From ff63c4aed57505248d4d64625f5471e20c6419ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 13 Oct 2022 23:14:00 +0200 Subject: [PATCH 01/20] Version 251.6 (rhbz#2129387) --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 835d223..fb0f876 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-251.5.tar.gz) = 2c645a694d45a2670920115529c5f34001153dafe26e5c4e65f8d1a37922a351569d056fc002f1af72dfc173988f93e11893460f64b497e3d5fc339083dcb2fa +SHA512 (systemd-251.6.tar.gz) = 2da41ac7e939a893ada3ce682a6fe7dd326e8e0132221589da3d2b1d994e1a879118e0c6025f03351dac6567d754223a5f5401d64a5ca9256ab95512800370f8 diff --git a/systemd.spec b/systemd.spec index 2a44ac2..9cda8a4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 251.5 +Version: 251.6 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 6a1fc0a0f47994150a13d8fa78474e5bdda8a673 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 9 Oct 2022 15:12:53 +0200 Subject: [PATCH 02/20] Fix indentation in %sysusers_create_compat macro (rhbz#2132835) Automatic unindentation after <<-EOF only works with tabs. Jesus. --- sysusers.generate-pre.sh | 135 ++++++++++++++++++++------------------- 1 file changed, 68 insertions(+), 67 deletions(-) diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh index 829d11e..862cb77 100755 --- a/sysusers.generate-pre.sh +++ b/sysusers.generate-pre.sh @@ -1,92 +1,93 @@ #!/bin/bash +# -*- mode: shell-script; indent-tabs-mode: true; tab-width: 4; -*- # This script turns sysuser.d files into scriptlets mandated by Fedora # packaging guidelines. The general idea is to define users using the # declarative syntax but to turn this into traditional scriptlets. user() { - user="$1" - uid="$2" - desc="$3" - group="$4" - home="$5" - shell="$6" + user="$1" + uid="$2" + desc="$3" + group="$4" + home="$5" + shell="$6" - [ "$desc" = '-' ] && desc= - { [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/ - { [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/usr/sbin/nologin + [ "$desc" = '-' ] && desc= + { [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/ + { [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/usr/sbin/nologin - if [ "$uid" = '-' ] || [ "$uid" = '' ]; then - cat </dev/null || \\ - useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : -EOF - else - cat </dev/null; then - if ! getent passwd '$uid' >/dev/null; then - useradd -r -u '$uid' -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : - else - useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : - fi -fi + if [ "$uid" = '-' ] || [ "$uid" = '' ]; then + cat <<-EOF + getent passwd '$user' >/dev/null || \\ + useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : + EOF + else + cat <<-EOF + if ! getent passwd '$user' >/dev/null; then + if ! getent passwd '$uid' >/dev/null; then + useradd -r -u '$uid' -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : + else + useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : + fi + fi -EOF - fi + EOF + fi } group() { - group="$1" - gid="$2" + group="$1" + gid="$2" - if [ "$gid" = '-' ]; then - cat <<-EOF - getent group '$group' >/dev/null || groupadd -r '$group' || : - EOF - else - cat <<-EOF - getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' || : - EOF - fi + if [ "$gid" = '-' ]; then + cat <<-EOF + getent group '$group' >/dev/null || groupadd -r '$group' || : + EOF + else + cat <<-EOF + getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' || : + EOF + fi } usermod() { - user="$1" - group="$2" + user="$1" + group="$2" - cat <<-EOF -if getent group '$group' >/dev/null; then - usermod -a -G '$group' '$user' || : -fi - EOF + cat <<-EOF + if getent group '$group' >/dev/null; then + usermod -a -G '$group' '$user' || : + fi + EOF } parse() { - while read -r line || [ -n "$line" ] ; do - { [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue - line="${line## *}" - [ -z "$line" ] && continue - eval "arr=( $line )" - case "${arr[0]}" in - ('u') - group "${arr[1]}" "${arr[2]}" - user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}" - # TODO: user:group support - ;; - ('g') - group "${arr[1]}" "${arr[2]}" - ;; - ('m') - group "${arr[2]}" "-" - user "${arr[1]}" "-" "" "${arr[1]}" "" "" - usermod "${arr[1]}" "${arr[2]}" - ;; - esac - done + while read -r line || [ -n "$line" ] ; do + { [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue + line="${line## *}" + [ -z "$line" ] && continue + eval "arr=( $line )" + case "${arr[0]}" in + ('u') + group "${arr[1]}" "${arr[2]}" + user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}" + # TODO: user:group support + ;; + ('g') + group "${arr[1]}" "${arr[2]}" + ;; + ('m') + group "${arr[2]}" "-" + user "${arr[1]}" "-" "" "${arr[1]}" "" "" + usermod "${arr[1]}" "${arr[2]}" + ;; + esac + done } for fn in "$@"; do - [ -e "$fn" ] || continue - echo "# generated from $(basename "$fn")" - parse <"$fn" + [ -e "$fn" ] || continue + echo "# generated from $(basename "$fn")" + parse <"$fn" done From b18e0da227317f90e7602f60f4a1fea814c78037 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 14 Oct 2022 16:18:53 +0200 Subject: [PATCH 03/20] Fix upgrade detection in %posttrans scriptlet (rhbz#2115094) 4047e4fb7bb76f2578989e98de276e9ceb4e94b9 got things very wrong. The trick with "[ $1 -eq 1 ]" doesn't work for transaction triggers because the argument is not provided by rpm. We need to use a state file to propagate the information from %post to %posttrans. (cherry picked from commit bab6dfc23a915a4daee2dc6b215df8171a66f2a5) --- systemd.spec | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/systemd.spec b/systemd.spec index 9cda8a4..50b5f68 100644 --- a/systemd.spec +++ b/systemd.spec @@ -908,6 +908,8 @@ fi [ $1 -eq 1 ] || exit 0 # Initial installation +touch %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation + # Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263 if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd." @@ -917,14 +919,17 @@ fi %systemd_post