diff --git a/0002-test-mountpoint-util-support-running-on-a-mount-name.patch b/0002-test-mountpoint-util-support-running-on-a-mount-name.patch deleted file mode 100644 index 00c056b..0000000 --- a/0002-test-mountpoint-util-support-running-on-a-mount-name.patch +++ /dev/null @@ -1,64 +0,0 @@ -From b13268dc09eed68426c2e68a402c96b93f8b0fff Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 12 Sep 2022 04:57:17 +0900 -Subject: [PATCH] test-mountpoint-util: support running on a mount namespace - with another mount on /proc - -Fixes #11505. ---- - src/test/test-mountpoint-util.c | 30 +++++++++++++++++++++--------- - 1 file changed, 21 insertions(+), 9 deletions(-) - -diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c -index 92eed0be62..391e1c97ba 100644 ---- a/src/test/test-mountpoint-util.c -+++ b/src/test/test-mountpoint-util.c -@@ -83,24 +83,36 @@ TEST(mnt_id) { - - HASHMAP_FOREACH_KEY(p, k, h) { - int mnt_id = PTR_TO_INT(k), mnt_id2; -+ const char *q; - - r = path_get_mnt_id(p, &mnt_id2); - if (r < 0) { -- log_debug_errno(r, "Failed to get the mnt id of %s: %m\n", p); -+ log_debug_errno(r, "Failed to get the mnt id of %s: %m", p); - continue; - } - - if (mnt_id == mnt_id2) { -- log_debug("mnt ids of %s is %i\n", p, mnt_id); -+ log_debug("mnt ids of %s is %i.", p, mnt_id); - continue; - } else -- log_debug("mnt ids of %s are %i, %i\n", p, mnt_id, mnt_id2); -- -- /* The ids don't match? If so, then there are two mounts on the same path, let's check if -- * that's really the case */ -- char *t = hashmap_get(h, INT_TO_PTR(mnt_id2)); -- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t); -- assert_se(path_equal(p, t)); -+ log_debug("mnt ids of %s are %i (from /proc/self/mountinfo), %i (from path_get_mnt_id()).", p, mnt_id, mnt_id2); -+ -+ /* The ids don't match? This can easily happen e.g. running with "unshare --mount-proc". -+ * See #11505. */ -+ assert_se(q = hashmap_get(h, INT_TO_PTR(mnt_id2))); -+ -+ assert_se((r = path_is_mount_point(p, NULL, 0)) >= 0); -+ if (r == 0) { -+ /* If the path is not a mount point anymore, then it must be a sub directory of -+ * the path corresponds to mnt_id2. */ -+ log_debug("The path %s for mnt id %i is not a mount point.", p, mnt_id2); -+ assert_se(!isempty(path_startswith(p, q))); -+ } else { -+ /* If the path is still a mount point, then it must be equivalent to the path -+ * corresponds to mnt_id2 */ -+ log_debug("There are multiple mounts on the same path %s.", p); -+ assert_se(path_equal(p, q)); -+ } - } - } - --- -2.37.2 - diff --git a/sources b/sources index 835d223..bc8d675 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-251.5.tar.gz) = 2c645a694d45a2670920115529c5f34001153dafe26e5c4e65f8d1a37922a351569d056fc002f1af72dfc173988f93e11893460f64b497e3d5fc339083dcb2fa +SHA512 (systemd-251.19.tar.gz) = a1bd8f449e2ec92e823eae81a002b2da7e008bdcaeeac2c9c381eee42d58990d277994062541c4ba7721bb581b5f2147c9b9af2af611edc2a0d578dc2d08eb4c diff --git a/split-files.py b/split-files.py index 835be3d..6406f4e 100644 --- a/split-files.py +++ b/split-files.py @@ -17,6 +17,7 @@ def files(root): o_libs = open('.file-list-libs', 'w') o_udev = open('.file-list-udev', 'w') +o_boot = open('.file-list-boot', 'w') o_pam = open('.file-list-pam', 'w') o_rpm_macros = open('.file-list-rpm-macros', 'w') o_devel = open('.file-list-devel', 'w') @@ -101,7 +102,6 @@ for file in files(buildroot): hwdb| bootctl| boot-update| - sd-boot|systemd-boot\.|loader.conf| bless-boot| boot-system-token| kernel-install| @@ -130,7 +130,6 @@ for file in files(buildroot): integritytab| remount-fs| /boot$| - /boot/efi| /kernel/| /kernel$| /modprobe.d| @@ -144,6 +143,11 @@ for file in files(buildroot): # confused if those user-facing binaries are not available. o = o_udev + elif re.search(r'''/boot/efi| + sd-boot|systemd-boot\.|loader.conf + ''', n, re.X): + o = o_boot + elif re.search(r'''resolved|resolve1| systemd-resolve| resolvconf| diff --git a/systemd.spec b/systemd.spec index 2a44ac2..9ce5b87 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,8 +1,6 @@ #global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} -%global stable 1 - # We ship a .pc file but don't want to have a dep on pkg-config. We # strip the automatically generated dep here and instead co-own the # directory. @@ -28,17 +26,19 @@ %bcond_with inplace Name: systemd -Url: https://www.freedesktop.org/wiki/Software/systemd +Url: https://systemd.io %if %{without inplace} -Version: 251.5 +Version: 251.19 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') %endif -Release: %autorelease -b 28 +Release: %autorelease + +%global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) # For a breakdown of the licensing, see README -License: LGPLv2+ and MIT and GPLv2+ +License: LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later Summary: System and Service Manager # download tarballs with "spectool -g systemd.spec" @@ -89,8 +89,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. -# PR https://github.com/systemd/systemd/pull/24639 -Patch0002: 0002-test-mountpoint-util-support-running-on-a-mount-name.