc/initab install -Dm0644 -t %{buildroot}/etc/ %{SOURCE6} From 13d523f84d5607b0e062101239cb853949fbffdb Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 24 Mar 2025 14:09:10 +0100 Subject: [PATCH 079/148] Relax dependencies from noarch packages on archful packages for OBS builds In OBS, noarch packages are shared between all architectures and independent architectures can be rebuilt automatically without all the other architectures getting rebuilt. This can result in the noarch packages being newer than the archful packages for some architectures, which means our current strict deps from the noarch packages on the archful packages can't be satisfied. To address this problem, let's relax the dependencies from the noarch packages on the archful packages for OBS builds. Let's only do this for OBS builds because this isn't an issue on Fedora as it's impossible to build a package for only some of the architectures. --- systemd.spec | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index 78bf380..59c906d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -46,6 +46,23 @@ # autorelease correctly if the macro is conditionalized in the Release field. %{?release_override:%global autorelease %{release_override}%{?dist}} +# In OBS, noarch packages are shared between all architectures and +# independent architectures can be rebuilt automatically without all +# the other architectures getting rebuilt. This can result in the noarch +# packages being newer than the archful packages for some architectures, +# which means our current strict deps from the noarch packages on the +# archful packages can't be satisfied. +# +# To address this problem, let's relax the dependencies from the noarch +# packages on the archful packages for OBS builds. Let's only do this for +# OBS builds because this isn't an issue on Fedora as it's impossible to +# build a package for only some of the architectures. +%if %{with obs} +%define noarch_requires_version %{version} +%else +%define noarch_requires_version %{version}-%{release} +%endif + Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by @@ -496,7 +513,7 @@ machine, and to create or grow partitions and make file systems automatically. %package ukify Summary: Tool to build Unified Kernel Images -Requires: %{name} = %{version}-%{release} +Requires: %{name} = %{noarch_requires_version} Requires: (systemd-boot if %{shrink:( filesystem(x86-32) or @@ -620,7 +637,7 @@ devices. %package networkd-defaults Summary: Configure network interfaces with networkd by default -Requires: %{name}-networkd = %{version}-%{release} +Requires: %{name}-networkd = %{noarch_requires_version} License: MIT-0 BuildArch: noarch @@ -643,7 +660,7 @@ resolver, as well as an LLMNR and MulticastDNS resolver and responder. %package oomd-defaults Summary: Configuration files for systemd-oomd -Requires: %{name}-udev = %{version}-%{release} +Requires: %{name}-udev = %{noarch_requires_version} License: LGPL-2.1-or-later BuildArch: noarch From 617952132de4ed882b9b00ceeed077f843130f91 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 27 Mar 2025 21:48:29 +0100 Subject: [PATCH 080/148] Run integration testsuite standalone if available [skip changelog] --- plans/run-integration-tests.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 32751ab..9f8bd5f 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -104,7 +104,11 @@ export TEST_SKIP="TEST-21-DFUZZER" mkosi summary mkosi -f sandbox -- true -mkosi sandbox -- meson setup --buildtype=debugoptimized -Dintegration-tests=true build +if [[ -d test/integration-tests/standalone ]]; then + mkosi sandbox -- meson setup build test/integration-tests/standalone +else + mkosi sandbox -- meson setup -Dintegration-tests=true build +fi mkosi genkey mkosi -f mkosi sandbox -- \ From e2b2ea3776bda9d537cf01012c8b236cdfad4230 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 3 Apr 2025 09:36:37 +0200 Subject: [PATCH 081/148] fmf: Use mkosi/mkosi.local.conf if the mkosi/ directory exists https://github.com/systemd/systemd/pull/36954 will move all the mkosi configuration in the systemd repository into a mkosi/ subdirectory. This means we have to put mkosi.local.conf in that subdirectory as well, so check if the mkosi/ directory exists and put mkosi.local.conf in there if it exists. The mkosi/ directory will conflict with our checkout of mkosi so we move that checkout one level up. Additionally, we can't use .. anymore as the package directory as that only works when mkosi.local.conf is in the top level directory of the repository so we use an absolute path instead. --- plans/run-integration-tests.sh | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 9f8bd5f..1393b72 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -30,39 +30,48 @@ else exit 1 fi +PACKAGEDIR="$PWD" + mkdir systemd rpm2cpio ./systemd-*.src.rpm | cpio --to-stdout --extract './*.tar.gz' | tar xz --strip-components=1 -C systemd -pushd systemd # Now prepare mkosi at the same version required by the systemd repo. git clone https://github.com/systemd/mkosi -mkosi_hash="$(grep systemd/mkosi@ .github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" +mkosi_hash="$(grep systemd/mkosi@ systemd/.github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" git -C mkosi checkout "$mkosi_hash" export PATH="$PWD/mkosi/bin:$PATH" +pushd systemd + # shellcheck source=/dev/null . /etc/os-release || . /usr/lib/os-release -tee mkosi.local.conf < Date: Thu, 3 Apr 2025 09:58:17 +0200 Subject: [PATCH 082/148] Don't try to modify mkosi.repart config if mkosi conf is in subdir [skip changelog] --- plans/run-integration-tests.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 1393b72..976ceda 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -90,8 +90,13 @@ fi # Create missing mountpoint for mkosi sandbox. mkdir -p /etc/pacman.d/gnupg -# TODO: drop once BTRFS regression is fixed -sed -i "s/Format=btrfs/Format=ext4/" mkosi.repart/10-root.conf +# We don't bother with this change if the mkosi configuration is +# in mkosi/ as if that's the case then we know for sure that the +# upstream has this fix as well. +# TODO: drop once BTRFS regression is fixed. +if [[ -f mkosi.repart/10-root.conf ]]; then + sed -i "s/Format=btrfs/Format=ext4/" mkosi.repart/10-root.conf +fi # If we don't have KVM, skip running in qemu, as it's too slow. But try to load the module first. modprobe kvm || true From cc473d807fe58c6a1cd9ade1162517fed66f6090 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 3 Apr 2025 13:05:38 +0200 Subject: [PATCH 083/148] fmf: Check out mkosi to some directory in /var/tmp Using the source tree of the spec can still lead to conflicts if a mkosi/ directory exists there (which is the case in the hyperscale systemd spec repo), so let's check out mkosi in /var/tmp to ensure we don't conflict. --- plans/run-integration-tests.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 976ceda..b3651ba 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -36,11 +36,11 @@ mkdir systemd rpm2cpio ./systemd-*.src.rpm | cpio --to-stdout --extract './*.tar.gz' | tar xz --strip-components=1 -C systemd # Now prepare mkosi at the same version required by the systemd repo. -git clone https://github.com/systemd/mkosi +git clone https://github.com/systemd/mkosi /var/tmp/systemd-integration-tests-mkosi mkosi_hash="$(grep systemd/mkosi@ systemd/.github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" -git -C mkosi checkout "$mkosi_hash" +git -C /var/tmp/systemd-integration-tests-mkosi checkout "$mkosi_hash" -export PATH="$PWD/mkosi/bin:$PATH" +export PATH="/var/tmp/systemd-integration-tests-mkosi/bin:$PATH" pushd systemd From 1126a7c6b80b9d89e7488e5409d4ef549416072a Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 3 Apr 2025 15:23:17 +0200 Subject: [PATCH 084/148] Download commit archives via full sha instead of short one Both work and if we do full sha we can retrieve the full sha from the source filename in the source rpm later on which is useful for various use cases. [skip changelog] --- systemd.spec | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index 59c906d..ecef8f6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,6 +1,3 @@ -#global commit 1781de18ab8ebc3e42a607851d8effb3b0355c87 -%{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} - # We ship a .pc file but don't want to have a dep on pkg-config. We # strip the automatically generated dep here and instead co-own the # directory. @@ -90,7 +87,7 @@ Source0: https://github.com/systemd/systemd/archive/v%{version}/%{name}-% %elif %{defined branch} Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz %elif %{defined commit} -Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{shortcommit}.tar.gz +Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{commit}.tar.gz %endif # This file must be available before %%prep. # It is generated during systemd build and can be found at build/src/rpm/triggers.systemd.sh. From 08ce156d74460867657fb9b201c8be93d31e07de Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 3 Apr 2025 16:32:38 +0200 Subject: [PATCH 085/148] fmf: Run mkosi genkey before mkosi summary Otherwise mkosi summary might fail because the key/cert don't exist yet. [skip changelog] --- plans/run-integration-tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index b3651ba..9d2e852 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -116,6 +116,7 @@ fi # for now. export TEST_SKIP="TEST-21-DFUZZER" +mkosi genkey mkosi summary mkosi -f sandbox -- true if [[ -d test/integration-tests/standalone ]]; then @@ -123,7 +124,6 @@ if [[ -d test/integration-tests/standalone ]]; then else mkosi sandbox -- meson setup -Dintegration-tests=true build fi -mkosi genkey mkosi -f mkosi sandbox -- \ meson test \ From 6646d13acae64665f63354cd60ecf963ee563b96 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 8 Apr 2025 22:02:11 +0200 Subject: [PATCH 086/148] fmf: Run tests from systemd-tests rpm if possible Running from the source tarball implies running with unpatched tests, whereas the same files from the systemd-tests package (which now contains the mkosi and integration test files) will be patched. [skip changelog] --- plans/run-integration-tests.sh | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 9d2e852..9a90fa7 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -32,18 +32,28 @@ fi PACKAGEDIR="$PWD" -mkdir systemd -rpm2cpio ./systemd-*.src.rpm | cpio --to-stdout --extract './*.tar.gz' | tar xz --strip-components=1 -C systemd +# TODO: Remove fallback once v257.6 is released. Also stop downloading source rpms then. + +# This will match both the regular and the debuginfo rpm so make sure we select only the +# non-debuginfo rpm. +RPMS=(systemd-tests-*.rpm) +rpm2cpio "${RPMS[0]}" | cpio --make-directories --extract +if [[ -d usr/lib/systemd/tests/mkosi ]]; then + pushd usr/lib/systemd/tests + mkosi_hash="$(grep "MinimumVersion=commit:" mkosi/mkosi.conf | sed "s|MinimumVersion=commit:||g")" +else + mkdir systemd + rpm2cpio systemd-*.src.rpm | cpio --to-stdout --extract './*.tar.gz' | tar xz --strip-components=1 -C systemd + pushd systemd + mkosi_hash="$(grep systemd/mkosi@ .github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" +fi # Now prepare mkosi at the same version required by the systemd repo. git clone https://github.com/systemd/mkosi /var/tmp/systemd-integration-tests-mkosi -mkosi_hash="$(grep systemd/mkosi@ systemd/.github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" git -C /var/tmp/systemd-integration-tests-mkosi checkout "$mkosi_hash" export PATH="/var/tmp/systemd-integration-tests-mkosi/bin:$PATH" -pushd systemd - # shellcheck source=/dev/null . /etc/os-release || . /usr/lib/os-release @@ -119,7 +129,9 @@ export TEST_SKIP="TEST-21-DFUZZER" mkosi genkey mkosi summary mkosi -f sandbox -- true -if [[ -d test/integration-tests/standalone ]]; then +if [[ -d integration-tests/standalone ]]; then + mkosi sandbox -- meson setup build integration-tests/standalone +elif [[ -d test/integration-tests/standalone ]]; then mkosi sandbox -- meson setup build test/integration-tests/standalone else mkosi sandbox -- meson setup -Dintegration-tests=true build From d30447702396fee8fb4a94ce4e779eaac1aab5ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 9 Apr 2025 22:35:03 +0200 Subject: [PATCH 087/148] Version 257.5 - A lot of small fixes in various components --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 828efd5..eb2dbfc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.4.tar.gz) = dfa0f6de38fa30daffabf6b02d6533ca4e7027188186d7e2e9648b99dad5c4afa30773138f18a34111e7bb2e6ddae8302284429b98b580e757dc67535846afbe +SHA512 (systemd-257.5.tar.gz) = 9e5352c20c9edac53f302a534532035185139998628ed0a85411f440df47f1dd7cce6651aec787484809bb1aa2825008d062714c37936cbfd08451fbe29a998f diff --git a/systemd.spec b/systemd.spec index ecef8f6..95ff25e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -67,7 +67,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:257.4} +Version: %{?version_override}%{!?version_override:257.5} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From f6b814cc0fad58ed1c2e8df7918489bf4217dfaa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 10 Apr 2025 15:52:59 +0200 Subject: [PATCH 088/148] Backport CI fix --- ...imit-the-number-of-iterations-when-t.patch | 62 +++++++++++++++++++ systemd.spec | 3 + 2 files changed, 65 insertions(+) create mode 100644 0001-test-sd-device-limit-the-number-of-iterations-when-t.patch diff --git a/0001-test-sd-device-limit-the-number-of-iterations-when-t.patch b/0001-test-sd-device-limit-the-number-of-iterations-when-t.patch new file mode 100644 index 0000000..8b9dddc --- /dev/null +++ b/0001-test-sd-device-limit-the-number-of-iterations-when-t.patch @@ -0,0 +1,62 @@ +From e35435b0a11e6c61c8c43b0cf8dc65a563b4a670 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 10 Apr 2025 13:51:21 +0200 +Subject: [PATCH] test-sd-device: limit the number of iterations when testing + device parent/child functions + +The test "hangs" and times out on some arm64 machines. It actually works as +expected, but the machine has 2016 children under /sys/devices/system/memory/, +and the tests do a double loop over this, which is slow enough to hit the 120 s +limit. Add a limit on the number of iterations. + +Another option would be to exclude "memory" subsystem. But we may have other +subsystems which have the same problem in the future, so I think it'll be more +robust to not try to limit the fix to a specific subsystem. + +(cherry picked from commit 74cb65e45fbf3468cf6b522e4b4fa568d95f12c6) +--- + src/libsystemd/sd-device/test-sd-device.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/libsystemd/sd-device/test-sd-device.c b/src/libsystemd/sd-device/test-sd-device.c +index 620615b6bb..aa235cf8d0 100644 +--- a/src/libsystemd/sd-device/test-sd-device.c ++++ b/src/libsystemd/sd-device/test-sd-device.c +@@ -456,6 +456,8 @@ static void check_parent_match(sd_device_enumerator *e, sd_device *dev) { + + TEST(sd_device_enumerator_add_match_parent) { + _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; ++ /* Some devices have thousands of children. Avoid spending too much time in the double loop below. */ ++ unsigned iterations = 200; + int r; + + assert_se(sd_device_enumerator_new(&e) >= 0); +@@ -473,6 +475,9 @@ TEST(sd_device_enumerator_add_match_parent) { + const char *syspath; + sd_device *parent; + ++ if (iterations-- == 0) ++ break; ++ + assert_se(sd_device_get_syspath(dev, &syspath) >= 0); + + r = sd_device_get_parent(dev, &parent); +@@ -501,6 +506,8 @@ TEST(sd_device_enumerator_add_match_parent) { + + TEST(sd_device_get_child) { + _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; ++ /* Some devices have thousands of children. Avoid spending too much time in the double loop below. */ ++ unsigned iterations = 3000; + int r; + + assert_se(sd_device_enumerator_new(&e) >= 0); +@@ -534,6 +541,9 @@ TEST(sd_device_get_child) { + FOREACH_DEVICE_CHILD_WITH_SUFFIX(parent, child, suffix) { + const char *s; + ++ if (iterations-- == 0) ++ return; ++ + assert_se(child); + assert_se(suffix); + diff --git a/systemd.spec b/systemd.spec index 95ff25e..1cb135b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -141,6 +141,9 @@ Patch: 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch + +# Backport of CI fix +Patch: 0001-test-sd-device-limit-the-number-of-iterations-when-t.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From f6af46db12a93d9bc8ab097f2fe2b4887543ff80 Mon Sep 17 00:00:00 2001 From: LuK1337 Date: Fri, 18 Apr 2025 00:18:57 +0200 Subject: [PATCH 089/148] Backport adb/fastboot udev rules (BZ#2356537) --- 36939.patch | 44 ++++++++++++++++++++++++++++++++++++++++++++ systemd.spec | 4 ++++ 2 files changed, 48 insertions(+) create mode 100644 36939.patch diff --git a/36939.patch b/36939.patch new file mode 100644 index 0000000..a90d8cc --- /dev/null +++ b/36939.patch @@ -0,0 +1,44 @@ +From 1bd33efc903923b551cfde93457d0c446f7ec253 Mon Sep 17 00:00:00 2001 +From: LuK1337 +Date: Tue, 1 Apr 2025 22:23:06 +0200 +Subject: [PATCH] rules: Make ADB and fastboot work out-of-the-box + +https://android.googlesource.com/platform/packages/modules/adb/+/d0db47dcdf941673f405e1095e6ffb5e565902e5/adb.h#199 +https://android.googlesource.com/platform/system/core/+/7199051aaf0ddfa2849650933119307327d8669c/fastboot/fastboot.cpp#244 +--- + rules.d/70-uaccess.rules.in | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/rules.d/70-uaccess.rules.in b/rules.d/70-uaccess.rules.in +index 046f169e447b9..96b61cec32b25 100644 +--- a/rules.d/70-uaccess.rules.in ++++ b/rules.d/70-uaccess.rules.in +@@ -77,6 +77,20 @@ ENV{DDC_DEVICE}=="?