From 18055531ffb046da602bad9cf5a27b7fad78160e Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Fri, 8 Oct 2021 15:50:40 -0700 Subject: [PATCH 01/39] Don't build with -Ddefault-dns-over-tls=opportunistic (#2006393) --- systemd.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 7c8b041..ca01eee 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 249.4 -Release: 1%{?dist} +Release: 2%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -486,7 +486,6 @@ CONFIGURE_OPTS=( -Dversion-tag=v%{version}-%{release} -Dfallback-hostname=%[0%{?fedora}?"fedora":"localhost"] -Ddefault-dnssec=no - -Ddefault-dns-over-tls=opportunistic # https://bugzilla.redhat.com/show_bug.cgi?id=1867830 -Ddefault-mdns=no -Ddefault-llmnr=resolve @@ -1002,6 +1001,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Fri Oct 08 2021 Adam Williamson - 249.4-2 +- Don't build with -Ddefault-dns-over-tls=opportunistic (#2006393) + * Tue Aug 24 2021 Zbigniew Jędrzejewski-Szmek - 249.4-1 - Latest bugfix release: various fixes for systemd-networkd, systemd-resolved, systemd, systemd-boot. From 8aaf0e6971b778f87cf00939b60294c385fd1d43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 15 Sep 2021 16:59:31 +0200 Subject: [PATCH 02/39] Fix build with the latest kernels --- 20695.patch | 24 ++++++++++++++++++++++++ systemd.spec | 1 + 2 files changed, 25 insertions(+) create mode 100644 20695.patch diff --git a/20695.patch b/20695.patch new file mode 100644 index 0000000..f7ac0bd --- /dev/null +++ b/20695.patch @@ -0,0 +1,24 @@ +From 67cd626399b0d02882ee00716c8bd31ba764c862 Mon Sep 17 00:00:00 2001 +From: Chris Packham +Date: Fri, 10 Sep 2021 09:51:36 +1200 +Subject: [PATCH] basic/linux: Sync if_arp.h with Linux 5.14 + +ARPHRD_MCTP was added in 5.14. Sync if_arp.h to pick up the definition + +Fixes #20694 +--- + src/basic/linux/if_arp.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/basic/linux/if_arp.h b/src/basic/linux/if_arp.h +index c3cc5a9e5eaf..4783af9fe520 100644 +--- a/src/basic/linux/if_arp.h ++++ b/src/basic/linux/if_arp.h +@@ -54,6 +54,7 @@ + #define ARPHRD_X25 271 /* CCITT X.25 */ + #define ARPHRD_HWX25 272 /* Boards with X.25 in firmware */ + #define ARPHRD_CAN 280 /* Controller Area Network */ ++#define ARPHRD_MCTP 290 + #define ARPHRD_PPP 512 + #define ARPHRD_CISCO 513 /* Cisco HDLC */ + #define ARPHRD_HDLC ARPHRD_CISCO diff --git a/systemd.spec b/systemd.spec index ca01eee..6d5736f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -97,6 +97,7 @@ Patch0003: 0003-rpm-call-needs-restart-in-parallel.patch Patch0004: 0004-rpm-restart-user-services-at-the-end-of-the-transact.patch Patch0005: 0005-update-helper-also-add-user-reexec-verb.patch +Patch0006: https://github.com/systemd/systemd/pull/20695.patch # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From eca91e245a4ead0db3779d84a22957cdd5a2db36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 29 Sep 2021 17:19:21 +0200 Subject: [PATCH 03/39] Wrap package descriptions at 80 columns --- systemd.spec | 68 +++++++++++++++++++++++++--------------------------- 1 file changed, 33 insertions(+), 35 deletions(-) diff --git a/systemd.spec b/systemd.spec index 6d5736f..a899175 100644 --- a/systemd.spec +++ b/systemd.spec @@ -222,19 +222,17 @@ Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits} Recommends: libqrencode.so.4%{?elf_suffix} %description -systemd is a system and service manager that runs as PID 1 and starts -the rest of the system. It provides aggressive parallelization -capabilities, uses socket and D-Bus activation for starting services, -offers on-demand starting of daemons, keeps track of processes using -Linux control groups, maintains mount and automount points, and -implements an elaborate transactional dependency-based service control -logic. systemd supports SysV and LSB init scripts and works as a +systemd is a system and service manager that runs as PID 1 and starts the rest +of the system. It provides aggressive parallelization capabilities, uses socket +and D-Bus activation for starting services, offers on-demand starting of +daemons, keeps track of processes using Linux control groups, maintains mount +and automount points, and implements an elaborate transactional dependency-based +service control logic. systemd supports SysV and LSB init scripts and works as a replacement for sysvinit. Other parts of this package are a logging daemon, -utilities to control basic system configuration like the hostname, -date, locale, maintain a list of logged-in users, system accounts, -runtime directories and settings, and daemons to manage simple network -configuration, network time synchronization, log forwarding, and name -resolution. +utilities to control basic system configuration like the hostname, date, locale, +maintain a list of logged-in users, system accounts, runtime directories and +settings, and daemons to manage simple network configuration, network time +synchronization, log forwarding, and name resolution. %if 0%{?stable} This package was built from the %{version}-stable branch of systemd. %endif @@ -315,9 +313,9 @@ Provides: u2f-hidraw-policy = 1.0.2-40 Obsoletes: u2f-hidraw-policy < 1.0.2-40 %description udev -This package contains systemd-udev and the rules and hardware database -needed to manage device nodes. This package is necessary on physical -machines and in virtual machines, but not in containers. +This package contains systemd-udev and the rules and hardware database needed to +manage device nodes. This package is necessary on physical machines and in +virtual machines, but not in containers. %package container # Name is the same as in Debian @@ -333,8 +331,8 @@ License: LGPLv2+ %description container Systemd tools to spawn and manage containers and virtual machines. -This package contains systemd-nspawn, machinectl, systemd-machined, -and systemd-importd. +This package contains systemd-nspawn, machinectl, systemd-machined, and +systemd-importd. %package journal-remote # Name is the same as in Debian @@ -351,11 +349,11 @@ Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} Obsoletes: %{name}-journal-gateway < 227-7 %description journal-remote -Programs to forward journal entries over the network, using encrypted HTTP, -and to write journal files from serialized journal contents. +Programs to forward journal entries over the network, using encrypted HTTP, and +to write journal files from serialized journal contents. -This package contains systemd-journal-gatewayd, -systemd-journal-remote, and systemd-journal-upload. +This package contains systemd-journal-gatewayd, systemd-journal-remote, and +systemd-journal-upload. %package networkd Summary: System daemon that manages network configurations @@ -365,9 +363,9 @@ License: LGPLv2+ Obsoletes: systemd < 246.6-2 %description networkd -systemd-networkd is a system service that manages networks. It detects -and configures network devices as they appear, as well as creating virtual -network devices. +systemd-networkd is a system service that manages networks. It detects and +configures network devices as they appear, as well as creating virtual network +devices. %package resolved Summary: Network Name Resolution manager @@ -375,9 +373,9 @@ Requires: %{name}%{?_isa} = %{version}-%{release} Obsoletes: %{name} < 249~~ %description resolved -systemd-resolved is a system service that provides network name resolution -to local applications. It implements a caching and validating DNS/DNSSEC -stub resolver, as well as an LLMNR and MulticastDNS resolver and responder. +systemd-resolved is a system service that provides network name resolution to +local applications. It implements a caching and validating DNS/DNSSEC stub +resolver, as well as an LLMNR and MulticastDNS resolver and responder. %package oomd-defaults Summary: Configuration files for systemd-oomd @@ -395,26 +393,26 @@ Requires: %{name}%{?_isa} = %{version}-%{release} License: LGPLv2+ %description tests -"Installed tests" that are usually run as part of the build system. -They can be useful to test systemd internals. +"Installed tests" that are usually run as part of the build system. They can be +useful to test systemd internals. %package standalone-tmpfiles Summary: Standalone tmpfiles binary for use in non-systemd systems RemovePathPostfixes: .standalone %description standalone-tmpfiles -Standalone tmpfiles binary with no dependencies on the systemd-shared library -or other libraries from systemd-libs. This package conflicts with the main -systemd package and is meant for use in non-systemd systems. +Standalone tmpfiles binary with no dependencies on the systemd-shared library or +other libraries from systemd-libs. This package conflicts with the main systemd +package and is meant for use in non-systemd systems. %package standalone-sysusers Summary: Standalone sysusers binary for use in non-systemd systems RemovePathPostfixes: .standalone %description standalone-sysusers -Standalone sysusers binary with no dependencies on the systemd-shared library -or other libraries from systemd-libs. This package conflicts with the main -systemd package and is meant for use in non-systemd systems. +Standalone sysusers binary with no dependencies on the systemd-shared library or +other libraries from systemd-libs. This package conflicts with the main systemd +package and is meant for use in non-systemd systems. %prep %autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1 From c2e9f7e09f56f1f2536746de5c9284df5e5438e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 12 Oct 2021 18:19:21 +0200 Subject: [PATCH 04/39] Version 249.5 --- 20695.patch | 24 ------------------------ sources | 2 +- systemd.spec | 13 +++++++++---- triggers.systemd | 36 ++++++++++++++++++++---------------- 4 files changed, 30 insertions(+), 45 deletions(-) delete mode 100644 20695.patch diff --git a/20695.patch b/20695.patch deleted file mode 100644 index f7ac0bd..0000000 --- a/20695.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 67cd626399b0d02882ee00716c8bd31ba764c862 Mon Sep 17 00:00:00 2001 -From: Chris Packham -Date: Fri, 10 Sep 2021 09:51:36 +1200 -Subject: [PATCH] basic/linux: Sync if_arp.h with Linux 5.14 - -ARPHRD_MCTP was added in 5.14. Sync if_arp.h to pick up the definition - -Fixes #20694 ---- - src/basic/linux/if_arp.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/basic/linux/if_arp.h b/src/basic/linux/if_arp.h -index c3cc5a9e5eaf..4783af9fe520 100644 ---- a/src/basic/linux/if_arp.h -+++ b/src/basic/linux/if_arp.h -@@ -54,6 +54,7 @@ - #define ARPHRD_X25 271 /* CCITT X.25 */ - #define ARPHRD_HWX25 272 /* Boards with X.25 in firmware */ - #define ARPHRD_CAN 280 /* Controller Area Network */ -+#define ARPHRD_MCTP 290 - #define ARPHRD_PPP 512 - #define ARPHRD_CISCO 513 /* Cisco HDLC */ - #define ARPHRD_HDLC ARPHRD_CISCO diff --git a/sources b/sources index 6d600ac..4273125 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-249.4.tar.gz) = 5b9ec28102538bc3dcb632ee16389ff20dccf4b723186f6ae2da119a1809d84db0d8bcecf9b75c5e2da8427f5543e1da281bbed1a154e529d8a82ea5128c465c +SHA512 (systemd-249.5.tar.gz) = d6f1a5a6f03f0ed05b111aee75da509c5868c523af6209f33e630724dd0c7e0d0abf16920795d587e6c31a5915d247ebc613cf26d4aecf39f82ebb0690fab75f diff --git a/systemd.spec b/systemd.spec index a899175..7207a00 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,8 +30,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 249.4 -Release: 2%{?dist} +Version: 249.5 +Release: 1%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -97,8 +97,6 @@ Patch0003: 0003-rpm-call-needs-restart-in-parallel.patch Patch0004: 0004-rpm-restart-user-services-at-the-end-of-the-transact.patch Patch0005: 0005-update-helper-also-add-user-reexec-verb.patch -Patch0006: https://github.com/systemd/systemd/pull/20695.patch - # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0500: use-bfq-scheduler.patch @@ -1000,6 +998,13 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Tue Oct 12 2021 Zbigniew Jędrzejewski-Szmek - 249.5-1 +- Latest bugfix release (various fixes in systemd-networkd, + --timesyncd, -journald, -udev, homed, -resolved, -repart, -oomd, + --coredump, systemd itself, seccomp filters, TPM2 handling, + -documentation, sd-event, sd-journal, journalctl, and nss-systemd). +- Fixes #1976445. + * Fri Oct 08 2021 Adam Williamson - 249.4-2 - Don't build with -Ddefault-dns-over-tls=opportunistic (#2006393) diff --git a/triggers.systemd b/triggers.systemd index 6c57d71..8827e0f 100644 --- a/triggers.systemd +++ b/triggers.systemd @@ -14,10 +14,10 @@ # upgraded. We care about the case where a package is initially # installed, because other cases are covered by the *un scriptlets, # so sometimes we will reload needlessly. -if test -d "/run/systemd/system"; then - %{_bindir}/systemctl daemon-reload || : - %{_bindir}/systemctl reload-or-restart --marked || : -fi +/usr/lib/systemd/systemd-update-helper system-reload-restart || : + +%transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user +/usr/lib/systemd/systemd-update-helper user-reload-restart || : %transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system # On removal, we need to run daemon-reload after any units have been @@ -25,36 +25,40 @@ fi # On upgrade, we need to run daemon-reload after any new unit files # have been installed, but before %postun scripts in packages get # executed. -if test -d "/run/systemd/system"; then - %{_bindir}/systemctl daemon-reload || : -fi +/usr/lib/systemd/systemd-update-helper system-reload || : + +%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user +# Execute daemon-reload in user managers. +/usr/lib/systemd/systemd-update-helper user-reload || : %transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system -# We restart remaining services that should be restarted here. -if test -d "/run/systemd/system"; then - %{_bindir}/systemctl reload-or-restart --marked || : -fi +# We restart remaining system services that should be restarted here. +/usr/lib/systemd/systemd-update-helper system-restart || : + +%transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user /etc/systemd/user +# We restart remaining user services that should be restarted here. +/usr/lib/systemd/systemd-update-helper user-restart || : %transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d # This script will process files installed in /usr/lib/sysusers.d to create # specified users automatically. The priority is set such that it # will run before the tmpfiles file trigger. if test -d "/run/systemd/system"; then - %{_bindir}/systemd-sysusers || : + systemd-sysusers || : fi %transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d # This script will automatically invoke hwdb update if files have been # installed or updated in /usr/lib/udev/hwdb.d. if test -d "/run/systemd/system"; then - %{_bindir}/systemd-hwdb update || : + systemd-hwdb update || : fi %transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog # This script will automatically invoke journal catalog update if files # have been installed or updated in /usr/lib/systemd/catalog. if test -d "/run/systemd/system"; then - %{_bindir}/journalctl --update-catalog || : + journalctl --update-catalog || : fi %transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d @@ -71,14 +75,14 @@ fi # tmpfiles automatically. The priority is set such that it will run # after the sysusers file trigger, but before any other triggers. if test -d "/run/systemd/system"; then - %{_bindir}/systemd-tmpfiles --create || : + systemd-tmpfiles --create || : fi %transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d # This script will automatically update udev with new rules if files # have been installed or updated in /usr/lib/udev/rules.d. if test -e /run/udev/control; then - %{_bindir}/udevadm control --reload || : + udevadm control --reload || : fi %transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d From c0981501efe59db86aed60894d2bb5075b49d3aa Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Fri, 29 Oct 2021 14:25:29 -0700 Subject: [PATCH 05/39] Version 249.6 --- ...y-the-full-path-for-systemctl-and-ot.patch | 9 ++---- ...-script-to-actually-invoke-systemctl.patch | 11 ++----- 0003-rpm-call-needs-restart-in-parallel.patch | 9 ++---- ...-services-at-the-end-of-the-transact.patch | 13 +++----- ...ate-helper-also-add-user-reexec-verb.patch | 9 ++---- ...per-add-missing-loop-over-user-units.patch | 30 +++++++++++++++++++ sources | 2 +- systemd.spec | 14 +++++++-- 8 files changed, 56 insertions(+), 41 deletions(-) create mode 100644 0006-update-helper-add-missing-loop-over-user-units.patch diff --git a/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch b/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch index f7b3a61..00a012c 100644 --- a/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch +++ b/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch @@ -1,7 +1,7 @@ -From d4bd8777a483ea834e687c1ee35dee32efe6e49f Mon Sep 17 00:00:00 2001 +From 7d9ee15d0fc2af87481ee371b278dbe7e68165ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 7 Jul 2021 14:02:36 +0200 -Subject: [PATCH 1/5] rpm: don't specify the full path for systemctl and other +Subject: [PATCH] rpm: don't specify the full path for systemctl and other commands We can make things a bit simpler and more readable by not specifying the path. @@ -10,8 +10,6 @@ recursively by anythign we invoke), this didn't really privide any security or robustness benefits. I guess that full paths were used because this style of rpm packagnig was popular in the past, with macros used for everything possible, with special macros for common commands like %{__ln} and %{__mkdir}. - -(cherry picked from commit 7d9ee15d0fc2af87481ee371b278dbe7e68165ef) --- src/rpm/macros.systemd.in | 24 ++++++++++++------------ src/rpm/triggers.systemd.in | 18 +++++++++--------- @@ -252,6 +250,3 @@ index 22abad9812..1631be18c9 100644 fi %transfiletriggerin -P 1000500 -- {{SYSCTL_DIR}} --- -2.31.1 - diff --git a/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch b/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch index 32047c5..212a58d 100644 --- a/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch +++ b/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch @@ -1,7 +1,7 @@ -From 09e8c6aa71ee4b5ff3ee85fc4855e2c1a246a079 Mon Sep 17 00:00:00 2001 +From 6d825ab2d42d3219e49a192bf99f9c09134a0df4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 22 Jul 2021 11:22:33 +0200 -Subject: [PATCH 2/5] rpm: use a helper script to actually invoke systemctl +Subject: [PATCH] rpm: use a helper script to actually invoke systemctl commands MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -27,8 +27,6 @@ implementation in bash to do the more complex stuff. The meson version is raised to 0.47 because that's needed for install_mode. We were planning to raise the required version anyway… - -(cherry picked from commit 6d825ab2d42d3219e49a192bf99f9c09134a0df4) --- README | 2 +- meson.build | 3 +- @@ -54,7 +52,7 @@ index 0e5c326deb..a8f23a0d5b 100644 gcc, awk, sed, grep, and similar tools clang >= 10.0, llvm >= 10.0 (optional, required to build BPF programs diff --git a/meson.build b/meson.build -index 738879eb21..fb986e84f7 100644 +index a2ee15bf32..c6b3e72d23 100644 --- a/meson.build +++ b/meson.build @@ -10,7 +10,7 @@ project('systemd', 'c', @@ -332,6 +330,3 @@ index 1631be18c9..83cd7617f8 100644 %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} # This script will process files installed in {{SYSUSERS_DIR}} to create --- -2.31.1 - diff --git a/0003-rpm-call-needs-restart-in-parallel.patch b/0003-rpm-call-needs-restart-in-parallel.patch index 4637f3e..b1efa37 100644 --- a/0003-rpm-call-needs-restart-in-parallel.patch +++ b/0003-rpm-call-needs-restart-in-parallel.patch @@ -1,7 +1,7 @@ -From 0a2e691b6b1fdceb4b7504870c4b792a66b5080f Mon Sep 17 00:00:00 2001 +From 3598aff4d963b2e51ac74d206161da47bfde785c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 22 Jul 2021 11:28:36 +0200 -Subject: [PATCH 3/5] rpm: call +needs-restart in parallel +Subject: [PATCH] rpm: call +needs-restart in parallel MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -9,8 +9,6 @@ Content-Transfer-Encoding: 8bit Some rpms install a bunch of units… It seems nicer to invoke them all in parallel. In particular, timeouts in systemctl also run in parallel, so if there's some communication mishap, we will wait less. - -(cherry picked from commit 3598aff4d963b2e51ac74d206161da47bfde785c) --- src/rpm/systemd-update-helper.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) @@ -30,6 +28,3 @@ index 9fa49fa131..f3c75b75fa 100755 ;; system-reload-restart|system-reload|system-restart) --- -2.31.1 - diff --git a/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch b/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch index eac9b89..94eca7b 100644 --- a/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch +++ b/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch @@ -1,7 +1,7 @@ -From a63d5d320f81c1cbae07897a401ed5cc5374e0bf Mon Sep 17 00:00:00 2001 +From 36d55958ccc75fa3c91bdd7354d74c910f2f6cc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 7 Jul 2021 14:37:57 +0200 -Subject: [PATCH 4/5] rpm: restart user services at the end of the transaction +Subject: [PATCH] rpm: restart user services at the end of the transaction This closes an important gap: so far we would reexecute the system manager and restart system services that were configured to do so, but we wouldn't do the @@ -41,8 +41,6 @@ service manually. A follow-up for https://bugzilla.redhat.com/show_bug.cgi?id=1792468 and fa97d2fcf64e0558054bee673f734f523373b146. - -(cherry picked from commit 36d55958ccc75fa3c91bdd7354d74c910f2f6cc7) --- meson.build | 1 + meson_options.txt | 2 ++ @@ -53,7 +51,7 @@ fa97d2fcf64e0558054bee673f734f523373b146. 6 files changed, 94 insertions(+), 3 deletions(-) diff --git a/meson.build b/meson.build -index fb986e84f7..d898d9ccd0 100644 +index c6b3e72d23..cafce977c2 100644 --- a/meson.build +++ b/meson.build @@ -270,6 +270,7 @@ conf.set_quoted('TMPFILES_DIR', tmpfilesdir) @@ -65,7 +63,7 @@ index fb986e84f7..d898d9ccd0 100644 conf.set_quoted('USER_DATA_UNIT_DIR', userunitdir) conf.set_quoted('USER_ENV_GENERATOR_DIR', userenvgeneratordir) diff --git a/meson_options.txt b/meson_options.txt -index 163c8df87d..9383c7da6a 100644 +index b60261ac24..50f2b7b5e9 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -182,6 +182,8 @@ option('xinitrcdir', type : 'string', value : '', @@ -254,6 +252,3 @@ index 83cd7617f8..694cd94e8d 100644 %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} # This script will process files installed in {{SYSUSERS_DIR}} to create # specified users automatically. The priority is set such that it --- -2.31.1 - diff --git a/0005-update-helper-also-add-user-reexec-verb.patch b/0005-update-helper-also-add-user-reexec-verb.patch index 7c4f7ba..f5f407e 100644 --- a/0005-update-helper-also-add-user-reexec-verb.patch +++ b/0005-update-helper-also-add-user-reexec-verb.patch @@ -1,15 +1,13 @@ -From 37cd6c0fad847e5fffd9d107358a36e767c7ca42 Mon Sep 17 00:00:00 2001 +From 1262e824a4d638e347ae0d39c973f1f750962533 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 23 Jul 2021 15:35:23 +0200 -Subject: [PATCH 5/5] update-helper: also add "user-reexec" verb +Subject: [PATCH] update-helper: also add "user-reexec" verb This is not called from the systemd.triggers or systemd.macros files. Instead, it would be called from the scriptlets in systemd rpm package itself, at the place where we call systemctl daemon-reexec. See https://github.com/systemd/systemd/pull/20289#issuecomment-885622200 . - -(cherry picked from commit 1262e824a4d638e347ae0d39c973f1f750962533) --- src/rpm/systemd-update-helper.in | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) @@ -42,6 +40,3 @@ index f3466ab3c0..0c6675a9db 100755 if [[ "$command" =~ reload ]]; then for user in $users; do SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ --- -2.31.1 - diff --git a/0006-update-helper-add-missing-loop-over-user-units.patch b/0006-update-helper-add-missing-loop-over-user-units.patch new file mode 100644 index 0000000..308c4c2 --- /dev/null +++ b/0006-update-helper-add-missing-loop-over-user-units.patch @@ -0,0 +1,30 @@ +From a4eba5d8cfaabbd87687c651fcdd06df9e267931 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 4 Nov 2021 09:49:18 +0100 +Subject: [PATCH] update-helper: add missing loop over user units + +Noticed by Luca. + +shellcheck doens't catch this, and somehow it was missed in review +and testing ;( +--- + src/rpm/systemd-update-helper.in | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in +index fa35e7ba90..7e007d4806 100755 +--- a/src/rpm/systemd-update-helper.in ++++ b/src/rpm/systemd-update-helper.in +@@ -52,8 +52,10 @@ case "$command" in + + users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') + for user in $users; do +- SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ +- systemctl --user -M "$user@" set-property "$unit" Markers=+needs-restart & ++ for unit in "$@"; do ++ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ ++ systemctl --user -M "$user@" set-property "$unit" Markers=+needs-restart & ++ done + done + wait + ;; diff --git a/sources b/sources index 4273125..27a9dc4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-249.5.tar.gz) = d6f1a5a6f03f0ed05b111aee75da509c5868c523af6209f33e630724dd0c7e0d0abf16920795d587e6c31a5915d247ebc613cf26d4aecf39f82ebb0690fab75f +SHA512 (systemd-249.6.tar.gz) = 7149cb807cac05a590545a9155ecacdf230f09cac70585fa8e7ddd1f03e86205cb1c91b51885b65d2f2cf921e6fdad5ca182047d290f31631c8eb362fe87e4a5 diff --git a/systemd.spec b/systemd.spec index 7207a00..a94eb50 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,8 +30,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 249.5 -Release: 1%{?dist} +Version: 249.6 +Release: 2%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -96,6 +96,7 @@ Patch0002: 0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch Patch0003: 0003-rpm-call-needs-restart-in-parallel.patch Patch0004: 0004-rpm-restart-user-services-at-the-end-of-the-transact.patch Patch0005: 0005-update-helper-also-add-user-reexec-verb.patch +Patch0006: 0006-update-helper-add-missing-loop-over-user-units.patch # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -998,6 +999,15 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Thu Nov 4 2021 Zbigniew Jędrzejewski-Szmek - 249.6-2 +- Latest bugfix release (networkd, coredumpctl, varlink, udev, + systemctl, systemd itself, better detection of Hyper-V and + Virtualbox virtualization, documentation updates) +- Fix helper to restart user units + +* Fri Oct 29 2021 Adam Williamson - 249.5-2 +- Backport PR #133 to fix boot + * Tue Oct 12 2021 Zbigniew Jędrzejewski-Szmek - 249.5-1 - Latest bugfix release (various fixes in systemd-networkd, --timesyncd, -journald, -udev, homed, -resolved, -repart, -oomd, From 5326f0bf63e944024d6aafa1debf857ac3656078 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 8 Nov 2021 10:27:00 +0100 Subject: [PATCH 06/39] Fix helper to restart user units with older systemd --- 2da7d0bc92.patch | 67 ++++++++++++++++++++++++++++++++++++++++++++++++ systemd.spec | 7 ++++- 2 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 2da7d0bc92.patch diff --git a/2da7d0bc92.patch b/2da7d0bc92.patch new file mode 100644 index 0000000..ad81b34 --- /dev/null +++ b/2da7d0bc92.patch @@ -0,0 +1,67 @@ +From 2da7d0bc92e2423a5c7225c5d24b99d5d52a0bc6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 7 Jul 2021 18:02:50 +0200 +Subject: [PATCH] sd-bus: allow numerical uids in -M user@.host + +UIDs don't work well over ssh, but locally or with containers they are OK. +In