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -183,7 +181,7 @@ Requires: %{name}-libs = %{version}-%{release} %{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} Recommends: diffutils Requires: (util-linux-core or util-linux) -Recommends: libxkbcommon%{?_isa} +Recommends: libxkbcommon%{_isa} Provides: /bin/systemctl Provides: /sbin/shutdown Provides: syslog @@ -206,6 +204,8 @@ Provides: %{name}-tmpfiles = %{version}-%{release} Conflicts: %{name}-standalone-sysusers < %{version}-%{release}^ Provides: %{name}-sysusers = %{version}-%{release} +Requires: (selinux-policy-any >= 37.18-1.fc37 if selinux-policy-any) + # Recommends to replace normal Requires deps for stuff that is dlopen()ed Recommends: libidn2.so.0%{?elf_suffix} Recommends: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} @@ -238,12 +238,12 @@ utilities to control basic system configuration like the hostname, date, locale, maintain a list of logged-in users, system accounts, runtime directories and settings, and a logging daemons. %if 0%{?stable} -This package was built from the %{version}-stable branch of systemd. +This package was built from the %(c=%version; echo "v${c%.*}-stable") branch of systemd. %endif %package libs Summary: systemd libraries -License: LGPLv2+ and MIT +License: LGPL-2.1-or-later AND MIT Obsoletes: libudev < 183 Obsoletes: systemd < 185-4 Conflicts: systemd < 185-4 @@ -275,8 +275,8 @@ for information how to use those macros. %package devel Summary: Development headers for systemd -License: LGPLv2+ and MIT -Requires: %{name}-libs%{?_isa} = %{version}-%{release} +License: LGPL-2.1-or-later AND MIT +Requires: %{name}-libs%{_isa} = %{version}-%{release} Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) Provides: libudev-devel = %{version} Provides: libudev-devel%{_isa} = %{version} @@ -288,9 +288,9 @@ to libudev or libsystemd. %package udev Summary: Rule-based device node and kernel event manager -License: LGPLv2+ +License: LGPL-2.1-or-later -Requires: systemd%{?_isa} = %{version}-%{release} +Requires: systemd%{_isa} = %{version}-%{release} Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -328,6 +328,11 @@ Requires: kbd Provides: u2f-hidraw-policy = 1.0.2-40 Obsoletes: u2f-hidraw-policy < 1.0.2-40 +# https://bugzilla.redhat.com/show_bug.cgi?id=2176263 +%if 0%{?have_gnu_efi} +Requires: systemd-boot-unsigned%{_isa} = %version-%release +%endif + %description udev This package contains systemd-udev and the rules and hardware database needed to manage device nodes. This package is necessary on physical machines and in @@ -338,10 +343,32 @@ This package also provides systemd-timesyncd, a network time protocol daemon. It also contains tools to manage encrypted home areas and secrets bound to the machine, and to create or grow partitions and make file systems automatically. +%if 0%{?have_gnu_efi} +%package boot-unsigned +Summary: UEFI boot manager (unsigned version) + +Provides: systemd-boot-unsigned-%{efi_arch} = %version-%release +Provides: systemd-boot = %version-%release +Provides: systemd-boot%{_isa} = %version-%release +# A provides with just the version, no release or dist, used to build systemd-boot +Provides: version(systemd-boot-unsigned) = %version +Provides: version(systemd-boot-unsigned)%{_isa} = %version + +%description boot-unsigned +systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a +graphical menu to select the entry to boot and an editor for the kernel command +line. systemd-boot supports systems with UEFI firmware only. + +This package contains an unsigned version. + +This package also contains the systemd-stub (short: sd-stub) which is used to +build Unified Kernel Images (UKIs). +%endif + %package container # Name is the same as in Debian Summary: Tools for containers and VMs -Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}%{_isa} = %{version}-%{release} Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -349,7 +376,7 @@ Requires(postun): systemd Obsoletes: %{name} < 229-5 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) Suggests: libcurl-minimal -License: LGPLv2+ +License: LGPL-2.1-or-later %description container Systemd tools to spawn and manage containers and virtual machines. @@ -360,8 +387,8 @@ systemd-importd. %package journal-remote # Name is the same as in Debian Summary: Tools to send journal events over the network -Requires: %{name}%{?