From 46a408102a0cfb5692d4625a33025811cab0343f Mon Sep 17 00:00:00 2001 From: Sahana Prasad Date: Tue, 14 Sep 2021 19:16:25 +0200 Subject: [PATCH 001/494] Rebuilt with OpenSSL 3.0.0 --- systemd.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 7c8b041..3af35b6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,11 +31,11 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 249.4 -Release: 1%{?dist} +Release: 2%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') -Release: 0 +Release: 1 %endif # For a breakdown of the licensing, see README @@ -1002,6 +1002,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Tue Sep 14 2021 Sahana Prasad +- Rebuilt with OpenSSL 3.0.0 + * Tue Aug 24 2021 Zbigniew Jędrzejewski-Szmek - 249.4-1 - Latest bugfix release: various fixes for systemd-networkd, systemd-resolved, systemd, systemd-boot. From 9802d8ce77cc39ab7020e436c891407037279c37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 15 Sep 2021 16:59:31 +0200 Subject: [PATCH 002/494] Fix build with the latest kernels --- 20695.patch | 24 ++++++++++++++++++++++++ systemd.spec | 1 + 2 files changed, 25 insertions(+) create mode 100644 20695.patch diff --git a/20695.patch b/20695.patch new file mode 100644 index 0000000..f7ac0bd --- /dev/null +++ b/20695.patch @@ -0,0 +1,24 @@ +From 67cd626399b0d02882ee00716c8bd31ba764c862 Mon Sep 17 00:00:00 2001 +From: Chris Packham +Date: Fri, 10 Sep 2021 09:51:36 +1200 +Subject: [PATCH] basic/linux: Sync if_arp.h with Linux 5.14 + +ARPHRD_MCTP was added in 5.14. Sync if_arp.h to pick up the definition + +Fixes #20694 +--- + src/basic/linux/if_arp.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/basic/linux/if_arp.h b/src/basic/linux/if_arp.h +index c3cc5a9e5eaf..4783af9fe520 100644 +--- a/src/basic/linux/if_arp.h ++++ b/src/basic/linux/if_arp.h +@@ -54,6 +54,7 @@ + #define ARPHRD_X25 271 /* CCITT X.25 */ + #define ARPHRD_HWX25 272 /* Boards with X.25 in firmware */ + #define ARPHRD_CAN 280 /* Controller Area Network */ ++#define ARPHRD_MCTP 290 + #define ARPHRD_PPP 512 + #define ARPHRD_CISCO 513 /* Cisco HDLC */ + #define ARPHRD_HDLC ARPHRD_CISCO diff --git a/systemd.spec b/systemd.spec index 3af35b6..453efb5 100644 --- a/systemd.spec +++ b/systemd.spec @@ -97,6 +97,7 @@ Patch0003: 0003-rpm-call-needs-restart-in-parallel.patch Patch0004: 0004-rpm-restart-user-services-at-the-end-of-the-transact.patch Patch0005: 0005-update-helper-also-add-user-reexec-verb.patch +Patch0006: https://github.com/systemd/systemd/pull/20695.patch # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From 013143c94e300e15777de566e381f7a4e1f07b36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 29 Sep 2021 17:19:21 +0200 Subject: [PATCH 003/494] Wrap package descriptions at 80 columns --- systemd.spec | 68 +++++++++++++++++++++++++--------------------------- 1 file changed, 33 insertions(+), 35 deletions(-) diff --git a/systemd.spec b/systemd.spec index 453efb5..890f90f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -222,19 +222,17 @@ Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits} Recommends: libqrencode.so.4%{?elf_suffix} %description -systemd is a system and service manager that runs as PID 1 and starts -the rest of the system. It provides aggressive parallelization -capabilities, uses socket and D-Bus activation for starting services, -offers on-demand starting of daemons, keeps track of processes using -Linux control groups, maintains mount and automount points, and -implements an elaborate transactional dependency-based service control -logic. systemd supports SysV and LSB init scripts and works as a +systemd is a system and service manager that runs as PID 1 and starts the rest +of the system. It provides aggressive parallelization capabilities, uses socket +and D-Bus activation for starting services, offers on-demand starting of +daemons, keeps track of processes using Linux control groups, maintains mount +and automount points, and implements an elaborate transactional dependency-based +service control logic. systemd supports SysV and LSB init scripts and works as a replacement for sysvinit. Other parts of this package are a logging daemon, -utilities to control basic system configuration like the hostname, -date, locale, maintain a list of logged-in users, system accounts, -runtime directories and settings, and daemons to manage simple network -configuration, network time synchronization, log forwarding, and name -resolution. +utilities to control basic system configuration like the hostname, date, locale, +maintain a list of logged-in users, system accounts, runtime directories and +settings, and daemons to manage simple network configuration, network time +synchronization, log forwarding, and name resolution. %if 0%{?stable} This package was built from the %{version}-stable branch of systemd. %endif @@ -315,9 +313,9 @@ Provides: u2f-hidraw-policy = 1.0.2-40 Obsoletes: u2f-hidraw-policy < 1.0.2-40 %description udev -This package contains systemd-udev and the rules and hardware database -needed to manage device nodes. This package is necessary on physical -machines and in virtual machines, but not in containers. +This package contains systemd-udev and the rules and hardware database needed to +manage device nodes. This package is necessary on physical machines and in +virtual machines, but not in containers. %package container # Name is the same as in Debian @@ -333,8 +331,8 @@ License: LGPLv2+ %description container Systemd tools to spawn and manage containers and virtual machines. -This package contains systemd-nspawn, machinectl, systemd-machined, -and systemd-importd. +This package contains systemd-nspawn, machinectl, systemd-machined, and +systemd-importd. %package journal-remote # Name is the same as in Debian @@ -351,11 +349,11 @@ Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} Obsoletes: %{name}-journal-gateway < 227-7 %description journal-remote -Programs to forward journal entries over the network, using encrypted HTTP, -and to write journal files from serialized journal contents. +Programs to forward journal entries over the network, using encrypted HTTP, and +to write journal files from serialized journal contents. -This package contains systemd-journal-gatewayd, -systemd-journal-remote, and systemd-journal-upload. +This package contains systemd-journal-gatewayd, systemd-journal-remote, and +systemd-journal-upload. %package networkd Summary: System daemon that manages network configurations @@ -365,9 +363,9 @@ License: LGPLv2+ Obsoletes: systemd < 246.6-2 %description networkd -systemd-networkd is a system service that manages networks. It detects -and configures network devices as they appear, as well as creating virtual -network devices. +systemd-networkd is a system service that manages networks. It detects and +configures network devices as they appear, as well as creating virtual network +devices. %package resolved Summary: Network Name Resolution manager @@ -375,9 +373,9 @@ Requires: %{name}%{?_isa} = %{version}-%{release} Obsoletes: %{name} < 249~~ %description resolved -systemd-resolved is a system service that provides network name resolution -to local applications. It implements a caching and validating DNS/DNSSEC -stub resolver, as well as an LLMNR and MulticastDNS resolver and responder. +systemd-resolved is a system service that provides network name resolution to +local applications. It implements a caching and validating DNS/DNSSEC stub +resolver, as well as an LLMNR and MulticastDNS resolver and responder. %package oomd-defaults Summary: Configuration files for systemd-oomd @@ -395,26 +393,26 @@ Requires: %{name}%{?_isa} = %{version}-%{release} License: LGPLv2+ %description tests -"Installed tests" that are usually run as part of the build system. -They can be useful to test systemd internals. +"Installed tests" that are usually run as part of the build system. They can be +useful to test systemd internals. %package standalone-tmpfiles Summary: Standalone tmpfiles binary for use in non-systemd systems RemovePathPostfixes: .standalone %description standalone-tmpfiles -Standalone tmpfiles binary with no dependencies on the systemd-shared library -or other libraries from systemd-libs. This package conflicts with the main -systemd package and is meant for use in non-systemd systems. +Standalone tmpfiles binary with no dependencies on the systemd-shared library or +other libraries from systemd-libs. This package conflicts with the main systemd +package and is meant for use in non-systemd systems. %package standalone-sysusers Summary: Standalone sysusers binary for use in non-systemd systems RemovePathPostfixes: .standalone %description standalone-sysusers -Standalone sysusers binary with no dependencies on the systemd-shared library -or other libraries from systemd-libs. This package conflicts with the main -systemd package and is meant for use in non-systemd systems. +Standalone sysusers binary with no dependencies on the systemd-shared library or +other libraries from systemd-libs. This package conflicts with the main systemd +package and is meant for use in non-systemd systems. %prep %autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1 From 837a32b7cd6aff49efd28e85ad31275b03a12f0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 12 Oct 2021 18:19:21 +0200 Subject: [PATCH 004/494] Version 249.5 --- 20695.patch | 24 ------------------------ sources | 2 +- systemd.spec | 13 +++++++++---- triggers.systemd | 36 ++++++++++++++++++++---------------- 4 files changed, 30 insertions(+), 45 deletions(-) delete mode 100644 20695.patch diff --git a/20695.patch b/20695.patch deleted file mode 100644 index f7ac0bd..0000000 --- a/20695.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 67cd626399b0d02882ee00716c8bd31ba764c862 Mon Sep 17 00:00:00 2001 -From: Chris Packham -Date: Fri, 10 Sep 2021 09:51:36 +1200 -Subject: [PATCH] basic/linux: Sync if_arp.h with Linux 5.14 - -ARPHRD_MCTP was added in 5.14. Sync if_arp.h to pick up the definition - -Fixes #20694 ---- - src/basic/linux/if_arp.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/basic/linux/if_arp.h b/src/basic/linux/if_arp.h -index c3cc5a9e5eaf..4783af9fe520 100644 ---- a/src/basic/linux/if_arp.h -+++ b/src/basic/linux/if_arp.h -@@ -54,6 +54,7 @@ - #define ARPHRD_X25 271 /* CCITT X.25 */ - #define ARPHRD_HWX25 272 /* Boards with X.25 in firmware */ - #define ARPHRD_CAN 280 /* Controller Area Network */ -+#define ARPHRD_MCTP 290 - #define ARPHRD_PPP 512 - #define ARPHRD_CISCO 513 /* Cisco HDLC */ - #define ARPHRD_HDLC ARPHRD_CISCO diff --git a/sources b/sources index 6d600ac..4273125 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-249.4.tar.gz) = 5b9ec28102538bc3dcb632ee16389ff20dccf4b723186f6ae2da119a1809d84db0d8bcecf9b75c5e2da8427f5543e1da281bbed1a154e529d8a82ea5128c465c +SHA512 (systemd-249.5.tar.gz) = d6f1a5a6f03f0ed05b111aee75da509c5868c523af6209f33e630724dd0c7e0d0abf16920795d587e6c31a5915d247ebc613cf26d4aecf39f82ebb0690fab75f diff --git a/systemd.spec b/systemd.spec index 890f90f..ac01c77 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,8 +30,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 249.4 -Release: 2%{?dist} +Version: 249.5 +Release: 1%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -97,8 +97,6 @@ Patch0003: 0003-rpm-call-needs-restart-in-parallel.patch Patch0004: 0004-rpm-restart-user-services-at-the-end-of-the-transact.patch Patch0005: 0005-update-helper-also-add-user-reexec-verb.patch -Patch0006: https://github.com/systemd/systemd/pull/20695.patch - # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0500: use-bfq-scheduler.patch @@ -1001,6 +999,13 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Tue Oct 12 2021 Zbigniew Jędrzejewski-Szmek - 249.5-1 +- Latest bugfix release (various fixes in systemd-networkd, + --timesyncd, -journald, -udev, homed, -resolved, -repart, -oomd, + --coredump, systemd itself, seccomp filters, TPM2 handling, + -documentation, sd-event, sd-journal, journalctl, and nss-systemd). +- Fixes #1976445. + * Tue Sep 14 2021 Sahana Prasad - Rebuilt with OpenSSL 3.0.0 diff --git a/triggers.systemd b/triggers.systemd index 6c57d71..8827e0f 100644 --- a/triggers.systemd +++ b/triggers.systemd @@ -14,10 +14,10 @@ # upgraded. We care about the case where a package is initially # installed, because other cases are covered by the *un scriptlets, # so sometimes we will reload needlessly. -if test -d "/run/systemd/system"; then - %{_bindir}/systemctl daemon-reload || : - %{_bindir}/systemctl reload-or-restart --marked || : -fi +/usr/lib/systemd/systemd-update-helper system-reload-restart || : + +%transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user +/usr/lib/systemd/systemd-update-helper user-reload-restart || : %transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system # On removal, we need to run daemon-reload after any units have been @@ -25,36 +25,40 @@ fi # On upgrade, we need to run daemon-reload after any new unit files # have been installed, but before %postun scripts in packages get # executed. -if test -d "/run/systemd/system"; then - %{_bindir}/systemctl daemon-reload || : -fi +/usr/lib/systemd/systemd-update-helper system-reload || : + +%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user +# Execute daemon-reload in user managers. +/usr/lib/systemd/systemd-update-helper user-reload || : %transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system -# We restart remaining services that should be restarted here. -if test -d "/run/systemd/system"; then - %{_bindir}/systemctl reload-or-restart --marked || : -fi +# We restart remaining system services that should be restarted here. +/usr/lib/systemd/systemd-update-helper system-restart || : + +%transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user /etc/systemd/user +# We restart remaining user services that should be restarted here. +/usr/lib/systemd/systemd-update-helper user-restart || : %transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d # This script will process files installed in /usr/lib/sysusers.d to create # specified users automatically. The priority is set such that it # will run before the tmpfiles file trigger. if test -d "/run/systemd/system"; then - %{_bindir}/systemd-sysusers || : + systemd-sysusers || : fi %transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d # This script will automatically invoke hwdb update if files have been # installed or updated in /usr/lib/udev/hwdb.d. if test -d "/run/systemd/system"; then - %{_bindir}/systemd-hwdb update || : + systemd-hwdb update || : fi %transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog # This script will automatically invoke journal catalog update if files # have been installed or updated in /usr/lib/systemd/catalog. if test -d "/run/systemd/system"; then - %{_bindir}/journalctl --update-catalog || : + journalctl --update-catalog || : fi %transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d @@ -71,14 +75,14 @@ fi # tmpfiles automatically. The priority is set such that it will run # after the sysusers file trigger, but before any other triggers. if test -d "/run/systemd/system"; then - %{_bindir}/systemd-tmpfiles --create || : + systemd-tmpfiles --create || : fi %transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d # This script will automatically update udev with new rules if files # have been installed or updated in /usr/lib/udev/rules.d. if test -e /run/udev/control; then - %{_bindir}/udevadm control --reload || : + udevadm control --reload || : fi %transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d From 6a6e2b723e4bab88fca7d5368a8d6ad903950d6f Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Fri, 29 Oct 2021 14:25:29 -0700 Subject: [PATCH 005/494] Backport PR #133 to fix boot --- ...eck-unit-start-rate-limiting-earlier.patch | 486 ++++++++++++++++++ systemd.spec | 7 +- 2 files changed, 492 insertions(+), 1 deletion(-) create mode 100644 0006-Revert-core-Check-unit-start-rate-limiting-earlier.patch diff --git a/0006-Revert-core-Check-unit-start-rate-limiting-earlier.patch b/0006-Revert-core-Check-unit-start-rate-limiting-earlier.patch new file mode 100644 index 0000000..f0da40b --- /dev/null +++ b/0006-Revert-core-Check-unit-start-rate-limiting-earlier.patch @@ -0,0 +1,486 @@ +From 4fa9d8f14523982482386d398d2b2669902f2098 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 18 Oct 2021 14:11:53 +0900 +Subject: [PATCH] Revert "core: Check unit start rate limiting earlier" + +This reverts commit ed8fbbf1745c6a2dc0b8cd560ac8a3353f72e979. + +This was causing problems during boot, see +https://bodhi.fedoraproject.org/updates/FEDORA-2021-a1a52487e6, +https://bugzilla.redhat.com/show_bug.cgi?id=2013386. +https://github.com/systemd/systemd/issues/21025 +--- + src/core/automount.c | 23 ++++++----------------- + src/core/mount.c | 23 ++++++----------------- + src/core/path.c | 23 ++++++----------------- + src/core/service.c | 25 +++++++------------------ + src/core/socket.c | 23 ++++++----------------- + src/core/swap.c | 23 ++++++----------------- + src/core/timer.c | 23 ++++++----------------- + src/core/unit.c | 7 ------- + src/core/unit.h | 4 ---- + test/TEST-63-ISSUE-17433/Makefile | 1 - + test/TEST-63-ISSUE-17433/test.sh | 9 --------- + test/meson.build | 2 -- + test/testsuite-10.units/test10.service | 3 --- + test/testsuite-63.units/test63.path | 2 -- + test/testsuite-63.units/test63.service | 5 ----- + test/units/testsuite-63.service | 16 ---------------- + 16 files changed, 43 insertions(+), 169 deletions(-) + delete mode 120000 test/TEST-63-ISSUE-17433/Makefile + delete mode 100755 test/TEST-63-ISSUE-17433/test.sh + delete mode 100644 test/testsuite-63.units/test63.path + delete mode 100644 test/testsuite-63.units/test63.service + delete mode 100644 test/units/testsuite-63.service + +diff --git a/src/core/automount.c b/src/core/automount.c +index 0722abef23..edc9588165 100644 +--- a/src/core/automount.c ++++ b/src/core/automount.c +@@ -814,6 +814,12 @@ static int automount_start(Unit *u) { + if (r < 0) + return r; + ++ r = unit_test_start_limit(u); ++ if (r < 0) { ++ automount_enter_dead(a, AUTOMOUNT_FAILURE_START_LIMIT_HIT); ++ return r; ++ } ++ + r = unit_acquire_invocation_id(u); + if (r < 0) + return r; +@@ -1059,21 +1065,6 @@ static bool automount_supported(void) { + return supported; + } + +-static int automount_test_start_limit(Unit *u) { +- Automount *a = AUTOMOUNT(u); +- int r; +- +- assert(a); +- +- r = unit_test_start_limit(u); +- if (r < 0) { +- automount_enter_dead(a, AUTOMOUNT_FAILURE_START_LIMIT_HIT); +- return r; +- } +- +- return 0; +-} +- + static const char* const automount_result_table[_AUTOMOUNT_RESULT_MAX] = { + [AUTOMOUNT_SUCCESS] = "success", + [AUTOMOUNT_FAILURE_RESOURCES] = "resources", +@@ -1136,6 +1127,4 @@ const UnitVTable automount_vtable = { + [JOB_FAILED] = "Failed to unset automount %s.", + }, + }, +- +- .test_start_limit = automount_test_start_limit, + }; +diff --git a/src/core/mount.c b/src/core/mount.c +index 9bec190cb6..af39db214b 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -1168,6 +1168,12 @@ static int mount_start(Unit *u) { + + assert(IN_SET(m->state, MOUNT_DEAD, MOUNT_FAILED)); + ++ r = unit_test_start_limit(u); ++ if (r < 0) { ++ mount_enter_dead(m, MOUNT_FAILURE_START_LIMIT_HIT); ++ return r; ++ } ++ + r = unit_acquire_invocation_id(u); + if (r < 0) + return r; +@@ -2137,21 +2143,6 @@ static int mount_can_clean(Unit *u, ExecCleanMask *ret) { + return exec_context_get_clean_mask(&m->exec_context, ret); + } + +-static int mount_test_start_limit(Unit *u) { +- Mount *m = MOUNT(u); +- int r; +- +- assert(m); +- +- r = unit_test_start_limit(u); +- if (r < 0) { +- mount_enter_dead(m, MOUNT_FAILURE_START_LIMIT_HIT); +- return r; +- } +- +- return 0; +-} +- + static const char* const mount_exec_command_table[_MOUNT_EXEC_COMMAND_MAX] = { + [MOUNT_EXEC_MOUNT] = "ExecMount", + [MOUNT_EXEC_UNMOUNT] = "ExecUnmount", +@@ -2249,6 +2240,4 @@ const UnitVTable mount_vtable = { + [JOB_TIMEOUT] = "Timed out unmounting %s.", + }, + }, +- +- .test_start_limit = mount_test_start_limit, + }; +diff --git a/src/core/path.c b/src/core/path.c +index 2b659696a4..e098e83a31 100644 +--- a/src/core/path.c ++++ b/src/core/path.c +@@ -590,6 +590,12 @@ static int path_start(Unit *u) { + if (r < 0) + return r; + ++ r = unit_test_start_limit(u); ++ if (r < 0) { ++ path_enter_dead(p, PATH_FAILURE_START_LIMIT_HIT); ++ return r; ++ } ++ + r = unit_acquire_invocation_id(u); + if (r < 0) + return r; +@@ -805,21 +811,6 @@ static void path_reset_failed(Unit *u) { + p->result = PATH_SUCCESS; + } + +-static int path_test_start_limit(Unit *u) { +- Path *p = PATH(u); +- int r; +- +- assert(p); +- +- r = unit_test_start_limit(u); +- if (r < 0) { +- path_enter_dead(p, PATH_FAILURE_START_LIMIT_HIT); +- return r; +- } +- +- return 0; +-} +- + static const char* const path_type_table[_PATH_TYPE_MAX] = { + [PATH_EXISTS] = "PathExists", + [PATH_EXISTS_GLOB] = "PathExistsGlob", +@@ -874,6 +865,4 @@ const UnitVTable path_vtable = { + .reset_failed = path_reset_failed, + + .bus_set_property = bus_path_set_property, +- +- .test_start_limit = path_test_start_limit, + }; +diff --git a/src/core/service.c b/src/core/service.c +index 701c145565..7b90822f68 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -2456,6 +2456,13 @@ static int service_start(Unit *u) { + + assert(IN_SET(s->state, SERVICE_DEAD, SERVICE_FAILED)); + ++ /* Make sure we don't enter a busy loop of some kind. */ ++ r = unit_test_start_limit(u); ++ if (r < 0) { ++ service_enter_dead(s, SERVICE_FAILURE_START_LIMIT_HIT, false); ++ return r; ++ } ++ + r = unit_acquire_invocation_id(u); + if (r < 0) + return r; +@@ -4451,22 +4458,6 @@ static const char *service_finished_job(Unit *u, JobType t, JobResult result) { + return NULL; + } + +-static int service_test_start_limit(Unit *u) { +- Service *s = SERVICE(u); +- int r; +- +- assert(s); +- +- /* Make sure we don't enter a busy loop of some kind. */ +- r = unit_test_start_limit(u); +- if (r < 0) { +- service_enter_dead(s, SERVICE_FAILURE_START_LIMIT_HIT, false); +- return r; +- } +- +- return 0; +-} +- + static const char* const service_restart_table[_SERVICE_RESTART_MAX] = { + [SERVICE_RESTART_NO] = "no", + [SERVICE_RESTART_ON_SUCCESS] = "on-success", +@@ -4629,6 +4620,4 @@ const UnitVTable service_vtable = { + }, + .finished_job = service_finished_job, + }, +- +- .test_start_limit = service_test_start_limit, + }; +diff --git a/src/core/socket.c b/src/core/socket.c +index 31d88b71ff..f362a5baa8 100644 +--- a/src/core/socket.c ++++ b/src/core/socket.c +@@ -2515,6 +2515,12 @@ static int socket_start(Unit *u) { + + assert(IN_SET(s->state, SOCKET_DEAD, SOCKET_FAILED)); + ++ r = unit_test_start_limit(u); ++ if (r < 0) { ++ socket_enter_dead(s, SOCKET_FAILURE_START_LIMIT_HIT); ++ return r; ++ } ++ + r = unit_acquire_invocation_id(u); + if (r < 0) + return r; +@@ -3423,21 +3429,6 @@ static int socket_can_clean(Unit *u, ExecCleanMask *ret) { + return exec_context_get_clean_mask(&s->exec_context, ret); + } + +-static int socket_test_start_limit(Unit *u) { +- Socket *s = SOCKET(u); +- int r; +- +- assert(s); +- +- r = unit_test_start_limit(u); +- if (r < 0) { +- socket_enter_dead(s, SOCKET_FAILURE_START_LIMIT_HIT); +- return r; +- } +- +- return 0; +-} +- + static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = { + [SOCKET_EXEC_START_PRE] = "ExecStartPre", + [SOCKET_EXEC_START_CHOWN] = "ExecStartChown", +@@ -3564,6 +3555,4 @@ const UnitVTable socket_vtable = { + [JOB_TIMEOUT] = "Timed out stopping %s.", + }, + }, +- +- .test_start_limit = socket_test_start_limit, + }; +diff --git a/src/core/swap.c b/src/core/swap.c +index b25f68fb7d..3843b19500 100644 +--- a/src/core/swap.c ++++ b/src/core/swap.c +@@ -933,6 +933,12 @@ static int swap_start(Unit *u) { + if (UNIT(other)->job && UNIT(other)->job->state == JOB_RUNNING) + return -EAGAIN; + ++ r = unit_test_start_limit(u); ++ if (r < 0) { ++ swap_enter_dead(s, SWAP_FAILURE_START_LIMIT_HIT); ++ return r; ++ } ++ + r = unit_acquire_invocation_id(u); + if (r < 0) + return r; +@@ -1582,21 +1588,6 @@ static int swap_can_clean(Unit *u, ExecCleanMask *ret) { + return exec_context_get_clean_mask(&s->exec_context, ret); + } + +-static int swap_test_start_limit(Unit *u) { +- Swap *s = SWAP(u); +- int r; +- +- assert(s); +- +- r = unit_test_start_limit(u); +- if (r < 0) { +- swap_enter_dead(s, SWAP_FAILURE_START_LIMIT_HIT); +- return r; +- } +- +- return 0; +-} +- + static const char* const swap_exec_command_table[_SWAP_EXEC_COMMAND_MAX] = { + [SWAP_EXEC_ACTIVATE] = "ExecActivate", + [SWAP_EXEC_DEACTIVATE] = "ExecDeactivate", +@@ -1692,6 +1683,4 @@ const UnitVTable swap_vtable = { + [JOB_TIMEOUT] = "Timed out deactivating swap %s.", + }, + }, +- +- .test_start_limit = swap_test_start_limit, + }; +diff --git a/src/core/timer.c b/src/core/timer.c +index 5ecc9f35cf..e064ad9a2d 100644 +--- a/src/core/timer.c ++++ b/src/core/timer.c +@@ -635,6 +635,12 @@ static int timer_start(Unit *u) { + if (r < 0) + return r; + ++ r = unit_test_start_limit(u); ++ if (r < 0) { ++ timer_enter_dead(t, TIMER_FAILURE_START_LIMIT_HIT); ++ return r; ++ } ++ + r = unit_acquire_invocation_id(u); + if (r < 0) + return r; +@@ -895,21 +901,6 @@ static int timer_can_clean(Unit *u, ExecCleanMask *ret) { + return 0; + } + +-static int timer_test_start_limit(Unit *u) { +- Timer *t = TIMER(u); +- int r; +- +- assert(t); +- +- r = unit_test_start_limit(u); +- if (r < 0) { +- timer_enter_dead(t, TIMER_FAILURE_START_LIMIT_HIT); +- return r; +- } +- +- return 0; +-} +- + static const char* const timer_base_table[_TIMER_BASE_MAX] = { + [TIMER_ACTIVE] = "OnActiveSec", + [TIMER_BOOT] = "OnBootSec", +@@ -969,6 +960,4 @@ const UnitVTable timer_vtable = { + .timezone_change = timer_timezone_change, + + .bus_set_property = bus_timer_set_property, +- +- .test_start_limit = timer_test_start_limit, + }; +diff --git a/src/core/unit.c b/src/core/unit.c +index 69ed43578e..38d3eb703f 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -1851,13 +1851,6 @@ int unit_start(Unit *u) { + + assert(u); + +- /* Check start rate limiting early so that failure conditions don't cause us to enter a busy loop. */ +- if (UNIT_VTABLE(u)->test_start_limit) { +- int r = UNIT_VTABLE(u)->test_start_limit(u); +- if (r < 0) +- return r; +- } +- + /* If this is already started, then this will succeed. Note that this will even succeed if this unit + * is not startable by the user. This is relied on to detect when we need to wait for units and when + * waiting is finished. */ +diff --git a/src/core/unit.h b/src/core/unit.h +index 9babd07188..759104ffa7 100644 +--- a/src/core/unit.h ++++ b/src/core/unit.h +@@ -649,10 +649,6 @@ typedef struct UnitVTable { + * of this type will immediately fail. */ + bool (*supported)(void); + +- /* If this function is set, it's invoked first as part of starting a unit to allow start rate +- * limiting checks to occur before we do anything else. */ +- int (*test_start_limit)(Unit *u); +- + /* The strings to print in status messages */ + UnitStatusMessageFormats status_message_formats; + +diff --git a/test/TEST-63-ISSUE-17433/Makefile b/test/TEST-63-ISSUE-17433/Makefile +deleted file mode 120000 +index e9f93b1104..0000000000 +--- a/test/TEST-63-ISSUE-17433/Makefile ++++ /dev/null +@@ -1 +0,0 @@ +-../TEST-01-BASIC/Makefile +\ No newline at end of file +diff --git a/test/TEST-63-ISSUE-17433/test.sh b/test/TEST-63-ISSUE-17433/test.sh +deleted file mode 100755 +index c595a9f2de..0000000000 +--- a/test/TEST-63-ISSUE-17433/test.sh ++++ /dev/null +@@ -1,9 +0,0 @@ +-#!/usr/bin/env bash +-set -e +- +-TEST_DESCRIPTION="https://github.com/systemd/systemd/issues/17433" +- +-# shellcheck source=test/test-functions +-. "${TEST_BASE_DIR:?}/test-functions" +- +-do_test "$@" +diff --git a/test/meson.build b/test/meson.build +index 6f8f257c2d..47c7f4d49a 100644 +--- a/test/meson.build ++++ b/test/meson.build +@@ -33,8 +33,6 @@ if install_tests + install_dir : testdata_dir) + install_subdir('testsuite-52.units', + install_dir : testdata_dir) +- install_subdir('testsuite-63.units', +- install_dir : testdata_dir) + + testsuite08_dir = testdata_dir + '/testsuite-08.units' + install_data('testsuite-08.units/-.mount', +diff --git a/test/testsuite-10.units/test10.service b/test/testsuite-10.units/test10.service +index 2fb476b986..d0be786b01 100644 +--- a/test/testsuite-10.units/test10.service ++++ b/test/testsuite-10.units/test10.service +@@ -1,9 +1,6 @@ + [Unit] + Requires=test10.socket + ConditionPathExistsGlob=/tmp/nonexistent +-# Make sure we hit the socket trigger limit in the test and not the service start limit. +-StartLimitInterval=1000 +-StartLimitBurst=1000 + + [Service] + ExecStart=true +diff --git a/test/testsuite-63.units/test63.path b/test/testsuite-63.units/test63.path +deleted file mode 100644 +index a6573bda0a..0000000000 +--- a/test/testsuite-63.units/test63.path ++++ /dev/null +@@ -1,2 +0,0 @@ +-[Path] +-PathExists=/tmp/test63 +diff --git a/test/testsuite-63.units/test63.service b/test/testsuite-63.units/test63.service +deleted file mode 100644 +index c83801874d..0000000000 +--- a/test/testsuite-63.units/test63.service ++++ /dev/null +@@ -1,5 +0,0 @@ +-[Unit] +-ConditionPathExists=!/tmp/nonexistent +- +-[Service] +-ExecStart=true +diff --git a/test/units/testsuite-63.service b/test/units/testsuite-63.service +deleted file mode 100644 +index 04122723d4..0000000000 +--- a/test/units/testsuite-63.service ++++ /dev/null +@@ -1,16 +0,0 @@ +-[Unit] +-Description=TEST-63-ISSUE-17433 +- +-[Service] +-ExecStartPre=rm -f /failed /testok +-Type=oneshot +-ExecStart=rm -f /tmp/nonexistent +-ExecStart=systemctl start test63.path +-ExecStart=touch /tmp/test63 +-# Make sure systemd has sufficient time to hit the start limit for test63.service. +-ExecStart=sleep 2 +-ExecStart=sh -x -c 'test "$(systemctl show test63.service -P ActiveState)" = failed' +-ExecStart=sh -x -c 'test "$(systemctl show test63.service -P Result)" = start-limit-hit' +-ExecStart=sh -x -c 'test "$(systemctl show test63.path -P ActiveState)" = failed' +-ExecStart=sh -x -c 'test "$(systemctl show test63.path -P Result)" = unit-start-limit-hit' +-ExecStart=sh -x -c 'echo OK >/testok' +-- +2.33.1 + diff --git a/systemd.spec b/systemd.spec index ac01c77..c1bb2c2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 249.5 -Release: 1%{?dist} +Release: 2%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -96,6 +96,8 @@ Patch0002: 0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch Patch0003: 0003-rpm-call-needs-restart-in-parallel.patch Patch0004: 0004-rpm-restart-user-services-at-the-end-of-the-transact.patch Patch0005: 0005-update-helper-also-add-user-reexec-verb.patch +# Backport https://github.com/systemd/systemd-stable/pull/133 to fix boot +Patch0006: 0006-Revert-core-Check-unit-start-rate-limiting-earlier.patch # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -999,6 +1001,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Fri Oct 29 2021 Adam Williamson - 249.5-2 +- Backport PR #133 to fix boot + * Tue Oct 12 2021 Zbigniew Jędrzejewski-Szmek - 249.5-1 - Latest bugfix release (various fixes in systemd-networkd, --timesyncd, -journald, -udev, homed, -resolved, -repart, -oomd, From ebeb76453ae3cf01230482d0a00b80192bb6656e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 4 Nov 2021 14:17:10 +0100 Subject: [PATCH 006/494] Version 249.6 --- ...y-the-full-path-for-systemctl-and-ot.patch | 9 +- ...-script-to-actually-invoke-systemctl.patch | 11 +- 0003-rpm-call-needs-restart-in-parallel.patch | 9 +- ...-services-at-the-end-of-the-transact.patch | 13 +- ...ate-helper-also-add-user-reexec-verb.patch | 9 +- ...eck-unit-start-rate-limiting-earlier.patch | 486 ------------------ ...per-add-missing-loop-over-user-units.patch | 30 ++ sources | 2 +- systemd.spec | 11 +- 9 files changed, 52 insertions(+), 528 deletions(-) delete mode 100644 0006-Revert-core-Check-unit-start-rate-limiting-earlier.patch create mode 100644 0006-update-helper-add-missing-loop-over-user-units.patch diff --git a/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch b/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch index f7b3a61..00a012c 100644 --- a/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch +++ b/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch @@ -1,7 +1,7 @@ -From d4bd8777a483ea834e687c1ee35dee32efe6e49f Mon Sep 17 00:00:00 2001 +From 7d9ee15d0fc2af87481ee371b278dbe7e68165ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 7 Jul 2021 14:02:36 +0200 -Subject: [PATCH 1/5] rpm: don't specify the full path for systemctl and other +Subject: [PATCH] rpm: don't specify the full path for systemctl and other commands We can make things a bit simpler and more readable by not specifying the path. @@ -10,8 +10,6 @@ recursively by anythign we invoke), this didn't really privide any security or robustness benefits. I guess that full paths were used because this style of rpm packagnig was popular in the past, with macros used for everything possible, with special macros for common commands like %{__ln} and %{__mkdir}. - -(cherry picked from commit 7d9ee15d0fc2af87481ee371b278dbe7e68165ef) --- src/rpm/macros.systemd.in | 24 ++++++++++++------------ src/rpm/triggers.systemd.in | 18 +++++++++--------- @@ -252,6 +250,3 @@ index 22abad9812..1631be18c9 100644 fi %transfiletriggerin -P 1000500 -- {{SYSCTL_DIR}} --- -2.31.1 - diff --git a/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch b/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch index 32047c5..212a58d 100644 --- a/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch +++ b/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch @@ -1,7 +1,7 @@ -From 09e8c6aa71ee4b5ff3ee85fc4855e2c1a246a079 Mon Sep 17 00:00:00 2001 +From 6d825ab2d42d3219e49a192bf99f9c09134a0df4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 22 Jul 2021 11:22:33 +0200 -Subject: [PATCH 2/5] rpm: use a helper script to actually invoke systemctl +Subject: [PATCH] rpm: use a helper script to actually invoke systemctl commands MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -27,8 +27,6 @@ implementation in bash to do the more complex stuff. The meson version is raised to 0.47 because that's needed for install_mode. We were planning to raise the required version anyway… - -(cherry picked from commit 6d825ab2d42d3219e49a192bf99f9c09134a0df4) --- README | 2 +- meson.build | 3 +- @@ -54,7 +52,7 @@ index 0e5c326deb..a8f23a0d5b 100644 gcc, awk, sed, grep, and similar tools clang >= 10.0, llvm >= 10.0 (optional, required to build BPF programs diff --git a/meson.build b/meson.build -index 738879eb21..fb986e84f7 100644 +index a2ee15bf32..c6b3e72d23 100644 --- a/meson.build +++ b/meson.build @@ -10,7 +10,7 @@ project('systemd', 'c', @@ -332,6 +330,3 @@ index 1631be18c9..83cd7617f8 100644 %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} # This script will process files installed in {{SYSUSERS_DIR}} to create --- -2.31.1 - diff --git a/0003-rpm-call-needs-restart-in-parallel.patch b/0003-rpm-call-needs-restart-in-parallel.patch index 4637f3e..b1efa37 100644 --- a/0003-rpm-call-needs-restart-in-parallel.patch +++ b/0003-rpm-call-needs-restart-in-parallel.patch @@ -1,7 +1,7 @@ -From 0a2e691b6b1fdceb4b7504870c4b792a66b5080f Mon Sep 17 00:00:00 2001 +From 3598aff4d963b2e51ac74d206161da47bfde785c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 22 Jul 2021 11:28:36 +0200 -Subject: [PATCH 3/5] rpm: call +needs-restart in parallel +Subject: [PATCH] rpm: call +needs-restart in parallel MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -9,8 +9,6 @@ Content-Transfer-Encoding: 8bit Some rpms install a bunch of units… It seems nicer to invoke them all in parallel. In particular, timeouts in systemctl also run in parallel, so if there's some communication mishap, we will wait less. - -(cherry picked from commit 3598aff4d963b2e51ac74d206161da47bfde785c) --- src/rpm/systemd-update-helper.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) @@ -30,6 +28,3 @@ index 9fa49fa131..f3c75b75fa 100755 ;; system-reload-restart|system-reload|system-restart) --- -2.31.1 - diff --git a/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch b/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch index eac9b89..94eca7b 100644 --- a/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch +++ b/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch @@ -1,7 +1,7 @@ -From a63d5d320f81c1cbae07897a401ed5cc5374e0bf Mon Sep 17 00:00:00 2001 +From 36d55958ccc75fa3c91bdd7354d74c910f2f6cc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 7 Jul 2021 14:37:57 +0200 -Subject: [PATCH 4/5] rpm: restart user services at the end of the transaction +Subject: [PATCH] rpm: restart user services at the end of the transaction This closes an important gap: so far we would reexecute the system manager and restart system services that were configured to do so, but we wouldn't do the @@ -41,8 +41,6 @@ service manually. A follow-up for https://bugzilla.redhat.com/show_bug.cgi?id=1792468 and fa97d2fcf64e0558054bee673f734f523373b146. - -(cherry picked from commit 36d55958ccc75fa3c91bdd7354d74c910f2f6cc7) --- meson.build | 1 + meson_options.txt | 2 ++ @@ -53,7 +51,7 @@ fa97d2fcf64e0558054bee673f734f523373b146. 6 files changed, 94 insertions(+), 3 deletions(-) diff --git a/meson.build b/meson.build -index fb986e84f7..d898d9ccd0 100644 +index c6b3e72d23..cafce977c2 100644 --- a/meson.build +++ b/meson.build @@ -270,6 +270,7 @@ conf.set_quoted('TMPFILES_DIR', tmpfilesdir) @@ -65,7 +63,7 @@ index fb986e84f7..d898d9ccd0 100644 conf.set_quoted('USER_DATA_UNIT_DIR', userunitdir) conf.set_quoted('USER_ENV_GENERATOR_DIR', userenvgeneratordir) diff --git a/meson_options.txt b/meson_options.txt -index 163c8df87d..9383c7da6a 100644 +index b60261ac24..50f2b7b5e9 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -182,6 +182,8 @@ option('xinitrcdir', type : 'string', value : '', @@ -254,6 +252,3 @@ index 83cd7617f8..694cd94e8d 100644 %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} # This script will process files installed in {{SYSUSERS_DIR}} to create # specified users automatically. The priority is set such that it --- -2.31.1 - diff --git a/0005-update-helper-also-add-user-reexec-verb.patch b/0005-update-helper-also-add-user-reexec-verb.patch index 7c4f7ba..f5f407e 100644 --- a/0005-update-helper-also-add-user-reexec-verb.patch +++ b/0005-update-helper-also-add-user-reexec-verb.patch @@ -1,15 +1,13 @@ -From 37cd6c0fad847e5fffd9d107358a36e767c7ca42 Mon Sep 17 00:00:00 2001 +From 1262e824a4d638e347ae0d39c973f1f750962533 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 23 Jul 2021 15:35:23 +0200 -Subject: [PATCH 5/5] update-helper: also add "user-reexec" verb +Subject: [PATCH] update-helper: also add "user-reexec" verb This is not called from the systemd.triggers or systemd.macros files. Instead, it would be called from the scriptlets in systemd rpm package itself, at the place where we call systemctl daemon-reexec. See https://github.com/systemd/systemd/pull/20289#issuecomment-885622200 . - -(cherry picked from commit 1262e824a4d638e347ae0d39c973f1f750962533) --- src/rpm/systemd-update-helper.in | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) @@ -42,6 +40,3 @@ index f3466ab3c0..0c6675a9db 100755 if [[ "$command" =~ reload ]]; then for user in $users; do SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ --- -2.31.1 - diff --git a/0006-Revert-core-Check-unit-start-rate-limiting-earlier.patch b/0006-Revert-core-Check-unit-start-rate-limiting-earlier.patch deleted file mode 100644 index f0da40b..0000000 --- a/0006-Revert-core-Check-unit-start-rate-limiting-earlier.patch +++ /dev/null @@ -1,486 +0,0 @@ -From 4fa9d8f14523982482386d398d2b2669902f2098 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 18 Oct 2021 14:11:53 +0900 -Subject: [PATCH] Revert "core: Check unit start rate limiting earlier" - -This reverts commit ed8fbbf1745c6a2dc0b8cd560ac8a3353f72e979. - -This was causing problems during boot, see -https://bodhi.fedoraproject.org/updates/FEDORA-2021-a1a52487e6, -https://bugzilla.redhat.com/show_bug.cgi?id=2013386. -https://github.com/systemd/systemd/issues/21025 ---- - src/core/automount.c | 23 ++++++----------------- - src/core/mount.c | 23 ++++++----------------- - src/core/path.c | 23 ++++++----------------- - src/core/service.c | 25 +++++++------------------ - src/core/socket.c | 23 ++++++----------------- - src/core/swap.c | 23 ++++++----------------- - src/core/timer.c | 23 ++++++----------------- - src/core/unit.c | 7 ------- - src/core/unit.h | 4 ---- - test/TEST-63-ISSUE-17433/Makefile | 1 - - test/TEST-63-ISSUE-17433/test.sh | 9 --------- - test/meson.build | 2 -- - test/testsuite-10.units/test10.service | 3 --- - test/testsuite-63.units/test63.path | 2 -- - test/testsuite-63.units/test63.service | 5 ----- - test/units/testsuite-63.service | 16 ---------------- - 16 files changed, 43 insertions(+), 169 deletions(-) - delete mode 120000 test/TEST-63-ISSUE-17433/Makefile - delete mode 100755 test/TEST-63-ISSUE-17433/test.sh - delete mode 100644 test/testsuite-63.units/test63.path - delete mode 100644 test/testsuite-63.units/test63.service - delete mode 100644 test/units/testsuite-63.service - -diff --git a/src/core/automount.c b/src/core/automount.c -index 0722abef23..edc9588165 100644 ---- a/src/core/automount.c -+++ b/src/core/automount.c -@@ -814,6 +814,12 @@ static int automount_start(Unit *u) { - if (r < 0) - return r; - -+ r = unit_test_start_limit(u); -+ if (r < 0) { -+ automount_enter_dead(a, AUTOMOUNT_FAILURE_START_LIMIT_HIT); -+ return r; -+ } -+ - r = unit_acquire_invocation_id(u); - if (r < 0) - return r; -@@ -1059,21 +1065,6 @@ static bool automount_supported(void) { - return supported; - } - --static int automount_test_start_limit(Unit *u) { -- Automount *a = AUTOMOUNT(u); -- int r; -- -- assert(a); -- -- r = unit_test_start_limit(u); -- if (r < 0) { -- automount_enter_dead(a, AUTOMOUNT_FAILURE_START_LIMIT_HIT); -- return r; -- } -- -- return 0; --} -- - static const char* const automount_result_table[_AUTOMOUNT_RESULT_MAX] = { - [AUTOMOUNT_SUCCESS] = "success", - [AUTOMOUNT_FAILURE_RESOURCES] = "resources", -@@ -1136,6 +1127,4 @@ const UnitVTable automount_vtable = { - [JOB_FAILED] = "Failed to unset automount %s.", - }, - }, -- -- .test_start_limit = automount_test_start_limit, - }; -diff --git a/src/core/mount.c b/src/core/mount.c -index 9bec190cb6..af39db214b 100644 ---- a/src/core/mount.c -+++ b/src/core/mount.c -@@ -1168,6 +1168,12 @@ static int mount_start(Unit *u) { - - assert(IN_SET(m->state, MOUNT_DEAD, MOUNT_FAILED)); - -+ r = unit_test_start_limit(u); -+ if (r < 0) { -+ mount_enter_dead(m, MOUNT_FAILURE_START_LIMIT_HIT); -+ return r; -+ } -+ - r = unit_acquire_invocation_id(u); - if (r < 0) - return r; -@@ -2137,21 +2143,6 @@ static int mount_can_clean(Unit *u, ExecCleanMask *ret) { - return exec_context_get_clean_mask(&m->exec_context, ret); - } - --static int mount_test_start_limit(Unit *u) { -- Mount *m = MOUNT(u); -- int r; -- -- assert(m); -- -- r = unit_test_start_limit(u); -- if (r < 0) { -- mount_enter_dead(m, MOUNT_FAILURE_START_LIMIT_HIT); -- return r; -- } -- -- return 0; --} -- - static const char* const mount_exec_command_table[_MOUNT_EXEC_COMMAND_MAX] = { - [MOUNT_EXEC_MOUNT] = "ExecMount", - [MOUNT_EXEC_UNMOUNT] = "ExecUnmount", -@@ -2249,6 +2240,4 @@ const UnitVTable mount_vtable = { - [JOB_TIMEOUT] = "Timed out unmounting %s.", - }, - }, -- -- .test_start_limit = mount_test_start_limit, - }; -diff --git a/src/core/path.c b/src/core/path.c -index 2b659696a4..e098e83a31 100644 ---- a/src/core/path.c -+++ b/src/core/path.c -@@ -590,6 +590,12 @@ static int path_start(Unit *u) { - if (r < 0) - return r; - -+ r = unit_test_start_limit(u); -+ if (r < 0) { -+ path_enter_dead(p, PATH_FAILURE_START_LIMIT_HIT); -+ return r; -+ } -+ - r = unit_acquire_invocation_id(u); - if (r < 0) - return r; -@@ -805,21 +811,6 @@ static void path_reset_failed(Unit *u) { - p->result = PATH_SUCCESS; - } - --static int path_test_start_limit(Unit *u) { -- Path *p = PATH(u); -- int r; -- -- assert(p); -- -- r = unit_test_start_limit(u); -- if (r < 0) { -- path_enter_dead(p, PATH_FAILURE_START_LIMIT_HIT); -- return r; -- } -- -- return 0; --} -- - static const char* const path_type_table[_PATH_TYPE_MAX] = { - [PATH_EXISTS] = "PathExists", - [PATH_EXISTS_GLOB] = "PathExistsGlob", -@@ -874,6 +865,4 @@ const UnitVTable path_vtable = { - .reset_failed = path_reset_failed, - - .bus_set_property = bus_path_set_property, -- -- .test_start_limit = path_test_start_limit, - }; -diff --git a/src/core/service.c b/src/core/service.c -index 701c145565..7b90822f68 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -2456,6 +2456,13 @@ static int service_start(Unit *u) { - - assert(IN_SET(s->state, SERVICE_DEAD, SERVICE_FAILED)); - -+ /* Make sure we don't enter a busy loop of some kind. */ -+ r = unit_test_start_limit(u); -+ if (r < 0) { -+ service_enter_dead(s, SERVICE_FAILURE_START_LIMIT_HIT, false); -+ return r; -+ } -+ - r = unit_acquire_invocation_id(u); - if (r < 0) - return r; -@@ -4451,22 +4458,6 @@ static const char *service_finished_job(Unit *u, JobType t, JobResult result) { - return NULL; - } - --static int service_test_start_limit(Unit *u) { -- Service *s = SERVICE(u); -- int r; -- -- assert(s); -- -- /* Make sure we don't enter a busy loop of some kind. */ -- r = unit_test_start_limit(u); -- if (r < 0) { -- service_enter_dead(s, SERVICE_FAILURE_START_LIMIT_HIT, false); -- return r; -- } -- -- return 0; --} -- - static const char* const service_restart_table[_SERVICE_RESTART_MAX] = { - [SERVICE_RESTART_NO] = "no", - [SERVICE_RESTART_ON_SUCCESS] = "on-success", -@@ -4629,6 +4620,4 @@ const UnitVTable service_vtable = { - }, - .finished_job = service_finished_job, - }, -- -- .test_start_limit = service_test_start_limit, - }; -diff --git a/src/core/socket.c b/src/core/socket.c -index 31d88b71ff..f362a5baa8 100644 ---- a/src/core/socket.c -+++ b/src/core/socket.c -@@ -2515,6 +2515,12 @@ static int socket_start(Unit *u) { - - assert(IN_SET(s->state, SOCKET_DEAD, SOCKET_FAILED)); - -+ r = unit_test_start_limit(u); -+ if (r < 0) { -+ socket_enter_dead(s, SOCKET_FAILURE_START_LIMIT_HIT); -+ return r; -+ } -+ - r = unit_acquire_invocation_id(u); - if (r < 0) - return r; -@@ -3423,21 +3429,6 @@ static int socket_can_clean(Unit *u, ExecCleanMask *ret) { - return exec_context_get_clean_mask(&s->exec_context, ret); - } - --static int socket_test_start_limit(Unit *u) { -- Socket *s = SOCKET(u); -- int r; -- -- assert(s); -- -- r = unit_test_start_limit(u); -- if (r < 0) { -- socket_enter_dead(s, SOCKET_FAILURE_START_LIMIT_HIT); -- return r; -- } -- -- return 0; --} -- - static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = { - [SOCKET_EXEC_START_PRE] = "ExecStartPre", - [SOCKET_EXEC_START_CHOWN] = "ExecStartChown", -@@ -3564,6 +3555,4 @@ const UnitVTable socket_vtable = { - [JOB_TIMEOUT] = "Timed out stopping %s.", - }, - }, -- -- .test_start_limit = socket_test_start_limit, - }; -diff --git a/src/core/swap.c b/src/core/swap.c -index b25f68fb7d..3843b19500 100644 ---- a/src/core/swap.c -+++ b/src/core/swap.c -@@ -933,6 +933,12 @@ static int swap_start(Unit *u) { - if (UNIT(other)->job && UNIT(other)->job->state == JOB_RUNNING) - return -EAGAIN; - -+ r = unit_test_start_limit(u); -+ if (r < 0) { -+ swap_enter_dead(s, SWAP_FAILURE_START_LIMIT_HIT); -+ return r; -+ } -+ - r = unit_acquire_invocation_id(u); - if (r < 0) - return r; -@@ -1582,21 +1588,6 @@ static int swap_can_clean(Unit *u, ExecCleanMask *ret) { - return exec_context_get_clean_mask(&s->exec_context, ret); - } - --static int swap_test_start_limit(Unit *u) { -- Swap *s = SWAP(u); -- int r; -- -- assert(s); -- -- r = unit_test_start_limit(u); -- if (r < 0) { -- swap_enter_dead(s, SWAP_FAILURE_START_LIMIT_HIT); -- return r; -- } -- -- return 0; --} -- - static const char* const swap_exec_command_table[_SWAP_EXEC_COMMAND_MAX] = { - [SWAP_EXEC_ACTIVATE] = "ExecActivate", - [SWAP_EXEC_DEACTIVATE] = "ExecDeactivate", -@@ -1692,6 +1683,4 @@ const UnitVTable swap_vtable = { - [JOB_TIMEOUT] = "Timed out deactivating swap %s.", - }, - }, -- -- .test_start_limit = swap_test_start_limit, - }; -diff --git a/src/core/timer.c b/src/core/timer.c -index 5ecc9f35cf..e064ad9a2d 100644 ---- a/src/core/timer.c -+++ b/src/core/timer.c -@@ -635,6 +635,12 @@ static int timer_start(Unit *u) { - if (r < 0) - return r; - -+ r = unit_test_start_limit(u); -+ if (r < 0) { -+ timer_enter_dead(t, TIMER_FAILURE_START_LIMIT_HIT); -+ return r; -+ } -+ - r = unit_acquire_invocation_id(u); - if (r < 0) - return r; -@@ -895,21 +901,6 @@ static int timer_can_clean(Unit *u, ExecCleanMask *ret) { - return 0; - } - --static int timer_test_start_limit(Unit *u) { -- Timer *t = TIMER(u); -- int r; -- -- assert(t); -- -- r = unit_test_start_limit(u); -- if (r < 0) { -- timer_enter_dead(t, TIMER_FAILURE_START_LIMIT_HIT); -- return r; -- } -- -- return 0; --} -- - static const char* const timer_base_table[_TIMER_BASE_MAX] = { - [TIMER_ACTIVE] = "OnActiveSec", - [TIMER_BOOT] = "OnBootSec", -@@ -969,6 +960,4 @@ const UnitVTable timer_vtable = { - .timezone_change = timer_timezone_change, - - .bus_set_property = bus_timer_set_property, -- -- .test_start_limit = timer_test_start_limit, - }; -diff --git a/src/core/unit.c b/src/core/unit.c -index 69ed43578e..38d3eb703f 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -1851,13 +1851,6 @@ int unit_start(Unit *u) { - - assert(u); - -- /* Check start rate limiting early so that failure conditions don't cause us to enter a busy loop. */ -- if (UNIT_VTABLE(u)->test_start_limit) { -- int r = UNIT_VTABLE(u)->test_start_limit(u); -- if (r < 0) -- return r; -- } -- - /* If this is already started, then this will succeed. Note that this will even succeed if this unit - * is not startable by the user. This is relied on to detect when we need to wait for units and when - * waiting is finished. */ -diff --git a/src/core/unit.h b/src/core/unit.h -index 9babd07188..759104ffa7 100644 ---- a/src/core/unit.h -+++ b/src/core/unit.h -@@ -649,10 +649,6 @@ typedef struct UnitVTable { - * of this type will immediately fail. */ - bool (*supported)(void); - -- /* If this function is set, it's invoked first as part of starting a unit to allow start rate -- * limiting checks to occur before we do anything else. */ -- int (*test_start_limit)(Unit *u); -- - /* The strings to print in status messages */ - UnitStatusMessageFormats status_message_formats; - -diff --git a/test/TEST-63-ISSUE-17433/Makefile b/test/TEST-63-ISSUE-17433/Makefile -deleted file mode 120000 -index e9f93b1104..0000000000 ---- a/test/TEST-63-ISSUE-17433/Makefile -+++ /dev/null -@@ -1 +0,0 @@ --../TEST-01-BASIC/Makefile -\ No newline at end of file -diff --git a/test/TEST-63-ISSUE-17433/test.sh b/test/TEST-63-ISSUE-17433/test.sh -deleted file mode 100755 -index c595a9f2de..0000000000 ---- a/test/TEST-63-ISSUE-17433/test.sh -+++ /dev/null -@@ -1,9 +0,0 @@ --#!/usr/bin/env bash --set -e -- --TEST_DESCRIPTION="https://github.com/systemd/systemd/issues/17433" -- --# shellcheck source=test/test-functions --. "${TEST_BASE_DIR:?}/test-functions" -- --do_test "$@" -diff --git a/test/meson.build b/test/meson.build -index 6f8f257c2d..47c7f4d49a 100644 ---- a/test/meson.build -+++ b/test/meson.build -@@ -33,8 +33,6 @@ if install_tests - install_dir : testdata_dir) - install_subdir('testsuite-52.units', - install_dir : testdata_dir) -- install_subdir('testsuite-63.units', -- install_dir : testdata_dir) - - testsuite08_dir = testdata_dir + '/testsuite-08.units' - install_data('testsuite-08.units/-.mount', -diff --git a/test/testsuite-10.units/test10.service b/test/testsuite-10.units/test10.service -index 2fb476b986..d0be786b01 100644 ---- a/test/testsuite-10.units/test10.service -+++ b/test/testsuite-10.units/test10.service -@@ -1,9 +1,6 @@ - [Unit] - Requires=test10.socket - ConditionPathExistsGlob=/tmp/nonexistent --# Make sure we hit the socket trigger limit in the test and not the service start limit. --StartLimitInterval=1000 --StartLimitBurst=1000 - - [Service] - ExecStart=true -diff --git a/test/testsuite-63.units/test63.path b/test/testsuite-63.units/test63.path -deleted file mode 100644 -index a6573bda0a..0000000000 ---- a/test/testsuite-63.units/test63.path -+++ /dev/null -@@ -1,2 +0,0 @@ --[Path] --PathExists=/tmp/test63 -diff --git a/test/testsuite-63.units/test63.service b/test/testsuite-63.units/test63.service -deleted file mode 100644 -index c83801874d..0000000000 ---- a/test/testsuite-63.units/test63.service -+++ /dev/null -@@ -1,5 +0,0 @@ --[Unit] --ConditionPathExists=!/tmp/nonexistent -- --[Service] --ExecStart=true -diff --git a/test/units/testsuite-63.service b/test/units/testsuite-63.service -deleted file mode 100644 -index 04122723d4..0000000000 ---- a/test/units/testsuite-63.service -+++ /dev/null -@@ -1,16 +0,0 @@ --[Unit] --Description=TEST-63-ISSUE-17433 -- --[Service] --ExecStartPre=rm -f /failed /testok --Type=oneshot --ExecStart=rm -f /tmp/nonexistent --ExecStart=systemctl start test63.path --ExecStart=touch /tmp/test63 --# Make sure systemd has sufficient time to hit the start limit for test63.service. --ExecStart=sleep 2 --ExecStart=sh -x -c 'test "$(systemctl show test63.service -P ActiveState)" = failed' --ExecStart=sh -x -c 'test "$(systemctl show test63.service -P Result)" = start-limit-hit' --ExecStart=sh -x -c 'test "$(systemctl show test63.path -P ActiveState)" = failed' --ExecStart=sh -x -c 'test "$(systemctl show test63.path -P Result)" = unit-start-limit-hit' --ExecStart=sh -x -c 'echo OK >/testok' --- -2.33.1 - diff --git a/0006-update-helper-add-missing-loop-over-user-units.patch b/0006-update-helper-add-missing-loop-over-user-units.patch new file mode 100644 index 0000000..308c4c2 --- /dev/null +++ b/0006-update-helper-add-missing-loop-over-user-units.patch @@ -0,0 +1,30 @@ +From a4eba5d8cfaabbd87687c651fcdd06df9e267931 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 4 Nov 2021 09:49:18 +0100 +Subject: [PATCH] update-helper: add missing loop over user units + +Noticed by Luca. + +shellcheck doens't catch this, and somehow it was missed in review +and testing ;( +--- + src/rpm/systemd-update-helper.in | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in +index fa35e7ba90..7e007d4806 100755 +--- a/src/rpm/systemd-update-helper.in ++++ b/src/rpm/systemd-update-helper.in +@@ -52,8 +52,10 @@ case "$command" in + + users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') + for user in $users; do +- SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ +- systemctl --user -M "$user@" set-property "$unit" Markers=+needs-restart & ++ for unit in "$@"; do ++ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ ++ systemctl --user -M "$user@" set-property "$unit" Markers=+needs-restart & ++ done + done + wait + ;; diff --git a/sources b/sources index 4273125..27a9dc4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-249.5.tar.gz) = d6f1a5a6f03f0ed05b111aee75da509c5868c523af6209f33e630724dd0c7e0d0abf16920795d587e6c31a5915d247ebc613cf26d4aecf39f82ebb0690fab75f +SHA512 (systemd-249.6.tar.gz) = 7149cb807cac05a590545a9155ecacdf230f09cac70585fa8e7ddd1f03e86205cb1c91b51885b65d2f2cf921e6fdad5ca182047d290f31631c8eb362fe87e4a5 diff --git a/systemd.spec b/systemd.spec index c1bb2c2..0e07ace 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 249.5 +Version: 249.6 Release: 2%{?dist} %else # determine the build information from local checkout @@ -96,8 +96,7 @@ Patch0002: 0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch Patch0003: 0003-rpm-call-needs-restart-in-parallel.patch Patch0004: 0004-rpm-restart-user-services-at-the-end-of-the-transact.patch Patch0005: 0005-update-helper-also-add-user-reexec-verb.patch -# Backport https://github.com/systemd/systemd-stable/pull/133 to fix boot -Patch0006: 0006-Revert-core-Check-unit-start-rate-limiting-earlier.patch +Patch0006: 0006-update-helper-add-missing-loop-over-user-units.patch # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -1001,6 +1000,12 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Thu Nov 4 2021 Zbigniew Jędrzejewski-Szmek - 249.6-2 +- Latest bugfix release (networkd, coredumpctl, varlink, udev, + systemctl, systemd itself, better detection of Hyper-V and + Virtualbox virtualization, documentation updates) +- Fix helper to restart user units + * Fri Oct 29 2021 Adam Williamson - 249.5-2 - Backport PR #133 to fix boot From 89ea50d07a2b36fa4c3b83249116f52e03837fc0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 8 Nov 2021 10:27:00 +0100 Subject: [PATCH 007/494] Fix helper to restart user units with older systemd --- 2da7d0bc92.patch | 67 ++++++++++++++++++++++++++++++++++++++++++++++++ systemd.spec | 7 ++++- 2 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 2da7d0bc92.patch diff --git a/2da7d0bc92.patch b/2da7d0bc92.patch new file mode 100644 index 0000000..ad81b34 --- /dev/null +++ b/2da7d0bc92.patch @@ -0,0 +1,67 @@ +From 2da7d0bc92e2423a5c7225c5d24b99d5d52a0bc6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 7 Jul 2021 18:02:50 +0200 +Subject: [PATCH] sd-bus: allow numerical uids in -M user@.host + +UIDs don't work well over ssh, but locally or with containers they are OK. +In particular, user@.service uses UIDs as identifiers, and it's nice to be +able to copy&paste that UID for interaction with the user's managers. +--- + src/libsystemd/sd-bus/sd-bus.c | 27 ++++++++++++++++++--------- + 1 file changed, 18 insertions(+), 9 deletions(-) + +diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +index a32e2f5e2085..6960161c3658 100644 +--- a/src/libsystemd/sd-bus/sd-bus.c ++++ b/src/libsystemd/sd-bus/sd-bus.c +@@ -39,6 +39,7 @@ + #include "parse-util.h" + #include "path-util.h" + #include "process-util.h" ++#include "stdio-util.h" + #include "string-util.h" + #include "strv.h" + #include "user-util.h" +@@ -1617,7 +1618,7 @@ static int user_and_machine_valid(const char *user_and_machine) { + if (!user) + return -ENOMEM; + +- if (!isempty(user) && !valid_user_group_name(user, VALID_USER_RELAX)) ++ if (!isempty(user) && !valid_user_group_name(user, VALID_USER_RELAX | VALID_USER_ALLOW_NUMERIC)) + return false; + + h++; +@@ -1648,17 +1649,25 @@ static int user_and_machine_equivalent(const char *user_and_machine) { + + /* Otherwise, if we are root, then we can also allow the ".host" syntax, as that's the user this + * would connect to. */ +- if (geteuid() == 0 && STR_IN_SET(user_and_machine, ".host", "root@.host")) ++ uid_t uid = geteuid(); ++ ++ if (uid == 0 && STR_IN_SET(user_and_machine, ".host", "root@.host", "0@.host")) + return true; + +- /* Otherwise, we have to figure our user name, and compare things with that. */ +- un = getusername_malloc(); +- if (!un) +- return -ENOMEM; ++ /* Otherwise, we have to figure out our user id and name, and compare things with that. */ ++ char buf[DECIMAL_STR_MAX(uid_t)]; ++ xsprintf(buf, UID_FMT, uid); ++ ++ f = startswith(user_and_machine, buf); ++ if (!f) { ++ un = getusername_malloc(); ++ if (!un) ++ return -ENOMEM; + +- f = startswith(user_and_machine, un); +- if (!f) +- return false; ++ f = startswith(user_and_machine, un); ++ if (!f) ++ return false; ++ } + + return STR_IN_SET(f, "@", "@.host"); + } diff --git a/systemd.spec b/systemd.spec index 0e07ace..dc9b4f4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 249.6 -Release: 2%{?dist} +Release: 3%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -98,6 +98,8 @@ Patch0004: 0004-rpm-restart-user-services-at-the-end-of-the-transact.patch Patch0005: 0005-update-helper-also-add-user-reexec-verb.patch Patch0006: 0006-update-helper-add-missing-loop-over-user-units.patch +Patch0007: https://github.com/systemd/systemd/commit/2da7d0bc92.patch + # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0500: use-bfq-scheduler.patch @@ -1000,6 +1002,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Mon Nov 8 2021 Zbigniew Jędrzejewski-Szmek - 249.6-3 +- Fix helper to restart user units with older systemd (#2020415) + * Thu Nov 4 2021 Zbigniew Jędrzejewski-Szmek - 249.6-2 - Latest bugfix release (networkd, coredumpctl, varlink, udev, systemctl, systemd itself, better detection of Hyper-V and From 9309bd3038260310bd9a8174d7f619742f7c8138 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 11 Nov 2021 15:15:36 -0800 Subject: [PATCH 008/494] Fix scope activation from a user instance Signed-off-by: Kir Kolyshkin --- d35551d8c6.patch | 43 +++++++++++++++++++++++++++++++++++++++++++ systemd.spec | 6 +++++- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 d35551d8c6.patch diff --git a/d35551d8c6.patch b/d35551d8c6.patch new file mode 100644 index 0000000..8ff775b --- /dev/null +++ b/d35551d8c6.patch @@ -0,0 +1,43 @@ +From d35551d8c6a9c46442500992abfb67774f9fa8d8 Mon Sep 17 00:00:00 2001 +From: Jonas Witschel +Date: Wed, 10 Nov 2021 22:46:35 +0100 +Subject: [PATCH] scope: count successful cgroup additions when delegating via + D-Bus + +Since commit 8d3e4ac7cd37200d1431411a4b98925a24b7d9b3 ("scope: refuse +activation of scopes if no PIDs to add are left") all "systemd-run --scope +--user" calls fail because cgroup attachments delegated to the system instance +are not counted towards successful additions. Fix this by incrementing the +return value in case unit_attach_pid_to_cgroup_via_bus() succeeds, similar to +what happens when cg_attach() succeeds directly. + +Note that this can *not* distinguish the case when +unit_attach_pid_to_cgroup_via_bus() has been run successfully, but all +processes to attach are gone in the meantime, unlike the checks that commit +8d3e4ac7cd37200d1431411a4b98925a24b7d9b3 adds for the system instance. This is +because even though unit_attach_pid_to_cgroup_via_bus() leads to an internal +unit_attach_pids_to_cgroup() call, the return value over D-Bus does not include +the number of successfully attached processes and is always NULL on success. + +Fixes: #21297 +--- + src/core/cgroup.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index abc30e3990c4..c942db8d05eb 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -2283,8 +2283,11 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { + z = unit_attach_pid_to_cgroup_via_bus(u, pid, suffix_path); + if (z < 0) + log_unit_info_errno(u, z, "Couldn't move process "PID_FMT" to requested cgroup '%s' (directly or via the system bus): %m", pid, empty_to_root(p)); +- else ++ else { ++ if (ret >= 0) ++ ret++; /* Count successful additions */ + continue; /* When the bus thing worked via the bus we are fully done for this PID. */ ++ } + } + + if (ret >= 0) diff --git a/systemd.spec b/systemd.spec index dc9b4f4..49e0b6f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 249.6 -Release: 3%{?dist} +Release: 4%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -99,6 +99,7 @@ Patch0005: 0005-update-helper-also-add-user-reexec-verb.patch Patch0006: 0006-update-helper-add-missing-loop-over-user-units.patch Patch0007: https://github.com/systemd/systemd/commit/2da7d0bc92.patch +Patch0008: https://github.com/systemd/systemd/commit/d35551d8c6.patch # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -1002,6 +1003,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Wed Nov 10 2021 Kir Kolyshkin - 249.6-4 +- Fix scope activation from a user instance (#2022041) + * Mon Nov 8 2021 Zbigniew Jędrzejewski-Szmek - 249.6-3 - Fix helper to restart user units with older systemd (#2020415) From 27cc5e08c2c1880dba66ce46cabebfd17cac8fde Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Sat, 6 Nov 2021 19:20:44 +0100 Subject: [PATCH 009/494] Switch to NM resolver on systemd-resolved uninstall MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If /etc/resolv.conf pointed to systemd-resolved stub configuration, it is obvious it would stop working. Compensate it by deleting the link, it would be created again on installation. Try to pass ownership to NM, which also provides similar file. Keep it missing otherwise, might be created by unknown tool on reboot. Signed-off-by: Petr Menšík --- systemd.spec | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/systemd.spec b/systemd.spec index 49e0b6f..618e0c9 100644 --- a/systemd.spec +++ b/systemd.spec @@ -920,6 +920,14 @@ if [ $1 -eq 0 ] ; then systemctl disable --quiet \ systemd-resolved.service \ >/dev/null || : + if [ -L %{_sysconfdir}/resolv.conf ] && \ + realpath %{_sysconfdir}/resolv.conf | grep ^/run/systemd/resolve/; then + rm -f %{_sysconfdir}/resolv.conf # no longer useful + # if network manager is enabled, move to it instead + [ -f /run/NetworkManager/resolv.conf ] && \ + systemctl -q is-enabled NetworkManager.service &>/dev/null && \ + ln -fsv ../run/NetworkManager/resolv.conf %{_sysconfdir}/resolv.conf + fi fi %post resolved From 87e1ce33178b1d757cd6269f60b46d4ad5b8d25a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 14 Nov 2021 11:38:53 +0100 Subject: [PATCH 010/494] Version 249.7 --- d35551d8c6.patch | 43 ------------------------------------------- sources | 2 +- systemd.spec | 19 +++++++++++++------ 3 files changed, 14 insertions(+), 50 deletions(-) delete mode 100644 d35551d8c6.patch diff --git a/d35551d8c6.patch b/d35551d8c6.patch deleted file mode 100644 index 8ff775b..0000000 --- a/d35551d8c6.patch +++ /dev/null @@ -1,43 +0,0 @@ -From d35551d8c6a9c46442500992abfb67774f9fa8d8 Mon Sep 17 00:00:00 2001 -From: Jonas Witschel -Date: Wed, 10 Nov 2021 22:46:35 +0100 -Subject: [PATCH] scope: count successful cgroup additions when delegating via - D-Bus - -Since commit 8d3e4ac7cd37200d1431411a4b98925a24b7d9b3 ("scope: refuse -activation of scopes if no PIDs to add are left") all "systemd-run --scope ---user" calls fail because cgroup attachments delegated to the system instance -are not counted towards successful additions. Fix this by incrementing the -return value in case unit_attach_pid_to_cgroup_via_bus() succeeds, similar to -what happens when cg_attach() succeeds directly. - -Note that this can *not* distinguish the case when -unit_attach_pid_to_cgroup_via_bus() has been run successfully, but all -processes to attach are gone in the meantime, unlike the checks that commit -8d3e4ac7cd37200d1431411a4b98925a24b7d9b3 adds for the system instance. This is -because even though unit_attach_pid_to_cgroup_via_bus() leads to an internal -unit_attach_pids_to_cgroup() call, the return value over D-Bus does not include -the number of successfully attached processes and is always NULL on success. - -Fixes: #21297 ---- - src/core/cgroup.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index abc30e3990c4..c942db8d05eb 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -2283,8 +2283,11 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { - z = unit_attach_pid_to_cgroup_via_bus(u, pid, suffix_path); - if (z < 0) - log_unit_info_errno(u, z, "Couldn't move process "PID_FMT" to requested cgroup '%s' (directly or via the system bus): %m", pid, empty_to_root(p)); -- else -+ else { -+ if (ret >= 0) -+ ret++; /* Count successful additions */ - continue; /* When the bus thing worked via the bus we are fully done for this PID. */ -+ } - } - - if (ret >= 0) diff --git a/sources b/sources index 27a9dc4..5142edc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-249.6.tar.gz) = 7149cb807cac05a590545a9155ecacdf230f09cac70585fa8e7ddd1f03e86205cb1c91b51885b65d2f2cf921e6fdad5ca182047d290f31631c8eb362fe87e4a5 +SHA512 (systemd-249.7.tar.gz) = 65848a1141f66f11610ab28f70ef2fa4539e2fc31b9f6c9d9a18d9d68be877ad02b5699d05d98b209eac4e28ba5141f83366c2b70f485f3f406d7bc14eb21365 diff --git a/systemd.spec b/systemd.spec index 618e0c9..036fed5 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,8 +30,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 249.6 -Release: 4%{?dist} +Version: 249.7 +Release: 1%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -99,7 +99,6 @@ Patch0005: 0005-update-helper-also-add-user-reexec-verb.patch Patch0006: 0006-update-helper-add-missing-loop-over-user-units.patch Patch0007: https://github.com/systemd/systemd/commit/2da7d0bc92.patch -Patch0008: https://github.com/systemd/systemd/commit/d35551d8c6.patch # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -1011,7 +1010,15 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog -* Wed Nov 10 2021 Kir Kolyshkin - 249.6-4 +* Sun Nov 14 2021 Zbigniew Jędrzejewski-Szmek - 249.7-1 +- Latest bugfix release (better erofs detection, sd-event memory + corruption bugfix, logind, documentation) +- Really fix helper to restart user units with older systemd (#2020415) + +* Sun Nov 14 2021 Petr Menšík - 249.7-1 +- Switch /etc/resolv.conf over to NM when systemd-resolved is uninstalled + +* Wed Nov 10 2021 Kir Kolyshkin - 249.7-1 - Fix scope activation from a user instance (#2022041) * Mon Nov 8 2021 Zbigniew Jędrzejewski-Szmek - 249.6-3 @@ -1028,8 +1035,8 @@ fi * Tue Oct 12 2021 Zbigniew Jędrzejewski-Szmek - 249.5-1 - Latest bugfix release (various fixes in systemd-networkd, - --timesyncd, -journald, -udev, homed, -resolved, -repart, -oomd, - --coredump, systemd itself, seccomp filters, TPM2 handling, + -timesyncd, -journald, -udev, homed, -resolved, -repart, -oomd, + -coredump, systemd itself, seccomp filters, TPM2 handling, -documentation, sd-event, sd-journal, journalctl, and nss-systemd). - Fixes #1976445. From 1d712f8acf96060d022b215d51aee4a13d9f84ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 15 Nov 2021 13:47:07 +0100 Subject: [PATCH 011/494] Supress errors on selinux systems See https://bugzilla.redhat.com/show_bug.cgi?id=2023332. https://bugzilla.redhat.com/show_bug.cgi?id=2023332 is also related. --- triggers.systemd | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/triggers.systemd b/triggers.systemd index 8827e0f..5929035 100644 --- a/triggers.systemd +++ b/triggers.systemd @@ -17,7 +17,11 @@ /usr/lib/systemd/systemd-update-helper system-reload-restart || : %transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user -/usr/lib/systemd/systemd-update-helper user-reload-restart || : +if selinuxenabled &>/dev/null; then + /usr/lib/systemd/systemd-update-helper user-reload-restart 2>/dev/null || : +else + /usr/lib/systemd/systemd-update-helper user-reload-restart || : +fi %transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system # On removal, we need to run daemon-reload after any units have been @@ -29,7 +33,11 @@ %transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user # Execute daemon-reload in user managers. -/usr/lib/systemd/systemd-update-helper user-reload || : +if selinuxenabled &>/dev/null; then + /usr/lib/systemd/systemd-update-helper user-reload 2>/dev/null || : +else + /usr/lib/systemd/systemd-update-helper user-reload || : +fi %transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system # We restart remaining system services that should be restarted here. @@ -37,7 +45,11 @@ %transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user /etc/systemd/user # We restart remaining user services that should be restarted here. -/usr/lib/systemd/systemd-update-helper user-restart || : +if selinuxenabled &>/dev/null; then + /usr/lib/systemd/systemd-update-helper user-restart 2>/dev/null || : +else + /usr/lib/systemd/systemd-update-helper user-restart || : +fi %transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d # This script will process files installed in /usr/lib/sysusers.d to create From 2d54326a8cfd3fe9fde89ef359db93c797684bc4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 15 Nov 2021 14:09:32 +0100 Subject: [PATCH 012/494] Bump release Oh, no autorelease here! --- systemd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 036fed5..8f7f342 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 249.7 -Release: 1%{?dist} +Release: 2%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -1010,6 +1010,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Mon Nov 15 2021 Zbigniew Jędrzejewski-Szmek - 249.7-2 +- Supress errors from update-helper when selinux is enabled (see #2023332) + * Sun Nov 14 2021 Zbigniew Jędrzejewski-Szmek - 249.7-1 - Latest bugfix release (better erofs detection, sd-event memory corruption bugfix, logind, documentation) From 21ca64d8e065c231b21f6b2a23e4c4c7e681add4 Mon Sep 17 00:00:00 2001 From: Luca BRUNO Date: Tue, 16 Nov 2021 16:36:58 +0000 Subject: [PATCH 013/494] sysusers/provides: parse and output static IDs This adds support for parsing static UIDs and GIDs from sysusers.d fragments, and automatically forwarding them to the generated 'Provides' entries. It will allow inspecting users/groups with static IDs directly from package metadata: ``` $ rpm --query --provides --package gdm-41.0-3.fc36.x86_64.rpm [...] group(gdm) = 42 user(gdm) = 42 ``` --- sysusers.prov | 41 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/sysusers.prov b/sysusers.prov index a6eda5d..f12e929 100755 --- a/sysusers.prov +++ b/sysusers.prov @@ -1,5 +1,40 @@ #!