particular, user@.service uses UIDs as identifiers, and it's nice to be +able to copy&paste that UID for interaction with the user's managers. +--- + src/libsystemd/sd-bus/sd-bus.c | 27 ++++++++++++++++++--------- + 1 file changed, 18 insertions(+), 9 deletions(-) + +diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +index a32e2f5e2085..6960161c3658 100644 +--- a/src/libsystemd/sd-bus/sd-bus.c ++++ b/src/libsystemd/sd-bus/sd-bus.c +@@ -39,6 +39,7 @@ + #include "parse-util.h" + #include "path-util.h" + #include "process-util.h" ++#include "stdio-util.h" + #include "string-util.h" + #include "strv.h" + #include "user-util.h" +@@ -1617,7 +1618,7 @@ static int user_and_machine_valid(const char *user_and_machine) { + if (!user) + return -ENOMEM; + +- if (!isempty(user) && !valid_user_group_name(user, VALID_USER_RELAX)) ++ if (!isempty(user) && !valid_user_group_name(user, VALID_USER_RELAX | VALID_USER_ALLOW_NUMERIC)) + return false; + + h++; +@@ -1648,17 +1649,25 @@ static int user_and_machine_equivalent(const char *user_and_machine) { + + /* Otherwise, if we are root, then we can also allow the ".host" syntax, as that's the user this + * would connect to. */ +- if (geteuid() == 0 && STR_IN_SET(user_and_machine, ".host", "root@.host")) ++ uid_t uid = geteuid(); ++ ++ if (uid == 0 && STR_IN_SET(user_and_machine, ".host", "root@.host", "0@.host")) + return true; + +- /* Otherwise, we have to figure our user name, and compare things with that. */ +- un = getusername_malloc(); +- if (!un) +- return -ENOMEM; ++ /* Otherwise, we have to figure out our user id and name, and compare things with that. */ ++ char buf[DECIMAL_STR_MAX(uid_t)]; ++ xsprintf(buf, UID_FMT, uid); ++ ++ f = startswith(user_and_machine, buf); ++ if (!f) { ++ un = getusername_malloc(); ++ if (!un) ++ return -ENOMEM; + +- f = startswith(user_and_machine, un); +- if (!f) +- return false; ++ f = startswith(user_and_machine, un); ++ if (!f) ++ return false; ++ } + + return STR_IN_SET(f, "@", "@.host"); + } diff --git a/systemd.spec b/systemd.spec index a94eb50..592b26f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 249.6 -Release: 2%{?dist} +Release: 3%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -98,6 +98,8 @@ Patch0004: 0004-rpm-restart-user-services-at-the-end-of-the-transact.patch Patch0005: 0005-update-helper-also-add-user-reexec-verb.patch Patch0006: 0006-update-helper-add-missing-loop-over-user-units.patch +Patch0007: https://github.com/systemd/systemd/commit/2da7d0bc92.patch + # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0500: use-bfq-scheduler.patch @@ -999,6 +1001,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Mon Nov 8 2021 Zbigniew Jędrzejewski-Szmek - 249.6-3 +- Fix helper to restart user units with older systemd (#2020415) + * Thu Nov 4 2021 Zbigniew Jędrzejewski-Szmek - 249.6-2 - Latest bugfix release (networkd, coredumpctl, varlink, udev, systemctl, systemd itself, better detection of Hyper-V and From 5421902031ef8ffab148dc95b297647a05a09a58 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 11 Nov 2021 15:15:36 -0800 Subject: [PATCH 07/39] Fix scope activation from a user instance Signed-off-by: Kir Kolyshkin --- d35551d8c6.patch | 43 +++++++++++++++++++++++++++++++++++++++++++ systemd.spec | 6 +++++- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 d35551d8c6.patch diff --git a/d35551d8c6.patch b/d35551d8c6.patch new file mode 100644 index 0000000..8ff775b --- /dev/null +++ b/d35551d8c6.patch @@ -0,0 +1,43 @@ +From d35551d8c6a9c46442500992abfb67774f9fa8d8 Mon Sep 17 00:00:00 2001 +From: Jonas Witschel +Date: Wed, 10 Nov 2021 22:46:35 +0100 +Subject: [PATCH] scope: count successful cgroup additions when delegating via + D-Bus + +Since commit 8d3e4ac7cd37200d1431411a4b98925a24b7d9b3 ("scope: refuse +activation of scopes if no PIDs to add are left") all "systemd-run --scope +--user" calls fail because cgroup attachments delegated to the system instance +are not counted towards successful additions. Fix this by incrementing the +return value in case unit_attach_pid_to_cgroup_via_bus() succeeds, similar to +what happens when cg_attach() succeeds directly. + +Note that this can *not* distinguish the case when +unit_attach_pid_to_cgroup_via_bus() has been run successfully, but all +processes to attach are gone in the meantime, unlike the checks that commit +8d3e4ac7cd37200d1431411a4b98925a24b7d9b3 adds for the system instance. This is +because even though unit_attach_pid_to_cgroup_via_bus() leads to an internal +unit_attach_pids_to_cgroup() call, the return value over D-Bus does not include +the number of successfully attached processes and is always NULL on success. + +Fixes: #21297 +--- + src/core/cgroup.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index abc30e3990c4..c942db8d05eb 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -2283,8 +2283,11 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { + z = unit_attach_pid_to_cgroup_via_bus(u, pid, suffix_path); + if (z < 0) + log_unit_info_errno(u, z, "Couldn't move process "PID_FMT" to requested cgroup '%s' (directly or via the system bus): %m", pid, empty_to_root(p)); +- else ++ else { ++ if (ret >= 0) ++ ret++; /* Count successful additions */ + continue; /* When the bus thing worked via the bus we are fully done for this PID. */ ++ } + } + + if (ret >= 0) diff --git a/systemd.spec b/systemd.spec index 592b26f..71467bf 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 249.6 -Release: 3%{?dist} +Release: 4%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -99,6 +99,7 @@ Patch0005: 0005-update-helper-also-add-user-reexec-verb.patch Patch0006: 0006-update-helper-add-missing-loop-over-user-units.patch Patch0007: https://github.com/systemd/systemd/commit/2da7d0bc92.patch +Patch0008: https://github.com/systemd/systemd/commit/d35551d8c6.patch # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -1001,6 +1002,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Wed Nov 10 2021 Kir Kolyshkin - 249.6-4 +- Fix scope activation from a user instance + * Mon Nov 8 2021 Zbigniew Jędrzejewski-Szmek - 249.6-3 - Fix helper to restart user units with older systemd (#2020415) From db2f82fa35ef2946197a056b36555e59d82601f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 14 Nov 2021 11:38:53 +0100 Subject: [PATCH 08/39] Version 249.7 --- d35551d8c6.patch | 43 ------------------------------------------- sources | 2 +- systemd.spec | 18 +++++++++++------- 3 files changed, 12 insertions(+), 51 deletions(-) delete mode 100644 d35551d8c6.patch diff --git a/d35551d8c6.patch b/d35551d8c6.patch deleted file mode 100644 index 8ff775b..0000000 --- a/d35551d8c6.patch +++ /dev/null @@ -1,43 +0,0 @@ -From d35551d8c6a9c46442500992abfb67774f9fa8d8 Mon Sep 17 00:00:00 2001 -From: Jonas Witschel -Date: Wed, 10 Nov 2021 22:46:35 +0100 -Subject: [PATCH] scope: count successful cgroup additions when delegating via - D-Bus - -Since commit 8d3e4ac7cd37200d1431411a4b98925a24b7d9b3 ("scope: refuse -activation of scopes if no PIDs to add are left") all "systemd-run --scope ---user" calls fail because cgroup attachments delegated to the system instance -are not counted towards successful additions. Fix this by incrementing the -return value in case unit_attach_pid_to_cgroup_via_bus() succeeds, similar to -what happens when cg_attach() succeeds directly. - -Note that this can *not* distinguish the case when -unit_attach_pid_to_cgroup_via_bus() has been run successfully, but all -processes to attach are gone in the meantime, unlike the checks that commit -8d3e4ac7cd37200d1431411a4b98925a24b7d9b3 adds for the system instance. This is -because even though unit_attach_pid_to_cgroup_via_bus() leads to an internal -unit_attach_pids_to_cgroup() call, the return value over D-Bus does not include -the number of successfully attached processes and is always NULL on success. - -Fixes: #21297 ---- - src/core/cgroup.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index abc30e3990c4..c942db8d05eb 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -2283,8 +2283,11 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { - z = unit_attach_pid_to_cgroup_via_bus(u, pid, suffix_path); - if (z < 0) - log_unit_info_errno(u, z, "Couldn't move process "PID_FMT" to requested cgroup '%s' (directly or via the system bus): %m", pid, empty_to_root(p)); -- else -+ else { -+ if (ret >= 0) -+ ret++; /* Count successful additions */ - continue; /* When the bus thing worked via the bus we are fully done for this PID. */ -+ } - } - - if (ret >= 0) diff --git a/sources b/sources index 27a9dc4..5142edc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-249.6.tar.gz) = 7149cb807cac05a590545a9155ecacdf230f09cac70585fa8e7ddd1f03e86205cb1c91b51885b65d2f2cf921e6fdad5ca182047d290f31631c8eb362fe87e4a5 +SHA512 (systemd-249.7.tar.gz) = 65848a1141f66f11610ab28f70ef2fa4539e2fc31b9f6c9d9a18d9d68be877ad02b5699d05d98b209eac4e28ba5141f83366c2b70f485f3f406d7bc14eb21365 diff --git a/systemd.spec b/systemd.spec index 71467bf..753cb8a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,8 +30,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 249.6 -Release: 4%{?dist} +Version: 249.7 +Release: 1%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -99,7 +99,6 @@ Patch0005: 0005-update-helper-also-add-user-reexec-verb.patch Patch0006: 0006-update-helper-add-missing-loop-over-user-units.patch Patch0007: https://github.com/systemd/systemd/commit/2da7d0bc92.patch -Patch0008: https://github.com/systemd/systemd/commit/d35551d8c6.patch # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -1002,8 +1001,13 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog -* Wed Nov 10 2021 Kir Kolyshkin - 249.6-4 -- Fix scope activation from a user instance +* Sun Nov 14 2021 Zbigniew Jędrzejewski-Szmek - 249.7-1 +- Latest bugfix release (better erofs detection, sd-event memory + corruption bugfix, logind, documentation) +- Really fix helper to restart user units with older systemd (#2020415) + +* Wed Nov 10 2021 Kir Kolyshkin - 249.7-1 +- Fix scope activation from a user instance (#2022041) * Mon Nov 8 2021 Zbigniew Jędrzejewski-Szmek - 249.6-3 - Fix helper to restart user units with older systemd (#2020415) @@ -1019,8 +1023,8 @@ fi * Tue Oct 12 2021 Zbigniew Jędrzejewski-Szmek - 249.5-1 - Latest bugfix release (various fixes in systemd-networkd, - --timesyncd, -journald, -udev, homed, -resolved, -repart, -oomd, - --coredump, systemd itself, seccomp filters, TPM2 handling, + -timesyncd, -journald, -udev, homed, -resolved, -repart, -oomd, + -coredump, systemd itself, seccomp filters, TPM2 handling, -documentation, sd-event, sd-journal, journalctl, and nss-systemd). - Fixes #1976445. From 642c902b6e3b1ae319f6ba09e1cd799ddaefca2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 15 Nov 2021 13:47:07 +0100 Subject: [PATCH 09/39] Supress errors on selinux systems See https://bugzilla.redhat.com/show_bug.cgi?id=2023332. https://bugzilla.redhat.com/show_bug.cgi?id=2023332 is also related. --- triggers.systemd | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/triggers.systemd b/triggers.systemd index 8827e0f..5929035 100644 --- a/triggers.systemd +++ b/triggers.systemd @@ -17,7 +17,11 @@ /usr/lib/systemd/systemd-update-helper system-reload-restart || : %transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user -/usr/lib/systemd/systemd-update-helper user-reload-restart || : +if selinuxenabled &>/dev/null; then + /usr/lib/systemd/systemd-update-helper user-reload-restart 2>/dev/null || : +else + /usr/lib/systemd/systemd-update-helper user-reload-restart || : +fi %transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system # On removal, we need to run daemon-reload after any units have been @@ -29,7 +33,11 @@ %transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user # Execute daemon-reload in user managers. -/usr/lib/systemd/systemd-update-helper user-reload || : +if selinuxenabled &>/dev/null; then + /usr/lib/systemd/systemd-update-helper user-reload 2>/dev/null || : +else + /usr/lib/systemd/systemd-update-helper user-reload || : +fi %transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system # We restart remaining system services that should be restarted here. @@ -37,7 +45,11 @@ %transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user /etc/systemd/user # We restart remaining user services that should be restarted here. -/usr/lib/systemd/systemd-update-helper user-restart || : +if selinuxenabled &>/dev/null; then + /usr/lib/systemd/systemd-update-helper user-restart 2>/dev/null || : +else + /usr/lib/systemd/systemd-update-helper user-restart || : +fi %transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d # This script will process files installed in /usr/lib/sysusers.d to create From 6e22462286d4b965a76eaa726003c089fa9e1b7e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 15 Nov 2021 14:09:32 +0100 Subject: [PATCH 10/39] Bump release Oh, no autorelease here! --- systemd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 753cb8a..29e46dd 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 249.7 -Release: 1%{?dist} +Release: 2%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -1001,6 +1001,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Mon Nov 15 2021 Zbigniew Jędrzejewski-Szmek - 249.7-2 +- Supress errors from update-helper when selinux is enabled (see #2023332) + * Sun Nov 14 2021 Zbigniew Jędrzejewski-Szmek - 249.7-1 - Latest bugfix release (better erofs detection, sd-event memory corruption bugfix, logind, documentation) From 8117c94f49e01aede06986f36a7d0986328fd469 Mon Sep 17 00:00:00 2001 From: Luca BRUNO Date: Tue, 16 Nov 2021 16:36:58 +0000 Subject: [PATCH 11/39] sysusers/provides: parse and output static IDs This adds support for parsing static UIDs and GIDs from sysusers.d fragments, and automatically forwarding them to the generated 'Provides' entries. It will allow inspecting users/groups with static IDs directly from package metadata: ``` $ rpm --query --provides --package gdm-41.0-3.fc36.x86_64.rpm [...] group(gdm) = 42 user(gdm) = 42 ``` --- sysusers.prov | 41 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/sysusers.prov b/sysusers.prov index a6eda5d..f12e929 100755 --- a/sysusers.prov +++ b/sysusers.prov @@ -1,5 +1,40 @@ #!