_isa} = %{version}-%{release} -License: LGPLv2+ +Requires: %{name}%{_isa} = %{version}-%{release} +License: LGPL-2.1-or-later Requires: firewalld-filesystem Provides: %{name}-journal-gateway = %{version}-%{release} Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} @@ -378,8 +405,8 @@ systemd-journal-upload. %package networkd Summary: System daemon that manages network configurations -Requires: %{name}%{?_isa} = %{version}-%{release} -License: LGPLv2+ +Requires: %{name}%{_isa} = %{version}-%{release} +License: LGPL-2.1-or-later # https://src.fedoraproject.org/rpms/systemd/pull-request/34 Obsoletes: systemd < 246.6-2 @@ -390,7 +417,7 @@ devices. %package resolved Summary: Network Name Resolution manager -Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}%{_isa} = %{version}-%{release} Obsoletes: %{name} < 249~~ Requires: libidn2.so.0%{?elf_suffix} Requires: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} @@ -404,7 +431,7 @@ resolver, as well as an LLMNR and MulticastDNS resolver and responder. %package oomd-defaults Summary: Configuration files for systemd-oomd Requires: %{name} = %{version}-%{release} -License: LGPLv2+ +License: LGPL-2.1-or-later BuildArch: noarch %description oomd-defaults @@ -413,32 +440,32 @@ a userspace out-of-memory (OOM) killer. %package tests Summary: Internal unit tests for systemd -Requires: %{name}%{?_isa} = %{version}-%{release} -License: LGPLv2+ +Requires: %{name}%{_isa} = %{version}-%{release} +License: LGPL-2.1-or-later %description tests "Installed tests" that are usually run as part of the build system. They can be useful to test systemd internals. %package standalone-tmpfiles -Summary: Standalone tmpfiles binary for use in non-systemd systems +Summary: Standalone systemd-tmpfiles binary for use on systems without systemd Provides: %{name}-tmpfiles = %{version}-%{release} RemovePathPostfixes: .standalone %description standalone-tmpfiles -Standalone tmpfiles binary with no dependencies on the systemd-shared library or +Standalone systemd-tmpfiles binary with no dependencies on the systemd-shared library or other libraries from systemd-libs. This package conflicts with the main systemd -package and is meant for use in non-systemd systems. +package and is meant for use on systems without systemd. %package standalone-sysusers -Summary: Standalone sysusers binary for use in non-systemd systems +Summary: Standalone systemd-sysusers binary for use on systems without systemd Provides: %{name}-sysusers = %{version}-%{release} RemovePathPostfixes: .standalone %description standalone-sysusers -Standalone sysusers binary with no dependencies on the systemd-shared library or +Standalone systemd-sysusers binary with no dependencies on the systemd-shared library or other libraries from systemd-libs. This package conflicts with the main systemd -package and is meant for use in non-systemd systems. +package and is meant for use on systems without systemd. %prep %autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1 @@ -447,6 +474,9 @@ test -f src/login/systemd-user.in # Restore systemd-user pam config from before "removal of Fedora-specific bits". # We'll systemd process it and install in the right place. cp %{SOURCE12} src/login/systemd-user.in +# We want to update sd-boot from packaging scriptlets after package update. +# Let's disable the service. +sed -r -i '/^enable systemd-boot-update.service/d' presets/90-systemd.preset %build %global ntpvendor %(source /etc/os-release; echo ${ID}) @@ -659,7 +689,6 @@ install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3} # systemd-oomd default configuration install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14} -install -Dm0644 -t %{buildroot}%{system_unit_dir}/user-.slice.d/ %{SOURCE15} install -Dm0644 -t %{buildroot}%{system_unit_dir}/system.slice.d/ %{SOURCE15} install -Dm0644 -t %{buildroot}%{user_unit_dir}/slice.d/ %{SOURCE15} @@ -908,6 +937,8 @@ fi [ $1 -eq 1 ] || exit 0 # Initial installation +touch %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation + # Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263 if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd." @@ -917,14 +948,17 @@ fi %systemd_post systemd-resolved.service %posttrans resolved -[ $1 -eq 1 ] || exit 0 +[ -e %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation ] || exit 0 +rm %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation # Initial installation # Create /etc/resolv.conf symlink. -# We would also create it using tmpfiles, but let's do this here -# too before NetworkManager gets a