*", TAG+="uaccess" + # media player raw devices (for user-mode drivers, Android SDK, etc.) + SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="uaccess" + ++# Android devices (ADB DbC, ADB, Fastboot) ++# Used to interact with devices over Android Debug Bridge and Fastboot protocols, see: ++# * https://developer.android.com/tools/adb ++# * https://source.android.com/docs/setup/test/running ++# * https://source.android.com/docs/setup/test/flash ++# ++# The bInterfaceClass and bInterfaceSubClass used are documented in source code here: ++# * https://android.googlesource.com/platform/packages/modules/adb/+/d0db47dcdf941673f405e1095e6ffb5e565902e5/adb.h#199 ++# * https://android.googlesource.com/platform/system/core/+/7199051aaf0ddfa2849650933119307327d8669c/fastboot/fastboot.cpp#244 ++# ++# Since it's using a generic vendor specific interface class, this can potentially result ++# in a rare case where non-ADB/Fastboot device ends up with an ID_DEBUG_APPLIANCE="android". ++SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:dc0201:*|*:ff4201:*|*:ff4203:*", ENV{ID_DEBUG_APPLIANCE}="android" ++ + # software-defined radio communication devices + ENV{ID_SOFTWARE_RADIO}=="?*", TAG+="uaccess" + +@@ -111,4 +125,7 @@ SUBSYSTEM=="hidraw", ENV{ID_HARDWARE_WALLET}=="1", TAG+="uaccess" + # As defined in https://en.wikipedia.org/wiki/3Dconnexion + SUBSYSTEM=="hidraw", ENV{ID_INPUT_3D_MOUSE}=="1", TAG+="uaccess" + ++# Debug interfaces (e.g. Android Debug Bridge) ++ENV{ID_DEBUG_APPLIANCE}=="?*", TAG+="uaccess" ++ + LABEL="uaccess_end" diff --git a/systemd.spec b/systemd.spec index 1cb135b..fa5ad80 100644 --- a/systemd.spec +++ b/systemd.spec @@ -138,6 +138,10 @@ Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch # https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers. Patch: 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch +# Backport of adb/fastboot udev rules: +# https://bugzilla.redhat.com/show_bug.cgi?id=2356537 +Patch: https://github.com/systemd/systemd/pull/36939.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch From 451184cbea3d4dfc9310fd6abe47221d942ad0ab Mon Sep 17 00:00:00 2001 From: LuK1337 Date: Fri, 2 May 2025 09:54:13 +0200 Subject: [PATCH 090/148] Revert "Disable freezing of user sessions" This breaks suspend on my machine as of Linux 6.14, furthermore both linked issues in rhbz#2321268 are closed and fixed in Linux upstream. This reverts commit 6162965002f9e6052e0ce8d6810028da4679e55a. --- systemd.spec | 9 --------- 1 file changed, 9 deletions(-) diff --git a/systemd.spec b/systemd.spec index fa5ad80..4949a58 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1111,15 +1111,6 @@ mv %{buildroot}/usr/lib/tmpfiles.d/20-systemd-userdb.conf{,.example} install -m 0644 -t %{buildroot}%{_prefix}/lib/pam.d/ %{SOURCE26} -# Disable freezing of user sessions while we're working out the details. -mkdir -p %{buildroot}/usr/lib/systemd/system/service.d/ -cat >>%{buildroot}/usr/lib/systemd/system/service.d/50-keep-warm.conf < Date: Thu, 8 May 2025 14:14:40 +0200 Subject: [PATCH 091/148] Move mount.ddi symlinks to -container subpackage Those symlinks point to systemd-dissect, so with just the main subpackage installed, the symlink was dangling. --- split-files.py | 1 + 1 file changed, 1 insertion(+) diff --git a/split-files.py b/split-files.py index 61c539e..9afeaeb 100644 --- a/split-files.py +++ b/split-files.py @@ -148,6 +148,7 @@ for file in files(buildroot): elif re.search(r'''mymachines| machinectl| + mount.ddi| importctl| portablectl| systemd-nspawn| From 5a53eac13c5e0c1c1700957420fd19ecf4a6aab9 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Tue, 20 May 2025 12:48:35 +0200 Subject: [PATCH 092/148] Package pcrlock files together with systemd-pcrlock ... (rhbz#2366948) --- split-files.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/split-files.py b/split-files.py index 9afeaeb..0cf0f6c 100644 --- a/split-files.py +++ b/split-files.py @@ -129,7 +129,7 @@ for file in files(buildroot): o = outputs['shared'] elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n): o = outputs['udev'] - elif re.search(r'/lib.*\.pc|/man3/|/usr/include|\.so$', n): + elif re.search(r'/lib.*\.pc$|/man3/|/usr/include|\.so$', n): o = outputs['devel'] elif re.search(r'''journal-(remote|gateway|upload)| systemd-remote\.conf| @@ -234,7 +234,8 @@ for file in files(buildroot): integritytab| remount-fs| /initrd| - systemd-pcr| + systemd[.-]pcr| + /pcrlock\.d| systemd-measure| /boot$| /kernel/| From ed6b885327a9a46dc692576220e2187b9b6ff0e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 29 May 2025 18:57:50 +0200 Subject: [PATCH 093/148] Version 257.6 - Fix for local information disclosure in systemd-coredump (CVE-2025-4598) - Fixes for systemd itself, run0, systemd-networkd, "secure" pager, man pages, shell completions, sd-boot, sd-varlink - Hardware database update --- ...imit-the-number-of-iterations-when-t.patch | 62 ------------------- 36939.patch | 44 ------------- sources | 2 +- systemd.spec | 12 +--- 4 files changed, 4 insertions(+), 116 deletions(-) delete mode 100644 0001-test-sd-device-limit-the-number-of-iterations-when-t.patch delete mode 100644 36939.patch diff --git a/0001-test-sd-device-limit-the-number-of-iterations-when-t.patch b/0001-test-sd-device-limit-the-number-of-iterations-when-t.patch deleted file mode 100644 index 8b9dddc..0000000 --- a/0001-test-sd-device-limit-the-number-of-iterations-when-t.patch +++ /dev/null @@ -1,62 +0,0 @@ -From e35435b0a11e6c61c8c43b0cf8dc65a563b4a670 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 10 Apr 2025 13:51:21 +0200 -Subject: [PATCH] test-sd-device: limit the number of iterations when testing - device parent/child functions - -The test "hangs" and times out on some arm64 machines. It actually works as -expected, but the machine has 2016 children under /sys/devices/system/memory/, -and the tests do a double loop over this, which is slow enough to hit the 120 s -limit. Add a limit on the number of iterations. - -Another option would be to exclude "memory" subsystem. But we may have other -subsystems which have the same problem in the future, so I think it'll be more -robust to not try to limit the fix to a specific subsystem. - -(cherry picked from commit 74cb65e45fbf3468cf6b522e4b4fa568d95f12c6) ---- - src/libsystemd/sd-device/test-sd-device.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/src/libsystemd/sd-device/test-sd-device.c b/src/libsystemd/sd-device/test-sd-device.c -index 620615b6bb..aa235cf8d0 100644 ---- a/src/libsystemd/sd-device/test-sd-device.c -+++ b/src/libsystemd/sd-device/test-sd-device.c -@@ -456,6 +456,8 @@ static void check_parent_match(sd_device_enumerator *e, sd_device *dev) { - - TEST(sd_device_enumerator_add_match_parent) { - _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; -+ /* Some devices have thousands of children. Avoid spending too much time in the double loop below. */ -+ unsigned iterations = 200; - int r; - - assert_se(sd_device_enumerator_new(&e) >= 0); -@@ -473,6 +475,9 @@ TEST(sd_device_enumerator_add_match_parent) { - const char *syspath; - sd_device *parent; - -+ if (iterations-- == 0) -+ break; -+ - assert_se(sd_device_get_syspath(dev, &syspath) >= 0); - - r = sd_device_get_parent(dev, &parent); -@@ -501,6 +506,8 @@ TEST(sd_device_enumerator_add_match_parent) { - - TEST(sd_device_get_child) { - _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; -+ /* Some devices have thousands of children. Avoid spending too much time in the double loop below. */ -+ unsigned iterations = 3000; - int r; - - assert_se(sd_device_enumerator_new(&e) >= 0); -@@ -534,6 +541,9 @@ TEST(sd_device_get_child) { - FOREACH_DEVICE_CHILD_WITH_SUFFIX(parent, child, suffix) { - const char *s; - -+ if (iterations-- == 0) -+ return; -+ - assert_se(child); - assert_se(suffix); - diff --git a/36939.patch b/36939.patch deleted file mode 100644 index a90d8cc..0000000 --- a/36939.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 1bd33efc903923b551cfde93457d0c446f7ec253 Mon Sep 17 00:00:00 2001 -From: LuK1337 -Date: Tue, 1 Apr 2025 22:23:06 +0200 -Subject: [PATCH] rules: Make ADB and fastboot work out-of-the-box - -https://android.googlesource.com/platform/packages/modules/adb/+/d0db47dcdf941673f405e1095e6ffb5e565902e5/adb.h#199 -https://android.googlesource.com/platform/system/core/+/7199051aaf0ddfa2849650933119307327d8669c/fastboot/fastboot.cpp#244 ---- - rules.d/70-uaccess.rules.in | 17 +++++++++++++++++ - 1 file changed, 17 insertions(+) - -diff --git a/rules.d/70-uaccess.rules.in b/rules.d/70-uaccess.rules.in -index 046f169e447b9..96b61cec32b25 100644 ---- a/rules.d/70-uaccess.rules.in -+++ b/rules.d/70-uaccess.rules.in -@@ -77,6 +77,20 @@ ENV{DDC_DEVICE}=="?*", TAG+="uaccess" - # media player raw devices (for user-mode drivers, Android SDK, etc.) - SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="uaccess" - -+# Android devices (ADB DbC, ADB, Fastboot) -+# Used to interact with devices over Android Debug Bridge and Fastboot protocols, see: -+# * https://developer.android.com/tools/adb -+# * https://source.android.com/docs/setup/test/running -+# * https://source.android.com/docs/setup/test/flash -+# -+# The bInterfaceClass and bInterfaceSubClass used are documented in source code here: -+# * https://android.googlesource.com/platform/packages/modules/adb/+/d0db47dcdf941673f405e1095e6ffb5e565902e5/adb.h#199 -+# * https://android.googlesource.com/platform/system/core/+/7199051aaf0ddfa2849650933119307327d8669c/fastboot/fastboot.cpp#244 -+# -+# Since it's using a generic vendor specific interface class, this can potentially result -+# in a rare case where non-ADB/Fastboot device ends up with an ID_DEBUG_APPLIANCE="android". -+SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:dc0201:*|*:ff4201:*|*:ff4203:*", ENV{ID_DEBUG_APPLIANCE}="android" -+ - # software-defined radio communication devices - ENV{ID_SOFTWARE_RADIO}=="?*", TAG+="uaccess" - -@@ -111,4 +125,7 @@ SUBSYSTEM=="hidraw", ENV{ID_HARDWARE_WALLET}=="1", TAG+="uaccess" - # As defined in https://en.wikipedia.org/wiki/3Dconnexion - SUBSYSTEM=="hidraw", ENV{ID_INPUT_3D_MOUSE}=="1", TAG+="uaccess" - -+# Debug interfaces (e.g. Android Debug Bridge) -+ENV{ID_DEBUG_APPLIANCE}=="?*", TAG+="uaccess" -+ - LABEL="uaccess_end" diff --git a/sources b/sources index eb2dbfc..3600679 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.5.tar.gz) = 9e5352c20c9edac53f302a534532035185139998628ed0a85411f440df47f1dd7cce6651aec787484809bb1aa2825008d062714c37936cbfd08451fbe29a998f +SHA512 (systemd-257.6.tar.gz) = ceed65196d4235f53db00f5970eadff79149629d8c34f79593d0b326ece536ea0b4f97192458989b5fccbd9438bb2dbb0abda2a5e6c3449a709c9a0889e29d3d diff --git a/systemd.spec b/systemd.spec index 4949a58..990e4b1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -67,7 +67,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:257.5} +Version: %{?version_override}%{!?version_override:257.6} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif @@ -128,6 +128,8 @@ Patch: https://github.com/systemd/systemd/pull/26494.patch %endif %if %{without upstream} +# Those are downstream-only patches, but we don't want them in packit builds. + # Temporarily drop use of PrivateTmp=disconnected. This is causing failures # in various places: # https://bugzilla.redhat.com/show_bug.cgi?id=2334015 @@ -138,16 +140,8 @@ Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch # https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers. Patch: 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch -# Backport of adb/fastboot udev rules: -# https://bugzilla.redhat.com/show_bug.cgi?id=2356537 -Patch: https://github.com/systemd/systemd/pull/36939.patch - -# Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch - -# Backport of CI fix -Patch: 0001-test-sd-device-limit-the-number-of-iterations-when-t.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From 92c16c1daba4375f394b256d6dc2198232edbc87 Mon Sep 17 00:00:00 2001 From: Matteo Croce Date: Wed, 16 Apr 2025 15:39:33 +0200 Subject: [PATCH 094/148] Let systemd-{sysusers,shared} conflict with older systemd When downgrading to package versions before 257.3-6 we have this error: Error: Transaction test error: file /usr/bin/systemd-sysusers from install of systemd-257-9.el10.x86_64 conflicts with file from package systemd-sysusers-258~devel-20250416115850.el10.x86_64 Add Conflicts on systemd-sysusers subpackage to allow downgrades across version 257.3-6. --- systemd.spec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/systemd.spec b/systemd.spec index 990e4b1..977a88f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -389,6 +389,10 @@ Libraries for systemd and udev. %package shared Summary: Internal systemd shared library License: LGPL-2.1-or-later AND MIT +# in 257.3-6 /usr/lib64/systemd/libsystemd-shared-257.2-14.fc42.so +# was moved from package systemd to systemd-shared. +# Add a conflit to allow downgrades across this change. +Conflicts: %{name} < 257.3-6 %description shared Internal libraries used by various systemd binaries. @@ -415,6 +419,9 @@ for information how to use those macros. Summary: systemd-sysusers program Requires: %{name}-shared%{_isa} = %{version}-%{release} Conflicts: %{name}-standalone-sysusers +# in 257.3-6 /usr/bin/systemd-sysusers was moved from package systemd +# to systemd-sysusers. Add a conflit to allow downgrades across this change. +Conflicts: %{name} < 257.3-6 %description sysusers This package contains the systemd-sysusers program. From 7de88c66bdc26920db570e67ef74e579f8461d9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 5 Jun 2025 01:08:22 +0200 Subject: [PATCH 095/148] Do not mark symlinks as %ghost When testing build reproducibility, we got the following result: + rpmdiff cache/rpms/systemd-257.6-1.fc43/systemd-257.6-1.fc43.x86_64.rpm \ cache/build/systemd-257.6-1.fc43/rebuild/systemd-257.6-1.fc43.x86_64.rpm ......V..F. /etc/xdg/systemd/user This is because we'd apply %ghost to a symlink to a directory, if the directory stat reported 0 blocks. It seems that this depends on the filesystem type or something and didn't pop up in previous rebuilds. The first chunk is a noop to increase clarity. The resulting difference from this patch in the file list: $ diff -u systemd-257.6-build/systemd-257.6/.file-list-main{.0,} -%config(noreplace) %ghost /etc/xdg/systemd/user +%config(noreplace) /etc/xdg/systemd/user --- split-files.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/split-files.py b/split-files.py index 0cf0f6c..d533c51 100644 --- a/split-files.py +++ b/split-files.py @@ -270,13 +270,13 @@ for file in files(buildroot): if n in known_files: prefix = known_files[n].split()[:-1] - elif file.is_dir() and not file.is_symlink(): + elif file.is_dir(follow_symlinks=False): prefix = ['%dir'] elif 'README' in n: prefix = ['%doc'] elif n.startswith('/etc'): prefix = ['%config(noreplace)'] - if file.stat().st_size == 0: + if not file.is_symlink() and file.stat().st_size == 0: prefix += ['%ghost'] else: prefix = [] From 5d30fd3b269b979fb982df7439aac568ddf5e53c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 26 Jun 2025 14:17:05 +0200 Subject: [PATCH 096/148] Version 257.7 - Fixes for systemd itself, systemd-repart, systemd-resolved, systemd-vmspawn, systemd-networkd, resolvectl, bootctl, the shared library code, man pages, shell completions, and tests. - Hardware database is updated. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 3600679..5c43434 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.6.tar.gz) = ceed65196d4235f53db00f5970eadff79149629d8c34f79593d0b326ece536ea0b4f97192458989b5fccbd9438bb2dbb0abda2a5e6c3449a709c9a0889e29d3d +SHA512 (systemd-257.7.tar.gz) = fdc7c0153432b261ad8018c869dc714ce1d6d2a8428bdec46f7c5f120b196d3a553a375ae433f0c166c57b6e8b3c56549f585349b7b6ff83c2a86a32982d8411 diff --git a/systemd.spec b/systemd.spec index 977a88f..d57bd48 100644 --- a/systemd.spec +++ b/systemd.spec @@ -67,7 +67,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:257.6} +Version: %{?version_override}%{!?version_override:257.7} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From 40b38a04d27fd2a8b6fc277df67e14a0abbb3cfc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 2 Jul 2025 16:21:29 +0200 Subject: [PATCH 097/148] Build docs on 64-bit architectures only In the light of the recent discussion about dropping i686 packages, let's stop building our docs there. This reduces the amount of tools needed in the mock root. Unfortunately we need to move the man page out of the noarch ukify subpackage, because it needs to be the same on all architectures where it is built. --- split-files.py | 2 +- systemd.spec | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/split-files.py b/split-files.py index d533c51..5b20b85 100644 --- a/split-files.py +++ b/split-files.py @@ -121,7 +121,7 @@ for file in files(buildroot): o = outputs['rpm-macros'] elif '/usr/lib/systemd/tests' in n: o = outputs['tests'] - elif 'ukify' in n: + elif 'ukify' in n and '/man/' not in n: o = outputs['ukify'] elif re.search(r'/libsystemd-core-.*\.so$', n): o = outputs['main'] diff --git a/systemd.spec b/systemd.spec index d57bd48..056f7a6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -24,7 +24,8 @@ %bcond bootstrap 0 %bcond tests 1 %bcond lto 1 -%bcond docs 1 +# Build docs on 64-bit architectures only +%bcond docs %[%{?