/bin/bash +process_u() { + if [ ! -z "${2##*[!0-9]*}" ]; then + # Single shared static ID. + echo "user($1) = $2" + echo "group($1) = $2" + elif [[ $2 == *:* ]]; then + # UID:. + uid=$(echo $2 | cut -d':' -f1 -) + group=$(echo $2 | cut -d':' -f2 -) + if [ ! -z "${group##*[!0-9]*}" ]; then + # UID:GID. + echo "user($1) = ${uid}" + echo "group($1) = ${group}" + else + # UID:. + echo "user($1) = ${uid}" + echo "group(${group})" + fi + else + # Dynamic (or something else uninteresting). + echo "user($1)" + echo "group($1)" + fi +} + +process_g() { + if [ ! -z "${2##*[!0-9]*}" ]; then + # Static GID. + echo "group($1) = $2" + else + # Dynamic (or something else uninteresting). + echo "group($1)" + fi +} + parse() { while read line; do [ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue @@ -8,12 +43,10 @@ parse() { set -- $line case "$1" in ('u') - echo "user($2)" - echo "group($2)" - # TODO: user:group support + process_u "$2" "$3" ;; ('g') - echo "group($2)" + process_g "$2" "$3" ;; ('m') echo "user($2)" From 548de6590497fca115c61e2b532e9e68797ae49e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 24 Nov 2021 10:00:32 +0100 Subject: [PATCH 12/39] %ghost /var/lib/{machines,portables} (cherry picked from commit d1ad6b189de8e5022b86dfe9239ffbe0edc1cd9e) --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 29e46dd..4b3afd5 100644 --- a/systemd.spec +++ b/systemd.spec @@ -971,6 +971,7 @@ fi %ghost %dir %attr(0755,-,-) /etc/systemd/system/sysinit.target.wants %ghost %dir %attr(0755,-,-) /etc/systemd/system/system-update.target.wants %ghost %dir %attr(0755,-,-) /etc/systemd/system/timers.target.wants +%ghost %dir %attr(0700,-,-) /var/lib/portables %ghost %dir %attr(0755,-,-) /var/lib/rpm-state/systemd %files libs -f .file-list-libs @@ -987,6 +988,7 @@ fi %files udev -f .file-list-udev %files container -f .file-list-container +%ghost %dir %attr(0700,-,-) /var/lib/machines %files journal-remote -f .file-list-remote From 07eb64ce341190af38e03ef5f500e5f7310617ed Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Thu, 2 Dec 2021 16:28:17 +0000 Subject: [PATCH 13/39] Fix video link (cherry picked from commit 6ffa8d89d649d84e459601be59c0d3f22dd55f06) --- README.build-in-place | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.build-in-place b/README.build-in-place index 8b66077..9d68330 100644 --- a/README.build-in-place +++ b/README.build-in-place @@ -1,7 +1,7 @@ == Building systemd rpms for local development using rpmbuild --build-in-place == This approach is based on https://github.com/filbranden/git-rpmbuild -and filbranden's talk during ASG2019 [https://cfp.all-systems-go.io/ASG2019/talk/JM7GDN/]. +and filbranden's talk during ASG2019 [https://www.youtube.com/watch?v=fVM1kJrymRM]. ``` git clone https://github.com/systemd/systemd From 0892c0e617ef6a95c1860e1f07b77514065116f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 3 Dec 2021 15:48:12 +0100 Subject: [PATCH 14/39] Drop comments about already-merged pull request (cherry picked from commit e19aaa4604bff06ca6ab037032b574d338217a88) --- systemd.spec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index 4b3afd5..7495b00 100644 --- a/systemd.spec +++ b/systemd.spec @@ -495,12 +495,12 @@ CONFIGURE_OPTS=( -Dcdrom-gid=11 -Ddialout-gid=18 -Ddisk-gid=6 - -Dinput-gid=104 # https://pagure.io/setup/pull-request/27 + -Dinput-gid=104 -Dkmem-gid=9 -Dkvm-gid=36 -Dlp-gid=7 - -Drender-gid=105 # https://pagure.io/setup/pull-request/27 - -Dsgx-gid=106 # https://pagure.io/setup/pull-request/27 + -Drender-gid=105 + -Dsgx-gid=106 -Dtape-gid=33 -Dtty-gid=5 -Dusers-gid=100 From df4de9640eb4dfddbd24345406fd074ccfa2c0da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Sat, 6 Nov 2021 19:20:44 +0100 Subject: [PATCH 15/39] Switch to NM resolver on systemd-resolved uninstall MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If /etc/resolv.conf pointed to systemd-resolved stub configuration, it is obvious it would stop working. Compensate it by deleting the link, it would be created again on installation. Try to pass ownership to NM, which also provides similar file. Keep it missing otherwise, might be created by unknown tool on reboot. Signed-off-by: Petr Menšík (cherry picked from commit 27cc5e08c2c1880dba66ce46cabebfd17cac8fde) --- systemd.spec | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/systemd.spec b/systemd.spec index 7495b00..7dd55e1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -918,6 +918,14 @@ if [ $1 -eq 0 ] ; then systemctl disable --quiet \ systemd-resolved.service \ >/dev/null || : + if [ -L %{_sysconfdir}/resolv.conf ] && \ + realpath %{_sysconfdir}/resolv.conf | grep ^/run/systemd/resolve/; then + rm -f %{_sysconfdir}/resolv.conf # no longer useful + # if network manager is enabled, move to it instead + [ -f /run/NetworkManager/resolv.conf ] && \ + systemctl -q is-enabled NetworkManager.service &>/dev/null && \ + ln -fsv ../run/NetworkManager/resolv.conf %{_sysconfdir}/resolv.conf + fi fi %post resolved From ea7cbea4df5ded9d7d4e32f1715edb7dd2771240 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 18 Dec 2021 16:50:52 +0100 Subject: [PATCH 16/39] Create /etc/resolv.conf symlink if nothing is present yet (cherry picked from commit 7f4e198603a65580e47a7e187bea5dcfb29a73e5) --- systemd.spec | 39 ++++++++++++++++++++++++++------------- 1 file changed, 26 insertions(+), 13 deletions(-) diff --git a/systemd.spec b/systemd.spec index 7dd55e1..f4495c1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -370,6 +370,8 @@ devices. %package resolved Summary: Network Name Resolution manager +Requires(post): %{name} +Requires(post): grep Requires: %{name}%{?_isa} = %{version}-%{release} Obsoletes: %{name} < 249~~ @@ -918,13 +920,13 @@ if [ $1 -eq 0 ] ; then systemctl disable --quiet \ systemd-resolved.service \ >/dev/null || : - if [ -L %{_sysconfdir}/resolv.conf ] && \ - realpath %{_sysconfdir}/resolv.conf | grep ^/run/systemd/resolve/; then - rm -f %{_sysconfdir}/resolv.conf # no longer useful + if [ -L /etc/resolv.conf ] && \ + realpath /etc/resolv.conf | grep ^/run/systemd/resolve/; then + rm -f /etc/resolv.conf # no longer useful # if network manager is enabled, move to it instead [ -f /run/NetworkManager/resolv.conf ] && \ systemctl -q is-enabled NetworkManager.service &>/dev/null && \ - ln -fsv ../run/NetworkManager/resolv.conf %{_sysconfdir}/resolv.conf + ln -fsv ../run/NetworkManager/resolv.conf /etc/resolv.conf fi fi @@ -945,17 +947,25 @@ fi # does not do this, because it's marked with ! and we don't specify --boot.) # https://bugzilla.redhat.com/show_bug.cgi?id=1873856 # -# If systemd is not running, don't overwrite the symlink because that -# will immediately break DNS resolution, since systemd-resolved is -# also not running (https://bugzilla.redhat.com/show_bug.cgi?id=1891847). +# *Create* the symlink if nothing is present yet. +# (https://bugzilla.redhat.com/show_bug.cgi?id=2032085) +# +# *Override* the symlink if systemd is running. Don't do it if systemd +# is not running, because that will immediately break DNS resolution, +# since systemd-resolved is also not running +# (https://bugzilla.redhat.com/show_bug.cgi?id=1891847). # # Also don't create the symlink to the stub when the stub is disabled (#1891847 again). -if test -d /run/systemd/system/ && - systemctl -q is-enabled systemd-resolved.service &>/dev/null && - ! mountpoint /etc/resolv.conf &>/dev/null && - ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null | \ - grep -qE '^DNSStubListener\s*=\s*([nN][oO]?|[fF]|[fF][aA][lL][sS][eE]|0|[oO][fF][fF])$'; then - ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf +if systemctl -q is-enabled systemd-resolved.service &>/dev/null && + ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null | + grep -iqE '^DNSStubListener\s*=\s*(no?|false|0|off)\s*$'; then + + if ! test -e /etc/resolv.conf; then + ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf + elif test -d /run/systemd/system/ && + ! mountpoint /etc/resolv.conf &>/dev/null; then + ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf + fi fi %global _docdir_fmt %{name} @@ -1011,6 +1021,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Tue Jan 11 2022 Zbigniew Jędrzejewski-Szmek - 249.7-2 +- Create /etc/resolv.conf symlink if nothing is present yet (#2032085) + * Mon Nov 15 2021 Zbigniew Jędrzejewski-Szmek - 249.7-2 - Supress errors from update-helper when selinux is enabled (see #2023332) From 52e7bf289211b424c39528d526ab4168e24f0ca8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 9 Dec 2021 23:10:44 +0100 Subject: [PATCH 17/39] Add Recommends for dlopened libs and move files into subpackages (cherry picked from commit b24b99d669ecd2465f291139fbc85b7da26c1249) --- split-files.py | 29 +++++++++++++++++++++-------- systemd.spec | 23 +++++++++++++++++++++++ 2 files changed, 44 insertions(+), 8 deletions(-) diff --git a/split-files.py b/split-files.py index f883f73..3ada1ed 100644 --- a/split-files.py +++ b/split-files.py @@ -85,6 +85,7 @@ for file in files(buildroot): o = o_networkd elif '.so.' in n: o = o_libs + elif re.search(r'''udev(?!\.pc)| hwdb| bootctl| @@ -98,6 +99,7 @@ for file in files(buildroot): random-seed| modules-load| timesync| + crypttab| cryptsetup| kmod| quota| @@ -110,25 +112,35 @@ for file in files(buildroot): repart| gpt-auto| volatile-root| - verity-setup| + veritysetup| + integritysetup| + integritytab| remount-fs| /boot$| /boot/efi| /kernel/| /kernel$| - /modprobe.d - ''', n, re.X): + /modprobe.d| + binfmt| + sysctl| + coredump| + homed|home1| + portabled|portable1 + ''', n, re.X): # coredumpctl, homectl, portablectl are included in the main package because + # they can be used to interact with remote daemons. Also, the user could be + # confused if those user-facing binaries are not available. o = o_udev - elif re.search(r'''resolvectl| - resolved| + + elif re.search(r'''resolved|resolve1| systemd-resolve| resolvconf| - resolve1\. - ''', n, re.X): - # keep only nss-resolve in systemd + systemd\.(positive|negative) + ''', n, re.X): # resolvectl and nss-resolve are in the main package. o = o_resolve + elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X): o = o_oomd_defaults + elif n.endswith('.standalone'): if 'tmpfiles' in n: o = o_standalone_tmpfiles @@ -136,6 +148,7 @@ for file in files(buildroot): o = o_standalone_sysusers else: assert False, 'Found .standalone not belonging to known packages' + else: o = o_rest diff --git a/systemd.spec b/systemd.spec index f4495c1..63445e2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -221,6 +221,12 @@ Recommends: libpcre2-8.so.0%{?elf_suffix} Recommends: libpwquality.so.1%{?elf_suffix} Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits} Recommends: libqrencode.so.4%{?elf_suffix} +Recommends: libbpf.so.0%{?elf_suffix} +Recommends: libbpf.so.0(LIBBPF_0.4.0)%{?elf_bits} + +# used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home +Recommends: libcryptsetup.so.12%{?elf_suffix} +Recommends: libcryptsetup.so.12(CRYPTSETUP_2.4)%{?elf_bits} %description systemd is a system and service manager that runs as PID 1 and starts the rest @@ -304,6 +310,17 @@ Provides: udev = %{version} Provides: udev%{_isa} = %{version} Obsoletes: udev < 183 +# Recommends to replace normal Requires deps for stuff that is dlopen()ed +# used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home +Recommends: libcryptsetup.so.12%{?elf_suffix} +Recommends: libcryptsetup.so.12(CRYPTSETUP_2.4)%{?elf_bits} + +# used by home, cryptsetup, cryptenroll +Recommends: libfido2.so.1%{?elf_suffix} +Recommends: libtss2-esys.so.0%{?elf_suffix} +Recommends: libtss2-mu.so.0%{?elf_suffix} +Recommends: libtss2-rc.so.0%{?elf_suffix} + # https://bugzilla.redhat.com/show_bug.cgi?id=1377733#c9 Suggests: systemd-bootchart # https://bugzilla.redhat.com/show_bug.cgi?id=1408878 @@ -318,6 +335,9 @@ This package contains systemd-udev and the rules and hardware database needed to manage device nodes. This package is necessary on physical machines and in virtual machines, but not in containers. +It also contains tools to manage encrypted home areas and secrets bound to the +machine. + %package container # Name is the same as in Debian Summary: Tools for containers and VMs @@ -374,6 +394,8 @@ Requires(post): %{name} Requires(post): grep Requires: %{name}%{?