chance. (systemd-tmpfiles invocation above -# does not do this, because it's marked with ! and we don't specify --boot.) -# https://bugzilla.redhat.com/show_bug.cgi?id=1873856 +# (https://bugzilla.redhat.com/show_bug.cgi?id=1873856) +# +# We would also create it using tmpfiles, but let's do this here too +# before NetworkManager gets a chance. (systemd-tmpfiles invocation +# above does not do this, because the line is marked with ! and +# tmpfiles is invoked without --boot in the scriptlet.) # # *Create* the symlink if nothing is present yet. # (https://bugzilla.redhat.com/show_bug.cgi?id=2032085) @@ -986,6 +1020,10 @@ fi %files udev -f .file-list-udev +%if 0%{?have_gnu_efi} +%files boot-unsigned -f .file-list-boot +%endif + %files container -f .file-list-container %ghost %dir %attr(0700,-,-) /var/lib/machines diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh index 829d11e..a077bb7 100755 --- a/sysusers.generate-pre.sh +++ b/sysusers.generate-pre.sh @@ -1,92 +1,96 @@ #!/bin/bash +# -*- mode: shell-script; indent-tabs-mode: true; tab-width: 4; -*- # This script turns sysuser.d files into scriptlets mandated by Fedora # packaging guidelines. The general idea is to define users using the # declarative syntax but to turn this into traditional scriptlets. user() { - user="$1" - uid="$2" - desc="$3" - group="$4" - home="$5" - shell="$6" + user="$1" + uid="$2" + desc="$3" + group="$4" + home="$5" + shell="$6" - [ "$desc" = '-' ] && desc= - { [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/ - { [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/usr/sbin/nologin + [ "$desc" = '-' ] && desc= + { [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/ + { [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/usr/sbin/nologin - if [ "$uid" = '-' ] || [ "$uid" = '' ]; then - cat </dev/null || \\ - useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : -EOF - else - cat </dev/null; then - if ! getent passwd '$uid' >/dev/null; then - useradd -r -u '$uid' -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : - else - useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : - fi -fi + if [ "$uid" = '-' ] || [ "$uid" = '' ]; then + cat <<-EOF + getent passwd '$user' >/dev/null || \\ + useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : + EOF + else + cat <<-EOF + if ! getent passwd '$user' >/dev/null; then + if ! getent passwd '$uid' >/dev/null; then + useradd -r -u '$uid' -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : + else + useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : + fi + fi -EOF - fi + EOF + fi } group() { - group="$1" - gid="$2" + group="$1" + gid="$2" - if [ "$gid" = '-' ]; then - cat <<-EOF - getent group '$group' >/dev/null || groupadd -r '$group' || : - EOF - else - cat <<-EOF - getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' || : - EOF - fi + if [ "$gid" = '-' ]; then + cat <<-EOF + getent group '$group' >/dev/null || groupadd -r '$group' || : + EOF + else + cat <<-EOF + getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' || : + EOF + fi } usermod() { - user="$1" - group="$2" + user="$1" + group="$2" - cat <<-EOF -if getent group '$group' >/dev/null; then - usermod -a -G '$group' '$user' || : -fi - EOF + cat <<-EOF + if getent group '$group' >/dev/null; then + usermod -a -G '$group' '$user' || : + fi + EOF } parse() { - while read -r line || [ -n "$line" ] ; do - { [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue - line="${line## *}" - [ -z "$line" ] && continue - eval "arr=( $line )" - case "${arr[0]}" in - ('u') - group "${arr[1]}" "${arr[2]}" - user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}" - # TODO: user:group support - ;; - ('g') - group "${arr[1]}" "${arr[2]}" - ;; - ('m') - group "${arr[2]}" "-" - user "${arr[1]}" "-" "" "${arr[1]}" "" "" - usermod "${arr[1]}" "${arr[2]}" - ;; - esac - done + while read -r line || [ -n "$line" ] ; do + { [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue + line="${line## *}" + [ -z "$line" ] && continue + eval "arr=( $line )" + case "${arr[0]}" in + ('u') + if [[ "${arr[2]}" == *":"* ]]; then + user "${arr[1]}" "${arr[2]%:*}" "${arr[3]}" "${arr[2]#*:}" "${arr[4]}" "${arr[5]}" + else + group "${arr[1]}" "${arr[2]}" + user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}" + fi + ;; + ('g') + group "${arr[1]}" "${arr[2]}" + ;; + ('m') + group "${arr[2]}" "-" + user "${arr[1]}" "-" "" "${arr[1]}" "" "" + usermod "${arr[1]}" "${arr[2]}" + ;; + esac + done } for fn in "$@"; do - [ -e "$fn" ] || continue - echo "# generated from $(basename "$fn")" - parse <"$fn" + [ -e "$fn" ] || continue + echo "# generated from $(basename "$fn")" + parse <"$fn" done