__isa_bits} >= 64] # Build from git main %bcond upstream 0 From ed7d2f11320e3d185bb378abdf422541b845bad4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 8 Jul 2025 12:50:10 +0200 Subject: [PATCH 098/148] Add "test" that LTO effectively removes unused code from shared lib --- systemd.spec | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/systemd.spec b/systemd.spec index 056f7a6..9f1c661 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1128,6 +1128,14 @@ BRP_PESIGN_FILES=/usr/lib/systemd/boot/efi/systemd-boot%{efi_arch}.efi BRP_PESIG meson test -C %{_vpath_builddir} -t 6 --print-errorlogs %endif +%if %{with lto} +# Make sure that LTO is effective at removing unused code. When compiled +# without LTO, we end up with all of libbasic_static.a in libsystemd.so. +# For example, all the configuration stuff is not needed for libsystemd.so. +# Make sure it is gone. +(! strings %{buildroot}%{_libdir}/libsystemd.so | grep Config) +%endif + ############################################################################################# %if %{without upstream} || (0%{?fedora} < 41 && 0%{?rhel} < 11) From 98cc5fd91a04856a5d5c6a4c41f3294327e14146 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 23 Jul 2025 22:50:45 +0200 Subject: [PATCH 099/148] Version 258~rc1 - See https://raw.githubusercontent.com/systemd/systemd/v258-rc1/NEWS. Too many changes to list or discuss here. --- ...dit-events-for-user-and-group-creati.patch | 287 ------------------ 30846.patch | 15 +- sources | 2 +- split-files.py | 2 +- systemd.spec | 15 +- 5 files changed, 17 insertions(+), 304 deletions(-) delete mode 100644 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch diff --git a/0002-sysusers-emit-audit-events-for-user-and-group-creati.patch b/0002-sysusers-emit-audit-events-for-user-and-group-creati.patch deleted file mode 100644 index d442f5a..0000000 --- a/0002-sysusers-emit-audit-events-for-user-and-group-creati.patch +++ /dev/null @@ -1,287 +0,0 @@ -From 398049208b4aae5f2a9f0d4914dee6ab6e101118 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 10 Jan 2025 15:35:13 +0100 -Subject: [PATCH 2/2] sysusers: emit audit events for user and group creation - -Background: Fedora/RHEL are switching to sysusers.d metadata for creation of -users and groups for system users defined by packages -(https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers). -Packages carry sysusers files. During package installation, rpm calls an -program to execute on this config. This program may either be -/usr/lib/rpm/sysusers.sh which calls useradd/groupadd, or -/usr/bin/systemd-sysusers. To match the functionality provided by -useradd/groupadd from the shadow-utils project, systemd-sysusers must emit -audit events so that it provides a drop-in replacement. - -systemd-sysuers will emit audit events AUDIT_ADD_USER/AUDIT_ADD_GROUP when -adding users and groups. The operation "names" are copied from shadow-utils in -Fedora (which has a patch to change them from the upstream version), so the -format of the events that is generated on success should be identical. - -The helper code is shared between sysusers and utmp-wtmp. I changed the -audit_fd variable to be unconditional. This way we can avoid ugly iffdefery -every time the variable would be used. The cost is that 4 bytes of unused -storage might be present. This is negligible, and the compiler might even be -able to optimize that away if it inlines things. ---- - src/basic/audit-util.h | 33 +++++++++++++++++++++ - src/sysusers/meson.build | 2 ++ - src/sysusers/sysusers.c | 56 +++++++++++++++++++++++++++++++++++ - src/update-utmp/update-utmp.c | 23 ++------------ - 4 files changed, 94 insertions(+), 20 deletions(-) - -diff --git a/src/basic/audit-util.h b/src/basic/audit-util.h -index 9a74e4f102..d8ecf14f69 100644 ---- a/src/basic/audit-util.h -+++ b/src/basic/audit-util.h -@@ -1,10 +1,16 @@ - /* SPDX-License-Identifier: LGPL-2.1-or-later */ - #pragma once - -+#if HAVE_AUDIT -+# include -+#endif -+ - #include - #include - #include - -+#include "errno-util.h" -+#include "log.h" - #include "pidref.h" - - #define AUDIT_SESSION_INVALID UINT32_MAX -@@ -17,3 +23,30 @@ bool use_audit(void); - static inline bool audit_session_is_valid(uint32_t id) { - return id > 0 && id != AUDIT_SESSION_INVALID; - } -+ -+/* The wrappers for audit_open() and audit_close() are inline functions so that we don't get a spurious -+ * linkage to libaudit in libbasic, but we also don't need to create a separate source file for two very -+ * short functions. */ -+ -+static inline int close_audit_fd(int fd) { -+#if HAVE_AUDIT -+ if (fd >= 0) -+ audit_close(fd); -+#else -+ assert(fd < 0); -+#endif -+ return -EBADF; -+} -+ -+static inline int open_audit_fd_or_warn(void) { -+ int fd = -EBADF; -+ -+#if HAVE_AUDIT -+ /* If the kernel lacks netlink or audit support, don't worry about it. */ -+ fd = audit_open(); -+ if (fd < 0) -+ return log_full_errno(ERRNO_IS_NOT_SUPPORTED(errno) ? LOG_DEBUG : LOG_WARNING, -+ errno, "Failed to connect to audit log, ignoring: %m"); -+#endif -+ return fd; -+} -diff --git a/src/sysusers/meson.build b/src/sysusers/meson.build -index 123ff41d3f..c968f55110 100644 ---- a/src/sysusers/meson.build -+++ b/src/sysusers/meson.build -@@ -9,6 +9,7 @@ executables += [ - 'name' : 'systemd-sysusers', - 'public' : true, - 'sources' : files('sysusers.c'), -+ 'dependencies' : libaudit, - }, - executable_template + { - 'name' : 'systemd-sysusers.standalone', -@@ -20,6 +21,7 @@ executables += [ - libshared_static, - libsystemd_static, - ], -+ 'dependencies' : libaudit, - 'build_by_default' : have_standalone_binaries, - 'install' : have_standalone_binaries, - }, -diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c -index 44253483db..84eb9fc0c3 100644 ---- a/src/sysusers/sysusers.c -+++ b/src/sysusers/sysusers.c -@@ -3,6 +3,7 @@ - #include - - #include "alloc-util.h" -+#include "audit-util.h" - #include "build.h" - #include "chase.h" - #include "conf-files.h" -@@ -106,6 +107,8 @@ STATIC_DESTRUCTOR_REGISTER(arg_image, freep); - STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep); - - typedef struct Context { -+ int audit_fd; -+ - OrderedHashmap *users, *groups; - OrderedHashmap *todo_uids, *todo_gids; - OrderedHashmap *members; -@@ -126,6 +129,8 @@ typedef struct Context { - static void context_done(Context *c) { - assert(c); - -+ c->audit_fd = close_audit_fd(c->audit_fd); -+ - ordered_hashmap_free(c->groups); - ordered_hashmap_free(c->users); - ordered_hashmap_free(c->members); -@@ -163,6 +168,48 @@ static void maybe_emit_login_defs_warning(Context *c) { - c->login_defs_need_warning = false; - } - -+static void log_audit_accounts(Context *c, ItemType what) { -+#if HAVE_AUDIT -+ assert(c); -+ assert(IN_SET(what, ADD_USER, ADD_GROUP)); -+ -+ if (arg_dry_run || c->audit_fd < 0) -+ return; -+ -+ Item *i; -+ int type = what == ADD_USER ? AUDIT_ADD_USER : AUDIT_ADD_GROUP; -+ const char *op = what == ADD_USER ? "adding-user" : "adding-group"; -+ -+ /* Notes: -+ * -+ * The op must not contain whitespace. The format with a dash matches what Fedora shadow-utils uses. -+ * -+ * We send id == -1, even though we know the number, in particular on success. This is because if we -+ * send the id, the generated audit message will not contain the name. The name seems more useful -+ * than the number, hence send just the name: -+ * -+ * type=ADD_USER msg=audit(01/10/2025 16:02:00.639:3854) : -+ * pid=3846380 uid=root auid=zbyszek ses=2 msg='op=adding-user id=unknown(952) exe=systemd-sysusers ... res=success' -+ * vs. -+ * type=ADD_USER msg=audit(01/10/2025 16:03:15.457:3908) : -+ * pid=3846607 uid=root auid=zbyszek ses=2 msg='op=adding-user acct=foo5 exe=systemd-sysusers ... res=success' -+ */ -+ -+ ORDERED_HASHMAP_FOREACH(i, what == ADD_USER ? c->todo_uids : c->todo_gids) -+ audit_log_acct_message( -+ c->audit_fd, -+ type, -+ program_invocation_short_name, -+ op, -+ i->name, -+ /* id= */ (unsigned) -1, -+ /* host= */ NULL, -+ /* addr= */ NULL, -+ /* tty= */ NULL, -+ /* success= */ 1); -+#endif -+} -+ - static int load_user_database(Context *c) { - _cleanup_fclose_ FILE *f = NULL; - const char *passwd_path; -@@ -971,6 +1018,8 @@ static int write_files(Context *c) { - group_tmp, group_path); - group_tmp = mfree(group_tmp); - } -+ /* OK, we have written the group entries successfully */ -+ log_audit_accounts(c, ADD_GROUP); - if (gshadow) { - r = rename_and_apply_smack_floor_label(gshadow_tmp, gshadow_path); - if (r < 0) -@@ -988,6 +1037,8 @@ static int write_files(Context *c) { - - passwd_tmp = mfree(passwd_tmp); - } -+ /* OK, we have written the user entries successfully */ -+ log_audit_accounts(c, ADD_USER); - if (shadow) { - r = rename_and_apply_smack_floor_label(shadow_tmp, shadow_path); - if (r < 0) -@@ -2232,6 +2283,7 @@ static int run(int argc, char *argv[]) { - #endif - _cleanup_close_ int lock = -EBADF; - _cleanup_(context_done) Context c = { -+ .audit_fd = -EBADF, - .search_uid = UID_INVALID, - }; - -@@ -2281,6 +2333,10 @@ static int run(int argc, char *argv[]) { - assert(!arg_image); - #endif - -+ /* Prepare to emit audit events, but only if we're operating on the host system. */ -+ if (!arg_root) -+ c.audit_fd = open_audit_fd_or_warn(); -+ - /* If command line arguments are specified along with --replace, read all configuration files and - * insert the positional arguments at the specified place. Otherwise, if command line arguments are - * specified, execute just them, and finally, without --replace= or any positional arguments, just -diff --git a/src/update-utmp/update-utmp.c b/src/update-utmp/update-utmp.c -index a10e6d478a..6df9414063 100644 ---- a/src/update-utmp/update-utmp.c -+++ b/src/update-utmp/update-utmp.c -@@ -5,12 +5,9 @@ - #include - #include - --#if HAVE_AUDIT --#include --#endif -- - #include "sd-bus.h" - -+#include "audit-util.h" - #include "alloc-util.h" - #include "bus-error.h" - #include "bus-locator.h" -@@ -30,20 +27,14 @@ - - typedef struct Context { - sd_bus *bus; --#if HAVE_AUDIT - int audit_fd; --#endif - } Context; - - static void context_clear(Context *c) { - assert(c); - - c->bus = sd_bus_flush_close_unref(c->bus); --#if HAVE_AUDIT -- if (c->audit_fd >= 0) -- audit_close(c->audit_fd); -- c->audit_fd = -EBADF; --#endif -+ c->audit_fd = close_audit_fd(c->audit_fd); - } - - static int get_startup_monotonic_time(Context *c, usec_t *ret) { -@@ -256,22 +247,14 @@ static int run(int argc, char *argv[]) { - }; - - _cleanup_(context_clear) Context c = { --#if HAVE_AUDIT - .audit_fd = -EBADF, --#endif - }; - - log_setup(); - - umask(0022); - --#if HAVE_AUDIT -- /* If the kernel lacks netlink or audit support, don't worry about it. */ -- c.audit_fd = audit_open(); -- if (c.audit_fd < 0) -- log_full_errno(IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT) ? LOG_DEBUG : LOG_WARNING, -- errno, "Failed to connect to audit log, ignoring: %m"); --#endif -+ c.audit_fd = open_audit_fd_or_warn(); - - return dispatch_verb(argc, argv, verbs, &c); - } --- -2.47.1 - diff --git a/30846.patch b/30846.patch index ca9cffb..77da69f 100644 --- a/30846.patch +++ b/30846.patch @@ -1,4 +1,4 @@ -From 9e3d6b193d79ce447cd329617ada941f331570a9 Mon Sep 17 00:00:00 2001 +From 07bedc8f93277f705622625f440a1f56ccff1cd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 9 Jan 2024 11:28:04 +0100 Subject: [PATCH] journal: again create user journals for users with high uids @@ -39,17 +39,18 @@ revert the change to fix user systems. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843. --- - src/basic/uid-classification.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + src/basic/uid-classification.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/basic/uid-classification.c b/src/basic/uid-classification.c -index e2d2cebc6de27..2c8b06c0d3088 100644 +index 203ce2c68a..2eb384395d 100644 --- a/src/basic/uid-classification.c +++ b/src/basic/uid-classification.c -@@ -127,5 +127,5 @@ bool uid_for_system_journal(uid_t uid) { +@@ -129,5 +129,6 @@ bool uid_for_system_journal(uid_t uid) { /* Returns true if the specified UID shall get its data stored in the system journal. */ -- return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY || uid_is_container(uid); -+ return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY; +- return uid_is_system(uid) || uid_is_dynamic(uid) || uid_is_greeter(uid) || uid == UID_NOBODY || uid_is_container(uid) || uid_is_foreign(uid); ++ return uid_is_system(uid) || uid_is_dynamic(uid) || uid_is_greeter(uid) || uid == UID_NOBODY || uid_is_foreign(uid); ++ } diff --git a/sources b/sources index 5c43434..f685aed 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.7.tar.gz) = fdc7c0153432b261ad8018c869dc714ce1d6d2a8428bdec46f7c5f120b196d3a553a375ae433f0c166c57b6e8b3c56549f585349b7b6ff83c2a86a32982d8411 +SHA512 (systemd-258-rc1.tar.gz) = 4dff1d4de6deb085cfa6827208692fe84a3adfe04f048d7a88e6f980ce11afee3cc53f2e7f1bc878480f24a085c0acff84b64c150032dde235a279c742dbff08 diff --git a/split-files.py b/split-files.py index 5b20b85..8405956 100644 --- a/split-files.py +++ b/split-files.py @@ -155,7 +155,7 @@ for file in files(buildroot): systemd\.nspawn| systemd-vmspawn| systemd-dissect| - import-pubring.gpg| + import-pubring| systemd-machined| systemd-import| systemd-export| diff --git a/systemd.spec b/systemd.spec index 9f1c661..cbbce96 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:257.7} +Version: %{?version_override}%{!?version_override:258~rc1} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif @@ -84,7 +84,7 @@ Summary: System and Service Manager # packit will always rewrite the first Source0 it finds, ignoring any conditionals so list # the fallback source that's used if neither %%branch nor %%commit are defined first. %if %{undefined branch} && %{undefined commit} -Source0: https://github.com/systemd/systemd/archive/v%{version}/%{name}-%{version}.tar.gz +Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %elif %{defined branch} Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz %elif %{defined commit} @@ -137,10 +137,6 @@ Patch: https://github.com/systemd/systemd/pull/26494.patch # https://github.com/coreos/fedora-coreos-tracker/issues/1857 Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch -# Backport of sysusers audit support for -# https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers. -Patch: 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch - # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch %endif @@ -500,6 +496,10 @@ Obsoletes: u2f-hidraw-policy < 1.0.2-40 Conflicts: %{name}-standalone-repart Provides: %{name}-repart = %{version}-%{release} +# Newer versions of those are required to support X11 keycode remapping +Conflicts: xorg-x11-drv-evdev < 2.11.0 +Conflicts: xorg-x11-drv-libinput < 1.5.0 + %if "%{_sbindir}" == "%{_bindir}" # Compat symlinks for Requires in other packages. # We rely on filesystem to create the symlinks for us. @@ -741,7 +741,7 @@ main systemd package and is meant for use in exitrds. %elif %{defined commit} %autosetup -n %{name}-%{commit} -p1 %else -%autosetup -n %{name}-%{version} -p1 +%autosetup -n %{name}-%{version_no_tilde} -p1 %endif # Disable user lockdown until rpm implements it natively. @@ -804,7 +804,6 @@ CONFIGURE_OPTS=( -Dacl=enabled -Dsmack=true -Dopenssl=enabled - -Dcryptolib=openssl -Dp11kit=enabled -Dgcrypt=disabled -Daudit=enabled From 8d1645af7549815a89b8262621be4c95afa4201f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 25 Jul 2025 14:08:10 +0200 Subject: [PATCH 100/148] Use again %{version} when building in OBS %{version_no_tilde} no work. [skip changelog] --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index cbbce96..5911992 100644 --- a/systemd.spec +++ b/systemd.spec @@ -740,6 +740,8 @@ main systemd package and is meant for use in exitrds. %autosetup -n %{name}-%{branch} -p1 %elif %{defined commit} %autosetup -n %{name}-%{commit} -p1 +%elif %{with obs} +%autosetup -n %{name}-%{version} -p1 %else %autosetup -n %{name}-%{version_no_tilde} -p1 %endif From 2ace9416e85dd4759f7c0db4bb79d2bc9302dd77 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 25 Jul 2025 18:05:35 +0200 Subject: [PATCH 101/148] obs: also use version with tilde for Source0 [skip changelog] --- systemd.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 5911992..e15b511 100644 --- a/systemd.spec +++ b/systemd.spec @@ -83,7 +83,9 @@ Summary: System and Service Manager # download tarballs with "spectool -g systemd.spec" # packit will always rewrite the first Source0 it finds, ignoring any conditionals so list # the fallback source that's used if neither %%branch nor %%commit are defined first. -%if %{undefined branch} && %{undefined commit} +%if %{with obs} +Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version}.tar.gz +%elif %{undefined branch} && %{undefined commit} Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %elif %{defined branch} Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz From be7a4d0863f5747ca49396db08fec55397d390c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 6 Aug 2025 08:56:51 +0200 Subject: [PATCH 102/148] Version 258~rc2 --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index f685aed..2cde49e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-258-rc1.tar.gz) = 4dff1d4de6deb085cfa6827208692fe84a3adfe04f048d7a88e6f980ce11afee3cc53f2e7f1bc878480f24a085c0acff84b64c150032dde235a279c742dbff08 +SHA512 (systemd-258-rc2.tar.gz) = d864f756fe3288f09b917498fc1a075abe0708f894ff9e5a8fd9d5204f76437e1539a168f55ef2542af33b6e3e9aba8567d0eadb11b936f57be40d209b678c92 diff --git a/systemd.spec b/systemd.spec index e15b511..2363513 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:258~rc1} +Version: %{?version_override}%{!?version_override:258~rc2} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From 1bdb4efe409c912031dba2e44ba5e2b92875cdb7 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 8 Aug 2025 01:59:13 +0100 Subject: [PATCH 103/148] obs: switch to xz for compression [skip changelog] --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 2363513..740cdd8 100644 --- a/systemd.spec +++ b/systemd.spec @@ -84,7 +84,7 @@ Summary: System and Service Manager # packit will always rewrite the first Source0 it finds, ignoring any conditionals so list # the fallback source that's used if neither %%branch nor %%commit are defined first. %if %{with obs} -Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version}.tar.gz +Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version}.tar.xz %elif %{undefined branch} && %{undefined commit} Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %elif %{defined branch} From 50936458a75224fab9b33c5abbae480d14f9bf16 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 8 Aug 2025 01:59:49 +0100 Subject: [PATCH 104/148] obs: move recipe files in place The RPM recipe files for SUSE and Fedora conflict and cannot be both unpacked at the same time (e.g.: triggers.systemd, systemd.spec, etc). The tarballs creation are unconditional. This means the same project build cannot build for both Fedora and SUSE. All other distros can co-habitate in the same project, so that a single repository checkout, single trigger, single everything is used. By storing the RPM recipe files in a separate directory it means they don't conflict anymore, and they are moved in place in the right recipe at the right time. This allows building fedora/suse/centos/debian/ubuntu/arch from a single project. [skip changelog] --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 740cdd8..50eff92 100644 --- a/systemd.spec +++ b/systemd.spec @@ -743,6 +743,8 @@ main systemd package and is meant for use in exitrds. %elif %{defined