_isa} = %{version}-%{release} Obsoletes: %{name} < 249~~ +Requires: libidn2.so.0%{?elf_suffix} +Requires: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} %description resolved systemd-resolved is a system service that provides network name resolution to @@ -1023,6 +1045,7 @@ fi %changelog * Tue Jan 11 2022 Zbigniew Jędrzejewski-Szmek - 249.7-2 - Create /etc/resolv.conf symlink if nothing is present yet (#2032085) +- Add missing requirements for libfido2 and libtss2 (#1975827) * Mon Nov 15 2021 Zbigniew Jędrzejewski-Szmek - 249.7-2 - Supress errors from update-helper when selinux is enabled (see #2023332) From cb3a59c3063eb4b130341b035eae2223515505d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 11 Jan 2022 22:11:28 +0100 Subject: [PATCH 18/39] Version 249.8 --- sources | 2 +- systemd.spec | 25 ++++++++++++++++++++----- 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/sources b/sources index 5142edc..7087fb7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-249.7.tar.gz) = 65848a1141f66f11610ab28f70ef2fa4539e2fc31b9f6c9d9a18d9d68be877ad02b5699d05d98b209eac4e28ba5141f83366c2b70f485f3f406d7bc14eb21365 +SHA512 (systemd-249.8.tar.gz) = 27a1af8008432de1ae1bd296c3e3f4f98ba9901635ee5e4b79b4d764a30e068ca8b9fd19306ba55237ef5ae966d81129f62cf3691e5974c03c95848d2558eaa2 diff --git a/systemd.spec b/systemd.spec index 63445e2..3f8ed23 100644 --- a/systemd.spec +++ b/systemd.spec @@ -17,8 +17,8 @@ %global elf_suffix ()%{elf_bits} %endif -# Bootstrap may be needed to break intercircular dependencies with -# cryptsetup, e.g. when re-building cryptsetup on a json-c SONAME-bump. +# Bootstrap may be needed to break circular dependencies with cryptsetup, +# e.g. when re-building cryptsetup on a json-c SONAME-bump. %bcond_with bootstrap %bcond_without tests %bcond_without lto @@ -30,8 +30,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 249.7 -Release: 2%{?dist} +Version: 249.8 +Release: 1%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -1043,9 +1043,24 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog -* Tue Jan 11 2022 Zbigniew Jędrzejewski-Szmek - 249.7-2 +* Tue Jan 11 2022 Zbigniew Jędrzejewski-Szmek - 249.8-1 - Create /etc/resolv.conf symlink if nothing is present yet (#2032085) - Add missing requirements for libfido2 and libtss2 (#1975827) +- Allow mprotect(2), arch_prctl(2) in @default seccomp filter, bpf(2) and /proc + for systemd-udev (#2027627) +- Various documentation fixes (#1926323) +- Introduce ExitType= service setting (#1956022) +- Fix sysusers without /proc (#2036217) +- Various fixes to condition handling (#1919538) +- Bugfixes for the manager, systemd-networkd, systemd-journald and journalctl, + systemd-analyze, systemd-resolved, systemd-homed, shell completions, + systemd-detect-virt on MS Hyper-V, nss modules +- Ordering of various units during early boot and shutdown is adjusted to fix + some corner cases +- Maximum numbers of files are bumped for /dev and /tmp +- fstab-generator now ignores root-on-nfs/cifs/iscsi and live (#2037233) +- CVE-2021-3997, #2024639: systemd-tmpfiles would exhaust the stack and crash + during excessive recursion on a very deeply nested directory structure. * Mon Nov 15 2021 Zbigniew Jędrzejewski-Szmek - 249.7-2 - Supress errors from update-helper when selinux is enabled (see #2023332) From ffba95e69b2b88872ff51d189ef900d8d379092e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 12 Jan 2022 22:36:37 +0100 Subject: [PATCH 19/39] Version 249.9 --- sources | 2 +- systemd.spec | 10 ++++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/sources b/sources index 7087fb7..5278cd6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-249.8.tar.gz) = 27a1af8008432de1ae1bd296c3e3f4f98ba9901635ee5e4b79b4d764a30e068ca8b9fd19306ba55237ef5ae966d81129f62cf3691e5974c03c95848d2558eaa2 +SHA512 (systemd-249.9.tar.gz) = ce57bc6c522082e55649fc1886c4dc818c89607e175df2c92feffe288dbd38757f36b30abeebe153f5be6b664a49d729405040a952473cb2133a2e39cf9cc164 diff --git a/systemd.spec b/systemd.spec index 3f8ed23..7a609f3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 249.8 +Version: 249.9 Release: 1%{?dist} %else # determine the build information from local checkout @@ -1043,6 +1043,12 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Wed Jan 12 2022 Zbigniew Jędrzejewski-Szmek - 249.9-1 +- Revert the patches for (#1956022), hopefully fixing (#2039888) +- Some minor documentation fixes and a fix for journalctl +- Make systemd-xdg-autostart-service ignore missing condition check binary + (related to #2038750, but does not fix it) + * Tue Jan 11 2022 Zbigniew Jędrzejewski-Szmek - 249.8-1 - Create /etc/resolv.conf symlink if nothing is present yet (#2032085) - Add missing requirements for libfido2 and libtss2 (#1975827) @@ -1059,7 +1065,7 @@ fi some corner cases - Maximum numbers of files are bumped for /dev and /tmp - fstab-generator now ignores root-on-nfs/cifs/iscsi and live (#2037233) -- CVE-2021-3997, #2024639: systemd-tmpfiles would exhaust the stack and crash +- CVE-2021-3997, #2039383: systemd-tmpfiles would exhaust the stack and crash during excessive recursion on a very deeply nested directory structure. * Mon Nov 15 2021 Zbigniew Jędrzejewski-Szmek - 249.7-2 From bbe738a8865768e88951114c75b86346b3c56493 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 18 Dec 2021 16:50:52 +0100 Subject: [PATCH 20/39] Create /etc/resolv.conf symlink if nothing is present yet --- systemd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 7a609f3..0ee804c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 249.9 -Release: 1%{?dist} +Release: 2%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -1043,6 +1043,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Wed Apr 6 2022 Zbigniew Jędrzejewski-Szmek - 249.9-2 +- Create /etc/resolv.conf symlink if nothing is present yet (#2032085) + * Wed Jan 12 2022 Zbigniew Jędrzejewski-Szmek - 249.9-1 - Revert the patches for (#1956022), hopefully fixing (#2039888) - Some minor documentation fixes and a fix for journalctl From c7de3aca4f119167602f03ccecf79dfe7ab264c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 10 Feb 2022 17:37:56 +0100 Subject: [PATCH 21/39] Remove duplicated pam systemd-user file --- systemd.spec | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index 0ee804c..afcc8ff 100644 --- a/systemd.spec +++ b/systemd.spec @@ -83,7 +83,7 @@ Source24: sysusers.generate-pre.sh %if 0 GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip -GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch +GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py >hwdb.patch %endif # Backports of patches from upstream (0000–0499) @@ -442,6 +442,11 @@ package and is meant for use in non-systemd systems. %prep %autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1 +test -f src/login/systemd-user.in +# Restore systemd-user pam config from before "removal of Fedora-specific bits". +# We'll systemd process it and install in the right place. +cp %{SOURCE12} src/login/systemd-user.in + %build %define ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} @@ -630,9 +635,6 @@ install -Dm0644 %{SOURCE4} %{buildroot}/etc/dnf/protected.d/systemd.conf install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE7} %{SOURCE8} -# Restore systemd-user pam config from before "removal of Fedora-specific bits" -install -Dm0644 -t %{buildroot}/etc/pam.d/ %{SOURCE12} - # Install additional docs # https://bugzilla.redhat.com/show_bug.cgi?id=1234951 install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE9} From ca998c583b0204c9ec3d8ded4e638d84817c08b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 16 Feb 2022 17:48:06 +0100 Subject: [PATCH 22/39] Drop scriptlet for handling nobody user upgrades from Fedora <28 For https://fedoraproject.org/wiki/Changes/RenameNobodyUser a scriptlet was introduced with prevents nss-systemd from synthesizing entries for nobody. Let's remove the scriptlet: very few people upgrade from such old systems, and even if they do, having a duplicate entry for nobody is annoying but hardly a big problem. (The other side of this, support in nss-systemd remains in place.) This allows deps on the tools used in the scriptlet to be dropped from -libs. While at it, also drop noop ldconfig scriptlets. --- systemd.spec | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/systemd.spec b/systemd.spec index afcc8ff..e594f08 100644 --- a/systemd.spec +++ b/systemd.spec @@ -257,7 +257,6 @@ Provides: nss-myhostname%{_isa} = 0.4 Requires(post): coreutils Requires(post): sed Requires(post): grep -Requires(post): /usr/bin/getent %description libs Libraries for systemd and udev. @@ -360,7 +359,6 @@ systemd-importd. Summary: Tools to send journal events over the network Requires: %{name}%{?_isa} = %{version}-%{release} License: LGPLv2+ -Requires(pre): /usr/bin/getent Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -810,8 +808,6 @@ fi systemctl --no-reload preset systemd-oomd.service &>/dev/null || : %post libs -%{?ldconfig} - function mod_nss() { if [ -f "$1" ] ; then # Add nss-systemd to passwd and group @@ -845,24 +841,6 @@ else mod_nss "/etc/authselect/user-nsswitch.conf" fi -# check if nobody or nfsnobody is defined -export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 -if getent passwd nfsnobody &>/dev/null; then - test -f /etc/systemd/dont-synthesize-nobody || { - echo 'Detected system with nfsnobody defined, creating /etc/systemd/dont-synthesize-nobody' - mkdir -p /etc/systemd || : - : >/etc/systemd/dont-synthesize-nobody || : - } -elif getent passwd nobody 2>/dev/null | grep -v 'nobody:[x*]:65534:65534:.*:/:/sbin/nologin' &>/dev/null; then - test -f /etc/systemd/dont-synthesize-nobody || { - echo 'Detected system with incompatible nobody defined, creating /etc/systemd/dont-synthesize-nobody' - mkdir -p /etc/systemd || : - : >/etc/systemd/dont-synthesize-nobody || : - } -fi - -%{?ldconfig:%postun libs -p %ldconfig} - %global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service %post udev @@ -1047,6 +1025,7 @@ fi %changelog * Wed Apr 6 2022 Zbigniew Jędrzejewski-Szmek - 249.9-2 - Create /etc/resolv.conf symlink if nothing is present yet (#2032085) +- Drop scriptlet for handling nobody user upgrades from Fedora <28 * Wed Jan 12 2022 Zbigniew Jędrzejewski-Szmek - 249.9-1 - Revert the patches for (#1956022), hopefully fixing (#2039888) From a16919cb6546b17e03db56eaf5c957973041c133 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 23 Feb 2022 23:27:29 +0100 Subject: [PATCH 23/39] Move part of %post scriptlet for resolved to %posttrans (rhbz#2018913) --- systemd.spec | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index e594f08..291b11e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -388,12 +388,11 @@ devices. %package resolved Summary: Network Name Resolution manager -Requires(post): %{name} -Requires(post): grep Requires: %{name}%{?_isa} = %{version}-%{release} Obsoletes: %{name} < 249~~ Requires: libidn2.so.0%{?elf_suffix} Requires: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} +Requires(posttrans): grep %description resolved systemd-resolved is a system service that provides network name resolution to @@ -943,6 +942,7 @@ fi %systemd_post systemd-resolved.service +%posttrans resolved # Create /etc/resolv.conf symlink. # We would also create it using tmpfiles, but let's do this here # too before NetworkManager gets a chance. (systemd-tmpfiles invocation above @@ -1026,6 +1026,7 @@ fi * Wed Apr 6 2022 Zbigniew Jędrzejewski-Szmek - 249.9-2 - Create /etc/resolv.conf symlink if nothing is present yet (#2032085) - Drop scriptlet for handling nobody user upgrades from Fedora <28 +- Move part of %%post scriptlet for resolved to %%posttrans (#2072574) * Wed Jan 12 2022 Zbigniew Jędrzejewski-Szmek - 249.9-1 - Revert the patches for (#1956022), hopefully fixing (#2039888) From 2ea657e54b205b7e326264a793580626bd1f28f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 24 Feb 2022 08:01:43 +0100 Subject: [PATCH 24/39] Drop some unnecessary requirements --- systemd.spec | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/systemd.spec b/systemd.spec index 291b11e..ec81847 100644 --- a/systemd.spec +++ b/systemd.spec @@ -185,7 +185,7 @@ Requires(post): openssl-libs Requires(pre): coreutils Requires: dbus >= 1.9.18 Requires: %{name}-pam = %{version}-%{release} -Requires: (%{name}-rpm-macros = %{version}-%{release} if rpm-build) +Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) Requires: %{name}-libs = %{version}-%{release} %{?fedora:Recommends: %{name}-networkd = %{version}-%{release}} %{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} @@ -359,9 +359,6 @@ systemd-importd. Summary: Tools to send journal events over the network Requires: %{name}%{?_isa} = %{version}-%{release} License: LGPLv2+ -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd Requires: firewalld-filesystem Provides: %{name}-journal-gateway = %{version}-%{release} Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} @@ -445,7 +442,7 @@ test -f src/login/systemd-user.in cp %{SOURCE12} src/login/systemd-user.in %build -%define ntpvendor %(source /etc/os-release; echo ${ID}) +%global ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} CONFIGURE_OPTS=( From 9c9b28cd9165dd9b45d9b6aae7fb73ad27023b59 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 24 Feb 2022 20:25:55 +0100 Subject: [PATCH 25/39] Avoid trying to create the symlink if there's a dangling symlink already 'test -e' says 'no' for dangling symlinks. Let's also ignore the error if this fails. We shouldn't fail the transaction. --- systemd.spec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index ec81847..1ec471d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -959,11 +959,11 @@ if systemctl -q is-enabled systemd-resolved.service &>/dev/null && ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null | grep -iqE '^DNSStubListener\s*=\s*(no?|false|0|off)\s*$'; then - if ! test -e /etc/resolv.conf; then - ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf + if ! test -e /etc/resolv.conf && ! test -L /etc/resolv.conf; then + ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || : elif test -d /run/systemd/system/ && ! mountpoint /etc/resolv.conf &>/dev/null; then - ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf + ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || : fi fi From b92f3c418739e3c76f92eda97d889c3dd73f4697 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 6 Apr 2022 18:14:05 +0200 Subject: [PATCH 26/39] Version 249.11 --- 2da7d0bc92.patch | 67 ------------------------------------------------ sources | 2 +- systemd.spec | 9 +++---- 3 files changed, 5 insertions(+), 73 deletions(-) delete mode 100644 2da7d0bc92.patch diff --git a/2da7d0bc92.patch b/2da7d0bc92.patch deleted file mode 100644 index ad81b34..0000000 --- a/2da7d0bc92.