systemd-resolved.service %posttrans resolved -[ $1 -eq 1 ] || exit 0 +[ -e %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation ] || exit 0 +rm %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation # Initial installation # Create /etc/resolv.conf symlink. -# We would also create it using tmpfiles, but let's do this here -# too before NetworkManager gets a chance. (systemd-tmpfiles invocation above -# does not do this, because it's marked with ! and we don't specify --boot.) -# https://bugzilla.redhat.com/show_bug.cgi?id=1873856 +# (https://bugzilla.redhat.com/show_bug.cgi?id=1873856) +# +# We would also create it using tmpfiles, but let's do this here too +# before NetworkManager gets a chance. (systemd-tmpfiles invocation +# above does not do this, because the line is marked with ! and +# tmpfiles is invoked without --boot in the scriptlet.) # # *Create* the symlink if nothing is present yet. # (https://bugzilla.redhat.com/show_bug.cgi?id=2032085) From 48041d53f84307916e45d83b9bad3b6a425919c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 24 Oct 2022 21:28:25 +0200 Subject: [PATCH 04/20] Version 251.7 (rhbz#2135778, rhbz#2133792, rhbz#2115094) I tagged a new v251-stable version. The biggest patches there are the ones for rhbz#2135778, the rest is some minor cleanups and obvious build fixes. If the build succeeds, they are low-risk. --- ...244641f13a9cb28fdac7e3c17c5446242dfb.patch | 83 +++++++++++++++++++ ...a7345b69de16e88347acadb3783ffeeaad9d.patch | 37 +++++++++ sources | 2 +- systemd.spec | 5 +- 4 files changed, 125 insertions(+), 2 deletions(-) create mode 100644 1f83244641f13a9cb28fdac7e3c17c5446242dfb.patch create mode 100644 b146a7345b69de16e88347acadb3783ffeeaad9d.patch diff --git a/1f83244641f13a9cb28fdac7e3c17c5446242dfb.patch b/1f83244641f13a9cb28fdac7e3c17c5446242dfb.patch new file mode 100644 index 0000000..a8ce3ee --- /dev/null +++ b/1f83244641f13a9cb28fdac7e3c17c5446242dfb.patch @@ -0,0 +1,83 @@ +From 1f83244641f13a9cb28fdac7e3c17c5446242dfb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 14 Oct 2022 15:02:20 +0200 +Subject: [PATCH] manager: allow transient units to have drop-ins + +In https://github.com/containers/podman/issues/16107, starting of a transient +slice unit fails because there's a "global" drop-in +/usr/lib/systemd/user/slice.d/10-oomd-per-slice-defaults.conf (provided by +systemd-oomd-defaults package to install some default oomd policy). This means +that the unit_is_pristine() check fails and starting of the unit is forbidden. + +It seems pretty clear to me that dropins at any other level then the unit +should be ignored in this check: we now have multiple layers of drop-ins +(for each level of the cgroup path, and also "global" ones for a specific +unit type). If we install a "global" drop-in, we wouldn't be able to start +any transient units of that type, which seems undesired. + +In principle we could reject dropins at the unit level, but I don't think that +is useful. The whole reason for drop-ins is that they are "add ons", and there +isn't any particular reason to disallow them for transient units. It would also +make things harder to implement and describe: one place for drop-ins is good, +but another is bad. (And as a corner case: for instanciated units, a drop-in +in the template would be acceptable, but a instance-specific drop-in bad?) + +Thus, $subject. + +While at it, adjust the message. All the conditions in unit_is_pristine() +essentially mean that it wasn't loaded (e.g. it might be in an error state), +and that it doesn't have a fragment path (now that drop-ins are acceptable). +If there's a job for it, it necessarilly must have been loaded. If it is +merged into another unit, it also was loaded and found to be an alias. +Based on the discussion in the bugs, it seems that the current message +is far from obvious ;) + +Fixes https://github.com/containers/podman/issues/16107, +https://bugzilla.redhat.com/show_bug.cgi?id=2133792. +--- + src/core/dbus-manager.c | 2 +- + src/core/unit.c | 14 ++++++++------ + 2 files changed, 9 insertions(+), 7 deletions(-) + +diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c +index 73f739b12dcf..20156c58f59f 100644 +--- a/src/core/dbus-manager.c ++++ b/src/core/dbus-manager.c +@@ -957,7 +957,7 @@ static int transient_unit_from_message( + + if (!unit_is_pristine(u)) + return sd_bus_error_setf(error, BUS_ERROR_UNIT_EXISTS, +- "Unit %s already exists.", name); ++ "Unit %s was already loaded or has a fragment file.", name); + + /* OK, the unit failed to load and is unreferenced, now let's + * fill in the transient data instead */ +diff --git a/src/core/unit.c b/src/core/unit.c +index 5016114cb470..d0f71886132f 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -4844,16 +4844,18 @@ int unit_fail_if_noncanonical(Unit *u, const char* where) { + bool unit_is_pristine(Unit *u) { + assert(u); + +- /* Check if the unit already exists or is already around, +- * in a number of different ways. Note that to cater for unit +- * types such as slice, we are generally fine with units that +- * are marked UNIT_LOADED even though nothing was actually +- * loaded, as those unit types don't require a file on disk. */ ++ /* Check if the unit already exists or is already around, in a number of different ways. Note that to ++ * cater for unit types such as slice, we are generally fine with units that are marked UNIT_LOADED ++ * even though nothing was actually loaded, as those unit types don't require a file on disk. ++ * ++ * Note that we don't check for drop-ins here, because we allow drop-ins for transient units ++ * identically to non-transient units, both unit-specific and hierarchical. E.g. for a-b-c.service: ++ * service.d/….conf, a-.service.d/….conf, a-b-.service.d/….conf, a-b-c.service.d/….conf. ++ */ + + return IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) && + !u->fragment_path && + !u->source_path && +- strv_isempty(u->dropin_paths) && + !u->job && + !u->merged_into; + } diff --git a/b146a7345b69de16e88347acadb3783ffeeaad9d.patch b/b146a7345b69de16e88347acadb3783ffeeaad9d.patch new file mode 100644 index 0000000..894d184 --- /dev/null +++ b/b146a7345b69de16e88347acadb3783ffeeaad9d.patch @@ -0,0 +1,37 @@ +From b146a7345b69de16e88347acadb3783ffeeaad9d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 14 Oct 2022 14:40:24 +0200 +Subject: [PATCH] manager: reformat boolean expression in unit_is_pristine() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Not not IN_SET(…) is just too much for my poor brain. Let's invert +the expression to make it easier to undertand. +--- + src/core/unit.