/bin/bash +process_u() { + if [ ! -z "${2##*[!0-9]*}" ]; then + # Single shared static ID. + echo "user($1) = $2" + echo "group($1) = $2" + elif [[ $2 == *:* ]]; then + # UID:. + uid=$(echo $2 | cut -d':' -f1 -) + group=$(echo $2 | cut -d':' -f2 -) + if [ ! -z "${group##*[!0-9]*}" ]; then + # UID:GID. + echo "user($1) = ${uid}" + echo "group($1) = ${group}" + else + # UID:. + echo "user($1) = ${uid}" + echo "group(${group})" + fi + else + # Dynamic (or something else uninteresting). + echo "user($1)" + echo "group($1)" + fi +} + +process_g() { + if [ ! -z "${2##*[!0-9]*}" ]; then + # Static GID. + echo "group($1) = $2" + else + # Dynamic (or something else uninteresting). + echo "group($1)" + fi +} + parse() { while read line; do [ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue @@ -8,12 +43,10 @@ parse() { set -- $line case "$1" in ('u') - echo "user($2)" - echo "group($2)" - # TODO: user:group support + process_u "$2" "$3" ;; ('g') - echo "group($2)" + process_g "$2" "$3" ;; ('m') echo "user($2)" From b7c95ddd9ea635d52142535243ccdcc663c008a2 Mon Sep 17 00:00:00 2001 From: Davide Cavalca Date: Fri, 19 Nov 2021 08:29:38 -0800 Subject: [PATCH 014/494] Disable legacy iptables support --- systemd.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 8f7f342..9070d20 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 249.7 -Release: 2%{?dist} +Release: 3%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -460,7 +460,7 @@ CONFIGURE_OPTS=( -Dgnutls=true -Dmicrohttpd=true -Dlibidn2=true - -Dlibiptc=true + -Dlibiptc=false -Dlibcurl=true -Dlibfido2=true -Defi=true @@ -1010,6 +1010,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Fri Nov 19 2021 Davide Cavalca - 249.7-3 +- Disable legacy iptables support + * Mon Nov 15 2021 Zbigniew Jędrzejewski-Szmek - 249.7-2 - Supress errors from update-helper when selinux is enabled (see #2023332) From d1ad6b189de8e5022b86dfe9239ffbe0edc1cd9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 24 Nov 2021 10:00:32 +0100 Subject: [PATCH 015/494] %ghost /var/lib/{machines,portables} --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 9070d20..3c2430e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -980,6 +980,7 @@ fi %ghost %dir %attr(0755,-,-) /etc/systemd/system/sysinit.target.wants %ghost %dir %attr(0755,-,-) /etc/systemd/system/system-update.target.wants %ghost %dir %attr(0755,-,-) /etc/systemd/system/timers.target.wants +%ghost %dir %attr(0700,-,-) /var/lib/portables %ghost %dir %attr(0755,-,-) /var/lib/rpm-state/systemd %files libs -f .file-list-libs @@ -996,6 +997,7 @@ fi %files udev -f .file-list-udev %files container -f .file-list-container +%ghost %dir %attr(0700,-,-) /var/lib/machines %files journal-remote -f .file-list-remote From 6ffa8d89d649d84e459601be59c0d3f22dd55f06 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Thu, 2 Dec 2021 16:28:17 +0000 Subject: [PATCH 016/494] Fix video link --- README.build-in-place | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.build-in-place b/README.build-in-place index 8b66077..9d68330 100644 --- a/README.build-in-place +++ b/README.build-in-place @@ -1,7 +1,7 @@ == Building systemd rpms for local development using rpmbuild --build-in-place == This approach is based on https://github.com/filbranden/git-rpmbuild -and filbranden's talk during ASG2019 [https://cfp.all-systems-go.io/ASG2019/talk/JM7GDN/]. +and filbranden's talk during ASG2019 [https://www.youtube.com/watch?v=fVM1kJrymRM]. ``` git clone https://github.com/systemd/systemd From e19aaa4604bff06ca6ab037032b574d338217a88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 3 Dec 2021 15:48:12 +0100 Subject: [PATCH 017/494] Drop comments about already-merged pull request --- systemd.spec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index 3c2430e..bfa8375 100644 --- a/systemd.spec +++ b/systemd.spec @@ -496,12 +496,12 @@ CONFIGURE_OPTS=( -Dcdrom-gid=11 -Ddialout-gid=18 -Ddisk-gid=6 - -Dinput-gid=104 # https://pagure.io/setup/pull-request/27 + -Dinput-gid=104 -Dkmem-gid=9 -Dkvm-gid=36 -Dlp-gid=7 - -Drender-gid=105 # https://pagure.io/setup/pull-request/27 - -Dsgx-gid=106 # https://pagure.io/setup/pull-request/27 + -Drender-gid=105 + -Dsgx-gid=106 -Dtape-gid=33 -Dtty-gid=5 -Dusers-gid=100 From ce4156b3ddac9d839caccfe541123706bda541a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 3 Dec 2021 13:46:29 +0100 Subject: [PATCH 018/494] Version 250-rc1 The crypto backend is switched to openssl. gcrypt is still used for FSS in libsystemd.so. --- ...y-the-full-path-for-systemctl-and-ot.patch | 252 ------------- ...-script-to-actually-invoke-systemctl.patch | 332 ------------------ 0003-rpm-call-needs-restart-in-parallel.patch | 30 -- ...-services-at-the-end-of-the-transact.patch | 254 -------------- ...ate-helper-also-add-user-reexec-verb.patch | 42 --- ...per-add-missing-loop-over-user-units.patch | 30 -- 2da7d0bc92.patch | 67 ---- sources | 2 +- systemd.spec | 15 +- 9 files changed, 6 insertions(+), 1018 deletions(-) delete mode 100644 0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch delete mode 100644 0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch delete mode 100644 0003-rpm-call-needs-restart-in-parallel.patch delete mode 100644 0004-rpm-restart-user-services-at-the-end-of-the-transact.patch delete mode 100644 0005-update-helper-also-add-user-reexec-verb.patch delete mode 100644 0006-update-helper-add-missing-loop-over-user-units.patch delete mode 100644 2da7d0bc92.patch diff --git a/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch b/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch deleted file mode 100644 index 00a012c..0000000 --- a/0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch +++ /dev/null @@ -1,252 +0,0 @@ -From 7d9ee15d0fc2af87481ee371b278dbe7e68165ef Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 7 Jul 2021 14:02:36 +0200 -Subject: [PATCH] rpm: don't specify the full path for systemctl and other - commands - -We can make things a bit simpler and more readable by not specifying the path. -Since we didn't specify the full path for all commands (including those invoked -recursively by anythign we invoke), this didn't really privide any security or -robustness benefits. I guess that full paths were used because this style of -rpm packagnig was popular in the past, with macros used for everything -possible, with special macros for common commands like %{__ln} and %{__mkdir}. ---- - src/rpm/macros.systemd.in | 24 ++++++++++++------------ - src/rpm/triggers.systemd.in | 18 +++++++++--------- - src/rpm/triggers.systemd.sh.in | 18 +++++++++--------- - 3 files changed, 30 insertions(+), 30 deletions(-) - -diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in -index 3a0169a85f..3129ab2d61 100644 ---- a/src/rpm/macros.systemd.in -+++ b/src/rpm/macros.systemd.in -@@ -46,9 +46,9 @@ OrderWithRequires(postun): systemd \ - - %systemd_post() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_post}} \ --if [ $1 -eq 1 ] && [ -x %{_bindir}/systemctl ]; then \ -+if [ $1 -eq 1 ] && command -v systemctl >/dev/null; then \ - # Initial installation \ -- %{_bindir}/systemctl --no-reload preset %{?*} || : \ -+ systemctl --no-reload preset %{?*} || : \ - fi \ - %{nil} - -@@ -56,21 +56,21 @@ fi \ - - %systemd_preun() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_preun}} \ --if [ $1 -eq 0 ] && [ -x %{_bindir}/systemctl ]; then \ -+if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ - # Package removal, not upgrade \ - if [ -d /run/systemd/system ]; then \ -- %{_bindir}/systemctl --no-reload disable --now %{?*} || : \ -+ systemctl --no-reload disable --now %{?*} || : \ - else \ -- %{_bindir}/systemctl --no-reload disable %{?*} || : \ -+ systemctl --no-reload disable %{?*} || : \ - fi \ - fi \ - %{nil} - - %systemd_user_preun() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_preun}} \ --if [ $1 -eq 0 ] && [ -x %{_bindir}/systemctl ]; then \ -+if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ - # Package removal, not upgrade \ -- %{_bindir}/systemctl --global disable %{?*} || : \ -+ systemctl --global disable %{?*} || : \ - fi \ - %{nil} - -@@ -84,10 +84,10 @@ fi \ - - %systemd_postun_with_restart() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \ --if [ $1 -ge 1 ] && [ -x %{_bindir}/systemctl ]; then \ -+if [ $1 -ge 1 ] && command -v systemctl >/dev/null; then \ - # Package upgrade, not uninstall \ - for unit in %{?*}; do \ -- %{_bindir}/systemctl set-property $unit Markers=+needs-restart || : \ -+ systemctl set-property $unit Markers=+needs-restart || : \ - done \ - fi \ - %{nil} -@@ -105,17 +105,17 @@ fi \ - # Deprecated. Use %tmpfiles_create_package instead - %tmpfiles_create() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# tmpfiles_create}} \ --[ -x %{_bindir}/systemd-tmpfiles ] && %{_bindir}/systemd-tmpfiles --create %{?*} || : \ -+command -v systemd-tmpfiles >/dev/null && systemd-tmpfiles --create %{?*} || : \ - %{nil} - - # Deprecated. Use %sysusers_create_package instead - %sysusers_create() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# sysusers_create}} \ --[ -x %{_bindir}/systemd-sysusers ] && %{_bindir}/systemd-sysusers %{?*} || : \ -+command -v systemd-sysusers >/dev/null && systemd-sysusers %{?*} || : \ - %{nil} - - %sysusers_create_inline() \ --[ -x %{_bindir}/systemd-sysusers ] && %{_bindir}/systemd-sysusers - </dev/null && systemd-sysusers - < 0 then - posix.wait(pid) - end - - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemctl", "reload-or-restart", "--marked")) -+ assert(posix.execp("systemctl", "reload-or-restart", "--marked")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -38,7 +38,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemctl", "daemon-reload")) -+ assert(posix.execp("systemctl", "daemon-reload")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -49,7 +49,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemctl", "reload-or-restart", "--marked")) -+ assert(posix.execp("systemctl", "reload-or-restart", "--marked")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -62,7 +62,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemd-sysusers")) -+ assert(posix.execp("systemd-sysusers")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -74,7 +74,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemd-hwdb", "update")) -+ assert(posix.execp("systemd-hwdb", "update")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -86,7 +86,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/journalctl", "--update-catalog")) -+ assert(posix.execp("journalctl", "--update-catalog")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -111,7 +111,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/systemd-tmpfiles", "--create")) -+ assert(posix.execp("systemd-tmpfiles", "--create")) - elseif pid > 0 then - posix.wait(pid) - end -@@ -123,7 +123,7 @@ end - if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then -- assert(posix.exec("%{_bindir}/udevadm", "control", "--reload")) -+ assert(posix.execp("udevadm", "control", "--reload")) - elseif pid > 0 then - posix.wait(pid) - end -diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in -index 22abad9812..1631be18c9 100644 ---- a/src/rpm/triggers.systemd.sh.in -+++ b/src/rpm/triggers.systemd.sh.in -@@ -15,8 +15,8 @@ - # installed, because other cases are covered by the *un scriptlets, - # so sometimes we will reload needlessly. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemctl daemon-reload || : -- %{_bindir}/systemctl reload-or-restart --marked || : -+ systemctl daemon-reload || : -+ systemctl reload-or-restart --marked || : - fi - - %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system -@@ -26,13 +26,13 @@ fi - # have been installed, but before %postun scripts in packages get - # executed. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemctl daemon-reload || : -+ systemctl daemon-reload || : - fi - - %transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - # We restart remaining services that should be restarted here. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemctl reload-or-restart --marked || : -+ systemctl reload-or-restart --marked || : - fi - - %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} -@@ -40,21 +40,21 @@ fi - # specified users automatically. The priority is set such that it - # will run before the tmpfiles file trigger. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemd-sysusers || : -+ systemd-sysusers || : - fi - - %transfiletriggerin -P 1000700 udev -- {{UDEV_HWDB_DIR}} - # This script will automatically invoke hwdb update if files have been - # installed or updated in {{UDEV_HWDB_DIR}}. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemd-hwdb update || : -+ systemd-hwdb update || : - fi - - %transfiletriggerin -P 1000700 -- {{SYSTEMD_CATALOG_DIR}} - # This script will automatically invoke journal catalog update if files - # have been installed or updated in {{SYSTEMD_CATALOG_DIR}}. - if test -d "/run/systemd/system"; then -- %{_bindir}/journalctl --update-catalog || : -+ journalctl --update-catalog || : - fi - - %transfiletriggerin -P 1000700 -- {{BINFMT_DIR}} -@@ -71,14 +71,14 @@ fi - # tmpfiles automatically. The priority is set such that it will run - # after the sysusers file trigger, but before any other triggers. - if test -d "/run/systemd/system"; then -- %{_bindir}/systemd-tmpfiles --create || : -+ systemd-tmpfiles --create || : - fi - - %transfiletriggerin -P 1000600 udev -- {{UDEV_RULES_DIR}} - # This script will automatically update udev with new rules if files - # have been installed or updated in {{UDEV_RULES_DIR}}. - if test -e /run/udev/control; then -- %{_bindir}/udevadm control --reload || : -+ udevadm control --reload || : - fi - - %transfiletriggerin -P 1000500 -- {{SYSCTL_DIR}} diff --git a/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch b/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch deleted file mode 100644 index 212a58d..0000000 --- a/0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch +++ /dev/null @@ -1,332 +0,0 @@ -From 6d825ab2d42d3219e49a192bf99f9c09134a0df4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 22 Jul 2021 11:22:33 +0200 -Subject: [PATCH] rpm: use a helper script to actually invoke systemctl - commands -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Instead of embedding the commands to invoke directly in the macros, -let's use a helper script as indirection. This has a couple of advantages: - -- the macro language is awkward, we need to suffix most commands by "|| :" - and "\", which is easy to get wrong. In the new scheme, the macro becomes - a single simple command. -- in the script we can use normal syntax highlighting, shellcheck, etc. -- it's also easier to test the invoked commands by invoking the helper - manually. -- most importantly, the logic is contained in the helper, i.e. we can - update systemd rpm and everything uses the new helper. Before, we would - have to rebuild all packages to update the macro definition. - -This raises the question whether it makes sense to use the lua scriptlets when -the real work is done in a bash script. I think it's OK: we still have the -efficient lua scripts that do the short scripts, and we use a single shared -implementation in bash to do the more complex stuff. - -The meson version is raised to 0.47 because that's needed for install_mode. -We were planning to raise the required version anyway… ---- - README | 2 +- - meson.build | 3 +- - src/rpm/macros.systemd.in | 30 ++++++++-------- - src/rpm/meson.build | 13 ++++--- - src/rpm/systemd-update-helper.in | 60 ++++++++++++++++++++++++++++++++ - src/rpm/triggers.systemd.in | 43 ++++++++--------------- - src/rpm/triggers.systemd.sh.in | 13 ++----- - 7 files changed, 105 insertions(+), 59 deletions(-) - create mode 100755 src/rpm/systemd-update-helper.in - -diff --git a/README b/README -index 0e5c326deb..a8f23a0d5b 100644 ---- a/README -+++ b/README -@@ -193,7 +193,7 @@ REQUIREMENTS: - python-jinja2 - python-lxml (optional, required to build the indices) - python >= 3.5 -- meson >= 0.46 (>= 0.49 is required to build position-independent executables) -+ meson >= 0.47 (>= 0.49 is required to build position-independent executables) - ninja - gcc, awk, sed, grep, and similar tools - clang >= 10.0, llvm >= 10.0 (optional, required to build BPF programs -diff --git a/meson.build b/meson.build -index a2ee15bf32..c6b3e72d23 100644 ---- a/meson.build -+++ b/meson.build -@@ -10,7 +10,7 @@ project('systemd', 'c', - 'localstatedir=/var', - 'warning_level=2', - ], -- meson_version : '>= 0.46', -+ meson_version : '>= 0.47', - ) - - libsystemd_version = '0.32.0' -@@ -253,6 +253,7 @@ conf.set_quoted('SYSTEMD_SHUTDOWN_BINARY_PATH', join_paths(rootlib - conf.set_quoted('SYSTEMD_STDIO_BRIDGE_BINARY_PATH', join_paths(bindir, 'systemd-stdio-bridge')) - conf.set_quoted('SYSTEMD_TEST_DATA', join_paths(testsdir, 'testdata')) - conf.set_quoted('SYSTEMD_TTY_ASK_PASSWORD_AGENT_BINARY_PATH', join_paths(rootbindir, 'systemd-tty-ask-password-agent')) -+conf.set_quoted('SYSTEMD_UPDATE_HELPER_PATH', join_paths(rootlibexecdir, 'systemd-update-helper')) - conf.set_quoted('SYSTEMD_USERWORK_PATH', join_paths(rootlibexecdir, 'systemd-userwork')) - conf.set_quoted('SYSTEMD_VERITYSETUP_PATH', join_paths(rootlibexecdir, 'systemd-veritysetup')) - conf.set_quoted('SYSTEM_CONFIG_UNIT_DIR', join_paths(pkgsysconfdir, 'system')) -diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in -index 3129ab2d61..bbdf036da7 100644 ---- a/src/rpm/macros.systemd.in -+++ b/src/rpm/macros.systemd.in -@@ -46,31 +46,33 @@ OrderWithRequires(postun): systemd \ - - %systemd_post() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_post}} \ --if [ $1 -eq 1 ] && command -v systemctl >/dev/null; then \ -+if [ $1 -eq 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ - # Initial installation \ -- systemctl --no-reload preset %{?*} || : \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} install-system-units %{?*} || : \ - fi \ - %{nil} - --%systemd_user_post() %{expand:%systemd_post \\--global %%{?*}} -+%systemd_user_post() \ -+%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_post}} \ -+if [ $1 -eq 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ -+ # Initial installation \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} install-user-units %{?*} || : \ -+fi \ -+%{nil} - - %systemd_preun() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_preun}} \ --if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ -+if [ $1 -eq 0 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ - # Package removal, not upgrade \ -- if [ -d /run/systemd/system ]; then \ -- systemctl --no-reload disable --now %{?*} || : \ -- else \ -- systemctl --no-reload disable %{?*} || : \ -- fi \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} remove-system-units %{?*} || : \ - fi \ - %{nil} - - %systemd_user_preun() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_preun}} \ --if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \ -+if [ $1 -eq 0 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ - # Package removal, not upgrade \ -- systemctl --global disable %{?*} || : \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} remove-user-units %{?*} || : \ - fi \ - %{nil} - -@@ -84,11 +86,9 @@ fi \ - - %systemd_postun_with_restart() \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \ --if [ $1 -ge 1 ] && command -v systemctl >/dev/null; then \ -+if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ - # Package upgrade, not uninstall \ -- for unit in %{?*}; do \ -- systemctl set-property $unit Markers=+needs-restart || : \ -- done \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-restart-system-units %{?*} || : \ - fi \ - %{nil} - -diff --git a/src/rpm/meson.build b/src/rpm/meson.build -index fc72fee73c..2ad3308cc1 100644 ---- a/src/rpm/meson.build -+++ b/src/rpm/meson.build -@@ -1,9 +1,13 @@ - # SPDX-License-Identifier: LGPL-2.1-or-later - - in_files = [ -- ['macros.systemd', rpmmacrosdir != 'no'], -- ['triggers.systemd', false], -- ['triggers.systemd.sh', false]] -+ ['macros.systemd', rpmmacrosdir != 'no', rpmmacrosdir], -+ -+ # we conditionalize on rpmmacrosdir, but install into rootlibexecdir -+ ['systemd-update-helper', rpmmacrosdir != 'no', rootlibexecdir, 'rwxr-xr-x'], -+ -+ ['triggers.systemd', false], -+ ['triggers.systemd.sh', false]] - - # The last two don't get installed anywhere, one of them needs to included in - # the rpm spec file definition instead. -@@ -17,6 +21,7 @@ foreach tuple : in_files - command : [meson_render_jinja2, config_h, '@INPUT@'], - capture : true, - install : tuple[1], -- install_dir : rpmmacrosdir, -+ install_dir : tuple.length() > 2 ? tuple[2] : '', -+ install_mode : tuple.length() > 3 ? tuple[3] : false, - build_by_default : true) - endforeach -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -new file mode 100755 -index 0000000000..9fa49fa131 ---- /dev/null -+++ b/src/rpm/systemd-update-helper.in -@@ -0,0 +1,60 @@ -+#!/bin/bash -+set -eu -+set -o pipefail -+ -+command="${1:?}" -+shift -+ -+command -v systemctl >/dev/null || exit 0 -+ -+case "$command" in -+ install-system-units) -+ systemctl --no-reload preset "$@" -+ ;; -+ -+ install-user-units) -+ systemctl --no-reload preset --global "$@" -+ ;; -+ -+ remove-system-units) -+ if [ -d /run/systemd/system ]; then -+ systemctl --no-reload disable --now "$@" -+ else -+ systemctl --no-reload disable "$@" -+ fi -+ ;; -+ -+ remove-user-units) -+ systemctl --global disable "$@" -+ ;; -+ -+ mark-restart-system-units) -+ [ -d /run/systemd/system ] || exit 0 -+ -+ for unit in "$@"; do -+ systemctl set-property "$unit" Markers=+needs-restart || : -+ done -+ ;; -+ -+ system-reload-restart|system-reload|system-restart) -+ if [ -n "$*" ]; then -+ echo "Unexpected arguments for '$command': $*" -+ exit 2 -+ fi -+ -+ [ -d /run/systemd/system ] || exit 0 -+ -+ if [[ "$command" =~ reload ]]; then -+ systemctl daemon-reload -+ fi -+ -+ if [[ "$command" =~ restart ]]; then -+ systemctl reload-or-restart --marked -+ fi -+ ;; -+ -+ *) -+ echo "Unknown verb '$command'" -+ exit 3 -+ ;; -+esac -diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in -index 247358008a..d29cc33dfd 100644 ---- a/src/rpm/triggers.systemd.in -+++ b/src/rpm/triggers.systemd.in -@@ -13,20 +13,11 @@ - -- upgraded. We care about the case where a package is initially - -- installed, because other cases are covered by the *un scriptlets, - -- so sometimes we will reload needlessly. --if posix.access("/run/systemd/system") then -- pid = posix.fork() -- if pid == 0 then -- assert(posix.execp("systemctl", "daemon-reload")) -- elseif pid > 0 then -- posix.wait(pid) -- end -- -- pid = posix.fork() -- if pid == 0 then -- assert(posix.execp("systemctl", "reload-or-restart", "--marked")) -- elseif pid > 0 then -- posix.wait(pid) -- end -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-reload-restart")) -+elseif pid > 0 then -+ posix.wait(pid) - end - - %transfiletriggerpostun -P 1000100 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system -@@ -35,24 +26,20 @@ end - -- On upgrade, we need to run daemon-reload after any new unit files - -- have been installed, but before %postun scripts in packages get - -- executed. --if posix.access("/run/systemd/system") then -- pid = posix.fork() -- if pid == 0 then -- assert(posix.execp("systemctl", "daemon-reload")) -- elseif pid > 0 then -- posix.wait(pid) -- end -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-reload")) -+elseif pid > 0 then -+ posix.wait(pid) - end - - %transfiletriggerpostun -P 10000 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - -- We restart remaining services that should be restarted here. --if posix.access("/run/systemd/system") then -- pid = posix.fork() -- if pid == 0 then -- assert(posix.execp("systemctl", "reload-or-restart", "--marked")) -- elseif pid > 0 then -- posix.wait(pid) -- end -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-restart")) -+elseif pid > 0 then -+ posix.wait(pid) - end - - %transfiletriggerin -P 100700 -p -- {{SYSUSERS_DIR}} -diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in -index 1631be18c9..83cd7617f8 100644 ---- a/src/rpm/triggers.systemd.sh.in -+++ b/src/rpm/triggers.systemd.sh.in -@@ -14,10 +14,7 @@ - # upgraded. We care about the case where a package is initially - # installed, because other cases are covered by the *un scriptlets, - # so sometimes we will reload needlessly. --if test -d "/run/systemd/system"; then -- systemctl daemon-reload || : -- systemctl reload-or-restart --marked || : --fi -+{{SYSTEMD_UPDATE_HELPER_PATH}} system-reload-restart || : - - %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - # On removal, we need to run daemon-reload after any units have been -@@ -25,15 +22,11 @@ fi - # On upgrade, we need to run daemon-reload after any new unit files - # have been installed, but before %postun scripts in packages get - # executed. --if test -d "/run/systemd/system"; then -- systemctl daemon-reload || : --fi -+{{SYSTEMD_UPDATE_HELPER_PATH}} system-reload || : - - %transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - # We restart remaining services that should be restarted here. --if test -d "/run/systemd/system"; then -- systemctl reload-or-restart --marked || : --fi -+{{SYSTEMD_UPDATE_HELPER_PATH}} system-restart || : - - %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} - # This script will process files installed in {{SYSUSERS_DIR}} to create diff --git a/0003-rpm-call-needs-restart-in-parallel.patch b/0003-rpm-call-needs-restart-in-parallel.patch deleted file mode 100644 index b1efa37..0000000 --- a/0003-rpm-call-needs-restart-in-parallel.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 3598aff4d963b2e51ac74d206161da47bfde785c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 22 Jul 2021 11:28:36 +0200 -Subject: [PATCH] rpm: call +needs-restart in parallel -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Some rpms install a bunch of units… It seems nicer to invoke them all in -parallel. In particular, timeouts in systemctl also run in parallel, so if -there's some communication mishap, we will wait less. ---- - src/rpm/systemd-update-helper.in | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -index 9fa49fa131..f3c75b75fa 100755 ---- a/src/rpm/systemd-update-helper.in -+++ b/src/rpm/systemd-update-helper.in -@@ -32,8 +32,9 @@ case "$command" in - [ -d /run/systemd/system ] || exit 0 - - for unit in "$@"; do -- systemctl set-property "$unit" Markers=+needs-restart || : -+ systemctl set-property "$unit" Markers=+needs-restart & - done -+ wait - ;; - - system-reload-restart|system-reload|system-restart) diff --git a/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch b/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch deleted file mode 100644 index 94eca7b..0000000 --- a/0004-rpm-restart-user-services-at-the-end-of-the-transact.patch +++ /dev/null @@ -1,254 +0,0 @@ -From 36d55958ccc75fa3c91bdd7354d74c910f2f6cc7 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 7 Jul 2021 14:37:57 +0200 -Subject: [PATCH] rpm: restart user services at the end of the transaction - -This closes an important gap: so far we would reexecute the system manager and -restart system services that were configured to do so, but we wouldn't do the -same for user managers or user services. - -The scheme used for user managers is very similar to the system one, except -that there can be multiple user managers running, so we query the system -manager to get a list of them, and then tell each one to do the equivalent -operations: daemon-reload, disable --now, set-property Markers=+needs-restart, -reload-or-restart --marked. - -The total time that can be spend on this is bounded: we execute the commands in -parallel over user managers and units, and additionally set SYSTEMD_BUS_TIMEOUT -to a lower value (15 s by default). User managers should not have too many -units running, and they should be able to do all those operations very -quickly (<< 1s). The final restart operation may take longer, but it's done -asynchronously, so we only wait for the queuing to happen. - -The advantage of doing this synchronously is that we can wait for each step to -happen, and for example daemon-reloads can finish before we execute the service -restarts, etc. We can also order various steps wrt. to the phases in the rpm -transaction. - -When this was initially proposed, we discussed a more relaxed scheme with bus -property notifications. Such an approach would be more complex because a bunch -of infrastructure would have to be added to system manager to propagate -appropriate notifications to the user managers, and then the user managers -would have to wait for them. Instead, now there is no new code in the managers, -all new functionality is contained in src/rpm/. The ability to call 'systemctl ---user user@' makes this approach very easy. Also, it would be very hard to -order the user manager steps and the rpm transaction steps. - -Note: 'systemctl --user disable' is only called for a user managers that are -running. I don't see a nice way around this, and it shouldn't matter too much: -we'll just leave a dangling symlink in the case where the user enabled the -service manually. - -A follow-up for https://bugzilla.redhat.com/show_bug.cgi?id=1792468 and -fa97d2fcf64e0558054bee673f734f523373b146. ---- - meson.build | 1 + - meson_options.txt | 2 ++ - src/rpm/macros.systemd.in | 6 +++- - src/rpm/systemd-update-helper.in | 47 ++++++++++++++++++++++++++++++++ - src/rpm/triggers.systemd.in | 28 ++++++++++++++++++- - src/rpm/triggers.systemd.sh.in | 13 ++++++++- - 6 files changed, 94 insertions(+), 3 deletions(-) - -diff --git a/meson.build b/meson.build -index c6b3e72d23..cafce977c2 100644 ---- a/meson.build -+++ b/meson.build -@@ -270,6 +270,7 @@ conf.set_quoted('TMPFILES_DIR', tmpfilesdir) - conf.set_quoted('UDEVLIBEXECDIR', udevlibexecdir) - conf.set_quoted('UDEV_HWDB_DIR', udevhwdbdir) - conf.set_quoted('UDEV_RULES_DIR', udevrulesdir) -+conf.set_quoted('UPDATE_HELPER_USER_TIMEOUT', get_option('update-helper-user-timeout')) - conf.set_quoted('USER_CONFIG_UNIT_DIR', join_paths(pkgsysconfdir, 'user')) - conf.set_quoted('USER_DATA_UNIT_DIR', userunitdir) - conf.set_quoted('USER_ENV_GENERATOR_DIR', userenvgeneratordir) -diff --git a/meson_options.txt b/meson_options.txt -index b60261ac24..50f2b7b5e9 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -182,6 +182,8 @@ option('xinitrcdir', type : 'string', value : '', - description : 'directory for xinitrc files') - option('rpmmacrosdir', type : 'string', value : 'lib/rpm/macros.d', - description : 'directory for rpm macros ["no" disables]') -+option('update-helper-user-timeout', type : 'string', value : '15s', -+ description : 'how long to wait for user manager operations') - option('pamlibdir', type : 'string', - description : 'directory for PAM modules') - option('pamconfdir', type : 'string', -diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in -index bbdf036da7..caa2e45595 100644 ---- a/src/rpm/macros.systemd.in -+++ b/src/rpm/macros.systemd.in -@@ -93,7 +93,11 @@ fi \ - %{nil} - - %systemd_user_postun_with_restart() \ --%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \ -+%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_postun_with_restart}} \ -+if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ -+ # Package upgrade, not uninstall \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-restart-user-units %{?*} || : \ -+fi \ - %{nil} - - %udev_hwdb_update() %{nil} -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -index f3c75b75fa..f3466ab3c0 100755 ---- a/src/rpm/systemd-update-helper.in -+++ b/src/rpm/systemd-update-helper.in -@@ -26,6 +26,15 @@ case "$command" in - - remove-user-units) - systemctl --global disable "$@" -+ -+ [ -d /run/systemd/system ] || exit 0 -+ -+ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') -+ for user in $users; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -+ systemctl --user -M "$user@" disable --now "$@" & -+ done -+ wait - ;; - - mark-restart-system-units) -@@ -37,6 +46,17 @@ case "$command" in - wait - ;; - -+ mark-restart-user-units) -+ [ -d /run/systemd/system ] || exit 0 -+ -+ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') -+ for user in $users; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -+ systemctl --user -M "$user@" set-property "$unit" Markers=+needs-restart & -+ done -+ wait -+ ;; -+ - system-reload-restart|system-reload|system-restart) - if [ -n "$*" ]; then - echo "Unexpected arguments for '$command': $*" -@@ -54,6 +74,33 @@ case "$command" in - fi - ;; - -+ user-reload-restart|user-reload|user-restart) -+ if [ -n "$*" ]; then -+ echo "Unexpected arguments for '$command': $*" -+ exit 2 -+ fi -+ -+ [ -d /run/systemd/system ] || exit 0 -+ -+ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') -+ -+ if [[ "$command" =~ reload ]]; then -+ for user in $users; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -+ systemctl --user -M "$user@" daemon-reload & -+ done -+ wait -+ fi -+ -+ if [[ "$command" =~ restart ]]; then -+ for user in $users; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -+ systemctl --user -M "$user@" reload-or-restart --marked & -+ done -+ wait -+ fi -+ ;; -+ - *) - echo "Unknown verb '$command'" - exit 3 -diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in -index d29cc33dfd..8aeb2049c1 100644 ---- a/src/rpm/triggers.systemd.in -+++ b/src/rpm/triggers.systemd.in -@@ -20,6 +20,14 @@ elseif pid > 0 then - posix.wait(pid) - end - -+%transfiletriggerin -P 900899 -p -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-reload-restart")) -+elseif pid > 0 then -+ posix.wait(pid) -+end -+ - %transfiletriggerpostun -P 1000100 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - -- On removal, we need to run daemon-reload after any units have been - -- removed. -@@ -33,8 +41,17 @@ elseif pid > 0 then - posix.wait(pid) - end - -+%transfiletriggerpostun -P 1000100 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system -+-- Execute daemon-reload in user managers. -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-reload")) -+elseif pid > 0 then -+ posix.wait(pid) -+end -+ - %transfiletriggerpostun -P 10000 -p -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system ---- We restart remaining services that should be restarted here. -+-- We restart remaining system services that should be restarted here. - pid = posix.fork() - if pid == 0 then - assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-restart")) -@@ -42,6 +59,15 @@ elseif pid > 0 then - posix.wait(pid) - end - -+%transfiletriggerpostun -P 9999 -p -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user -+-- We restart remaining user services that should be restarted here. -+pid = posix.fork() -+if pid == 0 then -+ assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-restart")) -+elseif pid > 0 then -+ posix.wait(pid) -+end -+ - %transfiletriggerin -P 100700 -p -- {{SYSUSERS_DIR}} - -- This script will process files installed in {{SYSUSERS_DIR}} to create - -- specified users automatically. The priority is set such that it -diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in -index 83cd7617f8..694cd94e8d 100644 ---- a/src/rpm/triggers.systemd.sh.in -+++ b/src/rpm/triggers.systemd.sh.in -@@ -16,6 +16,9 @@ - # so sometimes we will reload needlessly. - {{SYSTEMD_UPDATE_HELPER_PATH}} system-reload-restart || : - -+%transfiletriggerin -P 900899 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user -+{{SYSTEMD_UPDATE_HELPER_PATH}} user-reload-restart || : -+ - %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system - # On removal, we need to run daemon-reload after any units have been - # removed. -@@ -24,10 +27,18 @@ - # executed. - {{SYSTEMD_UPDATE_HELPER_PATH}} system-reload || : - -+%transfiletriggerpostun -P 1000099 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user -+# Execute daemon-reload in user managers. -+{{SYSTEMD_UPDATE_HELPER_PATH}} user-reload || : -+ - %transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system --# We restart remaining services that should be restarted here. -+# We restart remaining system services that should be restarted here. - {{SYSTEMD_UPDATE_HELPER_PATH}} system-restart || : - -+%transfiletriggerpostun -P 9999 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user -+# We restart remaining user services that should be restarted here. -+{{SYSTEMD_UPDATE_HELPER_PATH}} user-restart || : -+ - %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}} - # This script will process files installed in {{SYSUSERS_DIR}} to create - # specified users automatically. The priority is set such that it diff --git a/0005-update-helper-also-add-user-reexec-verb.patch b/0005-update-helper-also-add-user-reexec-verb.patch deleted file mode 100644 index f5f407e..0000000 --- a/0005-update-helper-also-add-user-reexec-verb.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 1262e824a4d638e347ae0d39c973f1f750962533 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 23 Jul 2021 15:35:23 +0200 -Subject: [PATCH] update-helper: also add "user-reexec" verb - -This is not called from the systemd.triggers or systemd.macros files. Instead, -it would be called from the scriptlets in systemd rpm package itself, at the -place where we call systemctl daemon-reexec. - -See https://github.com/systemd/systemd/pull/20289#issuecomment-885622200 . ---- - src/rpm/systemd-update-helper.in | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -index f3466ab3c0..0c6675a9db 100755 ---- a/src/rpm/systemd-update-helper.in -+++ b/src/rpm/systemd-update-helper.in -@@ -74,7 +74,7 @@ case "$command" in - fi - ;; - -- user-reload-restart|user-reload|user-restart) -+ user-reload-restart|user-reload|user-restart|user-reexec) - if [ -n "$*" ]; then - echo "Unexpected arguments for '$command': $*" - exit 2 -@@ -84,6 +84,14 @@ case "$command" in - - users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') - -+ if [[ "$command" =~ reexec ]]; then -+ for user in $users; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -+ systemctl --user -M "$user@" daemon-reexec & -+ done -+ wait -+ fi -+ - if [[ "$command" =~ reload ]]; then - for user in $users; do - SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ diff --git a/0006-update-helper-add-missing-loop-over-user-units.patch b/0006-update-helper-add-missing-loop-over-user-units.patch deleted file mode 100644 index 308c4c2..0000000 --- a/0006-update-helper-add-missing-loop-over-user-units.patch +++ /dev/null @@ -1,30 +0,0 @@ -From a4eba5d8cfaabbd87687c651fcdd06df9e267931 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 4 Nov 2021 09:49:18 +0100 -Subject: [PATCH] update-helper: add missing loop over user units - -Noticed by Luca. - -shellcheck doens't catch this, and somehow it was missed in review -and testing ;( ---- - src/rpm/systemd-update-helper.in | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -index fa35e7ba90..7e007d4806 100755 ---- a/src/rpm/systemd-update-helper.in -+++ b/src/rpm/systemd-update-helper.in -@@ -52,8 +52,10 @@ case "$command" in - - users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') - for user in $users; do -- SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -- systemctl --user -M "$user@" set-property "$unit" Markers=+needs-restart & -+ for unit in "$@"; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \ -+ systemctl --user -M "$user@" set-property "$unit" Markers=+needs-restart & -+ done - done - wait - ;; diff --git a/2da7d0bc92.patch b/2da7d0bc92.patch deleted file mode 100644 index ad81b34..0000000 --- a/2da7d0bc92.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 2da7d0bc92e2423a5c7225c5d24b99d5d52a0bc6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 7 Jul 2021 18:02:50 +0200 -Subject: [PATCH] sd-bus: allow numerical uids in -M user@.host - -UIDs don't work well over ssh, but locally or with containers they are OK. -In particular, user@.service uses UIDs as identifiers, and it's nice to be -able to copy&paste that UID for interaction with the user's managers. ---- - src/libsystemd/sd-bus/sd-bus.c | 27 ++++++++++++++++++--------- - 1 file changed, 18 insertions(+), 9 deletions(-) - -diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c -index a32e2f5e2085..6960161c3658 100644 ---- a/src/libsystemd/sd-bus/sd-bus.c -+++ b/src/libsystemd/sd-bus/sd-bus.c -@@ -39,6 +39,7 @@ - #include "parse-util.h" - #include "path-util.h" - #include "process-util.h" -+#include "stdio-util.h" - #include "string-util.h" - #include "strv.h" - #include "user-util.h" -@@ -1617,7 +1618,7 @@ static int user_and_machine_valid(const char *user_and_machine) { - if (!user) - return -ENOMEM; - -- if (!isempty(user) && !valid_user_group_name(user, VALID_USER_RELAX)) -+ if (!isempty(user) && !valid_user_group_name(user, VALID_USER_RELAX | VALID_USER_ALLOW_NUMERIC)) - return false; - - h++; -@@ -1648,17 +1649,25 @@ static int user_and_machine_equivalent(const char *user_and_machine) { - - /* Otherwise, if we are root, then we can also allow the ".host" syntax, as that's the user this - * would connect to. */ -- if (geteuid() == 0 && STR_IN_SET(user_and_machine, ".host", "root@.host")) -+ uid_t uid = geteuid(); -+ -+ if (uid == 0 && STR_IN_SET(user_and_machine, ".host", "root@.host", "0@.host")) - return true; - -- /* Otherwise, we have to figure our user name, and compare things with that. */ -- un = getusername_malloc(); -- if (!un) -- return -ENOMEM; -+ /* Otherwise, we have to figure out our user id and name, and compare things with that. */ -+ char buf[DECIMAL_STR_MAX(uid_t)]; -+ xsprintf(buf, UID_FMT, uid); -+ -+ f = startswith(user_and_machine, buf); -+ if (!f) { -+ un = getusername_malloc(); -+ if (!un) -+ return -ENOMEM; - -- f = startswith(user_and_machine, un); -- if (!f) -- return false; -+ f = startswith(user_and_machine, un); -+ if (!f) -+ return false; -+ } - - return STR_IN_SET(f, "@", "@.host"); - } diff --git a/sources b/sources index 5142edc..d3bbd0a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-249.7.tar.gz) = 65848a1141f66f11610ab28f70ef2fa4539e2fc31b9f6c9d9a18d9d68be877ad02b5699d05d98b209eac4e28ba5141f83366c2b70f485f3f406d7bc14eb21365 +SHA512 (systemd-250-rc1.tar.gz) = efcf22abb5237328707942636c86b5a9080737913359863c3d568dadfffdd78667a27c0c2f9c6375de37964726e1dec0003092174a440213100a08c691fafce6 diff --git a/systemd.spec b/systemd.spec index bfa8375..309d7fe 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,7 +1,7 @@ #global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} -%global stable 1 +#global stable 1 # We ship a .pc file but don't want to have a dep on pkg-config. We # strip the automatically generated dep here and instead co-own the @@ -30,8 +30,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 249.7 -Release: 3%{?dist} +Version: 250~rc1 +Release: 1%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -91,14 +91,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Any patches which are "in preparation" upstream should be listed # here, rather than in the next section. Packit CI will drop any # patches in this range before applying upstream pull requests. -Patch0001: 0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch -Patch0002: 0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch -Patch0003: 0003-rpm-call-needs-restart-in-parallel.patch -Patch0004: 0004-rpm-restart-user-services-at-the-end-of-the-transact.patch -Patch0005: 0005-update-helper-also-add-user-reexec-verb.patch -Patch0006: 0006-update-helper-add-missing-loop-over-user-units.patch -Patch0007: https://github.com/systemd/systemd/commit/2da7d0bc92.patch # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -153,6 +146,7 @@ BuildRequires: pkgconfig(libfido2) BuildRequires: pkgconfig(tss2-esys) BuildRequires: pkgconfig(tss2-rc) BuildRequires: pkgconfig(tss2-mu) +BuildRequires: pkgconfig(libbpf) BuildRequires: systemtap-sdt-devel BuildRequires: libxslt BuildRequires: docbook-style-xsl @@ -449,6 +443,7 @@ CONFIGURE_OPTS=( -Dacl=true -Dsmack=true -Dopenssl=true + -Dcryptolib=openssl -Dp11kit=true -Dgcrypt=true -Daudit=true From 11bf1240567d9c7e1b314940c82efd4c55274692 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 9 Dec 2021 15:57:34 +0100 Subject: [PATCH 019/494] Fix memleak --- 21705.patch | 29 +++++++++++++++++++++++++++++ systemd.spec | 1 + 2 files changed, 30 insertions(+) create mode 100644 21705.patch diff --git a/21705.patch b/21705.patch new file mode 100644 index 0000000..51d5714 --- /dev/null +++ b/21705.patch @@ -0,0 +1,29 @@ +From ca52de3b56d5e70232bee29314cd84f5596c1e7f Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 9 Dec 2021 15:46:13 +0100 +Subject: [PATCH] process-util: Fix memory leak + +--- + src/basic/process-util.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/src/basic/process-util.c b/src/basic/process-util.c +index 1b96d3ca8543..c97185215847 100644 +--- a/src/basic/process-util.c ++++ b/src/basic/process-util.c +@@ -221,9 +221,12 @@ int get_process_cmdline(pid_t pid, size_t max_columns, ProcessCmdlineFlags flags + return -ENOMEM; + + /* Drop trailing empty strings. See issue #21186. */ +- STRV_FOREACH_BACKWARDS(p, args) +- if (isempty(*p)) +- *p = mfree(*p); ++ STRV_FOREACH_BACKWARDS(p, args) { ++ if (!isempty(*p)) ++ break; ++ ++ *p = mfree(*p); ++ } + + ans = quote_command_line(args, shflags); + if (!ans) diff --git a/systemd.spec b/systemd.spec index 309d7fe..2a0ba01 100644 --- a/systemd.spec +++ b/systemd.spec @@ -92,6 +92,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # here, rather than in the next section. Packit CI will drop any # patches in this range before applying upstream pull requests. +Patch0001: https://github.com/systemd/systemd/pull/21705.patch # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From 2afe364ac43a163fc4183870727e293fb9cea9d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Tue, 16 Nov 2021 12:31:49 +0100 Subject: [PATCH 020/494] spec: remove nsswitch.conf scriptlet Related to: https://fedoraproject.org/wiki/Changes/Make_Authselect_Mandatory Both systemd and resolved nss modules are now enabled by default in authselect. Users are now expected to use authselect to configure the system and packages should no longer support non-authselect configurations. Resolves: rhbz#2023743 --- systemd.spec | 43 +++++++++---------------------------------- 1 file changed, 9 insertions(+), 34 deletions(-) diff --git a/systemd.spec b/systemd.spec index 2a0ba01..07dadd0 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 250~rc1 -Release: 1%{?dist} +Release: 2%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -783,39 +783,6 @@ systemctl --no-reload preset systemd-oomd.service &>/dev/null || : %post libs %{?ldconfig} -function mod_nss() { - if [ -f "$1" ] ; then - # Add nss-systemd to passwd and group - grep -E -q '^(passwd|group):.* systemd' "$1" || - sed -i.bak -r -e ' - s/^(passwd|group):(.*)/\1:\2 systemd/ - ' "$1" &>/dev/null || : - - # Add nss-resolve to hosts - if grep -E -q '^hosts:.* resolve' "$1"; then - sed -i.bak -r -e ' - s/^(hosts):(.*) files( .*) myhostname dns/\1:\2 files myhostname\3 dns/ - ' "$1" &>/dev/null || : - - else - sed -i.bak -r -e ' - s/^(hosts):(.*) files( mdns4_minimal .NOTFOUND=return.)? dns myhostname/\1:\2 files myhostname\3 resolve [!UNAVAIL=return] dns/ - ' "$1" &>/dev/null || : - fi - fi -} - -FILE="$(readlink /etc/nsswitch.conf || echo /etc/nsswitch.conf)" -if [ "$FILE" = "/etc/authselect/nsswitch.conf" ] && authselect check &>/dev/null; then - mod_nss "/etc/authselect/user-nsswitch.conf" - authselect apply-changes &> /dev/null || : -else - mod_nss "$FILE" - # also apply the same changes to user-nsswitch.conf to affect - # possible future authselect configuration - mod_nss "/etc/authselect/user-nsswitch.conf" -fi - # check if nobody or nfsnobody is defined export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 if getent passwd nfsnobody &>/dev/null; then @@ -1008,6 +975,14 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Thu Dec 9 2021 Pavel Březina - 250~rc1-2 +- Remove nsswitch.conf scriptlets (#2023743) + +* Thu Dec 9 2021 Zbigniew Jędrzejewski-Szmek - 250~rc1-1 +- Version 250-rc1, + see https://raw.githubusercontent.com/systemd/systemd/v250-rc1/NEWS for + details. + * Fri Nov 19 2021 Davide Cavalca - 249.7-3 - Disable legacy iptables support From 1634b1b16aa61fbb7fe190085dca906541c32bde Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 9 Dec 2021 18:48:08 +0100 Subject: [PATCH 021/494] Revert "spec: remove nsswitch.conf scriptlet" This reverts commit 2afe364ac43a163fc4183870727e293fb9cea9d4. Unfortunately the build failed on dependencies: DEBUG util.py:444: Error: DEBUG util.py:444: Problem: package authselect-libs-1.3.0-1.fc36.x86_64 conflicts with glibc < 2.34.9000-27 provided by glibc-2.34.9000-26.fc36.x86_64 DEBUG util.py:444: - package util-linux-2.37.2-1.fc36.x86_64 requires /etc/pam.d/system-auth, but none of the providers can be installed DEBUG util.py:444: - package gawk-5.1.1-1.fc36.x86_64 requires libm.so.6()(64bit), but none of the providers can be installed DEBUG util.py:444: - package gawk-5.1.1-1.fc36.x86_64 requires libm.so.6(GLIBC_2.2.5)(64bit), but none of the providers can be installed DEBUG util.py:444: - package gawk-5.1.1-1.fc36.x86_64 requires libm.so.6(GLIBC_2.29)(64bit), but none of the providers can be installed DEBUG util.py:444: - package gawk-5.1.1-1.fc36.x86_64 requires rtld(GNU_HASH), but none of the providers can be installed DEBUG util.py:444: - package gawk-5.1.1-1.fc36.x86_64 requires libc.so.6(GLIBC_2.34)(64bit), but none of the providers can be installed DEBUG util.py:444: - conflicting requests I need to build the package again in rawhide, so this needs to be reverted for now. --- systemd.spec | 36 +++++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index 07dadd0..33fe2b1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -783,6 +783,39 @@ systemctl --no-reload preset systemd-oomd.service &>/dev/null || : %post libs %{?ldconfig} +function mod_nss() { + if [ -f "$1" ] ; then + # Add nss-systemd to passwd and group + grep -E -q '^(passwd|group):.* systemd' "$1" || + sed -i.bak -r -e ' + s/^(passwd|group):(.*)/\1:\2 systemd/ + ' "$1" &>/dev/null || : + + # Add nss-resolve to hosts + if grep -E -q '^hosts:.* resolve' "$1"; then + sed -i.bak -r -e ' + s/^(hosts):(.*) files( .*) myhostname dns/\1:\2 files myhostname\3 dns/ + ' "$1" &>/dev/null || : + + else + sed -i.bak -r -e ' + s/^(hosts):(.*) files( mdns4_minimal .NOTFOUND=return.)? dns myhostname/\1:\2 files myhostname\3 resolve [!UNAVAIL=return] dns/ + ' "$1" &>/dev/null || : + fi + fi +} + +FILE="$(readlink /etc/nsswitch.conf || echo /etc/nsswitch.conf)" +if [ "$FILE" = "/etc/authselect/nsswitch.conf" ] && authselect check &>/dev/null; then + mod_nss "/etc/authselect/user-nsswitch.conf" + authselect apply-changes &> /dev/null || : +else + mod_nss "$FILE" + # also apply the same changes to user-nsswitch.conf to affect + # possible future authselect configuration + mod_nss "/etc/authselect/user-nsswitch.conf" +fi + # check if nobody or nfsnobody is defined export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 if getent passwd nfsnobody &>/dev/null; then @@ -975,9 +1008,6 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog -* Thu Dec 9 2021 Pavel Březina - 250~rc1-2 -- Remove nsswitch.conf scriptlets (#2023743) - * Thu Dec 9 2021 Zbigniew Jędrzejewski-Szmek - 250~rc1-1 - Version 250-rc1, see https://raw.githubusercontent.com/systemd/systemd/v250-rc1/NEWS for From b24b99d669ecd2465f291139fbc85b7da26c1249 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 9 Dec 2021 23:10:44 +0100 Subject: [PATCH 022/494] Add Recommends for dlopened libs and move files into subpackages --- split-files.py | 29 +++++++++++++++++++++-------- systemd.spec | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 8 deletions(-) diff --git a/split-files.py b/split-files.py index f883f73..3ada1ed 100644 --- a/split-files.py +++ b/split-files.py @@ -85,6 +85,7 @@ for file in files(buildroot): o = o_networkd elif '.so.' in n: o = o_libs + elif re.search(r'''udev(?!\.pc)| hwdb| bootctl| @@ -98,6 +99,7 @@ for file in files(buildroot): random-seed| modules-load| timesync| + crypttab| cryptsetup| kmod| quota| @@ -110,25 +112,35 @@ for file in files(buildroot): repart| gpt-auto| volatile-root| - verity-setup| + veritysetup| + integritysetup| + integritytab| remount-fs| /boot$| /boot/efi| /kernel/| /kernel$| - /modprobe.d - ''', n, re.X): + /modprobe.d| + binfmt| + sysctl| + coredump| + homed|home1| + portabled|portable1 + ''', n, re.X): # coredumpctl, homectl, portablectl are included in the main package because + # they can be used to interact with remote daemons. Also, the user could be + # confused if those user-facing binaries are not available. o = o_udev - elif re.search(r'''resolvectl| - resolved| + + elif re.search(r'''resolved|resolve1| systemd-resolve| resolvconf| - resolve1\. - ''', n, re.X): - # keep only nss-resolve in systemd + systemd\.(positive|negative) + ''', n, re.X): # resolvectl and nss-resolve are in the main package. o = o_resolve + elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X): o = o_oomd_defaults + elif n.endswith('.standalone'): if 'tmpfiles' in n: o = o_standalone_tmpfiles @@ -136,6 +148,7 @@ for file in files(buildroot): o = o_standalone_sysusers else: assert False, 'Found .standalone not belonging to known packages' + else: o = o_rest diff --git a/systemd.spec b/systemd.spec index 33fe2b1..c26caec 100644 --- a/systemd.spec +++ b/systemd.spec @@ -216,6 +216,18 @@ Recommends: libpcre2-8.so.0%{?elf_suffix} Recommends: libpwquality.so.1%{?elf_suffix} Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits} Recommends: libqrencode.so.4%{?elf_suffix} +Recommends: libbpf.so.0%{?elf_suffix} +Recommends: libbpf.so.0(LIBBPF_0.4.0)%{?elf_bits} + +# used by systemd-coredump and systemd-analyze +Recommends: libdw.so.1%{?elf_suffix} +Recommends: libdw.so.1(ELFUTILS_0.186)%{?elf_bits} +Recommends: libelf.so.1%{?elf_suffix} +Recommends: libelf.so.1(ELFUTILS_1.7)%{?elf_bits} + +# used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home +Recommends: libcryptsetup.so.12%{?elf_suffix} +Recommends: libcryptsetup.so.12(CRYPTSETUP_2.4)%{?elf_bits} %description systemd is a system and service manager that runs as PID 1 and starts the rest @@ -299,6 +311,23 @@ Provides: udev = %{version} Provides: udev%{_isa} = %{version} Obsoletes: udev < 183 +# Recommends to replace normal Requires deps for stuff that is dlopen()ed +# used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home +Recommends: libcryptsetup.so.12%{?elf_suffix} +Recommends: libcryptsetup.so.12(CRYPTSETUP_2.4)%{?elf_bits} + +# used by systemd-coredump and systemd-analyze +Recommends: libdw.so.1%{?elf_suffix} +Recommends: libdw.so.1(ELFUTILS_0.186)%{?elf_bits} +Recommends: libelf.so.1%{?elf_suffix} +Recommends: libelf.so.1(ELFUTILS_1.7)%{?elf_bits} + +# used by home, cryptsetup, cryptenroll +Recommends: libfido2.so.1%{?elf_suffix} +Recommends: libtss2-esys.so.0%{?elf_suffix} +Recommends: libtss2-mu.so.0%{?elf_suffix} +Recommends: libtss2-rc.so.0%{?elf_suffix} + # https://bugzilla.redhat.com/show_bug.cgi?id=1377733#c9 Suggests: systemd-bootchart # https://bugzilla.redhat.com/show_bug.cgi?id=1408878 @@ -313,6 +342,9 @@ This package contains systemd-udev and the rules and hardware database needed to manage device nodes. This package is necessary on physical machines and in virtual machines, but not in containers. +It also contains tools to manage encrypted home areas and secrets bound to the +machine. + %package container # Name is the same as in Debian Summary: Tools for containers and VMs @@ -367,6 +399,8 @@ devices. Summary: Network Name Resolution manager Requires: %{name}%{?_isa} = %{version}-%{release} Obsoletes: %{name} < 249~~ +Requires: libidn2.so.0%{?elf_suffix} +Requires: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} %description resolved systemd-resolved is a system service that provides network name resolution to From 0898a89444bcba31247822cdc7603229fc2b8fb5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Tue, 16 Nov 2021 12:31:49 +0100 Subject: [PATCH 023/494] spec: remove nsswitch.conf scriptlet Related to: https://fedoraproject.org/wiki/Changes/Make_Authselect_Mandatory Both systemd and resolved nss modules are now enabled by default in authselect. Users are now expected to use authselect to configure the system and packages should no longer support non-authselect configurations. Resolves: rhbz#2023743 --- systemd.spec | 38 ++++---------------------------------- 1 file changed, 4 insertions(+), 34 deletions(-) diff --git a/systemd.spec b/systemd.spec index c26caec..5d43577 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 250~rc1 -Release: 2%{?dist} +Release: 3%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -817,39 +817,6 @@ systemctl --no-reload preset systemd-oomd.service &>/dev/null || : %post libs %{?ldconfig} -function mod_nss() { - if [ -f "$1" ] ; then - # Add nss-systemd to passwd and group - grep -E -q '^(passwd|group):.* systemd' "$1" || - sed -i.bak -r -e ' - s/^(passwd|group):(.*)/\1:\2 systemd/ - ' "$1" &>/dev/null || : - - # Add nss-resolve to hosts - if grep -E -q '^hosts:.* resolve' "$1"; then - sed -i.bak -r -e ' - s/^(hosts):(.*) files( .*) myhostname dns/\1:\2 files myhostname\3 dns/ - ' "$1" &>/dev/null || : - - else - sed -i.bak -r -e ' - s/^(hosts):(.*) files( mdns4_minimal .NOTFOUND=return.)? dns myhostname/\1:\2 files myhostname\3 resolve [!UNAVAIL=return] dns/ - ' "$1" &>/dev/null || : - fi - fi -} - -FILE="$(readlink /etc/nsswitch.conf || echo /etc/nsswitch.conf)" -if [ "$FILE" = "/etc/authselect/nsswitch.conf" ] && authselect check &>/dev/null; then - mod_nss "/etc/authselect/user-nsswitch.conf" - authselect apply-changes &> /dev/null || : -else - mod_nss "$FILE" - # also apply the same changes to user-nsswitch.conf to affect - # possible future authselect configuration - mod_nss "/etc/authselect/user-nsswitch.conf" -fi - # check if nobody or nfsnobody is defined export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 if getent passwd nfsnobody &>/dev/null; then @@ -1042,6 +1009,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Fri Dec 10 2021 Pavel Březina - 250~rc1-3 +- Remove nsswitch.conf scriptlets (#2023743) + * Thu Dec 9 2021 Zbigniew Jędrzejewski-Szmek - 250~rc1-1 - Version 250-rc1, see https://raw.githubusercontent.com/systemd/systemd/v250-rc1/NEWS for From 711d924ba3a3423bca3466b15b64a5de74461106 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 12 Dec 2021 13:01:40 +0100 Subject: [PATCH 024/494] Move systemd-boot-update.service to -udev subpackage It will not be enabled on upgrades, but I think this is OK. sd-boot is not very widely used anyway. --- split-files.py | 1 + systemd.spec | 8 ++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/split-files.py b/split-files.py index 3ada1ed..e5acd0f 100644 --- a/split-files.py +++ b/split-files.py @@ -89,6 +89,7 @@ for file in files(buildroot): elif re.search(r'''udev(?!\.pc)| hwdb| bootctl| + boot-update| sd-boot|systemd-boot\.|loader.conf| bless-boot| boot-system-token| diff --git a/systemd.spec b/systemd.spec index 5d43577..50dd0a9 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 250~rc1 -Release: 3%{?dist} +Release: 4%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -835,7 +835,7 @@ fi %{?ldconfig:%postun libs -p %ldconfig} -%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service +%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service systemd-boot-update.service %post udev # Move old stuff around in /var/lib @@ -1009,6 +1009,10 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Sun Dec 12 2021 Zbigniew Jędrzejewski-Szmek - 250~rc1-4 +- Move systemd-boot-update.service to -udev subpackage + and add it the the installation scriptlets (#2031400) + * Fri Dec 10 2021 Pavel Březina - 250~rc1-3 - Remove nsswitch.conf scriptlets (#2023743) From 184bb740917bafa5510ab86a620dfc774f62e288 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 14 Dec 2021 19:09:00 +0100 Subject: [PATCH 025/494] Move libcryptsetup-token plugins to -udev --- split-files.py | 1 + systemd.spec | 1 + 2 files changed, 2 insertions(+) diff --git a/split-files.py b/split-files.py index e5acd0f..9614c07 100644 --- a/split-files.py +++ b/split-files.py @@ -102,6 +102,7 @@ for file in files(buildroot): timesync| crypttab| cryptsetup| + libcryptsetup-token-systemd| kmod| quota| pstore| diff --git a/systemd.spec b/systemd.spec index 50dd0a9..82ab584 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1012,6 +1012,7 @@ fi * Sun Dec 12 2021 Zbigniew Jędrzejewski-Szmek - 250~rc1-4 - Move systemd-boot-update.service to -udev subpackage and add it the the installation scriptlets (#2031400) +- Move libcryptsetup-token-systemd plugins to -udev (#2031873) * Fri Dec 10 2021 Pavel Březina - 250~rc1-3 - Remove nsswitch.conf scriptlets (#2023743) From 7f4e198603a65580e47a7e187bea5dcfb29a73e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 18 Dec 2021 16:50:52 +0100 Subject: [PATCH 026/494] Create /etc/resolv.conf symlink if nothing is present yet --- systemd.spec | 37 ++++++++++++++++++++++++------------- 1 file changed, 24 insertions(+), 13 deletions(-) diff --git a/systemd.spec b/systemd.spec index 82ab584..0dff05c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -397,6 +397,8 @@ devices. %package resolved Summary: Network Name Resolution manager +Requires(post): %{name} +Requires(post): grep Requires: %{name}%{?_isa} = %{version}-%{release} Obsoletes: %{name} < 249~~ Requires: libidn2.so.0%{?elf_suffix} @@ -916,13 +918,13 @@ if [ $1 -eq 0 ] ; then systemctl disable --quiet \ systemd-resolved.service \ >/dev/null || : - if [ -L %{_sysconfdir}/resolv.conf ] && \ - realpath %{_sysconfdir}/resolv.conf | grep ^/run/systemd/resolve/; then - rm -f %{_sysconfdir}/resolv.conf # no longer useful + if [ -L /etc/resolv.conf ] && \ + realpath /etc/resolv.conf | grep ^/run/systemd/resolve/; then + rm -f /etc/resolv.conf # no longer useful # if network manager is enabled, move to it instead [ -f /run/NetworkManager/resolv.conf ] && \ systemctl -q is-enabled NetworkManager.service &>/dev/null && \ - ln -fsv ../run/NetworkManager/resolv.conf %{_sysconfdir}/resolv.conf + ln -fsv ../run/NetworkManager/resolv.conf /etc/resolv.conf fi fi @@ -943,17 +945,25 @@ fi # does not do this, because it's marked with ! and we don't specify --boot.) # https://bugzilla.redhat.com/show_bug.cgi?id=1873856 # -# If systemd is not running, don't overwrite the symlink because that -# will immediately break DNS resolution, since systemd-resolved is -# also not running (https://bugzilla.redhat.com/show_bug.cgi?id=1891847). +# *Create* the symlink if nothing is present yet. +# (https://bugzilla.redhat.com/show_bug.cgi?id=2032085) +# +# *Override* the symlink if systemd is running. Don't do it if systemd +# is not running, because that will immediately break DNS resolution, +# since systemd-resolved is also not running +# (https://bugzilla.redhat.com/show_bug.cgi?id=1891847). # # Also don't create the symlink to the stub when the stub is disabled (#1891847 again). -if test -d /run/systemd/system/ && - systemctl -q is-enabled systemd-resolved.service &>/dev/null && - ! mountpoint /etc/resolv.conf &>/dev/null && - ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null | \ - grep -qE '^DNSStubListener\s*=\s*([nN][oO]?|[fF]|[fF][aA][lL][sS][eE]|0|[oO][fF][fF])$'; then - ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf +if systemctl -q is-enabled systemd-resolved.service &>/dev/null && + ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null | + grep -iqE '^DNSStubListener\s*=\s*(no?