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 2da7d0bc92e2423a5c7225c5d24b99d5d52a0bc6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 7 Jul 2021 18:02:50 +0200 -Subject: [PATCH] sd-bus: allow numerical uids in -M user@.host - -UIDs don't work well over ssh, but locally or with containers they are OK. -In particular, user@.service uses UIDs as identifiers, and it's nice to be -able to copy&paste that UID for interaction with the user's managers. ---- - src/libsystemd/sd-bus/sd-bus.c | 27 ++++++++++++++++++--------- - 1 file changed, 18 insertions(+), 9 deletions(-) - -diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c -index a32e2f5e2085..6960161c3658 100644 ---- a/src/libsystemd/sd-bus/sd-bus.c -+++ b/src/libsystemd/sd-bus/sd-bus.c -@@ -39,6 +39,7 @@ - #include "parse-util.h" - #include "path-util.h" - #include "process-util.h" -+#include "stdio-util.h" - #include "string-util.h" - #include "strv.h" - #include "user-util.h" -@@ -1617,7 +1618,7 @@ static int user_and_machine_valid(const char *user_and_machine) { - if (!user) - return -ENOMEM; - -- if (!isempty(user) && !valid_user_group_name(user, VALID_USER_RELAX)) -+ if (!isempty(user) && !valid_user_group_name(user, VALID_USER_RELAX | VALID_USER_ALLOW_NUMERIC)) - return false; - - h++; -@@ -1648,17 +1649,25 @@ static int user_and_machine_equivalent(const char *user_and_machine) { - - /* Otherwise, if we are root, then we can also allow the ".host" syntax, as that's the user this - * would connect to. */ -- if (geteuid() == 0 && STR_IN_SET(user_and_machine, ".host", "root@.host")) -+ uid_t uid = geteuid(); -+ -+ if (uid == 0 && STR_IN_SET(user_and_machine, ".host", "root@.host", "0@.host")) - return true; - -- /* Otherwise, we have to figure our user name, and compare things with that. */ -- un = getusername_malloc(); -- if (!un) -- return -ENOMEM; -+ /* Otherwise, we have to figure out our user id and name, and compare things with that. */ -+ char buf[DECIMAL_STR_MAX(uid_t)]; -+ xsprintf(buf, UID_FMT, uid); -+ -+ f = startswith(user_and_machine, buf); -+ if (!f) { -+ un = getusername_malloc(); -+ if (!un) -+ return -ENOMEM; - -- f = startswith(user_and_machine, un); -- if (!f) -- return false; -+ f = startswith(user_and_machine, un); -+ if (!f) -+ return false; -+ } - - return STR_IN_SET(f, "@", "@.host"); - } diff --git a/sources b/sources index 5278cd6..c542ea3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-249.9.tar.gz) = ce57bc6c522082e55649fc1886c4dc818c89607e175df2c92feffe288dbd38757f36b30abeebe153f5be6b664a49d729405040a952473cb2133a2e39cf9cc164 +SHA512 (systemd-249.11.tar.gz) = fed7f81933648945a4bfac9fb12150ecd84d32181f79be0e14e0b3a789343a87569f868670e0b8dfc2801fab39f7490f95ee8c29ba831d7611f78c14ace5ddd8 diff --git a/systemd.spec b/systemd.spec index 1ec471d..91e9b6d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,8 +30,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 249.9 -Release: 2%{?dist} +Version: 249.11 +Release: 1%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -98,8 +98,6 @@ Patch0004: 0004-rpm-restart-user-services-at-the-end-of-the-transact.patch Patch0005: 0005-update-helper-also-add-user-reexec-verb.patch Patch0006: 0006-update-helper-add-missing-loop-over-user-units.patch -Patch0007: https://github.com/systemd/systemd/commit/2da7d0bc92.patch - # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0500: use-bfq-scheduler.patch @@ -1020,7 +1018,8 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog -* Wed Apr 6 2022 Zbigniew Jędrzejewski-Szmek - 249.9-2 +* Wed Apr 6 2022 Zbigniew Jędrzejewski-Szmek - 249.11-1 +- Update to latest bugfix release (#2039854) - Create /etc/resolv.conf symlink if nothing is present yet (#2032085) - Drop scriptlet for handling nobody user upgrades from Fedora <28 - Move part of %%post scriptlet for resolved to %%posttrans (#2072574) From 0c79c0aff99057a318015da791220cf8bbb76a5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 12 Apr 2022 09:50:37 +0200 Subject: [PATCH 27/39] Do not touch /etc/resolv.conf on upgrades --- systemd.spec | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 91e9b6d..f3c348f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 249.11 -Release: 1%{?dist} +Release: 2%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -927,7 +927,8 @@ if [ $1 -eq 0 ] ; then fi %post resolved -[ $1 -gt 1 ] && exit 0 +[ $1 -eq 1 ] || exit 0 +# Initial installation # Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263 if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then @@ -938,6 +939,9 @@ fi %systemd_post systemd-resolved.service %posttrans resolved +[ $1 -eq 1 ] || exit 0 +# Initial installation + # Create /etc/resolv.conf symlink. # We would also create it using tmpfiles, but let's do this here # too before NetworkManager gets a chance. (systemd-tmpfiles invocation above @@ -1018,6 +1022,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Tue Apr 12 2022 Zbigniew Jędrzejewski-Szmek - 249.11-2 +- Do not touch /etc/resolv.conf on upgrades (#2074122) + * Wed Apr 6 2022 Zbigniew Jędrzejewski-Szmek - 249.11-1 - Update to latest bugfix release (#2039854) - Create /etc/resolv.conf symlink if nothing is present yet (#2032085) From 5f6666c925b30c2f5cfa78065977970a9581a5f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 12 Apr 2022 10:11:03 +0200 Subject: [PATCH 28/39] Revert "Avoid trying to create the symlink if there's a dangling symlink already" This reverts commit 9c9b28cd9165dd9b45d9b6aae7fb73ad27023b59. --- systemd.spec | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index f3c348f..f30f835 100644 --- a/systemd.spec +++ b/systemd.spec @@ -961,11 +961,11 @@ if systemctl -q is-enabled systemd-resolved.service &>/dev/null && ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null | grep -iqE '^DNSStubListener\s*=\s*(no?|false|0|off)\s*$'; then - if ! test -e /etc/resolv.conf && ! test -L /etc/resolv.conf; then - ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || : + if ! test -e /etc/resolv.conf; then + ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf elif test -d /run/systemd/system/ && ! mountpoint /etc/resolv.conf &>/dev/null; then - ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || : + ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf fi fi @@ -1024,6 +1024,8 @@ fi %changelog * Tue Apr 12 2022 Zbigniew Jędrzejewski-Szmek - 249.11-2 - Do not touch /etc/resolv.conf on upgrades (#2074122) +- Undo the change to "create /etc/resolv.conf symlink if nothing is + present yet" (#2074083) * Wed Apr 6 2022 Zbigniew Jędrzejewski-Szmek - 249.11-1 - Update to latest bugfix release (#2039854) From a3b0ac65189c6e3fd2a41ffbcb908dc1da50a379 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 12 Apr 2022 10:16:12 +0200 Subject: [PATCH 29/39] Clean up modules.builtin.alias.bin on kernel upgrades --- ...a658cd1ac9c6b7a9230adf8ed1c46a269837.patch | 23 +++++++++++++++++++ systemd.spec | 2 ++ 2 files changed, 25 insertions(+) create mode 100644 cabda658cd1ac9c6b7a9230adf8ed1c46a269837.patch diff --git a/cabda658cd1ac9c6b7a9230adf8ed1c46a269837.patch b/cabda658cd1ac9c6b7a9230adf8ed1c46a269837.patch new file mode 100644 index 0000000..5439c97 --- /dev/null +++ b/cabda658cd1ac9c6b7a9230adf8ed1c46a269837.patch @@ -0,0 +1,23 @@ +From cabda658cd1ac9c6b7a9230adf8ed1c46a269837 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sat, 15 Jan 2022 03:37:40 +0900 +Subject: [PATCH] kernel-install: also remove modules.builtin.alias.bin + +Fixes RHBZ#2016630. +--- + src/kernel-install/50-depmod.install | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/kernel-install/50-depmod.install b/src/kernel-install/50-depmod.install +index 2fd959865f2a..fd00c436322a 100644 +--- a/src/kernel-install/50-depmod.install ++++ b/src/kernel-install/50-depmod.install +@@ -36,7 +36,7 @@ case "$COMMAND" in + remove) + [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \ + echo "Removing /lib/modules/${KERNEL_VERSION}/modules.dep and associated files" +- exec rm -f /lib/modules/"${KERNEL_VERSION}"/modules.{alias{,.bin},builtin.bin,dep{,.bin},devname,softdep,symbols{,.bin}} ++ exec rm -f /lib/modules/"${KERNEL_VERSION}"/modules.{alias{,.bin},builtin{,.alias}.bin,dep{,.bin},devname,softdep,symbols{,.bin}} + ;; + *) + exit 0 diff --git a/systemd.spec b/systemd.spec index f30f835..b482eec 100644 --- a/systemd.spec +++ b/systemd.spec @@ -97,6 +97,7 @@ Patch0003: 0003-rpm-call-needs-restart-in-parallel.patch Patch0004: 0004-rpm-restart-user-services-at-the-end-of-the-transact.patch Patch0005: 0005-update-helper-also-add-user-reexec-verb.patch Patch0006: 0006-update-helper-add-missing-loop-over-user-units.patch +Patch0007: https://github.com/systemd/systemd/pull/22127/commits/cabda658cd1ac9c6b7a9230adf8ed1c46a269837.patch # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -1026,6 +1027,7 @@ fi - Do not touch /etc/resolv.conf on upgrades (#2074122) - Undo the change to "create /etc/resolv.conf symlink if nothing is present yet" (#2074083) +- Clean up modules.builtin.alias.bin on kernel upgrades (#2016630) * Wed Apr 6 2022 Zbigniew Jędrzejewski-Szmek - 249.11-1 - Update to latest bugfix release (#2039854) From 893419015ce7421095640460b0c6928d39d2bb93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 22 Apr 2022 18:13:29 +0200 Subject: [PATCH 30/39] Fix logic in %posttrans for systemd-resolved --- systemd.spec | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index b482eec..968953b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -939,9 +939,14 @@ fi %systemd_post systemd-resolved.service +mkdir -p %{_localstatedir}/lib/rpm-state/systemd || : +: >%{_localstatedir}/lib/rpm-state/systemd/systemd-resolved-initial-installation || : + %posttrans resolved -[ $1 -eq 1 ] || exit 0 +test -e %{_localstatedir}/lib/rpm-state/systemd/systemd-resolved-initial-installation || exit 0 # Initial installation +rm %{_localstatedir}/lib/rpm-state/systemd/systemd-resolved-initial-installation || : +rmdir %{_localstatedir}/lib/rpm-state/systemd || : # Create /etc/resolv.conf symlink. # We would also create it using tmpfiles, but let's do this here @@ -962,14 +967,16 @@ if systemctl -q is-enabled systemd-resolved.service &>/dev/null && ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null | grep -iqE '^DNSStubListener\s*=\s*(no?|false|0|off)\s*$'; then - if ! test -e /etc/resolv.conf; then - ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf + if ! ls -h /etc/resolv.conf &>/dev/null; then + ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || : elif test -d /run/systemd/system/ && ! mountpoint /etc/resolv.conf &>/dev/null; then - ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf + ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || : fi fi +exit 0 + %global _docdir_fmt %{name} %files -f %{name}.lang -f .file-list-rest From 0c091275bcbb8b032a7343c41b4de4277dd4131a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 28 Apr 2022 20:01:31 +0200 Subject: [PATCH 31/39] Version 249.12 --- ...a658cd1ac9c6b7a9230adf8ed1c46a269837.patch | 23 ------------------- sources | 2 +- systemd.spec | 14 ++++++++--- 3 files changed, 12 insertions(+), 27 deletions(-) delete mode 100644 cabda658cd1ac9c6b7a9230adf8ed1c46a269837.patch diff --git a/cabda658cd1ac9c6b7a9230adf8ed1c46a269837.patch b/cabda658cd1ac9c6b7a9230adf8ed1c46a269837.patch deleted file mode 100644 index 5439c97..0000000 --- a/cabda658cd1ac9c6b7a9230adf8ed1c46a269837.patch +++ /dev/null @@ -1,23 +0,0 @@ -From cabda658cd1ac9c6b7a9230adf8ed1c46a269837 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 15 Jan 2022 03:37:40 +0900 -Subject: [PATCH] kernel-install: also remove modules.builtin.alias.bin - -Fixes RHBZ#2016630. ---- - src/kernel-install/50-depmod.install | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/kernel-install/50-depmod.install b/src/kernel-install/50-depmod.install -index 2fd959865f2a..fd00c436322a 100644 ---- a/src/kernel-install/50-depmod.install -+++ b/src/kernel-install/50-depmod.install -@@ -36,7 +36,7 @@ case "$COMMAND" in - remove) - [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \ - echo "Removing /lib/modules/${KERNEL_VERSION}/modules.dep and associated files" -- exec rm -f /lib/modules/"${KERNEL_VERSION}"/modules.{alias{,.bin},builtin.bin,dep{,.bin},devname,softdep,symbols{,.bin}} -+ exec rm -f /lib/modules/"${KERNEL_VERSION}"/modules.