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index d6bea2080f08..5016114cb470 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -4850,12 +4850,12 @@ bool unit_is_pristine(Unit *u) { + * are marked UNIT_LOADED even though nothing was actually + * loaded, as those unit types don't require a file on disk. */ + +- return !(!IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) || +- u->fragment_path || +- u->source_path || +- !strv_isempty(u->dropin_paths) || +- u->job || +- u->merged_into); ++ return IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) && ++ !u->fragment_path && ++ !u->source_path && ++ strv_isempty(u->dropin_paths) && ++ !u->job && ++ !u->merged_into; + } + + pid_t unit_control_pid(Unit *u) { diff --git a/sources b/sources index fb0f876..7f24b3e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-251.6.tar.gz) = 2da41ac7e939a893ada3ce682a6fe7dd326e8e0132221589da3d2b1d994e1a879118e0c6025f03351dac6567d754223a5f5401d64a5ca9256ab95512800370f8 +SHA512 (systemd-251.7.tar.gz) = a4c06b2d25c47af58abb1e1dc85737b2fb0eb394f09d2bb7c6b7b716cb4b1383a145885bbc8e5ffcdc26611fd44d362fba2152c4dd0ead6a03a93965b82bb9a4 diff --git a/systemd.spec b/systemd.spec index 50b5f68..0ea0b49 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 251.6 +Version: 251.7 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -92,6 +92,9 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # PR https://github.com/systemd/systemd/pull/24639 Patch0002: 0002-test-mountpoint-util-support-running-on-a-mount-name.patch +Patch0003: https://github.com/systemd/systemd/pull/25004/commits/b146a7345b69de16e88347acadb3783ffeeaad9d.patch +Patch0004: https://github.com/systemd/systemd/pull/25004/commits/1f83244641f13a9cb28fdac7e3c17c5446242dfb.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0490: use-bfq-scheduler.patch From a2461574d63611260340f4273a01e3a82eec991d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 8 Nov 2022 20:34:48 +0100 Subject: [PATCH 05/20] Version 251.8 ... (various smaller fixes). --- ...util-support-running-on-a-mount-name.patch | 64 -------------- ...244641f13a9cb28fdac7e3c17c5446242dfb.patch | 83 ------------------- ...a7345b69de16e88347acadb3783ffeeaad9d.patch | 37 --------- systemd.spec | 9 +- 4 files changed, 2 insertions(+), 191 deletions(-) delete mode 100644 0002-test-mountpoint-util-support-running-on-a-mount-name.patch delete mode 100644 1f83244641f13a9cb28fdac7e3c17c5446242dfb.patch delete mode 100644 b146a7345b69de16e88347acadb3783ffeeaad9d.patch diff --git a/0002-test-mountpoint-util-support-running-on-a-mount-name.patch b/0002-test-mountpoint-util-support-running-on-a-mount-name.patch deleted file mode 100644 index 00c056b..0000000 --- a/0002-test-mountpoint-util-support-running-on-a-mount-name.patch +++ /dev/null @@ -1,64 +0,0 @@ -From b13268dc09eed68426c2e68a402c96b93f8b0fff Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 12 Sep 2022 04:57:17 +0900 -Subject: [PATCH] test-mountpoint-util: support running on a mount namespace - with another mount on /proc - -Fixes #11505. ---- - src/test/test-mountpoint-util.c | 30 +++++++++++++++++++++--------- - 1 file changed, 21 insertions(+), 9 deletions(-) - -diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c -index 92eed0be62..391e1c97ba 100644 ---- a/src/test/test-mountpoint-util.c -+++ b/src/test/test-mountpoint-util.c -@@ -83,24 +83,36 @@ TEST(mnt_id) { - - HASHMAP_FOREACH_KEY(p, k, h) { - int mnt_id = PTR_TO_INT(k), mnt_id2; -+ const char *q; - - r = path_get_mnt_id(p, &mnt_id2); - if (r < 0) { -- log_debug_errno(r, "Failed to get the mnt id of %s: %m\n", p); -+ log_debug_errno(r, "Failed to get the mnt id of %s: %m", p); - continue; - } - - if (mnt_id == mnt_id2) { -- log_debug("mnt ids of %s is %i\n", p, mnt_id); -+ log_debug("mnt ids of %s is %i.", p, mnt_id); - continue; - } else -- log_debug("mnt ids of %s are %i, %i\n", p, mnt_id, mnt_id2); -- -- /* The ids don't match? If so, then there are two mounts on the same path, let's check if -- * that's really the case */ -- char *t = hashmap_get(h, INT_TO_PTR(mnt_id2)); -- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t); -- assert_se(path_equal(p, t)); -+ log_debug("mnt ids of %s are %i (from /proc/self/mountinfo), %i (from path_get_mnt_id()).", p, mnt_id, mnt_id2); -+ -+ /* The ids don't match? This can easily happen e.g. running with "unshare --mount-proc". -+ * See #11505. */ -+ assert_se(q = hashmap_get(h, INT_TO_PTR(mnt_id2))); -+ -+ assert_se((r = path_is_mount_point(p, NULL, 0)) >= 0); -+ if (r == 0) { -+ /* If the path is not a mount point anymore, then it must be a sub directory of -+ * the path corresponds to mnt_id2. */ -+ log_debug("The path %s for mnt id %i is not a mount point.", p, mnt_id2); -+ assert_se(!isempty(path_startswith(p, q))); -+ } else { -+ /* If the path is still a mount point, then it must be equivalent to the path -+ * corresponds to mnt_id2 */ -+ log_debug("There are multiple mounts on the same path %s.", p); -+ assert_se(path_equal(p, q)); -+ } - } - } - --- -2.37.2 - diff --git a/1f83244641f13a9cb28fdac7e3c17c5446242dfb.patch b/1f83244641f13a9cb28fdac7e3c17c5446242dfb.patch deleted file mode 100644 index a8ce3ee..0000000 --- a/1f83244641f13a9cb28fdac7e3c17c5446242dfb.