|false|0|off)\s*$'; then + + if ! test -e /etc/resolv.conf; then + ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf + elif test -d /run/systemd/system/ && + ! mountpoint /etc/resolv.conf &>/dev/null; then + ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf + fi fi %global _docdir_fmt %{name} @@ -1013,6 +1023,7 @@ fi - Move systemd-boot-update.service to -udev subpackage and add it the the installation scriptlets (#2031400) - Move libcryptsetup-token-systemd plugins to -udev (#2031873) +- Create /etc/resolv.conf symlink if nothing is present yet (#2032085) * Fri Dec 10 2021 Pavel Březina - 250~rc1-3 - Remove nsswitch.conf scriptlets (#2023743) From b1af82542674e5c52db9475a9c16532f9418ccf1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 20 Dec 2021 19:45:08 +0100 Subject: [PATCH 027/494] Version 250-rc3 --- sources | 2 +- systemd.spec | 11 ++++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/sources b/sources index d3bbd0a..90ce819 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-250-rc1.tar.gz) = efcf22abb5237328707942636c86b5a9080737913359863c3d568dadfffdd78667a27c0c2f9c6375de37964726e1dec0003092174a440213100a08c691fafce6 +SHA512 (systemd-250-rc3.tar.gz) = 7ddba91eea3357c493a6ec4dc427b4ec9ecd5d6322ab4827aaeb26ccc152354e85d1e81f0aa1bffae5b4d4cbd80626acda764915187d54c1773192bdbb50999f diff --git a/systemd.spec b/systemd.spec index 0dff05c..1081ee3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,8 +30,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 250~rc1 -Release: 4%{?dist} +Version: 250~rc3 +Release: 1%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -92,7 +92,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # here, rather than in the next section. Packit CI will drop any # patches in this range before applying upstream pull requests. -Patch0001: https://github.com/systemd/systemd/pull/21705.patch # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -1019,6 +1018,12 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Mon Dec 20 2021 Zbigniew Jędrzejewski-Szmek - 250~rc3-1 +- Latest prerelease, see + https://raw.githubusercontent.com/systemd/systemd/v250-rc3/NEWS for + details. +- Fixes rhbz#2006761, rhbz#2027627, rhbz#1926323, rhbz#1919538. + * Sun Dec 12 2021 Zbigniew Jędrzejewski-Szmek - 250~rc1-4 - Move systemd-boot-update.service to -udev subpackage and add it the the installation scriptlets (#2031400) From 34a8fa5907172c6d9f74af5d7919d492c91e0ae8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 23 Dec 2021 13:45:31 +0100 Subject: [PATCH 028/494] Switch unit status name format to 'combined' --- systemd.spec | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/systemd.spec b/systemd.spec index 1081ee3..fc7572e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -521,6 +521,8 @@ CONFIGURE_OPTS=( # https://bugzilla.redhat.com/show_bug.cgi?id=1867830 -Ddefault-mdns=no -Ddefault-llmnr=resolve + # https://bugzilla.redhat.com/show_bug.cgi?id=2028169 + -Dstatus-unit-format-default=combined -Doomd=true -Dadm-gid=4 -Daudio-gid=63 @@ -1018,6 +1020,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Thu Dec 23 2021 Zbigniew Jędrzejewski-Szmek - 250~rc3-1 +- Switch unit status name format to 'combined' (#2028169) + * Mon Dec 20 2021 Zbigniew Jędrzejewski-Szmek - 250~rc3-1 - Latest prerelease, see https://raw.githubusercontent.com/systemd/systemd/v250-rc3/NEWS for From 2edf38c273813bc91a64a92fcd91b0b01985216d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 23 Dec 2021 13:47:14 +0100 Subject: [PATCH 029/494] Version 250 --- sources | 2 +- systemd.spec | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/sources b/sources index 90ce819..5daab2f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-250-rc3.tar.gz) = 7ddba91eea3357c493a6ec4dc427b4ec9ecd5d6322ab4827aaeb26ccc152354e85d1e81f0aa1bffae5b4d4cbd80626acda764915187d54c1773192bdbb50999f +SHA512 (systemd-250.tar.gz) = 7894ea63793dd0c6ae12f6acab04ba02e247e537c404693f69174bf4a10d85f01f51c4938912c9a43c35e526b3ae945a1774d45249b58b31a393332b6c01f4f8 diff --git a/systemd.spec b/systemd.spec index fc7572e..60dee99 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 250~rc3 +Version: 250 Release: 1%{?dist} %else # determine the build information from local checkout @@ -1020,7 +1020,8 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog -* Thu Dec 23 2021 Zbigniew Jędrzejewski-Szmek - 250~rc3-1 +* Thu Dec 23 2021 Zbigniew Jędrzejewski-Szmek - 250-1 +- Version 250, only some very small changes since -rc3. - Switch unit status name format to 'combined' (#2028169) * Mon Dec 20 2021 Zbigniew Jędrzejewski-Szmek - 250~rc3-1 From 3c872dc5d92d43916a6153ae73f8b4e4e3a10d17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 25 Dec 2021 11:02:05 +0100 Subject: [PATCH 030/494] Fix warning about systemd-boot-update.service not existing on arm32 --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 60dee99..079964a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -838,7 +838,7 @@ fi %{?ldconfig:%postun libs -p %ldconfig} -%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service systemd-boot-update.service +%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service %{?have_gnu_efi:systemd-boot-update.service} %post udev # Move old stuff around in /var/lib From 7993a98ea432fa88bd416edbf7cbab3ca6a58177 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 25 Dec 2021 15:29:02 +0100 Subject: [PATCH 031/494] Enable bpf-framework --- systemd.spec | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 079964a..508c961 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 250 -Release: 1%{?dist} +Release: 2%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -106,6 +106,7 @@ Patch0501: https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8 BuildRequires: gcc BuildRequires: gcc-c++ +BuildRequires: clang BuildRequires: coreutils BuildRequires: libcap-devel BuildRequires: libmount-devel @@ -147,6 +148,7 @@ BuildRequires: pkgconfig(tss2-esys) BuildRequires: pkgconfig(tss2-rc) BuildRequires: pkgconfig(tss2-mu) BuildRequires: pkgconfig(libbpf) +BuildRequires: bpftool BuildRequires: systemtap-sdt-devel BuildRequires: libxslt BuildRequires: docbook-style-xsl @@ -468,6 +470,7 @@ CONFIGURE_OPTS=( -Dseccomp=true -Dima=true -Dselinux=true + -Dbpf-framework=true -Dapparmor=false -Dpolkit=true -Dxz=true @@ -1020,6 +1023,11 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Sat Dec 25 2021 Zbigniew Jędrzejewski-Szmek - 250-2 +- Fix warning about systemd-boot-update.service not existing on + non-uefi architectures +- Enable all bpf features (#2035608) + * Thu Dec 23 2021 Zbigniew Jędrzejewski-Szmek - 250-1 - Version 250, only some very small changes since -rc3. - Switch unit status name format to 'combined' (#2028169) From 114f45fe1f881453b3705ad174aee5461630f956 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 28 Dec 2021 16:10:15 +0100 Subject: [PATCH 032/494] Skip bpf filtering on arm32 and ppc64el --- systemd.spec | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 508c961..3502c7f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -104,6 +104,13 @@ Patch0501: https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8 %global have_gnu_efi 1 %endif +# bpf build fails on arm32 and ppc64el: +# https://bugzilla.redhat.com/show_bug.cgi?id=2035608 +# https://github.com/systemd/systemd/issues/21900 +%ifnarch ppc64le %{arm} +%global want_bpf_framework 1 +%endif + BuildRequires: gcc BuildRequires: gcc-c++ BuildRequires: clang @@ -470,7 +477,7 @@ CONFIGURE_OPTS=( -Dseccomp=true -Dima=true -Dselinux=true - -Dbpf-framework=true + -Dbpf-framework=%[0%{?want_bpf_framework}?"true":"false"] -Dapparmor=false -Dpolkit=true -Dxz=true From 60d0bbefe28141798749cc10da331dfaf36d4174 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 30 Dec 2021 21:42:10 +0100 Subject: [PATCH 033/494] Disable bpf filters on arm64 --- systemd.spec | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 3502c7f..a7d4e59 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 250 -Release: 2%{?dist} +Release: 3%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -107,7 +107,10 @@ Patch0501: https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8 # bpf build fails on arm32 and ppc64el: # https://bugzilla.redhat.com/show_bug.cgi?id=2035608 # https://github.com/systemd/systemd/issues/21900 -%ifnarch ppc64le %{arm} +# +# Also disable on arm64: +# https://bugzilla.redhat.com/show_bug.cgi?id=2036145 +%ifnarch ppc64le %{arm} aarch64 %global want_bpf_framework 1 %endif @@ -1030,6 +1033,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Thu Dec 30 2021 Zbigniew Jędrzejewski-Szmek - 250-3 +- Disable bpf filters on arm64 (#2036145) + * Sat Dec 25 2021 Zbigniew Jędrzejewski-Szmek - 250-2 - Fix warning about systemd-boot-update.service not existing on non-uefi architectures From 620e0cff6ba9e0d21396e77f58b77c89b0b164b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Jan 2022 14:19:42 +0100 Subject: [PATCH 034/494] Install only license files relevant to the effective license We installed all the license files for the licenses used in the sources (as %doc), but that doesn't seem useful. --- systemd.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index a7d4e59..87ff2d3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -984,8 +984,10 @@ fi %files -f %{name}.lang -f .file-list-rest %doc %{_pkgdocdir} -%exclude %{_pkgdocdir}/LICENSE.* +%exclude %{_pkgdocdir}/LICENSE* +# Only the licenses texts for the licenses in License line are included. %license LICENSE.GPL2 LICENSE.LGPL2.1 +%license LICENSES/MIT.txt %ghost %dir %attr(0755,-,-) /etc/systemd/system/basic.target.wants %ghost %dir %attr(0755,-,-) /etc/systemd/system/bluetooth.target.wants %ghost %dir %attr(0755,-,-) /etc/systemd/system/default.target.wants From 206f30e9fd9a91bcbfe933f51c210c51e9dd04a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 4 Jan 2022 17:41:56 +0100 Subject: [PATCH 035/494] Version 250.1 --- sources | 2 +- systemd.spec | 18 ++++++++++++------ 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/sources b/sources index 5daab2f..56b4ee6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-250.tar.gz) = 7894ea63793dd0c6ae12f6acab04ba02e247e537c404693f69174bf4a10d85f01f51c4938912c9a43c35e526b3ae945a1774d45249b58b31a393332b6c01f4f8 +SHA512 (systemd-250.1.tar.gz) = a40a83dae353de8cf816f3408f91b9f72dfa1f4bae195fb48c2756c0c316bf6cb0def1be550c0322456e4940690d90ff324ca6d91126d9b13cfe9954c42e0216 diff --git a/systemd.spec b/systemd.spec index 87ff2d3..f2bdf14 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,7 +1,7 @@ #global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} -#global stable 1 +%global stable 1 # We ship a .pc file but don't want to have a dep on pkg-config. We # strip the automatically generated dep here and instead co-own the @@ -30,8 +30,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 250 -Release: 3%{?dist} +Version: 250.1 +Release: 1%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -250,8 +250,7 @@ service control logic. systemd supports SysV and LSB init scripts and works as a replacement for sysvinit. Other parts of this package are a logging daemon, utilities to control basic system configuration like the hostname, date, locale, maintain a list of logged-in users, system accounts, runtime directories and -settings, and daemons to manage simple network configuration, network time -synchronization, log forwarding, and name resolution. +settings, and a logging daemons. %if 0%{?stable} This package was built from the %{version}-stable branch of systemd. %endif @@ -353,8 +352,10 @@ This package contains systemd-udev and the rules and hardware database needed to manage device nodes. This package is necessary on physical machines and in virtual machines, but not in containers. +This package also provides systemd-timesyncd, a network time protocol daemon. + It also contains tools to manage encrypted home areas and secrets bound to the -machine. +machine, and to create or grow partitions and make file systems automatically. %package container # Name is the same as in Debian @@ -1035,6 +1036,11 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Tue Jan 4 2022 Zbigniew Jędrzejewski-Szmek - 250.1-1 +- First stable version after v250: various bugfixes, in particular for + sd-boot, systemd-networkd, and various build issues. +- Fixes #2036517, #2035608, #2036217. + * Thu Dec 30 2021 Zbigniew Jędrzejewski-Szmek - 250-3 - Disable bpf filters on arm64 (#2036145) From c1e2f480f76f494aa8ace232982e79f6f3702235 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 4 Jan 2022 17:53:46 +0100 Subject: [PATCH 036/494] Disable bpf filters on s390x --- systemd.spec | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/systemd.spec b/systemd.spec index f2bdf14..44d3ff1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -104,13 +104,9 @@ Patch0501: https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8 %global have_gnu_efi 1 %endif -# bpf build fails on arm32 and ppc64el: -# https://bugzilla.redhat.com/show_bug.cgi?id=2035608 -# https://github.com/systemd/systemd/issues/21900 -# -# Also disable on arm64: +# Disable on arm64, s390x, ppc64el, and arm where it either is not supported or does't work. # https://bugzilla.redhat.com/show_bug.cgi?id=2036145 -%ifnarch ppc64le %{arm} aarch64 +%ifnarch ppc64le %{arm} aarch64 s390x %global want_bpf_framework 1 %endif From d1787ccd075adc1ea8c363677578afcb7afc24cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 7 Jan 2022 17:52:31 +0100 Subject: [PATCH 037/494] Version 250.2 --- sources | 2 +- systemd.spec | 27 +++++++++++++++++---------- 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/sources b/sources index 56b4ee6..384f6b0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-250.1.tar.gz) = a40a83dae353de8cf816f3408f91b9f72dfa1f4bae195fb48c2756c0c316bf6cb0def1be550c0322456e4940690d90ff324ca6d91126d9b13cfe9954c42e0216 +SHA512 (systemd-250.2.tar.gz) = 2f734c1d1ea98ee3f1beb00689a0d56603cd981aa938bee1655445ddd4af3b2bb6472249fa158741edcb2259ee302b625e124c38b7d2ec00c53760d6b362d5bb diff --git a/systemd.spec b/systemd.spec index 44d3ff1..9d57c74 100644 --- a/systemd.spec +++ b/systemd.spec @@ -17,8 +17,8 @@ %global elf_suffix ()%{elf_bits} %endif -# Bootstrap may be needed to break intercircular dependencies with -# cryptsetup, e.g. when re-building cryptsetup on a json-c SONAME-bump. +# Bootstrap may be needed to break circular dependencies with cryptsetup, +# e.g. when re-building cryptsetup on a json-c SONAME-bump. %bcond_with bootstrap %bcond_without tests %bcond_without lto @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 250.1 +Version: 250.2 Release: 1%{?dist} %else # determine the build information from local checkout @@ -104,12 +104,6 @@ Patch0501: https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8 %global have_gnu_efi 1 %endif -# Disable on arm64, s390x, ppc64el, and arm where it either is not supported or does't work. -# https://bugzilla.redhat.com/show_bug.cgi?id=2036145 -%ifnarch ppc64le %{arm} aarch64 s390x -%global want_bpf_framework 1 -%endif - BuildRequires: gcc BuildRequires: gcc-c++ BuildRequires: clang @@ -477,7 +471,7 @@ CONFIGURE_OPTS=( -Dseccomp=true -Dima=true -Dselinux=true - -Dbpf-framework=%[0%{?want_bpf_framework}?"true":"false"] + -Dbpf-framework=true -Dapparmor=false -Dpolkit=true -Dxz=true @@ -1032,6 +1026,19 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Fri Jan 7 2022 Zbigniew Jędrzejewski-Szmek - 250.2-1 +- Second stable release after v250: various bugfixes + (systemd-resolved, systemd-journald, userdbctl, homed). +- The manager should now gracefully handle the case where BPF LSM + cannot be initialized (#2036145). The BPF filters are enabled again + on all architectures, so *other* filter should also work on the + affected architectures. +- kernel-install now checks paths used by grub2 before sd-boot paths again + (#2036199) +- fstab-generator now ignores root-on-nfs/cifs/iscsi and live (#2037233) +- CVE-2021-3997, #2024639: systemd-tmpfiles would exhaust the stack and crash + during excessive recursion on a very deeply nested directory structure. + * Tue Jan 4 2022 Zbigniew Jędrzejewski-Szmek - 250.1-1 - First stable version after v250: various bugfixes, in particular for sd-boot, systemd-networkd, and various build issues. From 3fe8cebea368a0b4566a4fe73d4fa1dffe28de95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 18 Jan 2022 12:56:37 +0100 Subject: [PATCH 038/494] Version 250.3 --- sources | 2 +- systemd.spec | 11 ++++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 384f6b0..a1317df 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-250.2.tar.gz) = 2f734c1d1ea98ee3f1beb00689a0d56603cd981aa938bee1655445ddd4af3b2bb6472249fa158741edcb2259ee302b625e124c38b7d2ec00c53760d6b362d5bb +SHA512 (systemd-250.3.tar.gz) = 81847fb088ff271138b1ea318995a2ca2ee5d4c5d839c9dd81f0210d366198049199d59c49b25ef8783df2c6b8dd9fcdf2d916777788b1a6d42deec9da8e9da5 diff --git a/systemd.spec b/systemd.spec index 9d57c74..509fd15 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 250.2 +Version: 250.3 Release: 1%{?dist} %else # determine the build information from local checkout @@ -1026,6 +1026,15 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Tue Jan 18 2022 Zbigniew Jędrzejewski-Szmek - 250.3-1 +- Third stable release after v250: fixes for sd-boot on fringe hardware (e.g. VirtualBox), + various man page updates, sd-journal file verification is now stricter, + systemd-networkd by default will not add routes for wireguard AllowedIPs= + systemd nss modules shouldn't try to read kernel command line +- Don't do sd-boot updates when not installed (#2038289) +- xdg-autostart-service will ignore ExecCondition= when the helper binary is missing +- kernel-install does cleanup better (#2016630) + * Fri Jan 7 2022 Zbigniew Jędrzejewski-Szmek - 250.2-1 - Second stable release after v250: various bugfixes (systemd-resolved, systemd-journald, userdbctl, homed). From f97cf5817a583795592f54d9260ce5aee760fd4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 18 Jan 2022 16:22:31 +0100 Subject: [PATCH 039/494] Take ownership of /var/log/lastlog https://pagure.io/setup/pull-request/30 and https://src.fedoraproject.org/rpms/util-linux/pull-request/10 are the opposite steps for setup and util-linux. --- systemd.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 509fd15..4cbc615 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 250.3 -Release: 1%{?dist} +Release: 2%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -599,6 +599,7 @@ mkdir -p %{buildroot}%{system_unit_dir}/dbus.target.wants mkdir -p %{buildroot}%{system_unit_dir}/syslog.target.wants mkdir -p %{buildroot}/run mkdir -p %{buildroot}%{_localstatedir}/log +install -d %{buildroot}%{_localstatedir}/log -m 0664 -g utmp touch %{buildroot}/run/utmp touch %{buildroot}%{_localstatedir}/log/{w,b}tmp @@ -694,6 +695,7 @@ python3 %{SOURCE2} %buildroot < - 250.3-2 +- Take ghost ownership of /var/log/lastlog (#1798685) + * Tue Jan 18 2022 Zbigniew Jędrzejewski-Szmek - 250.3-1 - Third stable release after v250: fixes for sd-boot on fringe hardware (e.g. VirtualBox), various man page updates, sd-journal file verification is now stricter, From 238e8e0e642296e5ef01564ea8f0d6a5f929eaf1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 19 Jan 2022 08:31:33 +0100 Subject: [PATCH 040/494] Fix creation of /var/log/lastlog MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I have no idea how I managed to screw that up yesterday… --- systemd.spec | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 4cbc615..14949fd 100644 --- a/systemd.spec +++ b/systemd.spec @@ -599,7 +599,8 @@ mkdir -p %{buildroot}%{system_unit_dir}/dbus.target.wants mkdir -p %{buildroot}%{system_unit_dir}/syslog.target.wants mkdir -p %{buildroot}/run mkdir -p %{buildroot}%{_localstatedir}/log -install -d %{buildroot}%{_localstatedir}/log -m 0664 -g utmp +touch %{buildroot}%{_localstatedir}/log/lastlog +chmod 0664 %{buildroot}%{_localstatedir}/log/lastlog touch %{buildroot}/run/utmp touch %{buildroot}%{_localstatedir}/log/{w,b}tmp @@ -695,7 +696,7 @@ python3 %{SOURCE2} %buildroot < Date: Sat, 22 Jan 2022 02:12:42 +0000 Subject: [PATCH 041/494] - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- systemd.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 14949fd..2054df1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,11 +31,11 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 250.3 -Release: 2%{?dist} +Release: 3%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') -Release: 1 +Release: 2 %endif # For a breakdown of the licensing, see README @@ -1029,6 +1029,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Sat Jan 22 2022 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + * Tue Jan 18 2022 Zbigniew Jędrzejewski-Szmek - 250.3-2 - Take ghost ownership of /var/log/lastlog (#1798685) From 3ce3375cc646100aa365bfec5bd8253fd4f41fab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 10 Feb 2022 17:37:56 +0100 Subject: [PATCH 042/494] Remove duplicated pam systemd-user file --- systemd.spec | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index 2054df1..8b62f50 100644 --- a/systemd.spec +++ b/systemd.spec @@ -83,7 +83,7 @@ Source24: sysusers.generate-pre.sh %if 0 GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip -GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch +GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py >hwdb.patch %endif # Backports of patches from upstream (0000–0499) @@ -451,6 +451,11 @@ package and is meant for use in non-systemd systems. %prep %autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1 +test -f src/login/systemd-user.in +# Restore systemd-user pam config from before "removal of Fedora-specific bits". +# We'll systemd process it and install in the right place. +cp %{SOURCE12} src/login/systemd-user.in + %build %define ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} @@ -646,9 +651,6 @@ install -Dm0644 %{SOURCE4} %{buildroot}/etc/dnf/protected.d/systemd.conf install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE7} %{SOURCE8} -# Restore systemd-user pam config from before "removal of Fedora-specific bits" -install -Dm0644 -t %{buildroot}/etc/pam.d/ %{SOURCE12} - # Install additional docs # https://bugzilla.redhat.com/show_bug.cgi?id=1234951 install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE9} From f42ae67ed31b2903193b04079719862b7a1ab0f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 10 Feb 2022 17:42:47 +0100 Subject: [PATCH 043/494] Add pam_namespace to systemd-user pam config --- systemd-user | 1 + systemd.spec | 3 +++ 2 files changed, 4 insertions(+) diff --git a/systemd-user b/systemd-user index 2725df9..c4c427f 100644 --- a/systemd-user +++ b/systemd-user @@ -7,4 +7,5 @@ account include system-auth session required pam_selinux.so close session required pam_selinux.so nottys open session required pam_loginuid.so +session required pam_namespace.so session include system-auth diff --git a/systemd.spec b/systemd.spec index 8b62f50..2a9cb00 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1031,6 +1031,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Thu Feb 10 2022 Zbigniew Jędrzejewski-Szmek - 250.3-3 +- Add pam_namespace to systemd-user pam config (rhbz#2053098) + * Sat Jan 22 2022 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild From b54029abba94f7dab08dc9a03f6fff2977c0acb7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 10 Feb 2022 18:02:31 +0100 Subject: [PATCH 044/494] Drop 20-grubby.install plugin for kernel-install --- 20-grubby.install | 51 ----------------------------------------------- systemd.spec | 4 +--- 2 files changed, 1 insertion(+), 54 deletions(-) delete mode 100755 20-grubby.install diff --git a/20-grubby.install b/20-grubby.install deleted file mode 100755 index e059125..0000000 --- a/20-grubby.install +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - -if [[ ! -x /sbin/new-kernel-pkg ]]; then - exit 0 -fi - -COMMAND="$1" -KERNEL_VERSION="$2" -BOOT_DIR_ABS="$3" -KERNEL_IMAGE="$4" - -KERNEL_DIR="${KERNEL_IMAGE%/*}" -[[ "$KERNEL_VERSION" == *\+* ]] && flavor=-"${KERNEL_VERSION##*+}" -case "$COMMAND" in - add) - if [[ "${KERNEL_DIR}" != "/boot" ]]; then - for i in \ - "$KERNEL_IMAGE" \ - "$KERNEL_DIR"/System.map \ - "$KERNEL_DIR"/config \ - "$KERNEL_DIR"/zImage.stub \ - "$KERNEL_DIR"/dtb \ - ; do - [[ -e "$i" ]] || continue - cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}" - command -v restorecon &>/dev/null && \ - restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}" - done - # hmac is .vmlinuz-.hmac so needs a special treatment - i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac" - if [[ -e "$i" ]]; then - cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" - command -v restorecon &>/dev/null && \ - restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" - fi - fi - /sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $? - /sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $? - /sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $? - ;; - remove) - /sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $? - ;; - *) - ;; -esac - -# skip other installation plugins, if we can't find a boot loader spec conforming setup -if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then - exit 77 -fi diff --git a/systemd.spec b/systemd.spec index 2a9cb00..fbdb27f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -67,7 +67,6 @@ Source7: systemd-journal-remote.xml Source8: systemd-journal-gatewayd.xml Source9: 20-yama-ptrace.conf Source10: systemd-udev-trigger-no-reload.conf -Source11: 20-grubby.install Source12: systemd-user Source13: libsystemd-shared.abignore @@ -665,8 +664,6 @@ cat >%{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/disable-privated PrivateDevices=no EOF -install -Dm0755 -t %{buildroot}%{_prefix}/lib/kernel/install.d/ %{SOURCE11} - install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/ %{SOURCE13} install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3} @@ -1033,6 +1030,7 @@ fi %changelog * Thu Feb 10 2022 Zbigniew Jędrzejewski-Szmek - 250.3-3 - Add pam_namespace to systemd-user pam config (rhbz#2053098) +- Drop 20-grubby.install plugin for kernel-install (rhbz#2033646) * Sat Jan 22 2022 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild From 2731a22179be6db678bde386ae3f931562e17204 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 10 Feb 2022 18:14:26 +0100 Subject: [PATCH 045/494] Bias the resolver towards libcurl-minimal --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index fbdb27f..36440f2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -355,6 +355,8 @@ Requires(preun): systemd Requires(postun): systemd # obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) Obsoletes: %{name} < 229-5 +# Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) +Suggests: libcurl-minimal License: LGPLv2+ %description container @@ -376,6 +378,8 @@ Requires: firewalld-filesystem Provides: %{name}-journal-gateway = %{version}-%{release} Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} Obsoletes: %{name}-journal-gateway < 227-7 +# Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) +Suggests: libcurl-minimal %description journal-remote Programs to forward journal entries over the network, using encrypted HTTP, and From cac0b2a5a753de41dfc4a385def7bf9880c2c800 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 16 Feb 2022 17:48:06 +0100 Subject: [PATCH 046/494] Drop scriptlet for handling nobody user upgrades from Fedora <28 For https://fedoraproject.org/wiki/Changes/RenameNobodyUser a scriptlet was introduced with prevents nss-systemd from synthesizing entries for nobody. Let's remove the scriptlet: very few people upgrade from such old systems, and even if they do, having a duplicate entry for nobody is annoying but hardly a big problem. (The other side of this, support in nss-systemd remains in place.) This allows deps on the tools used in the scriptlet to be dropped from -libs. While at it, also drop noop ldconfig scriptlets. --- systemd.spec | 28 +++------------------------- 1 file changed, 3 insertions(+), 25 deletions(-) diff --git a/systemd.spec b/systemd.spec index 36440f2..f126eec 100644 --- a/systemd.spec +++ b/systemd.spec @@ -254,10 +254,6 @@ Obsoletes: systemd-compat-libs < 230 Obsoletes: nss-myhostname < 0.4 Provides: nss-myhostname = 0.4 Provides: nss-myhostname%{_isa} = 0.4 -Requires(post): coreutils -Requires(post): sed -Requires(post): grep -Requires(post): /usr/bin/getent %description libs Libraries for systemd and udev. @@ -827,27 +823,6 @@ fi # a different package version. systemctl --no-reload preset systemd-oomd.service &>/dev/null || : -%post libs -%{?ldconfig} - -# check if nobody or nfsnobody is defined -export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 -if getent passwd nfsnobody &>/dev/null; then - test -f /etc/systemd/dont-synthesize-nobody || { - echo 'Detected system with nfsnobody defined, creating /etc/systemd/dont-synthesize-nobody' - mkdir -p /etc/systemd || : - : >/etc/systemd/dont-synthesize-nobody || : - } -elif getent passwd nobody 2>/dev/null | grep -v 'nobody:[x*]:65534:65534:.*:/:/sbin/nologin' &>/dev/null; then - test -f /etc/systemd/dont-synthesize-nobody || { - echo 'Detected system with incompatible nobody defined, creating /etc/systemd/dont-synthesize-nobody' - mkdir -p /etc/systemd || : - : >/etc/systemd/dont-synthesize-nobody || : - } -fi - -%{?ldconfig:%postun libs -p %ldconfig} - %global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service %{?have_gnu_efi:systemd-boot-update.service} %post udev @@ -1032,6 +1007,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Wed Feb 16 2022 Zbigniew Jędrzejewski-Szmek - 250.3-3 +- Drop scriptlet for handling nobody user upgrades from Fedora <28 + * Thu Feb 10 2022 Zbigniew Jędrzejewski-Szmek - 250.3-3 - Add pam_namespace to systemd-user pam config (rhbz#2053098) - Drop 20-grubby.install plugin for kernel-install (rhbz#2033646) From 1ba983e0be490dbff1085e8f0c6fe2af1d4290e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 16 Feb 2022 18:10:16 +0100 Subject: [PATCH 047/494] Specify owner of /var/log/journal as root in the rpm listing $ rpm -qlv systemd |grep -v 'root root' -rw-rw-r-- 1 root utmp 0 Jan 22 03:38 /run/utmp -rw-rw---- 1 root utmp 0 Jan 22 03:38 /var/log/btmp -rw-rw-r-- 1 root utmp 0 Jan 22 03:38 /var/log/lastlog -rw-rw-r-- 1 root utmp 0 Jan 22 03:38 /var/log/wtmp drwxr-sr-x 2 root systemd- 0 Jan 22 03:38 /var/log/journal During installation rpm would log an error that systemd-journal group is unknown. We create all our users by calling sysusers in the %post scriptlet, but that is too late. To avoid the warning we could either add a %pre scriptlet, but that'd require adding a dependency on shadow-utils for groupadd, since we can't use our own tools before we are installed. Let's instead create the directory owned by root.root, and change the group afterwards. The group ownership is for file ownership, and in the worst case (we don't assign the group or set mode +s), unprivileged users will not be able to read the logs. We also use 'utmp' group, but that is provided by setup.rpm and is not an issue. https://bugzilla.redhat.com/show_bug.cgi?id=2018913#c24 --- systemd.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index f126eec..61cc101 100644 --- a/systemd.spec +++ b/systemd.spec @@ -715,7 +715,7 @@ python3 %{SOURCE2} %buildroot < - 250.3-3 - Drop scriptlet for handling nobody user upgrades from Fedora <28 +- Specify owner of /var/log/journal as root in the rpm listing (#2018913) * Thu Feb 10 2022 Zbigniew Jędrzejewski-Szmek - 250.3-3 - Add pam_namespace to systemd-user pam config (rhbz#2053098) From e48b9066b787d4f1a8fb7816f8abd9bf79beca49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 16 Feb 2022 18:29:25 +0100 Subject: [PATCH 048/494] Drop unused dependencies for scriptlets --- systemd.spec | 3 --- 1 file changed, 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index 61cc101..a7c2588 100644 --- a/systemd.spec +++ b/systemd.spec @@ -172,12 +172,9 @@ BuildRequires: perl BuildRequires: perl(IPC::SysV) Requires(post): coreutils -Requires(post): sed -Requires(post): acl Requires(post): grep # systemd-machine-id-setup requires libssl Requires(post): openssl-libs -Requires(pre): coreutils Requires: dbus >= 1.9.18 Requires: %{name}-pam = %{version}-%{release} Requires: (%{name}-rpm-macros = %{version}-%{release} if rpm-build) From 4c2d7265ec2e92e4024bee0a961b33a8f52c2bab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 16 Feb 2022 22:07:07 +0100 Subject: [PATCH 049/494] Add patch for new kernel headers It's already included in systemd-stable, but v250.4 hasn't been tagged yet. --- ...3713455be38c0a587626439fd171f28c77fc.patch | 65 +++++++++++++++++++ systemd.spec | 2 +- 2 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 bbe53713455be38c0a587626439fd171f28c77fc.patch diff --git a/bbe53713455be38c0a587626439fd171f28c77fc.patch b/bbe53713455be38c0a587626439fd171f28c77fc.patch new file mode 100644 index 0000000..9f5bd29 --- /dev/null +++ b/bbe53713455be38c0a587626439fd171f28c77fc.patch @@ -0,0 +1,65 @@ +From bbe53713455be38c0a587626439fd171f28c77fc Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Sun, 30 Jan 2022 23:40:05 +0100 +Subject: [PATCH] basic: update CIFS magic + +Kernel commit dea2903719283c156b53741126228c4a1b40440f exposed (and +renamed) CIFS_MAGIC_NUMBER as CIFS_SUPER_MAGIC along with +SMB2_SUPER_MAGIC. + +This fixes the following build fail on current Fedora Rawhide: +``` +../src/basic/meson.build:389:8: ERROR: Problem encountered: found unknown filesystem(s) defined in kernel headers: + +Filesystem found in kernel header but not in filesystems-gperf.gperf: CIFS_SUPER_MAGIC +Filesystem found in kernel header but not in filesystems-gperf.gperf: SMB2_SUPER_MAGIC +``` +--- + src/basic/filesystems-gperf.gperf | 4 ++-- + src/basic/missing_magic.h | 11 ++++++++--- + 2 files changed, 10 insertions(+), 5 deletions(-) + +diff --git a/src/basic/filesystems-gperf.gperf b/src/basic/filesystems-gperf.gperf +index 08c8c445105a..e8c5357f9146 100644 +--- a/src/basic/filesystems-gperf.gperf ++++ b/src/basic/filesystems-gperf.gperf +@@ -40,7 +40,7 @@ ceph, {CEPH_SUPER_MAGIC} + cgroup2, {CGROUP2_SUPER_MAGIC} + # note that the cgroupfs magic got reassigned from cpuset + cgroup, {CGROUP_SUPER_MAGIC} +-cifs, {CIFS_MAGIC_NUMBER} ++cifs, {CIFS_SUPER_MAGIC, SMB2_SUPER_MAGIC} + coda, {CODA_SUPER_MAGIC} + configfs, {CONFIGFS_MAGIC} + cramfs, {CRAMFS_MAGIC} +@@ -109,7 +109,7 @@ selinuxfs, {SELINUX_MAGIC} + shiftfs, {SHIFTFS_MAGIC} + smackfs, {SMACK_MAGIC} + # smb3 is an alias for cifs +-smb3, {CIFS_MAGIC_NUMBER} ++smb3, {CIFS_SUPER_MAGIC} + # smbfs was removed from the kernel in 2010, the magic remains + smbfs, {SMB_SUPER_MAGIC} + sockfs, {SOCKFS_MAGIC} +diff --git a/src/basic/missing_magic.h b/src/basic/missing_magic.h +index 7d9320bb6dc9..c104fcfba315 100644 +--- a/src/basic/missing_magic.h ++++ b/src/basic/missing_magic.h +@@ -38,9 +38,14 @@ + #define XFS_SB_MAGIC 0x58465342 + #endif + +-/* Not exposed yet. Defined at fs/cifs/cifsglob.h */ +-#ifndef CIFS_MAGIC_NUMBER +-#define CIFS_MAGIC_NUMBER 0xFF534D42 ++/* dea2903719283c156b53741126228c4a1b40440f (5.17) */ ++#ifndef CIFS_SUPER_MAGIC ++#define CIFS_SUPER_MAGIC 0xFF534D42 ++#endif ++ ++/* dea2903719283c156b53741126228c4a1b40440f (5.17) */ ++#ifndef SMB2_SUPER_MAGIC ++#define SMB2_SUPER_MAGIC 0xFE534D42 + #endif + + /* 257f871993474e2bde6c497b54022c362cf398e1 (4.5) */ diff --git a/systemd.spec b/systemd.spec index a7c2588..1f06def 100644 --- a/systemd.spec +++ b/systemd.spec @@ -90,7 +90,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Any patches which are "in preparation" upstream should be listed # here, rather than in the next section. Packit CI will drop any # patches in this range before applying upstream pull requests. - +Patch: https://github.com/systemd/systemd/commit/bbe53713455be38c0a587626439fd171f28c77fc.patch # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From 996c95efafa4eae7d86a1d116092782fd2dfda1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 16 Feb 2022 22:42:27 +0100 Subject: [PATCH 050/494] Bump release --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 1f06def..4d7be0f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 250.3 -Release: 3%{?dist} +Release: 4%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -1004,7 +1004,7 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog -* Wed Feb 16 2022 Zbigniew Jędrzejewski-Szmek - 250.3-3 +* Wed Feb 16 2022 Zbigniew Jędrzejewski-Szmek - 250.3-4 - Drop scriptlet for handling nobody user upgrades from Fedora <28 - Specify owner of /var/log/journal as root in the rpm listing (#2018913) From 4cc75bbba53dd56a13f94bc57cad76455c74b26c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 23 Feb 2022 23:27:29 +0100 Subject: [PATCH 051/494] Move part of %post scriptlet for resolved to %posttrans (rhbz#2018913) --- systemd.spec | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index 4d7be0f..bc49b63 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 250.3 -Release: 4%{?dist} +Release: 5%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -395,12 +395,11 @@ devices. %package resolved Summary: Network Name Resolution manager -Requires(post): %{name} -Requires(post): grep Requires: %{name}%{?_isa} = %{version}-%{release} Obsoletes: %{name} < 249~~ Requires: libidn2.so.0%{?elf_suffix} Requires: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} +Requires(posttrans): grep %description resolved systemd-resolved is a system service that provides network name resolution to @@ -922,6 +921,7 @@ fi %systemd_post systemd-resolved.service +%posttrans resolved # Create /etc/resolv.conf symlink. # We would also create it using tmpfiles, but let's do this here # too before NetworkManager gets a chance. (systemd-tmpfiles invocation above @@ -1004,6 +1004,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Wed Feb 23 2022 Zbigniew Jędrzejewski-Szmek - 250.3-5 +- Move part of %%post scriptlet for resolved to %%posttrans (#2018913) + * Wed Feb 16 2022 Zbigniew Jędrzejewski-Szmek - 250.3-4 - Drop scriptlet for handling nobody user upgrades from Fedora <28 - Specify owner of /var/log/journal as root in the rpm listing (#2018913) From 8c4c6daba95e11f0482b3dac401b71eee21bc7e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 23 Feb 2022 23:53:12 +0100 Subject: [PATCH 052/494] Specify owner of utmp/wtmp/btmp/lastlog as root in the rpm listing The analysis in 1ba983e0be490dbff1085e8f0c6fe2af1d4290e2 was wrong. Both systemd-journal and utmp need to be created. For some reason rpm reports only the first group which is not available. It was complaining about systemd-journal, and when that was "fixed", it started complaining about utmp. Let's apply the same logic here. Non-root users of files owned by utmp group should only matter after a reboot, and tmpfiles will adjust the ownership. Running transaction Running scriptlet: filesystem-3.16-2.fc36.x86_64 1/1 Preparing : 1/1 Installing : libgcc-12.0.1-0.8.fc37.x86_64 1/76 Running scriptlet: libgcc-12.0.1-0.8.fc37.x86_64 1/76 Installing : fedora-release-identity-basic-37-0.2.noarch 2/76 Installing : tzdata-2021e-4.fc36.noarch 3/76 Installing : pcre2-syntax-10.39-1.fc36.1.noarch 4/76 Installing : ncurses-base-6.2-9.20210508.fc36.noarch 5/76 Installing : fedora-gpg-keys-37-0.1.noarch 6/76 Installing : fedora-release-37-0.2.noarch 7/76 Installing : fedora-release-common-37-0.2.noarch 8/76 Installing : fedora-repos-rawhide-37-0.1.noarch 9/76 Installing : fedora-repos-37-0.1.noarch 10/76 Installing : setup-2.13.9.1-3.fc36.noarch 11/76 Running scriptlet: setup-2.13.9.1-3.fc36.noarch 11/76 Installing : filesystem-3.16-2.fc36.x86_64 12/76 Installing : basesystem-11-13.fc36.noarch 13/76 Installing : glibc-minimal-langpack-2.35-2.fc37.x86_64 14/76 Installing : glibc-common-2.35-2.fc37.x86_64 15/76 Running scriptlet: glibc-2.35-2.fc37.x86_64 16/76 Installing : glibc-2.35-2.fc37.x86_64 16/76 Running scriptlet: glibc-2.35-2.fc37.x86_64 16/76 Installing : ncurses-libs-6.2-9.20210508.fc36.x86_64 17/76 Installing : bash-5.1.16-2.fc36.x86_64 18/76 Running scriptlet: bash-5.1.16-2.fc36.x86_64 18/76 Installing : libuuid-2.38-0.2.fc36.x86_64 19/76 Installing : libcap-2.48-4.fc36.x86_64 20/76 Installing : libattr-2.5.1-4.fc36.x86_64 21/76 Installing : libacl-2.3.1-3.fc36.x86_64 22/76 Installing : libzstd-1.5.2-1.fc36.x86_64 23/76 Installing : xz-libs-5.2.5-8.fc36.x86_64 24/76 Installing : zlib-1.2.11-31.fc36.x86_64 25/76 Installing : bzip2-libs-1.0.8-11.fc36.x86_64 26/76 Installing : libcap-ng-0.8.2-9.fc36.x86_64 27/76 Installing : audit-libs-3.0.7-1.fc36.x86_64 28/76 Installing : libsepol-3.3-3.fc36.x86_64 29/76 Installing : libxcrypt-4.4.28-1.fc37.x86_64 30/76 Installing : lz4-libs-1.9.3-4.fc36.x86_64 31/76 Installing : pcre2-10.39-1.fc36.1.x86_64 32/76 Installing : libselinux-3.3-4.fc36.x86_64 33/76 Installing : libsemanage-3.3-3.fc37.x86_64 34/76 Installing : shadow-utils-2:4.11.1-2.fc37.x86_64 35/76 Installing : sed-4.8-10.fc36.x86_64 36/76 Installing : dbus-common-1:1.13.20-3.fc36.noarch 37/76 Running scriptlet: dbus-common-1:1.13.20-3.fc36.noarch 37/76 Installing : alternatives-1.19-2.fc36.x86_64 38/76 Installing : expat-2.4.6-1.fc37.x86_64 39/76 Installing : gmp-1:6.2.1-2.fc36.x86_64 40/76 Installing : json-c-0.15-3.fc36.x86_64 41/76 Installing : libargon2-20171227-8.fc36.x86_64 42/76 Installing : libeconf-0.4.0-3.fc36.x86_64 43/76 Installing : pam-libs-1.5.2-11.fc37.x86_64 44/76 Installing : libffi-3.4.2-8.fc36.x86_64 45/76 Installing : p11-kit-0.24.1-2.fc36.x86_64 46/76 Installing : libgpg-error-1.44-1.fc36.x86_64 47/76 Installing : libgcrypt-1.10.0-1.fc36.x86_64 48/76 Installing : systemd-libs-250.3-4.fc37.x86_64 49/76 Running scriptlet: dbus-broker-29-5.fc36.x86_64 50/76 useradd warning: dbus's uid 81 outside of the SYS_UID_MIN 201 and SYS_UID_MAX 999 range. Installing : dbus-broker-29-5.fc36.x86_64 50/76 Running scriptlet: dbus-broker-29-5.fc36.x86_64 50/76 Installing : dbus-1:1.13.20-3.fc36.x86_64 51/76 Installing : libseccomp-2.5.3-2.fc36.x86_64 52/76 Installing : libsmartcols-2.38-0.2.fc36.x86_64 53/76 Installing : libtasn1-4.18.0-2.fc36.x86_64 54/76 Installing : p11-kit-trust-0.24.1-2.fc36.x86_64 55/76 Running scriptlet: p11-kit-trust-0.24.1-2.fc36.x86_64 55/76 Installing : libunistring-1.0-1.fc36.x86_64 56/76 Installing : libidn2-2.3.2-4.fc36.x86_64 57/76 Installing : pcre-8.45-1.fc36.1.x86_64 58/76 Installing : grep-3.7-2.fc36.x86_64 59/76 Installing : crypto-policies-20220203-2.git112f859.fc36.noarch 60/76 Running scriptlet: crypto-policies-20220203-2.git112f859.fc36.noarch 60/76 Installing : coreutils-common-9.0-3.fc36.x86_64 61/76 Installing : openssl-libs-1:3.0.0-1.fc36.x86_64 62/76 Installing : coreutils-9.0-3.fc36.x86_64 63/76 Running scriptlet: ca-certificates-2021.2.52-3.fc36.noarch 64/76 Installing : ca-certificates-2021.2.52-3.fc36.noarch 64/76 Running scriptlet: ca-certificates-2021.2.52-3.fc36.noarch 64/76 Installing : libblkid-2.38-0.2.fc36.x86_64 65/76 Running scriptlet: libblkid-2.38-0.2.fc36.x86_64 65/76 Installing : libmount-2.38-0.2.fc36.x86_64 66/76 Installing : util-linux-core-2.38-0.2.fc36.x86_64 67/76 Running scriptlet: util-linux-core-2.38-0.2.fc36.x86_64 67/76 Installing : libfdisk-2.38-0.2.fc36.x86_64 68/76 Installing : kmod-libs-29-7.fc36.x86_64 69/76 Installing : cryptsetup-libs-2.4.3-2.fc36.x86_64 70/76 Installing : device-mapper-libs-1.02.175-7.fc36.x86_64 71/76 Installing : device-mapper-1.02.175-7.fc36.x86_64 72/76 Installing : systemd-pam-250.3-4.fc37.x86_64 73/76 Installing : systemd-resolved-250.3-4.fc37.x86_64 74/76 Running scriptlet: systemd-resolved-250.3-4.fc37.x86_64 74/76 Installing : systemd-networkd-250.3-4.fc37.x86_64 75/76 Running scriptlet: systemd-networkd-250.3-4.fc37.x86_64 75/76 Installing : systemd-250.3-4.fc37.x86_64 76/76 warning: group utmp does not exist - using root warning: group utmp does not exist - using root warning: group utmp does not exist - using root warning: group utmp does not exist - using root Running scriptlet: systemd-250.3-4.fc37.x86_64 76/76 Creating group 'utmp' with GID 22. Creating group 'input' with GID 104. Creating group 'kvm' with GID 36. Creating group 'render' with GID 105. Creating group 'sgx' with GID 106. Creating group 'systemd-journal' with GID 190. Creating group 'systemd-network' with GID 192. Creating user 'systemd-network' (systemd Network Management) with UID 192 and GID 192. Creating group 'systemd-oom' with GID 999. Creating user 'systemd-oom' (systemd Userspace OOM Killer) with UID 999 and GID 999. Creating group 'systemd-resolve' with GID 193. Creating user 'systemd-resolve' (systemd Resolver) with UID 193 and GID 193. Running scriptlet: filesystem-3.16-2.fc36.x86_64 76/76 Running scriptlet: ca-certificates-2021.2.52-3.fc36.noarch 76/76 Running scriptlet: systemd-resolved-250.3-4.fc37.x86_64 76/76 '/etc/resolv.conf' -> '../run/systemd/resolve/stub-resolv.conf' Running scriptlet: systemd-250.3-4.fc37.x86_64 76/76 --- systemd.spec | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index bc49b63..937463d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -688,10 +688,10 @@ python3 %{SOURCE2} %buildroot < - 250.3-5 - Move part of %%post scriptlet for resolved to %%posttrans (#2018913) +- Specify owner of utmp/wtmp/btmp/lastlog as root in the rpm listing * Wed Feb 16 2022 Zbigniew Jędrzejewski-Szmek - 250.3-4 - Drop scriptlet for handling nobody user upgrades from Fedora <28 From c971c5b980dff46fb9d7885f9e26b179a5a4749b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 24 Feb 2022 08:01:43 +0100 Subject: [PATCH 053/494] Drop some unnecessary requirements --- systemd.spec | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/systemd.spec b/systemd.spec index 937463d..608d410 100644 --- a/systemd.spec +++ b/systemd.spec @@ -177,7 +177,7 @@ Requires(post): grep Requires(post): openssl-libs Requires: dbus >= 1.9.18 Requires: %{name}-pam = %{version}-%{release} -Requires: (%{name}-rpm-macros = %{version}-%{release} if rpm-build) +Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) Requires: %{name}-libs = %{version}-%{release} %{?fedora:Recommends: %{name}-networkd = %{version}-%{release}} %{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} @@ -363,10 +363,6 @@ systemd-importd. Summary: Tools to send journal events over the network Requires: %{name}%{?_isa} = %{version}-%{release} License: LGPLv2+ -Requires(pre): /usr/bin/getent -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd Requires: firewalld-filesystem Provides: %{name}-journal-gateway = %{version}-%{release} Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} @@ -452,7 +448,7 @@ test -f src/login/systemd-user.in cp %{SOURCE12} src/login/systemd-user.in %build -%define ntpvendor %(source /etc/os-release; echo ${ID}) +%global ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} CONFIGURE_OPTS=( From a4d136e22a3847dad0977007f7e8caf851551685 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 24 Feb 2022 08:56:56 +0100 Subject: [PATCH 054/494] Add workaround for audit breakage --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index 608d410..fc5c36c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -447,6 +447,10 @@ test -f src/login/systemd-user.in # We'll systemd process it and install in the right place. cp %{SOURCE12} src/login/systemd-user.in +# Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2057735 +cp /usr/include/linux/audit.h src/systemd/ +sed -r -i "s|generate_audit_type_list, cpp|& + ' -I/usr/include/linux'|" src/libsystemd/meson.build + %build %global ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} From 5e7fc47a0882116e0d345d9f93f3c5d1d5ab576f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 24 Feb 2022 20:25:55 +0100 Subject: [PATCH 055/494] Avoid trying to create the symlink if there's a dangling symlink already 'test -e' says 'no' for dangling symlinks. Let's also ignore the error if this fails. We shouldn't fail the transaction. --- systemd.spec | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index fc5c36c..5d4e6c7 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 250.3 -Release: 5%{?dist} +Release: 6%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -941,11 +941,11 @@ if systemctl -q is-enabled systemd-resolved.service &>/dev/null && ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null | grep -iqE '^DNSStubListener\s*=\s*(no?|false|0|off)\s*$'; then - if ! test -e /etc/resolv.conf; then - ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf + if ! test -e /etc/resolv.conf && ! test -L /etc/resolv.conf; then + ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || : elif test -d /run/systemd/system/ && ! mountpoint /etc/resolv.conf &>/dev/null; then - ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf + ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || : fi fi @@ -1004,6 +1004,10 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Thu Feb 24 2022 Zbigniew Jędrzejewski-Szmek - 250.3-6 +- Avoid trying to create the symlink if there's a dangling symlink already in + place (#2058388) + * Wed Feb 23 2022 Zbigniew Jędrzejewski-Szmek - 250.3-5 - Move part of %%post scriptlet for resolved to %%posttrans (#2018913) - Specify owner of utmp/wtmp/btmp/lastlog as root in the rpm listing From d906ff02385b06b9a39cd2982bd6f1e37f7f761b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 4 Mar 2022 17:33:36 +0100 Subject: [PATCH 056/494] Rebase the bfq patch --- use-bfq-scheduler.patch | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/use-bfq-scheduler.patch b/use-bfq-scheduler.patch index d0e6762..f8b2aaa 100644 --- a/use-bfq-scheduler.patch +++ b/use-bfq-scheduler.patch @@ -1,4 +1,4 @@ -From 223ea50950f97ed4e67311dfcffed7ffc27a7cd3 Mon Sep 17 00:00:00 2001 +From e0af3560ca9b1515e0680919733a09914d3325ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 14 Aug 2019 15:57:42 +0200 Subject: [PATCH] udev: use bfq as the default scheduler @@ -20,22 +20,21 @@ new file mode 100644 index 0000000000..480b941761 --- /dev/null +++ b/rules.d/60-block-scheduler.rules -@@ -0,0 +1,6 @@ +@@ -0,0 +1,5 @@ +# do not edit this file, it will be overwritten on update + +ACTION=="add", SUBSYSTEM=="block", \ + KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \ -+ ENV{DEVTYPE}=="disk", \ + ATTR{queue/scheduler}="bfq" diff --git a/rules.d/meson.build b/rules.d/meson.build -index ca4445d774..38d6aa6970 100644 +index e6533e001a..bfa26904d0 100644 --- a/rules.d/meson.build +++ b/rules.d/meson.build -@@ -3,6 +3,7 @@ - rules = files(''' - 60-autosuspend.rules - 60-block.rules -+ 60-block-scheduler.rules - 60-cdrom_id.rules - 60-drm.rules - 60-evdev.rules +@@ -7,6 +7,7 @@ install_data( + rules = files( + '60-autosuspend.rules', + '60-block.rules', ++ '60-block-scheduler.rules', + '60-cdrom_id.rules', + '60-drm.rules', + '60-evdev.rules', From 28acb3f912a341a7480923805e16291064e609c6 Mon Sep 17 00:00:00 2001 From: Michael Catanzaro Date: Mon, 14 Mar 2022 09:48:35 -0500 Subject: [PATCH 057/494] Disable default DNS over TLS (#1889901) --- systemd.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 5d4e6c7..7d149be 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 250.3 -Release: 6%{?dist} +Release: 7%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -521,7 +521,7 @@ CONFIGURE_OPTS=( -Dversion-tag=v%{version}-%{release} -Dfallback-hostname=%[0%{?fedora}?"fedora":"localhost"] -Ddefault-dnssec=no - -Ddefault-dns-over-tls=opportunistic + -Ddefault-dns-over-tls=no # https://bugzilla.redhat.com/show_bug.cgi?id=1867830 -Ddefault-mdns=no -Ddefault-llmnr=resolve @@ -1004,6 +1004,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Mon Mar 14 2022 Michael Catanzaro - 250.3-7 +- Disable default DNS over TLS (#1889901) + * Thu Feb 24 2022 Zbigniew Jędrzejewski-Szmek - 250.3-6 - Avoid trying to create the symlink if there's a dangling symlink already in place (#2058388) From 4a979feb1672d8102cae8319e66e4962f85e530b Mon Sep 17 00:00:00 2001 From: David Tardon Date: Tue, 30 Nov 2021 21:00:44 +0100 Subject: [PATCH 058/494] Move systemd-cryptenroll to systemd-udev --- split-files.py | 1 + 1 file changed, 1 insertion(+) diff --git a/split-files.py b/split-files.py index 9614c07..d202c59 100644 --- a/split-files.py +++ b/split-files.py @@ -101,6 +101,7 @@ for file in files(buildroot): modules-load| timesync| crypttab| + cryptenroll| cryptsetup| libcryptsetup-token-systemd| kmod| From 0078f9a1029bbfd9dc12e79032072a7ff46182a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 17 Mar 2022 21:37:30 +0100 Subject: [PATCH 059/494] Really move libcryptsetup plugins to -udev --- split-files.py | 14 ++++++++++---- systemd.spec | 5 ++++- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/split-files.py b/split-files.py index d202c59..a660db8 100644 --- a/split-files.py +++ b/split-files.py @@ -28,7 +28,7 @@ o_resolve = open('.file-list-resolve', 'w') o_tests = open('.file-list-tests', 'w') o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w') o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w') -o_rest = open('.file-list-rest', 'w') +o_main = open('.file-list-main', 'w') for file in files(buildroot): n = file.path[1:] if re.match(r'''/usr/(share|include)$| @@ -58,7 +58,11 @@ for file in files(buildroot): o = o_rpm_macros elif '/usr/lib/systemd/tests' in n: o = o_tests - elif re.search(r'/lib.*\.pc|/man3/|/usr/include|(? - 250.3-7 +- Move libcryptsetup plugins to -udev (#2031873) + * Mon Mar 14 2022 Michael Catanzaro - 250.3-7 - Disable default DNS over TLS (#1889901) From 5cd59634104957491da94b6d8ecf7198189a78af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 17 Mar 2022 22:02:01 +0100 Subject: [PATCH 060/494] Update to version 250.4 250.3 does not build because of the rebased bfq patch. --- ...3713455be38c0a587626439fd171f28c77fc.patch | 65 ------------------- sources | 2 +- systemd.spec | 13 ++-- 3 files changed, 7 insertions(+), 73 deletions(-) delete mode 100644 bbe53713455be38c0a587626439fd171f28c77fc.patch diff --git a/bbe53713455be38c0a587626439fd171f28c77fc.patch b/bbe53713455be38c0a587626439fd171f28c77fc.patch deleted file mode 100644 index 9f5bd29..0000000 --- a/bbe53713455be38c0a587626439fd171f28c77fc.patch +++ /dev/null @@ -1,65 +0,0 @@ -From bbe53713455be38c0a587626439fd171f28c77fc Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Sun, 30 Jan 2022 23:40:05 +0100 -Subject: [PATCH] basic: update CIFS magic - -Kernel commit dea2903719283c156b53741126228c4a1b40440f exposed (and -renamed) CIFS_MAGIC_NUMBER as CIFS_SUPER_MAGIC along with -SMB2_SUPER_MAGIC. - -This fixes the following build fail on current Fedora Rawhide: -``` -../src/basic/meson.build:389:8: ERROR: Problem encountered: found unknown filesystem(s) defined in kernel headers: - -Filesystem found in kernel header but not in filesystems-gperf.gperf: CIFS_SUPER_MAGIC -Filesystem found in kernel header but not in filesystems-gperf.gperf: SMB2_SUPER_MAGIC -``` ---- - src/basic/filesystems-gperf.gperf | 4 ++-- - src/basic/missing_magic.h | 11 ++++++++--- - 2 files changed, 10 insertions(+), 5 deletions(-) - -diff --git a/src/basic/filesystems-gperf.gperf b/src/basic/filesystems-gperf.gperf -index 08c8c445105a..e8c5357f9146 100644 ---- a/src/basic/filesystems-gperf.gperf -+++ b/src/basic/filesystems-gperf.gperf -@@ -40,7 +40,7 @@ ceph, {CEPH_SUPER_MAGIC} - cgroup2, {CGROUP2_SUPER_MAGIC} - # note that the cgroupfs magic got reassigned from cpuset - cgroup, {CGROUP_SUPER_MAGIC} --cifs, {CIFS_MAGIC_NUMBER} -+cifs, {CIFS_SUPER_MAGIC, SMB2_SUPER_MAGIC} - coda, {CODA_SUPER_MAGIC} - configfs, {CONFIGFS_MAGIC} - cramfs, {CRAMFS_MAGIC} -@@ -109,7 +109,7 @@ selinuxfs, {SELINUX_MAGIC} - shiftfs, {SHIFTFS_MAGIC} - smackfs, {SMACK_MAGIC} - # smb3 is an alias for cifs --smb3, {CIFS_MAGIC_NUMBER} -+smb3, {CIFS_SUPER_MAGIC} - # smbfs was removed from the kernel in 2010, the magic remains - smbfs, {SMB_SUPER_MAGIC} - sockfs, {SOCKFS_MAGIC} -diff --git a/src/basic/missing_magic.h b/src/basic/missing_magic.h -index 7d9320bb6dc9..c104fcfba315 100644 ---- a/src/basic/missing_magic.h -+++ b/src/basic/missing_magic.h -@@ -38,9 +38,14 @@ - #define XFS_SB_MAGIC 0x58465342 - #endif - --/* Not exposed yet. Defined at fs/cifs/cifsglob.h */ --#ifndef CIFS_MAGIC_NUMBER --#define CIFS_MAGIC_NUMBER 0xFF534D42 -+/* dea2903719283c156b53741126228c4a1b40440f (5.17) */ -+#ifndef CIFS_SUPER_MAGIC -+#define CIFS_SUPER_MAGIC 0xFF534D42 -+#endif -+ -+/* dea2903719283c156b53741126228c4a1b40440f (5.17) */ -+#ifndef SMB2_SUPER_MAGIC -+#define SMB2_SUPER_MAGIC 0xFE534D42 - #endif - - /* 257f871993474e2bde6c497b54022c362cf398e1 (4.5) */ diff --git a/sources b/sources index a1317df..59fb38c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-250.3.tar.gz) = 81847fb088ff271138b1ea318995a2ca2ee5d4c5d839c9dd81f0210d366198049199d59c49b25ef8783df2c6b8dd9fcdf2d916777788b1a6d42deec9da8e9da5 +SHA512 (systemd-250.4.tar.gz) = 307ed0920da660b6c45d909fea66864fb98db8b2f6905d629fb2012fc4bf64dd25fd61168c22bf4098200be541be9b0e815fbde98806a99c85cb33d49d8b63d0 diff --git a/systemd.spec b/systemd.spec index d6132d6..d5ca3bc 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,8 +30,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 250.3 -Release: 7%{?dist} +Version: 250.4 +Release: 1%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -90,7 +90,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Any patches which are "in preparation" upstream should be listed # here, rather than in the next section. Packit CI will drop any # patches in this range before applying upstream pull requests. -Patch: https://github.com/systemd/systemd/commit/bbe53713455be38c0a587626439fd171f28c77fc.patch + # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -1004,11 +1004,10 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog -* Thu Mar 17 2022 Zbigniew Jędrzejewski-Szmek - 250.3-7 +* Thu Mar 17 2022 Zbigniew Jędrzejewski-Szmek - 250.4-1 - Move libcryptsetup plugins to -udev (#2031873) - -* Mon Mar 14 2022 Michael Catanzaro - 250.3-7 -- Disable default DNS over TLS (#1889901) +- Move systemd-cryptenroll to -udev (David Tardon) +- Disable default DNS over TLS (#1889901) (Michael Catanzaro) * Thu Feb 24 2022 Zbigniew Jędrzejewski-Szmek - 250.3-6 - Avoid trying to create the symlink if there's a dangling symlink already in From 98684a818d8e38b89cc4e05607fa15611d60d163 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 18 Mar 2022 13:35:22 +0100 Subject: [PATCH 061/494] Fix the wrong file assignment done in previous version --- split-files.py | 4 ++-- systemd.spec | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/split-files.py b/split-files.py index a660db8..9b6e9f7 100644 --- a/split-files.py +++ b/split-files.py @@ -58,9 +58,9 @@ for file in files(buildroot): o = o_rpm_macros elif '/usr/lib/systemd/tests' in n: o = o_tests - elif re.match(r'/libsystemd-shared-*.so$', n): + elif re.search(r'/libsystemd-shared-.*\.so$', n): o = o_main - elif re.match(r'/libcryptsetup-token-systemd-.*\.so$', n): + elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n): o = o_udev elif re.search(r'/lib.*\.pc|/man3/|/usr/include|\.so$', n): o = o_devel diff --git a/systemd.spec b/systemd.spec index d5ca3bc..724d16e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 250.4 -Release: 1%{?dist} +Release: 2%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -1004,6 +1004,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Fri Mar 18 2022 Zbigniew Jędrzejewski-Szmek - 250.4-2 +- Fix the wrong file assignment done in previous version + * Thu Mar 17 2022 Zbigniew Jędrzejewski-Szmek - 250.4-1 - Move libcryptsetup plugins to -udev (#2031873) - Move systemd-cryptenroll to -udev (David Tardon) From 3c4f9413a760fa2dc26c140a08e1d11cf46ac6e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 29 Mar 2022 22:07:50 +0200 Subject: [PATCH 062/494] Version 251-rc1 --- 21705.patch | 29 ----------------------------- libsystemd-shared.abignore | 4 ++-- sources | 2 +- split-files.py | 2 +- systemd.spec | 14 ++++++++++---- 5 files changed, 14 insertions(+), 37 deletions(-) delete mode 100644 21705.patch diff --git a/21705.patch b/21705.patch deleted file mode 100644 index 51d5714..0000000 --- a/21705.patch +++ /dev/null @@ -1,29 +0,0 @@ -From ca52de3b56d5e70232bee29314cd84f5596c1e7f Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 9 Dec 2021 15:46:13 +0100 -Subject: [PATCH] process-util: Fix memory leak - ---- - src/basic/process-util.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/src/basic/process-util.c b/src/basic/process-util.c -index 1b96d3ca8543..c97185215847 100644 ---- a/src/basic/process-util.c -+++ b/src/basic/process-util.c -@@ -221,9 +221,12 @@ int get_process_cmdline(pid_t pid, size_t max_columns, ProcessCmdlineFlags flags - return -ENOMEM; - - /* Drop trailing empty strings. See issue #21186. */ -- STRV_FOREACH_BACKWARDS(p, args) -- if (isempty(*p)) -- *p = mfree(*p); -+ STRV_FOREACH_BACKWARDS(p, args) { -+ if (!isempty(*p)) -+ break; -+ -+ *p = mfree(*p); -+ } - - ans = quote_command_line(args, shflags); - if (!ans) diff --git a/libsystemd-shared.abignore b/libsystemd-shared.abignore index e412d8b..6a33b88 100644 --- a/libsystemd-shared.abignore +++ b/libsystemd-shared.abignore @@ -1,3 +1,3 @@ [suppress_file] -# This shared object is private to systemd -file_name_regexp=libsystemd-shared-.*.so +# Those shared objects are private to systemd +file_name_regexp=libsystemd-(shared|core)-.*.so diff --git a/sources b/sources index 59fb38c..38f213c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-250.4.tar.gz) = 307ed0920da660b6c45d909fea66864fb98db8b2f6905d629fb2012fc4bf64dd25fd61168c22bf4098200be541be9b0e815fbde98806a99c85cb33d49d8b63d0 +SHA512 (systemd-251-rc1.tar.gz) = 724de2d923acfca8c1ebf5dd3042fa9d212c2d7aa5c0fcc528abec0c872af53af9d5f829aac63fe51af29a62d6f7ba9f215b32ebf05e84aa6ee89d723c7341e7 diff --git a/split-files.py b/split-files.py index 9b6e9f7..958154e 100644 --- a/split-files.py +++ b/split-files.py @@ -58,7 +58,7 @@ for file in files(buildroot): o = o_rpm_macros elif '/usr/lib/systemd/tests' in n: o = o_tests - elif re.search(r'/libsystemd-shared-.*\.so$', n): + elif re.search(r'/libsystemd-(shared|core)-.*\.so$', n): o = o_main elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n): o = o_udev diff --git a/systemd.spec b/systemd.spec index 724d16e..f63dd9d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,7 +1,7 @@ #global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} -%global stable 1 +#global stable 1 # We ship a .pc file but don't want to have a dep on pkg-config. We # strip the automatically generated dep here and instead co-own the @@ -30,8 +30,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 250.4 -Release: 2%{?dist} +Version: 251~rc1 +Release: 1%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -518,7 +518,9 @@ CONFIGURE_OPTS=( -Db_lto=%[%{with lto}?"true":"false"] -Db_ndebug=false -Dman=true - -Dversion-tag=v%{version}-%{release} + -Dversion-tag=v%{version_no_tilde}-%{release} + # https://bugzilla.redhat.com/show_bug.cgi?id=1906010 + -Dshared-lib-tag=%{version_no_tilde}-%{release} -Dfallback-hostname=%[0%{?fedora}?"fedora":"localhost"] -Ddefault-dnssec=no -Ddefault-dns-over-tls=no @@ -1004,6 +1006,10 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Tue Mar 29 2022 Zbigniew Jędrzejewski-Szmek - 251~rc1-1 +- First release candidate in the new cycle +- Fixes rhbz#1449751, rhbz#1906010 + * Fri Mar 18 2022 Zbigniew Jędrzejewski-Szmek - 250.4-2 - Fix the wrong file assignment done in previous version From 16421fb073bab30de59c61fbb1cfc63b06ebd8dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 4 Apr 2022 11:34:18 +0200 Subject: [PATCH 063/494] Temporarily revert libsystemd-core and private shared suffix --- ...ate-new-libsystemd-core.so-private-s.patch | 134 ++++++++++++++++++ systemd.spec | 12 +- 2 files changed, 144 insertions(+), 2 deletions(-) create mode 100644 0001-Revert-meson-create-new-libsystemd-core.so-private-s.patch diff --git a/0001-Revert-meson-create-new-libsystemd-core.so-private-s.patch b/0001-Revert-meson-create-new-libsystemd-core.so-private-s.patch new file mode 100644 index 0000000..243d67a --- /dev/null +++ b/0001-Revert-meson-create-new-libsystemd-core.so-private-s.patch @@ -0,0 +1,134 @@ +From 71e6efb1569853948d001854f040dd5a077df131 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Mon, 4 Apr 2022 11:31:04 +0200 +Subject: [PATCH] Revert "meson: create new libsystemd-core.so private shared + library" + +This reverts commit 4287c855893b6a2666fbe0422a1e738c47fa3ef5. + +https://bugzilla.redhat.com/show_bug.cgi?id=2071069 +--- + meson.build | 14 ++++++++++++-- + src/core/meson.build | 14 +++----------- + src/shared/meson.build | 2 +- + src/test/meson.build | 3 +-- + tools/oss-fuzz.sh | 4 +--- + 5 files changed, 18 insertions(+), 19 deletions(-) + +diff --git a/meson.build b/meson.build +index e68791b8b4..b80589d095 100644 +--- a/meson.build ++++ b/meson.build +@@ -2117,7 +2117,12 @@ dbus_programs += executable( + link_with : [libcore, + libshared], + dependencies : [versiondep, +- libseccomp], ++ threads, ++ librt, ++ libseccomp, ++ libselinux, ++ libmount, ++ libblkid], + install_rpath : rootlibexecdir, + install : true, + install_dir : rootlibexecdir) +@@ -2133,7 +2138,12 @@ public_programs += executable( + link_with : [libcore, + libshared], + dependencies : [versiondep, +- libseccomp], ++ threads, ++ librt, ++ libseccomp, ++ libselinux, ++ libmount, ++ libblkid], + install_rpath : rootlibexecdir, + install : conf.get('ENABLE_ANALYZE')) + +diff --git a/src/core/meson.build b/src/core/meson.build +index f5e04b37ca..fa0dcb69ad 100644 +--- a/src/core/meson.build ++++ b/src/core/meson.build +@@ -167,18 +167,12 @@ load_fragment_gperf_nulstr_c = custom_target( + command : [awk, '-f', '@INPUT0@', '@INPUT1@'], + capture : true) + +-libcore_name = 'systemd-core-@0@'.format(shared_lib_tag) +- +-libcore = shared_library( +- libcore_name, ++libcore = static_library( ++ 'core', + libcore_sources, + load_fragment_gperf_c, + load_fragment_gperf_nulstr_c, + include_directories : includes, +- c_args : ['-fvisibility=default'], +- link_args : ['-shared', +- '-Wl,--version-script=' + libshared_sym_path], +- link_with : libshared, + dependencies : [versiondep, + threads, + libdl, +@@ -190,10 +184,8 @@ libcore = shared_library( + libapparmor, + libselinux, + libmount, +- libblkid, + libacl], +- install : true, +- install_dir : rootlibexecdir) ++ build_by_default : false) + + core_includes = [includes, include_directories('.')] + +diff --git a/src/shared/meson.build b/src/shared/meson.build +index 4333c9a0a9..54cd8b17d2 100644 +--- a/src/shared/meson.build ++++ b/src/shared/meson.build +@@ -474,13 +474,13 @@ libshared_static = static_library( + libshared = shared_library( + libshared_name, + include_directories : includes, +- c_args : ['-fvisibility=default'], + link_args : ['-shared', + '-Wl,--version-script=' + libshared_sym_path], + link_whole : [libshared_static, + libbasic, + libbasic_gcrypt, + libsystemd_static], ++ c_args : ['-fvisibility=default'], + dependencies : libshared_deps, + install : true, + install_dir : rootlibexecdir) +diff --git a/src/test/meson.build b/src/test/meson.build +index 297a65d9af..9f09ff959c 100644 +--- a/src/test/meson.build ++++ b/src/test/meson.build +@@ -421,8 +421,7 @@ tests += [ + libmount, + libxz, + liblz4, +- libblkid, +- libselinux], ++ libblkid], + [core_includes, journal_includes, udev_includes]], + + [files('test-prioq.c')], +diff --git a/tools/oss-fuzz.sh b/tools/oss-fuzz.sh +index 8ff3abefb7..109046da24 100755 +--- a/tools/oss-fuzz.sh ++++ b/tools/oss-fuzz.sh +@@ -89,9 +89,7 @@ df="$build/dns-fuzzing" + git clone --depth 1 https://github.com/CZ-NIC/dns-fuzzing "$df" + zip -jqr "$OUT/fuzz-dns-packet_seed_corpus.zip" "$df/packet" + +-install -Dt "$OUT/src/shared/" \ +- "$build"/src/shared/libsystemd-shared-*.so \ +- "$build"/src/core/libsystemd-core-*.so ++install -Dt "$OUT/src/shared/" "$build"/src/shared/libsystemd-shared-*.so + + wget -O "$OUT/fuzz-json.dict" https://raw.githubusercontent.com/rc0r/afl-fuzz/master/dictionaries/json.dict + diff --git a/systemd.spec b/systemd.spec index f63dd9d..b93c278 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 251~rc1 -Release: 1%{?dist} +Release: 2%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -99,6 +99,9 @@ Patch0500: use-bfq-scheduler.patch # https://github.com/systemd/systemd/pull/17050 Patch0501: https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2071069 +Patch9999: 0001-Revert-meson-create-new-libsystemd-core.so-private-s.patch + %ifarch %{ix86} x86_64 aarch64 %global have_gnu_efi 1 %endif @@ -520,7 +523,7 @@ CONFIGURE_OPTS=( -Dman=true -Dversion-tag=v%{version_no_tilde}-%{release} # https://bugzilla.redhat.com/show_bug.cgi?id=1906010 - -Dshared-lib-tag=%{version_no_tilde}-%{release} + # -Dshared-lib-tag=%{version_no_tilde}-%{release} -Dfallback-hostname=%[0%{?fedora}?"fedora":"localhost"] -Ddefault-dnssec=no -Ddefault-dns-over-tls=no @@ -1006,6 +1009,11 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Mon Apr 4 2022 Zbigniew Jędrzejewski-Szmek - 251~rc1-2 +- Merge libsystemd-core back into individual binaries and drop the + private shared library suffix (this should server as a work-around + for rhbz#2071069) + * Tue Mar 29 2022 Zbigniew Jędrzejewski-Szmek - 251~rc1-1 - First release candidate in the new cycle - Fixes rhbz#1449751, rhbz#1906010 From b022402abafc988354a899b9f63376322fb667b0 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Tue, 12 Apr 2022 10:26:11 +0200 Subject: [PATCH 064/494] Do not require bpftool for i386 builds --- systemd.spec | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index b93c278..78bec97 100644 --- a/systemd.spec +++ b/systemd.spec @@ -150,7 +150,6 @@ BuildRequires: pkgconfig(tss2-esys) BuildRequires: pkgconfig(tss2-rc) BuildRequires: pkgconfig(tss2-mu) BuildRequires: pkgconfig(libbpf) -BuildRequires: bpftool BuildRequires: systemtap-sdt-devel BuildRequires: libxslt BuildRequires: docbook-style-xsl @@ -174,6 +173,12 @@ BuildRequires: pkgconfig(bash-completion) BuildRequires: perl BuildRequires: perl(IPC::SysV) +%ifnarch %ix86 +# bpftool is not built for i368 +BuildRequires: bpftool +%global have_bpf 1 +%endif + Requires(post): coreutils Requires(post): grep # systemd-machine-id-setup requires libssl @@ -474,7 +479,7 @@ CONFIGURE_OPTS=( -Dseccomp=true -Dima=true -Dselinux=true - -Dbpf-framework=true + -Dbpf-framework=%[0%{?have_bpf}?"true":"false"] -Dapparmor=false -Dpolkit=true -Dxz=true From 4047e4fb7bb76f2578989e98de276e9ceb4e94b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 12 Apr 2022 09:50:37 +0200 Subject: [PATCH 065/494] Do not touch /etc/resolv.conf on upgrades --- systemd.spec | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 78bec97..4aed283 100644 --- a/systemd.spec +++ b/systemd.spec @@ -921,7 +921,8 @@ if [ $1 -eq 0 ] ; then fi %post resolved -[ $1 -gt 1 ] && exit 0 +[ $1 -eq 1 ] || exit 0 +# Initial installation # Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263 if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then @@ -932,6 +933,9 @@ fi %systemd_post systemd-resolved.service %posttrans resolved +[ $1 -eq 1 ] || exit 0 +# Initial installation + # Create /etc/resolv.conf symlink. # We would also create it using tmpfiles, but let's do this here # too before NetworkManager gets a chance. (systemd-tmpfiles invocation above @@ -1014,6 +1018,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Tue Apr 12 2022 Zbigniew Jędrzejewski-Szmek - 251~rc1-2 +- Do not touch /etc/resolv.conf on upgrades (#2074122) + * Mon Apr 4 2022 Zbigniew Jędrzejewski-Szmek - 251~rc1-2 - Merge libsystemd-core back into individual binaries and drop the private shared library suffix (this should server as a work-around From d3aa9f1d334bda640eeaa748cfcb5b09cd2c0e04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 12 Apr 2022 22:07:17 +0200 Subject: [PATCH 066/494] Two patches to maybe help with the compose This is really a stab in the dark. --- ...ix-crash-when-reenable-is-called-wit.patch | 23 + ...stall-create-relative-symlinks-for-e.patch | 593 ++++++++++++++++++ systemd.spec | 8 +- 3 files changed, 622 insertions(+), 2 deletions(-) create mode 100644 0001-shared-install-fix-crash-when-reenable-is-called-wit.patch create mode 100644 0002-Revert-shared-install-create-relative-symlinks-for-e.patch diff --git a/0001-shared-install-fix-crash-when-reenable-is-called-wit.patch b/0001-shared-install-fix-crash-when-reenable-is-called-wit.patch new file mode 100644 index 0000000..3f9d86c --- /dev/null +++ b/0001-shared-install-fix-crash-when-reenable-is-called-wit.patch @@ -0,0 +1,23 @@ +From f4574dc080b0bd9ef6898d954dc9e0e2b056b9c5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 12 Apr 2022 20:42:32 +0200 +Subject: [PATCH 1/2] shared/install: fix crash when reenable is called without + --root + +--- + src/shared/install.