{alias{,.bin},builtin{,.alias}.bin,dep{,.bin},devname,softdep,symbols{,.bin}} - ;; - *) - exit 0 diff --git a/sources b/sources index c542ea3..f9e5098 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-249.11.tar.gz) = fed7f81933648945a4bfac9fb12150ecd84d32181f79be0e14e0b3a789343a87569f868670e0b8dfc2801fab39f7490f95ee8c29ba831d7611f78c14ace5ddd8 +SHA512 (systemd-249.12.tar.gz) = 7a565418b13e2e6d0cd6bcdaca9987ea626449c8f28266a514b20d19e63e0779e31acbef9d5e14139a94bc72cdd652f86694509ed21158c45b106585058272d1 diff --git a/systemd.spec b/systemd.spec index 968953b..ce187d8 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,8 +30,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 249.11 -Release: 2%{?dist} +Version: 249.12 +Release: 1%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -97,7 +97,6 @@ Patch0003: 0003-rpm-call-needs-restart-in-parallel.patch Patch0004: 0004-rpm-restart-user-services-at-the-end-of-the-transact.patch Patch0005: 0005-update-helper-also-add-user-reexec-verb.patch Patch0006: 0006-update-helper-add-missing-loop-over-user-units.patch -Patch0007: https://github.com/systemd/systemd/pull/22127/commits/cabda658cd1ac9c6b7a9230adf8ed1c46a269837.patch # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -1030,6 +1029,15 @@ exit 0 %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Thu Apr 28 2022 Zbigniew Jędrzejewski-Szmek - 249.12-1 +- Make the scriptlet for /etc/resolv.conf more robust +- Update to latest upstream bugfix release (#2016630, various memory access + and correctness fixes) +- User access via the uaccess attribute is extended to more devices + (USB analyzers, rfkill devices, AV production controllers, TL866 EPROM readers) +- hwdb is updated +- clone3() returns ENOSYS when RestrictNamespaces=yes + * Tue Apr 12 2022 Zbigniew Jędrzejewski-Szmek - 249.11-2 - Do not touch /etc/resolv.conf on upgrades (#2074122) - Undo the change to "create /etc/resolv.conf symlink if nothing is From 02cbdcbd21fb51cdfd0cc7294c721f19aa0d185d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 29 Apr 2022 08:56:58 +0200 Subject: [PATCH 32/39] systemd-resolved: rewrite %post scriptlet for systemd-resolved to not use coreutils --- systemd.spec | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/systemd.spec b/systemd.spec index ce187d8..8e8007a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 249.12 -Release: 1%{?dist} +Release: 2%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -931,18 +931,17 @@ fi # Initial installation # Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263 -if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then +if [ "$(echo /usr/lib/systemd/libsystemd-shared-24[0-8].so)" != "/usr/lib/systemd/libsystemd-shared-24[0-8].so" ]; then echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd." exit 0 fi %systemd_post systemd-resolved.service -mkdir -p %{_localstatedir}/lib/rpm-state/systemd || : -: >%{_localstatedir}/lib/rpm-state/systemd/systemd-resolved-initial-installation || : +: >%{_localstatedir}/lib/rpm-state/systemd-resolved-initial-installation || : %posttrans resolved -test -e %{_localstatedir}/lib/rpm-state/systemd/systemd-resolved-initial-installation || exit 0 +test -e %{_localstatedir}/lib/rpm-state/systemd-resolved-initial-installation || exit 0 # Initial installation rm %{_localstatedir}/lib/rpm-state/systemd/systemd-resolved-initial-installation || : rmdir %{_localstatedir}/lib/rpm-state/systemd || : @@ -1029,6 +1028,9 @@ exit 0 %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Fri Apr 29 2022 Zbigniew Jędrzejewski-Szmek - 249.12-2 +- Rewrite %%post scriptlet for systemd-resolved to not use coreutils (#2074083) + * Thu Apr 28 2022 Zbigniew Jędrzejewski-Szmek - 249.12-1 - Make the scriptlet for /etc/resolv.conf more robust - Update to latest upstream bugfix release (#2016630, various memory access From 7457b8ef7c2a809c0b3c539a7db5cfbf1c676fb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 29 Apr 2022 18:11:06 +0200 Subject: [PATCH 33/39] scriptlets: add "||:" in more places --- systemd.spec | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/systemd.spec b/systemd.spec index 8e8007a..cadab0b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -913,17 +913,17 @@ fi %preun resolved if [ $1 -eq 0 ] ; then - systemctl disable --quiet \ - systemd-resolved.service \ - >/dev/null || : - if [ -L /etc/resolv.conf ] && \ - realpath /etc/resolv.conf | grep ^/run/systemd/resolve/; then - rm -f /etc/resolv.conf # no longer useful - # if network manager is enabled, move to it instead - [ -f /run/NetworkManager/resolv.conf ] && \ - systemctl -q is-enabled NetworkManager.service &>/dev/null && \ - ln -fsv ../run/NetworkManager/resolv.conf /etc/resolv.conf - fi + systemctl disable --quiet \ + systemd-resolved.service \ + >/dev/null || : + if [ -L /etc/resolv.conf ] && \ + realpath /etc/resolv.conf | grep ^/run/systemd/resolve/; then + rm -f /etc/resolv.conf || : # no longer useful + # if network manager is enabled, move to it instead + [ -f /run/NetworkManager/resolv.conf ] && \ + systemctl -q is-enabled NetworkManager.service &>/dev/null && \ + ln -fsv ../run/NetworkManager/resolv.conf /etc/resolv.conf || : + fi fi %post resolved From 4b8edcc3e245f025501ecdc03856366ae0c4447a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 29 Apr 2022 18:50:38 +0200 Subject: [PATCH 34/39] Link /etc/resolv.conf to /usr/lib/systemd/resolv.conf --- systemd.spec | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/systemd.spec b/systemd.spec index cadab0b..e9a7fcd 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 249.12 -Release: 2%{?dist} +Release: 3%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -952,24 +952,27 @@ rmdir %{_localstatedir}/lib/rpm-state/systemd || : # does not do this, because it's marked with ! and we don't specify --boot.) # https://bugzilla.redhat.com/show_bug.cgi?id=1873856 # -# *Create* the symlink if nothing is present yet. -# (https://bugzilla.redhat.com/show_bug.cgi?id=2032085) -# -# *Override* the symlink if systemd is running. Don't do it if systemd -# is not running, because that will immediately break DNS resolution, +# "Create* or *override* the symlink if systemd is running. Don't do it if +# systemd is not running, because that will immediately break DNS resolution, # since systemd-resolved is also not running # (https://bugzilla.redhat.com/show_bug.cgi?id=1891847). # -# Also don't create the symlink to the stub when the stub is disabled (#1891847 again). +# *Create* the symlink if nothing is present yet +# (https://bugzilla.redhat.com/show_bug.cgi?id=2032085), even systemd is not +# running. Sadly, we can't create the symlink the dynamic stub, because +# that confuses Anaconda (#2074083). Let's create a symlink to the static stub, +# which should be good enough for most cases. +# +# Don't create the symlink to the stub when the stub is disabled (#1891847 again). if systemctl -q is-enabled systemd-resolved.service &>/dev/null && ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null | - grep -iqE '^DNSStubListener\s*=\s*(no?|false|0|off)\s*$'; then + grep -iqE '^DNSStubListener\s*=\s*(no?|false|0|off)\s*$' && + ! mountpoint /etc/resolv.conf &>/dev/null; then - if ! ls -h /etc/resolv.conf &>/dev/null; then - ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || : - elif test -d /run/systemd/system/ && - ! mountpoint /etc/resolv.conf &>/dev/null; then + if test -d /run/systemd/system/; then ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || : + elif ! ls -h /etc/resolv.conf &>/dev/null; then + ln -sv ../usr/lib/systemd/resolv.conf /etc/resolv.conf || : fi fi @@ -1028,6 +1031,9 @@ exit 0 %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Fri Apr 29 2022 Zbigniew Jędrzejewski-Szmek - 249.12-3 +- Link /etc/resolv.conf to /usr/lib/systemd/resolv.conf (#2074083) + * Fri Apr 29 2022 Zbigniew Jędrzejewski-Szmek - 249.12-2 - Rewrite %%post scriptlet for systemd-resolved to not use coreutils (#2074083) From c4880f4e5efb7971040021c3f7160c7d86e520d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 29 Apr 2022 19:06:05 +0200 Subject: [PATCH 35/39] Fix removal of the systemd-resolved-initial-installation file --- systemd.spec | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index e9a7fcd..cf4b165 100644 --- a/systemd.spec +++ b/systemd.spec @@ -943,8 +943,7 @@ fi %posttrans resolved test -e %{_localstatedir}/lib/rpm-state/systemd-resolved-initial-installation || exit 0 # Initial installation -rm %{_localstatedir}/lib/rpm-state/systemd/systemd-resolved-initial-installation || : -rmdir %{_localstatedir}/lib/rpm-state/systemd || : +rm %{_localstatedir}/lib/rpm-state/systemd-resolved-initial-installation || : # Create /etc/resolv.conf symlink. # We would also create it using tmpfiles, but let's do this here From 6143e785ddff0973330425f01b6b9ce5415a172a Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Fri, 10 Jun 2022 15:36:39 -0700 Subject: [PATCH 36/39] Revert "Link /etc/resolv.conf to /usr/lib/systemd/resolv.conf" This reverts commit 4b8edcc3e245f025501ecdc03856366ae0c4447a. --- systemd.spec | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-) diff --git a/systemd.spec b/systemd.spec index cf4b165..e651bd9 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 249.12 -Release: 3%{?dist} +Release: 2%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -951,27 +951,24 @@ rm %{_localstatedir}/lib/rpm-state/systemd-resolved-initial-installation || : # does not do this, because it's marked with ! and we don't specify --boot.) # https://bugzilla.redhat.com/show_bug.cgi?id=1873856 # -# "Create* or *override* the symlink if systemd is running. Don't do it if -# systemd is not running, because that will immediately break DNS resolution, +# *Create* the symlink if nothing is present yet. +# (https://bugzilla.redhat.com/show_bug.cgi?id=2032085) +# +# *Override* the symlink if systemd is running. Don't do it if systemd +# is not running, because that will immediately break DNS resolution, # since systemd-resolved is also not running # (https://bugzilla.redhat.com/show_bug.cgi?id=1891847). # -# *Create* the symlink if nothing is present yet -# (https://bugzilla.redhat.com/show_bug.cgi?id=2032085), even systemd is not -# running. Sadly, we can't create the symlink the dynamic stub, because -# that confuses Anaconda (#2074083). Let's create a symlink to the static stub, -# which should be good enough for most cases. -# -# Don't create the symlink to the stub when the stub is disabled (#1891847 again). +# Also don't create the symlink to the stub when the stub is disabled (#1891847 again). if systemctl -q is-enabled systemd-resolved.service &>/dev/null && ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null | - grep -iqE '^DNSStubListener\s*=\s*(no?|false|0|off)\s*$' && - ! mountpoint /etc/resolv.conf &>/dev/null; then + grep -iqE '^DNSStubListener\s*=\s*(no?|false|0|off)\s*$'; then - if test -d /run/systemd/system/; then + if ! ls -h /etc/resolv.conf &>/dev/null; then + ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || : + elif test -d /run/systemd/system/ && + ! mountpoint /etc/resolv.conf &>/dev/null; then ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || : - elif ! ls -h /etc/resolv.conf &>/dev/null; then - ln -sv ../usr/lib/systemd/resolv.conf /etc/resolv.conf || : fi fi @@ -1030,9 +1027,6 @@ exit 0 %files standalone-sysusers -f .file-list-standalone-sysusers %changelog -* Fri Apr 29 2022 Zbigniew Jędrzejewski-Szmek - 249.12-3 -- Link /etc/resolv.conf to /usr/lib/systemd/resolv.conf (#2074083) - * Fri Apr 29 2022 Zbigniew Jędrzejewski-Szmek - 249.12-2 - Rewrite %%post scriptlet for systemd-resolved to not use coreutils (#2074083) From 6b234deaf8576d78278cd5d8aa8d77011ee1f12b Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Fri, 10 Jun 2022 17:16:59 -0700 Subject: [PATCH 37/39] Create stub for resolv.conf symlink if it doesn't exist (#2074083) --- systemd.spec | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index e651bd9..f8c34f2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 249.12 -Release: 2%{?dist} +Release: 4%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -960,15 +960,27 @@ rm %{_localstatedir}/lib/rpm-state/systemd-resolved-initial-installation || : # (https://bugzilla.redhat.com/show_bug.cgi?id=1891847). # # Also don't create the symlink to the stub when the stub is disabled (#1891847 again). +# +# If we're doing the symlink and the stub file does not exist, create +# it as a symlink to the static stub so anaconda doesn't replace the +# symlink or crash. It will be replaced with the dynamic stub on next +# boot +# https://bugzilla.redhat.com/show_bug.cgi?id=2074083 if systemctl -q is-enabled systemd-resolved.service &>/dev/null && ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null | - grep -iqE '^DNSStubListener\s*=\s*(no?|false|0|off)\s*$'; then + grep -iqE '^DNSStubListener\s*=\s*(no?|false|0|off)\s*$' && + ! mountpoint /etc/resolv.conf &>/dev/null; then + if ! ls -h /etc/resolv.conf &>/dev/null; then - ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || : + mkdir -p /run/systemd/resolve &>/dev/null || : + ln -sv ../../../usr/lib/systemd/resolv.conf /run/systemd/resolve/stub-resolv.conf &>/dev/null || : + ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf &>/dev/null || : elif test -d /run/systemd/system/ && ! mountpoint /etc/resolv.conf &>/dev/null; then - ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || : + mkdir -p /run/systemd/resolve &>/dev/null || : + ln -sv ../../../usr/lib/systemd/resolv.conf /run/systemd/resolve/stub-resolv.conf &>/dev/null || : + ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf &>/dev/null || : fi fi @@ -1027,6 +1039,12 @@ exit 0 %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Fri Jun 10 2022 Adam Williamson - 249.12-4 +- Create empty stub for resolv.conf symlink if it doesn't exist (#2074083) + +* Fri Apr 29 2022 Zbigniew Jędrzejewski-Szmek - 249.12-3 +- Link /etc/resolv.conf to /usr/lib/systemd/resolv.conf (#2074083) + * Fri Apr 29 2022 Zbigniew Jędrzejewski-Szmek - 249.12-2 - Rewrite %%post scriptlet for systemd-resolved to not use coreutils (#2074083) From 34c1647bc3fdaf17ab2797d34cb4f086da29ea81 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Thu, 16 Jun 2022 10:39:15 -0700 Subject: [PATCH 38/39] Change dynamic stub target to make name resolution work in install %post --- systemd.spec | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index f8c34f2..fb8c25e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 249.12 -Release: 4%{?dist} +Release: 5%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -974,12 +974,12 @@ if systemctl -q is-enabled systemd-resolved.service &>/dev/null && if ! ls -h /etc/resolv.conf &>/dev/null; then mkdir -p /run/systemd/resolve &>/dev/null || : - ln -sv ../../../usr/lib/systemd/resolv.conf /run/systemd/resolve/stub-resolv.conf &>/dev/null || : + ln -sv resolv.conf /run/systemd/resolve/stub-resolv.conf &>/dev/null || : ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf &>/dev/null || : elif test -d /run/systemd/system/ && ! mountpoint /etc/resolv.conf &>/dev/null; then mkdir -p /run/systemd/resolve &>/dev/null || : - ln -sv ../../../usr/lib/systemd/resolv.conf /run/systemd/resolve/stub-resolv.conf &>/dev/null || : + ln -sv resolv.conf /run/systemd/resolve/stub-resolv.conf &>/dev/null || : ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf &>/dev/null || : fi fi @@ -1039,8 +1039,11 @@ exit 0 %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Thu Jun 16 2022 Adam Williamson - 249.12-5 +- Change dynamic stub target to make name resolution work in install %post (#2074083) + * Fri Jun 10 2022 Adam Williamson - 249.12-4 -- Create empty stub for resolv.conf symlink if it doesn't exist (#2074083) +- Link dynamic to static stub for resolv.conf symlink if it doesn't exist (#2074083) * Fri Apr 29 2022 Zbigniew Jędrzejewski-Szmek - 249.12-3 - Link /etc/resolv.conf to /usr/lib/systemd/resolv.conf (#2074083) From 3db684b40fcb7984a8878877edc9faa93af48e22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 4 Nov 2022 16:19:01 +0100 Subject: [PATCH 39/39] Version 249.13 --- ...y-the-full-path-for-systemctl-and-ot.patch | 91 +++++++++---------- ...