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 1f83244641f13a9cb28fdac7e3c17c5446242dfb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 14 Oct 2022 15:02:20 +0200 -Subject: [PATCH] manager: allow transient units to have drop-ins - -In https://github.com/containers/podman/issues/16107, starting of a transient -slice unit fails because there's a "global" drop-in -/usr/lib/systemd/user/slice.d/10-oomd-per-slice-defaults.conf (provided by -systemd-oomd-defaults package to install some default oomd policy). This means -that the unit_is_pristine() check fails and starting of the unit is forbidden. - -It seems pretty clear to me that dropins at any other level then the unit -should be ignored in this check: we now have multiple layers of drop-ins -(for each level of the cgroup path, and also "global" ones for a specific -unit type). If we install a "global" drop-in, we wouldn't be able to start -any transient units of that type, which seems undesired. - -In principle we could reject dropins at the unit level, but I don't think that -is useful. The whole reason for drop-ins is that they are "add ons", and there -isn't any particular reason to disallow them for transient units. It would also -make things harder to implement and describe: one place for drop-ins is good, -but another is bad. (And as a corner case: for instanciated units, a drop-in -in the template would be acceptable, but a instance-specific drop-in bad?) - -Thus, $subject. - -While at it, adjust the message. All the conditions in unit_is_pristine() -essentially mean that it wasn't loaded (e.g. it might be in an error state), -and that it doesn't have a fragment path (now that drop-ins are acceptable). -If there's a job for it, it necessarilly must have been loaded. If it is -merged into another unit, it also was loaded and found to be an alias. -Based on the discussion in the bugs, it seems that the current message -is far from obvious ;) - -Fixes https://github.com/containers/podman/issues/16107, -https://bugzilla.redhat.com/show_bug.cgi?id=2133792. ---- - src/core/dbus-manager.c | 2 +- - src/core/unit.c | 14 ++++++++------ - 2 files changed, 9 insertions(+), 7 deletions(-) - -diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c -index 73f739b12dcf..20156c58f59f 100644 ---- a/src/core/dbus-manager.c -+++ b/src/core/dbus-manager.c -@@ -957,7 +957,7 @@ static int transient_unit_from_message( - - if (!unit_is_pristine(u)) - return sd_bus_error_setf(error, BUS_ERROR_UNIT_EXISTS, -- "Unit %s already exists.", name); -+ "Unit %s was already loaded or has a fragment file.", name); - - /* OK, the unit failed to load and is unreferenced, now let's - * fill in the transient data instead */ -diff --git a/src/core/unit.c b/src/core/unit.c -index 5016114cb470..d0f71886132f 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -4844,16 +4844,18 @@ int unit_fail_if_noncanonical(Unit *u, const char* where) { - bool unit_is_pristine(Unit *u) { - assert(u); - -- /* Check if the unit already exists or is already around, -- * in a number of different ways. Note that to cater for unit -- * types such as slice, we are generally fine with units that -- * are marked UNIT_LOADED even though nothing was actually -- * loaded, as those unit types don't require a file on disk. */ -+ /* Check if the unit already exists or is already around, in a number of different ways. Note that to -+ * cater for unit types such as slice, we are generally fine with units that are marked UNIT_LOADED -+ * even though nothing was actually loaded, as those unit types don't require a file on disk. -+ * -+ * Note that we don't check for drop-ins here, because we allow drop-ins for transient units -+ * identically to non-transient units, both unit-specific and hierarchical. E.g. for a-b-c.service: -+ * service.d/….conf, a-.service.d/….conf, a-b-.service.d/….conf, a-b-c.service.d/….conf. -+ */ - - return IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) && - !u->fragment_path && - !u->source_path && -- strv_isempty(u->dropin_paths) && - !u->job && - !u->merged_into; - } diff --git a/b146a7345b69de16e88347acadb3783ffeeaad9d.patch b/b146a7345b69de16e88347acadb3783ffeeaad9d.patch deleted file mode 100644 index 894d184..0000000 --- a/b146a7345b69de16e88347acadb3783ffeeaad9d.patch +++ /dev/null @@ -1,37 +0,0 @@ -From b146a7345b69de16e88347acadb3783ffeeaad9d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 14 Oct 2022 14:40:24 +0200 -Subject: [PATCH] manager: reformat boolean expression in unit_is_pristine() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Not not IN_SET(…) is just too much for my poor brain. Let's invert -the expression to make it easier to undertand. ---- - src/core/unit.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index d6bea2080f08..5016114cb470 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -4850,12 +4850,12 @@ bool unit_is_pristine(Unit *u) { - * are marked UNIT_LOADED even though nothing was actually - * loaded, as those unit types don't require a file on disk. */ - -- return !(!IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) || -- u->fragment_path || -- u->source_path || -- !strv_isempty(u->dropin_paths) || -- u->job || -- u->merged_into); -+ return IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) && -+ !u->fragment_path && -+ !u->source_path && -+ strv_isempty(u->dropin_paths) && -+ !u->job && -+ !u->merged_into; - } - - pid_t unit_control_pid(Unit *u) { diff --git a/systemd.spec b/systemd.spec index 0ea0b49..bc851e5 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,12 +30,12 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 251.7 +Version: 251.8 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') %endif -Release: %autorelease -b 28 +Release: %autorelease # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ @@ -89,11 +89,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. -# PR https://github.com/systemd/systemd/pull/24639 -Patch0002: 0002-test-mountpoint-util-support-running-on-a-mount-name.patch - -Patch0003: https://github.com/systemd/systemd/pull/25004/commits/b146a7345b69de16e88347acadb3783ffeeaad9d.patch -Patch0004: https://github.com/systemd/systemd/pull/25004/commits/1f83244641f13a9cb28fdac7e3c17c5446242dfb.