commit} %autosetup -n %{name}-%{commit} -p1 %elif %{with obs} +# Recipe files in the OBS build are in a distro-specific dir, as they conflict (e.g. with SUSE ones) +mv %{_sourcedir}/%{name}.fedora/* %{_sourcedir} %autosetup -n %{name}-%{version} -p1 %else %autosetup -n %{name}-%{version_no_tilde} -p1 From 1f5ed0da1f0b235e13a06a23fda53eae0d43a9d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 20 Aug 2025 17:01:17 +0200 Subject: [PATCH 105/148] Version 258~rc3 - A large number of fixes in various components - Hardware database and syscall numbers are updated --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 2cde49e..cc03c85 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-258-rc2.tar.gz) = d864f756fe3288f09b917498fc1a075abe0708f894ff9e5a8fd9d5204f76437e1539a168f55ef2542af33b6e3e9aba8567d0eadb11b936f57be40d209b678c92 +SHA512 (systemd-258-rc3.tar.gz) = 166ea5c16dbacdaff6ab205417a2d43a2df7aad4a69c933453beea3cc9a2ac584b147d4bb4bda00e56d8b7bc3db723a29a1818a53c475b494947a60f8608fbbc diff --git a/systemd.spec b/systemd.spec index 50eff92..4e18207 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:258~rc2} +Version: %{?version_override}%{!?version_override:258~rc3} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From 5acde9f1fd649ae82e9ee38e0be18947197dabec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 26 Aug 2025 15:15:17 +0200 Subject: [PATCH 106/148] Add workaround patch to hopefully pass podman CI tests --- 38724.patch | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++ systemd.spec | 2 ++ 2 files changed, 66 insertions(+) create mode 100644 38724.patch diff --git a/38724.patch b/38724.patch new file mode 100644 index 0000000..c639cd0 --- /dev/null +++ b/38724.patch @@ -0,0 +1,64 @@ +From 5bc3a82e81355a0aa1fd25bb6232145f868fac12 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 26 Aug 2025 15:00:02 +0200 +Subject: [PATCH] debug: disable ioctl(PIDFD_GET_INFO) + +In https://bodhi.fedoraproject.org/updates/FEDORA-2025-a0ce059969 it was +reported that the tests fail: + +> Rootless podman tests all show something like this eventually +> +> OCI runtime error: crun: join keyctl `7509a871d2ab7df6549f5cb5bd2d4daf990cc45c0022f116bd0882966ae53f30`: Disk quota exceeded +> +> Each container creates its own keyring but I assume they get leaked so at one +> point we run our of available keyrings and all following tests fail like +> that. Given I only see this on this update and from looking at the podman +> tests logs it only starts happening after we run a bunch of our own systemd +> services I wonder if systemd maybe leaks keyrings and thus it fails? + +After some very tediuos bisecting, I got the answer that +dcf0ef3f42b0ea12e199540a4088bd582875ddfa is the first bad commit. This doesn't +make much sense. I thought that maybe the answer is wrong somehow, or the fd we +pass in has problems, but everything seems to work correctly. Both +pidfd_get_pid_ioctl and pidfd_get_pid_fdinfo work fine and return the same +answer. Nevertheless, skipping the call to pidfd_get_pid_ioctl makes the +problem go away. + +bisection recipe: +1. compile systemd, systemd-executor, pam_systemd: + $ ninja -C build systemd systemd-executor pam_systemd.so + (Not all intermediate commits compile :) ) +2. use the compiled manager for the user running the tests: + # /etc/systemd/system/user@1000.service.d/override.conf + [Service] + ExecStart= + ExecStart=/home/fedora/src/systemd/build/systemd --user +3. install the new code: + # cp ~fedora/src/systemd/build/pam_systemd.so /usr/lib64/security/ && systemctl restart user@1000 +3. log out and log in again (via ssh) +4. run the test: + $ grep -Ec '[a-f0-9]{64}: empty' /proc/keys && podman run -it fedora date && grep -Ec '[a-f0-9]{64}: empty' /proc/keys + 17 + Tue Aug 26 12:47:44 UTC 2025 + 18 + +It seems that both the pam module and the user manager somehow matter. + +This smells like a kernel bug or some strange race condition. +--- + src/basic/pidfd-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/pidfd-util.c b/src/basic/pidfd-util.c +index 9910819aa79d9..b317be267f445 100644 +--- a/src/basic/pidfd-util.c ++++ b/src/basic/pidfd-util.c +@@ -74,7 +74,7 @@ int pidfd_get_namespace(int fd, unsigned long ns_type_cmd) { + } + + static int pidfd_get_info(int fd, struct pidfd_info *info) { +- static bool cached_supported = true; ++ static bool cached_supported = false; + + assert(fd >= 0); + assert(info); diff --git a/systemd.spec b/systemd.spec index 4e18207..a739a69 100644 --- a/systemd.spec +++ b/systemd.spec @@ -141,6 +141,8 @@ Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch + +Patch: https://github.com/systemd/systemd/pull/38724.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From 2289d65726d86bf523b1d565e274b15d8c978a3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 3 Sep 2025 08:02:02 +0200 Subject: [PATCH 107/148] Fix unit name in scriptlet [80/89] Installing systemd-udev-0:258~rc3-1.fc44.x86_64 >>> Running %post scriptlet: systemd-udev-0:258~rc3-1.fc44.x86_64 >>> Finished %post scriptlet: systemd-udev-0:258~rc3-1.fc44.x86_64 >>> Scriptlet output: >>> Failed to preset unit: Unit system-systemdx2dcryptsetup.slice does not exist --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index a739a69..8ec0b31 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1240,8 +1240,8 @@ systemctl --no-reload preset systemd-journald-audit.socket &>/dev/null || : sleep.target suspend-then-hibernate.target suspend.target - system-systemd\x2dcryptsetup.slice - system-systemd\x2dveritysetup.slice + system-systemd\\x2dcryptsetup.slice + system-systemd\\x2dveritysetup.slice systemd-backlight@.service systemd-binfmt.service systemd-bless-boot.service From 327e54e42196c4ed3d0655b40aabed492c75e2bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 4 Sep 2025 13:56:28 +0200 Subject: [PATCH 108/148] Add to patch to create userdb root directory with correct label The upstream PR was closed with the intent to force the SELinux policy to be updated instead. While we're waiting for that to happen, include the patch here. --- 38769.patch | 42 ++++++++++++++++++++++++++++++++++++++++++ systemd.spec | 4 ++++ 2 files changed, 46 insertions(+) create mode 100644 38769.patch diff --git a/38769.patch b/38769.patch new file mode 100644 index 0000000..35b50e4 --- /dev/null +++ b/38769.patch @@ -0,0 +1,42 @@ +From e4e1e425394dcef01317c42b34c133768c26b765 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Sat, 30 Aug 2025 13:55:56 +0200 +Subject: [PATCH] core: create userdb root directory with correct label + +Set up the /run/systemd/userdb directory with the default SELinux context +on creation. + +With version 257.7-1 on Debian the directory was automatically created with the +correct label. Starting with version 258 (only tested with 258~rc3-1) it no +longer is. Regression introduced in 736349958efe34089131ca88950e2e5bb391d36a. + +[zjs: edited the patch to apply comments from review and update the description.] +--- + src/core/varlink.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/core/varlink.c b/src/core/varlink.c +index 8c6b95e31d1d5..110b281842373 100644 +--- a/src/core/varlink.c ++++ b/src/core/varlink.c +@@ -6,6 +6,7 @@ + #include "errno-util.h" + #include "json-util.h" + #include "manager.h" ++#include "mkdir-label.h" + #include "path-util.h" + #include "pidref.h" + #include "string-util.h" +@@ -424,7 +425,11 @@ static int manager_varlink_init_system(Manager *m) { + if (!fresh && varlink_server_contains_socket(m->varlink_server, address)) + continue; + +- r = sd_varlink_server_listen_address(m->varlink_server, address, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); ++ r = mkdir_parents_label(address, 0755); ++ if (r < 0) ++ log_warning_errno(r, "Failed to create parent directory of '%s', ignoring: %m", address); ++ ++ r = sd_varlink_server_listen_address(m->varlink_server, address, 0666); + if (r < 0) + return log_error_errno(r, "Failed to bind to varlink socket '%s': %m", address); + } diff --git a/systemd.spec b/systemd.spec index 8ec0b31..cf580d0 100644 --- a/systemd.spec +++ b/systemd.spec @@ -143,6 +143,10 @@ Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch Patch: https://github.com/systemd/systemd/pull/30846.patch Patch: https://github.com/systemd/systemd/pull/38724.patch + +# userdb: create userdb root directory with correct label +# We can drop this after SELinux policy is updated to handle the transition. +Patch: https://github.com/systemd/systemd/pull/38769.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From b442086d5fc7c7a478be064ab380a50fed9b9c86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 5 Sep 2025 15:14:21 +0200 Subject: [PATCH 109/148] Version 258~rc4 --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index cc03c85..b6fda1a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-258-rc3.tar.gz) = 166ea5c16dbacdaff6ab205417a2d43a2df7aad4a69c933453beea3cc9a2ac584b147d4bb4bda00e56d8b7bc3db723a29a1818a53c475b494947a60f8608fbbc +SHA512 (systemd-258-rc4.tar.gz) = 2fa7e0b9e7deb449ecd4fd6e8a22b5cf896ac5662f3ac3ca04db34254d6fb6409582f996ad7fa065939241377268f9742e3ff3b75e9f55f98e3a6c48058d323a diff --git a/systemd.spec b/systemd.spec index cf580d0..edc747f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:258~rc3} +Version: %{?version_override}%{!?version_override:258~rc4} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From cceac934914337911c799174ac9dd96c881d5f66 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 12 Sep 2025 10:36:06 +0200 Subject: [PATCH 110/148] Pre-create /etc/userdb directory An admin can create users in this directory instead of /etc/passwd. As the .user file can contain hashed password, only root should be able to read the files. --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index edc747f..0ecedf4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1005,6 +1005,7 @@ touch %{buildroot}%{_sysconfdir}/machine-info touch %{buildroot}%{_sysconfdir}/localtime mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d touch %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/00-keyboard.conf +install -d -m 0700 %{buildroot}%{_sysconfdir}/userdb # Make sure the shutdown/sleep drop-in dirs exist mkdir -p %{buildroot}%{pkgdir}/system-shutdown/ From 8a446daec74122d234c39b7571dc50d3935ef6f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 17 Sep 2025 15:29:03 +0200 Subject: [PATCH 111/148] =?UTF-8?q?Version=20258=20=F0=9F=92=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - See https://raw.githubusercontent.com/systemd/systemd/v258/NEWS for the final list of changes. --- sources | 2 +- systemd.spec | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/sources b/sources index b6fda1a..68b70a3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-258-rc4.tar.gz) = 2fa7e0b9e7deb449ecd4fd6e8a22b5cf896ac5662f3ac3ca04db34254d6fb6409582f996ad7fa065939241377268f9742e3ff3b75e9f55f98e3a6c48058d323a +SHA512 (systemd-258.tar.gz) = c488354da1c170ad02e10926f561d1985c3c3393fec878562f295ef764fdf3a1b2877c3b2549253f19bf23e357be6e443a50b937f60f4677f286d3402d611b85 diff --git a/systemd.spec b/systemd.spec index 0ecedf4..04fcf73 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:258~rc4} +Version: %{?version_override}%{!?version_override:258} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif @@ -142,6 +142,7 @@ Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch +# Workaround for a kernel issue. Fixed in kernel-core-6.17.0-0.rc3.31.fc44.x86_64. Patch: https://github.com/systemd/systemd/pull/38724.patch # userdb: create userdb root directory with correct label From 88877a418450c16c1c85c680687da05f403af7bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 27 Sep 2025 14:37:48 +0300 Subject: [PATCH 112/148] Require systemd-networkd and systemd-udev to be in the same version ... (rhbz#2397579) In https://bugzilla.redhat.com/show_bug.cgi?id=2397579 users are doing a partial upgrade (seemingly) and that fails because of a file conflict. Add Conflicts to prevent such partial upgrades. --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 04fcf73..c1a8f7e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -469,6 +469,7 @@ Conflicts: systemd-timesyncd < %{version}-%{release} Obsoletes: systemd-timesyncd < %{version}-%{release} Provides: systemd-timesyncd = %{version}-%{release} %endif +Conflicts: systemd-networkd < %{version}-%{release} # Libkmod is used to load modules. Assume that if we need udevd, we certainly # want to load modules, so make this into a hard dependency here. @@ -643,6 +644,7 @@ systemd-journal-upload. Summary: System daemon that manages network configurations Requires: %{name}%{_isa} = %{version}-%{release} %{?fedora:Recommends: %{name}-udev = %{version}-%{release}} +Conflicts: systemd-udev < %{version}-%{release} License: LGPL-2.1-or-later %description networkd From a3e9e2798227f4811f4953204ae5e631ea1d9442 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 27 Sep 2025 14:40:28 +0300 Subject: [PATCH 113/148] Change '%{systemd}' to systemd in Conflicts/Provides/Requires/Recommends MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We were using both styles… Having a macro creates some mental overhead for little gain. Switch to the fixed string everywhere. [skip changelog] --- systemd.spec | 78 ++++++++++++++++++++++++++-------------------------- 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/systemd.spec b/systemd.spec index c1a8f7e..56933ed 100644 --- a/systemd.spec +++ b/systemd.spec @@ -274,16 +274,16 @@ Requires(post): grep # systemd-machine-id-setup requires libssl Requires(post): openssl-libs Requires: dbus >= 1.9.18 -Requires: %{name}-pam%{_isa} = %{version}-%{release} -Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) -Requires: %{name}-libs%{_isa} = %{version}-%{release} -%{?fedora:Recommends: %{name}-networkd = %{version}-%{release}} -%{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} -Requires: %{name}-shared%{_isa} = %{version}-%{release} +Requires: systemd-pam%{_isa} = %{version}-%{release} +Requires(meta): (systemd-rpm-macros = %{version}-%{release} if rpm-build) +Requires: systemd-libs%{_isa} = %{version}-%{release} +%{?fedora:Recommends: systemd-networkd = %{version}-%{release}} +%{?fedora:Recommends: systemd-resolved = %{version}-%{release}} +Requires: systemd-shared%{_isa} = %{version}-%{release} Requires: /usr/bin/systemd-sysusers # The standalone version doesn't Provide the _isa suffix, # so this biases towards the common version. -Recommends: %{name}-sysusers%{_isa} = %{version}-%{release} +Recommends: systemd-sysusers%{_isa} = %{version}-%{release} Recommends: diffutils Requires: (util-linux-core or util-linux) Requires: (libbpf >= 2:1.4.7 if libbpf) @@ -316,10 +316,10 @@ Conflicts: dracut < 060-2 Conflicts: dracut < 059-16 %endif -Conflicts: %{name}-standalone-tmpfiles -Provides: %{name}-tmpfiles = %{version}-%{release} -Conflicts: %{name}-standalone-shutdown -Provides: %{name}-shutdown = %{version}-%{release} +Conflicts: systemd-standalone-tmpfiles +Provides: systemd-tmpfiles = %{version}-%{release} +Conflicts: systemd-standalone-shutdown +Provides: systemd-shutdown = %{version}-%{release} %if "%{_sbindir}" == "%{_bindir}" # Compat symlinks for Requires in other packages. @@ -398,14 +398,14 @@ License: LGPL-2.1-or-later AND MIT # in 257.3-6 /usr/lib64/systemd/libsystemd-shared-257.2-14.fc42.so # was moved from package systemd to systemd-shared. # Add a conflit to allow downgrades across this change. -Conflicts: %{name} < 257.3-6 +Conflicts: systemd < 257.3-6 %description shared Internal libraries used by various systemd binaries. %package pam Summary: systemd PAM module -Requires: %{name} = %{version}-%{release} +Requires: systemd = %{version}-%{release} %description pam Systemd PAM module registers the session with systemd-logind. @@ -423,11 +423,11 @@ for information how to use those macros. %package sysusers Summary: systemd-sysusers program -Requires: %{name}-shared%{_isa} = %{version}-%{release} -Conflicts: %{name}-standalone-sysusers +Requires: systemd-shared%{_isa} = %{version}-%{release} +Conflicts: systemd-standalone-sysusers # in 257.3-6 /usr/bin/systemd-sysusers was moved from package systemd # to systemd-sysusers. Add a conflit to allow downgrades across this change. -Conflicts: %{name} < 257.3-6 +Conflicts: systemd < 257.3-6 %description sysusers This package contains the systemd-sysusers program. @@ -435,8 +435,8 @@ This package contains the systemd-sysusers program. %package devel Summary: Development headers for systemd License: LGPL-2.1-or-later AND MIT -Requires: %{name}-libs%{_isa} = %{version}-%{release} -Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) +Requires: systemd-libs%{_isa} = %{version}-%{release} +Requires(meta): (systemd-rpm-macros = %{version}-%{release} if rpm-build) Provides: libudev-devel = %{version} Provides: libudev-devel%{_isa} = %{version} @@ -503,8 +503,8 @@ Requires: kbd Provides: u2f-hidraw-policy = 1.0.2-40 Obsoletes: u2f-hidraw-policy < 1.0.2-40 -Conflicts: %{name}-standalone-repart -Provides: %{name}-repart = %{version}-%{release} +Conflicts: systemd-standalone-repart +Provides: systemd-repart = %{version}-%{release} # Newer versions of those are required to support X11 keycode remapping Conflicts: xorg-x11-drv-evdev < 2.11.0 @@ -529,7 +529,7 @@ machine, and to create or grow partitions and make file systems automatically. %package ukify Summary: Tool to build Unified Kernel Images -Requires: %{name} = %{noarch_requires_version} +Requires: systemd = %{noarch_requires_version} Requires: (systemd-boot if %{shrink:( filesystem(x86-32) or @@ -602,7 +602,7 @@ This package contains the signed version. %package container # Name is the same as in Debian Summary: Tools for containers and VMs -Requires: %{name}%{_isa} = %{version}-%{release} +Requires: systemd%{_isa} = %{version}-%{release} Requires(post): systemd%{_isa} = %{version}-%{release} Requires(preun): systemd%{_isa} = %{version}-%{release} Requires(postun): systemd%{_isa} = %{version}-%{release} @@ -625,11 +625,11 @@ systemd-machined, and systemd-importd. %package journal-remote # Name is the same as in Debian Summary: Tools to send journal events over the network -Requires: %{name}%{_isa} = %{version}-%{release} +Requires: systemd%{_isa} = %{version}-%{release} License: LGPL-2.1-or-later Requires: firewalld-filesystem -Provides: %{name}-journal-gateway = %{version}-%{release} -Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} +Provides: systemd-journal-gateway = %{version}-%{release} +Provides: systemd-journal-gateway%{_isa} = %{version}-%{release} # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) Suggests: libcurl-minimal @@ -642,8 +642,8 @@ systemd-journal-upload. %package networkd Summary: System daemon that manages network configurations -Requires: %{name}%{_isa} = %{version}-%{release} -%{?fedora:Recommends: %{name}-udev = %{version}-%{release}} +Requires: systemd%{_isa} = %{version}-%{release} +%{?fedora:Recommends: systemd-udev = %{version}-%{release}} Conflicts: systemd-udev < %{version}-%{release} License: LGPL-2.1-or-later @@ -654,7 +654,7 @@ devices. %package networkd-defaults Summary: Configure network interfaces with networkd by default -Requires: %{name}-networkd = %{noarch_requires_version} +Requires: systemd-networkd = %{noarch_requires_version} License: MIT-0 BuildArch: noarch @@ -665,7 +665,7 @@ enabled for this to have any effect. %package resolved Summary: Network Name Resolution manager -Requires: %{name}%{_isa} = %{version}-%{release} +Requires: systemd%{_isa} = %{version}-%{release} Requires: libidn2.so.0%{?elf_suffix} Requires: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} Requires(posttrans): grep @@ -677,7 +677,7 @@ resolver, as well as an LLMNR and MulticastDNS resolver and responder. %package oomd-defaults Summary: Configuration files for systemd-oomd -Requires: %{name}-udev = %{noarch_requires_version} +Requires: systemd-udev = %{noarch_requires_version} License: LGPL-2.1-or-later BuildArch: noarch @@ -687,10 +687,10 @@ a userspace out-of-memory (OOM) killer. %package tests Summary: Internal unit tests for systemd -Requires: %{name}%{_isa} = %{version}-%{release} +Requires: systemd%{_isa} = %{version}-%{release} # This dependency is provided transitively. Also add it explicitly to # appease rpminspect, https://github.com/rpminspect/rpminspect/issues/1231: -Requires: %{name}-libs%{_isa} = %{version}-%{release} +Requires: systemd-libs%{_isa} = %{version}-%{release} Requires: python3dist(psutil) License: LGPL-2.1-or-later @@ -701,8 +701,8 @@ Different binaries test different parts of the codebase. %package standalone-repart Summary: Standalone systemd-repart binary for use on systems without systemd -Provides: %{name}-repart = %{version}-%{release} -Conflicts: %{name}-udev +Provides: systemd-repart = %{version}-%{release} +Conflicts: systemd-udev Suggests: coreutils-single RemovePathPostfixes: .standalone @@ -713,8 +713,8 @@ main systemd package and is meant for use on systems without systemd. %package standalone-tmpfiles Summary: Standalone systemd-tmpfiles binary for use on systems without systemd -Provides: %{name}-tmpfiles = %{version}-%{release} -Conflicts: %{name} +Provides: systemd-tmpfiles = %{version}-%{release} +Conflicts: systemd Suggests: coreutils-single RemovePathPostfixes: .standalone @@ -725,7 +725,7 @@ main systemd package and is meant for use on systems without systemd. %package standalone-sysusers Summary: Standalone systemd-sysusers binary for use on systems without systemd -Provides: %{name}-sysusers = %{version}-%{release} +Provides: systemd-sysusers = %{version}-%{release} Suggests: coreutils-single RemovePathPostfixes: .standalone @@ -736,8 +736,8 @@ main systemd package and is meant for use on systems without systemd. %package standalone-shutdown Summary: Standalone systemd-shutdown binary for use in exitrds -Provides: %{name}-shutdown = %{version}-%{release} -Conflicts: %{name} +Provides: systemd-shutdown = %{version}-%{release} +Conflicts: systemd Suggests: coreutils-single RemovePathPostfixes: .standalone From 593a204189b195d530f5cc643465c7711dac7acf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 13 Oct 2025 17:09:52 +0200 Subject: [PATCH 114/148] Version 258.1 - This is the first (large) batch of fixes after v258: - fixes for boot loader and early boot code - fixes for systemd itself, systemd-udevd, systemd-logind, systemd-machined, and library code - unprivileged operation in systemd-machined is disabled for now - lots of documentation and shell-completion fixes - includes an hwdb update --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 68b70a3..6b4fe22 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-258.tar.gz) = c488354da1c170ad02e10926f561d1985c3c3393fec878562f295ef764fdf3a1b2877c3b2549253f19bf23e357be6e443a50b937f60f4677f286d3402d611b85 +SHA512 (systemd-258.1.tar.gz) = 0fd62724d4b9cc0789445f3072a7052f52533e2a928cb4a6c3d7375169d087f9cc3941f37c9f208c870042f4e32d90a17cfbb96930a31ac875b41aa7efac8f53 diff --git a/systemd.spec b/systemd.spec index 56933ed..1387788 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:258} +Version: %{?version_override}%{!?version_override:258.1} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From db38445a7ec7e885b070727cc489586e2e67ef21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 13 Oct 2025 17:15:42 +0200 Subject: [PATCH 115/148] Drop two patches with workaround (selinux, kernel) --- ...-PrivateTmp-disconnected-instead-of-.patch | 69 ------------------- 38724.patch | 64 ----------------- systemd.spec | 10 +-- 3 files changed, 1 insertion(+), 142 deletions(-) delete mode 100644 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch delete mode 100644 38724.patch diff --git a/0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch b/0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch deleted file mode 100644 index eca67f0..0000000 --- a/0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 0792bb7a9d25a1ab8a5f208f2f5cea8a362dc1c6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 10 Jan 2025 17:00:08 +0100 -Subject: [PATCH] Revert "units: use PrivateTmp=disconnected instead of 'yes' - if DefaultDependencies=no" - -This reverts commit 1f6e1928488d461d19fd1e4b4d645b0ea5ea8bf5. ---- - units/systemd-coredump@.service.in | 2 +- - units/systemd-oomd.service.in | 2 +- - units/systemd-resolved.service.in | 2 +- - units/systemd-timesyncd.service.in | 2 +- - 4 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in -index c74dc7a5a1..fa3206d07b 100644 ---- a/units/systemd-coredump@.service.in -+++ b/units/systemd-coredump@.service.in -@@ -26,7 +26,7 @@ NoNewPrivileges=yes - OOMScoreAdjust=500 - PrivateDevices=yes - PrivateNetwork=yes --PrivateTmp=disconnected -+PrivateTmp=yes - ProtectControlGroups=yes - ProtectHome=read-only - ProtectHostname=yes -diff --git a/units/systemd-oomd.service.in b/units/systemd-oomd.service.in -index 670d5e6140..82bd6245f8 100644 ---- a/units/systemd-oomd.service.in -+++ b/units/systemd-oomd.service.in -@@ -37,7 +37,7 @@ MemoryLow=64M - NoNewPrivileges=yes - OOMScoreAdjust=-900 - PrivateDevices=yes --PrivateTmp=disconnected -+PrivateTmp=yes - ProtectClock=yes - ProtectHome=yes - ProtectHostname=yes -diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in -index e181b2528a..4aa0788ac4 100644 ---- a/units/systemd-resolved.service.in -+++ b/units/systemd-resolved.service.in -@@ -29,7 +29,7 @@ LockPersonality=yes - MemoryDenyWriteExecute=yes - NoNewPrivileges=yes - PrivateDevices=yes --PrivateTmp=disconnected -+PrivateTmp=yes - ProtectClock=yes - ProtectControlGroups=yes - ProtectHome=yes -diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in -index 835d6327e7..cf233fbffd 100644 ---- a/units/systemd-timesyncd.service.in -+++ b/units/systemd-timesyncd.service.in -@@ -31,7 +31,7 @@ LockPersonality=yes - MemoryDenyWriteExecute=yes - NoNewPrivileges=yes - PrivateDevices=yes --PrivateTmp=disconnected -+PrivateTmp=yes - ProtectProc=invisible - ProtectControlGroups=yes - ProtectHome=yes --- -2.47.1 - diff --git a/38724.patch b/38724.patch deleted file mode 100644 index c639cd0..0000000 --- a/38724.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 5bc3a82e81355a0aa1fd25bb6232145f868fac12 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 26 Aug 2025 15:00:02 +0200 -Subject: [PATCH] debug: disable ioctl(PIDFD_GET_INFO) - -In https://bodhi.fedoraproject.org/updates/FEDORA-2025-a0ce059969 it was -reported that the tests fail: - -> Rootless podman tests all show something like this eventually -> -> OCI runtime error: crun: join keyctl `7509a871d2ab7df6549f5cb5bd2d4daf990cc45c0022f116bd0882966ae53f30`: Disk quota exceeded -> -> Each container creates its own keyring but I assume they get leaked so at one -> point we run our of available keyrings and all following tests fail like -> that. Given I only see this on this update and from looking at the podman -> tests logs it only starts happening after we run a bunch of our own systemd -> services I wonder if systemd maybe leaks keyrings and thus it fails? - -After some very tediuos bisecting, I got the answer that -dcf0ef3f42b0ea12e199540a4088bd582875ddfa is the first bad commit. This doesn't -make much sense. I thought that maybe the answer is wrong somehow, or the fd we -pass in has problems, but everything seems to work correctly. Both -pidfd_get_pid_ioctl and pidfd_get_pid_fdinfo work fine and return the same -answer. Nevertheless, skipping the call to pidfd_get_pid_ioctl makes the -problem go away. - -bisection recipe: -1. compile systemd, systemd-executor, pam_systemd: - $ ninja -C build systemd systemd-executor pam_systemd.so - (Not all intermediate commits compile :) ) -2. use the compiled manager for the user running the tests: - # /etc/systemd/system/user@1000.service.d/override.conf - [Service] - ExecStart= - ExecStart=/home/fedora/src/systemd/build/systemd --user -3. install the new code: - # cp ~fedora/src/systemd/build/pam_systemd.so /usr/lib64/security/ && systemctl restart user@1000 -3. log out and log in again (via ssh) -4. run the test: - $ grep -Ec '[a-f0-9]{64}: empty' /proc/keys && podman run -it fedora date && grep -Ec '[a-f0-9]{64}: empty' /proc/keys - 17 - Tue Aug 26 12:47:44 UTC 2025 - 18 - -It seems that both the pam module and the user manager somehow matter. - -This smells like a kernel bug or some strange race condition. ---- - src/basic/pidfd-util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/pidfd-util.c b/src/basic/pidfd-util.c -index 9910819aa79d9..b317be267f445 100644 ---- a/src/basic/pidfd-util.c -+++ b/src/basic/pidfd-util.c -@@ -74,7 +74,7 @@ int pidfd_get_namespace(int fd, unsigned long ns_type_cmd) { - } - - static int pidfd_get_info(int fd, struct pidfd_info *info) { -- static bool cached_supported = true; -+ static bool cached_supported = false; - - assert(fd >= 0); - assert(info); diff --git a/systemd.spec b/systemd.spec index 1387788..5bbc38d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -133,18 +133,10 @@ Patch: https://github.com/systemd/systemd/pull/26494.patch %if %{without upstream} # Those are downstream-only patches, but we don't want them in packit builds. -# Temporarily drop use of PrivateTmp=disconnected. This is causing failures -# in various places: -# https://bugzilla.redhat.com/show_bug.cgi?id=2334015 -# https://github.com/coreos/fedora-coreos-tracker/issues/1857 -Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch - +# Create user journals for users with high UIDs # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch -# Workaround for a kernel issue. Fixed in kernel-core-6.17.0-0.rc3.31.fc44.x86_64. -Patch: https://github.com/systemd/systemd/pull/38724.patch - # userdb: create userdb root directory with correct label # We can drop this after SELinux policy is updated to handle the transition. Patch: https://github.com/systemd/systemd/pull/38769.patch From 79c9db1bc8f2f0c95cc8af38c5b495c815778b2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 15 Oct 2025 13:54:29 +0200 Subject: [PATCH 116/148] Require systemd-libs and systemd-shared to be in the same version ... (rhbz#2404143) --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 5bbc38d..166d95b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -380,6 +380,7 @@ Summary: systemd libraries License: LGPL-2.1-or-later AND MIT Provides: nss-myhostname = 0.4 Provides: nss-myhostname%{_isa} = 0.4 +Conflicts: systemd-shared < %{version}-%{release} %description libs Libraries for systemd and udev. @@ -391,6 +392,7 @@ License: LGPL-2.1-or-later AND MIT # was moved from package systemd to systemd-shared. # Add a conflit to allow downgrades across this change. Conflicts: systemd < 257.3-6 +Conflicts: systemd-libs < %{version}-%{release} %description shared Internal libraries used by various systemd binaries. From 2e1a6c7474502ca63c677cd7070b6e13e6329057 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Zaoral?= Date: Mon, 20 Oct 2025 16:00:31 +0200 Subject: [PATCH 117/148] Require python3-zstandard in ELN Related: https://issues.redhat.com/browse/RHEL-103523 --- systemd.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 166d95b..be35a41 100644 --- a/systemd.spec +++ b/systemd.spec @@ -532,9 +532,7 @@ Requires: (systemd-boot if %{shrink:( filesystem(riscv64) )}) Requires: python3dist(pefile) -%if 0%{?fedora} Requires: python3dist(zstandard) -%endif Requires: python3dist(cryptography) %if 0%{?fedora} Recommends: python3dist(pillow) From f8932309d95f37b0f81c54a8d38010ced60ae99b Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 21 Oct 2025 13:06:49 +0200 Subject: [PATCH 118/148] Drop backwards compat logic from integration tests script --- plans/run-integration-tests.sh | 60 ++++++++-------------------------- 1 file changed, 14 insertions(+), 46 deletions(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 9a90fa7..46ea433 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -17,9 +17,9 @@ sysctl fs.inotify.max_user_watches=65536 || true sysctl fs.inotify.max_user_instances=1024 || true if [[ -n "${KOJI_TASK_ID:-}" ]]; then - koji download-task --noprogress --arch="src,noarch,$(rpm --eval '%{_arch}')" "$KOJI_TASK_ID" + koji download-task --noprogress --arch="noarch,$(rpm --eval '%{_arch}')" "$KOJI_TASK_ID" elif [[ -n "${CBS_TASK_ID:-}" ]]; then - cbs download-task --noprogress --arch="src,noarch,$(rpm --eval '%{_arch}')" "$CBS_TASK_ID" + cbs download-task --noprogress --arch="noarch,$(rpm --eval '%{_arch}')" "$CBS_TASK_ID" elif [[ -n "${PACKIT_SRPM_URL:-}" ]]; then COPR_BUILD_ID="$(basename "$(dirname "$PACKIT_SRPM_URL")")" COPR_CHROOT="$(basename "$(dirname "$(dirname "$PACKIT_BUILD_LOG_URL")")")" @@ -32,21 +32,12 @@ fi PACKAGEDIR="$PWD" -# TODO: Remove fallback once v257.6 is released. Also stop downloading source rpms then. - # This will match both the regular and the debuginfo rpm so make sure we select only the # non-debuginfo rpm. RPMS=(systemd-tests-*.rpm) rpm2cpio "${RPMS[0]}" | cpio --make-directories --extract -if [[ -d usr/lib/systemd/tests/mkosi ]]; then - pushd usr/lib/systemd/tests - mkosi_hash="$(grep "MinimumVersion=commit:" mkosi/mkosi.conf | sed "s|MinimumVersion=commit:||g")" -else - mkdir systemd - rpm2cpio systemd-*.src.rpm | cpio --to-stdout --extract './*.tar.gz' | tar xz --strip-components=1 -C systemd - pushd systemd - mkosi_hash="$(grep systemd/mkosi@ .github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" -fi +pushd usr/lib/systemd/tests +mkosi_hash="$(grep "MinimumVersion=commit:" mkosi/mkosi.conf | sed "s|MinimumVersion=commit:||g")" # Now prepare mkosi at the same version required by the systemd repo. git clone https://github.com/systemd/mkosi /var/tmp/systemd-integration-tests-mkosi @@ -57,13 +48,7 @@ export PATH="/var/tmp/systemd-integration-tests-mkosi/bin:$PATH" # shellcheck source=/dev/null . /etc/os-release || . /usr/lib/os-release -if [[ -d mkosi ]]; then - LOCAL_CONF=mkosi/mkosi.local.conf -else - LOCAL_CONF=mkosi.local.conf -fi - -tee "$LOCAL_CONF" < Date: Thu, 23 Oct 2025 20:40:58 +0200 Subject: [PATCH 119/148] Require systemd-rpm-macros for build We use our own macros. They get pulled into the buildroot in Fedora builds, but we shouldn't rely on this. In OBS builds, they are not pulled in and the build fails. --- systemd.