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/install.c b/src/shared/install.c +index 58bccdcaa8..f7257c5ceb 100644 +--- a/src/shared/install.c ++++ b/src/shared/install.c +@@ -2825,7 +2825,7 @@ static int normalize_linked_files( + return r; + + const char *p = NULL; +- if (i && i->path) ++ if (i && i->path && i->root) + /* Use startswith here, because we know that paths are normalized, and + * path_startswith() would give us a relative path, but we need an absolute path + * relative to i->root. diff --git a/0002-Revert-shared-install-create-relative-symlinks-for-e.patch b/0002-Revert-shared-install-create-relative-symlinks-for-e.patch new file mode 100644 index 0000000..268b1d2 --- /dev/null +++ b/0002-Revert-shared-install-create-relative-symlinks-for-e.patch @@ -0,0 +1,593 @@ +From 5a6519333a6eeb468281f531b19b74243f49c6b5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 12 Apr 2022 22:01:10 +0200 +Subject: [PATCH 2/2] Revert "shared/install: create relative symlinks for + enablement and aliasing" + +This reverts commit d6c9411072901556176ac130f2ce71a33107aa93. +--- + src/shared/install.c | 14 ++-- + src/test/test-install-root.c | 65 ++++++++--------- + test/test-systemctl-enable.sh | 130 ++++++++++++++++++---------------- + 3 files changed, 103 insertions(+), 106 deletions(-) + +diff --git a/src/shared/install.c b/src/shared/install.c +index f7257c5ceb..c560ae41d8 100644 +--- a/src/shared/install.c ++++ b/src/shared/install.c +@@ -1899,7 +1899,7 @@ static int install_info_symlink_alias( + if (!alias_path) + return -ENOMEM; + +- q = create_symlink(lp, info->name, alias_path, force, changes, n_changes); ++ q = create_symlink(lp, info->path, alias_path, force, changes, n_changes); + r = r < 0 ? r : q; + } + +@@ -1968,7 +1968,7 @@ static int install_info_symlink_wants( + } + + STRV_FOREACH(s, list) { +- _cleanup_free_ char *dst = NULL; ++ _cleanup_free_ char *path = NULL, *dst = NULL; + + q = install_name_printf(scope, info, *s, &dst); + if (q < 0) { +@@ -1998,15 +1998,11 @@ static int install_info_symlink_wants( + continue; + } + +- _cleanup_free_ char *path = strjoin(config_path, "/", dst, suffix, n); ++ path = strjoin(config_path, "/", dst, suffix, n); + if (!path) + return -ENOMEM; + +- _cleanup_free_ char *target = strjoin("../", info->name); +- if (!target) +- return -ENOMEM; +- +- q = create_symlink(lp, target, path, true, changes, n_changes); ++ q = create_symlink(lp, info->path, path, true, changes, n_changes); + if (r == 0) + r = q; + +@@ -2914,7 +2910,7 @@ int unit_file_set_default( + return r; + + new_path = strjoina(lp.persistent_config, "/" SPECIAL_DEFAULT_TARGET); +- return create_symlink(&lp, info->name, new_path, flags & UNIT_FILE_FORCE, changes, n_changes); ++ return create_symlink(&lp, info->path, new_path, flags & UNIT_FILE_FORCE, changes, n_changes); + } + + int unit_file_get_default( +diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c +index a36536b85b..c2980ccbbd 100644 +--- a/src/test/test-install-root.c ++++ b/src/test/test-install-root.c +@@ -88,7 +88,7 @@ TEST(basic_mask_and_enable) { + assert_se(unit_file_enable(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("a.service"), &changes, &n_changes) == 1); + assert_se(n_changes == 1); + assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); +- assert_se(streq(changes[0].source, "../a.service")); ++ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/a.service")); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/a.service"); + assert_se(streq(changes[0].path, p)); + unit_file_changes_free(changes, n_changes); +@@ -128,7 +128,7 @@ TEST(basic_mask_and_enable) { + assert_se(unit_file_enable(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("d.service"), &changes, &n_changes) >= 0); + assert_se(n_changes == 1); + assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); +- assert_se(streq(changes[0].source, "../a.service")); ++ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/a.service")); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/a.service"); + assert_se(streq(changes[0].path, p)); + unit_file_changes_free(changes, n_changes); +@@ -147,7 +147,7 @@ TEST(basic_mask_and_enable) { + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/a.service"); + assert_se(streq(changes[0].path, p)); + assert_se(changes[1].type_or_errno == UNIT_FILE_SYMLINK); +- assert_se(streq(changes[1].source, "../a.service")); ++ assert_se(streq(changes[1].source, "/usr/lib/systemd/system/a.service")); + assert_se(streq(changes[1].path, p)); + unit_file_changes_free(changes, n_changes); + changes = NULL; n_changes = 0; +@@ -186,7 +186,7 @@ TEST(basic_mask_and_enable) { + assert_se(unit_file_enable(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("f.service"), &changes, &n_changes) == 1); + assert_se(n_changes == 2); + assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); +- assert_se(streq(changes[0].source, "../f.service")); ++ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/f.service")); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/x.target.wants/f.service"); + assert_se(streq(changes[0].path, p)); + assert_se(changes[1].type_or_errno == UNIT_FILE_DESTINATION_NOT_PRESENT); +@@ -280,8 +280,7 @@ TEST(linked_units) { + q = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/linked.service"); + for (i = 0 ; i < n_changes; i++) { + assert_se(changes[i].type_or_errno == UNIT_FILE_SYMLINK); +- assert_se(STR_IN_SET(changes[i].source, +- "../linked.service", "/opt/linked.service")); ++ assert_se(streq(changes[i].source, "/opt/linked.service")); + + if (p && streq(changes[i].path, p)) + p = NULL; +@@ -323,8 +322,7 @@ TEST(linked_units) { + q = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/linked2.service"); + for (i = 0 ; i < n_changes; i++) { + assert_se(changes[i].type_or_errno == UNIT_FILE_SYMLINK); +- assert_se(STR_IN_SET(changes[i].source, +- "../linked2.service", "/opt/linked2.service")); ++ assert_se(streq(changes[i].source, "/opt/linked2.service")); + + if (p && streq(changes[i].path, p)) + p = NULL; +@@ -342,7 +340,7 @@ TEST(linked_units) { + assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); + assert_se(startswith(changes[0].path, root)); + assert_se(endswith(changes[0].path, "linked3.service")); +- assert_se(streq(changes[0].source, "../linked3.service")); ++ assert_se(streq(changes[0].source, "/opt/linked3.service")); + unit_file_changes_free(changes, n_changes); + changes = NULL; n_changes = 0; + } +@@ -373,7 +371,7 @@ TEST(default) { + assert_se(unit_file_set_default(LOOKUP_SCOPE_SYSTEM, 0, root, "test-default.target", &changes, &n_changes) >= 0); + assert_se(n_changes == 1); + assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); +- assert_se(streq(changes[0].source, "test-default-real.target")); ++ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/test-default-real.target")); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR "/" SPECIAL_DEFAULT_TARGET); + assert_se(streq(changes[0].path, p)); + unit_file_changes_free(changes, n_changes); +@@ -403,7 +401,7 @@ TEST(add_dependency) { + assert_se(unit_file_add_dependency(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("add-dependency-test-service.service"), "add-dependency-test-target.target", UNIT_WANTS, &changes, &n_changes) >= 0); + assert_se(n_changes == 1); + assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); +- assert_se(streq(changes[0].source, "../real-add-dependency-test-service.service")); ++ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/real-add-dependency-test-service.service")); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/real-add-dependency-test-target.target.wants/real-add-dependency-test-service.service"); + assert_se(streq(changes[0].path, p)); + unit_file_changes_free(changes, n_changes); +@@ -444,7 +442,7 @@ TEST(template_enable) { + assert_se(unit_file_enable(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("template@.service"), &changes, &n_changes) >= 0); + assert_se(n_changes == 1); + assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); +- assert_se(streq(changes[0].source, "../template@.service")); ++ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/template@.service")); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/template@def.service"); + assert_se(streq(changes[0].path, p)); + unit_file_changes_free(changes, n_changes); +@@ -475,14 +473,13 @@ TEST(template_enable) { + + assert_se(unit_file_enable(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("template@foo.service"), &changes, &n_changes) >= 0); + assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); +- assert_se(streq(changes[0].source, "../template@foo.service")); ++ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/template@.service")); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/template@foo.service"); + assert_se(streq(changes[0].path, p)); + unit_file_changes_free(changes, n_changes); + changes = NULL; n_changes = 0; + +- assert_se(unit_file_get_state(LOOKUP_SCOPE_SYSTEM, root, "template@.service", &state) >= 0); +- assert_se(state == UNIT_FILE_INDIRECT); ++ assert_se(unit_file_get_state(LOOKUP_SCOPE_SYSTEM, root, "template@.service", &state) >= 0 && state == UNIT_FILE_INDIRECT); + assert_se(unit_file_get_state(LOOKUP_SCOPE_SYSTEM, root, "template@def.service", &state) >= 0 && state == UNIT_FILE_DISABLED); + assert_se(unit_file_get_state(LOOKUP_SCOPE_SYSTEM, root, "template@foo.service", &state) >= 0 && state == UNIT_FILE_ENABLED); + assert_se(unit_file_get_state(LOOKUP_SCOPE_SYSTEM, root, "template-symlink@foo.service", &state) >= 0 && state == UNIT_FILE_ENABLED); +@@ -509,7 +506,7 @@ TEST(template_enable) { + + assert_se(unit_file_enable(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("template-symlink@quux.service"), &changes, &n_changes) >= 0); + assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); +- assert_se(streq(changes[0].source, "../template@quux.service")); ++ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/template@.service")); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/template@quux.service"); + assert_se(streq(changes[0].path, p)); + unit_file_changes_free(changes, n_changes); +@@ -555,7 +552,7 @@ TEST(indirect) { + assert_se(unit_file_enable(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("indirectc.service"), &changes, &n_changes) >= 0); + assert_se(n_changes == 1); + assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); +- assert_se(streq(changes[0].source, "../indirectb.service")); ++ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/indirectb.service")); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/indirectb.service"); + assert_se(streq(changes[0].path, p)); + unit_file_changes_free(changes, n_changes); +@@ -607,7 +604,7 @@ TEST(preset_and_list) { + assert_se(unit_file_preset(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("preset-yes.service"), UNIT_FILE_PRESET_FULL, &changes, &n_changes) >= 0); + assert_se(n_changes == 1); + assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); +- assert_se(streq(changes[0].source, "../preset-yes.service")); ++ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/preset-yes.service")); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/preset-yes.service"); + assert_se(streq(changes[0].path, p)); + unit_file_changes_free(changes, n_changes); +@@ -644,7 +641,7 @@ TEST(preset_and_list) { + for (i = 0; i < n_changes; i++) { + + if (changes[i].type_or_errno == UNIT_FILE_SYMLINK) { +- assert_se(streq(changes[i].source, "../preset-yes.service")); ++ assert_se(streq(changes[i].source, "/usr/lib/systemd/system/preset-yes.service")); + assert_se(streq(changes[i].path, p)); + } else + assert_se(changes[i].type_or_errno == UNIT_FILE_UNLINK); +@@ -760,7 +757,7 @@ TEST(preset_order) { + assert_se(unit_file_preset(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("prefix-1.service"), UNIT_FILE_PRESET_FULL, &changes, &n_changes) >= 0); + assert_se(n_changes == 1); + assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); +- assert_se(streq(changes[0].source, "../prefix-1.service")); ++ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/prefix-1.service")); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/prefix-1.service"); + assert_se(streq(changes[0].path, p)); + unit_file_changes_free(changes, n_changes); +@@ -869,8 +866,8 @@ TEST(with_dropin) { + assert_se(n_changes == 2); + assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); + assert_se(changes[1].type_or_errno == UNIT_FILE_SYMLINK); +- assert_se(streq(changes[0].source, "../with-dropin-1.service")); +- assert_se(streq(changes[1].source, "../with-dropin-1.service")); ++ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/with-dropin-1.service")); ++ assert_se(streq(changes[1].source, "/usr/lib/systemd/system/with-dropin-1.service")); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/with-dropin-1.service"); + assert_se(streq(changes[0].path, p)); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/graphical.target.wants/with-dropin-1.service"); +@@ -883,8 +880,8 @@ TEST(with_dropin) { + assert_se(n_changes == 2); + assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); + assert_se(changes[1].type_or_errno == UNIT_FILE_SYMLINK); +- assert_se(streq(changes[0].source, "../with-dropin-2.service")); +- assert_se(streq(changes[1].source, "../with-dropin-2.service")); ++ assert_se(streq(changes[0].source, SYSTEM_CONFIG_UNIT_DIR"/with-dropin-2.service")); ++ assert_se(streq(changes[1].source, SYSTEM_CONFIG_UNIT_DIR"/with-dropin-2.service")); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/with-dropin-2.service"); + assert_se(streq(changes[0].path, p)); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/graphical.target.wants/with-dropin-2.service"); +@@ -897,8 +894,8 @@ TEST(with_dropin) { + assert_se(n_changes == 2); + assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); + assert_se(changes[1].type_or_errno == UNIT_FILE_SYMLINK); +- assert_se(streq(changes[0].source, "../with-dropin-3.service")); +- assert_se(streq(changes[1].source, "../with-dropin-3.service")); ++ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/with-dropin-3.service")); ++ assert_se(streq(changes[1].source, "/usr/lib/systemd/system/with-dropin-3.service")); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/with-dropin-3.service"); + assert_se(streq(changes[0].path, p)); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/graphical.target.wants/with-dropin-3.service"); +@@ -911,8 +908,8 @@ TEST(with_dropin) { + assert_se(n_changes == 2); + assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); + assert_se(changes[1].type_or_errno == UNIT_FILE_SYMLINK); +- assert_se(streq(changes[0].source, "../with-dropin-4a.service")); +- assert_se(streq(changes[1].source, "../with-dropin-4b.service")); ++ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/with-dropin-4a.service")); ++ assert_se(streq(changes[1].source, "/usr/lib/systemd/system/with-dropin-4b.service")); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/with-dropin-4a.service"); + assert_se(streq(changes[0].path, p)); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/with-dropin-4b.service"); +@@ -978,8 +975,8 @@ TEST(with_dropin_template) { + assert_se(n_changes == 2); + assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); + assert_se(changes[1].type_or_errno == UNIT_FILE_SYMLINK); +- assert_se(streq(changes[0].source, "../with-dropin-1@instance-1.service")); +- assert_se(streq(changes[1].source, "../with-dropin-1@instance-1.service")); ++ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/with-dropin-1@.service")); ++ assert_se(streq(changes[1].source, "/usr/lib/systemd/system/with-dropin-1@.service")); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/with-dropin-1@instance-1.service"); + assert_se(streq(changes[0].path, p)); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/graphical.target.wants/with-dropin-1@instance-1.service"); +@@ -991,8 +988,8 @@ TEST(with_dropin_template) { + assert_se(n_changes == 2); + assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); + assert_se(changes[1].type_or_errno == UNIT_FILE_SYMLINK); +- assert_se(streq(changes[0].source, "../with-dropin-2@instance-1.service")); +- assert_se(streq(changes[1].source, "../with-dropin-2@instance-1.service")); ++ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/with-dropin-2@.service")); ++ assert_se(streq(changes[1].source, "/usr/lib/systemd/system/with-dropin-2@.service")); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/with-dropin-2@instance-1.service"); + assert_se(streq(changes[0].path, p)); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/graphical.target.wants/with-dropin-2@instance-1.service"); +@@ -1003,7 +1000,7 @@ TEST(with_dropin_template) { + assert_se(unit_file_enable(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("with-dropin-2@instance-2.service"), &changes, &n_changes) == 1); + assert_se(n_changes == 1); + assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); +- assert_se(streq(changes[0].source, "../with-dropin-2@instance-2.service")); ++ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/with-dropin-2@.service")); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/with-dropin-2@instance-2.service"); + assert_se(streq(changes[0].path, p)); + unit_file_changes_free(changes, n_changes); +@@ -1012,7 +1009,7 @@ TEST(with_dropin_template) { + assert_se(unit_file_enable(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("with-dropin-3@.service"), &changes, &n_changes) == 1); + assert_se(n_changes == 1); + assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); +- assert_se(streq(changes[0].source, "../with-dropin-3@.service")); ++ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/with-dropin-3@.service")); + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/with-dropin-3@instance-2.service"); + assert_se(streq(changes[0].path, p)); + unit_file_changes_free(changes, n_changes); +diff --git a/test/test-systemctl-enable.sh b/test/test-systemctl-enable.sh +index f40831cf8c..7d5667f297 100644 +--- a/test/test-systemctl-enable.sh ++++ b/test/test-systemctl-enable.sh +@@ -90,27 +90,27 @@ EOF + ( ! "$systemctl" --root="$root" enable test1 ) + test -h "$root/etc/systemd/system/default.target.wants/test1.service" + test -h "$root/etc/systemd/system/special.target.requires/test1.service" +-test -e "$root/etc/systemd/system/test1-goodalias.service" ++test ! -e "$root/etc/systemd/system/test1-goodalias.service" + test -h "$root/etc/systemd/system/test1-goodalias.service" +-test ! -h "$root/etc/systemd/system/test1@badalias.service" +-test ! -h "$root/etc/systemd/system/test1-badalias.target" +-test ! -h "$root/etc/systemd/system/test1-badalias.socket" +-test -e "$root/etc/systemd/system/test1-goodalias2.service" ++test ! -e "$root/etc/systemd/system/test1@badalias.service" ++test ! -e "$root/etc/systemd/system/test1-badalias.target" ++test ! -e "$root/etc/systemd/system/test1-badalias.socket" + test -h "$root/etc/systemd/system/test1-goodalias2.service" + + : '-------aliases in reeanble----------------------------------' + ( ! "$systemctl" --root="$root" reenable test1 ) +-islink "$root/etc/systemd/system/default.target.wants/test1.service" "../test1.service" +-islink "$root/etc/systemd/system/test1-goodalias.service" "test1.service" ++test -h "$root/etc/systemd/system/default.target.wants/test1.service" ++test ! -e "$root/etc/systemd/system/test1-goodalias.service" ++test -h "$root/etc/systemd/system/test1-goodalias.service" + +-test ! -h "$root/etc/systemd/system/test1@badalias.service" +-test ! -h "$root/etc/systemd/system/test1-badalias.target" +-test ! -h "$root/etc/systemd/system/test1-badalias.socket" ++test ! -e "$root/etc/systemd/system/test1@badalias.service" ++test ! -e "$root/etc/systemd/system/test1-badalias.target" ++test ! -e "$root/etc/systemd/system/test1-badalias.socket" + + "$systemctl" --root="$root" disable test1 +-test ! -h "$root/etc/systemd/system/default.target.wants/test1.service" +-test ! -h "$root/etc/systemd/system/special.target.requires/test1.service" +-test ! -h "$root/etc/systemd/system/test1-goodalias.service" ++test ! -e "$root/etc/systemd/system/default.target.wants/test1.service" ++test ! -e "$root/etc/systemd/system/special.target.requires/test1.service" ++test ! -e "$root/etc/systemd/system/test1-goodalias.service" + + : '-------aliases when link already exists---------------------' + cat >"$root/etc/systemd/system/test1a.service" <"$root/link3.suffix" <"$root/etc/systemd/system/templ1@.service" < - 251~rc1-2 +* Tue Apr 12 2022 Zbigniew Jędrzejewski-Szmek - 251~rc1-3 - Do not touch /etc/resolv.conf on upgrades (#2074122) +- Add bugfix patch and revert one patch which might be causing + problems with the compose * Mon Apr 4 2022 Zbigniew Jędrzejewski-Szmek - 251~rc1-2 - Merge libsystemd-core back into individual binaries and drop the From acb90c49c42276b06375a66c73673ac351025597 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Wed, 20 Apr 2022 13:10:24 +0200 Subject: [PATCH 067/494] sync our systemd-user PAM config. with upstream This incorporates changes from the following commits: https://github.com/systemd/systemd/commit/bd685faa1a3d08598322dc6e256ac585cffcdbac https://github.com/systemd/systemd/commit/71889176e4372b443018584c3520c1ff3efe2711 --- systemd-user | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systemd-user b/systemd-user index c4c427f..8ef2c18 100644 --- a/systemd-user +++ b/systemd-user @@ -2,10 +2,13 @@ # # Used by systemd --user instances. +-account sufficient pam_systemd_home.so +account sufficient pam_unix.so no_pass_expiry account include system-auth session required pam_selinux.so close session required pam_selinux.so nottys open session required pam_loginuid.so session required pam_namespace.so +-session optional pam_systemd_home.so session include system-auth From 04e285047ac3ab9da7e6cb0d70183f70dcd4a25a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 5 May 2022 19:24:55 +0200 Subject: [PATCH 068/494] Version 251-rc2 --- ...ix-crash-when-reenable-is-called-wit.patch | 23 - ...stall-create-relative-symlinks-for-e.patch | 593 ------------------ sources | 2 +- split-files.py | 3 +- systemd.spec | 10 +- 5 files changed, 9 insertions(+), 622 deletions(-) delete mode 100644 0001-shared-install-fix-crash-when-reenable-is-called-wit.patch delete mode 100644 0002-Revert-shared-install-create-relative-symlinks-for-e.patch diff --git a/0001-shared-install-fix-crash-when-reenable-is-called-wit.patch b/0001-shared-install-fix-crash-when-reenable-is-called-wit.patch deleted file mode 100644 index 3f9d86c..0000000 --- a/0001-shared-install-fix-crash-when-reenable-is-called-wit.patch +++ /dev/null @@ -1,23 +0,0 @@ -From f4574dc080b0bd9ef6898d954dc9e0e2b056b9c5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 12 Apr 2022 20:42:32 +0200 -Subject: [PATCH 1/2] shared/install: fix crash when reenable is called without - --root - ---- - src/shared/install.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/shared/install.c b/src/shared/install.c -index 58bccdcaa8..f7257c5ceb 100644 ---- a/src/shared/install.c -+++ b/src/shared/install.c -@@ -2825,7 +2825,7 @@ static int normalize_linked_files( - return r; - - const char *p = NULL; -- if (i && i->path) -+ if (i && i->path && i->root) - /* Use startswith here, because we know that paths are normalized, and - * path_startswith() would give us a relative path, but we need an absolute path - * relative to i->root. diff --git a/0002-Revert-shared-install-create-relative-symlinks-for-e.patch b/0002-Revert-shared-install-create-relative-symlinks-for-e.patch deleted file mode 100644 index 268b1d2..0000000 --- a/0002-Revert-shared-install-create-relative-symlinks-for-e.patch +++ /dev/null @@ -1,593 +0,0 @@ -From 5a6519333a6eeb468281f531b19b74243f49c6b5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 12 Apr 2022 22:01:10 +0200 -Subject: [PATCH 2/2] Revert "shared/install: create relative symlinks for - enablement and aliasing" - -This reverts commit d6c9411072901556176ac130f2ce71a33107aa93. ---- - src/shared/install.c | 14 ++-- - src/test/test-install-root.c | 65 ++++++++--------- - test/test-systemctl-enable.sh | 130 ++++++++++++++++++---------------- - 3 files changed, 103 insertions(+), 106 deletions(-) - -diff --git a/src/shared/install.c b/src/shared/install.c -index f7257c5ceb..c560ae41d8 100644 ---- a/src/shared/install.c -+++ b/src/shared/install.c -@@ -1899,7 +1899,7 @@ static int install_info_symlink_alias( - if (!alias_path) - return -ENOMEM; - -- q = create_symlink(lp, info->name, alias_path, force, changes, n_changes); -+ q = create_symlink(lp, info->path, alias_path, force, changes, n_changes); - r = r < 0 ? r : q; - } - -@@ -1968,7 +1968,7 @@ static int install_info_symlink_wants( - } - - STRV_FOREACH(s, list) { -- _cleanup_free_ char *dst = NULL; -+ _cleanup_free_ char *path = NULL, *dst = NULL; - - q = install_name_printf(scope, info, *s, &dst); - if (q < 0) { -@@ -1998,15 +1998,11 @@ static int install_info_symlink_wants( - continue; - } - -- _cleanup_free_ char *path = strjoin(config_path, "/", dst, suffix, n); -+ path = strjoin(config_path, "/", dst, suffix, n); - if (!path) - return -ENOMEM; - -- _cleanup_free_ char *target = strjoin("../", info->name); -- if (!target) -- return -ENOMEM; -- -- q = create_symlink(lp, target, path, true, changes, n_changes); -+ q = create_symlink(lp, info->path, path, true, changes, n_changes); - if (r == 0) - r = q; - -@@ -2914,7 +2910,7 @@ int unit_file_set_default( - return r; - - new_path = strjoina(lp.persistent_config, "/" SPECIAL_DEFAULT_TARGET); -- return create_symlink(&lp, info->name, new_path, flags & UNIT_FILE_FORCE, changes, n_changes); -+ return create_symlink(&lp, info->path, new_path, flags & UNIT_FILE_FORCE, changes, n_changes); - } - - int unit_file_get_default( -diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c -index a36536b85b..c2980ccbbd 100644 ---- a/src/test/test-install-root.c -+++ b/src/test/test-install-root.c -@@ -88,7 +88,7 @@ TEST(basic_mask_and_enable) { - assert_se(unit_file_enable(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("a.service"), &changes, &n_changes) == 1); - assert_se(n_changes == 1); - assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); -- assert_se(streq(changes[0].source, "../a.service")); -+ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/a.service")); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/a.service"); - assert_se(streq(changes[0].path, p)); - unit_file_changes_free(changes, n_changes); -@@ -128,7 +128,7 @@ TEST(basic_mask_and_enable) { - assert_se(unit_file_enable(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("d.service"), &changes, &n_changes) >= 0); - assert_se(n_changes == 1); - assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); -- assert_se(streq(changes[0].source, "../a.service")); -+ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/a.service")); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/a.service"); - assert_se(streq(changes[0].path, p)); - unit_file_changes_free(changes, n_changes); -@@ -147,7 +147,7 @@ TEST(basic_mask_and_enable) { - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/a.service"); - assert_se(streq(changes[0].path, p)); - assert_se(changes[1].type_or_errno == UNIT_FILE_SYMLINK); -- assert_se(streq(changes[1].source, "../a.service")); -+ assert_se(streq(changes[1].source, "/usr/lib/systemd/system/a.service")); - assert_se(streq(changes[1].path, p)); - unit_file_changes_free(changes, n_changes); - changes = NULL; n_changes = 0; -@@ -186,7 +186,7 @@ TEST(basic_mask_and_enable) { - assert_se(unit_file_enable(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("f.service"), &changes, &n_changes) == 1); - assert_se(n_changes == 2); - assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); -- assert_se(streq(changes[0].source, "../f.service")); -+ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/f.service")); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/x.target.wants/f.service"); - assert_se(streq(changes[0].path, p)); - assert_se(changes[1].type_or_errno == UNIT_FILE_DESTINATION_NOT_PRESENT); -@@ -280,8 +280,7 @@ TEST(linked_units) { - q = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/linked.service"); - for (i = 0 ; i < n_changes; i++) { - assert_se(changes[i].type_or_errno == UNIT_FILE_SYMLINK); -- assert_se(STR_IN_SET(changes[i].source, -- "../linked.service", "/opt/linked.service")); -+ assert_se(streq(changes[i].source, "/opt/linked.service")); - - if (p && streq(changes[i].path, p)) - p = NULL; -@@ -323,8 +322,7 @@ TEST(linked_units) { - q = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/linked2.service"); - for (i = 0 ; i < n_changes; i++) { - assert_se(changes[i].type_or_errno == UNIT_FILE_SYMLINK); -- assert_se(STR_IN_SET(changes[i].source, -- "../linked2.service", "/opt/linked2.service")); -+ assert_se(streq(changes[i].source, "/opt/linked2.service")); - - if (p && streq(changes[i].path, p)) - p = NULL; -@@ -342,7 +340,7 @@ TEST(linked_units) { - assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); - assert_se(startswith(changes[0].path, root)); - assert_se(endswith(changes[0].path, "linked3.service")); -- assert_se(streq(changes[0].source, "../linked3.service")); -+ assert_se(streq(changes[0].source, "/opt/linked3.service")); - unit_file_changes_free(changes, n_changes); - changes = NULL; n_changes = 0; - } -@@ -373,7 +371,7 @@ TEST(default) { - assert_se(unit_file_set_default(LOOKUP_SCOPE_SYSTEM, 0, root, "test-default.target", &changes, &n_changes) >= 0); - assert_se(n_changes == 1); - assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); -- assert_se(streq(changes[0].source, "test-default-real.target")); -+ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/test-default-real.target")); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR "/" SPECIAL_DEFAULT_TARGET); - assert_se(streq(changes[0].path, p)); - unit_file_changes_free(changes, n_changes); -@@ -403,7 +401,7 @@ TEST(add_dependency) { - assert_se(unit_file_add_dependency(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("add-dependency-test-service.service"), "add-dependency-test-target.target", UNIT_WANTS, &changes, &n_changes) >= 0); - assert_se(n_changes == 1); - assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); -- assert_se(streq(changes[0].source, "../real-add-dependency-test-service.service")); -+ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/real-add-dependency-test-service.service")); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/real-add-dependency-test-target.target.wants/real-add-dependency-test-service.service"); - assert_se(streq(changes[0].path, p)); - unit_file_changes_free(changes, n_changes); -@@ -444,7 +442,7 @@ TEST(template_enable) { - assert_se(unit_file_enable(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("template@.service"), &changes, &n_changes) >= 0); - assert_se(n_changes == 1); - assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); -- assert_se(streq(changes[0].source, "../template@.service")); -+ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/template@.service")); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/template@def.service"); - assert_se(streq(changes[0].path, p)); - unit_file_changes_free(changes, n_changes); -@@ -475,14 +473,13 @@ TEST(template_enable) { - - assert_se(unit_file_enable(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("template@foo.service"), &changes, &n_changes) >= 0); - assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); -- assert_se(streq(changes[0].source, "../template@foo.service")); -+ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/template@.service")); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/template@foo.service"); - assert_se(streq(changes[0].path, p)); - unit_file_changes_free(changes, n_changes); - changes = NULL; n_changes = 0; - -- assert_se(unit_file_get_state(LOOKUP_SCOPE_SYSTEM, root, "template@.service", &state) >= 0); -- assert_se(state == UNIT_FILE_INDIRECT); -+ assert_se(unit_file_get_state(LOOKUP_SCOPE_SYSTEM, root, "template@.service", &state) >= 0 && state == UNIT_FILE_INDIRECT); - assert_se(unit_file_get_state(LOOKUP_SCOPE_SYSTEM, root, "template@def.service", &state) >= 0 && state == UNIT_FILE_DISABLED); - assert_se(unit_file_get_state(LOOKUP_SCOPE_SYSTEM, root, "template@foo.service", &state) >= 0 && state == UNIT_FILE_ENABLED); - assert_se(unit_file_get_state(LOOKUP_SCOPE_SYSTEM, root, "template-symlink@foo.service", &state) >= 0 && state == UNIT_FILE_ENABLED); -@@ -509,7 +506,7 @@ TEST(template_enable) { - - assert_se(unit_file_enable(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("template-symlink@quux.service"), &changes, &n_changes) >= 0); - assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); -- assert_se(streq(changes[0].source, "../template@quux.service")); -+ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/template@.service")); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/template@quux.service"); - assert_se(streq(changes[0].path, p)); - unit_file_changes_free(changes, n_changes); -@@ -555,7 +552,7 @@ TEST(indirect) { - assert_se(unit_file_enable(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("indirectc.service"), &changes, &n_changes) >= 0); - assert_se(n_changes == 1); - assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); -- assert_se(streq(changes[0].source, "../indirectb.service")); -+ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/indirectb.service")); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/indirectb.service"); - assert_se(streq(changes[0].path, p)); - unit_file_changes_free(changes, n_changes); -@@ -607,7 +604,7 @@ TEST(preset_and_list) { - assert_se(unit_file_preset(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("preset-yes.service"), UNIT_FILE_PRESET_FULL, &changes, &n_changes) >= 0); - assert_se(n_changes == 1); - assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); -- assert_se(streq(changes[0].source, "../preset-yes.service")); -+ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/preset-yes.service")); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/preset-yes.service"); - assert_se(streq(changes[0].path, p)); - unit_file_changes_free(changes, n_changes); -@@ -644,7 +641,7 @@ TEST(preset_and_list) { - for (i = 0; i < n_changes; i++) { - - if (changes[i].type_or_errno == UNIT_FILE_SYMLINK) { -- assert_se(streq(changes[i].source, "../preset-yes.service")); -+ assert_se(streq(changes[i].source, "/usr/lib/systemd/system/preset-yes.service")); - assert_se(streq(changes[i].path, p)); - } else - assert_se(changes[i].type_or_errno == UNIT_FILE_UNLINK); -@@ -760,7 +757,7 @@ TEST(preset_order) { - assert_se(unit_file_preset(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("prefix-1.service"), UNIT_FILE_PRESET_FULL, &changes, &n_changes) >= 0); - assert_se(n_changes == 1); - assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); -- assert_se(streq(changes[0].source, "../prefix-1.service")); -+ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/prefix-1.service")); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/prefix-1.service"); - assert_se(streq(changes[0].path, p)); - unit_file_changes_free(changes, n_changes); -@@ -869,8 +866,8 @@ TEST(with_dropin) { - assert_se(n_changes == 2); - assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); - assert_se(changes[1].type_or_errno == UNIT_FILE_SYMLINK); -- assert_se(streq(changes[0].source, "../with-dropin-1.service")); -- assert_se(streq(changes[1].source, "../with-dropin-1.service")); -+ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/with-dropin-1.service")); -+ assert_se(streq(changes[1].source, "/usr/lib/systemd/system/with-dropin-1.service")); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/with-dropin-1.service"); - assert_se(streq(changes[0].path, p)); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/graphical.target.wants/with-dropin-1.service"); -@@ -883,8 +880,8 @@ TEST(with_dropin) { - assert_se(n_changes == 2); - assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); - assert_se(changes[1].type_or_errno == UNIT_FILE_SYMLINK); -- assert_se(streq(changes[0].source, "../with-dropin-2.service")); -- assert_se(streq(changes[1].source, "../with-dropin-2.service")); -+ assert_se(streq(changes[0].source, SYSTEM_CONFIG_UNIT_DIR"/with-dropin-2.service")); -+ assert_se(streq(changes[1].source, SYSTEM_CONFIG_UNIT_DIR"/with-dropin-2.service")); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/with-dropin-2.service"); - assert_se(streq(changes[0].path, p)); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/graphical.target.wants/with-dropin-2.service"); -@@ -897,8 +894,8 @@ TEST(with_dropin) { - assert_se(n_changes == 2); - assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); - assert_se(changes[1].type_or_errno == UNIT_FILE_SYMLINK); -- assert_se(streq(changes[0].source, "../with-dropin-3.service")); -- assert_se(streq(changes[1].source, "../with-dropin-3.service")); -+ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/with-dropin-3.service")); -+ assert_se(streq(changes[1].source, "/usr/lib/systemd/system/with-dropin-3.service")); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/with-dropin-3.service"); - assert_se(streq(changes[0].path, p)); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/graphical.target.wants/with-dropin-3.service"); -@@ -911,8 +908,8 @@ TEST(with_dropin) { - assert_se(n_changes == 2); - assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); - assert_se(changes[1].type_or_errno == UNIT_FILE_SYMLINK); -- assert_se(streq(changes[0].source, "../with-dropin-4a.service")); -- assert_se(streq(changes[1].source, "../with-dropin-4b.service")); -+ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/with-dropin-4a.service")); -+ assert_se(streq(changes[1].source, "/usr/lib/systemd/system/with-dropin-4b.service")); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/with-dropin-4a.service"); - assert_se(streq(changes[0].path, p)); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/with-dropin-4b.service"); -@@ -978,8 +975,8 @@ TEST(with_dropin_template) { - assert_se(n_changes == 2); - assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); - assert_se(changes[1].type_or_errno == UNIT_FILE_SYMLINK); -- assert_se(streq(changes[0].source, "../with-dropin-1@instance-1.service")); -- assert_se(streq(changes[1].source, "../with-dropin-1@instance-1.service")); -+ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/with-dropin-1@.service")); -+ assert_se(streq(changes[1].source, "/usr/lib/systemd/system/with-dropin-1@.service")); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/with-dropin-1@instance-1.service"); - assert_se(streq(changes[0].path, p)); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/graphical.target.wants/with-dropin-1@instance-1.service"); -@@ -991,8 +988,8 @@ TEST(with_dropin_template) { - assert_se(n_changes == 2); - assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); - assert_se(changes[1].type_or_errno == UNIT_FILE_SYMLINK); -- assert_se(streq(changes[0].source, "../with-dropin-2@instance-1.service")); -- assert_se(streq(changes[1].source, "../with-dropin-2@instance-1.service")); -+ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/with-dropin-2@.service")); -+ assert_se(streq(changes[1].source, "/usr/lib/systemd/system/with-dropin-2@.service")); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/with-dropin-2@instance-1.service"); - assert_se(streq(changes[0].path, p)); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/graphical.target.wants/with-dropin-2@instance-1.service"); -@@ -1003,7 +1000,7 @@ TEST(with_dropin_template) { - assert_se(unit_file_enable(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("with-dropin-2@instance-2.service"), &changes, &n_changes) == 1); - assert_se(n_changes == 1); - assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); -- assert_se(streq(changes[0].source, "../with-dropin-2@instance-2.service")); -+ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/with-dropin-2@.service")); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/with-dropin-2@instance-2.service"); - assert_se(streq(changes[0].path, p)); - unit_file_changes_free(changes, n_changes); -@@ -1012,7 +1009,7 @@ TEST(with_dropin_template) { - assert_se(unit_file_enable(LOOKUP_SCOPE_SYSTEM, 0, root, STRV_MAKE("with-dropin-3@.service"), &changes, &n_changes) == 1); - assert_se(n_changes == 1); - assert_se(changes[0].type_or_errno == UNIT_FILE_SYMLINK); -- assert_se(streq(changes[0].source, "../with-dropin-3@.service")); -+ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/with-dropin-3@.service")); - p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR"/multi-user.target.wants/with-dropin-3@instance-2.service"); - assert_se(streq(changes[0].path, p)); - unit_file_changes_free(changes, n_changes); -diff --git a/test/test-systemctl-enable.sh b/test/test-systemctl-enable.sh -index f40831cf8c..7d5667f297 100644 ---- a/test/test-systemctl-enable.sh -+++ b/test/test-systemctl-enable.sh -@@ -90,27 +90,27 @@ EOF - ( ! "$systemctl" --root="$root" enable test1 ) - test -h "$root/etc/systemd/system/default.target.wants/test1.service" - test -h "$root/etc/systemd/system/special.target.requires/test1.service" --test -e "$root/etc/systemd/system/test1-goodalias.service" -+test ! -e "$root/etc/systemd/system/test1-goodalias.service" - test -h "$root/etc/systemd/system/test1-goodalias.service" --test ! -h "$root/etc/systemd/system/test1@badalias.service" --test ! -h "$root/etc/systemd/system/test1-badalias.target" --test ! -h "$root/etc/systemd/system/test1-badalias.socket" --test -e "$root/etc/systemd/system/test1-goodalias2.service" -+test ! -e "$root/etc/systemd/system/test1@badalias.service" -+test ! -e "$root/etc/systemd/system/test1-badalias.target" -+test ! -e "$root/etc/systemd/system/test1-badalias.socket" - test -h "$root/etc/systemd/system/test1-goodalias2.service" - - : '-------aliases in reeanble----------------------------------' - ( ! "$systemctl" --root="$root" reenable test1 ) --islink "$root/etc/systemd/system/default.target.wants/test1.service" "../test1.service" --islink "$root/etc/systemd/system/test1-goodalias.service" "test1.service" -+test -h "$root/etc/systemd/system/default.target.wants/test1.service" -+test ! -e "$root/etc/systemd/system/test1-goodalias.service" -+test -h "$root/etc/systemd/system/test1-goodalias.service" - --test ! -h "$root/etc/systemd/system/test1@badalias.service" --test ! -h "$root/etc/systemd/system/test1-badalias.target" --test ! -h "$root/etc/systemd/system/test1-badalias.socket" -+test ! -e "$root/etc/systemd/system/test1@badalias.service" -+test ! -e "$root/etc/systemd/system/test1-badalias.target" -+test ! -e "$root/etc/systemd/system/test1-badalias.socket" - - "$systemctl" --root="$root" disable test1 --test ! -h "$root/etc/systemd/system/default.target.wants/test1.service" --test ! -h "$root/etc/systemd/system/special.target.requires/test1.service" --test ! -h "$root/etc/systemd/system/test1-goodalias.service" -+test ! -e "$root/etc/systemd/system/default.target.wants/test1.service" -+test ! -e "$root/etc/systemd/system/special.target.requires/test1.service" -+test ! -e "$root/etc/systemd/system/test1-goodalias.service" - - : '-------aliases when link already exists---------------------' - cat >"$root/etc/systemd/system/test1a.service" <"$root/link3.suffix" <"$root/etc/systemd/system/templ1@.service" < - 251~rc2-1 +- New upstream prerelease, for details see + https://raw.githubusercontent.com/systemd/systemd/v251-rc2/NEWS. + * Tue Apr 12 2022 Zbigniew Jędrzejewski-Szmek - 251~rc1-3 - Do not touch /etc/resolv.conf on upgrades (#2074122) - Add bugfix patch and revert one patch which might be causing From 95c9cf61afdfe69e4b95009cf1024b8697179115 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 6 May 2022 20:48:00 +0200 Subject: [PATCH 069/494] Remove bfq patch in packit builds --- systemd.spec | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/systemd.spec b/systemd.spec index 3a91963..1aee570 100644 --- a/systemd.spec +++ b/systemd.spec @@ -87,15 +87,15 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Backports of patches from upstream (0000–0499) # -# Any patches which are "in preparation" upstream should be listed -# here, rather than in the next section. Packit CI will drop any -# patches in this range before applying upstream pull requests. +# Any patches which are "in preparation" upstream should be listed here, rather +# than in the next section. Packit CI will drop any patches in this range before +# applying upstream pull requests. - -# Downstream-only patches (5000–9999) +# This is a downstream-only patch, but we don't want it in packit builds. # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 -Patch0500: use-bfq-scheduler.patch +Patch0499: use-bfq-scheduler.patch +# Other downstream-only patches (5000–9999) # https://github.com/systemd/systemd/pull/17050 Patch0501: https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch From 7d3e9ecfd7bc5296ea98473cecd6a949d972290e Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Wed, 11 May 2022 14:17:03 -0700 Subject: [PATCH 070/494] Backport #23352 to fix RHBZ #2083374 --- 23352.patch | 34 ++++++++++++++++++++++++++++++++++ systemd.spec | 10 +++++++++- 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 23352.patch diff --git a/23352.patch b/23352.patch new file mode 100644 index 0000000..c4c9ac3 --- /dev/null +++ b/23352.patch @@ -0,0 +1,34 @@ +From 8b0ebe3aa21fc343e435b7ff72cbf8565149ef00 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 12 May 2022 04:11:37 +0900 +Subject: [PATCH] sd-device-enumerator: fix inverted return value of + match_initialized() + +Fixes a bug introduced by d8b50e5df7e01983279e70c6d970fb60d053df97. + +Fixes https://github.com/systemd/systemd/pull/22662#issuecomment-1124163773. +Fixes RHBZ#2083374 (https://bugzilla.redhat.com/show_bug.cgi?id=2083374). +--- + src/libsystemd/sd-device/device-enumerator.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/libsystemd/sd-device/device-enumerator.c b/src/libsystemd/sd-device/device-enumerator.c +index 3af9e36a5a52..39f769c35cf6 100644 +--- a/src/libsystemd/sd-device/device-enumerator.c ++++ b/src/libsystemd/sd-device/device-enumerator.c +@@ -537,12 +537,12 @@ static int match_initialized(sd_device_enumerator *enumerator, sd_device *device + return true; + + if (sd_device_get_devnum(device, NULL) >= 0) +- return true; ++ return false; + + if (sd_device_get_ifindex(device, NULL) >= 0) +- return true; ++ return false; + +- return false; ++ return true; + } + + return (enumerator->match_initialized == MATCH_INITIALIZED_NO) == (r == 0); diff --git a/systemd.spec b/systemd.spec index 1aee570..1645451 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 251~rc2 -Release: 1%{?dist} +Release: 2%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -91,6 +91,11 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. +# https://bugzilla.redhat.com/show_bug.cgi?id=2083374 +# https://github.com/systemd/systemd/pull/23352 +# udev: don't report network devices before interface rename +Patch0001: 23352.patch + # This is a downstream-only patch, but we don't want it in packit builds. # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0499: use-bfq-scheduler.patch @@ -1018,6 +1023,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Wed May 11 2022 Adam Williamson - 251~rc2-2 +- Backport #23352 to fix RHBZ #2083374 + * Thu May 5 2022 Zbigniew Jędrzejewski-Szmek - 251~rc2-1 - New upstream prerelease, for details see https://raw.githubusercontent.com/systemd/systemd/v251-rc2/NEWS. From 4cd7098f042542ab79478a6c1512b5b780ca29ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 16 May 2022 15:19:37 +0200 Subject: [PATCH 071/494] Version 251-rc3 --- 23352.patch | 34 ---------------------------------- sources | 2 +- systemd.spec | 12 ++++++------ use-bfq-scheduler.patch | 20 ++++++++++---------- 4 files changed, 17 insertions(+), 51 deletions(-) delete mode 100644 23352.patch diff --git a/23352.patch b/23352.patch deleted file mode 100644 index c4c9ac3..0000000 --- a/23352.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 8b0ebe3aa21fc343e435b7ff72cbf8565149ef00 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 12 May 2022 04:11:37 +0900 -Subject: [PATCH] sd-device-enumerator: fix inverted return value of - match_initialized() - -Fixes a bug introduced by d8b50e5df7e01983279e70c6d970fb60d053df97. - -Fixes https://github.com/systemd/systemd/pull/22662#issuecomment-1124163773. -Fixes RHBZ#2083374 (https://bugzilla.redhat.com/show_bug.cgi?id=2083374). ---- - src/libsystemd/sd-device/device-enumerator.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/libsystemd/sd-device/device-enumerator.c b/src/libsystemd/sd-device/device-enumerator.c -index 3af9e36a5a52..39f769c35cf6 100644 ---- a/src/libsystemd/sd-device/device-enumerator.c -+++ b/src/libsystemd/sd-device/device-enumerator.c -@@ -537,12 +537,12 @@ static int match_initialized(sd_device_enumerator *enumerator, sd_device *device - return true; - - if (sd_device_get_devnum(device, NULL) >= 0) -- return true; -+ return false; - - if (sd_device_get_ifindex(device, NULL) >= 0) -- return true; -+ return false; - -- return false; -+ return true; - } - - return (enumerator->match_initialized == MATCH_INITIALIZED_NO) == (r == 0); diff --git a/sources b/sources index 68ed322..0d9b043 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-251-rc2.tar.gz) = 09f1d558afe368710adbed1c21d78e7538bdf3eb4fefa4633086fe12763eaa772a87af69cf0fe04689a34cde246541726ae5b18701f6bf39c046ed2971fb414d +SHA512 (systemd-251-rc3.tar.gz) = a87d6cb6feb425e8677a93ddce72ba4b6970416970626933e9a8d772c19f85f9974ed7417cda0b666ae0ae5530fbbe9bf8e3a23d741563bc42d1e5b30e7f4bb4 diff --git a/systemd.spec b/systemd.spec index 1645451..ea7b755 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,8 +30,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 251~rc2 -Release: 2%{?dist} +Version: 251~rc3 +Release: 1%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -91,10 +91,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. -# https://bugzilla.redhat.com/show_bug.cgi?id=2083374 -# https://github.com/systemd/systemd/pull/23352 -# udev: don't report network devices before interface rename -Patch0001: 23352.patch # This is a downstream-only patch, but we don't want it in packit builds. # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -1023,6 +1019,10 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Mon May 16 2022 Zbigniew Jędrzejewski-Szmek - 251~rc3-1 +- Update to latest upstream prerelease (just various bugfixes) +- Udev rule processing should be now fixed (#2076459) + * Wed May 11 2022 Adam Williamson - 251~rc2-2 - Backport #23352 to fix RHBZ #2083374 diff --git a/use-bfq-scheduler.patch b/use-bfq-scheduler.patch index f8b2aaa..2eb1229 100644 --- a/use-bfq-scheduler.patch +++ b/use-bfq-scheduler.patch @@ -1,4 +1,4 @@ -From e0af3560ca9b1515e0680919733a09914d3325ab Mon Sep 17 00:00:00 2001 +From 8a38bc402c8f7c656c7e356c37c432c7b3a8cd6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 14 Aug 2019 15:57:42 +0200 Subject: [PATCH] udev: use bfq as the default scheduler @@ -27,14 +27,14 @@ index 0000000000..480b941761 + KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \ + ATTR{queue/scheduler}="bfq" diff --git a/rules.d/meson.build b/rules.d/meson.build -index e6533e001a..bfa26904d0 100644 +index a582e4e922..d300c382fc 100644 --- a/rules.d/meson.build +++ b/rules.d/meson.build -@@ -7,6 +7,7 @@ install_data( - rules = files( - '60-autosuspend.rules', - '60-block.rules', -+ '60-block-scheduler.rules', - '60-cdrom_id.rules', - '60-drm.rules', - '60-evdev.rules', +@@ -8,6 +8,7 @@ rules = [ + [files('60-autosuspend.rules', + '60-block.rules', + '60-cdrom_id.rules', ++ '60-block-scheduler.rules', + '60-drm.rules', + '60-evdev.rules', + '60-fido-id.rules', From 3a876074d2ab615187c2d1d8a874d221859983f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 16 May 2022 20:23:07 +0200 Subject: [PATCH 072/494] Run sysusers and friends also if systemd is not running MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I tested this with 'sudo dnf --installroot=…', with both systemd+system-udev installed in one transaction, and in two separate transactions. Users are created as expected in both cases. --- systemd.spec | 2 ++ triggers.systemd | 12 +++--------- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/systemd.spec b/systemd.spec index ea7b755..76bd618 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1022,6 +1022,8 @@ fi * Mon May 16 2022 Zbigniew Jędrzejewski-Szmek - 251~rc3-1 - Update to latest upstream prerelease (just various bugfixes) - Udev rule processing should be now fixed (#2076459) +- Run sysusers and hwdb and catalog updates also if systemd is not running + (#2085481) * Wed May 11 2022 Adam Williamson - 251~rc2-2 - Backport #23352 to fix RHBZ #2083374 diff --git a/triggers.systemd b/triggers.systemd index 5929035..719789b 100644 --- a/triggers.systemd +++ b/triggers.systemd @@ -55,23 +55,17 @@ fi # This script will process files installed in /usr/lib/sysusers.d to create # specified users automatically. The priority is set such that it # will run before the tmpfiles file trigger. -if test -d "/run/systemd/system"; then - systemd-sysusers || : -fi +systemd-sysusers || : %transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d # This script will automatically invoke hwdb update if files have been # installed or updated in /usr/lib/udev/hwdb.d. -if test -d "/run/systemd/system"; then - systemd-hwdb update || : -fi +systemd-hwdb update || : %transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog # This script will automatically invoke journal catalog update if files # have been installed or updated in /usr/lib/systemd/catalog. -if test -d "/run/systemd/system"; then - journalctl --update-catalog || : -fi +journalctl --update-catalog || : %transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d # This script will automatically apply binfmt rules if files have been From 98759ccb2921770e7e1bd1ab2fdc3dc8390c27f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 19 May 2022 12:39:10 +0200 Subject: [PATCH 073/494] Skip workaround patch in packit builds --- systemd.spec | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/systemd.spec b/systemd.spec index 76bd618..d8b00ed 100644 --- a/systemd.spec +++ b/systemd.spec @@ -92,17 +92,16 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # applying upstream pull requests. -# This is a downstream-only patch, but we don't want it in packit builds. +# Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 -Patch0499: use-bfq-scheduler.patch +Patch0490: use-bfq-scheduler.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2071069 +Patch0491: 0001-Revert-meson-create-new-libsystemd-core.so-private-s.patch # Other downstream-only patches (5000–9999) # https://github.com/systemd/systemd/pull/17050 Patch0501: https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2071069 -Patch9999: 0001-Revert-meson-create-new-libsystemd-core.so-private-s.patch - %ifarch %{ix86} x86_64 aarch64 %global have_gnu_efi 1 %endif From 3b52a12c30e16474a7031ef3773278e84f1f7a5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 21 May 2022 18:27:30 +0200 Subject: [PATCH 074/494] Version 251 --- sources | 2 +- systemd.spec | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 0d9b043..1da9306 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-251-rc3.tar.gz) = a87d6cb6feb425e8677a93ddce72ba4b6970416970626933e9a8d772c19f85f9974ed7417cda0b666ae0ae5530fbbe9bf8e3a23d741563bc42d1e5b30e7f4bb4 +SHA512 (systemd-251.tar.gz) = 5a7116cfd99f7875334a1ce55a76ba1840a28b6500b02de82b879629768e10457efd8278024aa1ffefd43defe657284c4d51ab502ed3c7e6b63d5b6e0cc1f642 diff --git a/systemd.spec b/systemd.spec index d8b00ed..c75f324 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 251~rc3 +Version: 251 Release: 1%{?dist} %else # determine the build information from local checkout @@ -1018,6 +1018,11 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Sat May 21 2022 Zbigniew Jędrzejewski-Szmek - 251-1 +- Latest upstream release, for details see + https://raw.githubusercontent.com/systemd/systemd/v251/NEWS. +- Fixes for #2071034, #2084955, #2086166. + * Mon May 16 2022 Zbigniew Jędrzejewski-Szmek - 251~rc3-1 - Update to latest upstream prerelease (just various bugfixes) - Udev rule processing should be now fixed (#2076459) From 25bb51fde1091cf3243c672d716817cfa3a35aa4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 24 May 2022 23:38:53 +0200 Subject: [PATCH 075/494] Version 251.1 --- systemd.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index c75f324..04053f9 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,7 +1,7 @@ #global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} -#global stable 1 +%global stable 1 # We ship a .pc file but don't want to have a dep on pkg-config. We # strip the automatically generated dep here and instead co-own the @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 251 +Version: 251.1 Release: 1%{?dist} %else # determine the build information from local checkout @@ -1018,6 +1018,10 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Tue May 24 2022 Zbigniew Jędrzejewski-Szmek - 251.1-1 +- First bugfix release for 250 +- Two fixes for kernel-install and a revert for #2087225, #2088788. + * Sat May 21 2022 Zbigniew Jędrzejewski-Szmek - 251-1 - Latest upstream release, for details see https://raw.githubusercontent.com/systemd/systemd/v251/NEWS. From b68903c0ee09fa4f6fec7a22fb9b94f0d0ada3cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 24 May 2022 23:51:05 +0200 Subject: [PATCH 076/494] Upload sources (no changelog) --- sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources b/sources index 1da9306..03e6f58 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-251.tar.gz) = 5a7116cfd99f7875334a1ce55a76ba1840a28b6500b02de82b879629768e10457efd8278024aa1ffefd43defe657284c4d51ab502ed3c7e6b63d5b6e0cc1f642 +SHA512 (systemd-251.1.tar.gz) = 6fc72197b684abc343480acb66b8f749c186bd7a031ddd757c4a0e5fd8fdeda0cde9c9e634fd3d9e2b2d1ed96019c5f8e7119ad10a7f51d5dc13fac2571c6c70 From a65bd010dd1dbcc68b24d87a0b20a58897161bae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 25 May 2022 14:18:17 +0200 Subject: [PATCH 077/494] Supress errors from useradd/groupadd --- systemd.spec | 3 +++ sysusers.generate-pre.sh | 14 +++++++------- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/systemd.spec b/systemd.spec index 04053f9..4763dd4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1018,6 +1018,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Wed May 25 2022 Zbigniew Jędrzejewski-Szmek - 251.1-2 +- Supress errors from useradd/groupadd (#2090129) + * Tue May 24 2022 Zbigniew Jędrzejewski-Szmek - 251.1-1 - First bugfix release for 250 - Two fixes for kernel-install and a revert for #2087225, #2088788. diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh index fd9938d..95a0938 100755 --- a/sysusers.generate-pre.sh +++ b/sysusers.generate-pre.sh @@ -19,15 +19,15 @@ user() { if [ "$uid" = '-' ] || [ "$uid" = '' ]; then cat </dev/null || \\ - useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' + useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : EOF else cat </dev/null ; then - if ! getent passwd '$uid' >/dev/null ; then - useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' +if ! getent passwd '$user' >/dev/null; then + if ! getent passwd '$uid' >/dev/null; then + useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' || : else - useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' + useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' || : fi fi @@ -40,11 +40,11 @@ group() { gid="$2" if [ "$gid" = '-' ]; then cat <<-EOF - getent group '$group' >/dev/null || groupadd -r '$group' + getent group '$group' >/dev/null || groupadd -r '$group' || : EOF else cat <<-EOF - getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' + getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' || : EOF fi } From ee6588e90262b4eb2140f454c6a2d883d87c89f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 25 May 2022 14:32:47 +0200 Subject: [PATCH 078/494] Drop "v" from the version tag, add tilde back When -Dversion-tag was initially added in edaa157918874478659896090b9512af0c50f82e, I used "v" without any comment. But upstream does not use "v", so we have versions which don't compare directly: $ build/systemctl --version|head -n1 systemd 251 (251-66-g7e46a5c+) $ systemctl --version|head -n1 systemd 251 (v251-1.fc37) And in 3c4f9413a760fa2dc26c140a08e1d11cf46ac6e7, when -Dshared-lib-tag= was introduced, %{version} was replaced by %{version_no_tilde}, again without any specific comment. For the shared-lib-tag, it makes sense to use _no_tilde, because it's enough to have non-conflicting file names, and we don't compare the tags. I guess I wanted both uses to be consistent. But if we substitute the tilde, we can't do proper comparisons. I noticed the following issue: with sd-boot installed from git and a package, upgrades wouldn't work: Comparing versions: "systemd-boot v251-1.fc37" < "systemd-boot 251-rc1-390-g3603f15 Skipping "/boot/efi/EFI/systemd/systemd-bootx64.efi", since newer boot loader version in place already. The two changes should make those comparisons work properly in most cases. --- systemd.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 4763dd4..594dde9 100644 --- a/systemd.spec +++ b/systemd.spec @@ -526,7 +526,7 @@ CONFIGURE_OPTS=( -Db_lto=%[%{with lto}?"true":"false"] -Db_ndebug=false -Dman=true - -Dversion-tag=v%{version_no_tilde}-%{release} + -Dversion-tag=%{version}-%{release} # https://bugzilla.redhat.com/show_bug.cgi?id=1906010 # -Dshared-lib-tag=%{version_no_tilde}-%{release} -Dfallback-hostname=%[0%{?fedora}?"fedora":"localhost"] @@ -1020,6 +1020,7 @@ fi %changelog * Wed May 25 2022 Zbigniew Jędrzejewski-Szmek - 251.1-2 - Supress errors from useradd/groupadd (#2090129) +- Drop "v" from the version tag, add tilde back * Tue May 24 2022 Zbigniew Jędrzejewski-Szmek - 251.1-1 - First bugfix release for 250 From 777626980498836a662ae15988d1c1fb072d92f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 25 May 2022 14:45:31 +0200 Subject: [PATCH 079/494] Reintroduce the tag for shared libraries --- ...ate-new-libsystemd-core.so-private-s.patch | 134 ------------------ systemd.spec | 5 +- 2 files changed, 2 insertions(+), 137 deletions(-) delete mode 100644 0001-Revert-meson-create-new-libsystemd-core.so-private-s.patch diff --git a/0001-Revert-meson-create-new-libsystemd-core.so-private-s.patch b/0001-Revert-meson-create-new-libsystemd-core.so-private-s.patch deleted file mode 100644 index 243d67a..0000000 --- a/0001-Revert-meson-create-new-libsystemd-core.so-private-s.patch +++ /dev/null @@ -1,134 +0,0 @@ -From 71e6efb1569853948d001854f040dd5a077df131 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 4 Apr 2022 11:31:04 +0200 -Subject: [PATCH] Revert "meson: create new libsystemd-core.so private shared - library" - -This reverts commit 4287c855893b6a2666fbe0422a1e738c47fa3ef5. - -https://bugzilla.redhat.com/show_bug.cgi?id=2071069 ---- - meson.build | 14 ++++++++++++-- - src/core/meson.build | 14 +++----------- - src/shared/meson.build | 2 +- - src/test/meson.build | 3 +-- - tools/oss-fuzz.sh | 4 +--- - 5 files changed, 18 insertions(+), 19 deletions(-) - -diff --git a/meson.build b/meson.build -index e68791b8b4..b80589d095 100644 ---- a/meson.build -+++ b/meson.build -@@ -2117,7 +2117,12 @@ dbus_programs += executable( - link_with : [libcore, - libshared], - dependencies : [versiondep, -- libseccomp], -+ threads, -+ librt, -+ libseccomp, -+ libselinux, -+ libmount, -+ libblkid], - install_rpath : rootlibexecdir, - install : true, - install_dir : rootlibexecdir) -@@ -2133,7 +2138,12 @@ public_programs += executable( - link_with : [libcore, - libshared], - dependencies : [versiondep, -- libseccomp], -+ threads, -+ librt, -+ libseccomp, -+ libselinux, -+ libmount, -+ libblkid], - install_rpath : rootlibexecdir, - install : conf.get('ENABLE_ANALYZE')) - -diff --git a/src/core/meson.build b/src/core/meson.build -index f5e04b37ca..fa0dcb69ad 100644 ---- a/src/core/meson.build -+++ b/src/core/meson.build -@@ -167,18 +167,12 @@ load_fragment_gperf_nulstr_c = custom_target( - command : [awk, '-f', '@INPUT0@', '@INPUT1@'], - capture : true) - --libcore_name = 'systemd-core-@0@'.format(shared_lib_tag) -- --libcore = shared_library( -- libcore_name, -+libcore = static_library( -+ 'core', - libcore_sources, - load_fragment_gperf_c, - load_fragment_gperf_nulstr_c, - include_directories : includes, -- c_args : ['-fvisibility=default'], -- link_args : ['-shared', -- '-Wl,--version-script=' + libshared_sym_path], -- link_with : libshared, - dependencies : [versiondep, - threads, - libdl, -@@ -190,10 +184,8 @@ libcore = shared_library( - libapparmor, - libselinux, - libmount, -- libblkid, - libacl], -- install : true, -- install_dir : rootlibexecdir) -+ build_by_default : false) - - core_includes = [includes, include_directories('.')] - -diff --git a/src/shared/meson.build b/src/shared/meson.build -index 4333c9a0a9..54cd8b17d2 100644 ---- a/src/shared/meson.build -+++ b/src/shared/meson.build -@@ -474,13 +474,13 @@ libshared_static = static_library( - libshared = shared_library( - libshared_name, - include_directories : includes, -- c_args : ['-fvisibility=default'], - link_args : ['-shared', - '-Wl,--version-script=' + libshared_sym_path], - link_whole : [libshared_static, - libbasic, - libbasic_gcrypt, - libsystemd_static], -+ c_args : ['-fvisibility=default'], - dependencies : libshared_deps, - install : true, - install_dir : rootlibexecdir) -diff --git a/src/test/meson.build b/src/test/meson.build -index 297a65d9af..9f09ff959c 100644 ---- a/src/test/meson.build -+++ b/src/test/meson.build -@@ -421,8 +421,7 @@ tests += [ - libmount, - libxz, - liblz4, -- libblkid, -- libselinux], -+ libblkid], - [core_includes, journal_includes, udev_includes]], - - [files('test-prioq.c')], -diff --git a/tools/oss-fuzz.sh b/tools/oss-fuzz.sh -index 8ff3abefb7..109046da24 100755 ---- a/tools/oss-fuzz.sh -+++ b/tools/oss-fuzz.sh -@@ -89,9 +89,7 @@ df="$build/dns-fuzzing" - git clone --depth 1 https://github.com/CZ-NIC/dns-fuzzing "$df" - zip -jqr "$OUT/fuzz-dns-packet_seed_corpus.zip" "$df/packet" - --install -Dt "$OUT/src/shared/" \ -- "$build"/src/shared/libsystemd-shared-*.so \ -- "$build"/src/core/libsystemd-core-*.so -+install -Dt "$OUT/src/shared/" "$build"/src/shared/libsystemd-shared-*.so - - wget -O "$OUT/fuzz-json.dict" https://raw.githubusercontent.com/rc0r/afl-fuzz/master/dictionaries/json.dict - diff --git a/systemd.spec b/systemd.spec index 594dde9..2e8052f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -95,8 +95,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0490: use-bfq-scheduler.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2071069 -Patch0491: 0001-Revert-meson-create-new-libsystemd-core.so-private-s.patch # Other downstream-only patches (5000–9999) # https://github.com/systemd/systemd/pull/17050 @@ -528,7 +526,7 @@ CONFIGURE_OPTS=( -Dman=true -Dversion-tag=%{version}-%{release} # https://bugzilla.redhat.com/show_bug.cgi?id=1906010 - # -Dshared-lib-tag=%{version_no_tilde}-%{release} + -Dshared-lib-tag=%{version_no_tilde}-%{release} -Dfallback-hostname=%[0%{?fedora}?"fedora":"localhost"] -Ddefault-dnssec=no -Ddefault-dns-over-tls=no @@ -1021,6 +1019,7 @@ fi * Wed May 25 2022 Zbigniew Jędrzejewski-Szmek - 251.1-2 - Supress errors from useradd/groupadd (#2090129) - Drop "v" from the version tag, add tilde back +- The tag for shared-libraries is reintroduced (#1906010) * Tue May 24 2022 Zbigniew Jędrzejewski-Szmek - 251.1-1 - First bugfix release for 250 From 9a48377e0adb6af26f8e7a89dd0c186cc951efa8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 25 May 2022 14:48:33 +0200 Subject: [PATCH 080/494] Drop old work-around patch This was reported to be an issue on older kernels, so let's hope it is resolved now. --- ...96d3e8d1cb0dd3666bc74fa673918b586612.patch | 129 ------------------ systemd.spec | 3 +- 2 files changed, 1 insertion(+), 131 deletions(-) delete mode 100644 f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch diff --git a/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch b/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch deleted file mode 100644 index 84497ad..0000000 --- a/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch +++ /dev/null @@ -1,129 +0,0 @@ -From f58b96d3e8d1cb0dd3666bc74fa673918b586612 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 14 Sep 2020 17:58:03 +0200 -Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id() - -https://bugzilla.redhat.com/show_bug.cgi?id=1803070 - -I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different -than the one we get from /proc/self/fdinfo/. This only matters when both statx and -name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo: - -(gdb) !uname -r -5.6.19-200.fc31.ppc64le - -(gdb) !cat /proc/self/mountinfo -697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota -698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota -699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota -700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <========================================================== -701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel -702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw -703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755 -704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel -705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666 -706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755 -722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel -725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel -614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate -615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 - -The test process does -name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then -openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then -read(open("/proc/self/fdinfo/4", ...)) which gives -"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n" - -and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo. - -We could either drop the fallback path (and fail name_to_handle_at() is not -avaliable) or ignore the error in the test. Not sure what is better. I think -this issue only occurs sometimes and with older kernels, so probably continuing -with the current flaky implementation is better than ripping out the fallback. - -Another strace: -writev(2, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603 -) = 28 -name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0 -writev(2, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697 -) = 20 -name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0 -writev(2, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605 -) = 30 -name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0 -writev(2, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703 -) = 23 -name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported) -openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4 -openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5 -fstat(5, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 -fstat(5, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 -read(5, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36 -read(5, "", 1024) = 0 -close(5) = 0 -close(4) = 0 -writev(2, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725 -) = 42 -writev(2, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc -) = 39 -writev(2, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting. -) = 109 -rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 -rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0 -getpid() = 20 -gettid() = 20 -tgkill(20, 20, SIGABRT) = 0 -rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ---- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=20, si_uid=0} --- -+++ killed by SIGABRT (core dumped) +++ ---- - src/test/test-mountpoint-util.