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From d19e77ca88fd12ba9939af022e59e3ac229679a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 9 Nov 2022 09:16:45 +0100 Subject: [PATCH 06/20] Upload sources [skip changelog] --- sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources b/sources index 7f24b3e..6e0e2c9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-251.7.tar.gz) = a4c06b2d25c47af58abb1e1dc85737b2fb0eb394f09d2bb7c6b7b716cb4b1383a145885bbc8e5ffcdc26611fd44d362fba2152c4dd0ead6a03a93965b82bb9a4 +SHA512 (systemd-251.8.tar.gz) = c337fad3cf2beef11401850ddd6418efef035d4ec6405049084302738042f77ac1f8bfd7eb3611668a13038878389c9617e63278ec0b37782b3e0242e69c4843 From 3a7d59248d27f06cb1ec2552a2ff79a00344b0ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 14 Dec 2022 22:45:16 +0100 Subject: [PATCH 07/20] Version 251.9 ... (rhbz#2152685, rhbz#2152226) --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 6e0e2c9..89a230c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-251.8.tar.gz) = c337fad3cf2beef11401850ddd6418efef035d4ec6405049084302738042f77ac1f8bfd7eb3611668a13038878389c9617e63278ec0b37782b3e0242e69c4843 +SHA512 (systemd-251.9.tar.gz) = 27df2076445a826911274101286a3555528ebd0894a5c32f2dea71a075b5fcde3931f4d04f5726c5b39d482357939d2fbd2b52ac9a894b6853f48833984f4c17 diff --git a/systemd.spec b/systemd.spec index bc851e5..a6a9ea8 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 251.8 +Version: 251.9 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 6552e6b605e2943323621c46e010af388ad1b783 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 20 Dec 2022 19:30:03 +0100 Subject: [PATCH 08/20] Version 251.10 - CVE-2022-4415: systemd: coredump not respecting fs.suid_dumpable kernel setting --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 89a230c..81581b4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-251.9.tar.gz) = 27df2076445a826911274101286a3555528ebd0894a5c32f2dea71a075b5fcde3931f4d04f5726c5b39d482357939d2fbd2b52ac9a894b6853f48833984f4c17 +SHA512 (systemd-251.10.tar.gz) = 49e33dbbc1b2ebe123b2f722070c87524b3126d1e605fb3e24a3f9f328ab67de506dc4588a92caf157428c21b9c73c3884726c4a5b1f67bb997d4a68bb871e5b diff --git a/systemd.spec b/systemd.spec index a6a9ea8..5dbcdc7 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 251.9 +Version: 251.10 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 2963fd33197262737810fd6be02d9f0432bf0e29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 1 Feb 2023 17:36:47 +0100 Subject: [PATCH 09/20] Version 251.11 - Various small issues (detection of container environments, support for -D_FORTIFY_SOURCE=3, newer libcurl, newer objcopy, latest kernel headers, and other small fixes). --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 81581b4..f39dd20 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-251.10.tar.gz) = 49e33dbbc1b2ebe123b2f722070c87524b3126d1e605fb3e24a3f9f328ab67de506dc4588a92caf157428c21b9c73c3884726c4a5b1f67bb997d4a68bb871e5b +SHA512 (systemd-251.11.tar.gz) = 679934f7ba50b524a096476f402552df5d8566baf942c4849a8c6d74312bd0625793dac8afcebe8fcc331ec7bf3455cd63300962c625ae524cc30647835b3ec0 diff --git a/systemd.spec b/systemd.spec index 5dbcdc7..eca6052 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 251.10 +Version: 251.11 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From db88b63870c69a01d582d185ce2b2f3aa5be6914 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 7 Feb 2023 10:56:00 +0100 Subject: [PATCH 10/20] Add versioned Requires on selinux-policy (#2166509) --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index eca6052..a2a34b8 100644 --- a/systemd.spec +++ b/systemd.spec @@ -204,6 +204,8 @@ Provides: %{name}-tmpfiles = %{version}-%{release} Conflicts: %{name}-standalone-sysusers < %{version}-%{release}^ Provides: %{name}-sysusers = %{version}-%{release} +Requires: (selinux-policy-any >= 37.18-1.fc37 if selinux-policy-any) + # Recommends to replace normal Requires deps for stuff that is dlopen()ed Recommends: libidn2.so.0%{?elf_suffix} Recommends: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} From da2566b339f423d79a75cde6d29c2ee9450dd1ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 3 Mar 2023 18:45:26 +0100 Subject: [PATCH 11/20] Version 251.13 ... (rhbz#2148464, rhbz#2156900, #2167468) --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index f39dd20..0546761 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-251.11.tar.gz) = 679934f7ba50b524a096476f402552df5d8566baf942c4849a8c6d74312bd0625793dac8afcebe8fcc331ec7bf3455cd63300962c625ae524cc30647835b3ec0 +SHA512 (systemd-251.13.tar.gz) = 57947cad9e50efb2ff8d44c772c162077ecbf75c50b2740f69ab2a1ff3ea6fe921c7f7c8fe93778b84f643deab8d5eed86a2154eda73d2f13ef7ea3256f9835f diff --git a/systemd.spec b/systemd.spec index a2a34b8..f2fa04d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 251.11 +Version: 251.13 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 3e612deb3c61051c653c4b203add1f1691570f04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 3 Mar 2023 19:22:44 +0100 Subject: [PATCH 12/20] Convert license tags to SPDX and modernize descriptions --- systemd.spec | 54 ++++++++++++++++++++++++++-------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/systemd.spec b/systemd.spec index f2fa04d..fa403ff 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,8 +1,6 @@ #global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} -%global stable 1 - # We ship a .pc file but don't want to have a dep on pkg-config. We # strip the automatically generated dep here and instead co-own the # directory. @@ -28,7 +26,7 @@ %bcond_with inplace Name: systemd -Url: https://www.freedesktop.org/wiki/Software/systemd +Url: https://systemd.io %if %{without inplace} Version: 251.13 %else @@ -37,8 +35,10 @@ Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/- %endif Release: %autorelease +%global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) + # For a breakdown of the licensing, see README -License: LGPLv2+ and MIT and GPLv2+ +License: LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later Summary: System and Service Manager # download tarballs with "spectool -g systemd.spec" @@ -181,7 +181,7 @@ Requires: %{name}-libs = %{version}-%{release} %{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} Recommends: diffutils Requires: (util-linux-core or util-linux) -Recommends: libxkbcommon%{?