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systemd.spec b/systemd.spec index be35a41..f1a8d6c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -161,6 +161,9 @@ BuildRequires: libselinux-devel BuildRequires: audit-libs-devel %if %{without bootstrap} BuildRequires: cryptsetup-devel +# Require (previous version) of our macros package. +# We use the %%systemd_{post,preun,…} macros for various services. +BuildRequires: systemd-rpm-macros %endif BuildRequires: dbus-devel BuildRequires: util-linux From ea1d871ecd6c2fe063523840c1e4cf9bcf200e32 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 29 Oct 2025 10:32:12 +0100 Subject: [PATCH 120/148] Add missing networkd socket units systemd-networkd-resolve-hook.socket will be introduced by https://github.com/systemd/systemd/pull/39293 but we need the spec to handle the socket for the upgrade/downgrade test to pass so adding it early behind the upstream bcond. --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index f1a8d6c..b433af5 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1374,6 +1374,8 @@ fi %global networkd_services %{shrink: systemd-networkd.service systemd-networkd.socket + systemd-networkd-varlink.socket + %[%{with upstream}?"systemd-networkd-resolve-hook.socket":""] systemd-networkd-wait-online.service systemd-network-generator.service systemd-networkd-persistent-storage.service From 1d3b89210552dcc25f89519045fb54439176ac25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 23 Oct 2025 23:36:16 +0200 Subject: [PATCH 121/148] Enable sysupdate and sysupdated The files will land in the -udev subpackage. --- split-files.py | 1 + systemd.spec | 2 ++ 2 files changed, 3 insertions(+) diff --git a/split-files.py b/split-files.py index 8405956..38bde60 100644 --- a/split-files.py +++ b/split-files.py @@ -245,6 +245,7 @@ for file in files(buildroot): sysctl| coredump| homed|home1| + sysupdate|updatctl| oomd| portabled|portable1 ''', n, re.X): # coredumpctl, homectl, portablectl are included in the main package because diff --git a/systemd.spec b/systemd.spec index b433af5..9e756a3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -832,6 +832,8 @@ CONFIGURE_OPTS=( -Dlibfido2=enabled -Dxenctrl=%[0%{?have_xen}?"enabled":"disabled"] -Defi=true + -Dsysupdate=enabled + -Dsysupdated=enabled -Dtpm=true -Dtpm2=enabled -Dhwdb=true From dffbf2beba916ad79eeb2ccff9768ab48855a2eb Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 3 Nov 2025 11:17:40 +0100 Subject: [PATCH 122/148] Make sure fallback source is listed first 2ace9416e85dd4759f7c0db4bb79d2bc9302dd77 broke packit as the fallback url wasn't listed first anymore. Make sure the fallback URL is listed first again as clearly documented just above the conditionals. --- systemd.spec | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index 9e756a3..ce57011 100644 --- a/systemd.spec +++ b/systemd.spec @@ -82,15 +82,15 @@ Summary: System and Service Manager # download tarballs with "spectool -g systemd.spec" # packit will always rewrite the first Source0 it finds, ignoring any conditionals so list -# the fallback source that's used if neither %%branch nor %%commit are defined first. -%if %{with obs} -Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version}.tar.xz -%elif %{undefined branch} && %{undefined commit} +# the fallback source that's used if neither %%branch, %%commit or %%obs are defined first. +%if %{undefined branch} && %{undefined commit} && %{without obs} Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %elif %{defined branch} Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz %elif %{defined commit} Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{commit}.tar.gz +%elif %{with obs} +Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version}.tar.xz %endif # This file must be available before %%prep. # It is generated during systemd build and can be found at build/src/rpm/triggers.systemd.sh. From 8e2833a5b64f7e2ce62ea0a2d0ec9e393e718dfa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Nov 2025 12:08:50 +0100 Subject: [PATCH 123/148] Automatically figure out the name of the top-level tar dir --- systemd.spec | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/systemd.spec b/systemd.spec index ce57011..fcb9a44 100644 --- a/systemd.spec +++ b/systemd.spec @@ -742,18 +742,15 @@ library or other libraries from systemd-libs. This package conflicts with the main systemd package and is meant for use in exitrds. %prep -%if %{defined branch} -%autosetup -n %{name}-%{branch} -p1 -%elif %{defined commit} -%autosetup -n %{name}-%{commit} -p1 -%elif %{with obs} +%if %{with obs} # Recipe files in the OBS build are in a distro-specific dir, as they conflict (e.g. with SUSE ones) mv %{_sourcedir}/%{name}.fedora/* %{_sourcedir} -%autosetup -n %{name}-%{version} -p1 -%else -%autosetup -n %{name}-%{version_no_tilde} -p1 %endif +# Automatically figure out the name of the top-level directory. +# rpm really should do this automatically. +%autosetup -n %(tar -tf %{SOURCE0} | head -n1) -p1 + # Disable user lockdown until rpm implements it natively. # https://github.com/rpm-software-management/rpm/issues/3450 sed -r -i 's/^u!/u/' sysusers.d/*.conf* From fe18084a0583d134e424d70acb341860e69e8540 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 3 Nov 2025 14:33:02 +0100 Subject: [PATCH 124/148] Remove hack to stop systemd-networkd-resolve-hook.socket This didn't end up working, so drop the hack as we have a better fix coming up in https://github.com/systemd/systemd/pull/39415. --- systemd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index fcb9a44..24abac1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1374,7 +1374,6 @@ fi systemd-networkd.service systemd-networkd.socket systemd-networkd-varlink.socket - %[%{with upstream}?"systemd-networkd-resolve-hook.socket":""] systemd-networkd-wait-online.service systemd-network-generator.service systemd-networkd-persistent-storage.service From b17d9c3474f6cd4c07e01ffdfedf6a93c157d859 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 4 Nov 2025 16:18:12 +0100 Subject: [PATCH 125/148] Use %autosetup -C This is supported since rpm 4.20 but not advertised much. --- systemd.spec | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index 24abac1..3356f27 100644 --- a/systemd.spec +++ b/systemd.spec @@ -747,9 +747,7 @@ main systemd package and is meant for use in exitrds. mv %{_sourcedir}/%{name}.fedora/* %{_sourcedir} %endif -# Automatically figure out the name of the top-level directory. -# rpm really should do this automatically. -%autosetup -n %(tar -tf %{SOURCE0} | head -n1) -p1 +%autosetup -C -p1 # Disable user lockdown until rpm implements it natively. # https://github.com/rpm-software-management/rpm/issues/3450 From 256463d69051665ea25d584a35ea817f94e18a41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 5 Nov 2025 17:55:32 +0100 Subject: [PATCH 126/148] Restore runlevelX.target units ... (rhbz#2411195) --- ...vert-units-drop-runlevel-0-6-.target.patch | 87 +++++++++++++++++++ systemd.spec | 4 + 2 files changed, 91 insertions(+) create mode 100644 0001-Revert-units-drop-runlevel-0-6-.target.patch diff --git a/0001-Revert-units-drop-runlevel-0-6-.target.patch b/0001-Revert-units-drop-runlevel-0-6-.target.patch new file mode 100644 index 0000000..4180211 --- /dev/null +++ b/0001-Revert-units-drop-runlevel-0-6-.target.patch @@ -0,0 +1,87 @@ +From 27f4f96c4e56744ecbffec0595236e1441278804 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 5 Nov 2025 17:52:16 +0100 +Subject: [PATCH] Revert "units: drop runlevel[0-6].target" + +This partially reverts commit e58ba80a40fb6e96543d56774a5bc5aa9cdadbf3. +The unit are still needed for compat. +--- + units/meson.build | 27 ++++++++++++++++++++++----- + 1 file changed, 22 insertions(+), 5 deletions(-) + +diff --git a/units/meson.build b/units/meson.build +index 4f47a3b2bd..34b3222f11 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -1,5 +1,7 @@ + # SPDX-License-Identifier: LGPL-2.1-or-later + ++with_runlevels = conf.get('HAVE_SYSV_COMPAT') == 1 ++ + units = [ + { 'file' : 'basic.target' }, + { 'file' : 'blockdev@.target' }, +@@ -49,7 +51,7 @@ units = [ + }, + { + 'file' : 'graphical.target', +- 'symlinks' : ['default.target'], ++ 'symlinks' : ['default.target'] + (with_runlevels ? ['runlevel5.target'] : []), + }, + { 'file' : 'halt.target' }, + { +@@ -142,14 +144,20 @@ units = [ + 'conditions' : ['ENABLE_MACHINED'], + }, + { 'file' : 'modprobe@.service' }, +- { 'file' : 'multi-user.target' }, ++ { ++ 'file' : 'multi-user.target', ++ 'symlinks' : with_runlevels ? ['runlevel2.target', 'runlevel3.target', 'runlevel4.target'] : [], ++ }, + { 'file' : 'network-online.target' }, + { 'file' : 'network-pre.target' }, + { 'file' : 'network.target' }, + { 'file' : 'nss-lookup.target' }, + { 'file' : 'nss-user-lookup.target' }, + { 'file' : 'paths.target' }, +- { 'file' : 'poweroff.target' }, ++ { ++ 'file' : 'poweroff.target', ++ 'symlinks' : with_runlevels ? ['runlevel0.target'] : [], ++ }, + { 'file' : 'printer.target' }, + { + 'file' : 'proc-sys-fs-binfmt_misc.automount', +@@ -174,7 +182,7 @@ units = [ + }, + { + 'file' : 'reboot.target', +- 'symlinks' : ['ctrl-alt-del.target'], ++ 'symlinks' : ['ctrl-alt-del.target'] + (with_runlevels ? ['runlevel6.target'] : []), + }, + { + 'file' : 'remote-cryptsetup.target', +@@ -194,7 +202,10 @@ units = [ + 'symlinks' : ['initrd-root-device.target.wants/'], + }, + { 'file' : 'rescue.service.in' }, +- { 'file' : 'rescue.target' }, ++ { ++ 'file' : 'rescue.target', ++ 'symlinks' : with_runlevels ? ['runlevel1.target'] : [], ++ }, + { 'file' : 'rpcbind.target' }, + { 'file' : 'serial-getty@.service.in' }, + { 'file' : 'shutdown.target' }, +@@ -972,4 +983,10 @@ else + dbussessionservicedir / 'org.freedesktop.systemd1.service')) + endif + ++if conf.get('HAVE_SYSV_COMPAT') == 1 ++ foreach i : [1, 2, 3, 4, 5] ++ install_emptydir(systemunitdir / 'runlevel@0@.target.wants'.format(i)) ++ endforeach ++endif ++ + subdir('user') diff --git a/systemd.spec b/systemd.spec index 3356f27..c8fcbfb 100644 --- a/systemd.spec +++ b/systemd.spec @@ -137,6 +137,10 @@ Patch: https://github.com/systemd/systemd/pull/26494.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch +# Again create runlevelX.target. Dropping those files breaks upgrades. +# https://bugzilla.redhat.com/show_bug.cgi?id=2411195 +Patch: 0001-Revert-units-drop-runlevel-0-6-.target.patch + # userdb: create userdb root directory with correct label # We can drop this after SELinux policy is updated to handle the transition. Patch: https://github.com/systemd/systemd/pull/38769.patch From 1a7506a1051c8361714463825b83febcb04b5639 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 7 Nov 2025 14:02:48 +0100 Subject: [PATCH 127/148] Version 258.2 - A bunch of fixes in many components. - Stop creating user namespace for system services (rhbz#2391343) - Systemd trigger scriptlets are updated --- sources | 2 +- systemd.spec | 2 +- triggers.systemd | 30 ++++++++++++++---------------- 3 files changed, 16 insertions(+), 18 deletions(-) diff --git a/sources b/sources index 6b4fe22..a9f4297 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-258.1.tar.gz) = 0fd62724d4b9cc0789445f3072a7052f52533e2a928cb4a6c3d7375169d087f9cc3941f37c9f208c870042f4e32d90a17cfbb96930a31ac875b41aa7efac8f53 +SHA512 (systemd-258.2.tar.gz) = 1dc016a5a037aec2682e08d2add0dcf8d03db15b45ce8c6b677898f734aefd4694ce18e588d579e42514071fc4c167b2bf53808478b2bd3856b257c9fbcde45d diff --git a/systemd.spec b/systemd.spec index c8fcbfb..f5fbd50 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:258.1} +Version: %{?version_override}%{!?version_override:258.2} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif diff --git a/triggers.systemd b/triggers.systemd index f8bb078..28ddc1f 100644 --- a/triggers.systemd +++ b/triggers.systemd @@ -9,17 +9,17 @@ # # Minimum rpm version supported: 4.14.0 -%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system +%transfiletriggerin -P 900900 -- /usr/lib/systemd/system/ /etc/systemd/system/ # This script will run after any package is initially installed or # upgraded. We care about the case where a package is initially # installed, because other cases are covered by the *un scriptlets, # so sometimes we will reload needlessly. /usr/lib/systemd/systemd-update-helper system-reload-restart || : -%transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user +%transfiletriggerin -P 900899 -- /usr/lib/systemd/user/ /etc/systemd/user/ /usr/lib/systemd/systemd-update-helper user-reload-restart || : -%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system +%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system/ /etc/systemd/system/ # On removal, we need to run daemon-reload after any units have been # removed. # On upgrade, we need to run daemon-reload after any new unit files @@ -27,35 +27,35 @@ # executed. /usr/lib/systemd/systemd-update-helper system-reload || : -%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user +%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user/ /etc/systemd/user/ # Execute daemon-reload in user managers. /usr/lib/systemd/systemd-update-helper user-reload || : -%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system +%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system/ /etc/systemd/system/ # We restart remaining system services that should be restarted here. /usr/lib/systemd/systemd-update-helper system-restart || : -%transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user /etc/systemd/user +%transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user/ /etc/systemd/user/ # We restart remaining user services that should be restarted here. /usr/lib/systemd/systemd-update-helper user-restart || : -%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d +%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d/ # This script will process files installed in /usr/lib/sysusers.d to create # specified users automatically. The priority is set such that it # will run before the tmpfiles file trigger. systemd-sysusers || : -%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d +%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d/ # This script will automatically invoke hwdb update if files have been # installed or updated in /usr/lib/udev/hwdb.d. systemd-hwdb update || : -%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog +%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog/ # This script will automatically invoke journal catalog update if files # have been installed or updated in /usr/lib/systemd/catalog. journalctl --update-catalog || : -%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d +%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d/ # This script will automatically apply binfmt rules if files have been # installed or updated in /usr/lib/binfmt.d. if test -d "/run/systemd/system"; then @@ -64,7 +64,7 @@ if test -d "/run/systemd/system"; then /usr/lib/systemd/systemd-binfmt || : fi -%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d +%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d/ # This script will process files installed in /usr/lib/tmpfiles.d to create # tmpfiles automatically. The priority is set such that it will run # after the sysusers file trigger, but before any other triggers. @@ -72,14 +72,12 @@ if test -d "/run/systemd/system"; then systemd-tmpfiles --create || : fi -%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d +%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d/ # This script will automatically update udev with new rules if files # have been installed or updated in /usr/lib/udev/rules.d. -if test -e /run/udev/control; then - udevadm control --reload || : -fi +/usr/lib/systemd/systemd-update-helper mark-reload-system-units systemd-udevd.service || : -%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d +%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d/ # This script will automatically apply sysctl rules if files have been # installed or updated in /usr/lib/sysctl.d. if test -d "/run/systemd/system"; then From e455d82fd898e87fbd4cc848437a6582fdcab7f6 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 25 Sep 2025 10:34:15 +0200 Subject: [PATCH 128/148] Add various extra explicit Requires Upstream is moving towards making a lot more libraries dlopen() style dependencies. Let's make sure to add these as Requires to corresponding packages so they still get pulled in. --- systemd.spec | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/systemd.spec b/systemd.spec index f5fbd50..03acb85 100644 --- a/systemd.spec +++ b/systemd.spec @@ -333,6 +333,12 @@ Provides: /usr/sbin/shutdown Provides: /usr/sbin/telinit %endif +# libmount is always required, even in containers, so make it a hard dependency. +Requires: libmount.so.1%{?elf_suffix} +Requires: libmount.so.1(MOUNT_2.26)%{?elf_bits} +# Various systemd services have syscall filters so make libseccomp a hard dependency. +Requires: libseccomp.so.2%{?elf_suffix} + # Recommends to replace normal Requires deps for stuff that is dlopen()ed Recommends: libxkbcommon.so.0%{?elf_suffix} Recommends: libidn2.so.0%{?elf_suffix} @@ -476,6 +482,9 @@ Conflicts: systemd-networkd < %{version}-%{release} # want to load modules, so make this into a hard dependency here. Requires: libkmod.so.2%{?elf_suffix} Requires: libkmod.so.2(LIBKMOD_5)%{?elf_bits} +# udev uses libblkid in various builtins so make it a hard dependency. +Requires: libblkid.so.1%{?elf_suffix} +Requires: libblkid.so.1(BLKID_2.30)%{?elf_bits} # Recommends to replace normal Requires deps for stuff that is dlopen()ed # used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home From a0acca210d8f62039d6a419431f9b198fddc4302 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 17 Nov 2025 20:39:22 +0100 Subject: [PATCH 129/148] Version 259~rc1 - See https://raw.githubusercontent.com/systemd/systemd/v259-rc1/NEWS. Too many changes to list or discuss here. --- ...vert-units-drop-runlevel-0-6-.target.patch | 19 ++++++++++--------- 38769.patch | 10 +++++----- sources | 2 +- systemd.spec | 2 +- 4 files changed, 17 insertions(+), 16 deletions(-) diff --git a/0001-Revert-units-drop-runlevel-0-6-.target.patch b/0001-Revert-units-drop-runlevel-0-6-.target.patch index 4180211..5a4dacd 100644 --- a/0001-Revert-units-drop-runlevel-0-6-.target.patch +++ b/0001-Revert-units-drop-runlevel-0-6-.target.patch @@ -1,4 +1,4 @@ -From 27f4f96c4e56744ecbffec0595236e1441278804 Mon Sep 17 00:00:00 2001 +From 5b18cc5d62e6225c373aa36f6ff9a8f3539387e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 5 Nov 2025 17:52:16 +0100 Subject: [PATCH] Revert "units: drop runlevel[0-6].target" @@ -10,7 +10,7 @@ The unit are still needed for compat. 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/units/meson.build b/units/meson.build -index 4f47a3b2bd..34b3222f11 100644 +index 2e04c4aa2b..46eaac4073 100644 --- a/units/meson.build +++ b/units/meson.build @@ -1,5 +1,7 @@ @@ -30,7 +30,7 @@ index 4f47a3b2bd..34b3222f11 100644 }, { 'file' : 'halt.target' }, { -@@ -142,14 +144,20 @@ units = [ +@@ -142,7 +144,10 @@ units = [ 'conditions' : ['ENABLE_MACHINED'], }, { 'file' : 'modprobe@.service' }, @@ -39,9 +39,10 @@ index 4f47a3b2bd..34b3222f11 100644 + 'file' : 'multi-user.target', + 'symlinks' : with_runlevels ? ['runlevel2.target', 'runlevel3.target', 'runlevel4.target'] : [], + }, - { 'file' : 'network-online.target' }, - { 'file' : 'network-pre.target' }, - { 'file' : 'network.target' }, + { + 'file' : 'systemd-mute-console.socket', + 'symlinks' : ['sockets.target.wants/'] +@@ -155,7 +160,10 @@ units = [ { 'file' : 'nss-lookup.target' }, { 'file' : 'nss-user-lookup.target' }, { 'file' : 'paths.target' }, @@ -53,7 +54,7 @@ index 4f47a3b2bd..34b3222f11 100644 { 'file' : 'printer.target' }, { 'file' : 'proc-sys-fs-binfmt_misc.automount', -@@ -174,7 +182,7 @@ units = [ +@@ -180,7 +188,7 @@ units = [ }, { 'file' : 'reboot.target', @@ -62,7 +63,7 @@ index 4f47a3b2bd..34b3222f11 100644 }, { 'file' : 'remote-cryptsetup.target', -@@ -194,7 +202,10 @@ units = [ +@@ -200,7 +208,10 @@ units = [ 'symlinks' : ['initrd-root-device.target.wants/'], }, { 'file' : 'rescue.service.in' }, @@ -74,7 +75,7 @@ index 4f47a3b2bd..34b3222f11 100644 { 'file' : 'rpcbind.target' }, { 'file' : 'serial-getty@.service.in' }, { 'file' : 'shutdown.target' }, -@@ -972,4 +983,10 @@ else +@@ -1001,4 +1012,10 @@ else dbussessionservicedir / 'org.freedesktop.systemd1.service')) endif diff --git a/38769.patch b/38769.patch index 35b50e4..09a7423 100644 --- a/38769.patch +++ b/38769.patch @@ -1,4 +1,4 @@ -From e4e1e425394dcef01317c42b34c133768c26b765 Mon Sep 17 00:00:00 2001 +From 00d70f36a0866660693347009446b7f872a05bf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Sat, 30 Aug 2025 13:55:56 +0200 Subject: [PATCH] core: create userdb root directory with correct label @@ -16,18 +16,18 @@ longer is. Regression introduced in 736349958efe34089131ca88950e2e5bb391d36a. 