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c -index 30b00ae4d8b..ffe5144b04a 100644 ---- a/src/test/test-mountpoint-util.c -+++ b/src/test/test-mountpoint-util.c -@@ -89,8 +89,12 @@ static void test_mnt_id(void) { - /* The ids don't match? If so, then there are two mounts on the same path, let's check if - * that's really the case */ - char *t = hashmap_get(h, INT_TO_PTR(mnt_id2)); -- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t); -- assert_se(path_equal(p, t)); -+ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t); -+ -+ if (!path_equal(p, t)) -+ /* Apparent kernel bug in /proc/self/fdinfo */ -+ log_warning("Bad mount id given for %s: %d, should be %d", -+ p, mnt_id2, mnt_id); - } - } - diff --git a/systemd.spec b/systemd.spec index 2e8052f..0abb969 100644 --- a/systemd.spec +++ b/systemd.spec @@ -97,8 +97,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ Patch0490: use-bfq-scheduler.patch # Other downstream-only patches (5000–9999) -# https://github.com/systemd/systemd/pull/17050 -Patch0501: https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch + %ifarch %{ix86} x86_64 aarch64 %global have_gnu_efi 1 From 6ac7409b1e5a178df7fd0e36f1e64b40603ae2de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 25 May 2022 15:38:21 +0200 Subject: [PATCH 081/494] Bump release --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 0abb969..41115c4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 251.1 -Release: 1%{?dist} +Release: 2%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From b45625adb1a5dd6901171002d3b4cc035537259d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 25 May 2022 21:48:16 +0200 Subject: [PATCH 082/494] Revert "Drop old work-around patch" This reverts commit 9a48377e0adb6af26f8e7a89dd0c186cc951efa8. Apparently the patch is still needed, without it we get issues in CI packit builds. --- ...96d3e8d1cb0dd3666bc74fa673918b586612.patch | 129 ++++++++++++++++++ systemd.spec | 3 +- 2 files changed, 131 insertions(+), 1 deletion(-) create mode 100644 f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch diff --git a/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch b/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch new file mode 100644 index 0000000..84497ad --- /dev/null +++ b/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch @@ -0,0 +1,129 @@ +From f58b96d3e8d1cb0dd3666bc74fa673918b586612 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Mon, 14 Sep 2020 17:58:03 +0200 +Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id() + +https://bugzilla.redhat.com/show_bug.cgi?id=1803070 + +I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different +than the one we get from /proc/self/fdinfo/. This only matters when both statx and +name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo: + +(gdb) !uname -r +5.6.19-200.fc31.ppc64le + +(gdb) !cat /proc/self/mountinfo +697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota +698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota +699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota +700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <========================================================== +701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel +702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw +703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755 +704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel +705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666 +706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755 +722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel +725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel +614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate +615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 + +The test process does +name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then +openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then +read(open("/proc/self/fdinfo/4", ...)) which gives +"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n" + +and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo. + +We could either drop the fallback path (and fail name_to_handle_at() is not +avaliable) or ignore the error in the test. Not sure what is better. I think +this issue only occurs sometimes and with older kernels, so probably continuing +with the current flaky implementation is better than ripping out the fallback. + +Another strace: +writev(2, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603 +) = 28 +name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0 +writev(2, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697 +) = 20 +name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0 +writev(2, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605 +) = 30 +name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0 +writev(2, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703 +) = 23 +name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported) +openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4 +openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5 +fstat(5, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 +fstat(5, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 +read(5, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36 +read(5, "", 1024) = 0 +close(5) = 0 +close(4) = 0 +writev(2, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725 +) = 42 +writev(2, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc +) = 39 +writev(2, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting. +) = 109 +rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 +rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0 +getpid() = 20 +gettid() = 20 +tgkill(20, 20, SIGABRT) = 0 +rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 +--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=20, si_uid=0} --- ++++ killed by SIGABRT (core dumped) +++ +--- + src/test/test-mountpoint-util.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c +index 30b00ae4d8b..ffe5144b04a 100644 +--- a/src/test/test-mountpoint-util.c ++++ b/src/test/test-mountpoint-util.c +@@ -89,8 +89,12 @@ static void test_mnt_id(void) { + /* The ids don't match? If so, then there are two mounts on the same path, let's check if + * that's really the case */ + char *t = hashmap_get(h, INT_TO_PTR(mnt_id2)); +- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t); +- assert_se(path_equal(p, t)); ++ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t); ++ ++ if (!path_equal(p, t)) ++ /* Apparent kernel bug in /proc/self/fdinfo */ ++ log_warning("Bad mount id given for %s: %d, should be %d", ++ p, mnt_id2, mnt_id); + } + } + diff --git a/systemd.spec b/systemd.spec index 41115c4..e9ede76 100644 --- a/systemd.spec +++ b/systemd.spec @@ -97,7 +97,8 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ Patch0490: use-bfq-scheduler.patch # Other downstream-only patches (5000–9999) - +# https://github.com/systemd/systemd/pull/17050 +Patch0501: https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch %ifarch %{ix86} x86_64 aarch64 %global have_gnu_efi 1 From ccbadf1a74a1c2bbdaaf9215b9a6b42045346114 Mon Sep 17 00:00:00 2001 From: David Auer Date: Mon, 30 May 2022 16:43:58 +0200 Subject: [PATCH 083/494] Fix formatting of README.build-in-place --- README.build-in-place => README.build-in-place.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename README.build-in-place => README.build-in-place.md (60%) diff --git a/README.build-in-place b/README.build-in-place.md similarity index 60% rename from README.build-in-place rename to README.build-in-place.md index 9d68330..057c103 100644 --- a/README.build-in-place +++ b/README.build-in-place.md @@ -1,7 +1,7 @@ -== Building systemd rpms for local development using rpmbuild --build-in-place == +# Building systemd rpms for local development using rpmbuild --build-in-place -This approach is based on https://github.com/filbranden/git-rpmbuild -and filbranden's talk during ASG2019 [https://www.youtube.com/watch?v=fVM1kJrymRM]. +This approach is based on filbranden's [git-rpmbuild](https://github.com/filbranden/git-rpmbuild) +and his [talk during ASG2019](https://www.youtube.com/watch?v=fVM1kJrymRM). ``` git clone https://github.com/systemd/systemd From 81108b2d49c7d4000420a1cbcffd16b28ee14cb0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 2 Jun 2022 20:12:48 +0200 Subject: [PATCH 084/494] Version 251.2 --- sources | 2 +- systemd.spec | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/sources b/sources index 03e6f58..95b4d5d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-251.1.tar.gz) = 6fc72197b684abc343480acb66b8f749c186bd7a031ddd757c4a0e5fd8fdeda0cde9c9e634fd3d9e2b2d1ed96019c5f8e7119ad10a7f51d5dc13fac2571c6c70 +SHA512 (systemd-251.2.tar.gz) = 0c4011b685a1e8d535af123cbaf79ab53d59ea665ca5350ab1077ad4e962b49c1fd5b1b5bb3f28c3e28145dfd02aa83023f78de5edec15afe84e3e06e742a67c diff --git a/systemd.spec b/systemd.spec index e9ede76..c97ed97 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,8 +30,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 251.1 -Release: 2%{?dist} +Version: 251.2 +Release: 1%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -1016,6 +1016,11 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Thu Jun 2 2022 Zbigniew Jędrzejewski-Szmek - 251.2-1 +- A bunch of man page fixes, a few memory-access correctness fixes, + remove excessive messages to utmp sessions, suppress messages about + bpf setup in the user manager (#2084955) + * Wed May 25 2022 Zbigniew Jędrzejewski-Szmek - 251.1-2 - Supress errors from useradd/groupadd (#2090129) - Drop "v" from the version tag, add tilde back From 6af49ef1a1aa2069c73cabbbba4972e995ba68ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 3 Jun 2022 09:37:30 +0200 Subject: [PATCH 085/494] Add patch to fix build on i686 --- 0001-sha256-fix-compilation-on-efi-ia32.patch | 38 +++++++++++++++++++ systemd.spec | 1 + 2 files changed, 39 insertions(+) create mode 100644 0001-sha256-fix-compilation-on-efi-ia32.patch diff --git a/0001-sha256-fix-compilation-on-efi-ia32.patch b/0001-sha256-fix-compilation-on-efi-ia32.patch new file mode 100644 index 0000000..cc23995 --- /dev/null +++ b/0001-sha256-fix-compilation-on-efi-ia32.patch @@ -0,0 +1,38 @@ +From 3185ae7c812af8ff6cabbd680b694d8a51f0c09f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 3 Jun 2022 09:32:02 +0200 +Subject: [PATCH] sha256: fix compilation on efi-ia32 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +/usr/bin/gcc -c ../src/fundamental/sha256.c -o src/boot/efi/sha256.c.o -Wno-format-signedness -Wno-missing-field-initializers -Wno-unused-parameter -Wdate-time -Wendif-labels -Werror=format=2 -Werror=implicit-function-declaration -Werror=incompatible-pointer-types -Werror=int-conversion -Werror=overflow -Werror=override-init -Werror=return-type -Werror=shift-count-overflow -Werror=shift-overflow=2 -Werror=undef -Wfloat-equal -Wimplicit-fallthrough=5 -Winit-self -Wlogical-op -Wmissing-include-dirs -Wmissing-noreturn -Wnested-externs -Wold-style-definition -Wpointer-arith -Wredundant-decls -Wshadow -Wstrict-aliasing=2 -Wstrict-prototypes -Wsuggest-attribute=noreturn -Wunused-function -Wwrite-strings -Wno-unused-result -fno-stack-protector -fno-strict-aliasing -fpic -fwide-exec-charset=UCS2 -Wall -Wextra -Wsign-compare -nostdlib -std=gnu99 -ffreestanding -fshort-wchar -fvisibility=hidden -isystem /usr/include/efi -isystem /usr/include/efi/ia32 -I /builddir/build/BUILD/systemd-stable-250.7/src/fundamental -DSD_BOOT -DGNU_EFI_USE_MS_ABI -include src/boot/efi/efi_config.h -include version.h -mno-sse -mno-mmx -flto -O2 -flto=auto +../src/fundamental/sha256.c: In function ‘sha256_finish_ctx’: +../src/fundamental/sha256.c:61:25: error: ‘false’ undeclared (first use in this function) + 61 | # define UNALIGNED_P(p) false + | ^~~~~ +../src/fundamental/sha256.c:136:21: note: in expansion of macro ‘UNALIGNED_P’ + 136 | if (UNALIGNED_P(resbuf)) + | ^~~~~~~~~~~ +../src/fundamental/sha256.c:32:1: note: ‘false’ is defined in header ‘’; did you forget to ‘#include ’? + 31 | #include "sha256.h" + +++ |+#include + 32 | +... +--- + src/fundamental/sha256.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/fundamental/sha256.c b/src/fundamental/sha256.c +index 67d83b5f1c..f089594796 100644 +--- a/src/fundamental/sha256.c ++++ b/src/fundamental/sha256.c +@@ -60,7 +60,7 @@ + # define UNALIGNED_P(p) (((size_t) p) % sizeof(uint32_t) != 0) + # endif + #else +-# define UNALIGNED_P(p) false ++# define UNALIGNED_P(p) sd_false + #endif + + /* This array contains the bytes used to pad the buffer to the next diff --git a/systemd.spec b/systemd.spec index c97ed97..666ff32 100644 --- a/systemd.spec +++ b/systemd.spec @@ -90,6 +90,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Any patches which are "in preparation" upstream should be listed here, rather # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. +Patch0000: 0001-sha256-fix-compilation-on-efi-ia32.patch # Those are downstream-only patches, but we don't want them in packit builds: From fae302cf1d036c9418bd657fb3cff5037b9492f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 29 Jun 2022 08:37:59 +0200 Subject: [PATCH 086/494] Revert "Add workaround for audit breakage" This reverts commit a4d136e22a3847dad0977007f7e8caf851551685. audit-3.0.8 is out, so this should be fixed now. --- systemd.spec | 4 ---- 1 file changed, 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index 666ff32..d97eccc 100644 --- a/systemd.spec +++ b/systemd.spec @@ -454,10 +454,6 @@ test -f src/login/systemd-user.in # We'll systemd process it and install in the right place. cp %{SOURCE12} src/login/systemd-user.in -# Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2057735 -cp /usr/include/linux/audit.h src/systemd/ -sed -r -i "s|generate_audit_type_list, cpp|& + ' -I/usr/include/linux'|" src/libsystemd/meson.build - %build %global ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} From ee5cf7fbad21ec37cb20856c381e90479cc4878d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 29 Jun 2022 17:17:14 +0200 Subject: [PATCH 087/494] Drop forward-secure-sealing code from sd-journal and tools I asked on fedora-devel@, and the lone reply was from Matthew Miller who tried it once when it was introduced and hasn't used it since. Dropping this removes the last dependency on libgcrypt and libgpg-error in libsystemd, significantly reducing our installation footprint. Right now libmicrohttpd is still linked to libgcrypt, so libsystemd-journal-remote subpackage will pull libgcrypt in. --- systemd.spec | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index d97eccc..a10e19f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 251.2 -Release: 1%{?dist} +Release: 2%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -137,8 +137,6 @@ BuildRequires: libcurl-devel BuildRequires: kmod-devel BuildRequires: elfutils-devel BuildRequires: openssl-devel -BuildRequires: libgcrypt-devel -BuildRequires: libgpg-error-devel BuildRequires: gnutls-devel BuildRequires: qrencode-devel BuildRequires: libmicrohttpd-devel @@ -488,7 +486,7 @@ CONFIGURE_OPTS=( -Dopenssl=true -Dcryptolib=openssl -Dp11kit=true - -Dgcrypt=true + -Dgcrypt=false -Daudit=true -Delfutils=true -Dlibcryptsetup=%[%{with bootstrap}?"false":"true"] @@ -1013,6 +1011,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Wed Jun 29 2022 Zbigniew Jędrzejewski-Szmek - 251.2-2 +- Drop forward-secure-sealing code from sd-journal and tools + * Thu Jun 2 2022 Zbigniew Jędrzejewski-Szmek - 251.2-1 - A bunch of man page fixes, a few memory-access correctness fixes, remove excessive messages to utmp sessions, suppress messages about From 27c0d43effb771da96dce99155dbdff8a33510d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 3 Jul 2022 21:31:32 +0200 Subject: [PATCH 088/494] Drop Obsoletes for systemd-standalone-{tmpfiles,sysusers} It turns out that with the Obsoletes, dnf will just install the normal systemd package if systemd-standalone-* is requested. The commit message for b36512ad8f06270739f85371d03f61bbf8e6fe2a which added this says I tested with local package builds (where it works), but not when going through the full repo with all packages. I'm adding the Provides instead, so that it's possible to request on or the other more easily. --- systemd.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index a10e19f..95c5dca 100644 --- a/systemd.spec +++ b/systemd.spec @@ -207,9 +207,9 @@ Conflicts: fedora-release < 23-0.12 Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 Conflicts: %{name}-standalone-tmpfiles < %{version}-%{release}^ -Obsoletes: %{name}-standalone-tmpfiles < %{version}-%{release}^ +Provides: %{name}-tmpfiles = %{version}-%{release} Conflicts: %{name}-standalone-sysusers < %{version}-%{release}^ -Obsoletes: %{name}-standalone-sysusers < %{version}-%{release}^ +Provides: %{name}-sysusers = %{version}-%{release} # Recommends to replace normal Requires deps for stuff that is dlopen()ed Recommends: libidn2.so.0%{?elf_suffix} @@ -428,6 +428,7 @@ useful to test systemd internals. %package standalone-tmpfiles Summary: Standalone tmpfiles binary for use in non-systemd systems +Provides: %{name}-tmpfiles = %{version}-%{release} RemovePathPostfixes: .standalone %description standalone-tmpfiles @@ -437,6 +438,7 @@ package and is meant for use in non-systemd systems. %package standalone-sysusers Summary: Standalone sysusers binary for use in non-systemd systems +Provides: %{name}-sysusers = %{version}-%{release} RemovePathPostfixes: .standalone %description standalone-sysusers From 77e121360ab4440eb257266a1f3af485abda8f91 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 6 Jul 2022 20:50:31 +0200 Subject: [PATCH 089/494] Move networkd man pages to networkd package --- split-files.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/split-files.py b/split-files.py index 814284a..3efcaef 100644 --- a/split-files.py +++ b/split-files.py @@ -87,7 +87,9 @@ for file in files(buildroot): networkd| networkctl| org.freedesktop.network1| - tmpfiles\.d/systemd-network.conf + tmpfiles\.d/systemd-network.conf| + systemd\.network| + systemd\.netdev ''', n, re.X): o = o_networkd From 901acf5a2a9aa4cc20c4bce03bc5a19d5af057fe Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 7 Jul 2022 12:07:01 +0200 Subject: [PATCH 090/494] Move networkd sysusers snippet to networkd rpm Now that the tmpfiles snippet is a separate file shipped as part of the networkd package, we can ship the sysusers snippet as a part of the networkd package as well. --- split-files.py | 1 + 1 file changed, 1 insertion(+) diff --git a/split-files.py b/split-files.py index 3efcaef..835be3d 100644 --- a/split-files.py +++ b/split-files.py @@ -87,6 +87,7 @@ for file in files(buildroot): networkd| networkctl| org.freedesktop.network1| + sysusers\.d/systemd-network.conf| tmpfiles\.d/systemd-network.conf| systemd\.network| systemd\.netdev From 9e8220ffd3a36016bdefcf321a784c0df509f1a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 23 Mar 2022 13:21:21 +0100 Subject: [PATCH 091/494] Drop forgotten "temporary" workaround for #1663040 --- systemd.spec | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/systemd.spec b/systemd.spec index 95c5dca..85233a2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -658,13 +658,6 @@ install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE9} # https://bugzilla.redhat.com/show_bug.cgi?id=1378974 install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE10} -# A temporary work-around for https://bugzilla.redhat.com/show_bug.cgi?id=1663040 -mkdir -p %{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/ -cat >%{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/disable-privatedevices.conf < - 251.2-2 +- Drop forgotten "temporary" workaround for #1663040 + * Wed Jun 29 2022 Zbigniew Jędrzejewski-Szmek - 251.2-2 - Drop forward-secure-sealing code from sd-journal and tools From 8ed6e37eb47f5ee1ec084227fb1acd9c54a8054e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 13 Jul 2022 16:38:43 +0200 Subject: [PATCH 092/494] Version 251.3 --- 0001-sha256-fix-compilation-on-efi-ia32.patch | 38 ------------------- sources | 2 +- systemd.spec | 8 ++-- 3 files changed, 5 insertions(+), 43 deletions(-) delete mode 100644 0001-sha256-fix-compilation-on-efi-ia32.patch diff --git a/0001-sha256-fix-compilation-on-efi-ia32.patch b/0001-sha256-fix-compilation-on-efi-ia32.patch deleted file mode 100644 index cc23995..0000000 --- a/0001-sha256-fix-compilation-on-efi-ia32.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 3185ae7c812af8ff6cabbd680b694d8a51f0c09f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 3 Jun 2022 09:32:02 +0200 -Subject: [PATCH] sha256: fix compilation on efi-ia32 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -/usr/bin/gcc -c ../src/fundamental/sha256.c -o src/boot/efi/sha256.c.o -Wno-format-signedness -Wno-missing-field-initializers -Wno-unused-parameter -Wdate-time -Wendif-labels -Werror=format=2 -Werror=implicit-function-declaration -Werror=incompatible-pointer-types -Werror=int-conversion -Werror=overflow -Werror=override-init -Werror=return-type -Werror=shift-count-overflow -Werror=shift-overflow=2 -Werror=undef -Wfloat-equal -Wimplicit-fallthrough=5 -Winit-self -Wlogical-op -Wmissing-include-dirs -Wmissing-noreturn -Wnested-externs -Wold-style-definition -Wpointer-arith -Wredundant-decls -Wshadow -Wstrict-aliasing=2 -Wstrict-prototypes -Wsuggest-attribute=noreturn -Wunused-function -Wwrite-strings -Wno-unused-result -fno-stack-protector -fno-strict-aliasing -fpic -fwide-exec-charset=UCS2 -Wall -Wextra -Wsign-compare -nostdlib -std=gnu99 -ffreestanding -fshort-wchar -fvisibility=hidden -isystem /usr/include/efi -isystem /usr/include/efi/ia32 -I /builddir/build/BUILD/systemd-stable-250.7/src/fundamental -DSD_BOOT -DGNU_EFI_USE_MS_ABI -include src/boot/efi/efi_config.h -include version.h -mno-sse -mno-mmx -flto -O2 -flto=auto -../src/fundamental/sha256.c: In function ‘sha256_finish_ctx’: -../src/fundamental/sha256.c:61:25: error: ‘false’ undeclared (first use in this function) - 61 | # define UNALIGNED_P(p) false - | ^~~~~ -../src/fundamental/sha256.c:136:21: note: in expansion of macro ‘UNALIGNED_P’ - 136 | if (UNALIGNED_P(resbuf)) - | ^~~~~~~~~~~ -../src/fundamental/sha256.c:32:1: note: ‘false’ is defined in header ‘’; did you forget to ‘#include ’? - 31 | #include "sha256.h" - +++ |+#include - 32 | -... ---- - src/fundamental/sha256.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/fundamental/sha256.c b/src/fundamental/sha256.c -index 67d83b5f1c..f089594796 100644 ---- a/src/fundamental/sha256.c -+++ b/src/fundamental/sha256.c -@@ -60,7 +60,7 @@ - # define UNALIGNED_P(p) (((size_t) p) % sizeof(uint32_t) != 0) - # endif - #else --# define UNALIGNED_P(p) false -+# define UNALIGNED_P(p) sd_false - #endif - - /* This array contains the bytes used to pad the buffer to the next diff --git a/sources b/sources index 95b4d5d..dbe2adf 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-251.2.tar.gz) = 0c4011b685a1e8d535af123cbaf79ab53d59ea665ca5350ab1077ad4e962b49c1fd5b1b5bb3f28c3e28145dfd02aa83023f78de5edec15afe84e3e06e742a67c +SHA512 (systemd-251.3.tar.gz) = fb5b8dc1742562ef95469e90d406cfb6dfcb337860ad1208b460414b88ff0565071bde797d195faa62761206abc881829de6b1009e5d727cad2dfe0764310d5f diff --git a/systemd.spec b/systemd.spec index 85233a2..eb4122e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,8 +30,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 251.2 -Release: 2%{?dist} +Version: 251.3 +Release: 1%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -90,7 +90,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Any patches which are "in preparation" upstream should be listed here, rather # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. -Patch0000: 0001-sha256-fix-compilation-on-efi-ia32.patch # Those are downstream-only patches, but we don't want them in packit builds: @@ -1006,7 +1005,8 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog -* Wed Jul 13 2022 Zbigniew Jędrzejewski-Szmek - 251.2-2 +* Wed Jul 13 2022 Zbigniew Jędrzejewski-Szmek - 251.3-1 +- Update to latest bugfix release - Drop forgotten "temporary" workaround for #1663040 * Wed Jun 29 2022 Zbigniew Jędrzejewski-Szmek - 251.2-2 From 31a512dde108fe2e71bfab8c15350a5bdc46f7dd Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 23 Jul 2022 09:59:57 +0000 Subject: [PATCH 093/494] Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- systemd.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index eb4122e..0a6f188 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,11 +31,11 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 251.3 -Release: 1%{?dist} +Release: 2%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') -Release: 2 +Release: 3 %endif # For a breakdown of the licensing, see README @@ -1005,6 +1005,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Sat Jul 23 2022 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + * Wed Jul 13 2022 Zbigniew Jędrzejewski-Szmek - 251.3-1 - Update to latest bugfix release - Drop forgotten "temporary" workaround for #1663040 From 99fbfcd5a29eec19dd47cab9894183f2231ef5d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 8 Aug 2022 13:09:36 +0200 Subject: [PATCH 094/494] Convert to rpmautospec --- changelog | 2441 +++++++++++++++++++++++++++++++++++++++++++++++++ systemd.spec | 2445 +------------------------------------------------- 2 files changed, 2443 insertions(+), 2443 deletions(-) create mode 100644 changelog diff --git a/changelog b/changelog new file mode 100644 index 0000000..ec4d5d7 --- /dev/null +++ b/changelog @@ -0,0 +1,2441 @@ +* Sat Jul 23 2022 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Wed Jul 13 2022 Zbigniew Jędrzejewski-Szmek - 251.3-1 +- Update to latest bugfix release +- Drop forgotten "temporary" workaround for #1663040 + +* Wed Jun 29 2022 Zbigniew Jędrzejewski-Szmek - 251.2-2 +- Drop forward-secure-sealing code from sd-journal and tools + +* Thu Jun 2 2022 Zbigniew Jędrzejewski-Szmek - 251.2-1 +- A bunch of man page fixes, a few memory-access correctness fixes, + remove excessive messages to utmp sessions, suppress messages about + bpf setup in the user manager (#2084955) + +* Wed May 25 2022 Zbigniew Jędrzejewski-Szmek - 251.1-2 +- Supress errors from useradd/groupadd (#2090129) +- Drop "v" from the version tag, add tilde back +- The tag for shared-libraries is reintroduced (#1906010) + +* Tue May 24 2022 Zbigniew Jędrzejewski-Szmek - 251.1-1 +- First bugfix release for 250 +- Two fixes for kernel-install and a revert for #2087225, #2088788. + +* Sat May 21 2022 Zbigniew Jędrzejewski-Szmek - 251-1 +- Latest upstream release, for details see + https://raw.githubusercontent.com/systemd/systemd/v251/NEWS. +- Fixes for #2071034, #2084955, #2086166. + +* Mon May 16 2022 Zbigniew Jędrzejewski-Szmek - 251~rc3-1 +- Update to latest upstream prerelease (just various bugfixes) +- Udev rule processing should be now fixed (#2076459) +- Run sysusers and hwdb and catalog updates also if systemd is not running + (#2085481) + +* Wed May 11 2022 Adam Williamson - 251~rc2-2 +- Backport #23352 to fix RHBZ #2083374 + +* Thu May 5 2022 Zbigniew Jędrzejewski-Szmek - 251~rc2-1 +- New upstream prerelease, for details see + https://raw.githubusercontent.com/systemd/systemd/v251-rc2/NEWS. + +* Tue Apr 12 2022 Zbigniew Jędrzejewski-Szmek - 251~rc1-3 +- Do not touch /etc/resolv.conf on upgrades (#2074122) +- Add bugfix patch and revert one patch which might be causing + problems with the compose + +* Mon Apr 4 2022 Zbigniew Jędrzejewski-Szmek - 251~rc1-2 +- Merge libsystemd-core back into individual binaries and drop the + private shared library suffix (this should server as a work-around + for rhbz#2071069) + +* Tue Mar 29 2022 Zbigniew Jędrzejewski-Szmek - 251~rc1-1 +- First release candidate in the new cycle +- Fixes rhbz#1449751, rhbz#1906010 + +* Fri Mar 18 2022 Zbigniew Jędrzejewski-Szmek - 250.4-2 +- Fix the wrong file assignment done in previous version + +* Thu Mar 17 2022 Zbigniew Jędrzejewski-Szmek - 250.4-1 +- Move libcryptsetup plugins to -udev (#2031873) +- Move systemd-cryptenroll to -udev (David Tardon) +- Disable default DNS over TLS (#1889901) (Michael Catanzaro) + +* Thu Feb 24 2022 Zbigniew Jędrzejewski-Szmek - 250.3-6 +- Avoid trying to create the symlink if there's a dangling symlink already in + place (#2058388) + +* Wed Feb 23 2022 Zbigniew Jędrzejewski-Szmek - 250.3-5 +- Move part of %%post scriptlet for resolved to %%posttrans (#2018913) +- Specify owner of utmp/wtmp/btmp/lastlog as root in the rpm listing + +* Wed Feb 16 2022 Zbigniew Jędrzejewski-Szmek - 250.3-4 +- Drop scriptlet for handling nobody user upgrades from Fedora <28 +- Specify owner of /var/log/journal as root in the rpm listing (#2018913) + +* Thu Feb 10 2022 Zbigniew Jędrzejewski-Szmek - 250.3-3 +- Add pam_namespace to systemd-user pam config (rhbz#2053098) +- Drop 20-grubby.install plugin for kernel-install (rhbz#2033646) + +* Sat Jan 22 2022 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Tue Jan 18 2022 Zbigniew Jędrzejewski-Szmek - 250.3-2 +- Take ghost ownership of /var/log/lastlog (#1798685) + +* Tue Jan 18 2022 Zbigniew Jędrzejewski-Szmek - 250.3-1 +- Third stable release after v250: fixes for sd-boot on fringe hardware (e.g. VirtualBox), + various man page updates, sd-journal file verification is now stricter, + systemd-networkd by default will not add routes for wireguard AllowedIPs= + systemd nss modules shouldn't try to read kernel command line +- Don't do sd-boot updates when not installed (#2038289) +- xdg-autostart-service will ignore ExecCondition= when the helper binary is missing +- kernel-install does cleanup better (#2016630) + +* Fri Jan 7 2022 Zbigniew Jędrzejewski-Szmek - 250.2-1 +- Second stable release after v250: various bugfixes + (systemd-resolved, systemd-journald, userdbctl, homed). +- The manager should now gracefully handle the case where BPF LSM + cannot be initialized (#2036145). The BPF filters are enabled again + on all architectures, so *other* filter should also work on the + affected architectures. +- kernel-install now checks paths used by grub2 before sd-boot paths again + (#2036199) +- fstab-generator now ignores root-on-nfs/cifs/iscsi and live (#2037233) +- CVE-2021-3997, #2024639: systemd-tmpfiles would exhaust the stack and crash + during excessive recursion on a very deeply nested directory structure. + +* Tue Jan 4 2022 Zbigniew Jędrzejewski-Szmek - 250.1-1 +- First stable version after v250: various bugfixes, in particular for + sd-boot, systemd-networkd, and various build issues. +- Fixes #2036517, #2035608, #2036217. + +* Thu Dec 30 2021 Zbigniew Jędrzejewski-Szmek - 250-3 +- Disable bpf filters on arm64 (#2036145) + +* Sat Dec 25 2021 Zbigniew Jędrzejewski-Szmek - 250-2 +- Fix warning about systemd-boot-update.service not existing on + non-uefi architectures +- Enable all bpf features (#2035608) + +* Thu Dec 23 2021 Zbigniew Jędrzejewski-Szmek - 250-1 +- Version 250, only some very small changes since -rc3. +- Switch unit status name format to 'combined' (#2028169) + +* Mon Dec 20 2021 Zbigniew Jędrzejewski-Szmek - 250~rc3-1 +- Latest prerelease, see + https://raw.githubusercontent.com/systemd/systemd/v250-rc3/NEWS for + details. +- Fixes rhbz#2006761, rhbz#2027627, rhbz#1926323, rhbz#1919538. + +* Sun Dec 12 2021 Zbigniew Jędrzejewski-Szmek - 250~rc1-4 +- Move systemd-boot-update.service to -udev subpackage + and add it the the installation scriptlets (#2031400) +- Move libcryptsetup-token-systemd plugins to -udev (#2031873) +- Create /etc/resolv.conf symlink if nothing is present yet (#2032085) + +* Fri Dec 10 2021 Pavel Březina - 250~rc1-3 +- Remove nsswitch.conf scriptlets (#2023743) + +* Thu Dec 9 2021 Zbigniew Jędrzejewski-Szmek - 250~rc1-1 +- Version 250-rc1, + see https://raw.githubusercontent.com/systemd/systemd/v250-rc1/NEWS for + details. + +* Fri Nov 19 2021 Davide Cavalca - 249.7-3 +- Disable legacy iptables support + +* Mon Nov 15 2021 Zbigniew Jędrzejewski-Szmek - 249.7-2 +- Supress errors from update-helper when selinux is enabled (see #2023332) + +* Sun Nov 14 2021 Zbigniew Jędrzejewski-Szmek - 249.7-1 +- Latest bugfix release (better erofs detection, sd-event memory + corruption bugfix, logind, documentation) +- Really fix helper to restart user units with older systemd (#2020415) + +* Sun Nov 14 2021 Petr Menšík - 249.7-1 +- Switch /etc/resolv.conf over to NM when systemd-resolved is uninstalled + +* Wed Nov 10 2021 Kir Kolyshkin - 249.7-1 +- Fix scope activation from a user instance (#2022041) + +* Mon Nov 8 2021 Zbigniew Jędrzejewski-Szmek - 249.6-3 +- Fix helper to restart user units with older systemd (#2020415) + +* Thu Nov 4 2021 Zbigniew Jędrzejewski-Szmek - 249.6-2 +- Latest bugfix release (networkd, coredumpctl, varlink, udev, + systemctl, systemd itself, better detection of Hyper-V and + Virtualbox virtualization, documentation updates) +- Fix helper to restart user units + +* Fri Oct 29 2021 Adam Williamson - 249.5-2 +- Backport PR #133 to fix boot + +* Tue Oct 12 2021 Zbigniew Jędrzejewski-Szmek - 249.5-1 +- Latest bugfix release (various fixes in systemd-networkd, + -timesyncd, -journald, -udev, homed, -resolved, -repart, -oomd, + -coredump, systemd itself, seccomp filters, TPM2 handling, + -documentation, sd-event, sd-journal, journalctl, and nss-systemd). +- Fixes #1976445. + +* Tue Sep 14 2021 Sahana Prasad +- Rebuilt with OpenSSL 3.0.0 + +* Tue Aug 24 2021 Zbigniew Jędrzejewski-Szmek - 249.4-1 +- Latest bugfix release: various fixes for systemd-networkd, + systemd-resolved, systemd, systemd-boot. +- Backport of macros to restart systemd user units (#1993244) + +* Fri Aug 6 2021 Zbigniew Jędrzejewski-Szmek - 249.3-1 +- Latest bugfix release: improved compatibility with latest glibc, + various small documentation fixes, and fixes for systemd-networkd bridging, + other minor fixes. +- systemctl set-property accepts glob patterns now (#1986258) + +* Fri Jul 23 2021 Zbigniew Jędrzejewski-Szmek - 249.2-1 +- Latest bugfix release (a minor hwdb regression bugfix, and correction + to kernel commandline handling when reexecuting PID 1 in a container) + +* Fri Jul 23 2021 Michael Catanzaro - 249.2-1 +- Build with -Ddefault-dns-over-tls=opportunistic + (https://fedoraproject.org/wiki/Changes/DNS_Over_TLS, #1889901) + +* Tue Jul 20 2021 Zbigniew Jędrzejewski-Szmek - 249.1-1 +- Various minor documentation and correctness fixes. +- CVE-2021-33910, #1984020: an unchecked stack allocation could be used to + crash systemd and cause the system to reboot by creating a very long + fuse mountpoint path. + +* Wed Jul 7 2021 Neal Gompa - 249-2 +- Use correct NEWS URLs for systemd 249 releases in changelog entries + +* Wed Jul 7 2021 Zbigniew Jędrzejewski-Szmek - 249-1 +- Latest upstream release with minor bugfixes, see + https://github.com/systemd/systemd/blob/v249/NEWS. +- systemd-oomd cpu usage is reduced (#1944646) + +* Thu Jul 1 2021 Zbigniew Jędrzejewski-Szmek - 249~rc3-1 +- Latest upstream prerelease with various bugfixes, see + https://github.com/systemd/systemd/blob/v249-rc3/NEWS. + +* Fri Jun 25 2021 Zbigniew Jędrzejewski-Szmek - 249~rc2-1 +- Latest upstream prerelease with various bugfixes, see + https://github.com/systemd/systemd/blob/v249-rc2/NEWS. +- Ignore FORCERENEW DHCP packets (TALOS-2020-1142, CVE-2020-13529, #1959398) + +* Thu Jun 17 2021 Adam Williamson - 249~rc1-2 +- Stop systemd providing systemd-resolved, now the subpackage exists (#1973462) + +* Wed Jun 16 2021 Zbigniew Jędrzejewski-Szmek - 249~rc1-1 +- Latest upstream prerelease, see + https://github.com/systemd/systemd/blob/v249-rc1/NEWS. + Fixes #1963428. +- Use systemd-sysusers to create users (#1965815) +- Move systemd-resolved into systemd-resolved subpackage (#1923727) + [patch from Petr Menšík] + +* Sat May 15 2021 Zbigniew Jędrzejewski-Szmek - 248.3-1 +- A fix for resolved crashes (#1946386, #1960227, #1950241) +- Some minor fixes for documentation, systemd-networkd, systemd-run, bootctl. + +* Fri May 7 2021 Zbigniew Jędrzejewski-Szmek - 248.2-1 +- Pull in some more patches from upstream (#1944646, #1885090, #1941340) +- Adjust modes of some %%ghost files (#1956059) + +* Thu May 6 2021 Zbigniew Jędrzejewski-Szmek - 248.1-1 +- Latest stable version: a long list of minor correctness fixes all around + (#1955475, #911766, #1958167, #1952919) +- Enable tpm2-tss dependency (#1949505) + +* Tue Apr 06 2021 Adam Williamson - 248-2 +- Re-enable resolved caching, we hope all major bugs are resolved now + +* Wed Mar 31 2021 Zbigniew Jędrzejewski-Szmek - 248-1 +- Latest upstream release, see + https://github.com/systemd/systemd/blob/v248/NEWS. +- The changes since -rc4 are rather small, various fixes all over the place. + A fix to how systemd-oomd selects a candidate to kill, and more debug logging + to make this more transparent. + +* Tue Mar 30 2021 Anita Zhang - 248~rc4-6 +- Increase oomd user memory pressure limit to 50% (#1941170) + +* Fri Mar 26 2021 Zbigniew Jędrzejewski-Szmek - 248~rc4-5 +- Do not preset systemd-networkd.service and systemd-networkd-wait-online.service + on upgrades from before systemd-networkd was split out (#1943263) +- In nsswitch.conf, move nss-myhostname to the front, before nss-mdns4 (#1943199) + +* Wed Mar 24 2021 Zbigniew Jędrzejewski-Szmek - 248~rc4-4 +- Revert patch that seems to cause problems with dns resolution + (see comments on https://bodhi.fedoraproject.org/updates/FEDORA-2021-1c1a870ceb) + +* Mon Mar 22 2021 Zbigniew Jędrzejewski-Szmek - 248~rc4-3 +- Fix hang when processing timers during DST switch in Europe/Dublin timezone (#1941335) +- Fix returning combined IPv4/IPv6 responses from systemd-resolved cache (#1940715) + (But note that the disablement of caching added previously is + retained until we can do more testing.) +- Minor fix to interface naming by udev +- Fix for systemd-repart --size + +* Fri Mar 19 2021 Adam Williamson - 248~rc4-2 +- Disable resolved cache via config snippet (#1940715) + +* Thu Mar 18 2021 Yu Watanabe - 248~rc4-1 +- Latest upstream prerelease, see + https://github.com/systemd/systemd/blob/v248-rc4/NEWS. +- A bunch of documentation updates, and correctness fixes. + +* Tue Mar 16 2021 Adam Williamson - 248~rc3-2 +- Backport PR #19009 to fix CNAME redirect resolving some more (#1933433) + +* Thu Mar 11 2021 Zbigniew Jędrzejewski-Szmek - 248~rc3-1 +- Latest upstream prerelease, see + https://github.com/systemd/systemd/blob/v248-rc3/NEWS. +- A bunch of documentation updates, correctness fixes, and systemd-networkd + features. +- Resolves #1933137, #1935084, #1933873, #1931181, #1933335, #1935062, #1927148. + +* Thu Mar 11 2021 Zbigniew Jędrzejewski-Szmek - 248~rc2-5 +- Fix crash in pid1 during daemon-reexec (#1931034) + +* Fri Mar 05 2021 Adam Williamson - 248~rc2-3 +- Fix stub resolver CNAME chain resolving (#1933433) + +* Mon Mar 01 2021 Josh Boyer - 248~rc2-2 +- Don't set the fallback hostname to Fedora on non-Fedora OSes + +* Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek - 248~rc2-1 +- Latest upstream prelease, just a bunch of small fixes. +- Fixes #1931957. + +* Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek - 248~rc1-2 +- Rebuild with the newest scriptlets + +* Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek - 248~rc1-1 +- Latest upstream prerelease, see + https://github.com/systemd/systemd/blob/v248-rc1/NEWS. +- Fixes #1614751 by only restarting services at the end of transcation. + Various packages need to be rebuilt to have the updated macros. +- Fixes #1879028, though probably not completely. +- Fixes #1925805, #1928235. + +* Wed Feb 17 2021 Michel Alexandre Salim - 247.3-3 +- Increase oomd user memory pressure limit to 10% (#1929856) + +* Fri Feb 5 2021 Anita Zhang - 247.3-2 +- Changes for https://fedoraproject.org/wiki/Changes/EnableSystemdOomd. +- Backports consist primarily of PR #18361, #18444, and #18401 (plus some + additional ones to handle merge conflicts). +- Create systemd-oomd-defaults subpackage to install unit drop-ins that will + configure systemd-oomd to monitor and act. + +* Tue Feb 2 2021 Zbigniew Jędrzejewski-Szmek - 247.3-1 +- Minor stable release +- Fixes #1895937, #1813219, #1903106. + +* Wed Jan 27 2021 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jan 13 2021 Zbigniew Jędrzejewski-Szmek - 247.2-2 +- Fix bfq patch again (#1813219) + +* Wed Dec 23 2020 Jonathan Underwood - 247.2-2 +- Add patch to enable crypttab to support disabling of luks read and + write workqueues (corresponding to + https://github.com/systemd/systemd/pull/18062/). + +* Wed Dec 16 2020 Zbigniew Jędrzejewski-Szmek - 247.2-1 +- Minor stable release +- Fixes #1908071. + +* Tue Dec 8 2020 Zbigniew Jędrzejewski-Szmek - 247.1-3 +- Rebuild with fallback hostname change reverted. + +* Fri Dec 04 2020 Bastien Nocera - 247.1-2 +- Unset fallback-hostname as plenty of applications expected localhost + to mean "default hostname" without ever standardising it (#1892235) + +* Tue Dec 1 2020 Zbigniew Jędrzejewski-Szmek - 247.1-1 +- Latest stable release +- Fixes #1902819. +- Files to configure networking with systemd-networkd in a VM or container are + moved to systemd-networkd subpackage. (They were previously in the -container + subpackage, which is for container/VM management.) + +* Thu Nov 26 2020 Zbigniew Jędrzejewski-Szmek - 247-1 +- Update to the latest version +- #1900878 should be fixed + +* Tue Oct 20 2020 Zbigniew Jędrzejewski-Szmek - 247~rc2 +- New upstream pre-release. See + https://github.com/systemd/systemd/blob/v247-rc1/NEWS. + Many smaller and bigger improvements and features are introduced. + (#1885101, #1890632, #1879216) + + A backwards-incompatible change affects PCI network devices which + are connected through a bridge which is itself associated with a + slot. When more than one device was associated with the same slot, + one of the devices would pseudo-randomly get named after the slot. + That name is now not generated at all. This changed behaviour is + causes the net naming scheme to be changed to "v247". To restore + previous behaviour, specify net.naming-scheme=v245. + + systemd-oomd is built, but should not be considered "production + ready" at this point. Testing and bug reports are welcome. + +* Wed Sep 30 2020 Dusty Mabe - 246.6-3 +- Try to make files in subpackages (especially the networkd subpackage) + more appropriate. + +* Thu Sep 24 2020 Filipe Brandenburger - 246.6-2 +- Build a package with standalone binaries for non-systemd systems. + For now, only systemd-sysusers is included. + +* Thu Sep 24 2020 Christian Glombek - 246.6-2 +- Split out networkd sub-package and add to main package as recommended dependency + +* Sun Sep 20 2020 Zbigniew Jędrzejewski-Szmek - 246.6-1 +- Update to latest stable release (various minor fixes: manager, + networking, bootct, kernel-install, systemd-dissect, systemd-homed, + fstab-generator, documentation) (#1876905) +- Do not fail in test because of kernel bug (#1803070) + +* Sun Sep 13 2020 Zbigniew Jędrzejewski-Szmek - 246.5-1 +- Update to latest stable release (a bunch of small network-related + fixes in systemd-networkd and socket handling, documentation updates, + a bunch of fixes for error handling). +- Also remove existing file when creating /etc/resolv.conf symlink + upon installation (#1873856 again) + +* Wed Sep 2 2020 Zbigniew Jędrzejewski-Szmek - 246.4-1 +- Update to latest stable version: a rework of how the unit cache mtime works + (hopefully #1872068, #1871327, #1867930), plus various fixes to + systemd-resolved, systemd-dissect, systemd-analyze, systemd-ask-password-agent, + systemd-networkd, systemd-homed, systemd-machine-id-setup, presets for + instantiated units, documentation and shell completions. +- Create /etc/resolv.conf symlink upon installation (#1873856) +- Move nss-mdns before nss-resolve in /etc/nsswitch.conf and disable + mdns by default in systemd-resolved (#1867830) + +* Wed Aug 26 2020 Zbigniew Jędrzejewski-Szmek - 246.3-1 +- Update to bugfix version (some networkd fixes, minor documentation + fixes, relax handling of various error conditions, other fixlets for + bugs without bugzilla numbers). + +* Mon Aug 17 2020 Zbigniew Jędrzejewski-Szmek - 246.2-1 +- A few minor bugfixes +- Adjust seccomp filter for kernel 5.8 and glibc 2.32 (#1869030) +- Create /etc/resolv.conf symlink on upgrade (#1867865) + +* Fri Aug 7 2020 Zbigniew Jędrzejewski-Szmek - 246.1-1 +- A few minor bugfixes +- Remove /etc/resolv.conf on upgrades (if managed by NetworkManager), so + that systemd-resolved can take over the management of the symlink. + +* Thu Jul 30 2020 Zbigniew Jędrzejewski-Szmek - 246-1 +- Update to released version. Only some minor bugfixes since the pre-release. + +* Sun Jul 26 2020 Zbigniew Jędrzejewski-Szmek - 246~rc2-2 +- Make /tmp be 50% of RAM again (#1856514) +- Re-run 'systemctl preset systemd-resolved' on upgrades. + /etc/resolv.conf is not modified, by a hint is emitted if it is + managed by NetworkManager. + +* Fri Jul 24 2020 Zbigniew Jędrzejewski-Szmek - 246~rc2-1 +- New pre-release with incremental fixes + (#1856037, #1858845, #1856122, #1857783) +- Enable systemd-resolved (with DNSSEC disabled by default, and LLMNR + and mDNS support in resolve-only mode by default). + See https://fedoraproject.org/wiki/Changes/systemd-resolved. + +* Thu Jul 9 2020 Zbigniew Jędrzejewski-Szmek - 246~rc1-1 +- New upstream release, see + https://raw.githubusercontent.com/systemd/systemd/v246-rc1/NEWS. + + This release includes many new unit settings, related inter alia to + cgroupsv2 freezer support and cpu affinity, encryption and verification. + systemd-networkd has a ton of new functionality and many other tools gained + smaller enhancements. systemd-homed gained FIDO2 support. + + Documentation has been significantly improved: sd-bus and sd-hwdb + libraries are now fully documented; man pages have been added for + the D-BUS APIs of systemd daemons and various new interfaces. + + Closes #1392925, #1790972, #1197886, #1525593. + +* Wed Jun 24 2020 Bastien Nocera - 245.6-3 +- Set fallback-hostname to fedora so that unset hostnames are still + recognisable (#1392925) + +* Tue Jun 2 2020 Zbigniew Jędrzejewski-Szmek - 245.6-2 +- Add self-obsoletes to fix upgrades from F31 + +* Sun May 31 2020 Zbigniew Jędrzejewski-Szmek - 245.6-1 +- Update to latest stable version (some documentation updates, minor + memory correctness issues) (#1815605, #1827467, #1842067) + +* Tue Apr 21 2020 Björn Esser - 245.5-2 +- Add explicit BuildRequires: acl +- Bootstrapping for json-c SONAME bump + +* Fri Apr 17 2020 Zbigniew Jędrzejewski-Szmek - 245.5-1 +- Update to latest stable version (#1819313, #1815412, #1800875) + +* Thu Apr 16 2020 Björn Esser - 245.4-2 +- Add bootstrap option to break circular deps on cryptsetup + +* Wed Apr 1 2020 Zbigniew Jędrzejewski-Szmek - 245.4-1 +- Update to latest stable version (#1814454) + +* Thu Mar 26 2020 Zbigniew Jędrzejewski-Szmek - 245.3-1 +- Update to latest stable version (no issue that got reported in bugzilla) + +* Wed Mar 18 2020 Zbigniew Jędrzejewski-Szmek - 245.2-1 +- Update to latest stable version (a few bug fixes for random things) (#1798776) + +* Fri Mar 6 2020 Zbigniew Jędrzejewski-Szmek - 245-1 +- Update to latest version (#1807485) + +* Wed Feb 26 2020 Zbigniew Jędrzejewski-Szmek - 245~rc2-1 +- Modify the downstream udev rule to use bfq to only apply to disks (#1803500) +- "Upgrade" dependency on kbd package from Recommends to Requires (#1408878) +- Move systemd-bless-boot.service and systemd-boot-system-token.service to + systemd-udev subpackage (#1807462) +- Move a bunch of other services to systemd-udev: + systemd-pstore.service, all fsck-related functionality, + systemd-volatile-root.service, systemd-verity-setup.service, and a few + other related files. +- Fix daemon-reload rule to not kill non-systemd pid1 (#1803240) +- Fix namespace-related failure when starting systemd-homed (#1807465) and + group lookup failure in nss_systemd (#1809147) +- Drop autogenerated BOOT_IMAGE= parameter from stored kernel command lines + (#1716164) +- Don't require /proc to be mounted for systemd-sysusers to work (#1807768) + +* Fri Feb 21 2020 Filipe Brandenburger - 245~rc1-4 +- Update daemon-reexec fallback to check whether the system is booted with + systemd as PID 1 and check whether we're upgrading before using kill -TERM + on PID 1 (#1803240) + +* Tue Feb 18 2020 Adam Williamson - 245~rc1-3 +- Revert 097537f0 to fix plymouth etc. running when they shouldn't (#1803293) + +* Fri Feb 7 2020 Zbigniew Jędrzejewski-Szmek - 245~rc1-2 +- Add default 'disable *' preset for user units (#1792474, #1468501), + see https://fedoraproject.org/wiki/Changes/Systemd_presets_for_user_units. +- Add macro to generate "compat" scriptlets based off sysusers.d format + and autogenerate user() and group() virtual provides (#1792462), + see https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format. +- Revert patch to udev rules causing regression with usb hubs (#1800820). + +* Wed Feb 5 2020 Zbigniew Jędrzejewski-Szmek - 245~rc1-1 +- New upstream release, see + https://raw.githubusercontent.com/systemd/systemd/v245-rc1/NEWS. + + This release includes completely new functionality: systemd-repart, + systemd-homed, user reconds in json, and multi-instantiable + journald, and a partial rework of internal communcation to use + varlink, and bunch of more incremental changes. + + The "predictable" interface name naming scheme is changed, + net.naming-scheme= can be used to undo the change. The change applies + to container interface names on the host. + +- Fixes #1774242, #1787089, #1798414/CVE-2020-1712. + +* Fri Jan 31 2020 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Sat Dec 21 2019 - 244.1-2 +- Disable service watchdogs (for systemd units) + +* Sun Dec 15 2019 - 244.1-1 +- Update to latest stable batch (systemd-networkd fixups, better + support for seccomp on s390x, minor cleanups to documentation). +- Drop patch to revert addition of NoNewPrivileges to systemd units + +* Fri Nov 29 2019 Zbigniew Jędrzejewski-Szmek - 244-1 +- Update to latest version. Just minor bugs fixed since the pre-release. + +* Fri Nov 22 2019 Zbigniew Jędrzejewski-Szmek - 244~rc1-1 +- Update to latest pre-release version, + see https://github.com/systemd/systemd/blob/master/NEWS#L3. + Biggest items: cgroups v2 cpuset controller, fido_id builtin in udev, + systemd-networkd does not create a default route for link local addressing, + systemd-networkd supports dynamic reconfiguration and a bunch of new settings. + Network files support matching on WLAN SSID and BSSID. +- Better error messages when preset/enable/disable are used with a glob (#1763488) +- u2f-hidraw-policy package is obsoleted (#1753381) + +* Tue Nov 19 2019 Zbigniew Jędrzejewski-Szmek - 243.4 +- Latest bugfix release. Systemd-stable snapshots will now be numbered. +- Fix broken PrivateDevices filter on big-endian, s390x in particular (#1769148) +- systemd-modules-load.service should only warn, not fail, on error (#1254340) +- Fix incorrect certificate validation with DNS over TLS (#1771725, #1771726, + CVE-2018-21029) +- Fix regression with crypttab keys with colons +- Various memleaks and minor memory access issues, warning adjustments + +* Fri Oct 18 2019 Adam Williamson - 243-4.gitef67743 +- Backport PR #13792 to fix nomodeset+BIOS CanGraphical bug (#1728240) + +* Thu Oct 10 2019 Zbigniew Jędrzejewski-Szmek - 243-3.gitef67743 +- Various minor documentation and error message cleanups +- Do not use cgroup v1 hierarchy in nspawn on groups v2 (#1756143) + +* Sat Sep 21 2019 Zbigniew Jędrzejewski-Szmek - 243-2.gitfab6f01 +- Backport a bunch of patches (memory access issues, improvements to error + reporting and handling in networkd, some misleading man page contents #1751363) +- Fix permissions on static nodes (#1740664) +- Make systemd-networks follow the RFC for DHPCv6 and radv timeouts +- Fix one crash in systemd-resolved (#1703598) +- Make journal catalog creation reproducible (avoid unordered hashmap use) +- Mark the accelerometer in HP laptops as part of the laptop base +- Fix relabeling of directories with relabel-extra.d/ +- Fix potential stuck noop jobs in pid1 +- Obsolete timedatex package (#1735584) + +* Tue Sep 3 2019 Zbigniew Jędrzejewski-Szmek - 243-1 +- Update to latest release +- Emission of Session property-changed notifications from logind is fixed + (this was breaking the switching of sessions to and from gnome). +- Security issue: unprivileged users were allowed to change DNS + servers configured in systemd-resolved. Now proper polkit authorization + is required. + +* Mon Aug 26 2019 Adam Williamson - 243~rc2-2 +- Backport PR #13406 to solve PATH ordering issue (#1744059) + +* Thu Aug 22 2019 Zbigniew Jędrzejewski-Szmek - 243~rc2-1 +- Update to latest pre-release. Fixes #1740113, #1717712. +- The default scheduler for disks is set to BFQ (1738828) +- The default cgroup hierarchy is set to unified (cgroups v2) (#1732114). + Use systemd.unified-cgroup-hierarchy=0 on the kernel command line to revert. + See https://fedoraproject.org/wiki/Changes/CGroupsV2. + +* Wed Aug 07 2019 Adam Williamson - 243~rc1-2 +- Backport PR #1737362 so we own /etc/systemd/system again (#1737362) + +* Tue Jul 30 2019 Zbigniew Jędrzejewski-Szmek - 243~rc1-1 +- Update to latest version (#1715699, #1696373, #1711065, #1718192) + +* Sat Jul 27 2019 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sat Jul 20 2019 Zbigniew Jędrzejewski-Szmek - 242-6.git9d34e79 +- Ignore bad rdrand output on AMD CPUs (#1729268) +- A bunch of backported patches from upstream: documentation, memory + access fixups, command output tweaks (#1708996) + +* Tue Jun 25 2019 Björn Esser - 242-5.git7a6d834 +- Rebuilt (libqrencode.so.4) + +* Tue Jun 25 2019 Miro Hrončok - 242-4.git7a6d834 +- Rebuilt for iptables update (libip4tc.so.2) + +* Fri Apr 26 2019 Zbigniew Jędrzejewski-Szmek - 242-3.git7a6d834 +- Add symbol to mark vtable format changes (anything using sd_add_object_vtable + or sd_add_fallback_vtable needs to be rebuilt) +- Fix wireguard ListenPort handling in systemd-networkd +- Fix hang in flush_accept (#1702358) +- Fix handling of RUN keys in udevd +- Some documentation and shell completion updates and minor fixes + +* Tue Apr 16 2019 Adam Williamson - 242-2 +- Rebuild with Meson fix for #1699099 + +* Thu Apr 11 2019 Zbigniew Jędrzejewski-Szmek - 242-1 +- Update to latest release +- Make scriptlet failure non-fatal + +* Tue Apr 9 2019 Zbigniew Jędrzejewski-Szmek - 242~rc4-1 +- Update to latest prerelease + +* Thu Apr 4 2019 Zbigniew Jędrzejewski-Szmek - 242~rc3-1 +- Update to latest prerelease + +* Wed Apr 3 2019 Zbigniew Jędrzejewski-Szmek - 242~rc2-1 +- Update to the latest prerelease. +- The bug reported on latest update that systemd-resolved and systemd-networkd are + re-enabled after upgrade is fixed. + +* Fri Mar 29 2019 Zbigniew Jędrzejewski-Szmek - 241-4.gitcbf14c9 +- Backport various patches from the v241..v242 range: + kernel-install will not create the boot loader entry automatically (#1648907), + various bash completion improvements (#1183769), + memory leaks and such (#1685286). + +* Thu Mar 14 2019 Zbigniew Jędrzejewski-Szmek - 241-3.gitc1f8ff8 +- Declare hyperv and framebuffer devices master-of-seat again (#1683197) + +* Wed Feb 20 2019 Zbigniew Jędrzejewski-Szmek - 241-2.gita09c170 +- Prevent buffer overread in systemd-udevd +- Properly validate dbus paths received over dbus (#1678394, CVE-2019-6454) + +* Sat Feb 9 2019 Zbigniew Jędrzejewski-Szmek - 241~rc2-2 +- Turn LTO back on + +* Tue Feb 5 2019 Zbigniew Jędrzejewski-Szmek - 241~rc2-1 +- Update to latest release -rc2 + +* Sun Feb 03 2019 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Sun Jan 27 2019 Yu Watanabe - 241~rc1-2 +- Backport a patch for kernel-install + +* Sat Jan 26 2019 Zbigniew Jędrzejewski-Szmek - 241~rc1-1 +- Update to latest release -rc1 + +* Tue Jan 15 2019 Zbigniew Jędrzejewski-Szmek - 240-6.gitf02b547 +- Add a work-around for #1663040 + +* Mon Jan 14 2019 Björn Esser +- Rebuilt for libcrypt.so.2 (#1666033) + +* Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek - 240-4.gitf02b547 +- Add a work-around for selinux issue on live images (#1663040) + +* Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek - 240-3.gitf02b547 +- systemd-journald and systemd-journal-remote reject entries which + contain too many fields (CVE-2018-16865, #1664973) and set limits on the + process' command line length (CVE-2018-16864, #1664972) +- $DBUS_SESSION_BUS_ADDRESS is again exported by pam_systemd (#1662857) +- A fix for systemd-udevd crash (#1662303) + +* Sat Dec 22 2018 Zbigniew Jędrzejewski-Szmek - 240-2 +- Add two more patches that revert recent udev changes + +* Fri Dec 21 2018 Zbigniew Jędrzejewski-Szmek - 240-1 +- Update to latest release + See https://github.com/systemd/systemd/blob/master/NEWS for the list of changes. + +* Mon Dec 17 2018 Zbigniew Jędrzejewski-Szmek - 239-10.git9f3aed1 +- Hibernation checks for resume= are rescinded (#1645870) +- Various patches: + - memory issues in logind, networkd, journald (#1653068), sd-device, etc. + - Adaptations for newer meson, lz4, kernel + - Fixes for misleading bugs in documentation +- net.ipv4.conf.all.rp_filter is changed from 1 to 2 + +* Thu Nov 29 2018 Zbigniew Jędrzejewski-Szmek +- Adjust scriptlets to modify /etc/authselect/user-nsswitch.conf + (see https://github.com/pbrezina/authselect/issues/77) +- Drop old scriptlets for nsswitch.conf modifications for nss-mymachines and nss-resolve + +* Sun Nov 18 2018 Alejandro Domínguez Muñoz +- Remove link creation for rsyslog.service + +* Thu Nov 8 2018 Adam Williamson - 239-9.git9f3aed1 +- Go back to using systemctl preset-all in %%post (#1647172, #1118740) + +* Mon Nov 5 2018 Adam Williamson - 239-8.git9f3aed1 +- Requires(post) openssl-libs to fix live image build machine-id issue + See: https://pagure.io/dusty/failed-composes/issue/960 + +* Mon Nov 5 2018 Yu Watanabe +- Set proper attributes to private directories + +* Fri Nov 2 2018 Zbigniew Jędrzejewski-Szmek - 239-7.git9f3aed1 +- Split out the rpm macros into systemd-rpm-macros subpackage (#1645298) + +* Sun Oct 28 2018 Zbigniew Jędrzejewski-Szmek - 239-6.git9f3aed1 +- Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1639076) +- Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1639071) +- Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1639067) +- The DHCP server is started only when link is UP +- DHCPv6 prefix delegation is improved +- Downgrade logging of various messages and add loging in other places +- Many many fixes in error handling and minor memory leaks and such +- Fix typos and omissions in documentation +- Typo in %%_environmnentdir rpm macro is fixed (with backwards compatiblity preserved) +- Matching by MACAddress= in systemd-networkd is fixed +- Creation of user runtime directories is improved, and the user + manager is only stopped after 10 s after the user logs out (#1642460 and other bugs) +- systemd units systemd-timesyncd, systemd-resolved, systemd-networkd are switched back to use DynamicUser=0 +- Aliases are now resolved when loading modules from pid1. This is a (redundant) fix for a brief kernel regression. +- "systemctl --wait start" exits immediately if no valid units are named +- zram devices are not considered as candidates for hibernation +- ECN is not requested for both in- and out-going connections (the sysctl overide for net.ipv4.tcp_ecn is removed) +- Various smaller improvements to unit ordering and dependencies +- generators are now called with the manager's environment +- Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential local DOS avenues +- The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an issue where + the unit file would sometimes be loaded from such a symlink, leading to non-deterministic unit contents. +- Filtering of kernel threads is improved. This fixes an issues with newer kernels where hybrid kernel/user + threads are used by bpfilter. +- "noresume" can be used on the kernel command line to force normal boot even if a hibernation images is present +- Hibernation is not advertised if resume= is not present on the kernenl command line +- Hibernation/Suspend/... modes can be disabled using AllowSuspend=, + AllowHibernation=, AllowSuspendThenHibernate=, AllowHybridSleep= +- LOGO= and DOCUMENTATION_URL= are documented for the os-release file +- The hashmap mempool is now only used internally in systemd, and is disabled for external users of the systemd libraries +- Additional state is serialized/deserialized when logind is restarted, fixing the handling of user objects +- Catalog entries for the journal are improved (#1639482) +- If suspend fails, the post-suspend hooks are still called. +- Various build issues on less-common architectures are fixed + +* Wed Oct 3 2018 Jan Synáček - 239-5 +- Fix meson using -Ddebug, which results in FTBFS +- Fix line_begins() to accept word matching full string (#1631840) + +* Mon Sep 10 2018 Zbigniew Jędrzejewski-Szmek - 239-4 +- Move /etc/yum/protected.d/systemd.conf to /etc/dnf/ (#1626969) + +* Wed Jul 18 2018 Terje Rosten - 239-3 +- Ignore return value from systemd-binfmt in scriptlet (#1565425) + +* Sun Jul 15 2018 Filipe Brandenburger +- Override systemd-user PAM config in install and not prep + +* Sat Jul 14 2018 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Mon Jun 25 2018 Zbigniew Jędrzejewski-Szmek +- Rebuild for Python 3.7 again + +* Fri Jun 22 2018 Zbigniew Jędrzejewski-Szmek - 239-1 +- Update to latest version, mostly bug fixes and new functionality, + very little breaking changes. See + https://github.com/systemd/systemd/blob/v239/NEWS for details. + +* Tue Jun 19 2018 Miro Hrončok +- Rebuilt for Python 3.7 + +* Fri May 11 2018 Zbigniew Jędrzejewski-Szmek - 238-8.git0e0aa59 +- Backport a number of patches (documentation, hwdb updates) +- Fixes for tmpfiles 'e' entries +- systemd-networkd crashes +- XEN virtualization detection on hyper-v +- Avoid relabelling /sys/fs/cgroup if not needed (#1576240) + +* Wed Apr 18 2018 Zbigniew Jędrzejewski-Szmek - 238-7.fc28.1 +- Allow fake Delegate= setting on slices (#1568594) + +* Wed Mar 28 2018 Zbigniew Jędrzejewski-Szmek - 238-7 +- Move udev transfiletriggers to the right package, fix quoting + +* Tue Mar 27 2018 Colin Walters - 238-6 +- Use shell for triggers; see https://github.com/systemd/systemd/pull/8550 + This fixes compatibility with rpm-ostree. + +* Tue Mar 20 2018 Zbigniew Jędrzejewski-Szmek - 238-5 +- Backport patch to revert inadvertent change of "predictable" interface name (#1558027) + +* Fri Mar 16 2018 Zbigniew Jędrzejewski-Szmek - 238-4 +- Do not close dbus connection during dbus reload call (#1554578) + +* Wed Mar 7 2018 Zbigniew Jędrzejewski-Szmek - 238-3 +- Revert the patches for GRUB BootLoaderSpec support +- Add patch for /etc/machine-id creation (#1552843) + +* Tue Mar 6 2018 Yu Watanabe - 238-2 +- Fix transfiletrigger script (#1551793) + +* Mon Mar 5 2018 Zbigniew Jędrzejewski-Szmek - 238-1 +- Update to latest version +- This fixes a hard-to-trigger potential vulnerability (CVE-2018-6954) +- New transfiletriggers are installed for udev hwdb and rules, the journal + catalog, sysctl.d, binfmt.d, sysusers.d, tmpfiles.d. + +* Tue Feb 27 2018 Javier Martinez Canillas - 237-7.git84c8da5 +- Add patch to install kernel images for GRUB BootLoaderSpec support + +* Sat Feb 24 2018 Zbigniew Jędrzejewski-Szmek - 237-6.git84c8da5 +- Create /etc/systemd in %%post libs if necessary (#1548607) + +* Fri Feb 23 2018 Adam Williamson - 237-5.git84c8da5 +- Use : not touch to create file in -libs %%post + +* Thu Feb 22 2018 Patrick Uiterwijk - 237-4.git84c8da5 +- Add coreutils dep for systemd-libs %%post +- Add patch to typecast USB IDs to avoid compile failure + +* Wed Feb 21 2018 Zbigniew Jędrzejewski-Szmek - 237-3.git84c8da5 +- Update some patches for test skipping that were updated upstream + before merging +- Add /usr/lib/systemd/purge-nobody-user — a script to check if nobody is defined + correctly and possibly replace existing mappings + +* Tue Feb 20 2018 Zbigniew Jędrzejewski-Szmek - 237-2.gitdff4849 +- Backport a bunch of patches, most notably for the journal and various + memory issues. Some minor build fixes. +- Switch to new ldconfig macros that do nothing in F28+ +- /etc/systemd/dont-synthesize-nobody is created in %%post if nfsnobody + or nobody users are defined (#1537262) + +* Fri Feb 9 2018 Zbigniew Jędrzejeweski-Szmek - 237-1.git78bd769 +- Update to first stable snapshot (various minor memory leaks and misaccesses, + some documentation bugs, build fixes). + +* Sun Jan 28 2018 Zbigniew Jędrzejewski-Szmek - 237-1 +- Update to latest version + +* Sun Jan 21 2018 Björn Esser - 236-4.git3e14c4c +- Add patch to include if needed + +* Sat Jan 20 2018 Björn Esser - 236-3.git3e14c4c +- Rebuilt for switch to libxcrypt + +* Thu Jan 11 2018 Zbigniew Jędrzejewski-Szmek - 236-2.git23e14c4 +- Backport a bunch of bugfixes from upstream (#1531502, #1531381, #1526621 + various memory corruptions in systemd-networkd) +- /dev/kvm is marked as a static node which fixes permissions on s390x + and ppc64 (#1532382) + +* Fri Dec 15 2017 Zbigniew Jędrzejewski-Szmek - 236-1 +- Update to latest version + +* Mon Dec 11 2017 Zbigniew Jędrzejewski-Szmek - 235-5.git4a0e928 +- Update to latest git snapshot, do not build for realz +- Switch to libidn2 again (#1449145) + +* Tue Nov 07 2017 Zbigniew Jędrzejewski-Szmek - 235-4 +- Rebuild for cryptsetup-2.0.0-0.2.fc28 + +* Wed Oct 25 2017 Zbigniew Jędrzejewski-Szmek - 235-3 +- Backport a bunch of patches, including LP#172535 + +* Wed Oct 18 2017 Zbigniew Jędrzejewski-Szmek - 235-2 +- Patches for cryptsetup _netdev + +* Fri Oct 6 2017 Zbigniew Jędrzejewski-Szmek - 235-1 +- Update to latest version + +* Tue Sep 26 2017 Nathaniel McCallum - 234-8 +- Backport /etc/crypttab _netdev feature from upstream + +* Thu Sep 21 2017 Michal Sekletar - 234-7 +- Make sure to remove all device units sharing the same sysfs path (#1475570) + +* Mon Sep 18 2017 Zbigniew Jędrzejewski-Szmek - 234-6 +- Bump xslt recursion limit for libxslt-1.30 + +* Mon Jul 31 2017 Zbigniew Jędrzejewski-Szmek - 234-5 +- Backport more patches (#1476005, hopefully #1462378) + +* Thu Jul 27 2017 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon Jul 17 2017 Zbigniew Jędrzejewski-Szmek - 234-3 +- Fix x-systemd.timeout=0 in /etc/fstab (#1462378) +- Minor patches (memleaks, --help fixes, seccomp on arm64) + +* Thu Jul 13 2017 Zbigniew Jędrzejewski-Szmek - 234-2 +- Create kvm group (#1431876) + +* Thu Jul 13 2017 Zbigniew Jędrzejewski-Szmek - 234-1 +- Latest release + +* Sat Jul 1 2017 Zbigniew Jędrzejewski-Szmek - 233-7.git74d8f1c +- Update to snapshot +- Build with meson again + +* Tue Jun 27 2017 Zbigniew Jędrzejewski-Szmek - 233-6 +- Fix an out-of-bounds write in systemd-resolved (CVE-2017-9445) + +* Fri Jun 16 2017 Zbigniew Jędrzejewski-Szmek - 233-5.gitec36d05 +- Update to snapshot version, build with meson + +* Thu Jun 15 2017 Zbigniew Jędrzejewski-Szmek - 233-4 +- Backport a bunch of small fixes (memleaks, wrong format strings, + man page clarifications, shell completion) +- Fix systemd-resolved crash on crafted DNS packet (CVE-2017-9217, #1455493) +- Fix systemd-vconsole-setup.service error on systems with no VGA console (#1272686) +- Drop soft-static uid for systemd-journal-gateway +- Use ID from /etc/os-release as ntpvendor + +* Thu Mar 16 2017 Michal Sekletar - 233-3 +- Backport bugfixes from upstream +- Don't return error when machinectl couldn't figure out container IP addresses (#1419501) + +* Thu Mar 2 2017 Zbigniew Jędrzejewski-Szmek - 233-2 +- Fix installation conflict with polkit + +* Thu Mar 2 2017 Zbigniew Jędrzejewski-Szmek - 233-1 +- New upstream release (#1416201, #1405439, #1420753, many others) +- New systemd-tests subpackage with "installed tests" + +* Thu Feb 16 2017 Zbigniew Jędrzejewski-Szmek - 232-15 +- Add %%ghost %%dir entries for .wants dirs of our targets (#1422894) + +* Tue Feb 14 2017 Zbigniew Jędrzejewski-Szmek - 232-14 +- Ignore the hwdb parser test + +* Tue Feb 14 2017 Jan Synáček - 232-14 +- machinectl fails when virtual machine is running (#1419501) + +* Sat Feb 11 2017 Fedora Release Engineering - 232-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Jan 31 2017 Zbigniew Jędrzejewski-Szmek - 232-12 +- Backport patch for initrd-switch-root.service getting killed (#1414904) +- Fix sd-journal-gatewayd -D, --trust, and COREDUMP_CONTAINER_CMDLINE + extraction by sd-coredump. + +* Sun Jan 29 2017 zbyszek - 232-11 +- Backport a number of patches (#1411299, #1413075, #1415745, + ##1415358, #1416588, #1408884) +- Fix various memleaks and unitialized variable access +- Shell completion enhancements +- Enable TPM logging by default (#1411156) +- Update hwdb (#1270124) + +* Thu Jan 19 2017 Adam Williamson - 232-10 +- Backport fix for boot failure in initrd-switch-root (#1414904) + +* Wed Jan 18 2017 Zbigniew Jędrzejewski-Szmek - 232-9 +- Add fake dependency on systemd-pam to systemd-devel to ensure systemd-pam + is available as multilib (#1414153) + +* Tue Jan 17 2017 Zbigniew Jędrzejewski-Szmek - 232-8 +- Fix buildsystem to check for lz4 correctly (#1404406) + +* Wed Jan 11 2017 Zbigniew Jędrzejewski-Szmek - 232-7 +- Various small tweaks to scriplets + +* Sat Jan 07 2017 Kevin Fenzi - 232-6 +- Fix scriptlets to never fail in libs post + +* Fri Jan 06 2017 Kevin Fenzi - 232-5 +- Add patch from Michal Schmidt to avoid process substitution (#1392236) + +* Sun Nov 6 2016 Zbigniew Jędrzejewski-Szmek - 232-4 +- Rebuild (#1392236) + +* Fri Nov 4 2016 Zbigniew Jędrzejewski-Szmek - 232-3 +- Make /etc/dbus-1/system.d directory non-%%ghost + +* Fri Nov 4 2016 Zbigniew Jędrzejewski-Szmek - 232-2 +- Fix kernel-install (#1391829) +- Restore previous systemd-user PAM config (#1391836) +- Move journal-upload.conf.5 from systemd main to journal-remote subpackage (#1391833) +- Fix permissions on /var/lib/systemd/journal-upload (#1262665) + +* Thu Nov 3 2016 Zbigniew Jędrzejewski-Szmek - 232-1 +- Update to latest version (#998615, #1181922, #1374371, #1390704, #1384150, #1287161) +- Add %%{_isa} to Provides on arch-full packages (#1387912) +- Create systemd-coredump user in %%pre (#1309574) +- Replace grubby patch with a short-circuiting install.d "plugin" +- Enable nss-systemd in the passwd, group lines in nsswith.conf +- Add [!UNAVAIL=return] fallback after nss-resolve in hosts line in nsswith.conf +- Move systemd-nspawn man pages to the right subpackage (#1391703) + +* Tue Oct 18 2016 Jan Synáček - 231-11 +- SPC - Cannot restart host operating from container (#1384523) + +* Sun Oct 9 2016 Zbigniew Jędrzejewski-Szmek - 231-10 +- Do not recreate /var/log/journal on upgrades (#1383066) +- Move nss-myhostname provides to systemd-libs (#1383271) + +* Fri Oct 7 