_isa} +Recommends: libxkbcommon%{_isa} Provides: /bin/systemctl Provides: /sbin/shutdown Provides: syslog @@ -238,12 +238,12 @@ utilities to control basic system configuration like the hostname, date, locale, maintain a list of logged-in users, system accounts, runtime directories and settings, and a logging daemons. %if 0%{?stable} -This package was built from the %{version}-stable branch of systemd. +This package was built from the %(c=%version; echo "v${c%.*}-stable") branch of systemd. %endif %package libs Summary: systemd libraries -License: LGPLv2+ and MIT +License: LGPL-2.1-or-later AND MIT Obsoletes: libudev < 183 Obsoletes: systemd < 185-4 Conflicts: systemd < 185-4 @@ -275,8 +275,8 @@ for information how to use those macros. %package devel Summary: Development headers for systemd -License: LGPLv2+ and MIT -Requires: %{name}-libs%{?_isa} = %{version}-%{release} +License: LGPL-2.1-or-later AND MIT +Requires: %{name}-libs%{_isa} = %{version}-%{release} Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) Provides: libudev-devel = %{version} Provides: libudev-devel%{_isa} = %{version} @@ -288,9 +288,9 @@ to libudev or libsystemd. %package udev Summary: Rule-based device node and kernel event manager -License: LGPLv2+ +License: LGPL-2.1-or-later -Requires: systemd%{?_isa} = %{version}-%{release} +Requires: systemd%{_isa} = %{version}-%{release} Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -341,7 +341,7 @@ machine, and to create or grow partitions and make file systems automatically. %package container # Name is the same as in Debian Summary: Tools for containers and VMs -Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}%{_isa} = %{version}-%{release} Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -349,7 +349,7 @@ Requires(postun): systemd Obsoletes: %{name} < 229-5 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) Suggests: libcurl-minimal -License: LGPLv2+ +License: LGPL-2.1-or-later %description container Systemd tools to spawn and manage containers and virtual machines. @@ -360,8 +360,8 @@ systemd-importd. %package journal-remote # Name is the same as in Debian Summary: Tools to send journal events over the network -Requires: %{name}%{?_isa} = %{version}-%{release} -License: LGPLv2+ +Requires: %{name}%{_isa} = %{version}-%{release} +License: LGPL-2.1-or-later Requires: firewalld-filesystem Provides: %{name}-journal-gateway = %{version}-%{release} Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} @@ -378,8 +378,8 @@ systemd-journal-upload. %package networkd Summary: System daemon that manages network configurations -Requires: %{name}%{?_isa} = %{version}-%{release} -License: LGPLv2+ +Requires: %{name}%{_isa} = %{version}-%{release} +License: LGPL-2.1-or-later # https://src.fedoraproject.org/rpms/systemd/pull-request/34 Obsoletes: systemd < 246.6-2 @@ -390,7 +390,7 @@ devices. %package resolved Summary: Network Name Resolution manager -Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}%{_isa} = %{version}-%{release} Obsoletes: %{name} < 249~~ Requires: libidn2.so.0%{?elf_suffix} Requires: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} @@ -404,7 +404,7 @@ resolver, as well as an LLMNR and MulticastDNS resolver and responder. %package oomd-defaults Summary: Configuration files for systemd-oomd Requires: %{name} = %{version}-%{release} -License: LGPLv2+ +License: LGPL-2.1-or-later BuildArch: noarch %description oomd-defaults @@ -413,32 +413,32 @@ a userspace out-of-memory (OOM) killer. %package tests Summary: Internal unit tests for systemd -Requires: %{name}%{?_isa} = %{version}-%{release} -License: LGPLv2+ +Requires: %{name}%{_isa} = %{version}-%{release} +License: LGPL-2.1-or-later %description tests "Installed tests" that are usually run as part of the build system. They can be useful to test systemd internals. %package standalone-tmpfiles -Summary: Standalone tmpfiles binary for use in non-systemd systems +Summary: Standalone systemd-tmpfiles binary for use on systems without systemd Provides: %{name}-tmpfiles = %{version}-%{release} RemovePathPostfixes: .standalone %description standalone-tmpfiles -Standalone tmpfiles binary with no dependencies on the systemd-shared library or +Standalone systemd-tmpfiles binary with no dependencies on the systemd-shared library or other libraries from systemd-libs. This package conflicts with the main systemd -package and is meant for use in non-systemd systems. +package and is meant for use on systems without systemd. %package standalone-sysusers -Summary: Standalone sysusers binary for use in non-systemd systems +Summary: Standalone systemd-sysusers binary for use on systems without systemd Provides: %{name}-sysusers = %{version}-%{release} RemovePathPostfixes: .standalone %description standalone-sysusers -Standalone sysusers binary with no dependencies on the systemd-shared library or +Standalone systemd-sysusers binary with no dependencies on the systemd-shared library or other libraries from systemd-libs. This package conflicts with the main systemd -package and is meant for use in non-systemd systems. +package and is meant for use on systems without systemd. %prep %autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1 From 778340940596af1128baf79e8c983c83a777a872 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 3 Mar 2023 19:23:01 +0100 Subject: [PATCH 13/20] Split out systemd-boot-unsigned Having the same split in F37 as in rawhide will make it easier to build kernels. The split is being done here too on request of the kernel maintainers. --- split-files.py | 8 ++++++-- systemd.spec | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 2 deletions(-) diff --git a/split-files.py b/split-files.py index 835be3d..6406f4e 100644 --- a/split-files.py +++ b/split-files.py @@ -17,6 +17,7 @@ def files(root): o_libs = open('.file-list-libs', 'w') o_udev = open('.file-list-udev', 'w') +o_boot = open('.file-list-boot', 'w') o_pam = open('.file-list-pam', 'w') o_rpm_macros = open('.file-list-rpm-macros', 'w') o_devel = open('.file-list-devel', 'w') @@ -101,7 +102,6 @@ for file in files(buildroot): hwdb| bootctl| boot-update| - sd-boot|systemd-boot\.