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/core/varlink.c b/src/core/varlink.c -index 8c6b95e31d1d5..110b281842373 100644 +index 99f12c59e5..71a8ffd0e5 100644 --- a/src/core/varlink.c +++ b/src/core/varlink.c -@@ -6,6 +6,7 @@ +@@ -5,6 +5,7 @@ + #include "constants.h" #include "errno-util.h" - #include "json-util.h" #include "manager.h" +#include "mkdir-label.h" #include "path-util.h" #include "pidref.h" #include "string-util.h" -@@ -424,7 +425,11 @@ static int manager_varlink_init_system(Manager *m) { +@@ -441,7 +442,11 @@ static int manager_varlink_init_system(Manager *m) { if (!fresh && varlink_server_contains_socket(m->varlink_server, address)) continue; diff --git a/sources b/sources index a9f4297..752c9ae 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-258.2.tar.gz) = 1dc016a5a037aec2682e08d2add0dcf8d03db15b45ce8c6b677898f734aefd4694ce18e588d579e42514071fc4c167b2bf53808478b2bd3856b257c9fbcde45d +SHA512 (systemd-259-rc1.tar.gz) = 18a4305e0577647993dacf2369f374af5af67268c62aa49eb93680b6bb7986bd6d48f00328d20913c8eaa8204f4cbe47296e5087688290ae46910b909b307042 diff --git a/systemd.spec b/systemd.spec index 03acb85..4645686 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:258.2} +Version: %{?version_override}%{!?version_override:259~rc1} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From 044cff4700898340708ff684614f48e3b3faec9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 17 Nov 2025 21:20:23 +0100 Subject: [PATCH 130/148] Allow empower group This will need to be patched into setup. --- systemd.spec | 5 +++-- test_sysusers_defined.py | 7 +++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index 4645686..f49d0cc 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1116,12 +1116,13 @@ mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ # We skip this on upstream builds so that new users and groups # can be added without breaking the build. %if 0%{?fedora} >= 43 -%{python3} %{SOURCE4} /usr/lib/sysusers.d/setup.conf %{buildroot}/usr/lib/sysusers.d/basic.conf +IGNORED=empower \ + %{python3} %{SOURCE4} /usr/lib/sysusers.d/setup.conf %{buildroot}/usr/lib/sysusers.d/basic.conf %else %{python3} %{SOURCE4} /usr/lib/sysusers.d/20-setup-{users,groups}.conf %{buildroot}/usr/lib/sysusers.d/basic.conf %endif %endif -rm %{buildroot}/usr/lib/sysusers.d/basic.conf +sed -n -r -i '1,7p; /can .do.|empower/p' %{buildroot}/usr/lib/sysusers.d/basic.conf %endif # Disable sshd_config.d/20-systemd-userdb.conf for now. diff --git a/test_sysusers_defined.py b/test_sysusers_defined.py index f6358fb..3c1e04f 100755 --- a/test_sysusers_defined.py +++ b/test_sysusers_defined.py @@ -1,5 +1,6 @@ #!/usr/bin/python +import os import sys def parse_sysusers_file(filename): @@ -30,7 +31,9 @@ for arg in sys.argv[1:-1]: basic_users, basic_groups = parse_sysusers_file(sys.argv[-1]) -if d := basic_users - setup_users: +ignored = set(os.getenv('IGNORED', '').split()) + +if d := basic_users - setup_users - ignored: exit(f'We have new users: {d}') -if d := basic_groups - setup_groups: +if d := basic_groups - setup_groups - ignored: exit(f'We have new groups: {d}') From f9916b6fd1399261371c7fb1255a2be4dc8c4a25 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 20 Nov 2025 13:37:45 +0100 Subject: [PATCH 131/148] Revert "Use %autosetup -C" This effectively reverts commit b17d9c3474f6cd4c07e01ffdfedf6a93c157d859. --- systemd.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index f49d0cc..f4c1b30 100644 --- a/systemd.spec +++ b/systemd.spec @@ -760,7 +760,9 @@ main systemd package and is meant for use in exitrds. mv %{_sourcedir}/%{name}.fedora/* %{_sourcedir} %endif -%autosetup -C -p1 +# Automatically figure out the name of the top-level directory. +# TODO: Use %%autosetup -C once we can depend on rpm >= 4.20. +%autosetup -n %(tar -tf %{SOURCE0} | head -n1) -p1 # Disable user lockdown until rpm implements it natively. # https://github.com/rpm-software-management/rpm/issues/3450 From 12f95f807fef5075a8842dd107f83b4c41d5ac26 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 20 Nov 2025 14:11:10 +0100 Subject: [PATCH 132/148] Wrap %autosetup in %_build_in_place check The shell expansion we use to determine the top-level directory will get expanded even if we don't execute %prep, so add a %_build_in_place check to make sure we don't try to search for the top-level directory if --build-in-place is set. --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index f4c1b30..868b09b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -762,7 +762,9 @@ mv %{_sourcedir}/%{name}.fedora/* %{_sourcedir} # Automatically figure out the name of the top-level directory. # TODO: Use %%autosetup -C once we can depend on rpm >= 4.20. +%if %{undefined _build_in_place} %autosetup -n %(tar -tf %{SOURCE0} | head -n1) -p1 +%endif # Disable user lockdown until rpm implements it natively. # https://github.com/rpm-software-management/rpm/issues/3450 From 9ac8c363070586c41877b782d1c7f1b408a1f0ec Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 19 Nov 2025 23:13:54 +0100 Subject: [PATCH 133/148] Set meson auto features to auto when building for upstream We don't want new options to be forcefully enabled if we don't have the dependencies available. --- systemd.spec | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/systemd.spec b/systemd.spec index 868b09b..eda018e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -38,6 +38,11 @@ # that depend on libcryptsetup (e.g. libcryptsetup-plugins, homed) %if %{with bootstrap} %global __meson_auto_features disabled +# If we're building for upstream, don't unconditionally enable all +# new features as new features might be introduced for which we're +# missing build dependencies. +%elif %{with upstream} +%global __meson_auto_features auto %endif # Override %%autorelease. This is ugly, but rpmautospec doesn't implement From ddb6474e949910c9c6972f96862551f41902fc58 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Fri, 21 Nov 2025 15:07:07 +0100 Subject: [PATCH 134/148] Drop provides for removed sysvinit tools ... (rhbz#2413557) --- systemd.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index eda018e..3afd8bc 100644 --- a/systemd.spec +++ b/systemd.spec @@ -333,9 +333,7 @@ Provides: /usr/sbin/halt Provides: /usr/sbin/init Provides: /usr/sbin/poweroff Provides: /usr/sbin/reboot -Provides: /usr/sbin/runlevel Provides: /usr/sbin/shutdown -Provides: /usr/sbin/telinit %endif # libmount is always required, even in containers, so make it a hard dependency. From 33b38cdbc74dadf280448a0693677595cb78f4c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 26 Nov 2025 15:29:29 +0100 Subject: [PATCH 135/148] Suppress errors from tar MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Without this, 'spectool -g …' will print to the console. [skip changelog] --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 3afd8bc..50f58c0 100644 --- a/systemd.spec +++ b/systemd.spec @@ -766,7 +766,7 @@ mv %{_sourcedir}/%{name}.fedora/* %{_sourcedir} # Automatically figure out the name of the top-level directory. # TODO: Use %%autosetup -C once we can depend on rpm >= 4.20. %if %{undefined _build_in_place} -%autosetup -n %(tar -tf %{SOURCE0} | head -n1) -p1 +%autosetup -n %(tar -tf %{SOURCE0} 2>/dev/null | head -n1) -p1 %endif # Disable user lockdown until rpm implements it natively. From 7e409130ee736cfe54b8d03a94b7d53b2e0d9f89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 26 Nov 2025 15:47:05 +0100 Subject: [PATCH 136/148] Version 259~rc2 This has a bunch of fixes for various issues reported with -rc1, in particular varlink socket communication. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 752c9ae..d50c204 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-259-rc1.tar.gz) = 18a4305e0577647993dacf2369f374af5af67268c62aa49eb93680b6bb7986bd6d48f00328d20913c8eaa8204f4cbe47296e5087688290ae46910b909b307042 +SHA512 (systemd-259-rc2.tar.gz) = 667fe1deff5020f751f3721472f2b3a1dfc32e3d10a78b5efd1673b7a42b3d445ab504687e6cd2f42dc5cbfc5c42ba3a435939ec5957c9e73833486112f9bd91 diff --git a/systemd.spec b/systemd.spec index 50f58c0..38eccf6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -73,7 +73,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:259~rc1} +Version: %{?version_override}%{!?version_override:259~rc2} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From 0289127dae861518d708cf1a3b83e0745a303630 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 26 Nov 2025 22:35:50 +0100 Subject: [PATCH 137/148] Patch machined to continue after selinux denial --- ...cription-to-varlink-server-unify-err.patch | 53 +++++++++++++++++++ ...continue-without-resolve.hook-socket.patch | 30 +++++++++++ systemd.spec | 4 ++ 3 files changed, 87 insertions(+) create mode 100644 0001-machined-add-description-to-varlink-server-unify-err.patch create mode 100644 0002-machined-continue-without-resolve.hook-socket.patch diff --git a/0001-machined-add-description-to-varlink-server-unify-err.patch b/0001-machined-add-description-to-varlink-server-unify-err.patch new file mode 100644 index 0000000..27f0e38 --- /dev/null +++ b/0001-machined-add-description-to-varlink-server-unify-err.patch @@ -0,0 +1,53 @@ +From b984311d5c993d4d90c67b225b68b115301b565a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 26 Nov 2025 22:11:24 +0100 +Subject: [PATCH 1/2] machined: add description to varlink server, unify error + messages + +manager_varlink_init_resolve_hook and +manager_varlink_init_userdb are very similar, but one +didn't set a description and the other one had an error message +which didn't print the offending path. +--- + src/machine/machined-varlink.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c +index f4714c545d..cf87065443 100644 +--- a/src/machine/machined-varlink.c ++++ b/src/machine/machined-varlink.c +@@ -745,6 +745,8 @@ static int manager_varlink_init_userdb(Manager *m) { + if (r < 0) + return log_error_errno(r, "Failed to allocate varlink server object: %m"); + ++ (void) sd_varlink_server_set_description(s, "varlink-userdb"); ++ + r = sd_varlink_server_add_interface(s, &vl_interface_io_systemd_UserDatabase); + if (r < 0) + return log_error_errno(r, "Failed to add UserDatabase interface to varlink server: %m"); +@@ -757,9 +759,10 @@ static int manager_varlink_init_userdb(Manager *m) { + if (r < 0) + return log_error_errno(r, "Failed to register varlink methods: %m"); + +- r = sd_varlink_server_listen_address(s, "/run/systemd/userdb/io.systemd.Machine", 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); ++ const char *path = "/run/systemd/userdb/io.systemd.Machine"; ++ r = sd_varlink_server_listen_address(s, path, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); + if (r < 0) +- return log_error_errno(r, "Failed to bind to varlink socket '/run/systemd/userdb/io.systemd.Machine': %m"); ++ return log_error_errno(r, "Failed to bind to varlink socket %s: %m", path); + + r = sd_varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); + if (r < 0) +@@ -889,9 +892,10 @@ static int manager_varlink_init_resolve_hook(Manager *m) { + if (r < 0) + return log_error_errno(r, "Failed to bind on resolve hook disconnection events: %m"); + +- r = sd_varlink_server_listen_address(s, "/run/systemd/resolve.hook/io.systemd.Machine", 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); ++ const char *path = "/run/systemd/resolve.hook/io.systemd.Machine"; ++ r = sd_varlink_server_listen_address(s, path, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); + if (r < 0) +- return log_error_errno(r, "Failed to bind to varlink socket: %m"); ++ return log_error_errno(r, "Failed to bind to varlink socket %s: %m", path); + + r = sd_varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); + if (r < 0) diff --git a/0002-machined-continue-without-resolve.hook-socket.patch b/0002-machined-continue-without-resolve.hook-socket.patch new file mode 100644 index 0000000..f1c12e0 --- /dev/null +++ b/0002-machined-continue-without-resolve.hook-socket.patch @@ -0,0 +1,30 @@ +From 74f2ac66b118a7f5d0fb0d9b4444f951466cd30d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 26 Nov 2025 22:29:53 +0100 +Subject: [PATCH 2/2] machined: continue without resolve.hook socket + +--- + src/machine/machined-varlink.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c +index cf87065443..bae0577122 100644 +--- a/src/machine/machined-varlink.c ++++ b/src/machine/machined-varlink.c +@@ -894,8 +894,14 @@ static int manager_varlink_init_resolve_hook(Manager *m) { + + const char *path = "/run/systemd/resolve.hook/io.systemd.Machine"; + r = sd_varlink_server_listen_address(s, path, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); +- if (r < 0) +- return log_error_errno(r, "Failed to bind to varlink socket %s: %m", path); ++ if (r < 0) { ++ bool ignore = ERRNO_IS_NEG_PRIVILEGE(r); ++ log_full_errno(ignore ? LOG_WARNING : LOG_ERR, ++ r, ++ "Failed to bind to varlink socket %s%s: %m", ++ path, ignore ? ", ignoring" : ""); ++ return ignore ? 0 : r; ++ } + + r = sd_varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); + if (r < 0) diff --git a/systemd.spec b/systemd.spec index 38eccf6..0949cb1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -149,6 +149,10 @@ Patch: 0001-Revert-units-drop-runlevel-0-6-.target.patch # userdb: create userdb root directory with correct label # We can drop this after SELinux policy is updated to handle the transition. Patch: https://github.com/systemd/systemd/pull/38769.patch + +# Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2415701 +Patch: 0001-machined-add-description-to-varlink-server-unify-err.patch +Patch: 0002-machined-continue-without-resolve.hook-socket.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From b562e38e22a8e558de31947d2ba08b17458f5385 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 28 Nov 2025 12:50:05 +0100 Subject: [PATCH 138/148] Fix use of removed $LOCAL_CONF variable Follow up for f8932309d95f37b0f81c54a8d38010ced60ae99b [skip changelog] --- plans/run-integration-tests.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 46ea433..e3f0059 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -66,7 +66,7 @@ WithTests=yes EOF if [[ -n "${MKOSI_REPOSITORIES:-}" ]]; then - tee --append "$LOCAL_CONF" < Date: Fri, 28 Nov 2025 14:52:38 +0100 Subject: [PATCH 139/148] Check if --max-lines is supported by meson --- plans/run-integration-tests.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index e3f0059..9e7f83e 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -105,14 +105,19 @@ mkosi summary mkosi -f box -- true mkosi box -- meson setup build integration-tests/standalone mkosi -f +if [[ "$(mkosi box -- meson test --help)" == *"--max-lines"* ]]; then + MAX_LINES=(--max-lines 300) +else + MAX_LINES=() +fi mkosi box -- \ meson test \ -C build \ --setup=integration \ --print-errorlogs \ --no-stdsplit \ - --max-lines 300 \ - --num-processes "$NPROC" && EC=0 || EC=$? + --num-processes "$NPROC" \ + "${MAX_LINES[@]}" && EC=0 || EC=$? [[ -d build/meson-logs ]] && find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; [[ -d build/test/journal ]] && find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; From bf8019c840e86edf4371b7b1d0ce9968bb99515f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 10 Dec 2025 22:55:22 +0100 Subject: [PATCH 140/148] Version 259~rc3 Various fixes for various issues reported with -rc2. --- ...vert-units-drop-runlevel-0-6-.target.patch | 4 +- ...cription-to-varlink-server-unify-err.patch | 53 ------------------- ...continue-without-resolve.hook-socket.patch | 22 ++++---- sources | 2 +- systemd.spec | 3 +- 5 files changed, 16 insertions(+), 68 deletions(-) delete mode 100644 0001-machined-add-description-to-varlink-server-unify-err.patch diff --git a/0001-Revert-units-drop-runlevel-0-6-.target.patch b/0001-Revert-units-drop-runlevel-0-6-.target.patch index 5a4dacd..faf8341 100644 --- a/0001-Revert-units-drop-runlevel-0-6-.target.patch +++ b/0001-Revert-units-drop-runlevel-0-6-.target.patch @@ -1,7 +1,7 @@ -From 5b18cc5d62e6225c373aa36f6ff9a8f3539387e0 Mon Sep 17 00:00:00 2001 +From 61750e265ce3f7783a8dba831e91140f84ad89f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 5 Nov 2025 17:52:16 +0100 -Subject: [PATCH] Revert "units: drop runlevel[0-6].target" +Subject: [PATCH 1/3] Revert "units: drop runlevel[0-6].target" This partially reverts commit e58ba80a40fb6e96543d56774a5bc5aa9cdadbf3. The unit are still needed for compat. diff --git a/0001-machined-add-description-to-varlink-server-unify-err.patch b/0001-machined-add-description-to-varlink-server-unify-err.patch deleted file mode 100644 index 27f0e38..0000000 --- a/0001-machined-add-description-to-varlink-server-unify-err.patch +++ /dev/null @@ -1,53 +0,0 @@ -From b984311d5c993d4d90c67b225b68b115301b565a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 26 Nov 2025 22:11:24 +0100 -Subject: [PATCH 1/2] machined: add description to varlink server, unify error - messages - -manager_varlink_init_resolve_hook and -manager_varlink_init_userdb are very similar, but one -didn't set a description and the other one had an error message -which didn't print the offending path. ---- - src/machine/machined-varlink.