2016 Zbigniew Jędrzejewski-Szmek - 231-9 +- Fix systemctl set-default (#1374371) +- Prevent systemd-udev-trigger.service from restarting (follow-up for #1378974) + +* Tue Oct 4 2016 Zbigniew Jędrzejewski-Szmek - 231-8 +- Apply fix for #1378974 + +* Mon Oct 3 2016 Zbigniew Jędrzejewski-Szmek - 231-7 +- Apply patches properly + +* Thu Sep 29 2016 Zbigniew Jędrzejewski-Szmek - 231-6 +- Better fix for (#1380286) + +* Thu Sep 29 2016 Zbigniew Jędrzejewski-Szmek - 231-5 +- Denial-of-service bug against pid1 (#1380286) + +* Thu Aug 25 2016 Zbigniew Jędrzejewski-Szmek - 231-4 +- Fix preset-all (#1363858) +- Fix issue with daemon-reload messing up graphics (#1367766) +- A few other bugfixes + +* Wed Aug 03 2016 Adam Williamson - 231-3 +- Revert preset-all change, it broke stuff (#1363858) + +* Wed Jul 27 2016 Zbigniew Jędrzejewski-Szmek - 231-2 +- Call preset-all on initial installation (#1118740) +- Fix botched Recommends for libxkbcommon + +* Tue Jul 26 2016 Zbigniew Jędrzejewski-Szmek - 231-1 +- Update to latest version + +* Wed Jun 8 2016 Zbigniew Jędrzejewski-Szmek - 230-3 +- Update to latest git snapshot (fixes for systemctl set-default, + polkit lingering policy, reversal of the framebuffer rules, + unaligned access fixes, fix for StartupBlockIOWeight-over-dbus). + Those changes are interspersed with other changes and new features + (mostly in lldp, networkd, and nspawn). Some of those new features + might not work, but I think that existing functionality should not + be broken, so it seems worthwile to update to the snapshot. + +* Sat May 21 2016 Zbigniew Jędrzejewski-Szmek - 230-2 +- Remove systemd-compat-libs on upgrade + +* Sat May 21 2016 Zbigniew Jędrzejewski-Szmek - 230-1 +- New version +- Drop compat-libs +- Require libxkbcommon explictly, since the automatic dependency will + not be generated anymore + +* Tue Apr 26 2016 Zbigniew Jędrzejewski-Szmek - 229-15 +- Remove duplicated entries in -container %%files (#1330395) + +* Fri Apr 22 2016 Zbigniew Jędrzejewski-Szmek - 229-14 +- Move installation of udev services to udev subpackage (#1329023) + +* Mon Apr 18 2016 Zbigniew Jędrzejewski-Szmek - 229-13 +- Split out systemd-pam subpackage (#1327402) + +* Mon Apr 18 2016 Harald Hoyer - 229-12 +- move more binaries and services from the main package to subpackages + +* Mon Apr 18 2016 Harald Hoyer - 229-11 +- move more binaries and services from the main package to subpackages + +* Mon Apr 18 2016 Harald Hoyer - 229-10 +- move device dependant stuff to the udev subpackage + +* Tue Mar 22 2016 Zbigniew Jędrzejewski-Szmek - 229-9 +- Add myhostname to /etc/nsswitch.conf (#1318303) + +* Mon Mar 21 2016 Harald Hoyer - 229-8 +- fixed kernel-install for copying files for grubby +Resolves: rhbz#1299019 + +* Thu Mar 17 2016 Zbigniew Jędrzejewski-Szmek - 229-7 +- Moar patches (#1316964, #1317928) +- Move vconsole-setup and tmpfiles-setup-dev bits to systemd-udev +- Protect systemd-udev from deinstallation + +* Fri Mar 11 2016 Zbigniew Jędrzejewski-Szmek - 229-6 +- Create /etc/resolv.conf symlink from systemd-resolved (#1313085) + +* Fri Mar 4 2016 Zbigniew Jędrzejewski-Szmek - 229-5 +- Split out systemd-container subpackage (#1163412) +- Split out system-udev subpackage +- Add various bugfix patches, incl. a tentative fix for #1308771 + +* Tue Mar 1 2016 Peter Robinson 229-4 +- Power64 and s390(x) now have libseccomp support +- aarch64 has gnu-efi + +* Tue Feb 23 2016 Jan Synáček - 229-3 +- Fix build failures on ppc64 (#1310800) + +* Tue Feb 16 2016 Dennis Gilmore - 229-2 +- revert: fixed kernel-install for copying files for grubby +Resolves: rhbz#1299019 +- this causes the dtb files to not get installed at all and the fdtdir +- line in extlinux.conf to not get updated correctly + +* Thu Feb 11 2016 Michal Sekletar - 229-1 +- New upstream release + +* Thu Feb 11 2016 Harald Hoyer - 228-10.gite35a787 +- fixed kernel-install for copying files for grubby +Resolves: rhbz#1299019 + +* Fri Feb 05 2016 Fedora Release Engineering - 228-9.gite35a787 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jan 27 2016 Peter Robinson 228-8.gite35a787 +- Rebuild for binutils on aarch64 fix + +* Fri Jan 08 2016 Dan Horák - 228-7.gite35a787 +- apply the conflict with fedora-release only in Fedora + +* Thu Dec 10 2015 Jan Synáček - 228-6.gite35a787 +- Fix rawhide build failures on ppc64 (#1286249) + +* Sun Nov 29 2015 Zbigniew Jędrzejewski-Szmek - 228-6.gite35a787 +- Create /etc/systemd/network (#1286397) + +* Thu Nov 26 2015 Zbigniew Jędrzejewski-Szmek - 228-5.gite35a787 +- Do not install nss modules by default + +* Tue Nov 24 2015 Zbigniew Jędrzejewski-Szmek - 228-4.gite35a787 +- Update to latest upstream git: there is a bunch of fixes + (nss-mymachines overflow bug, networkd fixes, more completions are + properly installed), mixed with some new resolved features. +- Rework file triggers so that they always run before daemons are restarted + +* Thu Nov 19 2015 Zbigniew Jędrzejewski-Szmek - 228-3 +- Enable rpm file triggers for daemon-reload + +* Thu Nov 19 2015 Zbigniew Jędrzejewski-Szmek - 228-2 +- Fix version number in obsoleted package name (#1283452) + +* Wed Nov 18 2015 Kay Sievers - 228-1 +- New upstream release + +* Thu Nov 12 2015 Zbigniew Jędrzejewski-Szmek - 227-7 +- Rename journal-gateway subpackage to journal-remote +- Ignore the access mode on /var/log/journal (#1048424) +- Do not assume fstab is present (#1281606) + +* Wed Nov 11 2015 Fedora Release Engineering - 227-6 +- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 + +* Tue Nov 10 2015 Lukáš Nykrýn - 227-5 +- Rebuild for libmicrohttpd soname bump + +* Fri Nov 06 2015 Robert Kuska - 227-4 +- Rebuilt for Python3.5 rebuild + +* Wed Nov 4 2015 Zbigniew Jędrzejewski-Szmek - 227-3 +- Fix syntax in kernel-install (#1277264) + +* Tue Nov 03 2015 Michal Schmidt - 227-2 +- Rebuild for libmicrohttpd soname bump. + +* Wed Oct 7 2015 Kay Sievers - 227-1 +- New upstream release + +* Fri Sep 18 2015 Jan Synáček - 226-3 +- user systemd-journal-upload should be in systemd-journal group (#1262743) + +* Fri Sep 18 2015 Kay Sievers - 226-2 +- Add selinux to system-user PAM config + +* Tue Sep 8 2015 Kay Sievers - 226-1 +- New upstream release + +* Thu Aug 27 2015 Kay Sievers - 225-1 +- New upstream release + +* Fri Jul 31 2015 Kay Sievers - 224-1 +- New upstream release + +* Wed Jul 29 2015 Kay Sievers - 223-2 +- update to git snapshot + +* Wed Jul 29 2015 Kay Sievers - 223-1 +- New upstream release + +* Thu Jul 9 2015 Zbigniew Jędrzejewski-Szmek - 222-2 +- Remove python subpackages (python-systemd in now standalone) + +* Tue Jul 7 2015 Kay Sievers - 222-1 +- New upstream release + +* Mon Jul 6 2015 Kay Sievers - 221-5.git619b80a +- update to git snapshot + +* Mon Jul 6 2015 Zbigniew Jędrzejewski-Szmek - 221-4.git604f02a +- Add example file with yama config (#1234951) + +* Sun Jul 5 2015 Kay Sievers - 221-3.git604f02a +- update to git snapshot + +* Mon Jun 22 2015 Kay Sievers - 221-2 +- build systemd-boot EFI tools + +* Fri Jun 19 2015 Lennart Poettering - 221-1 +- New upstream release +- Undoes botched translation check, should be reinstated later? + +* Fri Jun 19 2015 Fedora Release Engineering - 220-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Thu Jun 11 2015 Peter Robinson 220-9 +- The gold linker is now fixed on aarch64 + +* Tue Jun 9 2015 Zbigniew Jędrzejewski-Szmek - 220-8 +- Remove gudev which is now provided as separate package (libgudev) +- Fix for spurious selinux denials (#1224211) +- Udev change events (#1225905) +- Patches for some potential crashes +- ProtectSystem=yes does not touch /home +- Man page fixes, hwdb updates, shell completion updates +- Restored persistent device symlinks for bcache, xen block devices +- Tag all DRM cards as master-of-seat + +* Tue Jun 09 2015 Harald Hoyer 220-7 +- fix udev block device watch + +* Tue Jun 09 2015 Harald Hoyer 220-6 +- add support for network disk encryption + +* Sun Jun 7 2015 Peter Robinson 220-5 +- Disable gold on aarch64 until it's fixed (tracked in rhbz #1225156) + +* Sat May 30 2015 Zbigniew Jędrzejewski-Szmek - 220-4 +- systemd-devel should require systemd-libs, not the main package (#1226301) +- Check for botched translations (#1226566) +- Make /etc/udev/hwdb.d part of the rpm (#1226379) + +* Thu May 28 2015 Richard W.M. Jones - 220-3 +- Add patch to fix udev --daemon not cleaning child processes + (upstream commit 86c3bece38bcf5). + +* Wed May 27 2015 Richard W.M. Jones - 220-2 +- Add patch to fix udev --daemon crash (upstream commit 040e689654ef08). + +* Thu May 21 2015 Lennart Poettering - 220-1 +- New upstream release +- Drop /etc/mtab hack, as that's apparently fixed in mock now (#1116158) +- Remove ghosting for /etc/systemd/system/runlevel*.target, these + targets are not configurable anymore in systemd upstream +- Drop work-around for #1002806, since this is solved upstream now + +* Wed May 20 2015 Dennis Gilmore - 219-15 +- fix up the conflicts version for fedora-release + +* Wed May 20 2015 Zbigniew Jędrzejewski-Szmek - 219-14 +- Remove presets (#1221340) +- Fix (potential) crash and memory leak in timedated, locking failure + in systemd-nspawn, crash in resolved. +- journalctl --list-boots should be faster +- zsh completions are improved +- various ommissions in docs are corrected (#1147651) +- VARIANT and VARIANT_ID fields in os-release are documented +- systemd-fsck-root.service is generated in the initramfs (#1201979, #1107818) +- systemd-tmpfiles should behave better on read-only file systems (#1207083) + +* Wed Apr 29 2015 Zbigniew Jędrzejewski-Szmek - 219-13 +- Patches for some outstanding annoyances +- Small keyboard hwdb updates + +* Wed Apr 8 2015 Zbigniew Jędrzejewski-Szmek - 219-12 +- Tighten requirements between subpackages (#1207381). + +* Sun Mar 22 2015 Zbigniew Jędrzejewski-Szmek - 219-11 +- Move all parts systemd-journal-{remote,upload} to + systemd-journal-gatewayd subpackage (#1193143). +- Create /var/lib/systemd/journal-upload directory (#1193145). +- Cut out lots of stupid messages at debug level which were obscuring more + important stuff. +- Apply "tentative" state for devices only when they are added, not removed. +- Ignore invalid swap pri= settings (#1204336) +- Fix SELinux check for timedated operations to enable/disable ntp (#1014315) +- Fix comparing of filesystem paths (#1184016) + +* Sat Mar 14 2015 Zbigniew Jędrzejewski-Szmek - 219-10 +- Fixes for bugs 1186018, 1195294, 1185604, 1196452. +- Hardware database update. +- Documentation fixes. +- A fix for journalctl performance regression. +- Fix detection of inability to open files in journalctl. +- Detect SuperH architecture properly. +- The first of duplicate lines in tmpfiles wins again. +- Do vconsole setup after loading vconsole driver, not fbcon. +- Fix problem where some units were restarted during systemd reexec. +- Fix race in udevadm settle tripping up NetworkManager. +- Downgrade various log messages. +- Fix issue where journal-remote would process some messages with a delay. +- GPT /srv partition autodiscovery is fixed. +- Reconfigure old Finnish keymaps in post (#1151958) + +* Tue Mar 10 2015 Jan Synáček - 219-9 +- Buttons on Lenovo X6* tablets broken (#1198939) + +* Tue Mar 3 2015 Zbigniew Jędrzejewski-Szmek - 219-8 +- Reworked device handling (#1195761) +- ACL handling fixes (with a script in %%post) +- Various log messages downgraded (#1184712) +- Allow PIE on s390 again (#1197721) + +* Wed Feb 25 2015 Michal Schmidt - 219-7 +- arm: reenable lto. gcc-5.0.0-0.16 fixed the crash (#1193212) + +* Tue Feb 24 2015 Colin Walters - 219-6 +- Revert patch that breaks Atomic/OSTree (#1195761) + +* Fri Feb 20 2015 Michal Schmidt - 219-5 +- Undo the resolv.conf workaround, Aim for a proper fix in Rawhide. + +* Fri Feb 20 2015 Michal Schmidt - 219-4 +- Revive fedora-disable-resolv.conf-symlink.patch to unbreak composes. + +* Wed Feb 18 2015 Michal Schmidt - 219-3 +- arm: disabling gold did not help; disable lto instead (#1193212) + +* Tue Feb 17 2015 Peter Jones - 219-2 +- Update 90-default.present for dbxtool. + +* Mon Feb 16 2015 Lennart Poettering - 219-1 +- New upstream release +- This removes the sysctl/bridge hack, a different solution needs to be found for this (see #634736) +- This removes the /etc/resolv.conf hack, anaconda needs to fix their handling of /etc/resolv.conf as symlink +- This enables "%%check" +- disable gold on arm, as that is broken (see #1193212) + +* Mon Feb 16 2015 Peter Robinson 218-6 +- aarch64 now has seccomp support + +* Thu Feb 05 2015 Michal Schmidt - 218-5 +- Don't overwrite systemd.macros with unrelated Source file. + +* Thu Feb 5 2015 Jan Synáček - 218-4 +- Add a touchpad hwdb (#1189319) + +* Thu Jan 15 2015 Zbigniew Jędrzejewski-Szmek - 218-4 +- Enable xkbcommon dependency to allow checking of keymaps +- Fix permissions of /var/log/journal (#1048424) +- Enable timedatex in presets (#1187072) +- Disable rpcbind in presets (#1099595) + +* Wed Jan 7 2015 Jan Synáček - 218-3 +- RFE: journal: automatically rotate the file if it is unlinked (#1171719) + +* Mon Jan 05 2015 Zbigniew Jędrzejewski-Szmek - 218-3 +- Add firewall description files (#1176626) + +* Thu Dec 18 2014 Jan Synáček - 218-2 +- systemd-nspawn doesn't work on s390/s390x (#1175394) + +* Wed Dec 10 2014 Lennart Poettering - 218-1 +- New upstream release +- Enable "nss-mymachines" in /etc/nsswitch.conf + +* Thu Nov 06 2014 Zbigniew Jędrzejewski-Szmek - 217-4 +- Change libgudev1 to only require systemd-libs (#727499), there's + no need to require full systemd stack. +- Fixes for bugs #1159448, #1152220, #1158035. +- Bash completions updates to allow propose more units for start/restart, + and completions for set-default,get-default. +- Again allow systemctl enable of instances. +- Hardware database update and fixes. +- Udev crash on invalid options and kernel commandline timeout parsing are fixed. +- Add "embedded" chassis type. +- Sync before 'reboot -f'. +- Fix restarting of timer units. + +* Wed Nov 05 2014 Michal Schmidt - 217-3 +- Fix hanging journal flush (#1159641) + +* Fri Oct 31 2014 Michal Schmidt - 217-2 +- Fix ordering cycles involving systemd-journal-flush.service and + remote-fs.target (#1159117) + +* Tue Oct 28 2014 Lennart Poettering - 217-1 +- New upstream release + +* Fri Oct 17 2014 Zbigniew Jędrzejewski-Szmek - 216-12 +- Drop PackageKit.service from presets (#1154126) + +* Mon Oct 13 2014 Zbigniew Jędrzejewski-Szmek - 216-11 +- Conflict with old versions of initscripts (#1152183) +- Remove obsolete Finnish keymap (#1151958) + +* Fri Oct 10 2014 Zbigniew Jędrzejewski-Szmek - 216-10 +- Fix a problem with voluntary daemon exits and some other bugs + (#1150477, #1095962, #1150289) + +* Fri Oct 03 2014 Zbigniew Jędrzejewski-Szmek - 216-9 +- Update to latest git, but without the readahead removal patch + (#1114786, #634736) + +* Wed Oct 01 2014 Kay Sievers - 216-8 +- revert "don't reset selinux context during CHANGE events" + +* Wed Oct 01 2014 Lukáš Nykrýn - 216-7 +- add temporary workaround for #1147910 +- don't reset selinux context during CHANGE events + +* Wed Sep 10 2014 Michal Schmidt - 216-6 +- Update timesyncd with patches to avoid hitting NTP pool too often. + +* Tue Sep 09 2014 Michal Schmidt - 216-5 +- Use common CONFIGURE_OPTS for build2 and build3. +- Configure timesyncd with NTP servers from Fedora/RHEL vendor zone. + +* Wed Sep 03 2014 Zbigniew Jędrzejewski-Szmek - 216-4 +- Move config files for sd-j-remote/upload to sd-journal-gateway subpackage (#1136580) + +* Thu Aug 28 2014 Peter Robinson 216-3 +- Drop no LTO build option for aarch64/s390 now it's fixed in binutils (RHBZ 1091611) + +* Thu Aug 21 2014 Zbigniew Jędrzejewski-Szmek - 216-2 +- Re-add patch to disable resolve.conf symlink (#1043119) + +* Wed Aug 20 2014 Lennart Poettering - 216-1 +- New upstream release + +* Mon Aug 18 2014 Fedora Release Engineering - 215-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Wed Aug 13 2014 Dan Horák 215-11 +- disable LTO also on s390(x) + +* Sat Aug 09 2014 Harald Hoyer 215-10 +- fixed PPC64LE + +* Wed Aug 6 2014 Tom Callaway - 215-9 +- fix license handling + +* Wed Jul 30 2014 Zbigniew Jędrzejewski-Szmek - 215-8 +- Create systemd-journal-remote and systemd-journal-upload users (#1118907) + +* Thu Jul 24 2014 Zbigniew Jędrzejewski-Szmek - 215-7 +- Split out systemd-compat-libs subpackage + +* Tue Jul 22 2014 Kalev Lember - 215-6 +- Rebuilt for gobject-introspection 1.41.4 + +* Mon Jul 21 2014 Zbigniew Jędrzejewski-Szmek - 215-5 +- Fix SELinux context of /etc/passwd-, /etc/group-, /etc/.updated (#1121806) +- Add missing BR so gnutls and elfutils are used + +* Sat Jul 19 2014 Zbigniew Jędrzejewski-Szmek - 215-4 +- Various man page updates +- Static device node logic is conditionalized on CAP_SYS_MODULES instead of CAP_MKNOD + for better behaviour in containers +- Some small networkd link handling fixes +- vconsole-setup runs setfont before loadkeys (https://bugs.freedesktop.org/show_bug.cgi?id=80685) +- New systemd-escape tool +- XZ compression settings are tweaked to greatly improve journald performance +- "watch" is accepted as chassis type +- Various sysusers fixes, most importantly correct selinux labels +- systemd-timesyncd bug fix (https://bugs.freedesktop.org/show_bug.cgi?id=80932) +- Shell completion improvements +- New udev tag ID_SOFTWARE_RADIO can be used to instruct logind to allow user access +- XEN and s390 virtualization is properly detected + +* Mon Jul 07 2014 Colin Walters - 215-3 +- Add patch to disable resolve.conf symlink (#1043119) + +* Sun Jul 06 2014 Zbigniew Jędrzejewski-Szmek - 215-2 +- Move systemd-journal-remote to systemd-journal-gateway package (#1114688) +- Disable /etc/mtab handling temporarily (#1116158) + +* Thu Jul 03 2014 Lennart Poettering - 215-1 +- New upstream release +- Enable coredump logic (which abrt would normally override) + +* Sun Jun 29 2014 Peter Robinson 214-5 +- On aarch64 disable LTO as it still has issues on that arch + +* Thu Jun 26 2014 Zbigniew Jędrzejewski-Szmek - 214-4 +- Bugfixes (#996133, #1112908) + +* Mon Jun 23 2014 Zbigniew Jędrzejewski-Szmek - 214-3 +- Actually create input group (#1054549) + +* Sun Jun 22 2014 Zbigniew Jędrzejewski-Szmek - 214-2 +- Do not restart systemd-logind on upgrades (#1110697) +- Add some patches (#1081429, #1054549, #1108568, #928962) + +* Wed Jun 11 2014 Lennart Poettering - 214-1 +- New upstream release +- Get rid of "floppy" group, since udev uses "disk" now +- Reenable LTO + +* Sun Jun 08 2014 Fedora Release Engineering - 213-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed May 28 2014 Kay Sievers - 213-3 +- fix systemd-timesync user creation + +* Wed May 28 2014 Michal Sekletar - 213-2 +- Create temporary files after installation (#1101983) +- Add sysstat-collect.timer, sysstat-summary.timer to preset policy (#1101621) + +* Wed May 28 2014 Kay Sievers - 213-1 +- New upstream release + +* Tue May 27 2014 Kalev Lember - 212-6 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 + +* Fri May 23 2014 Adam Williamson - 212-5 +- revert change from 212-4, causes boot fail on single CPU boxes (RHBZ 1095891) + +* Wed May 07 2014 Kay Sievers - 212-4 +- add netns udev workaround + +* Wed May 07 2014 Michal Sekletar - 212-3 +- enable uuidd.socket by default (#1095353) + +* Sat Apr 26 2014 Peter Robinson 212-2 +- Disable building with -flto for the moment due to gcc 4.9 issues (RHBZ 1091611) + +* Tue Mar 25 2014 Lennart Poettering - 212-1 +- New upstream release + +* Mon Mar 17 2014 Peter Robinson 211-2 +- Explicitly define which upstream platforms support libseccomp + +* Tue Mar 11 2014 Lennart Poettering - 211-1 +- New upstream release + +* Mon Mar 10 2014 Zbigniew Jędrzejewski-Szmek - 210-8 +- Fix logind unpriviledged reboot issue and a few other minor fixes +- Limit generator execution time +- Recognize buttonless joystick types + +* Fri Mar 07 2014 Karsten Hopp 210-7 +- ppc64le needs link warnings disabled, too + +* Fri Mar 07 2014 Karsten Hopp 210-6 +- move ifarch ppc64le to correct place (libseccomp req) + +* Fri Mar 07 2014 Zbigniew Jędrzejewski-Szmek - 210-5 +- Bugfixes: #1047568, #1047039, #1071128, #1073402 +- Bash completions for more systemd tools +- Bluetooth database update +- Manpage fixes + +* Thu Mar 06 2014 Zbigniew Jędrzejewski-Szmek - 210-4 +- Apply work-around for ppc64le too (#1073647). + +* Sat Mar 01 2014 Zbigniew Jędrzejewski-Szmek - 210-3 +- Backport a few patches, add completion for systemd-nspawn. + +* Fri Feb 28 2014 Zbigniew Jędrzejewski-Szmek - 210-3 +- Apply work-arounds for ppc/ppc64 for bugs 1071278 and 1071284 + +* Mon Feb 24 2014 Lennart Poettering - 210-2 +- Check more services against preset list and enable by default + +* Mon Feb 24 2014 Lennart Poettering - 210-1 +- new upstream release + +* Sun Feb 23 2014 Zbigniew Jędrzejewski-Szmek - 209-2.gitf01de96 +- Enable dnssec-triggerd.service by default (#1060754) + +* Sun Feb 23 2014 Kay Sievers - 209-2.gitf01de96 +- git snapshot to sort out ARM build issues + +* Thu Feb 20 2014 Lennart Poettering - 209-1 +- new upstream release + +* Tue Feb 18 2014 Zbigniew Jędrzejewski-Szmek - 208-15 +- Make gpsd lazily activated (#1066421) + +* Mon Feb 17 2014 Zbigniew Jędrzejewski-Szmek - 208-14 +- Back out patch which causes user manager to be destroyed when unneeded + and spams logs (#1053315) + +* Sun Feb 16 2014 Zbigniew Jędrzejewski-Szmek - 208-13 +- A different fix for #1023820 taken from Mageia +- Backported fix for #997031 +- Hardward database updates, man pages improvements, a few small memory + leaks, utf-8 correctness and completion fixes +- Support for key-slot option in crypttab + +* Sat Jan 25 2014 Ville Skyttä - 208-12 +- Own the %%{_prefix}/lib/kernel(/*) and %%{_datadir}/zsh(/*) dirs. + +* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-11 +- Backport a few fixes, relevant documentation updates, and HWDB changes + (#1051797, #1051768, #1047335, #1047304, #1047186, #1045849, #1043304, + #1043212, #1039351, #1031325, #1023820, #1017509, #953077) +- Flip journalctl to --full by default (#984758) + +* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-9 +- Apply two patches for #1026860 + +* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-8 +- Bump release to stay ahead of f20 + +* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-7 +- Backport patches (#1023041, #1036845, #1006386?) +- HWDB update +- Some small new features: nspawn --drop-capability=, running PID 1 under + valgrind, "yearly" and "annually" in calendar specifications +- Some small documentation and logging updates + +* Tue Nov 19 2013 Zbigniew Jędrzejewski-Szmek - 208-6 +- Bump release to stay ahead of f20 + +* Tue Nov 19 2013 Zbigniew Jędrzejewski-Szmek - 208-5 +- Use unit name in PrivateTmp= directories (#957439) +- Update manual pages, completion scripts, and hardware database +- Configurable Timeouts/Restarts default values +- Support printing of timestamps on the console +- Fix some corner cases in detecting when writing to the console is safe +- Python API: convert keyword values to string, fix sd_is_booted() wrapper +- Do not tread missing /sbin/fsck.btrfs as an error (#1015467) +- Allow masking of fsck units +- Advertise hibernation to swap files +- Fix SO_REUSEPORT settings +- Prefer converted xkb keymaps to legacy keymaps (#981805, #1026872) +- Make use of newer kmod +- Assorted bugfixes: #1017161, #967521, #988883, #1027478, #821723, #1014303 + +* Tue Oct 22 2013 Zbigniew Jędrzejewski-Szmek - 208-4 +- Add temporary fix for #1002806 + +* Mon Oct 21 2013 Zbigniew Jędrzejewski-Szmek - 208-3 +- Backport a bunch of fixes and hwdb updates + +* Wed Oct 2 2013 Lennart Poettering - 208-2 +- Move old random seed and backlight files into the right place + +* Wed Oct 2 2013 Lennart Poettering - 208-1 +- New upstream release + +* Thu Sep 26 2013 Zbigniew Jędrzejewski-Szmek 207-5 +- Do not create /var/var/... dirs + +* Wed Sep 18 2013 Zbigniew Jędrzejewski-Szmek 207-4 +- Fix policykit authentication +- Resolves: rhbz#1006680 + +* Tue Sep 17 2013 Harald Hoyer 207-3 +- fixed login +- Resolves: rhbz#1005233 + +* Mon Sep 16 2013 Harald Hoyer 207-2 +- add some upstream fixes for 207 +- fixed swap activation +- Resolves: rhbz#1008604 + +* Fri Sep 13 2013 Lennart Poettering - 207-1 +- New upstream release + +* Fri Sep 06 2013 Harald Hoyer 206-11 +- support "debug" kernel command line parameter +- journald: fix fd leak in journal_file_empty +- journald: fix vacuuming of archived journals +- libudev: enumerate - do not try to match against an empty subsystem +- cgtop: fixup the online help +- libudev: fix memleak when enumerating childs + +* Wed Sep 04 2013 Harald Hoyer 206-10 +- Do not require grubby, lorax now takes care of grubby +- cherry-picked a lot of patches from upstream + +* Tue Aug 27 2013 Dennis Gilmore - 206-9 +- Require grubby, Fedora installs require grubby, +- kernel-install took over from new-kernel-pkg +- without the Requires we are unable to compose Fedora +- everyone else says that since kernel-install took over +- it is responsible for ensuring that grubby is in place +- this is really what we want for Fedora + +* Tue Aug 27 2013 Kay Sievers - 206-8 +- Revert "Require grubby its needed by kernel-install" + +* Mon Aug 26 2013 Dennis Gilmore 206-7 +- Require grubby its needed by kernel-install + +* Thu Aug 22 2013 Harald Hoyer 206-6 +- kernel-install now understands kernel flavors like PAE + +* Tue Aug 20 2013 Rex Dieter - 206-5 +- add sddm.service to preset file (#998978) + +* Fri Aug 16 2013 Zbigniew Jędrzejewski-Szmek - 206-4 +- Filter out provides for private python modules. +- Add requires on kmod >= 14 (#990994). + +* Sun Aug 11 2013 Zbigniew Jedrzejewski-Szmek - 206-3 +- New systemd-python3 package (#976427). +- Add ownership of a few directories that we create (#894202). + +* Sun Aug 04 2013 Fedora Release Engineering - 206-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Tue Jul 23 2013 Kay Sievers - 206-1 +- New upstream release + Resolves (#984152) + +* Wed Jul 3 2013 Lennart Poettering - 205-1 +- New upstream release + +* Wed Jun 26 2013 Michal Schmidt 204-10 +- Split systemd-journal-gateway subpackage (#908081). + +* Mon Jun 24 2013 Michal Schmidt 204-9 +- Rename nm_dispatcher to NetworkManager-dispatcher in default preset (#977433) + +* Fri Jun 14 2013 Harald Hoyer 204-8 +- fix, which helps to sucessfully browse journals with + duplicated seqnums + +* Fri Jun 14 2013 Harald Hoyer 204-7 +- fix duplicate message ID bug +Resolves: rhbz#974132 + +* Thu Jun 06 2013 Harald Hoyer 204-6 +- introduce 99-default-disable.preset + +* Thu Jun 6 2013 Lennart Poettering - 204-5 +- Rename 90-display-manager.preset to 85-display-manager.preset so that it actually takes precedence over 90-default.preset's "disable *" line (#903690) + +* Tue May 28 2013 Harald Hoyer 204-4 +- Fix kernel-install (#965897) + +* Wed May 22 2013 Kay Sievers - 204-3 +- Fix kernel-install (#965897) + +* Thu May 9 2013 Lennart Poettering - 204-2 +- New upstream release +- disable isdn by default (#959793) + +* Tue May 07 2013 Harald Hoyer 203-2 +- forward port kernel-install-grubby.patch + +* Tue May 7 2013 Lennart Poettering - 203-1 +- New upstream release + +* Wed Apr 24 2013 Harald Hoyer 202-3 +- fix ENOENT for getaddrinfo +- Resolves: rhbz#954012 rhbz#956035 +- crypt-setup-generator: correctly check return of strdup +- logind-dbus: initialize result variable +- prevent library underlinking + +* Fri Apr 19 2013 Harald Hoyer 202-2 +- nspawn create empty /etc/resolv.conf if necessary +- python wrapper: add sd_journal_add_conjunction() +- fix s390 booting +- Resolves: rhbz#953217 + +* Thu Apr 18 2013 Lennart Poettering - 202-1 +- New upstream release + +* Tue Apr 09 2013 Michal Schmidt - 201-2 +- Automatically discover whether to run autoreconf and add autotools and git + BuildRequires based on the presence of patches to be applied. +- Use find -delete. + +* Mon Apr 8 2013 Lennart Poettering - 201-1 +- New upstream release + +* Mon Apr 8 2013 Lennart Poettering - 200-4 +- Update preset file + +* Fri Mar 29 2013 Lennart Poettering - 200-3 +- Remove NetworkManager-wait-online.service from presets file again, it should default to off + +* Fri Mar 29 2013 Lennart Poettering - 200-2 +- New upstream release + +* Tue Mar 26 2013 Lennart Poettering - 199-2 +- Add NetworkManager-wait-online.service to the presets file + +* Tue Mar 26 2013 Lennart Poettering - 199-1 +- New upstream release + +* Mon Mar 18 2013 Michal Schmidt 198-7 +- Drop /usr/s?bin/ prefixes. + +* Fri Mar 15 2013 Harald Hoyer 198-6 +- run autogen to pickup all changes + +* Fri Mar 15 2013 Harald Hoyer 198-5 +- do not mount anything, when not running as pid 1 +- add initrd.target for systemd in the initrd + +* Wed Mar 13 2013 Harald Hoyer 198-4 +- fix switch-root and local-fs.target problem +- patch kernel-install to use grubby, if available + +* Fri Mar 08 2013 Harald Hoyer 198-3 +- add Conflict with dracut < 026 because of the new switch-root isolate + +* Thu Mar 7 2013 Lennart Poettering - 198-2 +- Create required users + +* Thu Mar 7 2013 Lennart Poettering - 198-1 +- New release +- Enable journal persistancy by default + +* Sun Feb 10 2013 Peter Robinson 197-3 +- Bump for ARM + +* Fri Jan 18 2013 Michal Schmidt - 197-2 +- Added qemu-guest-agent.service to presets (Lennart, #885406). +- Add missing pygobject3-base to systemd-analyze deps (Lennart). +- Do not require hwdata, it is all in the hwdb now (Kay). +- Drop dependency on dbus-python. + +* Tue Jan 8 2013 Lennart Poettering - 197-1 +- New upstream release + +* Mon Dec 10 2012 Michal Schmidt - 196-4 +- Enable rngd.service by default (#857765). + +* Mon Dec 10 2012 Michal Schmidt - 196-3 +- Disable hardening on s390(x) because PIE is broken there and produces + text relocations with __thread (#868839). + +* Wed Dec 05 2012 Michal Schmidt - 196-2 +- added spice-vdagentd.service to presets (Lennart, #876237) +- BR cryptsetup-devel instead of the legacy cryptsetup-luks-devel provide name + (requested by Milan Brož). +- verbose make to see the actual build flags + +* Wed Nov 21 2012 Lennart Poettering - 196-1 +- New upstream release + +* Tue Nov 20 2012 Lennart Poettering - 195-8 +- https://bugzilla.redhat.com/show_bug.cgi?id=873459 +- https://bugzilla.redhat.com/show_bug.cgi?id=878093 + +* Thu Nov 15 2012 Michal Schmidt - 195-7 +- Revert udev killing cgroup patch for F18 Beta. +- https://bugzilla.redhat.com/show_bug.cgi?id=873576 + +* Fri Nov 09 2012 Michal Schmidt - 195-6 +- Fix cyclical dep between systemd and systemd-libs. +- Avoid broken build of test-journal-syslog. +- https://bugzilla.redhat.com/show_bug.cgi?id=873387 +- https://bugzilla.redhat.com/show_bug.cgi?id=872638 + +* Thu Oct 25 2012 Kay Sievers - 195-5 +- require 'sed', limit HOSTNAME= match + +* Wed Oct 24 2012 Michal Schmidt - 195-4 +- add dmraid-activation.service to the default preset +- add yum protected.d fragment +- https://bugzilla.redhat.com/show_bug.cgi?id=869619 +- https://bugzilla.redhat.com/show_bug.cgi?id=869717 + +* Wed Oct 24 2012 Kay Sievers - 195-3 +- Migrate /etc/sysconfig/ i18n, keyboard, network files/variables to + systemd native files + +* Tue Oct 23 2012 Lennart Poettering - 195-2 +- Provide syslog because the journal is fine as a syslog implementation + +* Tue Oct 23 2012 Lennart Poettering - 195-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=831665 +- https://bugzilla.redhat.com/show_bug.cgi?id=847720 +- https://bugzilla.redhat.com/show_bug.cgi?id=858693 +- https://bugzilla.redhat.com/show_bug.cgi?id=863481 +- https://bugzilla.redhat.com/show_bug.cgi?id=864629 +- https://bugzilla.redhat.com/show_bug.cgi?id=864672 +- https://bugzilla.redhat.com/show_bug.cgi?id=864674 +- https://bugzilla.redhat.com/show_bug.cgi?id=865128 +- https://bugzilla.redhat.com/show_bug.cgi?id=866346 +- https://bugzilla.redhat.com/show_bug.cgi?id=867407 +- https://bugzilla.redhat.com/show_bug.cgi?id=868603 + +* Wed Oct 10 2012 Michal Schmidt - 194-2 +- Add scriptlets for migration away from systemd-timedated-ntp.target + +* Wed Oct 3 2012 Lennart Poettering - 194-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=859614 +- https://bugzilla.redhat.com/show_bug.cgi?id=859655 + +* Fri Sep 28 2012 Lennart Poettering - 193-1 +- New upstream release + +* Tue Sep 25 2012 Lennart Poettering - 192-1 +- New upstream release + +* Fri Sep 21 2012 Lennart Poettering - 191-2 +- Fix journal mmap header prototype definition to fix compilation on 32bit + +* Fri Sep 21 2012 Lennart Poettering - 191-1 +- New upstream release +- Enable all display managers by default, as discussed with Adam Williamson + +* Thu Sep 20 2012 Lennart Poettering - 190-1 +- New upstream release +- Take possession of /etc/localtime, and remove /etc/sysconfig/clock +- https://bugzilla.redhat.com/show_bug.cgi?id=858780 +- https://bugzilla.redhat.com/show_bug.cgi?id=858787 +- https://bugzilla.redhat.com/show_bug.cgi?id=858771 +- https://bugzilla.redhat.com/show_bug.cgi?id=858754 +- https://bugzilla.redhat.com/show_bug.cgi?id=858746 +- https://bugzilla.redhat.com/show_bug.cgi?id=858266 +- https://bugzilla.redhat.com/show_bug.cgi?id=858224 +- https://bugzilla.redhat.com/show_bug.cgi?id=857670 +- https://bugzilla.redhat.com/show_bug.cgi?id=856975 +- https://bugzilla.redhat.com/show_bug.cgi?id=855863 +- https://bugzilla.redhat.com/show_bug.cgi?id=851970 +- https://bugzilla.redhat.com/show_bug.cgi?id=851275 +- https://bugzilla.redhat.com/show_bug.cgi?id=851131 +- https://bugzilla.redhat.com/show_bug.cgi?id=847472 +- https://bugzilla.redhat.com/show_bug.cgi?id=847207 +- https://bugzilla.redhat.com/show_bug.cgi?id=846483 +- https://bugzilla.redhat.com/show_bug.cgi?id=846085 +- https://bugzilla.redhat.com/show_bug.cgi?id=845973 +- https://bugzilla.redhat.com/show_bug.cgi?id=845194 +- https://bugzilla.redhat.com/show_bug.cgi?id=845028 +- https://bugzilla.redhat.com/show_bug.cgi?id=844630 +- https://bugzilla.redhat.com/show_bug.cgi?id=839736 +- https://bugzilla.redhat.com/show_bug.cgi?id=835848 +- https://bugzilla.redhat.com/show_bug.cgi?id=831740 +- https://bugzilla.redhat.com/show_bug.cgi?id=823485 +- https://bugzilla.redhat.com/show_bug.cgi?id=821813 +- https://bugzilla.redhat.com/show_bug.cgi?id=807886 +- https://bugzilla.redhat.com/show_bug.cgi?id=802198 +- https://bugzilla.redhat.com/show_bug.cgi?id=767795 +- https://bugzilla.redhat.com/show_bug.cgi?id=767561 +- https://bugzilla.redhat.com/show_bug.cgi?id=752774 +- https://bugzilla.redhat.com/show_bug.cgi?id=732874 +- https://bugzilla.redhat.com/show_bug.cgi?id=858735 + +* Thu Sep 13 2012 Lennart Poettering - 189-4 +- Don't pull in pkg-config as dep +- https://bugzilla.redhat.com/show_bug.cgi?id=852828 + +* Wed Sep 12 2012 Lennart Poettering - 189-3 +- Update preset policy +- Rename preset policy file from 99-default.preset to 90-default.preset so that people can order their own stuff after the Fedora default policy if they wish + +* Thu Aug 23 2012 Lennart Poettering - 189-2 +- Update preset policy +- https://bugzilla.redhat.com/show_bug.cgi?id=850814 + +* Thu Aug 23 2012 Lennart Poettering - 189-1 +- New upstream release + +* Thu Aug 16 2012 Ray Strode 188-4 +- more scriptlet fixes + (move dm migration logic to %%posttrans so the service + files it's looking for are available at the time + the logic is run) + +* Sat Aug 11 2012 Lennart Poettering - 188-3 +- Remount file systems MS_PRIVATE before switching roots +- https://bugzilla.redhat.com/show_bug.cgi?id=847418 + +* Wed Aug 08 2012 Rex Dieter - 188-2 +- fix scriptlets + +* Wed Aug 8 2012 Lennart Poettering - 188-1 +- New upstream release +- Enable gdm and avahi by default via the preset file +- Convert /etc/sysconfig/desktop to display-manager.service symlink +- Enable hardened build + +* Mon Jul 30 2012 Kay Sievers - 187-3 +- Obsolete: system-setup-keyboard + +* Wed Jul 25 2012 Kalev Lember - 187-2 +- Run ldconfig for the new -libs subpackage + +* Thu Jul 19 2012 Lennart Poettering - 187-1 +- New upstream release + +* Mon Jul 09 2012 Harald Hoyer 186-2 +- fixed dracut conflict version + +* Tue Jul 3 2012 Lennart Poettering - 186-1 +- New upstream release + +* Fri Jun 22 2012 Nils Philippsen - 185-7.gite7aee75 +- add obsoletes/conflicts so multilib systemd -> systemd-libs updates work + +* Thu Jun 14 2012 Michal Schmidt - 185-6.gite7aee75 +- Update to current git + +* Wed Jun 06 2012 Kay Sievers - 185-5.gita2368a3 +- disable plymouth in configure, to drop the .wants/ symlinks + +* Wed Jun 06 2012 Michal Schmidt - 185-4.gita2368a3 +- Update to current git snapshot + - Add systemd-readahead-analyze + - Drop upstream patch +- Split systemd-libs +- Drop duplicate doc files +- Fixed License headers of subpackages + +* Wed Jun 06 2012 Ray Strode - 185-3 +- Drop plymouth files +- Conflict with old plymouth + +* Tue Jun 05 2012 Kay Sievers - 185-2 +- selinux udev labeling fix +- conflict with older dracut versions for new udev file names + +* Mon Jun 04 2012 Kay Sievers - 185-1 +- New upstream release + - udev selinux labeling fixes + - new man pages + - systemctl help + +* Thu May 31 2012 Lennart Poettering - 184-1 +- New upstream release + +* Thu May 24 2012 Kay Sievers - 183-1 +- New upstream release including udev merge. + +* Wed Mar 28 2012 Michal Schmidt - 44-4 +- Add triggers from Bill Nottingham to correct the damage done by + the obsoleted systemd-units's preun scriptlet (#807457). + +* Mon Mar 26 2012 Dennis Gilmore - 44-3 +- apply patch from upstream so we can build systemd on arm and ppc +- and likely the rest of the secondary arches + +* Tue Mar 20 2012 Michal Schmidt - 44-2 +- Don't build the gtk parts anymore. They're moving into systemd-ui. +- Remove a dead patch file. + +* Fri Mar 16 2012 Lennart Poettering - 44-1 +- New upstream release +- Closes #798760, #784921, #783134, #768523, #781735 + +* Mon Feb 27 2012 Dennis Gilmore - 43-2 +- don't conflict with fedora-release systemd never actually provided +- /etc/os-release so there is no actual conflict + +* Wed Feb 15 2012 Lennart Poettering - 43-1 +- New upstream release +- Closes #789758, #790260, #790522 + +* Sat Feb 11 2012 Lennart Poettering - 42-1 +- New upstream release +- Save a bit of entropy during system installation (#789407) +- Don't own /etc/os-release anymore, leave that to fedora-release + +* Thu Feb 9 2012 Adam Williamson - 41-2 +- rebuild for fixed binutils + +* Thu Feb 9 2012 Lennart Poettering - 41-1 +- New upstream release + +* Tue Feb 7 2012 Lennart Poettering - 40-1 +- New upstream release + +* Thu Jan 26 2012 Kay Sievers - 39-3 +- provide /sbin/shutdown + +* Wed Jan 25 2012 Harald Hoyer 39-2 +- increment release + +* Wed Jan 25 2012 Kay Sievers - 39-1.1 +- install everything in /usr + https://fedoraproject.org/wiki/Features/UsrMove + +* Wed Jan 25 2012 Lennart Poettering - 39-1 +- New upstream release + +* Sun Jan 22 2012 Michal Schmidt - 38-6.git9fa2f41 +- Update to a current git snapshot. +- Resolves: #781657 + +* Sun Jan 22 2012 Michal Schmidt - 38-5 +- Build against libgee06. Reenable gtk tools. +- Delete unused patches. +- Add easy building of git snapshots. +- Remove legacy spec file elements. +- Don't mention implicit BuildRequires. +- Configure with --disable-static. +- Merge -units into the main package. +- Move section 3 manpages to -devel. +- Fix unowned directory. +- Run ldconfig in scriptlets. +- Split systemd-analyze to a subpackage. + +* Sat Jan 21 2012 Dan Horák - 38-4 +- fix build on big-endians + +* Wed Jan 11 2012 Lennart Poettering - 38-3 +- Disable building of gtk tools for now + +* Wed Jan 11 2012 Lennart Poettering - 38-2 +- Fix a few (build) dependencies + +* Wed Jan 11 2012 Lennart Poettering - 38-1 +- New upstream release + +* Tue Nov 15 2011 Michal Schmidt - 37-4 +- Run authconfig if /etc/pam.d/system-auth is not a symlink. +- Resolves: #753160 + +* Wed Nov 02 2011 Michal Schmidt - 37-3 +- Fix remote-fs-pre.target and its ordering. +- Resolves: #749940 + +* Wed Oct 19 2011 Michal Schmidt - 37-2 +- A couple of fixes from upstream: +- Fix a regression in bash-completion reported in Bodhi. +- Fix a crash in isolating. +- Resolves: #717325 + +* Tue Oct 11 2011 Lennart Poettering - 37-1 +- New upstream release +- Resolves: #744726, #718464, #713567, #713707, #736756 + +* Thu Sep 29 2011 Michal Schmidt - 36-5 +- Undo the workaround. Kay says it does not belong in systemd. +- Unresolves: #741655 + +* Thu Sep 29 2011 Michal Schmidt - 36-4 +- Workaround for the crypto-on-lvm-on-crypto disk layout +- Resolves: #741655 + +* Sun Sep 25 2011 Michal Schmidt - 36-3 +- Revert an upstream patch that caused ordering cycles +- Resolves: #741078 + +* Fri Sep 23 2011 Lennart Poettering - 36-2 +- Add /etc/timezone to ghosted files + +* Fri Sep 23 2011 Lennart Poettering - 36-1 +- New upstream release +- Resolves: #735013, #736360, #737047, #737509, #710487, #713384 + +* Thu Sep 1 2011 Lennart Poettering - 35-1 +- New upstream release +- Update post scripts +- Resolves: #726683, #713384, #698198, #722803, #727315, #729997, #733706, #734611 + +* Thu Aug 25 2011 Lennart Poettering - 34-1 +- New upstream release + +* Fri Aug 19 2011 Harald Hoyer 33-2 +- fix ABRT on service file reloading +- Resolves: rhbz#732020 + +* Wed Aug 3 2011 Lennart Poettering - 33-1 +- New upstream release + +* Fri Jul 29 2011 Lennart Poettering - 32-1 +- New upstream release + +* Wed Jul 27 2011 Lennart Poettering - 31-2 +- Fix access mode of modprobe file, restart logind after upgrade + +* Wed Jul 27 2011 Lennart Poettering - 31-1 +- New upstream release + +* Wed Jul 13 2011 Lennart Poettering - 30-1 +- New upstream release + +* Thu Jun 16 2011 Lennart Poettering - 29-1 +- New upstream release + +* Mon Jun 13 2011 Michal Schmidt - 28-4 +- Apply patches from current upstream. +- Fixes memory size detection on 32-bit with >4GB RAM (BZ712341) + +* Wed Jun 08 2011 Michal Schmidt - 28-3 +- Apply patches from current upstream +- https://bugzilla.redhat.com/show_bug.cgi?id=709909 +- https://bugzilla.redhat.com/show_bug.cgi?id=710839 +- https://bugzilla.redhat.com/show_bug.cgi?id=711015 + +* Sat May 28 2011 Lennart Poettering - 28-2 +- Pull in nss-myhostname + +* Thu May 26 2011 Lennart Poettering - 28-1 +- New upstream release + +* Wed May 25 2011 Lennart Poettering - 26-2 +- Bugfix release +- https://bugzilla.redhat.com/show_bug.cgi?id=707507 +- https://bugzilla.redhat.com/show_bug.cgi?id=707483 +- https://bugzilla.redhat.com/show_bug.cgi?id=705427 +- https://bugzilla.redhat.com/show_bug.cgi?id=707577 + +* Sat Apr 30 2011 Lennart Poettering - 26-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=699394 +- https://bugzilla.redhat.com/show_bug.cgi?id=698198 +- https://bugzilla.redhat.com/show_bug.cgi?id=698674 +- https://bugzilla.redhat.com/show_bug.cgi?id=699114 +- https://bugzilla.redhat.com/show_bug.cgi?id=699128 + +* Thu Apr 21 2011 Lennart Poettering - 25-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=694788 +- https://bugzilla.redhat.com/show_bug.cgi?id=694321 +- https://bugzilla.redhat.com/show_bug.cgi?id=690253 +- https://bugzilla.redhat.com/show_bug.cgi?id=688661 +- https://bugzilla.redhat.com/show_bug.cgi?id=682662 +- https://bugzilla.redhat.com/show_bug.cgi?id=678555 +- https://bugzilla.redhat.com/show_bug.cgi?id=628004 + +* Wed Apr 6 2011 Lennart Poettering - 24-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=694079 +- https://bugzilla.redhat.com/show_bug.cgi?id=693289 +- https://bugzilla.redhat.com/show_bug.cgi?id=693274 +- https://bugzilla.redhat.com/show_bug.cgi?id=693161 + +* Tue Apr 5 2011 Lennart Poettering - 23-1 +- New upstream release +- Include systemd-sysv-convert + +* Fri Apr 1 2011 Lennart Poettering - 22-1 +- New upstream release + +* Wed Mar 30 2011 Lennart Poettering - 21-2 +- The quota services are now pulled in by mount points, hence no need to enable them explicitly + +* Tue Mar 29 2011 Lennart Poettering - 21-1 +- New upstream release + +* Mon Mar 28 2011 Matthias Clasen - 20-2 +- Apply upstream patch to not send untranslated messages to plymouth + +* Tue Mar 8 2011 Lennart Poettering - 20-1 +- New upstream release + +* Tue Mar 1 2011 Lennart Poettering - 19-1 +- New upstream release + +* Wed Feb 16 2011 Lennart Poettering - 18-1 +- New upstream release + +* Mon Feb 14 2011 Bill Nottingham - 17-6 +- bump upstart obsoletes (#676815) + +* Wed Feb 9 2011 Tom Callaway - 17-5 +- add macros.systemd file for %%{_unitdir} + +* Wed Feb 09 2011 Fedora Release Engineering - 17-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Feb 9 2011 Lennart Poettering - 17-3 +- Fix popen() of systemctl, #674916 + +* Mon Feb 7 2011 Bill Nottingham - 17-2 +- add epoch to readahead obsolete + +* Sat Jan 22 2011 Lennart Poettering - 17-1 +- New upstream release + +* Tue Jan 18 2011 Lennart Poettering - 16-2 +- Drop console.conf again, since it is not shipped in pamtmp.conf + +* Sat Jan 8 2011 Lennart Poettering - 16-1 +- New upstream release + +* Thu Nov 25 2010 Lennart Poettering - 15-1 +- New upstream release + +* Thu Nov 25 2010 Lennart Poettering - 14-1 +- Upstream update +- Enable hwclock-load by default +- Obsolete readahead +- Enable /var/run and /var/lock on tmpfs + +* Fri Nov 19 2010 Lennart Poettering - 13-1 +- new upstream release + +* Wed Nov 17 2010 Bill Nottingham 12-3 +- Fix clash + +* Wed Nov 17 2010 Lennart Poettering - 12-2 +- Don't clash with initscripts for now, so that we don't break the builders + +* Wed Nov 17 2010 Lennart Poettering - 12-1 +- New upstream release + +* Fri Nov 12 2010 Matthias Clasen - 11-2 +- Rebuild with newer vala, libnotify + +* Thu Oct 7 2010 Lennart Poettering - 11-1 +- New upstream release + +* Wed Sep 29 2010 Jesse Keating - 10-6 +- Rebuilt for gcc bug 634757 + +* Thu Sep 23 2010 Bill Nottingham - 10-5 +- merge -sysvinit into main package + +* Mon Sep 20 2010 Bill Nottingham - 10-4 +- obsolete upstart-sysvinit too + +* Fri Sep 17 2010 Bill Nottingham - 10-3 +- Drop upstart requires + +* Tue Sep 14 2010 Lennart Poettering - 10-2 +- Enable audit +- https://bugzilla.redhat.com/show_bug.cgi?id=633771 + +* Tue Sep 14 2010 Lennart Poettering - 10-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=630401 +- https://bugzilla.redhat.com/show_bug.cgi?id=630225 +- https://bugzilla.redhat.com/show_bug.cgi?id=626966 +- https://bugzilla.redhat.com/show_bug.cgi?id=623456 + +* Fri Sep 3 2010 Bill Nottingham - 9-3 +- move fedora-specific units to initscripts; require newer version thereof + +* Fri Sep 3 2010 Lennart Poettering - 9-2 +- Add missing tarball + +* Fri Sep 3 2010 Lennart Poettering - 9-1 +- New upstream version +- Closes 501720, 614619, 621290, 626443, 626477, 627014, 627785, 628913 + +* Fri Aug 27 2010 Lennart Poettering - 8-3 +- Reexecute after installation, take ownership of /var/run/user +- https://bugzilla.redhat.com/show_bug.cgi?id=627457 +- https://bugzilla.redhat.com/show_bug.cgi?id=627634 + +* Thu Aug 26 2010 Lennart Poettering - 8-2 +- Properly create default.target link + +* Wed Aug 25 2010 Lennart Poettering - 8-1 +- New upstream release + +* Thu Aug 12 2010 Lennart Poettering - 7-3 +- Fix https://bugzilla.redhat.com/show_bug.cgi?id=623561 + +* Thu Aug 12 2010 Lennart Poettering - 7-2 +- Fix https://bugzilla.redhat.com/show_bug.cgi?id=623430 + +* Tue Aug 10 2010 Lennart Poettering - 7-1 +- New upstream release + +* Fri Aug 6 2010 Lennart Poettering - 6-2 +- properly hide output on package installation +- pull in coreutils during package installtion + +* Fri Aug 6 2010 Lennart Poettering - 6-1 +- New upstream release +- Fixes #621200 + +* Wed Aug 4 2010 Lennart Poettering - 5-2 +- Add tarball + +* Wed Aug 4 2010 Lennart Poettering - 5-1 +- Prepare release 5 + +* Tue Jul 27 2010 Bill Nottingham - 4-4 +- Add 'sysvinit-userspace' provide to -sysvinit package to fix upgrade/install (#618537) + +* Sat Jul 24 2010 Lennart Poettering - 4-3 +- Add libselinux to build dependencies + +* Sat Jul 24 2010 Lennart Poettering - 4-2 +- Use the right tarball + +* Sat Jul 24 2010 Lennart Poettering - 4-1 +- New upstream release, and make default + +* Tue Jul 13 2010 Lennart Poettering - 3-3 +- Used wrong tarball + +* Tue Jul 13 2010 Lennart Poettering - 3-2 +- Own /cgroup jointly with libcgroup, since we don't dpend on it anymore + +* Tue Jul 13 2010 Lennart Poettering - 3-1 +- New upstream release + +* Fri Jul 9 2010 Lennart Poettering - 2-0 +- New upstream release + +* Wed Jul 7 2010 Lennart Poettering - 1-0 +- First upstream release + +* Tue Jun 29 2010 Lennart Poettering - 0-0.7.20100629git4176e5 +- New snapshot +- Split off -units package where other packages can depend on without pulling in the whole of systemd + +* Tue Jun 22 2010 Lennart Poettering - 0-0.6.20100622gita3723b +- Add missing libtool dependency. + +* Tue Jun 22 2010 Lennart Poettering - 0-0.5.20100622gita3723b +- Update snapshot + +* Mon Jun 14 2010 Rahul Sundaram - 0-0.4.20100614git393024 +- Pull the latest snapshot that fixes a segfault. Resolves rhbz#603231 + +* Fri Jun 11 2010 Rahul Sundaram - 0-0.3.20100610git2f198e +- More minor fixes as per review + +* Thu Jun 10 2010 Rahul Sundaram - 0-0.2.20100610git2f198e +- Spec improvements from David Hollis + +* Wed Jun 09 2010 Rahul Sundaram - 0-0.1.20090609git2f198e +- Address review comments + +* Tue Jun 01 2010 Rahul Sundaram - 0-0.0.git2010-06-02 +- Initial spec (adopted from Kay Sievers) diff --git a/systemd.spec b/systemd.spec index 0a6f188..bfeb867 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,12 +31,11 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 251.3 -Release: 2%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') -Release: 3 %endif +Release: %autorelease # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ @@ -1005,2444 +1004,4 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog -* Sat Jul 23 2022 Fedora Release Engineering -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - -* Wed Jul 13 2022 Zbigniew Jędrzejewski-Szmek - 251.3-1 -- Update to latest bugfix release -- Drop forgotten "temporary" workaround for #1663040 - -* Wed Jun 29 2022 Zbigniew Jędrzejewski-Szmek - 251.2-2 -- Drop forward-secure-sealing code from sd-journal and tools - -* Thu Jun 2 2022 Zbigniew Jędrzejewski-Szmek - 251.2-1 -- A bunch of man page fixes, a few memory-access correctness fixes, - remove excessive messages to utmp sessions, suppress messages about - bpf setup in the user manager (#2084955) - -* Wed May 25 2022 Zbigniew Jędrzejewski-Szmek - 251.1-2 -- Supress errors from useradd/groupadd (#2090129) -- Drop "v" from the version tag, add tilde back -- The tag for shared-libraries is reintroduced (#1906010) - -* Tue May 24 2022 Zbigniew Jędrzejewski-Szmek - 251.1-1 -- First bugfix release for 250 -- Two fixes for kernel-install and a revert for #2087225, #2088788. - -* Sat May 21 2022 Zbigniew Jędrzejewski-Szmek - 251-1 -- Latest upstream release, for details see - https://raw.githubusercontent.com/systemd/systemd/v251/NEWS. -- Fixes for #2071034, #2084955, #2086166. - -* Mon May 16 2022 Zbigniew Jędrzejewski-Szmek - 251~rc3-1 -- Update to latest upstream prerelease (just various bugfixes) -- Udev rule processing should be now fixed (#2076459) -- Run sysusers and hwdb and catalog updates also if systemd is not running - (#2085481) - -* Wed May 11 2022 Adam Williamson - 251~rc2-2 -- Backport #23352 to fix RHBZ #2083374 - -* Thu May 5 2022 Zbigniew Jędrzejewski-Szmek - 251~rc2-1 -- New upstream prerelease, for details see - https://raw.githubusercontent.com/systemd/systemd/v251-rc2/NEWS. - -* Tue Apr 12 2022 Zbigniew Jędrzejewski-Szmek - 251~rc1-3 -- Do not touch /etc/resolv.conf on upgrades (#2074122) -- Add bugfix patch and revert one patch which might be causing - problems with the compose - -* Mon Apr 4 2022 Zbigniew Jędrzejewski-Szmek - 251~rc1-2 -- Merge libsystemd-core back into individual binaries and drop the - private shared library suffix (this should server as a work-around - for rhbz#2071069) - -* Tue Mar 29 2022 Zbigniew Jędrzejewski-Szmek - 251~rc1-1 -- First release candidate in the new cycle -- Fixes rhbz#1449751, rhbz#1906010 - -* Fri Mar 18 2022 Zbigniew Jędrzejewski-Szmek - 250.4-2 -- Fix the wrong file assignment done in previous version - -* Thu Mar 17 2022 Zbigniew Jędrzejewski-Szmek - 250.4-1 -- Move libcryptsetup plugins to -udev (#2031873) -- Move systemd-cryptenroll to -udev (David Tardon) -- Disable default DNS over TLS (#1889901) (Michael Catanzaro) - -* Thu Feb 24 2022 Zbigniew Jędrzejewski-Szmek - 250.3-6 -- Avoid trying to create the symlink if there's a dangling symlink already in - place (#2058388) - -* Wed Feb 23 2022 Zbigniew Jędrzejewski-Szmek - 250.3-5 -- Move part of %%post scriptlet for resolved to %%posttrans (#2018913) -- Specify owner of utmp/wtmp/btmp/lastlog as root in the rpm listing - -* Wed Feb 16 2022 Zbigniew Jędrzejewski-Szmek - 250.3-4 -- Drop scriptlet for handling nobody user upgrades from Fedora <28 -- Specify owner of /var/log/journal as root in the rpm listing (#2018913) - -* Thu Feb 10 2022 Zbigniew Jędrzejewski-Szmek - 250.3-3 -- Add pam_namespace to systemd-user pam config (rhbz#2053098) -- Drop 20-grubby.install plugin for kernel-install (rhbz#2033646) - -* Sat Jan 22 2022 Fedora Release Engineering -- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - -* Tue Jan 18 2022 Zbigniew Jędrzejewski-Szmek - 250.3-2 -- Take ghost ownership of /var/log/lastlog (#1798685) - -* Tue Jan 18 2022 Zbigniew Jędrzejewski-Szmek - 250.3-1 -- Third stable release after v250: fixes for sd-boot on fringe hardware (e.g. VirtualBox), - various man page updates, sd-journal file verification is now stricter, - systemd-networkd by default will not add routes for wireguard AllowedIPs= - systemd nss modules shouldn't try to read kernel command line -- Don't do sd-boot updates when not installed (#2038289) -- xdg-autostart-service will ignore ExecCondition= when the helper binary is missing -- kernel-install does cleanup better (#2016630) - -* Fri Jan 7 2022 Zbigniew Jędrzejewski-Szmek - 250.2-1 -- Second stable release after v250: various bugfixes - (systemd-resolved, systemd-journald, userdbctl, homed). -- The manager should now gracefully handle the case where BPF LSM - cannot be initialized (#2036145). The BPF filters are enabled again - on all architectures, so *other* filter should also work on the - affected architectures. -- kernel-install now checks paths used by grub2 before sd-boot paths again - (#2036199) -- fstab-generator now ignores root-on-nfs/cifs/iscsi and live (#2037233) -- CVE-2021-3997, #2024639: systemd-tmpfiles would exhaust the stack and crash - during excessive recursion on a very deeply nested directory structure. - -* Tue Jan 4 2022 Zbigniew Jędrzejewski-Szmek - 250.1-1 -- First stable version after v250: various bugfixes, in particular for - sd-boot, systemd-networkd, and various build issues. -- Fixes #2036517, #2035608, #2036217. - -* Thu Dec 30 2021 Zbigniew Jędrzejewski-Szmek - 250-3 -- Disable bpf filters on arm64 (#2036145) - -* Sat Dec 25 2021 Zbigniew Jędrzejewski-Szmek - 250-2 -- Fix warning about systemd-boot-update.service not existing on - non-uefi architectures -- Enable all bpf features (#2035608) - -* Thu Dec 23 2021 Zbigniew Jędrzejewski-Szmek - 250-1 -- Version 250, only some very small changes since -rc3. -- Switch unit status name format to 'combined' (#2028169) - -* Mon Dec 20 2021 Zbigniew Jędrzejewski-Szmek - 250~rc3-1 -- Latest prerelease, see - https://raw.githubusercontent.com/systemd/systemd/v250-rc3/NEWS for - details. -- Fixes rhbz#2006761, rhbz#2027627, rhbz#1926323, rhbz#1919538. - -* Sun Dec 12 2021 Zbigniew Jędrzejewski-Szmek - 250~rc1-4 -- Move systemd-boot-update.service to -udev subpackage - and add it the the installation scriptlets (#2031400) -- Move libcryptsetup-token-systemd plugins to -udev (#2031873) -- Create /etc/resolv.conf symlink if nothing is present yet (#2032085) - -* Fri Dec 10 2021 Pavel Březina - 250~rc1-3 -- Remove nsswitch.conf scriptlets (#2023743) - -* Thu Dec 9 2021 Zbigniew Jędrzejewski-Szmek - 250~rc1-1 -- Version 250-rc1, - see https://raw.githubusercontent.com/systemd/systemd/v250-rc1/NEWS for - details. - -* Fri Nov 19 2021 Davide Cavalca - 249.7-3 -- Disable legacy iptables support - -* Mon Nov 15 2021 Zbigniew Jędrzejewski-Szmek - 249.7-2 -- Supress errors from update-helper when selinux is enabled (see #2023332) - -* Sun Nov 14 2021 Zbigniew Jędrzejewski-Szmek - 249.7-1 -- Latest bugfix release (better erofs detection, sd-event memory - corruption bugfix, logind, documentation) -- Really fix helper to restart user units with older systemd (#2020415) - -* Sun Nov 14 2021 Petr Menšík - 249.7-1 -- Switch /etc/resolv.conf over to NM when systemd-resolved is uninstalled - -* Wed Nov 10 2021 Kir Kolyshkin - 249.7-1 -- Fix scope activation from a user instance (#2022041) - -* Mon Nov 8 2021 Zbigniew Jędrzejewski-Szmek - 249.6-3 -- Fix helper to restart user units with older systemd (#2020415) - -* Thu Nov 4 2021 Zbigniew Jędrzejewski-Szmek - 249.6-2 -- Latest bugfix release (networkd, coredumpctl, varlink, udev, - systemctl, systemd itself, better detection of Hyper-V and - Virtualbox virtualization, documentation updates) -- Fix helper to restart user units - -* Fri Oct 29 2021 Adam Williamson - 249.5-2 -- Backport PR #133 to fix boot - -* Tue Oct 12 2021 Zbigniew Jędrzejewski-Szmek - 249.5-1 -- Latest bugfix release (various fixes in systemd-networkd, - -timesyncd, -journald, -udev, homed, -resolved, -repart, -oomd, - -coredump, systemd itself, seccomp filters, TPM2 handling, - -documentation, sd-event, sd-journal, journalctl, and nss-systemd). -- Fixes #1976445. - -* Tue Sep 14 2021 Sahana Prasad -- Rebuilt with OpenSSL 3.0.0 - -* Tue Aug 24 2021 Zbigniew Jędrzejewski-Szmek - 249.4-1 -- Latest bugfix release: various fixes for systemd-networkd, - systemd-resolved, systemd, systemd-boot. -- Backport of macros to restart systemd user units (#1993244) - -* Fri Aug 6 2021 Zbigniew Jędrzejewski-Szmek - 249.3-1 -- Latest bugfix release: improved compatibility with latest glibc, - various small documentation fixes, and fixes for systemd-networkd bridging, - other minor fixes. -- systemctl set-property accepts glob patterns now (#1986258) - -* Fri Jul 23 2021 Zbigniew Jędrzejewski-Szmek - 249.2-1 -- Latest bugfix release (a minor hwdb regression bugfix, and correction - to kernel commandline handling when reexecuting PID 1 in a container) - -* Fri Jul 23 2021 Michael Catanzaro - 249.2-1 -- Build with -Ddefault-dns-over-tls=opportunistic - (https://fedoraproject.org/wiki/Changes/DNS_Over_TLS, #1889901) - -* Tue Jul 20 2021 Zbigniew Jędrzejewski-Szmek - 249.1-1 -- Various minor documentation and correctness fixes. -- CVE-2021-33910, #1984020: an unchecked stack allocation could be used to - crash systemd and cause the system to reboot by creating a very long - fuse mountpoint path. - -* Wed Jul 7 2021 Neal Gompa - 249-2 -- Use correct NEWS URLs for systemd 249 releases in changelog entries - -* Wed Jul 7 2021 Zbigniew Jędrzejewski-Szmek - 249-1 -- Latest upstream release with minor bugfixes, see - https://github.com/systemd/systemd/blob/v249/NEWS. -- systemd-oomd cpu usage is reduced (#1944646) - -* Thu Jul 1 2021 Zbigniew Jędrzejewski-Szmek - 249~rc3-1 -- Latest upstream prerelease with various bugfixes, see - https://github.com/systemd/systemd/blob/v249-rc3/NEWS. - -* Fri Jun 25 2021 Zbigniew Jędrzejewski-Szmek - 249~rc2-1 -- Latest upstream prerelease with various bugfixes, see - https://github.com/systemd/systemd/blob/v249-rc2/NEWS. -- Ignore FORCERENEW DHCP packets (TALOS-2020-1142, CVE-2020-13529, #1959398) - -* Thu Jun 17 2021 Adam Williamson - 249~rc1-2 -- Stop systemd providing systemd-resolved, now the subpackage exists (#1973462) - -* Wed Jun 16 2021 Zbigniew Jędrzejewski-Szmek - 249~rc1-1 -- Latest upstream prerelease, see - https://github.com/systemd/systemd/blob/v249-rc1/NEWS. - Fixes #1963428. -- Use systemd-sysusers to create users (#1965815) -- Move systemd-resolved into systemd-resolved subpackage (#1923727) - [patch from Petr Menšík] - -* Sat May 15 2021 Zbigniew Jędrzejewski-Szmek - 248.3-1 -- A fix for resolved crashes (#1946386, #1960227, #1950241) -- Some minor fixes for documentation, systemd-networkd, systemd-run, bootctl. - -* Fri May 7 2021 Zbigniew Jędrzejewski-Szmek - 248.2-1 -- Pull in some more patches from upstream (#1944646, #1885090, #1941340) -- Adjust modes of some %%ghost files (#1956059) - -* Thu May 6 2021 Zbigniew Jędrzejewski-Szmek - 248.1-1 -- Latest stable version: a long list of minor correctness fixes all around - (#1955475, #911766, #1958167, #1952919) -- Enable tpm2-tss dependency (#1949505) - -* Tue Apr 06 2021 Adam Williamson - 248-2 -- Re-enable resolved caching, we hope all major bugs are resolved now - -* Wed Mar 31 2021 Zbigniew Jędrzejewski-Szmek - 248-1 -- Latest upstream release, see - https://github.com/systemd/systemd/blob/v248/NEWS. -- The changes since -rc4 are rather small, various fixes all over the place. - A fix to how systemd-oomd selects a candidate to kill, and more debug logging - to make this more transparent. - -* Tue Mar 30 2021 Anita Zhang - 248~rc4-6 -- Increase oomd user memory pressure limit to 50% (#1941170) - -* Fri Mar 26 2021 Zbigniew Jędrzejewski-Szmek - 248~rc4-5 -- Do not preset systemd-networkd.service and systemd-networkd-wait-online.service - on upgrades from before systemd-networkd was split out (#1943263) -- In nsswitch.conf, move nss-myhostname to the front, before nss-mdns4 (#1943199) - -* Wed Mar 24 2021 Zbigniew Jędrzejewski-Szmek - 248~rc4-4 -- Revert patch that seems to cause problems with dns resolution - (see comments on https://bodhi.fedoraproject.org/updates/FEDORA-2021-1c1a870ceb) - -* Mon Mar 22 2021 Zbigniew Jędrzejewski-Szmek - 248~rc4-3 -- Fix hang when processing timers during DST switch in Europe/Dublin timezone (#1941335) -- Fix returning combined IPv4/IPv6 responses from systemd-resolved cache (#1940715) - (But note that the disablement of caching added previously is - retained until we can do more testing.) -- Minor fix to interface naming by udev -- Fix for systemd-repart --size - -* Fri Mar 19 2021 Adam Williamson - 248~rc4-2 -- Disable resolved cache via config snippet (#1940715) - -* Thu Mar 18 2021 Yu Watanabe - 248~rc4-1 -- Latest upstream prerelease, see - https://github.com/systemd/systemd/blob/v248-rc4/NEWS. -- A bunch of documentation updates, and correctness fixes. - -* Tue Mar 16 2021 Adam Williamson - 248~rc3-2 -- Backport PR #19009 to fix CNAME redirect resolving some more (#1933433) - -* Thu Mar 11 2021 Zbigniew Jędrzejewski-Szmek - 248~rc3-1 -- Latest upstream prerelease, see - https://github.com/systemd/systemd/blob/v248-rc3/NEWS. -- A bunch of documentation updates, correctness fixes, and systemd-networkd - features. -- Resolves #1933137, #1935084, #1933873, #1931181, #1933335, #1935062, #1927148. - -* Thu Mar 11 2021 Zbigniew Jędrzejewski-Szmek - 248~rc2-5 -- Fix crash in pid1 during daemon-reexec (#1931034) - -* Fri Mar 05 2021 Adam Williamson - 248~rc2-3 -- Fix stub resolver CNAME chain resolving (#1933433) - -* Mon Mar 01 2021 Josh Boyer - 248~rc2-2 -- Don't set the fallback hostname to Fedora on non-Fedora OSes - -* Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek - 248~rc2-1 -- Latest upstream prelease, just a bunch of small fixes. -- Fixes #1931957. - -* Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek - 248~rc1-2 -- Rebuild with the newest scriptlets - -* Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek - 248~rc1-1 -- Latest upstream prerelease, see - https://github.com/systemd/systemd/blob/v248-rc1/NEWS. -- Fixes #1614751 by only restarting services at the end of transcation. - Various packages need to be rebuilt to have the updated macros. -- Fixes #1879028, though probably not completely. -- Fixes #1925805, #1928235. - -* Wed Feb 17 2021 Michel Alexandre Salim - 247.3-3 -- Increase oomd user memory pressure limit to 10% (#1929856) - -* Fri Feb 5 2021 Anita Zhang - 247.3-2 -- Changes for https://fedoraproject.org/wiki/Changes/EnableSystemdOomd. -- Backports consist primarily of PR #18361, #18444, and #18401 (plus some - additional ones to handle merge conflicts). -- Create systemd-oomd-defaults subpackage to install unit drop-ins that will - configure systemd-oomd to monitor and act. - -* Tue Feb 2 2021 Zbigniew Jędrzejewski-Szmek - 247.3-1 -- Minor stable release -- Fixes #1895937, #1813219, #1903106. - -* Wed Jan 27 2021 Fedora Release Engineering -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Wed Jan 13 2021 Zbigniew Jędrzejewski-Szmek - 247.2-2 -- Fix bfq patch again (#1813219) - -* Wed Dec 23 2020 Jonathan Underwood - 247.2-2 -- Add patch to enable crypttab to support disabling of luks read and - write workqueues (corresponding to - https://github.com/systemd/systemd/pull/18062/). - -* Wed Dec 16 2020 Zbigniew Jędrzejewski-Szmek - 247.2-1 -- Minor stable release -- Fixes #1908071. - -* Tue Dec 8 2020 Zbigniew Jędrzejewski-Szmek - 247.1-3 -- Rebuild with fallback hostname change reverted. - -* Fri Dec 04 2020 Bastien Nocera - 247.1-2 -- Unset fallback-hostname as plenty of applications expected localhost - to mean "default hostname" without ever standardising it (#1892235) - -* Tue Dec 1 2020 Zbigniew Jędrzejewski-Szmek - 247.1-1 -- Latest stable release -- Fixes #1902819. -- Files to configure networking with systemd-networkd in a VM or container are - moved to systemd-networkd subpackage. (They were previously in the -container - subpackage, which is for container/VM management.) - -* Thu Nov 26 2020 Zbigniew Jędrzejewski-Szmek - 247-1 -- Update to the latest version -- #1900878 should be fixed - -* Tue Oct 20 2020 Zbigniew Jędrzejewski-Szmek - 247~rc2 -- New upstream pre-release. See - https://github.com/systemd/systemd/blob/v247-rc1/NEWS. - Many smaller and bigger improvements and features are introduced. - (#1885101, #1890632, #1879216) - - A backwards-incompatible change affects PCI network devices which - are connected through a bridge which is itself associated with a - slot. When more than one device was associated with the same slot, - one of the devices would pseudo-randomly get named after the slot. - That name is now not generated at all. This changed behaviour is - causes the net naming scheme to be changed to "v247". To restore - previous behaviour, specify net.naming-scheme=v245. - - systemd-oomd is built, but should not be considered "production - ready" at this point. Testing and bug reports are welcome. - -* Wed Sep 30 2020 Dusty Mabe - 246.6-3 -- Try to make files in subpackages (especially the networkd subpackage) - more appropriate. - -* Thu Sep 24 2020 Filipe Brandenburger - 246.6-2 -- Build a package with standalone binaries for non-systemd systems. - For now, only systemd-sysusers is included. - -* Thu Sep 24 2020 Christian Glombek - 246.6-2 -- Split out networkd sub-package and add to main package as recommended dependency - -* Sun Sep 20 2020 Zbigniew Jędrzejewski-Szmek - 246.6-1 -- Update to latest stable release (various minor fixes: manager, - networking, bootct, kernel-install, systemd-dissect, systemd-homed, - fstab-generator, documentation) (#1876905) -- Do not fail in test because of kernel bug (#1803070) - -* Sun Sep 13 2020 Zbigniew Jędrzejewski-Szmek - 246.5-1 -- Update to latest stable release (a bunch of small network-related - fixes in systemd-networkd and socket handling, documentation updates, - a bunch of fixes for error handling). -- Also remove existing file when creating /etc/resolv.conf symlink - upon installation (#1873856 again) - -* Wed Sep 2 2020 Zbigniew Jędrzejewski-Szmek - 246.4-1 -- Update to latest stable version: a rework of how the unit cache mtime works - (hopefully #1872068, #1871327, #1867930), plus various fixes to - systemd-resolved, systemd-dissect, systemd-analyze, systemd-ask-password-agent, - systemd-networkd, systemd-homed, systemd-machine-id-setup, presets for - instantiated units, documentation and shell completions. -- Create /etc/resolv.conf symlink upon installation (#1873856) -- Move nss-mdns before nss-resolve in /etc/nsswitch.conf and disable - mdns by default in systemd-resolved (#1867830) - -* Wed Aug 26 2020 Zbigniew Jędrzejewski-Szmek - 246.3-1 -- Update to bugfix version (some networkd fixes, minor documentation - fixes, relax handling of various error conditions, other fixlets for - bugs without bugzilla numbers). - -* Mon Aug 17 2020 Zbigniew Jędrzejewski-Szmek - 246.2-1 -- A few minor bugfixes -- Adjust seccomp filter for kernel 5.8 and glibc 2.32 (#1869030) -- Create /etc/resolv.conf symlink on upgrade (#1867865) - -* Fri Aug 7 2020 Zbigniew Jędrzejewski-Szmek - 246.1-1 -- A few minor bugfixes -- Remove /etc/resolv.conf on upgrades (if managed by NetworkManager), so - that systemd-resolved can take over the management of the symlink. - -* Thu Jul 30 2020 Zbigniew Jędrzejewski-Szmek - 246-1 -- Update to released version. Only some minor bugfixes since the pre-release. - -* Sun Jul 26 2020 Zbigniew Jędrzejewski-Szmek - 246~rc2-2 -- Make /tmp be 50% of RAM again (#1856514) -- Re-run 'systemctl preset systemd-resolved' on upgrades. - /etc/resolv.conf is not modified, by a hint is emitted if it is - managed by NetworkManager. - -* Fri Jul 24 2020 Zbigniew Jędrzejewski-Szmek - 246~rc2-1 -- New pre-release with incremental fixes - (#1856037, #1858845, #1856122, #1857783) -- Enable systemd-resolved (with DNSSEC disabled by default, and LLMNR - and mDNS support in resolve-only mode by default). - See https://fedoraproject.org/wiki/Changes/systemd-resolved. - -* Thu Jul 9 2020 Zbigniew Jędrzejewski-Szmek - 246~rc1-1 -- New upstream release, see - https://raw.githubusercontent.com/systemd/systemd/v246-rc1/NEWS. - - This release includes many new unit settings, related inter alia to - cgroupsv2 freezer support and cpu affinity, encryption and verification. - systemd-networkd has a ton of new functionality and many other tools gained - smaller enhancements. systemd-homed gained FIDO2 support. - - Documentation has been significantly improved: sd-bus and sd-hwdb - libraries are now fully documented; man pages have been added for - the D-BUS APIs of systemd daemons and various new interfaces. - - Closes #1392925, #1790972, #1197886, #1525593. - -* Wed Jun 24 2020 Bastien Nocera - 245.6-3 -- Set fallback-hostname to fedora so that unset hostnames are still - recognisable (#1392925) - -* Tue Jun 2 2020 Zbigniew Jędrzejewski-Szmek - 245.6-2 -- Add self-obsoletes to fix upgrades from F31 - -* Sun May 31 2020 Zbigniew Jędrzejewski-Szmek - 245.6-1 -- Update to latest stable version (some documentation updates, minor - memory correctness issues) (#1815605, #1827467, #1842067) - -* Tue