|loader.conf| bless-boot| boot-system-token| kernel-install| @@ -130,7 +130,6 @@ for file in files(buildroot): integritytab| remount-fs| /boot$| - /boot/efi| /kernel/| /kernel$| /modprobe.d| @@ -144,6 +143,11 @@ for file in files(buildroot): # confused if those user-facing binaries are not available. o = o_udev + elif re.search(r'''/boot/efi| + sd-boot|systemd-boot\.|loader.conf + ''', n, re.X): + o = o_boot + elif re.search(r'''resolved|resolve1| systemd-resolve| resolvconf| diff --git a/systemd.spec b/systemd.spec index fa403ff..9b7a5d5 100644 --- a/systemd.spec +++ b/systemd.spec @@ -328,6 +328,9 @@ Requires: kbd Provides: u2f-hidraw-policy = 1.0.2-40 Obsoletes: u2f-hidraw-policy < 1.0.2-40 +# self-obsoletes to install both packages after split of systemd-boot +Obsoletes: systemd-udev < 251.13^ + %description udev This package contains systemd-udev and the rules and hardware database needed to manage device nodes. This package is necessary on physical machines and in @@ -338,6 +341,31 @@ This package also provides systemd-timesyncd, a network time protocol daemon. It also contains tools to manage encrypted home areas and secrets bound to the machine, and to create or grow partitions and make file systems automatically. +%if 0%{?have_gnu_efi} +%package boot-unsigned +Summary: UEFI boot manager (unsigned version) + +Provides: systemd-boot-unsigned-%{efi_arch} = %version-%release +Provides: systemd-boot = %version-%release +Provides: systemd-boot%{_isa} = %version-%release +# A provides with just the version, no release or dist, used to build systemd-boot +Provides: version(systemd-boot-unsigned) = %version +Provides: version(systemd-boot-unsigned)%{_isa} = %version + +# self-obsoletes to install both packages after split of systemd-boot +Obsoletes: systemd-udev < 251.13^ + +%description boot-unsigned +systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a +graphical menu to select the entry to boot and an editor for the kernel command +line. systemd-boot supports systems with UEFI firmware only. + +This package contains an unsigned version. + +This package also contains the systemd-stub (short: sd-stub) which is used to +build Unified Kernel Images (UKIs). +%endif + %package container # Name is the same as in Debian Summary: Tools for containers and VMs @@ -447,6 +475,9 @@ test -f src/login/systemd-user.in # Restore systemd-user pam config from before "removal of Fedora-specific bits". # We'll systemd process it and install in the right place. cp %{SOURCE12} src/login/systemd-user.in +# We want to update sd-boot from packaging scriptlets after package update. +# Let's disable the service. +sed -r -i '/^enable systemd-boot-update.service/d' presets/90-systemd.preset %build %global ntpvendor %(source /etc/os-release; echo ${ID}) @@ -991,6 +1022,10 @@ fi %files udev -f .file-list-udev +%if 0%{?have_gnu_efi} +%files boot-unsigned -f .file-list-boot +%endif + %files container -f .file-list-container %ghost %dir %attr(0700,-,-) /var/lib/machines From 239c4de96cfa639f4c36956121cc2e5afadc9784 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 4 Mar 2023 10:39:53 +0100 Subject: [PATCH 14/20] Fix version in obsoletes I got confused yesterday. (Actually, just an empty rebuild would do the job too, since "-14" > "-13^", but by fixing it here I hope to avoid making a similar mistake in the future.) --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 9b7a5d5..da3c02d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -329,7 +329,7 @@ Provides: u2f-hidraw-policy = 1.0.2-40 Obsoletes: u2f-hidraw-policy < 1.0.2-40 # self-obsoletes to install both packages after split of systemd-boot -Obsoletes: systemd-udev < 251.13^ +Obsoletes: systemd-udev < 251.13 %description udev This package contains systemd-udev and the rules and hardware database needed to @@ -353,7 +353,7 @@ Provides: version(systemd-boot-unsigned) = %version Provides: version(systemd-boot-unsigned)%{_isa} = %version # self-obsoletes to install both packages after split of systemd-boot -Obsoletes: systemd-udev < 251.13^ +Obsoletes: systemd-udev < 251.13 %description boot-unsigned systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a From bfed7e5c115dce95fc1fd0b0d5130975f2b0702d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 7 Mar 2023 22:07:57 +0100 Subject: [PATCH 15/20] Make systemd-udev require systemd-boot again ... so that both subpackages are installed on upgrades (rhbz#2176263) Instead of installing both packages, 'dnf install systemd-udev' installs systemd-boot-unsigned. 