-script-to-actually-invoke-systemctl.patch | 14 +-- 0003-rpm-call-needs-restart-in-parallel.patch | 4 +- ...-services-at-the-end-of-the-transact.patch | 12 +-- ...ate-helper-also-add-user-reexec-verb.patch | 4 +- ...per-add-missing-loop-over-user-units.patch | 8 +- sources | 2 +- systemd.spec | 8 +- 8 files changed, 71 insertions(+), 72 deletions(-) diff --git a/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch b/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch index 00a012c..eace24f 100644 --- a/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch +++ b/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch @@ -1,7 +1,7 @@ -From 7d9ee15d0fc2af87481ee371b278dbe7e68165ef Mon Sep 17 00:00:00 2001 +From aa56d0bbcef9c2f32845203b50df92492717fea6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 7 Jul 2021 14:02:36 +0200 -Subject: [PATCH] rpm: don't specify the full path for systemctl and other +Subject: [PATCH 1/6] rpm: don't specify the full path for systemctl and other commands We can make things a bit simpler and more readable by not specifying the path. @@ -94,7 +94,7 @@ index 3a0169a85f..3129ab2d61 100644 SYSTEMD_INLINE_EOF\ %{nil} diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in -index b33d2212e8..247358008a 100644 +index c10112fe54..483207e58c 100644 --- a/src/rpm/triggers.systemd.in +++ b/src/rpm/triggers.systemd.in @@ -16,14 +16,14 @@ @@ -132,34 +132,34 @@ index b33d2212e8..247358008a 100644 elseif pid > 0 then posix.wait(pid) end -@@ -62,7 +62,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemd-sysusers")) -+ assert(posix.execp("systemd-sysusers")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -74,7 +74,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemd-hwdb", "update")) -+ assert(posix.execp("systemd-hwdb", "update")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -86,7 +86,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/journalctl", "--update-catalog")) -+ assert(posix.execp("journalctl", "--update-catalog")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -111,7 +111,7 @@ end +@@ -61,7 +61,7 @@ end + -- will run before the tmpfiles file trigger. + pid = posix.fork() + if pid == 0 then +- assert(posix.exec("%{_bindir}/systemd-sysusers")) ++ assert(posix.execp("systemd-sysusers")) + elseif pid > 0 then + posix.wait(pid) + end +@@ -71,7 +71,7 @@ end + -- installed or updated in {{UDEV_HWDB_DIR}}. + pid = posix.fork() + if pid == 0 then +- assert(posix.exec("%{_bindir}/systemd-hwdb", "update")) ++ assert(posix.execp("systemd-hwdb", "update")) + elseif pid > 0 then + posix.wait(pid) + end +@@ -81,7 +81,7 @@ end + -- have been installed or updated in {{SYSTEMD_CATALOG_DIR}}. + pid = posix.fork() + if pid == 0 then +- assert(posix.exec("%{_bindir}/journalctl", "--update-catalog")) ++ assert(posix.execp("journalctl", "--update-catalog")) + elseif pid > 0 then + posix.wait(pid) + end +@@ -105,7 +105,7 @@ end if posix.access("/run/systemd/system") then pid = posix.fork() if pid == 0 then @@ -168,7 +168,7 @@ index b33d2212e8..247358008a 100644 elseif pid > 0 then posix.wait(pid) end -@@ -123,7 +123,7 @@ end +@@ -117,7 +117,7 @@ end if posix.access("/run/systemd/system") then pid = posix.fork() if pid == 0 then @@ -178,7 +178,7 @@ index b33d2212e8..247358008a 100644 posix.wait(pid) end diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in -index 22abad9812..1631be18c9 100644 +index e746c316d3..f8c4514313 100644 --- a/src/rpm/triggers.systemd.sh.in +++ b/src/rpm/triggers.systemd.sh.in @@ -15,8 +15,8 @@ @@ -192,7 +192,7 @@ index 22abad9812..1631be18c9 100644 fi %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system -@@ -26,13 +26,13 @@ fi +@@ -26,30 +26,30 @@ fi # have been installed, but before %postun scripts in packages get # executed. if test -d "/run/systemd/system"; then @@ -208,32 +208,27 @@ index 22abad9812..1631be18c9 100644 fi %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} -@@ -40,21 +40,21 @@ fi + # This script will process files installed in {{SYSUSERS_DIR}} to create # specified users automatically. The priority is set such that it # will run before the tmpfiles file trigger. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemd-sysusers || : -+ systemd-sysusers || : - fi +-%{_bindir}/systemd-sysusers || : ++systemd-sysusers || : %transfiletriggerin -P 1000700 udev -- {{UDEV_HWDB_DIR}} # This script will automatically invoke hwdb update if files have been # installed or updated in {{UDEV_HWDB_DIR}}. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemd-hwdb update || : -+ systemd-hwdb update || : - fi +-%{_bindir}/systemd-hwdb update || : ++systemd-hwdb update || : %transfiletriggerin -P 1000700 -- {{SYSTEMD_CATALOG_DIR}} # This script will automatically invoke journal catalog update if files # have been installed or updated in {{SYSTEMD_CATALOG_DIR}}. - if test -d "/run/systemd/system"; then -- %{_bindir}/journalctl --update-catalog || : -+ journalctl --update-catalog || : - fi +-%{_bindir}/journalctl --update-catalog || : ++journalctl --update-catalog || : %transfiletriggerin -P 1000700 -- {{BINFMT_DIR}} -@@ -71,14 +71,14 @@ fi + # This script will automatically apply binfmt rules if files have been +@@ -65,14 +65,14 @@ fi # tmpfiles automatically. The priority is set such that it will run # after the sysusers file trigger, but before any other triggers. if test -d "/run/systemd/system"; then diff --git a/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch b/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch index 212a58d..beab891 100644 --- a/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch +++ b/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch @@ -1,7 +1,7 @@ -From 6d825ab2d42d3219e49a192bf99f9c09134a0df4 Mon Sep 17 00:00:00 2001 +From bbfbe1c31046d53640ebb4ef4e4820614fd0864e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 22 Jul 2021 11:22:33 +0200 -Subject: [PATCH] rpm: use a helper script to actually invoke systemctl +Subject: [PATCH 2/6] rpm: use a helper script to actually invoke systemctl commands MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -39,10 +39,10 @@ We were planning to raise the required version anyway… create mode 100755 src/rpm/systemd-update-helper.in diff --git a/README b/README -index 0e5c326deb..a8f23a0d5b 100644 +index 9e5bcab830..2b759e7f5a 100644 --- a/README +++ b/README -@@ -193,7 +193,7 @@ REQUIREMENTS: +@@ -195,7 +195,7 @@ REQUIREMENTS: python-jinja2 python-lxml (optional, required to build the indices) python >= 3.5 @@ -52,7 +52,7 @@ index 0e5c326deb..a8f23a0d5b 100644 gcc, awk, sed, grep, and similar tools clang >= 10.0, llvm >= 10.0 (optional, required to build BPF programs diff --git a/meson.build b/meson.build -index a2ee15bf32..c6b3e72d23 100644 +index ece21fbd10..5962371e49 100644 --- a/meson.build +++ b/meson.build @@ -10,7 +10,7 @@ project('systemd', 'c', @@ -232,7 +232,7 @@ index 0000000000..9fa49fa131 + ;; +esac diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in -index 247358008a..d29cc33dfd 100644 +index 483207e58c..f56c80c7ca 100644 --- a/src/rpm/triggers.systemd.in +++ b/src/rpm/triggers.systemd.in @@ -13,20 +13,11 @@ @@ -297,7 +297,7 @@ index 247358008a..d29cc33dfd 100644 %transfiletriggerin -P 100700 -p -- {{SYSUSERS_DIR}} diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in -index 1631be18c9..83cd7617f8 100644 +index f8c4514313..3b35a4b5c6 100644 --- a/src/rpm/triggers.systemd.sh.in +++ b/src/rpm/triggers.systemd.sh.in @@ -14,10 +14,7 @@ diff --git a/0003-rpm-call-needs-restart-in-parallel.patch b/0003-rpm-call-needs-restart-in-parallel.patch index b1efa37..2a4bf36 100644 --- a/0003-rpm-call-needs-restart-in-parallel.patch +++ b/0003-rpm-call-needs-restart-in-parallel.patch @@ -1,7 +1,7 @@ -From 3598aff4d963b2e51ac74d206161da47bfde785c Mon Sep 17 00:00:00 2001 +From bc587d08416e3517b82b764798866154caa11085 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 22 Jul 2021 11:28:36 +0200 -Subject: [PATCH] rpm: call +needs-restart in parallel +Subject: [PATCH 3/6] rpm: call +needs-restart in parallel MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch b/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch index 94eca7b..d4cbf7f 100644 --- a/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch +++ b/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch @@ -1,7 +1,7 @@ -From 36d55958ccc75fa3c91bdd7354d74c910f2f6cc7 Mon Sep 17 00:00:00 2001 +From eb458aa5f37496059540e1db47f8b4f1c69ef206 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 7 Jul 2021 14:37:57 +0200 -Subject: [PATCH] rpm: restart user services at the end of the transaction +Subject: [PATCH 4/6] rpm: restart user services at the end of the transaction This closes an important gap: so far we would reexecute the system manager and restart system services that were configured to do so, but we wouldn't do the @@ -51,7 +51,7 @@ fa97d2fcf64e0558054bee673f734f523373b146. 6 files changed, 94 insertions(+), 3 deletions(-) diff --git a/meson.build b/meson.build -index c6b3e72d23..cafce977c2 100644 +index 5962371e49..e185c27750 100644 --- a/meson.build +++ b/meson.build @@ -270,6 +270,7 @@ conf.set_quoted('TMPFILES_DIR', tmpfilesdir) @@ -63,7 +63,7 @@ index c6b3e72d23..cafce977c2 100644 conf.set_quoted('USER_DATA_UNIT_DIR', userunitdir) conf.set_quoted('USER_ENV_GENERATOR_DIR', userenvgeneratordir) diff --git a/meson_options.txt b/meson_options.txt -index b60261ac24..50f2b7b5e9 100644 +index 2f0f4e7b8f..43b815e433 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -182,6 +182,8 @@ option('xinitrcdir', type : 'string', value : '', @@ -165,7 +165,7 @@ index f3c75b75fa..f3466ab3c0 100755 echo "Unknown verb '$command'" exit 3 diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in -index d29cc33dfd..8aeb2049c1 100644 +index f56c80c7ca..4755cdafe8 100644 --- a/src/rpm/triggers.systemd.in +++ b/src/rpm/triggers.systemd.in @@ -20,6 +20,14 @@ elseif pid > 0 then @@ -219,7 +219,7 @@ index d29cc33dfd..8aeb2049c1 100644 -- This script will process files installed in {{SYSUSERS_DIR}} to create -- specified users automatically. The priority is set such that it diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in -index 83cd7617f8..694cd94e8d 100644 +index 3b35a4b5c6..8c301f5ed9 100644 --- a/src/rpm/triggers.systemd.sh.in +++ b/src/rpm/triggers.systemd.sh.in @@ -16,6 +16,9 @@ diff --git a/0005-update-helper-also-add-user-reexec-verb.patch b/0005-update-helper-also-add-user-reexec-verb.patch index f5f407e..04d374c 100644 --- a/0005-update-helper-also-add-user-reexec-verb.patch +++ b/0005-update-helper-also-add-user-reexec-verb.patch @@ -1,7 +1,7 @@ -From 1262e824a4d638e347ae0d39c973f1f750962533 Mon Sep 17 00:00:00 2001 +From 50336a7d0c584c1731c656e991a317029ed45f84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 23 Jul 2021 15:35:23 +0200 -Subject: [PATCH] update-helper: also add "user-reexec" verb +Subject: [PATCH 5/6] update-helper: also add "user-reexec" verb This is not called from the systemd.triggers or systemd.macros files. Instead, it would be called from the scriptlets in systemd rpm package itself, at the diff --git a/0006-update-helper-add-missing-loop-over-user-units.patch b/0006-update-helper-add-missing-loop-over-user-units.patch index 308c4c2..3fc1317 100644 --- a/0006-update-helper-add-missing-loop-over-user-units.patch +++ b/0006-update-helper-add-missing-loop-over-user-units.patch @@ -1,7 +1,7 @@ -From a4eba5d8cfaabbd87687c651fcdd06df9e267931 Mon Sep 17 00:00:00 2001 +From 107f3e397937eb6a45054e22bd79c142fae19cd4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 4 Nov 2021 09:49:18 +0100 -Subject: [PATCH] update-helper: add missing loop over user units +Subject: [PATCH 6/6] update-helper: add missing loop over user units Noticed by Luca. @@ -12,10 +12,10 @@ and testing ;( 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -index fa35e7ba90..7e007d4806 100755 +index 0c6675a9db..47d6663e07 100755 --- a/src/rpm/systemd-update-helper.in +++ b/src/rpm/systemd-update-helper.in -@@ -52,8 +52,10 @@ case "$command" in +@@ -51,8 +51,10 @@ case "$command" in users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') for user in $users; do diff --git a/sources b/sources index f9e5098..194dcc1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-249.12.tar.gz) = 7a565418b13e2e6d0cd6bcdaca9987ea626449c8f28266a514b20d19e63e0779e31acbef9d5e14139a94bc72cdd652f86694509ed21158c45b106585058272d1 +SHA512 (systemd-249.13.tar.gz) = eca374a66cc6a3439e83495e11d96f885c68508f340332cd750558f9fde3e6f31775e98caf085be53c7ef1ac8cf01ba7f84641112e5c978c4670e053cca305b0 diff --git a/systemd.spec b/systemd.spec index fb8c25e..cc9690c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,8 +30,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 249.12 -Release: 5%{?dist} +Version: 249.13 +Release: 6%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -1039,6 +1039,10 @@ exit 0 %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Fri Nov 4 2022 Zbigniew Jędrzejewski-Szmek - 249.13-6 +- Latest stable release (various small fixes all over: #2085481, #2086166) +- #2139355, CVE-2022-3821 + * Thu Jun 16 2022 Adam Williamson - 249.12-5 - Change dynamic stub target to make name resolution work in install %post (#2074083)