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c -index f4714c545d..cf87065443 100644 ---- a/src/machine/machined-varlink.c -+++ b/src/machine/machined-varlink.c -@@ -745,6 +745,8 @@ static int manager_varlink_init_userdb(Manager *m) { - if (r < 0) - return log_error_errno(r, "Failed to allocate varlink server object: %m"); - -+ (void) sd_varlink_server_set_description(s, "varlink-userdb"); -+ - r = sd_varlink_server_add_interface(s, &vl_interface_io_systemd_UserDatabase); - if (r < 0) - return log_error_errno(r, "Failed to add UserDatabase interface to varlink server: %m"); -@@ -757,9 +759,10 @@ static int manager_varlink_init_userdb(Manager *m) { - if (r < 0) - return log_error_errno(r, "Failed to register varlink methods: %m"); - -- r = sd_varlink_server_listen_address(s, "/run/systemd/userdb/io.systemd.Machine", 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); -+ const char *path = "/run/systemd/userdb/io.systemd.Machine"; -+ r = sd_varlink_server_listen_address(s, path, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); - if (r < 0) -- return log_error_errno(r, "Failed to bind to varlink socket '/run/systemd/userdb/io.systemd.Machine': %m"); -+ return log_error_errno(r, "Failed to bind to varlink socket %s: %m", path); - - r = sd_varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); - if (r < 0) -@@ -889,9 +892,10 @@ static int manager_varlink_init_resolve_hook(Manager *m) { - if (r < 0) - return log_error_errno(r, "Failed to bind on resolve hook disconnection events: %m"); - -- r = sd_varlink_server_listen_address(s, "/run/systemd/resolve.hook/io.systemd.Machine", 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); -+ const char *path = "/run/systemd/resolve.hook/io.systemd.Machine"; -+ r = sd_varlink_server_listen_address(s, path, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); - if (r < 0) -- return log_error_errno(r, "Failed to bind to varlink socket: %m"); -+ return log_error_errno(r, "Failed to bind to varlink socket %s: %m", path); - - r = sd_varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); - if (r < 0) diff --git a/0002-machined-continue-without-resolve.hook-socket.patch b/0002-machined-continue-without-resolve.hook-socket.patch index f1c12e0..2903c5e 100644 --- a/0002-machined-continue-without-resolve.hook-socket.patch +++ b/0002-machined-continue-without-resolve.hook-socket.patch @@ -1,28 +1,30 @@ -From 74f2ac66b118a7f5d0fb0d9b4444f951466cd30d Mon Sep 17 00:00:00 2001 +From 8d6d86d1d7e45eeae921e88adde55d6524027c96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 26 Nov 2025 22:29:53 +0100 -Subject: [PATCH 2/2] machined: continue without resolve.hook socket +Subject: [PATCH 3/3] machined: continue without resolve.hook socket --- - src/machine/machined-varlink.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) + src/machine/machined-varlink.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c -index cf87065443..bae0577122 100644 +index f83cbb8562..0b30cd0531 100644 --- a/src/machine/machined-varlink.c +++ b/src/machine/machined-varlink.c -@@ -894,8 +894,14 @@ static int manager_varlink_init_resolve_hook(Manager *m) { +@@ -894,9 +894,15 @@ static int manager_varlink_init_resolve_hook(Manager *m) { - const char *path = "/run/systemd/resolve.hook/io.systemd.Machine"; - r = sd_varlink_server_listen_address(s, path, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); + r = sd_varlink_server_listen_address(s, VARLINK_PATH_MACHINED_RESOLVE_HOOK, + 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); - if (r < 0) -- return log_error_errno(r, "Failed to bind to varlink socket %s: %m", path); +- return log_error_errno(r, "Failed to bind to varlink socket %s: %m", +- VARLINK_PATH_MACHINED_RESOLVE_HOOK); + if (r < 0) { + bool ignore = ERRNO_IS_NEG_PRIVILEGE(r); + log_full_errno(ignore ? LOG_WARNING : LOG_ERR, + r, + "Failed to bind to varlink socket %s%s: %m", -+ path, ignore ? ", ignoring" : ""); ++ VARLINK_PATH_MACHINED_RESOLVE_HOOK, ++ ignore ? ", ignoring" : ""); + return ignore ? 0 : r; + } diff --git a/sources b/sources index d50c204..6c92dff 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-259-rc2.tar.gz) = 667fe1deff5020f751f3721472f2b3a1dfc32e3d10a78b5efd1673b7a42b3d445ab504687e6cd2f42dc5cbfc5c42ba3a435939ec5957c9e73833486112f9bd91 +SHA512 (systemd-259-rc3.tar.gz) = 31f979204e0db13233b766bf0956fb02f8f1165c00eb6721d833a28e59eaa3929c624542a61313cd254bcaefc206cbf562f252f8c94a78c332333852fbbbbb2b diff --git a/systemd.spec b/systemd.spec index 0949cb1..ab31da9 100644 --- a/systemd.spec +++ b/systemd.spec @@ -73,7 +73,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:259~rc2} +Version: %{?version_override}%{!?version_override:259~rc3} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif @@ -151,7 +151,6 @@ Patch: 0001-Revert-units-drop-runlevel-0-6-.target.patch Patch: https://github.com/systemd/systemd/pull/38769.patch # Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2415701 -Patch: 0001-machined-add-description-to-varlink-server-unify-err.patch Patch: 0002-machined-continue-without-resolve.hook-socket.patch %endif From 4f5b5a961543cc907a48f24cc6647fa100679139 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 18 Dec 2025 10:34:39 +0100 Subject: [PATCH 141/148] Version 259 - Some bugfixes since -rc3, in particular in the area of image creation and loading of libraries --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 6c92dff..af6ddf0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-259-rc3.tar.gz) = 31f979204e0db13233b766bf0956fb02f8f1165c00eb6721d833a28e59eaa3929c624542a61313cd254bcaefc206cbf562f252f8c94a78c332333852fbbbbb2b +SHA512 (systemd-259.tar.gz) = ef46b13661df43e3cfbeee1bc22f0b1eb902e8ebe39c19868c465efd08b35a199c2a2cd9d8021a6bc4d692fa0c6e0eab3f13eecd6ce24dde81d3945464a25b50 diff --git a/systemd.spec b/systemd.spec index ab31da9..0cc5357 100644 --- a/systemd.spec +++ b/systemd.spec @@ -73,7 +73,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:259~rc3} +Version: %{?version_override}%{!?version_override:259} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From 0c8ea706f96b053bcf38856d3c517e78805f1519 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 1 Dec 2025 13:26:24 +0100 Subject: [PATCH 142/148] Fix links to patches These patches were modified downstream yet the links were never updated [skip changelog] --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 0cc5357..f20339f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -140,7 +140,7 @@ Patch: https://github.com/systemd/systemd/pull/26494.patch # Create user journals for users with high UIDs # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 -Patch: https://github.com/systemd/systemd/pull/30846.patch +Patch: 30846.patch # Again create runlevelX.target. Dropping those files breaks upgrades. # https://bugzilla.redhat.com/show_bug.cgi?id=2411195 @@ -148,7 +148,7 @@ Patch: 0001-Revert-units-drop-runlevel-0-6-.target.patch # userdb: create userdb root directory with correct label # We can drop this after SELinux policy is updated to handle the transition. -Patch: https://github.com/systemd/systemd/pull/38769.patch +Patch: 38769.patch # Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2415701 Patch: 0002-machined-continue-without-resolve.hook-socket.patch From 56377438ba63df532f6e77874b942dc641544ed0 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 19 Dec 2025 00:10:52 +0000 Subject: [PATCH 143/148] Disable sysinit-path for upstream builds [skip changelog] --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index f20339f..d3117a1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -805,7 +805,9 @@ VMLINUX_H_PATH=$(%python3 -c '%find_vmlinux_h') CONFIGURE_OPTS=( -Dmode=release -Dslow-tests=true +%if %{without upstream} -Dsysvinit-path=/etc/rc.d/init.d +%endif -Drc-local=/etc/rc.d/rc.local -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' -Ddns-servers= From cac8dde28a1298bbc2bee40e9ab3b9308392f691 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 19 Dec 2025 11:40:52 +0100 Subject: [PATCH 144/148] test: Allow passing in extra tests to skip via TEST_SKIP [skip changelog] --- plans/run-integration-tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 9e7f83e..6d2ee37 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -98,7 +98,7 @@ fi # This test is only really useful if we're building with sanitizers and takes a long time, so let's skip it # for now. -export TEST_SKIP="TEST-21-DFUZZER" +export TEST_SKIP="TEST-21-DFUZZER ${TEST_SKIP:-}" mkosi genkey mkosi summary From c0520291971673fd0c64ff3cbaf2ac344db2a3c8 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 19 Dec 2025 16:17:01 +0100 Subject: [PATCH 145/148] Drop libcap-devel BuildRequires Not required anymore since v259. --- systemd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index d3117a1..d4088d9 100644 --- a/systemd.spec +++ b/systemd.spec @@ -163,7 +163,6 @@ BuildRequires: gcc-c++ BuildRequires: clang BuildRequires: coreutils BuildRequires: rpmdevtools -BuildRequires: libcap-devel BuildRequires: libmount-devel BuildRequires: libfdisk-devel BuildRequires: libpwquality-devel From 67538c79f250eecbd904aa87e72a44cb3b5ef6f4 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 19 Dec 2025 16:17:26 +0100 Subject: [PATCH 146/148] Make dbus and systemd-pam recommended dependencies Neither dbus nor pam are required in the initrd so let's make both recommended dependencies instead of required dependencies so that we can build initrds without either of them getting pulled in. --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index d4088d9..9122e0f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -279,8 +279,8 @@ Requires(post): coreutils Requires(post): grep # systemd-machine-id-setup requires libssl Requires(post): openssl-libs -Requires: dbus >= 1.9.18 -Requires: systemd-pam%{_isa} = %{version}-%{release} +Recommends: dbus >= 1.9.18 +Recommends: systemd-pam%{_isa} = %{version}-%{release} Requires(meta): (systemd-rpm-macros = %{version}-%{release} if rpm-build) Requires: systemd-libs%{_isa} = %{version}-%{release} %{?fedora:Recommends: systemd-networkd = %{version}-%{release}} From 399885597ce9f7cc63673c3369086021f0b01176 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 20 Dec 2025 18:35:48 +0100 Subject: [PATCH 147/148] Revert "Disable sysinit-path for upstream builds" This reverts commit 56377438ba63df532f6e77874b942dc641544ed0. Dropping of the option currently doesn't disable anything, it just moves the file. I don't think we gain anything by moving the file and actually this causes problems [1], so let's just return to status quo ante. [1] file /etc/init.d conflicts between attempted installs of systemd-259.999+69+g6ceb76bfc-2548.1.x86_64 and chkconfig-1.33-3.fc44.x86_64 [skip changelog] --- systemd.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 9122e0f..af79bf0 100644 --- a/systemd.spec +++ b/systemd.spec @@ -804,9 +804,7 @@ VMLINUX_H_PATH=$(%python3 -c '%find_vmlinux_h') CONFIGURE_OPTS=( -Dmode=release -Dslow-tests=true -%if %{without upstream} -Dsysvinit-path=/etc/rc.d/init.d -%endif -Drc-local=/etc/rc.d/rc.local -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' -Ddns-servers= From f353d244fd5a7bb972ab1bb0884a5e8ccc8b4faf Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Mon, 12 Jan 2026 16:22:10 +0100 Subject: [PATCH 148/148] Add 2 patches for automatic aarch64 DTB selection change --- ...rel-section-when-os-release-is-empty.patch | 112 ++++++++++++++++++ ...inter-deref-when-there-are-no-initrd.patch | 51 ++++++++ systemd.spec | 6 + 3 files changed, 169 insertions(+) create mode 100644 0003-ukify-omit-.osrel-section-when-os-release-is-empty.patch create mode 100644 0004-stub-Fix-NULL-pointer-deref-when-there-are-no-initrd.patch diff --git a/0003-ukify-omit-.osrel-section-when-os-release-is-empty.patch b/0003-ukify-omit-.osrel-section-when-os-release-is-empty.patch new file mode 100644 index 0000000..5f4a1dd --- /dev/null +++ b/0003-ukify-omit-.osrel-section-when-os-release-is-empty.patch @@ -0,0 +1,112 @@ +From 75890d949f92c412c0936b8536b2e0dc8f7dfb40 Mon Sep 17 00:00:00 2001 +From: Nick Rosbrook +Date: Fri, 19 Dec 2025 11:01:49 -0500 +Subject: [PATCH] ukify: omit .osrel section when --os-release= is empty + +The primary motivation for this is to allow users of ukify to build +UKI-like objects, without having them later be detected as a UKI by +tools like kernel-install and bootctl. + +The common code used by these tools to determine if a PE binary is a UKI +checks that both .osrel and .linux sections are present. Hence, adding +a mechansim to skip .osrel provides a way to avoid being labeled a UKI. +--- + man/ukify.xml | 5 ++++- + src/ukify/test/test_ukify.py | 15 +++++++++++---- + src/ukify/ukify.py | 10 +++++++++- + 3 files changed, 24 insertions(+), 6 deletions(-) + +diff --git a/man/ukify.xml b/man/ukify.xml +index 829761642d..7462c5c92f 100644 +--- a/man/ukify.xml ++++ b/man/ukify.xml +@@ -365,7 +365,10 @@ + The os-release description (the .osrel section). The argument + may be a literal string, or @ followed by a path name. If not specified, the + os-release5 file +- will be picked up from the host system. ++ will be picked up from the host system. If explicitly set to an empty string, the ".osrel" section ++ is omitted from the UKI (this is not recommended in most cases, and causes the resulting artifact ++ to not be recognized as a UKI by other tools like kernel-install ++ and bootctl). + + + +diff --git a/src/ukify/test/test_ukify.py b/src/ukify/test/test_ukify.py +index f75ef0c891..224a38569f 100755 +--- a/src/ukify/test/test_ukify.py ++++ b/src/ukify/test/test_ukify.py +@@ -641,7 +641,7 @@ def test_efi_signing_pesign(kernel_initrd, tmp_path): + + shutil.rmtree(tmp_path) + +-def test_inspect(kernel_initrd, tmp_path, capsys): ++def test_inspect(kernel_initrd, tmp_path, capsys, osrel=True): + if kernel_initrd is None: + pytest.skip('linux+initrd not found') + if not shutil.which('sbsign'): +@@ -653,7 +653,7 @@ def test_inspect(kernel_initrd, tmp_path, capsys): + + output = f'{tmp_path}/signed2.efi' + uname_arg='1.2.3' +- osrel_arg='Linux' ++ osrel_arg='Linux' if osrel else '' + cmdline_arg='ARG1 ARG2 ARG3' + + args = [ +@@ -680,8 +680,12 @@ def test_inspect(kernel_initrd, tmp_path, capsys): + + text = capsys.readouterr().out + +- expected_osrel = f'.osrel:\n size: {len(osrel_arg)}' +- assert expected_osrel in text ++ if osrel: ++ expected_osrel = f'.osrel:\n size: {len(osrel_arg)}' ++ assert expected_osrel in text ++ else: ++ assert '.osrel:' not in text ++ + expected_cmdline = f'.cmdline:\n size: {len(cmdline_arg)}' + assert expected_cmdline in text + expected_uname = f'.uname:\n size: {len(uname_arg)}' +@@ -694,6 +698,9 @@ def test_inspect(kernel_initrd, tmp_path, capsys): + + shutil.rmtree(tmp_path) + ++def test_inspect_no_osrel(kernel_initrd, tmp_path, capsys): ++ test_inspect(kernel_initrd, tmp_path, capsys, osrel=False) ++ + @pytest.mark.skipif(not slow_tests, reason='slow') + def test_pcr_signing(kernel_initrd, tmp_path): + if kernel_initrd is None: +diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py +index c98f8e2a5d..b7542c7eca 100755 +--- a/src/ukify/ukify.py ++++ b/src/ukify/ukify.py +@@ -1477,6 +1477,9 @@ def make_uki(opts: UkifyConfig) -> None: + '.profile', + } + ++ if not opts.os_release: ++ to_import.remove('.osrel') ++ + for profile in opts.join_profiles: + pe = pefile.PE(profile, fast_load=True) + prev_len = len(uki.sections) +@@ -2412,7 +2415,12 @@ def finalize_options(opts: argparse.Namespace) -> None: + + opts.os_release = resolve_at_path(opts.os_release) + +- if not opts.os_release and opts.linux: ++ if opts.os_release == '': ++ # If --os-release= with an empty string was passed, treat that as ++ # explicitly disabling the .osrel section, and do not fallback to the ++ # system's os-release files. ++ pass ++ elif opts.os_release is None and opts.linux: + p = Path('/etc/os-release') + if not p.exists(): + p = Path('/usr/lib/os-release') +-- +2.52.0 + diff --git a/0004-stub-Fix-NULL-pointer-deref-when-there-are-no-initrd.patch b/0004-stub-Fix-NULL-pointer-deref-when-there-are-no-initrd.patch new file mode 100644 index 0000000..d6f362f --- /dev/null +++ b/0004-stub-Fix-NULL-pointer-deref-when-there-are-no-initrd.patch @@ -0,0 +1,51 @@ +From e57e599e6b11039ab6484e5622b3deae20bfd678 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Mon, 12 Jan 2026 14:56:36 +0100 +Subject: [PATCH] stub: Fix NULL pointer deref when there are no initrds + +When n_all_initrds == 0, then all_initrds is unmodified from its initial +value of: + + _cleanup_free_ struct iovec *all_initrds = NULL; + +and in the else block of the "if (n_all_initrds > 1)" the NULL is +dereferenced: + + final_initrd = all_initrds[0]; + +Leading to the stub crashing due to a NULL pointer deref. + +Fix this by initializing final_initrd to all 0s and only +running the else block if (n_all_initrds == 1). +--- + src/boot/stub.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/boot/stub.c b/src/boot/stub.c +index 06ecbc7d18..65950262c6 100644 +--- a/src/boot/stub.c ++++ b/src/boot/stub.c +@@ -1302,9 +1302,9 @@ static EFI_STATUS run(EFI_HANDLE image) { + + /* Combine the initrds into one */ + _cleanup_pages_ Pages initrd_pages = {}; +- struct iovec final_initrd; ++ struct iovec final_initrd = {}; + if (n_all_initrds > 1) { +- /* There will always be a base initrd, if this counter is higher, we need to combine them */ ++ /* If there is more then 1 initrd we need to combine them */ + err = combine_initrds(all_initrds, n_all_initrds, &initrd_pages, &final_initrd.iov_len); + if (err != EFI_SUCCESS) + return err; +@@ -1313,7 +1313,7 @@ static EFI_STATUS run(EFI_HANDLE image) { + + /* Given these might be large let's free them explicitly before we pass control to Linux */ + initrds_free(&initrds); +- } else ++ } else if (n_all_initrds == 1) + final_initrd = all_initrds[0]; + + struct iovec kernel = IOVEC_MAKE( +-- +2.52.0 + diff --git a/systemd.spec b/systemd.spec index af79bf0..afd6432 100644 --- a/systemd.spec +++ b/systemd.spec @@ -152,6 +152,12 @@ Patch: 38769.patch # Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2415701 Patch: 0002-machined-continue-without-resolve.hook-socket.patch + +# 2 patches for https://fedoraproject.org/wiki/Changes/Automatic_DTB_selection_for_aarch64_EFI_systems +# Upstream commit: https://github.com/systemd/systemd/commit/75890d949f92c412c0936b8536b2e0dc8f7dfb40 +Patch: 0003-ukify-omit-.osrel-section-when-os-release-is-empty.patch +# Upstream PR: https://github.com/systemd/systemd/pull/40329 +Patch: 0004-stub-Fix-NULL-pointer-deref-when-there-are-no-initrd.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64