'dnf install systemd-udev-251.13-4.fc37' works as expected and installs systemd-udev. I think this is a bug in dnf, but let's apply this workaround here until that is resolved. --- systemd.spec | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/systemd.spec b/systemd.spec index da3c02d..31f4b08 100644 --- a/systemd.spec +++ b/systemd.spec @@ -328,8 +328,8 @@ Requires: kbd Provides: u2f-hidraw-policy = 1.0.2-40 Obsoletes: u2f-hidraw-policy < 1.0.2-40 -# self-obsoletes to install both packages after split of systemd-boot -Obsoletes: systemd-udev < 251.13 +# https://bugzilla.redhat.com/show_bug.cgi?id=2176263 +Requires: systemd-boot-unsigned%{_isa} = %version-%release %description udev This package contains systemd-udev and the rules and hardware database needed to @@ -352,9 +352,6 @@ Provides: systemd-boot%{_isa} = %version-%release Provides: version(systemd-boot-unsigned) = %version Provides: version(systemd-boot-unsigned)%{_isa} = %version -# self-obsoletes to install both packages after split of systemd-boot -Obsoletes: systemd-udev < 251.13 - %description boot-unsigned systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a graphical menu to select the entry to boot and an editor for the kernel command From 9ada97774bdef6ee77ce3daf3f51280961cd9925 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 13 Mar 2023 20:44:17 +0100 Subject: [PATCH 16/20] Make requires on systemd-boot arch-specific ... (rhbz#2177691) --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 31f4b08..88fa014 100644 --- a/systemd.spec +++ b/systemd.spec @@ -329,7 +329,9 @@ Provides: u2f-hidraw-policy = 1.0.2-40 Obsoletes: u2f-hidraw-policy < 1.0.2-40 # https://bugzilla.redhat.com/show_bug.cgi?id=2176263 +%if 0%{?have_gnu_efi} Requires: systemd-boot-unsigned%{_isa} = %version-%release +%endif %description udev This package contains systemd-udev and the rules and hardware database needed to From ff48006784c15f512ecd887907569811db4d46aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 31 Mar 2023 19:02:03 +0200 Subject: [PATCH 17/20] Version 251.14 - Various small bugfixes with no bugzillas attached - Update hwdb to March 28 2023 --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 0546761..5fd06c2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-251.13.tar.gz) = 57947cad9e50efb2ff8d44c772c162077ecbf75c50b2740f69ab2a1ff3ea6fe921c7f7c8fe93778b84f643deab8d5eed86a2154eda73d2f13ef7ea3256f9835f +SHA512 (systemd-251.14.tar.gz) = 1c33dfef79381ad5b128bb20803f51607881202e46419414833771041f9f5dd113876d3089ada7567420b37e5f605b3803cddca8493bfd029b6dfb344a57d880 diff --git a/systemd.spec b/systemd.spec index 88fa014..5d61add 100644 --- a/systemd.spec +++ b/systemd.spec @@ -28,7 +28,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 251.13 +Version: 251.14 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From b522d2dc3917ff2afe1be8c9e2e7c1abb2e585be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 29 Mar 2023 18:09:36 +0200 Subject: [PATCH 18/20] oomd: stop monitoring user-*.slice slices ... (rhbz#2177722) Oomd was killing a login session (user-*.slice/session-*.scope). Quoting https://bugzilla.redhat.com/show_bug.cgi?id=2177722#c21: > In F37 and prior the config was killing based on swap and pressure > on user-*.slice/user@.service. In 7665e1796f915dedbf8e014f0a78f4f576d609bb > it was changed to pressure only on system.slice and all slices under > user.slice. The relevant point here is that this change now includes > user-*.slice/session-*.scope which is the critical session bits > you're seeing killed here. > > That session scope should be omitted. The config that I intended > with the initial PR was for all slices under > user.slice/user-*.slice/user@.service to be monitored, not for all > slices under user.slice. With the file removed: $ oomctl | rg Path | sort Path: /system.slice Path: /user.slice/user-1000.slice/user@1000.service/app.slice Path: /user.slice/user-1000.slice/user@1000.service/session.slice (cherry picked from commit 1320fc300948e7c12d16ea8dd4e0fae3fd821d54) --- systemd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 5d61add..dbd1f46 100644 --- a/systemd.spec +++ b/systemd.spec @@ -689,7 +689,6 @@ install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3} # systemd-oomd default configuration install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14} -install -Dm0644 -t %{buildroot}%{system_unit_dir}/user-.slice.d/ %{SOURCE15} install -Dm0644 -t %{buildroot}%{system_unit_dir}/system.slice.d/ %{SOURCE15} install -Dm0644 -t %{buildroot}%{user_unit_dir}/slice.d/ %{SOURCE15} From 4e6bc622f1f5cfd46aa9b1288b4d06ed3b5a82ce Mon Sep 17 00:00:00 2001 From: Martin Osvald Date: Wed, 2 Nov 2022 14:38:59 +0100 Subject: [PATCH 19/20] Support user:group notation by sysusers.generate-pre.sh script ... (rhbz#2103934) u user_name uid:gid "User Description" /home/dir /path/to/shell According to: https://www.freedesktop.org/software/systemd/man/sysusers.d.html (cherry picked from commit 83301531c0aa22ffc155096826d8f5250c6a880a) --- sysusers.generate-pre.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh index 862cb77..a077bb7 100755 --- a/sysusers.generate-pre.sh +++ b/sysusers.generate-pre.sh @@ -70,9 +70,12 @@ parse() { eval "arr=( $line )" case "${arr[0]}" in ('u') - group "${arr[1]}" "${arr[2]}" - user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}" - # TODO: user:group support + if [[ "${arr[2]}" == *":"* ]]; then + user "${arr[1]}" "${arr[2]%:*}" "${arr[3]}" "${arr[2]#*:}" "${arr[4]}" "${arr[5]}" + else + group "${arr[1]}" "${arr[2]}" + user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}" + fi ;; ('g') group "${arr[1]}" "${arr[2]}" From d77b035efda1551736f3ae42073f0a031f4a3183 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 27 Nov 2023 14:13:58 +0100 Subject: [PATCH 20/20] Version 251.19 ... (rhbz#2242219) --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 5fd06c2..bc8d675 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-251.14.tar.gz) = 1c33dfef79381ad5b128bb20803f51607881202e46419414833771041f9f5dd113876d3089ada7567420b37e5f605b3803cddca8493bfd029b6dfb344a57d880 +SHA512 (systemd-251.19.tar.gz) = a1bd8f449e2ec92e823eae81a002b2da7e008bdcaeeac2c9c381eee42d58990d277994062541c4ba7721bb581b5f2147c9b9af2af611edc2a0d578dc2d08eb4c diff --git a/systemd.spec b/systemd.spec index dbd1f46..9ce5b87 100644 --- a/systemd.spec +++ b/systemd.spec @@ -28,7 +28,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 251.14 +Version: 251.19 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')