Apr 21 2020 Björn Esser - 245.5-2 -- Add explicit BuildRequires: acl -- Bootstrapping for json-c SONAME bump - -* Fri Apr 17 2020 Zbigniew Jędrzejewski-Szmek - 245.5-1 -- Update to latest stable version (#1819313, #1815412, #1800875) - -* Thu Apr 16 2020 Björn Esser - 245.4-2 -- Add bootstrap option to break circular deps on cryptsetup - -* Wed Apr 1 2020 Zbigniew Jędrzejewski-Szmek - 245.4-1 -- Update to latest stable version (#1814454) - -* Thu Mar 26 2020 Zbigniew Jędrzejewski-Szmek - 245.3-1 -- Update to latest stable version (no issue that got reported in bugzilla) - -* Wed Mar 18 2020 Zbigniew Jędrzejewski-Szmek - 245.2-1 -- Update to latest stable version (a few bug fixes for random things) (#1798776) - -* Fri Mar 6 2020 Zbigniew Jędrzejewski-Szmek - 245-1 -- Update to latest version (#1807485) - -* Wed Feb 26 2020 Zbigniew Jędrzejewski-Szmek - 245~rc2-1 -- Modify the downstream udev rule to use bfq to only apply to disks (#1803500) -- "Upgrade" dependency on kbd package from Recommends to Requires (#1408878) -- Move systemd-bless-boot.service and systemd-boot-system-token.service to - systemd-udev subpackage (#1807462) -- Move a bunch of other services to systemd-udev: - systemd-pstore.service, all fsck-related functionality, - systemd-volatile-root.service, systemd-verity-setup.service, and a few - other related files. -- Fix daemon-reload rule to not kill non-systemd pid1 (#1803240) -- Fix namespace-related failure when starting systemd-homed (#1807465) and - group lookup failure in nss_systemd (#1809147) -- Drop autogenerated BOOT_IMAGE= parameter from stored kernel command lines - (#1716164) -- Don't require /proc to be mounted for systemd-sysusers to work (#1807768) - -* Fri Feb 21 2020 Filipe Brandenburger - 245~rc1-4 -- Update daemon-reexec fallback to check whether the system is booted with - systemd as PID 1 and check whether we're upgrading before using kill -TERM - on PID 1 (#1803240) - -* Tue Feb 18 2020 Adam Williamson - 245~rc1-3 -- Revert 097537f0 to fix plymouth etc. running when they shouldn't (#1803293) - -* Fri Feb 7 2020 Zbigniew Jędrzejewski-Szmek - 245~rc1-2 -- Add default 'disable *' preset for user units (#1792474, #1468501), - see https://fedoraproject.org/wiki/Changes/Systemd_presets_for_user_units. -- Add macro to generate "compat" scriptlets based off sysusers.d format - and autogenerate user() and group() virtual provides (#1792462), - see https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format. -- Revert patch to udev rules causing regression with usb hubs (#1800820). - -* Wed Feb 5 2020 Zbigniew Jędrzejewski-Szmek - 245~rc1-1 -- New upstream release, see - https://raw.githubusercontent.com/systemd/systemd/v245-rc1/NEWS. - - This release includes completely new functionality: systemd-repart, - systemd-homed, user reconds in json, and multi-instantiable - journald, and a partial rework of internal communcation to use - varlink, and bunch of more incremental changes. - - The "predictable" interface name naming scheme is changed, - net.naming-scheme= can be used to undo the change. The change applies - to container interface names on the host. - -- Fixes #1774242, #1787089, #1798414/CVE-2020-1712. - -* Fri Jan 31 2020 Fedora Release Engineering -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Sat Dec 21 2019 - 244.1-2 -- Disable service watchdogs (for systemd units) - -* Sun Dec 15 2019 - 244.1-1 -- Update to latest stable batch (systemd-networkd fixups, better - support for seccomp on s390x, minor cleanups to documentation). -- Drop patch to revert addition of NoNewPrivileges to systemd units - -* Fri Nov 29 2019 Zbigniew Jędrzejewski-Szmek - 244-1 -- Update to latest version. Just minor bugs fixed since the pre-release. - -* Fri Nov 22 2019 Zbigniew Jędrzejewski-Szmek - 244~rc1-1 -- Update to latest pre-release version, - see https://github.com/systemd/systemd/blob/master/NEWS#L3. - Biggest items: cgroups v2 cpuset controller, fido_id builtin in udev, - systemd-networkd does not create a default route for link local addressing, - systemd-networkd supports dynamic reconfiguration and a bunch of new settings. - Network files support matching on WLAN SSID and BSSID. -- Better error messages when preset/enable/disable are used with a glob (#1763488) -- u2f-hidraw-policy package is obsoleted (#1753381) - -* Tue Nov 19 2019 Zbigniew Jędrzejewski-Szmek - 243.4 -- Latest bugfix release. Systemd-stable snapshots will now be numbered. -- Fix broken PrivateDevices filter on big-endian, s390x in particular (#1769148) -- systemd-modules-load.service should only warn, not fail, on error (#1254340) -- Fix incorrect certificate validation with DNS over TLS (#1771725, #1771726, - CVE-2018-21029) -- Fix regression with crypttab keys with colons -- Various memleaks and minor memory access issues, warning adjustments - -* Fri Oct 18 2019 Adam Williamson - 243-4.gitef67743 -- Backport PR #13792 to fix nomodeset+BIOS CanGraphical bug (#1728240) - -* Thu Oct 10 2019 Zbigniew Jędrzejewski-Szmek - 243-3.gitef67743 -- Various minor documentation and error message cleanups -- Do not use cgroup v1 hierarchy in nspawn on groups v2 (#1756143) - -* Sat Sep 21 2019 Zbigniew Jędrzejewski-Szmek - 243-2.gitfab6f01 -- Backport a bunch of patches (memory access issues, improvements to error - reporting and handling in networkd, some misleading man page contents #1751363) -- Fix permissions on static nodes (#1740664) -- Make systemd-networks follow the RFC for DHPCv6 and radv timeouts -- Fix one crash in systemd-resolved (#1703598) -- Make journal catalog creation reproducible (avoid unordered hashmap use) -- Mark the accelerometer in HP laptops as part of the laptop base -- Fix relabeling of directories with relabel-extra.d/ -- Fix potential stuck noop jobs in pid1 -- Obsolete timedatex package (#1735584) - -* Tue Sep 3 2019 Zbigniew Jędrzejewski-Szmek - 243-1 -- Update to latest release -- Emission of Session property-changed notifications from logind is fixed - (this was breaking the switching of sessions to and from gnome). -- Security issue: unprivileged users were allowed to change DNS - servers configured in systemd-resolved. Now proper polkit authorization - is required. - -* Mon Aug 26 2019 Adam Williamson - 243~rc2-2 -- Backport PR #13406 to solve PATH ordering issue (#1744059) - -* Thu Aug 22 2019 Zbigniew Jędrzejewski-Szmek - 243~rc2-1 -- Update to latest pre-release. Fixes #1740113, #1717712. -- The default scheduler for disks is set to BFQ (1738828) -- The default cgroup hierarchy is set to unified (cgroups v2) (#1732114). - Use systemd.unified-cgroup-hierarchy=0 on the kernel command line to revert. - See https://fedoraproject.org/wiki/Changes/CGroupsV2. - -* Wed Aug 07 2019 Adam Williamson - 243~rc1-2 -- Backport PR #1737362 so we own /etc/systemd/system again (#1737362) - -* Tue Jul 30 2019 Zbigniew Jędrzejewski-Szmek - 243~rc1-1 -- Update to latest version (#1715699, #1696373, #1711065, #1718192) - -* Sat Jul 27 2019 Fedora Release Engineering -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Sat Jul 20 2019 Zbigniew Jędrzejewski-Szmek - 242-6.git9d34e79 -- Ignore bad rdrand output on AMD CPUs (#1729268) -- A bunch of backported patches from upstream: documentation, memory - access fixups, command output tweaks (#1708996) - -* Tue Jun 25 2019 Björn Esser - 242-5.git7a6d834 -- Rebuilt (libqrencode.so.4) - -* Tue Jun 25 2019 Miro Hrončok - 242-4.git7a6d834 -- Rebuilt for iptables update (libip4tc.so.2) - -* Fri Apr 26 2019 Zbigniew Jędrzejewski-Szmek - 242-3.git7a6d834 -- Add symbol to mark vtable format changes (anything using sd_add_object_vtable - or sd_add_fallback_vtable needs to be rebuilt) -- Fix wireguard ListenPort handling in systemd-networkd -- Fix hang in flush_accept (#1702358) -- Fix handling of RUN keys in udevd -- Some documentation and shell completion updates and minor fixes - -* Tue Apr 16 2019 Adam Williamson - 242-2 -- Rebuild with Meson fix for #1699099 - -* Thu Apr 11 2019 Zbigniew Jędrzejewski-Szmek - 242-1 -- Update to latest release -- Make scriptlet failure non-fatal - -* Tue Apr 9 2019 Zbigniew Jędrzejewski-Szmek - 242~rc4-1 -- Update to latest prerelease - -* Thu Apr 4 2019 Zbigniew Jędrzejewski-Szmek - 242~rc3-1 -- Update to latest prerelease - -* Wed Apr 3 2019 Zbigniew Jędrzejewski-Szmek - 242~rc2-1 -- Update to the latest prerelease. -- The bug reported on latest update that systemd-resolved and systemd-networkd are - re-enabled after upgrade is fixed. - -* Fri Mar 29 2019 Zbigniew Jędrzejewski-Szmek - 241-4.gitcbf14c9 -- Backport various patches from the v241..v242 range: - kernel-install will not create the boot loader entry automatically (#1648907), - various bash completion improvements (#1183769), - memory leaks and such (#1685286). - -* Thu Mar 14 2019 Zbigniew Jędrzejewski-Szmek - 241-3.gitc1f8ff8 -- Declare hyperv and framebuffer devices master-of-seat again (#1683197) - -* Wed Feb 20 2019 Zbigniew Jędrzejewski-Szmek - 241-2.gita09c170 -- Prevent buffer overread in systemd-udevd -- Properly validate dbus paths received over dbus (#1678394, CVE-2019-6454) - -* Sat Feb 9 2019 Zbigniew Jędrzejewski-Szmek - 241~rc2-2 -- Turn LTO back on - -* Tue Feb 5 2019 Zbigniew Jędrzejewski-Szmek - 241~rc2-1 -- Update to latest release -rc2 - -* Sun Feb 03 2019 Fedora Release Engineering -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Sun Jan 27 2019 Yu Watanabe - 241~rc1-2 -- Backport a patch for kernel-install - -* Sat Jan 26 2019 Zbigniew Jędrzejewski-Szmek - 241~rc1-1 -- Update to latest release -rc1 - -* Tue Jan 15 2019 Zbigniew Jędrzejewski-Szmek - 240-6.gitf02b547 -- Add a work-around for #1663040 - -* Mon Jan 14 2019 Björn Esser -- Rebuilt for libcrypt.so.2 (#1666033) - -* Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek - 240-4.gitf02b547 -- Add a work-around for selinux issue on live images (#1663040) - -* Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek - 240-3.gitf02b547 -- systemd-journald and systemd-journal-remote reject entries which - contain too many fields (CVE-2018-16865, #1664973) and set limits on the - process' command line length (CVE-2018-16864, #1664972) -- $DBUS_SESSION_BUS_ADDRESS is again exported by pam_systemd (#1662857) -- A fix for systemd-udevd crash (#1662303) - -* Sat Dec 22 2018 Zbigniew Jędrzejewski-Szmek - 240-2 -- Add two more patches that revert recent udev changes - -* Fri Dec 21 2018 Zbigniew Jędrzejewski-Szmek - 240-1 -- Update to latest release - See https://github.com/systemd/systemd/blob/master/NEWS for the list of changes. - -* Mon Dec 17 2018 Zbigniew Jędrzejewski-Szmek - 239-10.git9f3aed1 -- Hibernation checks for resume= are rescinded (#1645870) -- Various patches: - - memory issues in logind, networkd, journald (#1653068), sd-device, etc. - - Adaptations for newer meson, lz4, kernel - - Fixes for misleading bugs in documentation -- net.ipv4.conf.all.rp_filter is changed from 1 to 2 - -* Thu Nov 29 2018 Zbigniew Jędrzejewski-Szmek -- Adjust scriptlets to modify /etc/authselect/user-nsswitch.conf - (see https://github.com/pbrezina/authselect/issues/77) -- Drop old scriptlets for nsswitch.conf modifications for nss-mymachines and nss-resolve - -* Sun Nov 18 2018 Alejandro Domínguez Muñoz -- Remove link creation for rsyslog.service - -* Thu Nov 8 2018 Adam Williamson - 239-9.git9f3aed1 -- Go back to using systemctl preset-all in %%post (#1647172, #1118740) - -* Mon Nov 5 2018 Adam Williamson - 239-8.git9f3aed1 -- Requires(post) openssl-libs to fix live image build machine-id issue - See: https://pagure.io/dusty/failed-composes/issue/960 - -* Mon Nov 5 2018 Yu Watanabe -- Set proper attributes to private directories - -* Fri Nov 2 2018 Zbigniew Jędrzejewski-Szmek - 239-7.git9f3aed1 -- Split out the rpm macros into systemd-rpm-macros subpackage (#1645298) - -* Sun Oct 28 2018 Zbigniew Jędrzejewski-Szmek - 239-6.git9f3aed1 -- Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1639076) -- Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1639071) -- Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1639067) -- The DHCP server is started only when link is UP -- DHCPv6 prefix delegation is improved -- Downgrade logging of various messages and add loging in other places -- Many many fixes in error handling and minor memory leaks and such -- Fix typos and omissions in documentation -- Typo in %%_environmnentdir rpm macro is fixed (with backwards compatiblity preserved) -- Matching by MACAddress= in systemd-networkd is fixed -- Creation of user runtime directories is improved, and the user - manager is only stopped after 10 s after the user logs out (#1642460 and other bugs) -- systemd units systemd-timesyncd, systemd-resolved, systemd-networkd are switched back to use DynamicUser=0 -- Aliases are now resolved when loading modules from pid1. This is a (redundant) fix for a brief kernel regression. -- "systemctl --wait start" exits immediately if no valid units are named -- zram devices are not considered as candidates for hibernation -- ECN is not requested for both in- and out-going connections (the sysctl overide for net.ipv4.tcp_ecn is removed) -- Various smaller improvements to unit ordering and dependencies -- generators are now called with the manager's environment -- Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential local DOS avenues -- The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an issue where - the unit file would sometimes be loaded from such a symlink, leading to non-deterministic unit contents. -- Filtering of kernel threads is improved. This fixes an issues with newer kernels where hybrid kernel/user - threads are used by bpfilter. -- "noresume" can be used on the kernel command line to force normal boot even if a hibernation images is present -- Hibernation is not advertised if resume= is not present on the kernenl command line -- Hibernation/Suspend/... modes can be disabled using AllowSuspend=, - AllowHibernation=, AllowSuspendThenHibernate=, AllowHybridSleep= -- LOGO= and DOCUMENTATION_URL= are documented for the os-release file -- The hashmap mempool is now only used internally in systemd, and is disabled for external users of the systemd libraries -- Additional state is serialized/deserialized when logind is restarted, fixing the handling of user objects -- Catalog entries for the journal are improved (#1639482) -- If suspend fails, the post-suspend hooks are still called. -- Various build issues on less-common architectures are fixed - -* Wed Oct 3 2018 Jan Synáček - 239-5 -- Fix meson using -Ddebug, which results in FTBFS -- Fix line_begins() to accept word matching full string (#1631840) - -* Mon Sep 10 2018 Zbigniew Jędrzejewski-Szmek - 239-4 -- Move /etc/yum/protected.d/systemd.conf to /etc/dnf/ (#1626969) - -* Wed Jul 18 2018 Terje Rosten - 239-3 -- Ignore return value from systemd-binfmt in scriptlet (#1565425) - -* Sun Jul 15 2018 Filipe Brandenburger -- Override systemd-user PAM config in install and not prep - -* Sat Jul 14 2018 Fedora Release Engineering -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Mon Jun 25 2018 Zbigniew Jędrzejewski-Szmek -- Rebuild for Python 3.7 again - -* Fri Jun 22 2018 Zbigniew Jędrzejewski-Szmek - 239-1 -- Update to latest version, mostly bug fixes and new functionality, - very little breaking changes. See - https://github.com/systemd/systemd/blob/v239/NEWS for details. - -* Tue Jun 19 2018 Miro Hrončok -- Rebuilt for Python 3.7 - -* Fri May 11 2018 Zbigniew Jędrzejewski-Szmek - 238-8.git0e0aa59 -- Backport a number of patches (documentation, hwdb updates) -- Fixes for tmpfiles 'e' entries -- systemd-networkd crashes -- XEN virtualization detection on hyper-v -- Avoid relabelling /sys/fs/cgroup if not needed (#1576240) - -* Wed Apr 18 2018 Zbigniew Jędrzejewski-Szmek - 238-7.fc28.1 -- Allow fake Delegate= setting on slices (#1568594) - -* Wed Mar 28 2018 Zbigniew Jędrzejewski-Szmek - 238-7 -- Move udev transfiletriggers to the right package, fix quoting - -* Tue Mar 27 2018 Colin Walters - 238-6 -- Use shell for triggers; see https://github.com/systemd/systemd/pull/8550 - This fixes compatibility with rpm-ostree. - -* Tue Mar 20 2018 Zbigniew Jędrzejewski-Szmek - 238-5 -- Backport patch to revert inadvertent change of "predictable" interface name (#1558027) - -* Fri Mar 16 2018 Zbigniew Jędrzejewski-Szmek - 238-4 -- Do not close dbus connection during dbus reload call (#1554578) - -* Wed Mar 7 2018 Zbigniew Jędrzejewski-Szmek - 238-3 -- Revert the patches for GRUB BootLoaderSpec support -- Add patch for /etc/machine-id creation (#1552843) - -* Tue Mar 6 2018 Yu Watanabe - 238-2 -- Fix transfiletrigger script (#1551793) - -* Mon Mar 5 2018 Zbigniew Jędrzejewski-Szmek - 238-1 -- Update to latest version -- This fixes a hard-to-trigger potential vulnerability (CVE-2018-6954) -- New transfiletriggers are installed for udev hwdb and rules, the journal - catalog, sysctl.d, binfmt.d, sysusers.d, tmpfiles.d. - -* Tue Feb 27 2018 Javier Martinez Canillas - 237-7.git84c8da5 -- Add patch to install kernel images for GRUB BootLoaderSpec support - -* Sat Feb 24 2018 Zbigniew Jędrzejewski-Szmek - 237-6.git84c8da5 -- Create /etc/systemd in %%post libs if necessary (#1548607) - -* Fri Feb 23 2018 Adam Williamson - 237-5.git84c8da5 -- Use : not touch to create file in -libs %%post - -* Thu Feb 22 2018 Patrick Uiterwijk - 237-4.git84c8da5 -- Add coreutils dep for systemd-libs %%post -- Add patch to typecast USB IDs to avoid compile failure - -* Wed Feb 21 2018 Zbigniew Jędrzejewski-Szmek - 237-3.git84c8da5 -- Update some patches for test skipping that were updated upstream - before merging -- Add /usr/lib/systemd/purge-nobody-user — a script to check if nobody is defined - correctly and possibly replace existing mappings - -* Tue Feb 20 2018 Zbigniew Jędrzejewski-Szmek - 237-2.gitdff4849 -- Backport a bunch of patches, most notably for the journal and various - memory issues. Some minor build fixes. -- Switch to new ldconfig macros that do nothing in F28+ -- /etc/systemd/dont-synthesize-nobody is created in %%post if nfsnobody - or nobody users are defined (#1537262) - -* Fri Feb 9 2018 Zbigniew Jędrzejeweski-Szmek - 237-1.git78bd769 -- Update to first stable snapshot (various minor memory leaks and misaccesses, - some documentation bugs, build fixes). - -* Sun Jan 28 2018 Zbigniew Jędrzejewski-Szmek - 237-1 -- Update to latest version - -* Sun Jan 21 2018 Björn Esser - 236-4.git3e14c4c -- Add patch to include if needed - -* Sat Jan 20 2018 Björn Esser - 236-3.git3e14c4c -- Rebuilt for switch to libxcrypt - -* Thu Jan 11 2018 Zbigniew Jędrzejewski-Szmek - 236-2.git23e14c4 -- Backport a bunch of bugfixes from upstream (#1531502, #1531381, #1526621 - various memory corruptions in systemd-networkd) -- /dev/kvm is marked as a static node which fixes permissions on s390x - and ppc64 (#1532382) - -* Fri Dec 15 2017 Zbigniew Jędrzejewski-Szmek - 236-1 -- Update to latest version - -* Mon Dec 11 2017 Zbigniew Jędrzejewski-Szmek - 235-5.git4a0e928 -- Update to latest git snapshot, do not build for realz -- Switch to libidn2 again (#1449145) - -* Tue Nov 07 2017 Zbigniew Jędrzejewski-Szmek - 235-4 -- Rebuild for cryptsetup-2.0.0-0.2.fc28 - -* Wed Oct 25 2017 Zbigniew Jędrzejewski-Szmek - 235-3 -- Backport a bunch of patches, including LP#172535 - -* Wed Oct 18 2017 Zbigniew Jędrzejewski-Szmek - 235-2 -- Patches for cryptsetup _netdev - -* Fri Oct 6 2017 Zbigniew Jędrzejewski-Szmek - 235-1 -- Update to latest version - -* Tue Sep 26 2017 Nathaniel McCallum - 234-8 -- Backport /etc/crypttab _netdev feature from upstream - -* Thu Sep 21 2017 Michal Sekletar - 234-7 -- Make sure to remove all device units sharing the same sysfs path (#1475570) - -* Mon Sep 18 2017 Zbigniew Jędrzejewski-Szmek - 234-6 -- Bump xslt recursion limit for libxslt-1.30 - -* Mon Jul 31 2017 Zbigniew Jędrzejewski-Szmek - 234-5 -- Backport more patches (#1476005, hopefully #1462378) - -* Thu Jul 27 2017 Fedora Release Engineering -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Mon Jul 17 2017 Zbigniew Jędrzejewski-Szmek - 234-3 -- Fix x-systemd.timeout=0 in /etc/fstab (#1462378) -- Minor patches (memleaks, --help fixes, seccomp on arm64) - -* Thu Jul 13 2017 Zbigniew Jędrzejewski-Szmek - 234-2 -- Create kvm group (#1431876) - -* Thu Jul 13 2017 Zbigniew Jędrzejewski-Szmek - 234-1 -- Latest release - -* Sat Jul 1 2017 Zbigniew Jędrzejewski-Szmek - 233-7.git74d8f1c -- Update to snapshot -- Build with meson again - -* Tue Jun 27 2017 Zbigniew Jędrzejewski-Szmek - 233-6 -- Fix an out-of-bounds write in systemd-resolved (CVE-2017-9445) - -* Fri Jun 16 2017 Zbigniew Jędrzejewski-Szmek - 233-5.gitec36d05 -- Update to snapshot version, build with meson - -* Thu Jun 15 2017 Zbigniew Jędrzejewski-Szmek - 233-4 -- Backport a bunch of small fixes (memleaks, wrong format strings, - man page clarifications, shell completion) -- Fix systemd-resolved crash on crafted DNS packet (CVE-2017-9217, #1455493) -- Fix systemd-vconsole-setup.service error on systems with no VGA console (#1272686) -- Drop soft-static uid for systemd-journal-gateway -- Use ID from /etc/os-release as ntpvendor - -* Thu Mar 16 2017 Michal Sekletar - 233-3 -- Backport bugfixes from upstream -- Don't return error when machinectl couldn't figure out container IP addresses (#1419501) - -* Thu Mar 2 2017 Zbigniew Jędrzejewski-Szmek - 233-2 -- Fix installation conflict with polkit - -* Thu Mar 2 2017 Zbigniew Jędrzejewski-Szmek - 233-1 -- New upstream release (#1416201, #1405439, #1420753, many others) -- New systemd-tests subpackage with "installed tests" - -* Thu Feb 16 2017 Zbigniew Jędrzejewski-Szmek - 232-15 -- Add %%ghost %%dir entries for .wants dirs of our targets (#1422894) - -* Tue Feb 14 2017 Zbigniew Jędrzejewski-Szmek - 232-14 -- Ignore the hwdb parser test - -* Tue Feb 14 2017 Jan Synáček - 232-14 -- machinectl fails when virtual machine is running (#1419501) - -* Sat Feb 11 2017 Fedora Release Engineering - 232-13 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Tue Jan 31 2017 Zbigniew Jędrzejewski-Szmek - 232-12 -- Backport patch for initrd-switch-root.service getting killed (#1414904) -- Fix sd-journal-gatewayd -D, --trust, and COREDUMP_CONTAINER_CMDLINE - extraction by sd-coredump. - -* Sun Jan 29 2017 zbyszek - 232-11 -- Backport a number of patches (#1411299, #1413075, #1415745, - ##1415358, #1416588, #1408884) -- Fix various memleaks and unitialized variable access -- Shell completion enhancements -- Enable TPM logging by default (#1411156) -- Update hwdb (#1270124) - -* Thu Jan 19 2017 Adam Williamson - 232-10 -- Backport fix for boot failure in initrd-switch-root (#1414904) - -* Wed Jan 18 2017 Zbigniew Jędrzejewski-Szmek - 232-9 -- Add fake dependency on systemd-pam to systemd-devel to ensure systemd-pam - is available as multilib (#1414153) - -* Tue Jan 17 2017 Zbigniew Jędrzejewski-Szmek - 232-8 -- Fix buildsystem to check for lz4 correctly (#1404406) - -* Wed Jan 11 2017 Zbigniew Jędrzejewski-Szmek - 232-7 -- Various small tweaks to scriplets - -* Sat Jan 07 2017 Kevin Fenzi - 232-6 -- Fix scriptlets to never fail in libs post - -* Fri Jan 06 2017 Kevin Fenzi - 232-5 -- Add patch from Michal Schmidt to avoid process substitution (#1392236) - -* Sun Nov 6 2016 Zbigniew Jędrzejewski-Szmek - 232-4 -- Rebuild (#1392236) - -* Fri Nov 4 2016 Zbigniew Jędrzejewski-Szmek - 232-3 -- Make /etc/dbus-1/system.d directory non-%%ghost - -* Fri Nov 4 2016 Zbigniew Jędrzejewski-Szmek - 232-2 -- Fix kernel-install (#1391829) -- Restore previous systemd-user PAM config (#1391836) -- Move journal-upload.conf.5 from systemd main to journal-remote subpackage (#1391833) -- Fix permissions on /var/lib/systemd/journal-upload (#1262665) - -* Thu Nov 3 2016 Zbigniew Jędrzejewski-Szmek - 232-1 -- Update to latest version (#998615, #1181922, #1374371, #1390704, #1384150, #1287161) -- Add %%{_isa} to Provides on arch-full packages (#1387912) -- Create systemd-coredump user in %%pre (#1309574) -- Replace grubby patch with a short-circuiting install.d "plugin" -- Enable nss-systemd in the passwd, group lines in nsswith.conf -- Add [!UNAVAIL=return] fallback after nss-resolve in hosts line in nsswith.conf -- Move systemd-nspawn man pages to the right subpackage (#1391703) - -* Tue Oct 18 2016 Jan Synáček - 231-11 -- SPC - Cannot restart host operating from container (#1384523) - -* Sun Oct 9 2016 Zbigniew Jędrzejewski-Szmek - 231-10 -- Do not recreate /var/log/journal on upgrades (#1383066) -- Move nss-myhostname provides to systemd-libs (#1383271) - -* Fri Oct 7 2016 Zbigniew Jędrzejewski-Szmek - 231-9 -- Fix systemctl set-default (#1374371) -- Prevent systemd-udev-trigger.service from restarting (follow-up for #1378974) - -* Tue Oct 4 2016 Zbigniew Jędrzejewski-Szmek - 231-8 -- Apply fix for #1378974 - -* Mon Oct 3 2016 Zbigniew Jędrzejewski-Szmek - 231-7 -- Apply patches properly - -* Thu Sep 29 2016 Zbigniew Jędrzejewski-Szmek - 231-6 -- Better fix for (#1380286) - -* Thu Sep 29 2016 Zbigniew Jędrzejewski-Szmek - 231-5 -- Denial-of-service bug against pid1 (#1380286) - -* Thu Aug 25 2016 Zbigniew Jędrzejewski-Szmek - 231-4 -- Fix preset-all (#1363858) -- Fix issue with daemon-reload messing up graphics (#1367766) -- A few other bugfixes - -* Wed Aug 03 2016 Adam Williamson - 231-3 -- Revert preset-all change, it broke stuff (#1363858) - -* Wed Jul 27 2016 Zbigniew Jędrzejewski-Szmek - 231-2 -- Call preset-all on initial installation (#1118740) -- Fix botched Recommends for libxkbcommon - -* Tue Jul 26 2016 Zbigniew Jędrzejewski-Szmek - 231-1 -- Update to latest version - -* Wed Jun 8 2016 Zbigniew Jędrzejewski-Szmek - 230-3 -- Update to latest git snapshot (fixes for systemctl set-default, - polkit lingering policy, reversal of the framebuffer rules, - unaligned access fixes, fix for StartupBlockIOWeight-over-dbus). - Those changes are interspersed with other changes and new features - (mostly in lldp, networkd, and nspawn). Some of those new features - might not work, but I think that existing functionality should not - be broken, so it seems worthwile to update to the snapshot. - -* Sat May 21 2016 Zbigniew Jędrzejewski-Szmek - 230-2 -- Remove systemd-compat-libs on upgrade - -* Sat May 21 2016 Zbigniew Jędrzejewski-Szmek - 230-1 -- New version -- Drop compat-libs -- Require libxkbcommon explictly, since the automatic dependency will - not be generated anymore - -* Tue Apr 26 2016 Zbigniew Jędrzejewski-Szmek - 229-15 -- Remove duplicated entries in -container %%files (#1330395) - -* Fri Apr 22 2016 Zbigniew Jędrzejewski-Szmek - 229-14 -- Move installation of udev services to udev subpackage (#1329023) - -* Mon Apr 18 2016 Zbigniew Jędrzejewski-Szmek - 229-13 -- Split out systemd-pam subpackage (#1327402) - -* Mon Apr 18 2016 Harald Hoyer - 229-12 -- move more binaries and services from the main package to subpackages - -* Mon Apr 18 2016 Harald Hoyer - 229-11 -- move more binaries and services from the main package to subpackages - -* Mon Apr 18 2016 Harald Hoyer - 229-10 -- move device dependant stuff to the udev subpackage - -* Tue Mar 22 2016 Zbigniew Jędrzejewski-Szmek - 229-9 -- Add myhostname to /etc/nsswitch.conf (#1318303) - -* Mon Mar 21 2016 Harald Hoyer - 229-8 -- fixed kernel-install for copying files for grubby -Resolves: rhbz#1299019 - -* Thu Mar 17 2016 Zbigniew Jędrzejewski-Szmek - 229-7 -- Moar patches (#1316964, #1317928) -- Move vconsole-setup and tmpfiles-setup-dev bits to systemd-udev -- Protect systemd-udev from deinstallation - -* Fri Mar 11 2016 Zbigniew Jędrzejewski-Szmek - 229-6 -- Create /etc/resolv.conf symlink from systemd-resolved (#1313085) - -* Fri Mar 4 2016 Zbigniew Jędrzejewski-Szmek - 229-5 -- Split out systemd-container subpackage (#1163412) -- Split out system-udev subpackage -- Add various bugfix patches, incl. a tentative fix for #1308771 - -* Tue Mar 1 2016 Peter Robinson 229-4 -- Power64 and s390(x) now have libseccomp support -- aarch64 has gnu-efi - -* Tue Feb 23 2016 Jan Synáček - 229-3 -- Fix build failures on ppc64 (#1310800) - -* Tue Feb 16 2016 Dennis Gilmore - 229-2 -- revert: fixed kernel-install for copying files for grubby -Resolves: rhbz#1299019 -- this causes the dtb files to not get installed at all and the fdtdir -- line in extlinux.conf to not get updated correctly - -* Thu Feb 11 2016 Michal Sekletar - 229-1 -- New upstream release - -* Thu Feb 11 2016 Harald Hoyer - 228-10.gite35a787 -- fixed kernel-install for copying files for grubby -Resolves: rhbz#1299019 - -* Fri Feb 05 2016 Fedora Release Engineering - 228-9.gite35a787 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Wed Jan 27 2016 Peter Robinson 228-8.gite35a787 -- Rebuild for binutils on aarch64 fix - -* Fri Jan 08 2016 Dan Horák - 228-7.gite35a787 -- apply the conflict with fedora-release only in Fedora - -* Thu Dec 10 2015 Jan Synáček - 228-6.gite35a787 -- Fix rawhide build failures on ppc64 (#1286249) - -* Sun Nov 29 2015 Zbigniew Jędrzejewski-Szmek - 228-6.gite35a787 -- Create /etc/systemd/network (#1286397) - -* Thu Nov 26 2015 Zbigniew Jędrzejewski-Szmek - 228-5.gite35a787 -- Do not install nss modules by default - -* Tue Nov 24 2015 Zbigniew Jędrzejewski-Szmek - 228-4.gite35a787 -- Update to latest upstream git: there is a bunch of fixes - (nss-mymachines overflow bug, networkd fixes, more completions are - properly installed), mixed with some new resolved features. -- Rework file triggers so that they always run before daemons are restarted - -* Thu Nov 19 2015 Zbigniew Jędrzejewski-Szmek - 228-3 -- Enable rpm file triggers for daemon-reload - -* Thu Nov 19 2015 Zbigniew Jędrzejewski-Szmek - 228-2 -- Fix version number in obsoleted package name (#1283452) - -* Wed Nov 18 2015 Kay Sievers - 228-1 -- New upstream release - -* Thu Nov 12 2015 Zbigniew Jędrzejewski-Szmek - 227-7 -- Rename journal-gateway subpackage to journal-remote -- Ignore the access mode on /var/log/journal (#1048424) -- Do not assume fstab is present (#1281606) - -* Wed Nov 11 2015 Fedora Release Engineering - 227-6 -- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 - -* Tue Nov 10 2015 Lukáš Nykrýn - 227-5 -- Rebuild for libmicrohttpd soname bump - -* Fri Nov 06 2015 Robert Kuska - 227-4 -- Rebuilt for Python3.5 rebuild - -* Wed Nov 4 2015 Zbigniew Jędrzejewski-Szmek - 227-3 -- Fix syntax in kernel-install (#1277264) - -* Tue Nov 03 2015 Michal Schmidt - 227-2 -- Rebuild for libmicrohttpd soname bump. - -* Wed Oct 7 2015 Kay Sievers - 227-1 -- New upstream release - -* Fri Sep 18 2015 Jan Synáček - 226-3 -- user systemd-journal-upload should be in systemd-journal group (#1262743) - -* Fri Sep 18 2015 Kay Sievers - 226-2 -- Add selinux to system-user PAM config - -* Tue Sep 8 2015 Kay Sievers - 226-1 -- New upstream release - -* Thu Aug 27 2015 Kay Sievers - 225-1 -- New upstream release - -* Fri Jul 31 2015 Kay Sievers - 224-1 -- New upstream release - -* Wed Jul 29 2015 Kay Sievers - 223-2 -- update to git snapshot - -* Wed Jul 29 2015 Kay Sievers - 223-1 -- New upstream release - -* Thu Jul 9 2015 Zbigniew Jędrzejewski-Szmek - 222-2 -- Remove python subpackages (python-systemd in now standalone) - -* Tue Jul 7 2015 Kay Sievers - 222-1 -- New upstream release - -* Mon Jul 6 2015 Kay Sievers - 221-5.git619b80a -- update to git snapshot - -* Mon Jul 6 2015 Zbigniew Jędrzejewski-Szmek - 221-4.git604f02a -- Add example file with yama config (#1234951) - -* Sun Jul 5 2015 Kay Sievers - 221-3.git604f02a -- update to git snapshot - -* Mon Jun 22 2015 Kay Sievers - 221-2 -- build systemd-boot EFI tools - -* Fri Jun 19 2015 Lennart Poettering - 221-1 -- New upstream release -- Undoes botched translation check, should be reinstated later? - -* Fri Jun 19 2015 Fedora Release Engineering - 220-10 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Thu Jun 11 2015 Peter Robinson 220-9 -- The gold linker is now fixed on aarch64 - -* Tue Jun 9 2015 Zbigniew Jędrzejewski-Szmek - 220-8 -- Remove gudev which is now provided as separate package (libgudev) -- Fix for spurious selinux denials (#1224211) -- Udev change events (#1225905) -- Patches for some potential crashes -- ProtectSystem=yes does not touch /home -- Man page fixes, hwdb updates, shell completion updates -- Restored persistent device symlinks for bcache, xen block devices -- Tag all DRM cards as master-of-seat - -* Tue Jun 09 2015 Harald Hoyer 220-7 -- fix udev block device watch - -* Tue Jun 09 2015 Harald Hoyer 220-6 -- add support for network disk encryption - -* Sun Jun 7 2015 Peter Robinson 220-5 -- Disable gold on aarch64 until it's fixed (tracked in rhbz #1225156) - -* Sat May 30 2015 Zbigniew Jędrzejewski-Szmek - 220-4 -- systemd-devel should require systemd-libs, not the main package (#1226301) -- Check for botched translations (#1226566) -- Make /etc/udev/hwdb.d part of the rpm (#1226379) - -* Thu May 28 2015 Richard W.M. Jones - 220-3 -- Add patch to fix udev --daemon not cleaning child processes - (upstream commit 86c3bece38bcf5). - -* Wed May 27 2015 Richard W.M. Jones - 220-2 -- Add patch to fix udev --daemon crash (upstream commit 040e689654ef08). - -* Thu May 21 2015 Lennart Poettering - 220-1 -- New upstream release -- Drop /etc/mtab hack, as that's apparently fixed in mock now (#1116158) -- Remove ghosting for /etc/systemd/system/runlevel*.target, these - targets are not configurable anymore in systemd upstream -- Drop work-around for #1002806, since this is solved upstream now - -* Wed May 20 2015 Dennis Gilmore - 219-15 -- fix up the conflicts version for fedora-release - -* Wed May 20 2015 Zbigniew Jędrzejewski-Szmek - 219-14 -- Remove presets (#1221340) -- Fix (potential) crash and memory leak in timedated, locking failure - in systemd-nspawn, crash in resolved. -- journalctl --list-boots should be faster -- zsh completions are improved -- various ommissions in docs are corrected (#1147651) -- VARIANT and VARIANT_ID fields in os-release are documented -- systemd-fsck-root.service is generated in the initramfs (#1201979, #1107818) -- systemd-tmpfiles should behave better on read-only file systems (#1207083) - -* Wed Apr 29 2015 Zbigniew Jędrzejewski-Szmek - 219-13 -- Patches for some outstanding annoyances -- Small keyboard hwdb updates - -* Wed Apr 8 2015 Zbigniew Jędrzejewski-Szmek - 219-12 -- Tighten requirements between subpackages (#1207381). - -* Sun Mar 22 2015 Zbigniew Jędrzejewski-Szmek - 219-11 -- Move all parts systemd-journal-{remote,upload} to - systemd-journal-gatewayd subpackage (#1193143). -- Create /var/lib/systemd/journal-upload directory (#1193145). -- Cut out lots of stupid messages at debug level which were obscuring more - important stuff. -- Apply "tentative" state for devices only when they are added, not removed. -- Ignore invalid swap pri= settings (#1204336) -- Fix SELinux check for timedated operations to enable/disable ntp (#1014315) -- Fix comparing of filesystem paths (#1184016) - -* Sat Mar 14 2015 Zbigniew Jędrzejewski-Szmek - 219-10 -- Fixes for bugs 1186018, 1195294, 1185604, 1196452. -- Hardware database update. -- Documentation fixes. -- A fix for journalctl performance regression. -- Fix detection of inability to open files in journalctl. -- Detect SuperH architecture properly. -- The first of duplicate lines in tmpfiles wins again. -- Do vconsole setup after loading vconsole driver, not fbcon. -- Fix problem where some units were restarted during systemd reexec. -- Fix race in udevadm settle tripping up NetworkManager. -- Downgrade various log messages. -- Fix issue where journal-remote would process some messages with a delay. -- GPT /srv partition autodiscovery is fixed. -- Reconfigure old Finnish keymaps in post (#1151958) - -* Tue Mar 10 2015 Jan Synáček - 219-9 -- Buttons on Lenovo X6* tablets broken (#1198939) - -* Tue Mar 3 2015 Zbigniew Jędrzejewski-Szmek - 219-8 -- Reworked device handling (#1195761) -- ACL handling fixes (with a script in %%post) -- Various log messages downgraded (#1184712) -- Allow PIE on s390 again (#1197721) - -* Wed Feb 25 2015 Michal Schmidt - 219-7 -- arm: reenable lto. gcc-5.0.0-0.16 fixed the crash (#1193212) - -* Tue Feb 24 2015 Colin Walters - 219-6 -- Revert patch that breaks Atomic/OSTree (#1195761) - -* Fri Feb 20 2015 Michal Schmidt - 219-5 -- Undo the resolv.conf workaround, Aim for a proper fix in Rawhide. - -* Fri Feb 20 2015 Michal Schmidt - 219-4 -- Revive fedora-disable-resolv.conf-symlink.patch to unbreak composes. - -* Wed Feb 18 2015 Michal Schmidt - 219-3 -- arm: disabling gold did not help; disable lto instead (#1193212) - -* Tue Feb 17 2015 Peter Jones - 219-2 -- Update 90-default.present for dbxtool. - -* Mon Feb 16 2015 Lennart Poettering - 219-1 -- New upstream release -- This removes the sysctl/bridge hack, a different solution needs to be found for this (see #634736) -- This removes the /etc/resolv.conf hack, anaconda needs to fix their handling of /etc/resolv.conf as symlink -- This enables "%%check" -- disable gold on arm, as that is broken (see #1193212) - -* Mon Feb 16 2015 Peter Robinson 218-6 -- aarch64 now has seccomp support - -* Thu Feb 05 2015 Michal Schmidt - 218-5 -- Don't overwrite systemd.macros with unrelated Source file. - -* Thu Feb 5 2015 Jan Synáček - 218-4 -- Add a touchpad hwdb (#1189319) - -* Thu Jan 15 2015 Zbigniew Jędrzejewski-Szmek - 218-4 -- Enable xkbcommon dependency to allow checking of keymaps -- Fix permissions of /var/log/journal (#1048424) -- Enable timedatex in presets (#1187072) -- Disable rpcbind in presets (#1099595) - -* Wed Jan 7 2015 Jan Synáček - 218-3 -- RFE: journal: automatically rotate the file if it is unlinked (#1171719) - -* Mon Jan 05 2015 Zbigniew Jędrzejewski-Szmek - 218-3 -- Add firewall description files (#1176626) - -* Thu Dec 18 2014 Jan Synáček - 218-2 -- systemd-nspawn doesn't work on s390/s390x (#1175394) - -* Wed Dec 10 2014 Lennart Poettering - 218-1 -- New upstream release -- Enable "nss-mymachines" in /etc/nsswitch.conf - -* Thu Nov 06 2014 Zbigniew Jędrzejewski-Szmek - 217-4 -- Change libgudev1 to only require systemd-libs (#727499), there's - no need to require full systemd stack. -- Fixes for bugs #1159448, #1152220, #1158035. -- Bash completions updates to allow propose more units for start/restart, - and completions for set-default,get-default. -- Again allow systemctl enable of instances. -- Hardware database update and fixes. -- Udev crash on invalid options and kernel commandline timeout parsing are fixed. -- Add "embedded" chassis type. -- Sync before 'reboot -f'. -- Fix restarting of timer units. - -* Wed Nov 05 2014 Michal Schmidt - 217-3 -- Fix hanging journal flush (#1159641) - -* Fri Oct 31 2014 Michal Schmidt - 217-2 -- Fix ordering cycles involving systemd-journal-flush.service and - remote-fs.target (#1159117) - -* Tue Oct 28 2014 Lennart Poettering - 217-1 -- New upstream release - -* Fri Oct 17 2014 Zbigniew Jędrzejewski-Szmek - 216-12 -- Drop PackageKit.service from presets (#1154126) - -* Mon Oct 13 2014 Zbigniew Jędrzejewski-Szmek - 216-11 -- Conflict with old versions of initscripts (#1152183) -- Remove obsolete Finnish keymap (#1151958) - -* Fri Oct 10 2014 Zbigniew Jędrzejewski-Szmek - 216-10 -- Fix a problem with voluntary daemon exits and some other bugs - (#1150477, #1095962, #1150289) - -* Fri Oct 03 2014 Zbigniew Jędrzejewski-Szmek - 216-9 -- Update to latest git, but without the readahead removal patch - (#1114786, #634736) - -* Wed Oct 01 2014 Kay Sievers - 216-8 -- revert "don't reset selinux context during CHANGE events" - -* Wed Oct 01 2014 Lukáš Nykrýn - 216-7 -- add temporary workaround for #1147910 -- don't reset selinux context during CHANGE events - -* Wed Sep 10 2014 Michal Schmidt - 216-6 -- Update timesyncd with patches to avoid hitting NTP pool too often. - -* Tue Sep 09 2014 Michal Schmidt - 216-5 -- Use common CONFIGURE_OPTS for build2 and build3. -- Configure timesyncd with NTP servers from Fedora/RHEL vendor zone. - -* Wed Sep 03 2014 Zbigniew Jędrzejewski-Szmek - 216-4 -- Move config files for sd-j-remote/upload to sd-journal-gateway subpackage (#1136580) - -* Thu Aug 28 2014 Peter Robinson 216-3 -- Drop no LTO build option for aarch64/s390 now it's fixed in binutils (RHBZ 1091611) - -* Thu Aug 21 2014 Zbigniew Jędrzejewski-Szmek - 216-2 -- Re-add patch to disable resolve.conf symlink (#1043119) - -* Wed Aug 20 2014 Lennart Poettering - 216-1 -- New upstream release - -* Mon Aug 18 2014 Fedora Release Engineering - 215-12 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - -* Wed Aug 13 2014 Dan Horák 215-11 -- disable LTO also on s390(x) - -* Sat Aug 09 2014 Harald Hoyer 215-10 -- fixed PPC64LE - -* Wed Aug 6 2014 Tom Callaway - 215-9 -- fix license handling - -* Wed Jul 30 2014 Zbigniew Jędrzejewski-Szmek - 215-8 -- Create systemd-journal-remote and systemd-journal-upload users (#1118907) - -* Thu Jul 24 2014 Zbigniew Jędrzejewski-Szmek - 215-7 -- Split out systemd-compat-libs subpackage - -* Tue Jul 22 2014 Kalev Lember - 215-6 -- Rebuilt for gobject-introspection 1.41.4 - -* Mon Jul 21 2014 Zbigniew Jędrzejewski-Szmek - 215-5 -- Fix SELinux context of /etc/passwd-, /etc/group-, /etc/.updated (#1121806) -- Add missing BR so gnutls and elfutils are used - -* Sat Jul 19 2014 Zbigniew Jędrzejewski-Szmek - 215-4 -- Various man page updates -- Static device node logic is conditionalized on CAP_SYS_MODULES instead of CAP_MKNOD - for better behaviour in containers -- Some small networkd link handling fixes -- vconsole-setup runs setfont before loadkeys (https://bugs.freedesktop.org/show_bug.cgi?id=80685) -- New systemd-escape tool -- XZ compression settings are tweaked to greatly improve journald performance -- "watch" is accepted as chassis type -- Various sysusers fixes, most importantly correct selinux labels -- systemd-timesyncd bug fix (https://bugs.freedesktop.org/show_bug.cgi?id=80932) -- Shell completion improvements -- New udev tag ID_SOFTWARE_RADIO can be used to instruct logind to allow user access -- XEN and s390 virtualization is properly detected - -* Mon Jul 07 2014 Colin Walters - 215-3 -- Add patch to disable resolve.conf symlink (#1043119) - -* Sun Jul 06 2014 Zbigniew Jędrzejewski-Szmek - 215-2 -- Move systemd-journal-remote to systemd-journal-gateway package (#1114688) -- Disable /etc/mtab handling temporarily (#1116158) - -* Thu Jul 03 2014 Lennart Poettering - 215-1 -- New upstream release -- Enable coredump logic (which abrt would normally override) - -* Sun Jun 29 2014 Peter Robinson 214-5 -- On aarch64 disable LTO as it still has issues on that arch - -* Thu Jun 26 2014 Zbigniew Jędrzejewski-Szmek - 214-4 -- Bugfixes (#996133, #1112908) - -* Mon Jun 23 2014 Zbigniew Jędrzejewski-Szmek - 214-3 -- Actually create input group (#1054549) - -* Sun Jun 22 2014 Zbigniew Jędrzejewski-Szmek - 214-2 -- Do not restart systemd-logind on upgrades (#1110697) -- Add some patches (#1081429, #1054549, #1108568, #928962) - -* Wed Jun 11 2014 Lennart Poettering - 214-1 -- New upstream release -- Get rid of "floppy" group, since udev uses "disk" now -- Reenable LTO - -* Sun Jun 08 2014 Fedora Release Engineering - 213-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Wed May 28 2014 Kay Sievers - 213-3 -- fix systemd-timesync user creation - -* Wed May 28 2014 Michal Sekletar - 213-2 -- Create temporary files after installation (#1101983) -- Add sysstat-collect.timer, sysstat-summary.timer to preset policy (#1101621) - -* Wed May 28 2014 Kay Sievers - 213-1 -- New upstream release - -* Tue May 27 2014 Kalev Lember - 212-6 -- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 - -* Fri May 23 2014 Adam Williamson - 212-5 -- revert change from 212-4, causes boot fail on single CPU boxes (RHBZ 1095891) - -* Wed May 07 2014 Kay Sievers - 212-4 -- add netns udev workaround - -* Wed May 07 2014 Michal Sekletar - 212-3 -- enable uuidd.socket by default (#1095353) - -* Sat Apr 26 2014 Peter Robinson 212-2 -- Disable building with -flto for the moment due to gcc 4.9 issues (RHBZ 1091611) - -* Tue Mar 25 2014 Lennart Poettering - 212-1 -- New upstream release - -* Mon Mar 17 2014 Peter Robinson 211-2 -- Explicitly define which upstream platforms support libseccomp - -* Tue Mar 11 2014 Lennart Poettering - 211-1 -- New upstream release - -* Mon Mar 10 2014 Zbigniew Jędrzejewski-Szmek - 210-8 -- Fix logind unpriviledged reboot issue and a few other minor fixes -- Limit generator execution time -- Recognize buttonless joystick types - -* Fri Mar 07 2014 Karsten Hopp 210-7 -- ppc64le needs link warnings disabled, too - -* Fri Mar 07 2014 Karsten Hopp 210-6 -- move ifarch ppc64le to correct place (libseccomp req) - -* Fri Mar 07 2014 Zbigniew Jędrzejewski-Szmek - 210-5 -- Bugfixes: #1047568, #1047039, #1071128, #1073402 -- Bash completions for more systemd tools -- Bluetooth database update -- Manpage fixes - -* Thu Mar 06 2014 Zbigniew Jędrzejewski-Szmek - 210-4 -- Apply work-around for ppc64le too (#1073647). - -* Sat Mar 01 2014 Zbigniew Jędrzejewski-Szmek - 210-3 -- Backport a few patches, add completion for systemd-nspawn. - -* Fri Feb 28 2014 Zbigniew Jędrzejewski-Szmek - 210-3 -- Apply work-arounds for ppc/ppc64 for bugs 1071278 and 1071284 - -* Mon Feb 24 2014 Lennart Poettering - 210-2 -- Check more services against preset list and enable by default - -* Mon Feb 24 2014 Lennart Poettering - 210-1 -- new upstream release - -* Sun Feb 23 2014 Zbigniew Jędrzejewski-Szmek - 209-2.gitf01de96 -- Enable dnssec-triggerd.service by default (#1060754) - -* Sun Feb 23 2014 Kay Sievers - 209-2.gitf01de96 -- git snapshot to sort out ARM build issues - -* Thu Feb 20 2014 Lennart Poettering - 209-1 -- new upstream release - -* Tue Feb 18 2014 Zbigniew Jędrzejewski-Szmek - 208-15 -- Make gpsd lazily activated (#1066421) - -* Mon Feb 17 2014 Zbigniew Jędrzejewski-Szmek - 208-14 -- Back out patch which causes user manager to be destroyed when unneeded - and spams logs (#1053315) - -* Sun Feb 16 2014 Zbigniew Jędrzejewski-Szmek - 208-13 -- A different fix for #1023820 taken from Mageia -- Backported fix for #997031 -- Hardward database updates, man pages improvements, a few small memory - leaks, utf-8 correctness and completion fixes -- Support for key-slot option in crypttab - -* Sat Jan 25 2014 Ville Skyttä - 208-12 -- Own the %%{_prefix}/lib/kernel(/*) and %%{_datadir}/zsh(/*) dirs. - -* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-11 -- Backport a few fixes, relevant documentation updates, and HWDB changes - (#1051797, #1051768, #1047335, #1047304, #1047186, #1045849, #1043304, - #1043212, #1039351, #1031325, #1023820, #1017509, #953077) -- Flip journalctl to --full by default (#984758) - -* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-9 -- Apply two patches for #1026860 - -* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-8 -- Bump release to stay ahead of f20 - -* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-7 -- Backport patches (#1023041, #1036845, #1006386?) -- HWDB update -- Some small new features: nspawn --drop-capability=, running PID 1 under - valgrind, "yearly" and "annually" in calendar specifications -- Some small documentation and logging updates - -* Tue Nov 19 2013 Zbigniew Jędrzejewski-Szmek - 208-6 -- Bump release to stay ahead of f20 - -* Tue Nov 19 2013 Zbigniew Jędrzejewski-Szmek - 208-5 -- Use unit name in PrivateTmp= directories (#957439) -- Update manual pages, completion scripts, and hardware database -- Configurable Timeouts/Restarts default values -- Support printing of timestamps on the console -- Fix some corner cases in detecting when writing to the console is safe -- Python API: convert keyword values to string, fix sd_is_booted() wrapper -- Do not tread missing /sbin/fsck.btrfs as an error (#1015467) -- Allow masking of fsck units -- Advertise hibernation to swap files -- Fix SO_REUSEPORT settings -- Prefer converted xkb keymaps to legacy keymaps (#981805, #1026872) -- Make use of newer kmod -- Assorted bugfixes: #1017161, #967521, #988883, #1027478, #821723, #1014303 - -* Tue Oct 22 2013 Zbigniew Jędrzejewski-Szmek - 208-4 -- Add temporary fix for #1002806 - -* Mon Oct 21 2013 Zbigniew Jędrzejewski-Szmek - 208-3 -- Backport a bunch of fixes and hwdb updates - -* Wed Oct 2 2013 Lennart Poettering - 208-2 -- Move old random seed and backlight files into the right place - -* Wed Oct 2 2013 Lennart Poettering - 208-1 -- New upstream release - -* Thu Sep 26 2013 Zbigniew Jędrzejewski-Szmek 207-5 -- Do not create /var/var/... dirs - -* Wed Sep 18 2013 Zbigniew Jędrzejewski-Szmek 207-4 -- Fix policykit authentication -- Resolves: rhbz#1006680 - -* Tue Sep 17 2013 Harald Hoyer 207-3 -- fixed login -- Resolves: rhbz#1005233 - -* Mon Sep 16 2013 Harald Hoyer 207-2 -- add some upstream fixes for 207 -- fixed swap activation -- Resolves: rhbz#1008604 - -* Fri Sep 13 2013 Lennart Poettering - 207-1 -- New upstream release - -* Fri Sep 06 2013 Harald Hoyer 206-11 -- support "debug" kernel command line parameter -- journald: fix fd leak in journal_file_empty -- journald: fix vacuuming of archived journals -- libudev: enumerate - do not try to match against an empty subsystem -- cgtop: fixup the online help -- libudev: fix memleak when enumerating childs - -* Wed Sep 04 2013 Harald Hoyer 206-10 -- Do not require grubby, lorax now takes care of grubby -- cherry-picked a lot of patches from upstream - -* Tue Aug 27 2013 Dennis Gilmore - 206-9 -- Require grubby, Fedora installs require grubby, -- kernel-install took over from new-kernel-pkg -- without the Requires we are unable to compose Fedora -- everyone else says that since kernel-install took over -- it is responsible for ensuring that grubby is in place -- this is really what we want for Fedora - -* Tue Aug 27 2013 Kay Sievers - 206-8 -- Revert "Require grubby its needed by kernel-install" - -* Mon Aug 26 2013 Dennis Gilmore 206-7 -- Require grubby its needed by kernel-install - -* Thu Aug 22 2013 Harald Hoyer 206-6 -- kernel-install now understands kernel flavors like PAE - -* Tue Aug 20 2013 Rex Dieter - 206-5 -- add sddm.service to preset file (#998978) - -* Fri Aug 16 2013 Zbigniew Jędrzejewski-Szmek - 206-4 -- Filter out provides for private python modules. -- Add requires on kmod >= 14 (#990994). - -* Sun Aug 11 2013 Zbigniew Jedrzejewski-Szmek - 206-3 -- New systemd-python3 package (#976427). -- Add ownership of a few directories that we create (#894202). - -* Sun Aug 04 2013 Fedora Release Engineering - 206-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Tue Jul 23 2013 Kay Sievers - 206-1 -- New upstream release - Resolves (#984152) - -* Wed Jul 3 2013 Lennart Poettering - 205-1 -- New upstream release - -* Wed Jun 26 2013 Michal Schmidt 204-10 -- Split systemd-journal-gateway subpackage (#908081). - -* Mon Jun 24 2013 Michal Schmidt 204-9 -- Rename nm_dispatcher to NetworkManager-dispatcher in default preset (#977433) - -* Fri Jun 14 2013 Harald Hoyer 204-8 -- fix, which helps to sucessfully browse journals with - duplicated seqnums - -* Fri Jun 14 2013 Harald Hoyer 204-7 -- fix duplicate message ID bug -Resolves: rhbz#974132 - -* Thu Jun 06 2013 Harald Hoyer 204-6 -- introduce 99-default-disable.preset - -* Thu Jun 6 2013 Lennart Poettering - 204-5 -- Rename 90-display-manager.preset to 85-display-manager.preset so that it actually takes precedence over 90-default.preset's "disable *" line (#903690) - -* Tue May 28 2013 Harald Hoyer 204-4 -- Fix kernel-install (#965897) - -* Wed May 22 2013 Kay Sievers - 204-3 -- Fix kernel-install (#965897) - -* Thu May 9 2013 Lennart Poettering - 204-2 -- New upstream release -- disable isdn by default (#959793) - -* Tue May 07 2013 Harald Hoyer 203-2 -- forward port kernel-install-grubby.patch - -* Tue May 7 2013 Lennart Poettering - 203-1 -- New upstream release - -* Wed Apr 24 2013 Harald Hoyer 202-3 -- fix ENOENT for getaddrinfo -- Resolves: rhbz#954012 rhbz#956035 -- crypt-setup-generator: correctly check return of strdup -- logind-dbus: initialize result variable -- prevent library underlinking - -* Fri Apr 19 2013 Harald Hoyer 202-2 -- nspawn create empty /etc/resolv.conf if necessary -- python wrapper: add sd_journal_add_conjunction() -- fix s390 booting -- Resolves: rhbz#953217 - -* Thu Apr 18 2013 Lennart Poettering - 202-1 -- New upstream release - -* Tue Apr 09 2013 Michal Schmidt - 201-2 -- Automatically discover whether to run autoreconf and add autotools and git - BuildRequires based on the presence of patches to be applied. -- Use find -delete. - -* Mon Apr 8 2013 Lennart Poettering - 201-1 -- New upstream release - -* Mon Apr 8 2013 Lennart Poettering - 200-4 -- Update preset file - -* Fri Mar 29 2013 Lennart Poettering - 200-3 -- Remove NetworkManager-wait-online.service from presets file again, it should default to off - -* Fri Mar 29 2013 Lennart Poettering - 200-2 -- New upstream release - -* Tue Mar 26 2013 Lennart Poettering - 199-2 -- Add NetworkManager-wait-online.service to the presets file - -* Tue Mar 26 2013 Lennart Poettering - 199-1 -- New upstream release - -* Mon Mar 18 2013 Michal Schmidt 198-7 -- Drop /usr/s?bin/ prefixes. - -* Fri Mar 15 2013 Harald Hoyer 198-6 -- run autogen to pickup all changes - -* Fri Mar 15 2013 Harald Hoyer 198-5 -- do not mount anything, when not running as pid 1 -- add initrd.target for systemd in the initrd - -* Wed Mar 13 2013 Harald Hoyer 198-4 -- fix switch-root and local-fs.target problem -- patch kernel-install to use grubby, if available - -* Fri Mar 08 2013 Harald Hoyer 198-3 -- add Conflict with dracut < 026 because of the new switch-root isolate - -* Thu Mar 7 2013 Lennart Poettering - 198-2 -- Create required users - -* Thu Mar 7 2013 Lennart Poettering - 198-1 -- New release -- Enable journal persistancy by default - -* Sun Feb 10 2013 Peter Robinson 197-3 -- Bump for ARM - -* Fri Jan 18 2013 Michal Schmidt - 197-2 -- Added qemu-guest-agent.service to presets (Lennart, #885406). -- Add missing pygobject3-base to systemd-analyze deps (Lennart). -- Do not require hwdata, it is all in the hwdb now (Kay). -- Drop dependency on dbus-python. - -* Tue Jan 8 2013 Lennart Poettering - 197-1 -- New upstream release - -* Mon Dec 10 2012 Michal Schmidt - 196-4 -- Enable rngd.service by default (#857765). - -* Mon Dec 10 2012 Michal Schmidt - 196-3 -- Disable hardening on s390(x) because PIE is broken there and produces - text relocations with __thread (#868839). - -* Wed Dec 05 2012 Michal Schmidt - 196-2 -- added spice-vdagentd.service to presets (Lennart, #876237) -- BR cryptsetup-devel instead of the legacy cryptsetup-luks-devel provide name - (requested by Milan Brož). -- verbose make to see the actual build flags - -* Wed Nov 21 2012 Lennart Poettering - 196-1 -- New upstream release - -* Tue Nov 20 2012 Lennart Poettering - 195-8 -- https://bugzilla.redhat.com/show_bug.cgi?id=873459 -- https://bugzilla.redhat.com/show_bug.cgi?id=878093 - -* Thu Nov 15 2012 Michal Schmidt - 195-7 -- Revert udev killing cgroup patch for F18 Beta. -- https://bugzilla.redhat.com/show_bug.cgi?id=873576 - -* Fri Nov 09 2012 Michal Schmidt - 195-6 -- Fix cyclical dep between systemd and systemd-libs. -- Avoid broken build of test-journal-syslog. -- https://bugzilla.redhat.com/show_bug.cgi?id=873387 -- https://bugzilla.redhat.com/show_bug.cgi?id=872638 - -* Thu Oct 25 2012 Kay Sievers - 195-5 -- require 'sed', limit HOSTNAME= match - -* Wed Oct 24 2012 Michal Schmidt - 195-4 -- add dmraid-activation.service to the default preset -- add yum protected.d fragment -- https://bugzilla.redhat.com/show_bug.cgi?id=869619 -- https://bugzilla.redhat.com/show_bug.cgi?id=869717 - -* Wed Oct 24 2012 Kay Sievers - 195-3 -- Migrate /etc/sysconfig/ i18n, keyboard, network files/variables to - systemd native files - -* Tue Oct 23 2012 Lennart Poettering - 195-2 -- Provide syslog because the journal is fine as a syslog implementation - -* Tue Oct 23 2012 Lennart Poettering - 195-1 -- New upstream release -- https://bugzilla.redhat.com/show_bug.cgi?id=831665 -- https://bugzilla.redhat.com/show_bug.cgi?id=847720 -- https://bugzilla.redhat.com/show_bug.cgi?id=858693 -- https://bugzilla.redhat.com/show_bug.cgi?id=863481 -- https://bugzilla.redhat.com/show_bug.cgi?id=864629 -- https://bugzilla.redhat.com/show_bug.cgi?id=864672 -- https://bugzilla.redhat.com/show_bug.cgi?id=864674 -- https://bugzilla.redhat.com/show_bug.cgi?id=865128 -- https://bugzilla.redhat.com/show_bug.cgi?id=866346 -- https://bugzilla.redhat.com/show_bug.cgi?id=867407 -- https://bugzilla.redhat.com/show_bug.cgi?id=868603 - -* Wed Oct 10 2012 Michal Schmidt - 194-2 -- Add scriptlets for migration away from systemd-timedated-ntp.target - -* Wed Oct 3 2012 Lennart Poettering - 194-1 -- New upstream release -- https://bugzilla.redhat.com/show_bug.cgi?id=859614 -- https://bugzilla.redhat.com/show_bug.cgi?id=859655 - -* Fri Sep 28 2012 Lennart Poettering - 193-1 -- New upstream release - -* Tue Sep 25 2012 Lennart Poettering - 192-1 -- New upstream release - -* Fri Sep 21 2012 Lennart Poettering - 191-2 -- Fix journal mmap header prototype definition to fix compilation on 32bit - -* Fri Sep 21 2012 Lennart Poettering - 191-1 -- New upstream release -- Enable all display managers by default, as discussed with Adam Williamson - -* Thu Sep 20 2012 Lennart Poettering - 190-1 -- New upstream release -- Take possession of /etc/localtime, and remove /etc/sysconfig/clock -- https://bugzilla.redhat.com/show_bug.cgi?id=858780 -- https://bugzilla.redhat.com/show_bug.cgi?id=858787 -- https://bugzilla.redhat.com/show_bug.cgi?id=858771 -- https://bugzilla.redhat.com/show_bug.cgi?id=858754 -- https://bugzilla.redhat.com/show_bug.cgi?id=858746 -- https://bugzilla.redhat.com/show_bug.cgi?id=858266 -- https://bugzilla.redhat.com/show_bug.cgi?id=858224 -- https://bugzilla.redhat.com/show_bug.cgi?id=857670 -- https://bugzilla.redhat.com/show_bug.cgi?id=856975 -- https://bugzilla.redhat.com/show_bug.cgi?id=855863 -- https://bugzilla.redhat.com/show_bug.cgi?id=851970 -- https://bugzilla.redhat.com/show_bug.cgi?id=851275 -- https://bugzilla.redhat.com/show_bug.cgi?id=851131 -- https://bugzilla.redhat.com/show_bug.cgi?id=847472 -- https://bugzilla.redhat.com/show_bug.cgi?id=847207 -- https://bugzilla.redhat.com/show_bug.cgi?id=846483 -- https://bugzilla.redhat.com/show_bug.cgi?id=846085 -- https://bugzilla.redhat.com/show_bug.cgi?id=845973 -- https://bugzilla.redhat.com/show_bug.cgi?id=845194 -- https://bugzilla.redhat.com/show_bug.cgi?id=845028 -- https://bugzilla.redhat.com/show_bug.cgi?id=844630 -- https://bugzilla.redhat.com/show_bug.cgi?id=839736 -- https://bugzilla.redhat.com/show_bug.cgi?id=835848 -- https://bugzilla.redhat.com/show_bug.cgi?id=831740 -- https://bugzilla.redhat.com/show_bug.cgi?id=823485 -- https://bugzilla.redhat.com/show_bug.cgi?id=821813 -- https://bugzilla.redhat.com/show_bug.cgi?id=807886 -- https://bugzilla.redhat.com/show_bug.cgi?id=802198 -- https://bugzilla.redhat.com/show_bug.cgi?id=767795 -- https://bugzilla.redhat.com/show_bug.cgi?id=767561 -- https://bugzilla.redhat.com/show_bug.cgi?id=752774 -- https://bugzilla.redhat.com/show_bug.cgi?id=732874 -- https://bugzilla.redhat.com/show_bug.cgi?id=858735 - -* Thu Sep 13 2012 Lennart Poettering - 189-4 -- Don't pull in pkg-config as dep -- https://bugzilla.redhat.com/show_bug.cgi?id=852828 - -* Wed Sep 12 2012 Lennart Poettering - 189-3 -- Update preset policy -- Rename preset policy file from 99-default.preset to 90-default.preset so that people can order their own stuff after the Fedora default policy if they wish - -* Thu Aug 23 2012 Lennart Poettering - 189-2 -- Update preset policy -- https://bugzilla.redhat.com/show_bug.cgi?id=850814 - -* Thu Aug 23 2012 Lennart Poettering - 189-1 -- New upstream release - -* Thu Aug 16 2012 Ray Strode 188-4 -- more scriptlet fixes - (move dm migration logic to %%posttrans so the service - files it's looking for are available at the time - the logic is run) - -* Sat Aug 11 2012 Lennart Poettering - 188-3 -- Remount file systems MS_PRIVATE before switching roots -- https://bugzilla.redhat.com/show_bug.cgi?id=847418 - -* Wed Aug 08 2012 Rex Dieter - 188-2 -- fix scriptlets - -* Wed Aug 8 2012 Lennart Poettering - 188-1 -- New upstream release -- Enable gdm and avahi by default via the preset file -- Convert /etc/sysconfig/desktop to display-manager.service symlink -- Enable hardened build - -* Mon Jul 30 2012 Kay Sievers - 187-3 -- Obsolete: system-setup-keyboard - -* Wed Jul 25 2012 Kalev Lember - 187-2 -- Run ldconfig for the new -libs subpackage - -* Thu Jul 19 2012 Lennart Poettering - 187-1 -- New upstream release - -* Mon Jul 09 2012 Harald Hoyer 186-2 -- fixed dracut conflict version - -* Tue Jul 3 2012 Lennart Poettering - 186-1 -- New upstream release - -* Fri Jun 22 2012 Nils Philippsen - 185-7.gite7aee75 -- add obsoletes/conflicts so multilib systemd -> systemd-libs updates work - -* Thu Jun 14 2012 Michal Schmidt - 185-6.gite7aee75 -- Update to current git - -* Wed Jun 06 2012 Kay Sievers - 185-5.gita2368a3 -- disable plymouth in configure, to drop the .wants/ symlinks - -* Wed Jun 06 2012 Michal Schmidt - 185-4.gita2368a3 -- Update to current git snapshot - - Add systemd-readahead-analyze - - Drop upstream patch -- Split systemd-libs -- Drop duplicate doc files -- Fixed License headers of subpackages - -* Wed Jun 06 2012 Ray Strode - 185-3 -- Drop plymouth files -- Conflict with old plymouth - -* Tue Jun 05 2012 Kay Sievers - 185-2 -- selinux udev labeling fix -- conflict with older dracut versions for new udev file names - -* Mon Jun 04 2012 Kay Sievers - 185-1 -- New upstream release - - udev selinux labeling fixes - - new man pages - - systemctl help - -* Thu May 31 2012 Lennart Poettering - 184-1 -- New upstream release - -* Thu May 24 2012 Kay Sievers - 183-1 -- New upstream release including udev merge. - -* Wed Mar 28 2012 Michal Schmidt - 44-4 -- Add triggers from Bill Nottingham to correct the damage done by - the obsoleted systemd-units's preun scriptlet (#807457). - -* Mon Mar 26 2012 Dennis Gilmore - 44-3 -- apply patch from upstream so we can build systemd on arm and ppc -- and likely the rest of the secondary arches - -* Tue Mar 20 2012 Michal Schmidt - 44-2 -- Don't build the gtk parts anymore. They're moving into systemd-ui. -- Remove a dead patch file. - -* Fri Mar 16 2012 Lennart Poettering - 44-1 -- New upstream release -- Closes #798760, #784921, #783134, #768523, #781735 - -* Mon Feb 27 2012 Dennis Gilmore - 43-2 -- don't conflict with fedora-release systemd never actually provided -- /etc/os-release so there is no actual conflict - -* Wed Feb 15 2012 Lennart Poettering - 43-1 -- New upstream release -- Closes #789758, #790260, #790522 - -* Sat Feb 11 2012 Lennart Poettering - 42-1 -- New upstream release -- Save a bit of entropy during system installation (#789407) -- Don't own /etc/os-release anymore, leave that to fedora-release - -* Thu Feb 9 2012 Adam Williamson - 41-2 -- rebuild for fixed binutils - -* Thu Feb 9 2012 Lennart Poettering - 41-1 -- New upstream release - -* Tue Feb 7 2012 Lennart Poettering - 40-1 -- New upstream release - -* Thu Jan 26 2012 Kay Sievers - 39-3 -- provide /sbin/shutdown - -* Wed Jan 25 2012 Harald Hoyer 39-2 -- increment release - -* Wed Jan 25 2012 Kay Sievers - 39-1.1 -- install everything in /usr - https://fedoraproject.org/wiki/Features/UsrMove - -* Wed Jan 25 2012 Lennart Poettering - 39-1 -- New upstream release - -* Sun Jan 22 2012 Michal Schmidt - 38-6.git9fa2f41 -- Update to a current git snapshot. -- Resolves: #781657 - -* Sun Jan 22 2012 Michal Schmidt - 38-5 -- Build against libgee06. Reenable gtk tools. -- Delete unused patches. -- Add easy building of git snapshots. -- Remove legacy spec file elements. -- Don't mention implicit BuildRequires. -- Configure with --disable-static. -- Merge -units into the main package. -- Move section 3 manpages to -devel. -- Fix unowned directory. -- Run ldconfig in scriptlets. -- Split systemd-analyze to a subpackage. - -* Sat Jan 21 2012 Dan Horák - 38-4 -- fix build on big-endians - -* Wed Jan 11 2012 Lennart Poettering - 38-3 -- Disable building of gtk tools for now - -* Wed Jan 11 2012 Lennart Poettering - 38-2 -- Fix a few (build) dependencies - -* Wed Jan 11 2012 Lennart Poettering - 38-1 -- New upstream release - -* Tue Nov 15 2011 Michal Schmidt - 37-4 -- Run authconfig if /etc/pam.d/system-auth is not a symlink. -- Resolves: #753160 - -* Wed Nov 02 2011 Michal Schmidt - 37-3 -- Fix remote-fs-pre.target and its ordering. -- Resolves: #749940 - -* Wed Oct 19 2011 Michal Schmidt - 37-2 -- A couple of fixes from upstream: -- Fix a regression in bash-completion reported in Bodhi. -- Fix a crash in isolating. -- Resolves: #717325 - -* Tue Oct 11 2011 Lennart Poettering - 37-1 -- New upstream release -- Resolves: #744726, #718464, #713567, #713707, #736756 - -* Thu Sep 29 2011 Michal Schmidt - 36-5 -- Undo the workaround. Kay says it does not belong in systemd. -- Unresolves: #741655 - -* Thu Sep 29 2011 Michal Schmidt - 36-4 -- Workaround for the crypto-on-lvm-on-crypto disk layout -- Resolves: #741655 - -* Sun Sep 25 2011 Michal Schmidt - 36-3 -- Revert an upstream patch that caused ordering cycles -- Resolves: #741078 - -* Fri Sep 23 2011 Lennart Poettering - 36-2 -- Add /etc/timezone to ghosted files - -* Fri Sep 23 2011 Lennart Poettering - 36-1 -- New upstream release -- Resolves: #735013, #736360, #737047, #737509, #710487, #713384 - -* Thu Sep 1 2011 Lennart Poettering - 35-1 -- New upstream release -- Update post scripts -- Resolves: #726683, #713384, #698198, #722803, #727315, #729997, #733706, #734611 - -* Thu Aug 25 2011 Lennart Poettering - 34-1 -- New upstream release - -* Fri Aug 19 2011 Harald Hoyer 33-2 -- fix ABRT on service file reloading -- Resolves: rhbz#732020 - -* Wed Aug 3 2011 Lennart Poettering - 33-1 -- New upstream release - -* Fri Jul 29 2011 Lennart Poettering - 32-1 -- New upstream release - -* Wed Jul 27 2011 Lennart Poettering - 31-2 -- Fix access mode of modprobe file, restart logind after upgrade - -* Wed Jul 27 2011 Lennart Poettering - 31-1 -- New upstream release - -* Wed Jul 13 2011 Lennart Poettering - 30-1 -- New upstream release - -* Thu Jun 16 2011 Lennart Poettering - 29-1 -- New upstream release - -* Mon Jun 13 2011 Michal Schmidt - 28-4 -- Apply patches from current upstream. -- Fixes memory size detection on 32-bit with >4GB RAM (BZ712341) - -* Wed Jun 08 2011 Michal Schmidt - 28-3 -- Apply patches from current upstream -- https://bugzilla.redhat.com/show_bug.cgi?id=709909 -- https://bugzilla.redhat.com/show_bug.cgi?id=710839 -- https://bugzilla.redhat.com/show_bug.cgi?id=711015 - -* Sat May 28 2011 Lennart Poettering - 28-2 -- Pull in nss-myhostname - -* Thu May 26 2011 Lennart Poettering - 28-1 -- New upstream release - -* Wed May 25 2011 Lennart Poettering - 26-2 -- Bugfix release -- https://bugzilla.redhat.com/show_bug.cgi?id=707507 -- https://bugzilla.redhat.com/show_bug.cgi?id=707483 -- https://bugzilla.redhat.com/show_bug.cgi?id=705427 -- https://bugzilla.redhat.com/show_bug.cgi?id=707577 - -* Sat Apr 30 2011 Lennart Poettering - 26-1 -- New upstream release -- https://bugzilla.redhat.com/show_bug.cgi?id=699394 -- https://bugzilla.redhat.com/show_bug.cgi?id=698198 -- https://bugzilla.redhat.com/show_bug.cgi?id=698674 -- https://bugzilla.redhat.com/show_bug.cgi?id=699114 -- https://bugzilla.redhat.com/show_bug.cgi?id=699128 - -* Thu Apr 21 2011 Lennart Poettering - 25-1 -- New upstream release -- https://bugzilla.redhat.com/show_bug.cgi?id=694788 -- https://bugzilla.redhat.com/show_bug.cgi?id=694321 -- https://bugzilla.redhat.com/show_bug.cgi?id=690253 -- https://bugzilla.redhat.com/show_bug.cgi?id=688661 -- https://bugzilla.redhat.com/show_bug.cgi?id=682662 -- https://bugzilla.redhat.com/show_bug.cgi?id=678555 -- https://bugzilla.redhat.com/show_bug.cgi?id=628004 - -* Wed Apr 6 2011 Lennart Poettering - 24-1 -- New upstream release -- https://bugzilla.redhat.com/show_bug.cgi?id=694079 -- https://bugzilla.redhat.com/show_bug.cgi?id=693289 -- https://bugzilla.redhat.com/show_bug.cgi?id=693274 -- https://bugzilla.redhat.com/show_bug.cgi?id=693161 - -* Tue Apr 5 2011 Lennart Poettering - 23-1 -- New upstream release -- Include systemd-sysv-convert - -* Fri Apr 1 2011 Lennart Poettering - 22-1 -- New upstream release - -* Wed Mar 30 2011 Lennart Poettering - 21-2 -- The quota services are now pulled in by mount points, hence no need to enable them explicitly - -* Tue Mar 29 2011 Lennart Poettering - 21-1 -- New upstream release - -* Mon Mar 28 2011 Matthias Clasen - 20-2 -- Apply upstream patch to not send untranslated messages to plymouth - -* Tue Mar 8 2011 Lennart Poettering - 20-1 -- New upstream release - -* Tue Mar 1 2011 Lennart Poettering - 19-1 -- New upstream release - -* Wed Feb 16 2011 Lennart Poettering - 18-1 -- New upstream release - -* Mon Feb 14 2011 Bill Nottingham - 17-6 -- bump upstart obsoletes (#676815) - -* Wed Feb 9 2011 Tom Callaway - 17-5 -- add macros.systemd file for %%{_unitdir} - -* Wed Feb 09 2011 Fedora Release Engineering - 17-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Wed Feb 9 2011 Lennart Poettering - 17-3 -- Fix popen() of systemctl, #674916 - -* Mon Feb 7 2011 Bill Nottingham - 17-2 -- add epoch to readahead obsolete - -* Sat Jan 22 2011 Lennart Poettering - 17-1 -- New upstream release - -* Tue Jan 18 2011 Lennart Poettering - 16-2 -- Drop console.conf again, since it is not shipped in pamtmp.conf - -* Sat Jan 8 2011 Lennart Poettering - 16-1 -- New upstream release - -* Thu Nov 25 2010 Lennart Poettering - 15-1 -- New upstream release - -* Thu Nov 25 2010 Lennart Poettering - 14-1 -- Upstream update -- Enable hwclock-load by default -- Obsolete readahead -- Enable /var/run and /var/lock on tmpfs - -* Fri Nov 19 2010 Lennart Poettering - 13-1 -- new upstream release - -* Wed Nov 17 2010 Bill Nottingham 12-3 -- Fix clash - -* Wed Nov 17 2010 Lennart Poettering - 12-2 -- Don't clash with initscripts for now, so that we don't break the builders - -* Wed Nov 17 2010 Lennart Poettering - 12-1 -- New upstream release - -* Fri Nov 12 2010 Matthias Clasen - 11-2 -- Rebuild with newer vala, libnotify - -* Thu Oct 7 2010 Lennart Poettering - 11-1 -- New upstream release - -* Wed Sep 29 2010 Jesse Keating - 10-6 -- Rebuilt for gcc bug 634757 - -* Thu Sep 23 2010 Bill Nottingham - 10-5 -- merge -sysvinit into main package - -* Mon Sep 20 2010 Bill Nottingham - 10-4 -- obsolete upstart-sysvinit too - -* Fri Sep 17 2010 Bill Nottingham - 10-3 -- Drop upstart requires - -* Tue Sep 14 2010 Lennart Poettering - 10-2 -- Enable audit -- https://bugzilla.redhat.com/show_bug.cgi?id=633771 - -* Tue Sep 14 2010 Lennart Poettering - 10-1 -- New upstream release -- https://bugzilla.redhat.com/show_bug.cgi?id=630401 -- https://bugzilla.redhat.com/show_bug.cgi?id=630225 -- https://bugzilla.redhat.com/show_bug.cgi?id=626966 -- https://bugzilla.redhat.com/show_bug.cgi?id=623456 - -* Fri Sep 3 2010 Bill Nottingham - 9-3 -- move fedora-specific units to initscripts; require newer version thereof - -* Fri Sep 3 2010 Lennart Poettering - 9-2 -- Add missing tarball - -* Fri Sep 3 2010 Lennart Poettering - 9-1 -- New upstream version -- Closes 501720, 614619, 621290, 626443, 626477, 627014, 627785, 628913 - -* Fri Aug 27 2010 Lennart Poettering - 8-3 -- Reexecute after installation, take ownership of /var/run/user -- https://bugzilla.redhat.com/show_bug.cgi?id=627457 -- https://bugzilla.redhat.com/show_bug.cgi?id=627634 - -* Thu Aug 26 2010 Lennart Poettering - 8-2 -- Properly create default.target link - -* Wed Aug 25 2010 Lennart Poettering - 8-1 -- New upstream release - -* Thu Aug 12 2010 Lennart Poettering - 7-3 -- Fix https://bugzilla.redhat.com/show_bug.cgi?id=623561 - -* Thu Aug 12 2010 Lennart Poettering - 7-2 -- Fix https://bugzilla.redhat.com/show_bug.cgi?id=623430 - -* Tue Aug 10 2010 Lennart Poettering - 7-1 -- New upstream release - -* Fri Aug 6 2010 Lennart Poettering - 6-2 -- properly hide output on package installation -- pull in coreutils during package installtion - -* Fri Aug 6 2010 Lennart Poettering - 6-1 -- New upstream release -- Fixes #621200 - -* Wed Aug 4 2010 Lennart Poettering - 5-2 -- Add tarball - -* Wed Aug 4 2010 Lennart Poettering - 5-1 -- Prepare release 5 - -* Tue Jul 27 2010 Bill Nottingham - 4-4 -- Add 'sysvinit-userspace' provide to -sysvinit package to fix upgrade/install (#618537) - -* Sat Jul 24 2010 Lennart Poettering - 4-3 -- Add libselinux to build dependencies - -* Sat Jul 24 2010 Lennart Poettering - 4-2 -- Use the right tarball - -* Sat Jul 24 2010 Lennart Poettering - 4-1 -- New upstream release, and make default - -* Tue Jul 13 2010 Lennart Poettering - 3-3 -- Used wrong tarball - -* Tue Jul 13 2010 Lennart Poettering - 3-2 -- Own /cgroup jointly with libcgroup, since we don't dpend on it anymore - -* Tue Jul 13 2010 Lennart Poettering - 3-1 -- New upstream release - -* Fri Jul 9 2010 Lennart Poettering - 2-0 -- New upstream release - -* Wed Jul 7 2010 Lennart Poettering - 1-0 -- First upstream release - -* Tue Jun 29 2010 Lennart Poettering - 0-0.7.20100629git4176e5 -- New snapshot -- Split off -units package where other packages can depend on without pulling in the whole of systemd - -* Tue Jun 22 2010 Lennart Poettering - 0-0.6.20100622gita3723b -- Add missing libtool dependency. - -* Tue Jun 22 2010 Lennart Poettering - 0-0.5.20100622gita3723b -- Update snapshot - -* Mon Jun 14 2010 Rahul Sundaram - 0-0.4.20100614git393024 -- Pull the latest snapshot that fixes a segfault. Resolves rhbz#603231 - -* Fri Jun 11 2010 Rahul Sundaram - 0-0.3.20100610git2f198e -- More minor fixes as per review - -* Thu Jun 10 2010 Rahul Sundaram - 0-0.2.20100610git2f198e -- Spec improvements from David Hollis - -* Wed Jun 09 2010 Rahul Sundaram - 0-0.1.20090609git2f198e -- Address review comments - -* Tue Jun 01 2010 Rahul Sundaram - 0-0.0.git2010-06-02 -- Initial spec (adopted from Kay Sievers) +%autochangelog From fa3038d631defcb658caa206743671570fec86d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 8 Aug 2022 12:05:22 +0200 Subject: [PATCH 095/494] Version 251.4 ... (fixes rhbz#2112551) - A bunch of fixes to documentation, crashes in systemd-resolved, systemd-networkd, systemd itself, and other smaller fixes. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index dbe2adf..45fce23 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-251.3.tar.gz) = fb5b8dc1742562ef95469e90d406cfb6dfcb337860ad1208b460414b88ff0565071bde797d195faa62761206abc881829de6b1009e5d727cad2dfe0764310d5f +SHA512 (systemd-251.4.tar.gz) = 7bbfadd80b88a4c3510a5e4e3572e4eab71dafbf6289da038e552988e09ee8da16da3c9bb8a4fbbde6c6236e0e3c352b0a33f9ee0b84f10241f3499383387738 diff --git a/systemd.spec b/systemd.spec index bfeb867..3657172 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 251.3 +Version: 251.4 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 89715a5ded7217d39f96ed8e66c323d45f6e0da8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 9 Aug 2022 12:20:22 +0200 Subject: [PATCH 096/494] Backport patches and do a full preset on first boot ... (#2114065, https://fedoraproject.org/wiki/Changes/Preset_All_Systemd_Units_on_First_Boot) --- 93651582ae.patch | 98 ++++++++++++++++++++++++++++++++++++++++++++++++ systemd.spec | 3 ++ 2 files changed, 101 insertions(+) create mode 100644 93651582ae.patch diff --git a/93651582ae.patch b/93651582ae.patch new file mode 100644 index 0000000..f8c0592 --- /dev/null +++ b/93651582ae.patch @@ -0,0 +1,98 @@ +From 93651582aef1ee626dc6f8d032195acd73bc9372 Mon Sep 17 00:00:00 2001 +From: Jonathan Lebon +Date: Mon, 23 Mar 2020 12:25:19 -0400 +Subject: [PATCH] manager: optionally, do a full preset on first boot +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +A compile time option is added to select behaviour: by default +UNIT_FILE_PRESET_ENABLE_ONLY is still used, but the intent is to change to +UNIT_FILE_PRESET_FULL at some point in the future. Distros that want to +opt-in can use the config option to change the behaviour. + +(The option is just a boolean: it would be possible to make it multi-valued, +and allow full, enable-only, disable-only, none. But so far nobody has asked +for this, and it's better not to complicate things needlessly.) + +With the configuration option flipped, instead of only doing enablements, +perform a full preset on first boot. The reason is that although +`/etc/machine-id` might be missing, there may be other files provisioned in +`/etc` (in fact, this use case is mentioned in `log_execution_mode`). Some of +those possible files include enablement symlinks even if presets dictate it +should be disabled. + +Such a seemingly contradictory situation occurs in {RHEL,Fedora} CoreOS, +where we ship `/etc` as if `preset-all` were called. However, we want to +allow users to disable default-enabled services via Ignition, which does +this by creating preset dropins before switchroot. (For why we do +`preset-all` at compose time, see: +https://github.com/coreos/fedora-coreos-config/pull/77). + +For example, the composed FCOS image has a `enable zincati.service` +preset and an enablement for that in `/etc`, while at boot time when we +switch root, there may be a `disable zincati.service` preset with higher +precedence. In that case, we want systemd to disable the service. + +This is essentially a revert of 304b3079a203. It seems like systemd +*used* to do this, but it was changed to try to make the container +workflow a bit faster. + +Resolves: https://github.com/coreos/fedora-coreos-tracker/issues/392 + +Co-authored-by: Zbigniew Jędrzejewski-Szmek +--- + meson.build | 3 +++ + meson_options.txt | 2 ++ + src/core/manager.c | 4 +++- + 3 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/meson.build b/meson.build +index 582e33c9a73d..72e586aa97c7 100644 +--- a/meson.build ++++ b/meson.build +@@ -285,6 +285,8 @@ conf.set10('MEMORY_ACCOUNTING_DEFAULT', memory_accounting_ + conf.set('STATUS_UNIT_FORMAT_DEFAULT', 'STATUS_UNIT_FORMAT_' + status_unit_format_default.to_upper()) + conf.set_quoted('STATUS_UNIT_FORMAT_DEFAULT_STR', status_unit_format_default) + ++conf.set10('FIRST_BOOT_FULL_PRESET', get_option('first-boot-full-preset')) ++ + ##################################################################### + + cc = meson.get_compiler('c') +@@ -4271,6 +4273,7 @@ foreach tuple : [ + ['link-networkd-shared', get_option('link-networkd-shared')], + ['link-timesyncd-shared', get_option('link-timesyncd-shared')], + ['link-boot-shared', get_option('link-boot-shared')], ++ ['first-boot-full-preset'], + ['fexecve'], + ['standalone-binaries', get_option('standalone-binaries')], + ['coverage', get_option('b_coverage')], +diff --git a/meson_options.txt b/meson_options.txt +index 2a030ac28ec0..28765f900e87 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -27,6 +27,8 @@ option('link-timesyncd-shared', type: 'boolean', + description : 'link systemd-timesyncd and its helpers to libsystemd-shared.so') + option('link-boot-shared', type: 'boolean', + description : 'link bootctl and systemd-bless-boot against libsystemd-shared.so') ++option('first-boot-full-preset', type: 'boolean', value: false, ++ description : 'during first boot, do full preset-all (default will be changed to true later)') + + option('static-libsystemd', type : 'combo', + choices : ['false', 'true', 'pic', 'no-pic'], +diff --git a/src/core/manager.c b/src/core/manager.c +index 18daff66c780..f4dacef1005d 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -1728,7 +1728,9 @@ static void manager_preset_all(Manager *m) { + return; + + /* If this is the first boot, and we are in the host system, then preset everything */ +- r = unit_file_preset_all(LOOKUP_SCOPE_SYSTEM, 0, NULL, UNIT_FILE_PRESET_ENABLE_ONLY, NULL, 0); ++ UnitFilePresetMode mode = FIRST_BOOT_FULL_PRESET ? UNIT_FILE_PRESET_FULL : UNIT_FILE_PRESET_ENABLE_ONLY; ++ ++ r = unit_file_preset_all(LOOKUP_SCOPE_SYSTEM, 0, NULL, mode, NULL, 0); + if (r < 0) + log_full_errno(r == -EEXIST ? LOG_NOTICE : LOG_WARNING, r, + "Failed to populate /etc with preset unit settings, ignoring: %m"); diff --git a/systemd.spec b/systemd.spec index 3657172..a6acc2a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -90,6 +90,8 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. +# https://fedoraproject.org/wiki/Changes/Preset_All_Systemd_Units_on_First_Boot +Patch0001: https://github.com/systemd/systemd/commit/93651582ae.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -507,6 +509,7 @@ CONFIGURE_OPTS=( -Dsysusers=true -Dstandalone-binaries=true -Ddefault-kill-user-processes=false + -Dfirst-boot-full-preset=true -Dtests=unsafe -Dinstall-tests=true -Dtty-gid=5 From d00b46ea87668fc0a9a8303106c9379bf591bed0 Mon Sep 17 00:00:00 2001 From: Luca BRUNO Date: Tue, 9 Aug 2022 12:55:20 +0200 Subject: [PATCH 097/494] Align sysusers-generated shell value with upstream systemd default --- sysusers.generate-pre.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh index 95a0938..5e56179 100755 --- a/sysusers.generate-pre.sh +++ b/sysusers.generate-pre.sh @@ -14,7 +14,7 @@ user() { [ "$desc" = '-' ] && desc= { [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/ - { [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/sbin/nologin + { [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/usr/sbin/nologin if [ "$uid" = '-' ] || [ "$uid" = '' ]; then cat </dev/null; then if ! getent passwd '$uid' >/dev/null; then - useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' || : + useradd -r -u '$uid' -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : else - useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' || : + useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : fi fi From aeb22254036fbf14b5347a375afcbf782dff469e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 9 Aug 2022 16:30:58 +0200 Subject: [PATCH 098/494] Manually bump release version for rpmautospec C.f. https://pagure.io/releng/issue/10952. [skip changelog] --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index a6acc2a..a808335 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Version: 251.4 # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') %endif -Release: %autorelease +Release: %autorelease -b 26 # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ From cbb106a7a644e98053a033a73e89812ffa886c51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 10 Aug 2022 14:44:03 +0200 Subject: [PATCH 099/494] Fix formatting and number in changelog https://pagure.io/releng/issue/10952: rpmdev-bumpspec apparently does not like the way the Release field was conditionalized. But since the switch to rpmautospec this isn't important, since the v-r string will be generated by rpmautospec. I went over the changelog and manually inserted tags for the old builds. Unfortunately there's another issue, rpmautospec cannot deal with %include: https://pagure.io/fedora-infra/rpmautospec/pull-request/267 Numbers for the latest builds are adjusted to match what koji lists. --- changelog | 44 ++++++++++++++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 14 deletions(-) diff --git a/changelog b/changelog index ec4d5d7..8d7b452 100644 --- a/changelog +++ b/changelog @@ -1,4 +1,19 @@ -* Sat Jul 23 2022 Fedora Release Engineering +* Tue Aug 09 2022 Zbigniew Jędrzejewski-Szmek - 251.4-51 +- Manually bump release version for rpmautospec + +* Tue Aug 09 2022 Luca BRUNO - 251.4-26 +- Align sysusers-generated shell value with upstream systemd default + +* Tue Aug 09 2022 Zbigniew Jędrzejewski-Szmek - 251.4-2 +- Backport patches and do a full preset on first boot (#2114065, + https://fedoraproject.org/wiki/Changes/Preset_All_Systemd_Units_on_First_Boot) + +* Mon Aug 08 2022 Zbigniew Jędrzejewski-Szmek - 251.4-1 +- Version 251.4 (fixes rhbz#2112551) +- A bunch of fixes to documentation, crashes in systemd-resolved, + systemd-networkd, systemd itself, and other smaller fixes. + +* Sat Jul 23 2022 Fedora Release Engineering - 251.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Wed Jul 13 2022 Zbigniew Jędrzejewski-Szmek - 251.3-1 @@ -74,11 +89,11 @@ - Drop scriptlet for handling nobody user upgrades from Fedora <28 - Specify owner of /var/log/journal as root in the rpm listing (#2018913) -* Thu Feb 10 2022 Zbigniew Jędrzejewski-Szmek - 250.3-3 +* Thu Feb 10 2022 Zbigniew Jędrzejewski-Szmek - 250.3-4 - Add pam_namespace to systemd-user pam config (rhbz#2053098) - Drop 20-grubby.install plugin for kernel-install (rhbz#2033646) -* Sat Jan 22 2022 Fedora Release Engineering +* Sat Jan 22 2022 Fedora Release Engineering - 250.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Tue Jan 18 2022 Zbigniew Jędrzejewski-Szmek - 250.3-2 @@ -179,7 +194,7 @@ -documentation, sd-event, sd-journal, journalctl, and nss-systemd). - Fixes #1976445. -* Tue Sep 14 2021 Sahana Prasad +* Tue Sep 14 2021 Sahana Prasad - 249.4-2 - Rebuilt with OpenSSL 3.0.0 * Tue Aug 24 2021 Zbigniew Jędrzejewski-Szmek - 249.4-1 @@ -334,7 +349,7 @@ - Minor stable release - Fixes #1895937, #1813219, #1903106. -* Wed Jan 27 2021 Fedora Release Engineering +* Wed Jan 27 2021 Fedora Release Engineering - 247.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Wed Jan 13 2021 Zbigniew Jędrzejewski-Szmek - 247.2-2 @@ -544,7 +559,7 @@ - Fixes #1774242, #1787089, #1798414/CVE-2020-1712. -* Fri Jan 31 2020 Fedora Release Engineering +* Fri Jan 31 2020 Fedora Release Engineering - 244.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Sat Dec 21 2019 - 244.1-2 @@ -620,7 +635,7 @@ * Tue Jul 30 2019 Zbigniew Jędrzejewski-Szmek - 243~rc1-1 - Update to latest version (#1715699, #1696373, #1711065, #1718192) -* Sat Jul 27 2019 Fedora Release Engineering +* Sat Jul 27 2019 Fedora Release Engineering - 242-7.git9d34e79 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Sat Jul 20 2019 Zbigniew Jędrzejewski-Szmek - 242-6.git9d34e79 @@ -679,7 +694,7 @@ * Tue Feb 5 2019 Zbigniew Jędrzejewski-Szmek - 241~rc2-1 - Update to latest release -rc2 -* Sun Feb 03 2019 Fedora Release Engineering +* Sun Feb 03 2019 Fedora Release Engineering - 241~rc1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Sun Jan 27 2019 Yu Watanabe - 241~rc1-2 @@ -691,7 +706,7 @@ * Tue Jan 15 2019 Zbigniew Jędrzejewski-Szmek - 240-6.gitf02b547 - Add a work-around for #1663040 -* Mon Jan 14 2019 Björn Esser +* Mon Jan 14 2019 Björn Esser - 240-5.gitf02b547 - Rebuilt for libcrypt.so.2 (#1666033) * Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek - 240-4.gitf02b547 @@ -786,13 +801,13 @@ * Wed Jul 18 2018 Terje Rosten - 239-3 - Ignore return value from systemd-binfmt in scriptlet (#1565425) -* Sun Jul 15 2018 Filipe Brandenburger +* Sun Jul 15 2018 Filipe Brandenburger - 239-3 - Override systemd-user PAM config in install and not prep -* Sat Jul 14 2018 Fedora Release Engineering +* Sat Jul 14 2018 Fedora Release Engineering - 239-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -* Mon Jun 25 2018 Zbigniew Jędrzejewski-Szmek +* Mon Jun 25 2018 Zbigniew Jędrzejewski-Szmek - 239-2 - Rebuild for Python 3.7 again * Fri Jun 22 2018 Zbigniew Jędrzejewski-Szmek - 239-1 @@ -800,7 +815,7 @@ very little breaking changes. See https://github.com/systemd/systemd/blob/v239/NEWS for details. -* Tue Jun 19 2018 Miro Hrončok +* Tue Jun 19 2018 Miro Hrončok - 238-9.git0e0aa59 - Rebuilt for Python 3.7 * Fri May 11 2018 Zbigniew Jędrzejewski-Szmek - 238-8.git0e0aa59 @@ -915,7 +930,7 @@ * Mon Jul 31 2017 Zbigniew Jędrzejewski-Szmek - 234-5 - Backport more patches (#1476005, hopefully #1462378) -* Thu Jul 27 2017 Fedora Release Engineering +* Thu Jul 27 2017 Fedora Release Engineering - 234-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Mon Jul 17 2017 Zbigniew Jędrzejewski-Szmek - 234-3 @@ -2439,3 +2454,4 @@ Resolves: rhbz#974132 * Tue Jun 01 2010 Rahul Sundaram - 0-0.0.git2010-06-02 - Initial spec (adopted from Kay Sievers) + From 1e997acc654f379d6bf755ff54674d47d54ff5cc Mon Sep 17 00:00:00 2001 From: Kalev Lember Date: Thu, 18 Aug 2022 18:45:42 +0200 Subject: [PATCH 100/494] Avoid requiring systemd-pam from -devel subpackage Instead, add systemd-pam to pungi-fedora's multilib whitelist: https://pagure.io/pungi-fedora/pull-request/1113 This should help with flatpak runtime packaging so that we can avoid having to ship systemd-pam in the flatpak container. --- systemd.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index a808335..f28cade 100644 --- a/systemd.spec +++ b/systemd.spec @@ -285,8 +285,6 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release} Provides: libudev-devel = %{version} Provides: libudev-devel%{_isa} = %{version} Obsoletes: libudev-devel < 183 -# Fake dependency to make sure systemd-pam is pulled into multilib (#1414153) -Requires: %{name}-pam = %{version}-%{release} %description devel Development headers and auxiliary files for developing applications linking From 76ce06c4a670a4fcb186718cea9978091b0b2684 Mon Sep 17 00:00:00 2001 From: Kalev Lember Date: Fri, 19 Aug 2022 14:44:43 +0200 Subject: [PATCH 101/494] Manually bump release and add changelog for previous commit C.f. https://pagure.io/fedora-infra/rpmautospec/pull-request/267 [skip changelog] --- changelog | 3 +++ systemd.spec | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/changelog b/changelog index 8d7b452..301f11f 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,6 @@ +* Thu Aug 18 2022 Kalev Lember - 251.4-52 +- Avoid requiring systemd-pam from -devel subpackage + * Tue Aug 09 2022 Zbigniew Jędrzejewski-Szmek - 251.4-51 - Manually bump release version for rpmautospec diff --git a/systemd.spec b/systemd.spec index f28cade..2228f61 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Version: 251.4 # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') %endif -Release: %autorelease -b 26 +Release: %autorelease -b 27 # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ From f5157f6a05a6a480d6d5104a4a7990e1e7e845d7 Mon Sep 17 00:00:00 2001 From: Neal Gompa Date: Tue, 9 Aug 2022 19:53:46 -0400 Subject: [PATCH 102/494] Set compile-time fallback hostname to "localhost" This ensures that we have a universal unbranded fallback hostname. The branded fallback hostname will be set in os-release(5) instead. Reference: https://fedoraproject.org/wiki/Changes/FallbackHostname --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 2228f61..7052dab 100644 --- a/systemd.spec +++ b/systemd.spec @@ -523,7 +523,7 @@ CONFIGURE_OPTS=( -Dversion-tag=%{version}-%{release} # https://bugzilla.redhat.com/show_bug.cgi?id=1906010 -Dshared-lib-tag=%{version_no_tilde}-%{release} - -Dfallback-hostname=%[0%{?fedora}?"fedora":"localhost"] + -Dfallback-hostname="localhost" -Ddefault-dnssec=no -Ddefault-dns-over-tls=no # https://bugzilla.redhat.com/show_bug.cgi?id=1867830 From 95413629b44a5b3f750cbe48f4887de8abf577b5 Mon Sep 17 00:00:00 2001 From: Neal Gompa Date: Fri, 19 Aug 2022 15:49:11 -0400 Subject: [PATCH 103/494] Manually bump release and add changelog for previous commit C.f. https://pagure.io/fedora-infra/rpmautospec/pull-request/267 [skip changelog] --- changelog | 4 ++++ systemd.spec | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/changelog b/changelog index 301f11f..d19adec 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,7 @@ +* Fri Aug 19 2022 Neal Gompa - 251.4-53 +- Set compile-time fallback hostname to "localhost" + https://fedoraproject.org/wiki/Changes/FallbackHostname + * Thu Aug 18 2022 Kalev Lember - 251.4-52 - Avoid requiring systemd-pam from -devel subpackage diff --git a/systemd.spec b/systemd.spec index 7052dab..63ec9cb 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Version: 251.4 # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') %endif -Release: %autorelease -b 27 +Release: %autorelease -b 28 # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ From aac22baa3b91e5da363182373f76eb64a9af5dba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 29 Sep 2022 10:20:07 +0200 Subject: [PATCH 104/494] Make systemd-devel conditionally pull in systemd-rpm-macros If people BR:systemd-devel, they should get the macros too. It's a tiny package, and we shouldn't require people to BR two things. https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/A5BGKRZVFDOBNMCBUPUCKLKHWEW5V2JE/ --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index 63ec9cb..46a8403 100644 --- a/systemd.spec +++ b/systemd.spec @@ -282,6 +282,7 @@ for information how to use those macros. Summary: Development headers for systemd License: LGPLv2+ and MIT Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) Provides: libudev-devel = %{version} Provides: libudev-devel%{_isa} = %{version} Obsoletes: libudev-devel < 183 From 7665e1796f915dedbf8e014f0a78f4f576d609bb Mon Sep 17 00:00:00 2001 From: Anita Zhang Date: Tue, 23 Aug 2022 11:59:16 -0700 Subject: [PATCH 105/494] Update systemd-oomd defaults to friendlier values - Remove swap policy. Default amount of swap (8GB?) is a lot lower than what we use internally with the swap policy. Which frequently leads to GNOME getting killed (e.g. https://bugzilla.redhat.com/show_bug.cgi?id=1941170, and other BZs not linked here). Internally we use 0.5x-1x size of physical memory for swap via swapfiles (this will be documented in systemd upstream). In simple cases of using more memory than is available (but without memory pressure), the Kernel OOM killer can handle killing the offending process. - Expand the memory pressure policy to system.slice, user-.slice, and all user owned slices. Support for ManagedOOM*= on user services was added in https://github.com/systemd/systemd/pull/20690 which allows us to be more fine grained on the pressure monitoring at the user level. In addition to the system.slice and user-.slice PSI monitoring this should result in a better systemd-oomd experience for desktop systems. --- ...rvice-defaults.conf => 10-oomd-per-slice-defaults.conf | 2 +- 10-oomd-root-slice-defaults.conf | 2 -- systemd.spec | 8 ++++---- 3 files changed, 5 insertions(+), 7 deletions(-) rename 10-oomd-user-service-defaults.conf => 10-oomd-per-slice-defaults.conf (86%) delete mode 100644 10-oomd-root-slice-defaults.conf diff --git a/10-oomd-user-service-defaults.conf b/10-oomd-per-slice-defaults.conf similarity index 86% rename from 10-oomd-user-service-defaults.conf rename to 10-oomd-per-slice-defaults.conf index 94d5c87..fbf6f00 100644 --- a/10-oomd-user-service-defaults.conf +++ b/10-oomd-per-slice-defaults.conf @@ -1,3 +1,3 @@ -[Service] +[Slice] ManagedOOMMemoryPressure=kill ManagedOOMMemoryPressureLimit=50% diff --git a/10-oomd-root-slice-defaults.conf b/10-oomd-root-slice-defaults.conf deleted file mode 100644 index 49958e8..0000000 --- a/10-oomd-root-slice-defaults.conf +++ /dev/null @@ -1,2 +0,0 @@ -[Slice] -ManagedOOMSwap=kill diff --git a/systemd.spec b/systemd.spec index 46a8403..2a798a3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -70,8 +70,7 @@ Source12: systemd-user Source13: libsystemd-shared.abignore Source14: 10-oomd-defaults.conf -Source15: 10-oomd-root-slice-defaults.conf -Source16: 10-oomd-user-service-defaults.conf +Source15: 10-oomd-per-slice-defaults.conf Source21: macros.sysusers Source22: sysusers.attr @@ -664,8 +663,9 @@ install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3} # systemd-oomd default configuration install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14} -install -Dm0644 -t %{buildroot}%{system_unit_dir}/-.slice.d/ %{SOURCE15} -install -Dm0644 -t %{buildroot}%{system_unit_dir}/user@.service.d/ %{SOURCE16} +install -Dm0644 -t %{buildroot}%{system_unit_dir}/user-.slice.d/ %{SOURCE15} +install -Dm0644 -t %{buildroot}%{system_unit_dir}/system.slice.d/ %{SOURCE15} +install -Dm0644 -t %{buildroot}%{user_unit_dir}/slice.d/ %{SOURCE15} sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py From f27d461663bec17ad64422682f260f0020ccc7f7 Mon Sep 17 00:00:00 2001 From: Luca BRUNO Date: Thu, 1 Sep 2022 12:51:38 +0000 Subject: [PATCH 106/494] sysusers/generate: bridge 'm' entries to usermod This tweaks the sysusers.d handling logic so that 'm' entries are now translated to a series of groupadd + useradd + usermod call. The last usermod call is the notable change, effectively affecting the list of secondary groups now. --- sysusers.generate-pre.sh | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh index 5e56179..829d11e 100755 --- a/sysusers.generate-pre.sh +++ b/sysusers.generate-pre.sh @@ -38,6 +38,7 @@ EOF group() { group="$1" gid="$2" + if [ "$gid" = '-' ]; then cat <<-EOF getent group '$group' >/dev/null || groupadd -r '$group' || : @@ -49,6 +50,17 @@ group() { fi } +usermod() { + user="$1" + group="$2" + + cat <<-EOF +if getent group '$group' >/dev/null; then + usermod -a -G '$group' '$user' || : +fi + EOF +} + parse() { while read -r line || [ -n "$line" ] ; do { [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue @@ -66,7 +78,8 @@ parse() { ;; ('m') group "${arr[2]}" "-" - user "${arr[1]}" "-" "" "${arr[2]}" + user "${arr[1]}" "-" "" "${arr[1]}" "" "" + usermod "${arr[1]}" "${arr[2]}" ;; esac done From 0455d50768455966daac71690927d721f99626d1 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 28 Sep 2022 13:53:11 +0900 Subject: [PATCH 107/494] patch: fix regression in bfq patch This fixes a bug introduced by d906ff02385b06b9a39cd2982bd6f1e37f7f761b. Fixes RHBZ#2130188. --- use-bfq-scheduler.patch | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/use-bfq-scheduler.patch b/use-bfq-scheduler.patch index 2eb1229..59e642a 100644 --- a/use-bfq-scheduler.patch +++ b/use-bfq-scheduler.patch @@ -1,4 +1,4 @@ -From 8a38bc402c8f7c656c7e356c37c432c7b3a8cd6f Mon Sep 17 00:00:00 2001 +From 1990fb757f6d275d807fcb48ad09f5fc7c947bc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 14 Aug 2019 15:57:42 +0200 Subject: [PATCH] udev: use bfq as the default scheduler @@ -17,17 +17,17 @@ See the bug for more discussion and links. diff --git a/rules.d/60-block-scheduler.rules b/rules.d/60-block-scheduler.rules new file mode 100644 -index 0000000000..480b941761 +index 0000000000..850b64540e --- /dev/null +++ b/rules.d/60-block-scheduler.rules @@ -0,0 +1,5 @@ +# do not edit this file, it will be overwritten on update + -+ACTION=="add", SUBSYSTEM=="block", \ ++ACTION=="add", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", \ + KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \ + ATTR{queue/scheduler}="bfq" diff --git a/rules.d/meson.build b/rules.d/meson.build -index a582e4e922..d300c382fc 100644 +index 8d2878a36d..a3b395c9ce 100644 --- a/rules.d/meson.build +++ b/rules.d/meson.build @@ -8,6 +8,7 @@ rules = [ @@ -38,3 +38,6 @@ index a582e4e922..d300c382fc 100644 '60-drm.rules', '60-evdev.rules', '60-fido-id.rules', +-- +2.37.2 + From 38161d034abfc9d1ffd651bd095943e2e4c6c926 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 16 Sep 2022 23:38:42 +0900 Subject: [PATCH 108/494] Replace patch for test-mountpoint-util Imported from https://github.com/systemd/systemd/pull/24639. --- ...util-support-running-on-a-mount-name.patch | 64 +++++++++ ...96d3e8d1cb0dd3666bc74fa673918b586612.patch | 129 ------------------ systemd.spec | 7 +- 3 files changed, 67 insertions(+), 133 deletions(-) create mode 100644 0002-test-mountpoint-util-support-running-on-a-mount-name.patch delete mode 100644 f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch diff --git a/0002-test-mountpoint-util-support-running-on-a-mount-name.patch b/0002-test-mountpoint-util-support-running-on-a-mount-name.patch new file mode 100644 index 0000000..00c056b --- /dev/null +++ b/0002-test-mountpoint-util-support-running-on-a-mount-name.patch @@ -0,0 +1,64 @@ +From b13268dc09eed68426c2e68a402c96b93f8b0fff Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 12 Sep 2022 04:57:17 +0900 +Subject: [PATCH] test-mountpoint-util: support running on a mount namespace + with another mount on /proc + +Fixes #11505. +--- + src/test/test-mountpoint-util.c | 30 +++++++++++++++++++++--------- + 1 file changed, 21 insertions(+), 9 deletions(-) + +diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c +index 92eed0be62..391e1c97ba 100644 +--- a/src/test/test-mountpoint-util.c ++++ b/src/test/test-mountpoint-util.c +@@ -83,24 +83,36 @@ TEST(mnt_id) { + + HASHMAP_FOREACH_KEY(p, k, h) { + int mnt_id = PTR_TO_INT(k), mnt_id2; ++ const char *q; + + r = path_get_mnt_id(p, &mnt_id2); + if (r < 0) { +- log_debug_errno(r, "Failed to get the mnt id of %s: %m\n", p); ++ log_debug_errno(r, "Failed to get the mnt id of %s: %m", p); + continue; + } + + if (mnt_id == mnt_id2) { +- log_debug("mnt ids of %s is %i\n", p, mnt_id); ++ log_debug("mnt ids of %s is %i.", p, mnt_id); + continue; + } else +- log_debug("mnt ids of %s are %i, %i\n", p, mnt_id, mnt_id2); +- +- /* The ids don't match? If so, then there are two mounts on the same path, let's check if +- * that's really the case */ +- char *t = hashmap_get(h, INT_TO_PTR(mnt_id2)); +- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t); +- assert_se(path_equal(p, t)); ++ log_debug("mnt ids of %s are %i (from /proc/self/mountinfo), %i (from path_get_mnt_id()).", p, mnt_id, mnt_id2); ++ ++ /* The ids don't match? This can easily happen e.g. running with "unshare --mount-proc". ++ * See #11505. */ ++ assert_se(q = hashmap_get(h, INT_TO_PTR(mnt_id2))); ++ ++ assert_se((r = path_is_mount_point(p, NULL, 0)) >= 0); ++ if (r == 0) { ++ /* If the path is not a mount point anymore, then it must be a sub directory of ++ * the path corresponds to mnt_id2. */ ++ log_debug("The path %s for mnt id %i is not a mount point.", p, mnt_id2); ++ assert_se(!isempty(path_startswith(p, q))); ++ } else { ++ /* If the path is still a mount point, then it must be equivalent to the path ++ * corresponds to mnt_id2 */ ++ log_debug("There are multiple mounts on the same path %s.", p); ++ assert_se(path_equal(p, q)); ++ } + } + } + +-- +2.37.2 + diff --git a/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch b/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch deleted file mode 100644 index 84497ad..0000000 --- a/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch +++ /dev/null @@ -1,129 +0,0 @@ -From f58b96d3e8d1cb0dd3666bc74fa673918b586612 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 14 Sep 2020 17:58:03 +0200 -Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id() - -https://bugzilla.redhat.com/show_bug.cgi?id=1803070 - -I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different -than the one we get from /proc/self/fdinfo/. This only matters when both statx and -name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo: - -(gdb) !uname -r -5.6.19-200.fc31.ppc64le - -(gdb) !cat /proc/self/mountinfo -697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota -698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota -699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota -700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <========================================================== -701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel -702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw -703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755 -704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel -705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666 -706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 -720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755 -722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel -725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw -613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel -614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate -615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 -617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 - -The test process does -name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then -openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then -read(open("/proc/self/fdinfo/4", ...)) which gives -"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n" - -and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo. - -We could either drop the fallback path (and fail name_to_handle_at() is not -avaliable) or ignore the error in the test. Not sure what is better. I think -this issue only occurs sometimes and with older kernels, so probably continuing -with the current flaky implementation is better than ripping out the fallback. - -Another strace: -writev(2, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603 -) = 28 -name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0 -writev(2, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697 -) = 20 -name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0 -writev(2, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605 -) = 30 -name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0 -writev(2, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703 -) = 23 -name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported) -openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4 -openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5 -fstat(5, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 -fstat(5, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 -read(5, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36 -read(5, "", 1024) = 0 -close(5) = 0 -close(4) = 0 -writev(2, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725 -) = 42 -writev(2, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc -) = 39 -writev(2, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting. -) = 109 -rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 -rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0 -getpid() = 20 -gettid() = 20 -tgkill(20, 20, SIGABRT) = 0 -rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ---- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=20, si_uid=0} --- -+++ killed by SIGABRT (core dumped) +++ ---- - src/test/test-mountpoint-util.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c -index 30b00ae4d8b..ffe5144b04a 100644 ---- a/src/test/test-mountpoint-util.c -+++ b/src/test/test-mountpoint-util.c -@@ -89,8 +89,12 @@ static void test_mnt_id(void) { - /* The ids don't match? If so, then there are two mounts on the same path, let's check if - * that's really the case */ - char *t = hashmap_get(h, INT_TO_PTR(mnt_id2)); -- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t); -- assert_se(path_equal(p, t)); -+ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t); -+ -+ if (!path_equal(p, t)) -+ /* Apparent kernel bug in /proc/self/fdinfo */ -+ log_warning("Bad mount id given for %s: %d, should be %d", -+ p, mnt_id2, mnt_id); - } - } - diff --git a/systemd.spec b/systemd.spec index 2a798a3..5ac8bd8 100644 --- a/systemd.spec +++ b/systemd.spec @@ -92,14 +92,13 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # https://fedoraproject.org/wiki/Changes/Preset_All_Systemd_Units_on_First_Boot Patch0001: https://github.com/systemd/systemd/commit/93651582ae.patch +# PR https://github.com/systemd/systemd/pull/24639 +Patch0002: 0002-test-mountpoint-util-support-running-on-a-mount-name.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0490: use-bfq-scheduler.patch -# Other downstream-only patches (5000–9999) -# https://github.com/systemd/systemd/pull/17050 -Patch0501: https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch - %ifarch %{ix86} x86_64 aarch64 %global have_gnu_efi 1 %endif From 1ffb1df909e233f16c5c65db5823ceb86f4880ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 1 Oct 2022 19:09:09 +0200 Subject: [PATCH 109/494] Version 251.5 (rhbz#2129343, rhbz#2121106, rhbz#2130188) --- 93651582ae.patch | 98 ------------------------------------------------ sources | 2 +- systemd.spec | 5 +-- 3 files changed, 2 insertions(+), 103 deletions(-) delete mode 100644 93651582ae.patch diff --git a/93651582ae.patch b/93651582ae.patch deleted file mode 100644 index f8c0592..0000000 --- a/93651582ae.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 93651582aef1ee626dc6f8d032195acd73bc9372 Mon Sep 17 00:00:00 2001 -From: Jonathan Lebon -Date: Mon, 23 Mar 2020 12:25:19 -0400 -Subject: [PATCH] manager: optionally, do a full preset on first boot -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -A compile time option is added to select behaviour: by default -UNIT_FILE_PRESET_ENABLE_ONLY is still used, but the intent is to change to -UNIT_FILE_PRESET_FULL at some point in the future. Distros that want to -opt-in can use the config option to change the behaviour. - -(The option is just a boolean: it would be possible to make it multi-valued, -and allow full, enable-only, disable-only, none. But so far nobody has asked -for this, and it's better not to complicate things needlessly.) - -With the configuration option flipped, instead of only doing enablements, -perform a full preset on first boot. The reason is that although -`/etc/machine-id` might be missing, there may be other files provisioned in -`/etc` (in fact, this use case is mentioned in `log_execution_mode`). Some of -those possible files include enablement symlinks even if presets dictate it -should be disabled. - -Such a seemingly contradictory situation occurs in {RHEL,Fedora} CoreOS, -where we ship `/etc` as if `preset-all` were called. However, we want to -allow users to disable default-enabled services via Ignition, which does -this by creating preset dropins before switchroot. (For why we do -`preset-all` at compose time, see: -https://github.com/coreos/fedora-coreos-config/pull/77). - -For example, the composed FCOS image has a `enable zincati.service` -preset and an enablement for that in `/etc`, while at boot time when we -switch root, there may be a `disable zincati.service` preset with higher -precedence. In that case, we want systemd to disable the service. - -This is essentially a revert of 304b3079a203. It seems like systemd -*used* to do this, but it was changed to try to make the container -workflow a bit faster. - -Resolves: https://github.com/coreos/fedora-coreos-tracker/issues/392 - -Co-authored-by: Zbigniew Jędrzejewski-Szmek ---- - meson.build | 3 +++ - meson_options.txt | 2 ++ - src/core/manager.c | 4 +++- - 3 files changed, 8 insertions(+), 1 deletion(-) - -diff --git a/meson.build b/meson.build -index 582e33c9a73d..72e586aa97c7 100644 ---- a/meson.build -+++ b/meson.build -@@ -285,6 +285,8 @@ conf.set10('MEMORY_ACCOUNTING_DEFAULT', memory_accounting_ - conf.set('STATUS_UNIT_FORMAT_DEFAULT', 'STATUS_UNIT_FORMAT_' + status_unit_format_default.to_upper()) - conf.set_quoted('STATUS_UNIT_FORMAT_DEFAULT_STR', status_unit_format_default) - -+conf.set10('FIRST_BOOT_FULL_PRESET', get_option('first-boot-full-preset')) -+ - ##################################################################### - - cc = meson.get_compiler('c') -@@ -4271,6 +4273,7 @@ foreach tuple : [ - ['link-networkd-shared', get_option('link-networkd-shared')], - ['link-timesyncd-shared', get_option('link-timesyncd-shared')], - ['link-boot-shared', get_option('link-boot-shared')], -+ ['first-boot-full-preset'], - ['fexecve'], - ['standalone-binaries', get_option('standalone-binaries')], - ['coverage', get_option('b_coverage')], -diff --git a/meson_options.txt b/meson_options.txt -index 2a030ac28ec0..28765f900e87 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -27,6 +27,8 @@ option('link-timesyncd-shared', type: 'boolean', - description : 'link systemd-timesyncd and its helpers to libsystemd-shared.so') - option('link-boot-shared', type: 'boolean', - description : 'link bootctl and systemd-bless-boot against libsystemd-shared.so') -+option('first-boot-full-preset', type: 'boolean', value: false, -+ description : 'during first boot, do full preset-all (default will be changed to true later)') - - option('static-libsystemd', type : 'combo', - choices : ['false', 'true', 'pic', 'no-pic'], -diff --git a/src/core/manager.c b/src/core/manager.c -index 18daff66c780..f4dacef1005d 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -1728,7 +1728,9 @@ static void manager_preset_all(Manager *m) { - return; - - /* If this is the first boot, and we are in the host system, then preset everything */ -- r = unit_file_preset_all(LOOKUP_SCOPE_SYSTEM, 0, NULL, UNIT_FILE_PRESET_ENABLE_ONLY, NULL, 0); -+ UnitFilePresetMode mode = FIRST_BOOT_FULL_PRESET ? UNIT_FILE_PRESET_FULL : UNIT_FILE_PRESET_ENABLE_ONLY; -+ -+ r = unit_file_preset_all(LOOKUP_SCOPE_SYSTEM, 0, NULL, mode, NULL, 0); - if (r < 0) - log_full_errno(r == -EEXIST ? LOG_NOTICE : LOG_WARNING, r, - "Failed to populate /etc with preset unit settings, ignoring: %m"); diff --git a/sources b/sources index 45fce23..835d223 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-251.4.tar.gz) = 7bbfadd80b88a4c3510a5e4e3572e4eab71dafbf6289da038e552988e09ee8da16da3c9bb8a4fbbde6c6236e0e3c352b0a33f9ee0b84f10241f3499383387738 +SHA512 (systemd-251.5.tar.gz) = 2c645a694d45a2670920115529c5f34001153dafe26e5c4e65f8d1a37922a351569d056fc002f1af72dfc173988f93e11893460f64b497e3d5fc339083dcb2fa diff --git a/systemd.spec b/systemd.spec index 5ac8bd8..673f960 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 251.4 +Version: 251.5 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -89,9 +89,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. -# https://fedoraproject.org/wiki/Changes/Preset_All_Systemd_Units_on_First_Boot -Patch0001: https://github.com/systemd/systemd/commit/93651582ae.patch - # PR https://github.com/systemd/systemd/pull/24639 Patch0002: 0002-test-mountpoint-util-support-running-on-a-mount-name.patch From 58777c7cac8134d2452f24429ddbef46422010cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 1 Oct 2022 19:35:11 +0200 Subject: [PATCH 110/494] Fix permissions on %ghost files (rhbz#2122889) --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 673f960..2a44ac2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -677,7 +677,7 @@ install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24} # here. python3 %{SOURCE2} %buildroot < Date: Fri, 7 Oct 2022 18:12:10 +0200 Subject: [PATCH 111/494] Version 252-rc1 ... (for details see https://raw.githubusercontent.com/systemd/systemd/v252-rc1/NEWS) systemd-pcrphase and systemd-measure and initrd-* units are moved to systemd-udev. systemd-udev should be part of the initrd, and those tools don't make much sense in systems without hardware (i.e. containers). (systemd-measure could possibly be useful, but we can always move it back if there's a good reason.) --- ...util-support-running-on-a-mount-name.patch | 64 ------------------- sources | 2 +- split-files.py | 2 + systemd.spec | 6 +- 4 files changed, 5 insertions(+), 69 deletions(-) delete mode 100644 0002-test-mountpoint-util-support-running-on-a-mount-name.patch diff --git a/0002-test-mountpoint-util-support-running-on-a-mount-name.patch b/0002-test-mountpoint-util-support-running-on-a-mount-name.patch deleted file mode 100644 index 00c056b..0000000 --- a/0002-test-mountpoint-util-support-running-on-a-mount-name.patch +++ /dev/null @@ -1,64 +0,0 @@ -From b13268dc09eed68426c2e68a402c96b93f8b0fff Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 12 Sep 2022 04:57:17 +0900 -Subject: [PATCH] test-mountpoint-util: support running on a mount namespace - with another mount on /proc - -Fixes #11505. ---- - src/test/test-mountpoint-util.c | 30 +++++++++++++++++++++--------- - 1 file changed, 21 insertions(+), 9 deletions(-) - -diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c -index 92eed0be62..391e1c97ba 100644 ---- a/src/test/test-mountpoint-util.c -+++ b/src/test/test-mountpoint-util.c -@@ -83,24 +83,36 @@ TEST(mnt_id) { - - HASHMAP_FOREACH_KEY(p, k, h) { - int mnt_id = PTR_TO_INT(k), mnt_id2; -+ const char *q; - - r = path_get_mnt_id(p, &mnt_id2); - if (r < 0) { -- log_debug_errno(r, "Failed to get the mnt id of %s: %m\n", p); -+ log_debug_errno(r, "Failed to get the mnt id of %s: %m", p); - continue; - } - - if (mnt_id == mnt_id2) { -- log_debug("mnt ids of %s is %i\n", p, mnt_id); -+ log_debug("mnt ids of %s is %i.", p, mnt_id); - continue; - } else -- log_debug("mnt ids of %s are %i, %i\n", p, mnt_id, mnt_id2); -- -- /* The ids don't match? If so, then there are two mounts on the same path, let's check if -- * that's really the case */ -- char *t = hashmap_get(h, INT_TO_PTR(mnt_id2)); -- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t); -- assert_se(path_equal(p, t)); -+ log_debug("mnt ids of %s are %i (from /proc/self/mountinfo), %i (from path_get_mnt_id()).", p, mnt_id, mnt_id2); -+ -+ /* The ids don't match? This can easily happen e.g. running with "unshare --mount-proc". -+ * See #11505. */ -+ assert_se(q = hashmap_get(h, INT_TO_PTR(mnt_id2))); -+ -+ assert_se((r = path_is_mount_point(p, NULL, 0)) >= 0); -+ if (r == 0) { -+ /* If the path is not a mount point anymore, then it must be a sub directory of -+ * the path corresponds to mnt_id2. */ -+ log_debug("The path %s for mnt id %i is not a mount point.", p, mnt_id2); -+ assert_se(!isempty(path_startswith(p, q))); -+ } else { -+ /* If the path is still a mount point, then it must be equivalent to the path -+ * corresponds to mnt_id2 */ -+ log_debug("There are multiple mounts on the same path %s.", p); -+ assert_se(path_equal(p, q)); -+ } - } - } - --- -2.37.2 - diff --git a/sources b/sources index 835d223..ffaf9f8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-251.5.tar.gz) = 2c645a694d45a2670920115529c5f34001153dafe26e5c4e65f8d1a37922a351569d056fc002f1af72dfc173988f93e11893460f64b497e3d5fc339083dcb2fa +SHA512 (systemd-252-rc1.tar.gz) = e249eb39da41aca1bc371c9e2b61f135227b0653e4e175c4c6453b0ca4e1cd50894c005d4ef267b5122af4f339cd9b5a4b90a98c4f84f998f96a7ca1ed637d28 diff --git a/split-files.py b/split-files.py index 835be3d..1227ec9 100644 --- a/split-files.py +++ b/split-files.py @@ -129,6 +129,8 @@ for file in files(buildroot): integritysetup| integritytab| remount-fs| + /initrd| + systemd-pcrphase| /boot$| /boot/efi| /kernel/| diff --git a/systemd.spec b/systemd.spec index 2a44ac2..8a766cb 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,7 +1,7 @@ #global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} -%global stable 1 +#global stable 1 # We ship a .pc file but don't want to have a dep on pkg-config. We # strip the automatically generated dep here and instead co-own the @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 251.5 +Version: 252~rc1 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -89,8 +89,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. -# PR https://github.com/systemd/systemd/pull/24639 -Patch0002: 0002-test-mountpoint-util-support-running-on-a-mount-name.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From b2ad8fb38b9a38cb9a48d5ca56e4ee43a2df03f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 9 Oct 2022 15:20:23 +0200 Subject: [PATCH 112/494] Correctly move systemd-measure to systemd-udev subpackage I had a local modification that didn't make it into commit. --- split-files.py | 1 + 1 file changed, 1 insertion(+) diff --git a/split-files.py b/split-files.py index 1227ec9..a5f8f1e 100644 --- a/split-files.py +++ b/split-files.py @@ -131,6 +131,7 @@ for file in files(buildroot): remount-fs| /initrd| systemd-pcrphase| + systemd-measure| /boot$| /boot/efi| /kernel/| From 3c5b26ff79a34a5824d218144a0cdf15483f4bb4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 9 Oct 2022 15:12:53 +0200 Subject: [PATCH 113/494] Fix indentation in %sysusers_create_compat macro (rhbz#2132835) Automatic unindentation after <<-EOF only works with tabs. Jesus. --- sysusers.generate-pre.sh | 135 ++++++++++++++++++++------------------- 1 file changed, 68 insertions(+), 67 deletions(-) diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh index 829d11e..862cb77 100755 --- a/sysusers.generate-pre.sh +++ b/sysusers.generate-pre.sh @@ -1,92 +1,93 @@ #!/bin/bash +# -*- mode: shell-script; indent-tabs-mode: true; tab-width: 4; -*- # This script turns sysuser.d files into scriptlets mandated by Fedora # packaging guidelines. The general idea is to define users using the # declarative syntax but to turn this into traditional scriptlets. user() { - user="$1" - uid="$2" - desc="$3" - group="$4" - home="$5" - shell="$6" + user="$1" + uid="$2" + desc="$3" + group="$4" + home="$5" + shell="$6" - [ "$desc" = '-' ] && desc= - { [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/ - { [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/usr/sbin/nologin + [ "$desc" = '-' ] && desc= + { [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/ + { [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/usr/sbin/nologin - if [ "$uid" = '-' ] || [ "$uid" = '' ]; then - cat </dev/null || \\ - useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : -EOF - else - cat </dev/null; then - if ! getent passwd '$uid' >/dev/null; then - useradd -r -u '$uid' -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : - else - useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : - fi -fi + if [ "$uid" = '-' ] || [ "$uid" = '' ]; then + cat <<-EOF + getent passwd '$user' >/dev/null || \\ + useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : + EOF + else + cat <<-EOF + if ! getent passwd '$user' >/dev/null; then + if ! getent passwd '$uid' >/dev/null; then + useradd -r -u '$uid' -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : + else + useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : + fi + fi -EOF - fi + EOF + fi } group() { - group="$1" - gid="$2" + group="$1" + gid="$2" - if [ "$gid" = '-' ]; then - cat <<-EOF - getent group '$group' >/dev/null || groupadd -r '$group' || : - EOF - else - cat <<-EOF - getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' || : - EOF - fi + if [ "$gid" = '-' ]; then + cat <<-EOF + getent group '$group' >/dev/null || groupadd -r '$group' || : + EOF + else + cat <<-EOF + getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' || : + EOF + fi } usermod() { - user="$1" - group="$2" + user="$1" + group="$2" - cat <<-EOF -if getent group '$group' >/dev/null; then - usermod -a -G '$group' '$user' || : -fi - EOF + cat <<-EOF + if getent group '$group' >/dev/null; then + usermod -a -G '$group' '$user' || : + fi + EOF } parse() { - while read -r line || [ -n "$line" ] ; do - { [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue - line="${line## *}" - [ -z "$line" ] && continue - eval "arr=( $line )" - case "${arr[0]}" in - ('u') - group "${arr[1]}" "${arr[2]}" - user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}" - # TODO: user:group support - ;; - ('g') - group "${arr[1]}" "${arr[2]}" - ;; - ('m') - group "${arr[2]}" "-" - user "${arr[1]}" "-" "" "${arr[1]}" "" "" - usermod "${arr[1]}" "${arr[2]}" - ;; - esac - done + while read -r line || [ -n "$line" ] ; do + { [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue + line="${line## *}" + [ -z "$line" ] && continue + eval "arr=( $line )" + case "${arr[0]}" in + ('u') + group "${arr[1]}" "${arr[2]}" + user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}" + # TODO: user:group support + ;; + ('g') + group "${arr[1]}" "${arr[2]}" + ;; + ('m') + group "${arr[2]}" "-" + user "${arr[1]}" "-" "" "${arr[1]}" "" "" + usermod "${arr[1]}" "${arr[2]}" + ;; + esac + done } for fn in "$@"; do - [ -e "$fn" ] || continue - echo "# generated from $(basename "$fn")" - parse <"$fn" + [ -e "$fn" ] || continue + echo "# generated from $(basename "$fn")" + parse <"$fn" done From bab6dfc23a915a4daee2dc6b215df8171a66f2a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 14 Oct 2022 16:18:53 +0200 Subject: [PATCH 114/494] Fix upgrade detection in %posttrans scriptlet (rhbz#2115094) 4047e4fb7bb76f2578989e98de276e9ceb4e94b9 got things very wrong. The trick with "[ $1 -eq 1 ]" doesn't work for transaction triggers because the argument is not provided by rpm. We need to use a state file to propagate the information from %post to %posttrans. --- systemd.spec | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/systemd.spec b/systemd.spec index 8a766cb..038cc30 100644 --- a/systemd.spec +++ b/systemd.spec @@ -906,6 +906,8 @@ fi [ $1 -eq 1 ] || exit 0 # Initial installation +touch %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation + # Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263 if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd." @@ -915,14 +917,17 @@ fi %systemd_post systemd-resolved.service %posttrans resolved -[ $1 -eq 1 ] || exit 0 +[ -e %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation ] || exit 0 +rm %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation # Initial installation # Create /etc/resolv.conf symlink. -# We would also create it using tmpfiles, but let's do this here -# too before NetworkManager gets a chance. (systemd-tmpfiles invocation above -# does not do this, because it's marked with ! and we don't specify --boot.) -# https://bugzilla.redhat.com/show_bug.cgi?id=1873856 +# (https://bugzilla.redhat.com/show_bug.cgi?id=1873856) +# +# We would also create it using tmpfiles, but let's do this here too +# before NetworkManager gets a chance. (systemd-tmpfiles invocation +# above does not do this, because the line is marked with ! and +# tmpfiles is invoked without --boot in the scriptlet.) # # *Create* the symlink if nothing is present yet. # (https://bugzilla.redhat.com/show_bug.cgi?id=2032085) From 6594cdc49bb96ff1c33e869b84587692c5216ad8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 18 Oct 2022 14:48:29 +0200 Subject: [PATCH 115/494] Version 252-rc2 (#2134741, #2133792) --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index ffaf9f8..83a9e8e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-252-rc1.tar.gz) = e249eb39da41aca1bc371c9e2b61f135227b0653e4e175c4c6453b0ca4e1cd50894c005d4ef267b5122af4f339cd9b5a4b90a98c4f84f998f96a7ca1ed637d28 +SHA512 (systemd-252-rc2.tar.gz) = f67703dcd03b300cddc2e8bfbeb843ef66ba0b0c548973797a920c1bed9e3a14a740e08936f7d906141da714bccbae0d4fcb47a7ce13e69c8a2f17d7928e218c diff --git a/systemd.spec b/systemd.spec index 038cc30..1fa99e1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 252~rc1 +Version: 252~rc2 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 9acedf97ae8f4241b2114e7c87c8d71f8357c10f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 25 Oct 2022 09:00:02 +0200 Subject: [PATCH 116/494] Version 252-rc3 (#2135778) --- sources | 2 +- systemd.spec | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sources b/sources index 83a9e8e..d5bf765 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-252-rc2.tar.gz) = f67703dcd03b300cddc2e8bfbeb843ef66ba0b0c548973797a920c1bed9e3a14a740e08936f7d906141da714bccbae0d4fcb47a7ce13e69c8a2f17d7928e218c +SHA512 (systemd-252-rc3.tar.gz) = 3968f1df6eab12bb3fe9575e1bd9c87f7e1f45d22c404f250a0dc3e0da801cb089a5e4a1ebc9ef0e3b38c47d55db895eca3da419e757bc1e7f825d154e9b5468 diff --git a/systemd.spec b/systemd.spec index 1fa99e1..170d433 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,12 +30,12 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 252~rc2 +Version: 252~rc3 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') %endif -Release: %autorelease -b 28 +Release: %autorelease # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ From eeb9a47dfb0d9a0543b0ef6594a2408080856e07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 31 Oct 2022 22:27:33 +0100 Subject: [PATCH 117/494] Version 252 No big changes from -rc3. A bunch of bugfixes. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index d5bf765..728cdb1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-252-rc3.tar.gz) = 3968f1df6eab12bb3fe9575e1bd9c87f7e1f45d22c404f250a0dc3e0da801cb089a5e4a1ebc9ef0e3b38c47d55db895eca3da419e757bc1e7f825d154e9b5468 +SHA512 (systemd-252.tar.gz) = c9a5f4e3d11cf6a73b0f0d34f7e8f380b9b39bd4e8dd540affcba2eb24b777943f90662eb6ca2bd24276eb5d502312fcc2f097ec242ed1ca79603dbbde19ec7f diff --git a/systemd.spec b/systemd.spec index 170d433..9fe8062 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 252~rc3 +Version: 252 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From c6d202c6ace19b9f02587069308df846b97ddd77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 8 Nov 2022 20:27:13 +0100 Subject: [PATCH 118/494] Version 252.1 ... (just some small fixes). --- sources | 2 +- systemd.spec | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sources b/sources index 728cdb1..27aa06e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-252.tar.gz) = c9a5f4e3d11cf6a73b0f0d34f7e8f380b9b39bd4e8dd540affcba2eb24b777943f90662eb6ca2bd24276eb5d502312fcc2f097ec242ed1ca79603dbbde19ec7f +SHA512 (systemd-252.1.tar.gz) = 7e9cd4b53522459d919252ff9343630f48e4ae94ff85138829257072c345e3636a2e52152e9080e6cf847c50c076b3e28a60a0d6e1896f183e442140fa97f92f diff --git a/systemd.spec b/systemd.spec index 9fe8062..67ef199 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,7 +1,7 @@ #global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} -#global stable 1 +%global stable 1 # We ship a .pc file but don't want to have a dep on pkg-config. We # strip the automatically generated dep here and instead co-own the @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 252 +Version: 252.1 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From b3fa8789f948a4db64957439961ede7dccc04962 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 21 Nov 2022 11:44:30 +0100 Subject: [PATCH 119/494] BR: xen-devel This improves support for XEN. [skip changelog] --- systemd.spec | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/systemd.spec b/systemd.spec index 67ef199..3cf470b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -169,6 +169,11 @@ BuildRequires: bpftool %global have_bpf 1 %endif +%ifarch x86_64 aarch64 +# That package is only built for those two architectures +BuildRequires: xen-devel +%endif + Requires(post): coreutils Requires(post): grep # systemd-machine-id-setup requires libssl From 83301531c0aa22ffc155096826d8f5250c6a880a Mon Sep 17 00:00:00 2001 From: Martin Osvald Date: Wed, 2 Nov 2022 14:38:59 +0100 Subject: [PATCH 120/494] Support user:group notation by sysusers.generate-pre.sh script #Type Name ID GECOS Home directory Shell u user_name uid:gid "User Description" /home/dir /path/to/shell According to: https://www.freedesktop.org/software/systemd/man/sysusers.d.html --- sysusers.generate-pre.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh index 862cb77..a077bb7 100755 --- a/sysusers.generate-pre.sh +++ b/sysusers.generate-pre.sh @@ -70,9 +70,12 @@ parse() { eval "arr=( $line )" case "${arr[0]}" in ('u') - group "${arr[1]}" "${arr[2]}" - user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}" - # TODO: user:group support + if [[ "${arr[2]}" == *":"* ]]; then + user "${arr[1]}" "${arr[2]%:*}" "${arr[3]}" "${arr[2]#*:}" "${arr[4]}" "${arr[5]}" + else + group "${arr[1]}" "${arr[2]}" + user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}" + fi ;; ('g') group "${arr[1]}" "${arr[2]}" From da37ad3139a85a8ce9a1f7b4df26fe88506f3626 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 24 Nov 2022 17:48:41 +0100 Subject: [PATCH 121/494] Version 252.2 - Latest batch of bugfixes (rhbz#2137631) --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 27aa06e..99e8f64 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-252.1.tar.gz) = 7e9cd4b53522459d919252ff9343630f48e4ae94ff85138829257072c345e3636a2e52152e9080e6cf847c50c076b3e28a60a0d6e1896f183e442140fa97f92f +SHA512 (systemd-252.2.tar.gz) = 4a4f7382a6a2d7aea3a2866034a4562d1b45a4e18f733a371bb83d67bf4ef5d31d480e703fd353ee847fadc76005f9191a9a44d95c57f6849fdd451cc1b9e21d diff --git a/systemd.spec b/systemd.spec index 3cf470b..6415dbf 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 252.1 +Version: 252.2 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 54a3b6f942abf61353782847df11012338157285 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 27 Apr 2022 15:45:25 +0200 Subject: [PATCH 122/494] Split out systemd-boot-unsigned package --- split-files.py | 5 ++++- systemd.spec | 23 ++++++++++++++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/split-files.py b/split-files.py index a5f8f1e..783a284 100644 --- a/split-files.py +++ b/split-files.py @@ -17,6 +17,7 @@ def files(root): o_libs = open('.file-list-libs', 'w') o_udev = open('.file-list-udev', 'w') +o_boot = open('.file-list-boot', 'w') o_pam = open('.file-list-pam', 'w') o_rpm_macros = open('.file-list-rpm-macros', 'w') o_devel = open('.file-list-devel', 'w') @@ -133,7 +134,6 @@ for file in files(buildroot): systemd-pcrphase| systemd-measure| /boot$| - /boot/efi| /kernel/| /kernel$| /modprobe.d| @@ -147,6 +147,9 @@ for file in files(buildroot): # confused if those user-facing binaries are not available. o = o_udev + elif re.search(r'''/boot/efi''', n, re.X): + o = o_boot + elif re.search(r'''resolved|resolve1| systemd-resolve| resolvconf| diff --git a/systemd.spec b/systemd.spec index 6415dbf..5596e4e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -28,7 +28,7 @@ %bcond_with inplace Name: systemd -Url: https://www.freedesktop.org/wiki/Software/systemd +Url: https://systemd.io %if %{without inplace} Version: 252.2 %else @@ -331,6 +331,9 @@ Requires: kbd Provides: u2f-hidraw-policy = 1.0.2-40 Obsoletes: u2f-hidraw-policy < 1.0.2-40 +# self-obsoletes to install both packages after split of systemd-boot +Obsoletes: systemd-udev < 252.2^ + %description udev This package contains systemd-udev and the rules and hardware database needed to manage device nodes. This package is necessary on physical machines and in @@ -341,6 +344,22 @@ This package also provides systemd-timesyncd, a network time protocol daemon. It also contains tools to manage encrypted home areas and secrets bound to the machine, and to create or grow partitions and make file systems automatically. +%package boot-unsigned +Summary: UEFI boot manager (unsigned version) + +Provides: systemd-boot-unsigned-%{efi_arch} = %version-%release + +# self-obsoletes to install both packages after split of systemd-boot +Obsoletes: systemd-udev < 252.2^ + +%description boot-unsigned +systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a +graphical menu to select the entry to boot and an editor for the kernel command +line. systemd-boot supports systems with UEFI firmware only. + +This package contains the unsigned version. Install systemd-boot instead to get +the version that works with Secure Boot. + %package container # Name is the same as in Debian Summary: Tools for containers and VMs @@ -994,6 +1013,8 @@ fi %files udev -f .file-list-udev +%files boot-unsigned -f .file-list-boot + %files container -f .file-list-container %ghost %dir %attr(0700,-,-) /var/lib/machines From 778f8ef8a5a9665fe53e1d715ae1c076897c3458 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 3 Dec 2022 09:47:34 +0100 Subject: [PATCH 123/494] Do not create boot subpackage on non-efi arches This fixes build. [skip changelog] --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index 5596e4e..b750da2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -344,6 +344,7 @@ This package also provides systemd-timesyncd, a network time protocol daemon. It also contains tools to manage encrypted home areas and secrets bound to the machine, and to create or grow partitions and make file systems automatically. +%if 0%{?have_gnu_efi} %package boot-unsigned Summary: UEFI boot manager (unsigned version) @@ -359,6 +360,7 @@ line. systemd-boot supports systems with UEFI firmware only. This package contains the unsigned version. Install systemd-boot instead to get the version that works with Secure Boot. +%endif %package container # Name is the same as in Debian @@ -1013,7 +1015,9 @@ fi %files udev -f .file-list-udev +%if 0%{?have_gnu_efi} %files boot-unsigned -f .file-list-boot +%endif %files container -f .file-list-container %ghost %dir %attr(0700,-,-) /var/lib/machines From ef4c00c6a47d7ce7ad12a925abe0017eed5d5efd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 8 Dec 2022 22:45:58 +0100 Subject: [PATCH 124/494] Version 252.3 ... (rhbz#2136916, rhbz#2083900) --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 99e8f64..3e0a7b9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-252.2.tar.gz) = 4a4f7382a6a2d7aea3a2866034a4562d1b45a4e18f733a371bb83d67bf4ef5d31d480e703fd353ee847fadc76005f9191a9a44d95c57f6849fdd451cc1b9e21d +SHA512 (systemd-252.3.tar.gz) = 1bd16047ef71f4a40c33382c6a785b58b1193df6048384b5ce9e831c321ab4e78d0f745df9d4e40c13271c52a252fb98ff060f2fa01f4b0b76055c763a9ede79 diff --git a/systemd.spec b/systemd.spec index b750da2..306c90b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 252.2 +Version: 252.3 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 2a3fc2e21fd30331965ed186308160042fe71579 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 14 Dec 2022 22:35:52 +0100 Subject: [PATCH 125/494] Use upstream pam systemd-auth file with a patch, add pam_keyinit This file changes rarely, but it does every one in a while. And since we have an independent copy, we forget to adjust it. We have had already two bugs because of this. I submitted a PR upstream to include pam_namespace (because that makes sense for all distros), so the diff between upstream and us now is just the inclusion of system-auth (which is not upstreamable). Effectively, the only difference right now is that 'pam_keyinit force revoke' is included. It was added upstream with the comment: We want that systemd --user gets its own keyring as usual, even if the barebones PAM snippet we ship upstream is used. If we don't do this we get the basic keyring systemd --system sets up for us. --- 0001-pam-align-second-and-third-columns.patch | 48 +++++++++++++++++++ 0002-pam-add-a-call-to-pam_namespace.patch | 41 ++++++++++++++++ 0003-pam-actually-align-the-columns.patch | 47 ++++++++++++++++++ ...-use-system-auth-in-pam-systemd-user.patch | 31 ++++++++++++ systemd-user | 14 ------ systemd.spec | 6 +++ 6 files changed, 173 insertions(+), 14 deletions(-) create mode 100644 0001-pam-align-second-and-third-columns.patch create mode 100644 0002-pam-add-a-call-to-pam_namespace.patch create mode 100644 0003-pam-actually-align-the-columns.patch create mode 100644 fedora-use-system-auth-in-pam-systemd-user.patch delete mode 100644 systemd-user diff --git a/0001-pam-align-second-and-third-columns.patch b/0001-pam-align-second-and-third-columns.patch new file mode 100644 index 0000000..8ab341b --- /dev/null +++ b/0001-pam-align-second-and-third-columns.patch @@ -0,0 +1,48 @@ +From 9efb224443d819b7d64ec76cb94c8aa625a8abf2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 23 Nov 2022 16:05:48 +0100 +Subject: [PATCH 1/2] pam: align second and third columns + +In our template file, we have jinja2 template markers, so the file +looks fairly messy. But once it's rendered, it looks pretty clean, except +that the columns are unaligned becuase of "-" in some lines in the first +column. Let's make them aligned. +--- + src/login/systemd-user.in | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in +index 39bcbd71fe..d5597d28cb 100644 +--- a/src/login/systemd-user.in ++++ b/src/login/systemd-user.in +@@ -4,18 +4,18 @@ + # Used by systemd --user instances. + + {% if ENABLE_HOMED %} +--account sufficient pam_systemd_home.so ++-account sufficient pam_systemd_home.so + {% endif %} +-account sufficient pam_unix.so no_pass_expiry +-account required pam_permit.so ++account sufficient pam_unix.so no_pass_expiry ++account required pam_permit.so + + {% if HAVE_SELINUX %} +-session required pam_selinux.so close +-session required pam_selinux.so nottys open ++session required pam_selinux.so close ++session required pam_selinux.so nottys open + {% endif %} +-session required pam_loginuid.so +-session optional pam_keyinit.so force revoke ++session required pam_loginuid.so ++session optional pam_keyinit.so force revoke + {% if ENABLE_HOMED %} +--session optional pam_systemd_home.so ++-session optional pam_systemd_home.so + {% endif %} +-session optional pam_systemd.so ++session optional pam_systemd.so +-- +2.38.1 + diff --git a/0002-pam-add-a-call-to-pam_namespace.patch b/0002-pam-add-a-call-to-pam_namespace.patch new file mode 100644 index 0000000..51564d9 --- /dev/null +++ b/0002-pam-add-a-call-to-pam_namespace.patch @@ -0,0 +1,41 @@ +From 0ef48896d9f23b9fd547a532a4e6e6b8f8b12901 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 23 Nov 2022 16:09:56 +0100 +Subject: [PATCH 2/2] pam: add a call to pam_namespace + +A call to pam_namespace is required so that children of user@.service end up in +a namespace as expected. pam_namespace gets called as part of the stack that +creates a session (login, sshd, gdm, etc.) and those processes end up in a +namespace, but it also needs to be called from our stack which is parallel and +descends from pid1 itself. + +The call to pam_namespace is similar to the call to pam_keyinit that was added +in ab79099d1684457d040ee7c28b2012e8c1ea9a4f. The pam stack for user@.service +creates a new session which is disconnected from the parent environment. Both +calls are not suitable for inclusion in the shared part of the stack (e.g. +@system-auth on Fedora/RHEL systems), because for example su/sudo/runuser +should not include them. + +Fixes #17043 (Allow to execute user service into dedicated namespace + if pam_namespace enabled) +Related to https://bugzilla.redhat.com/show_bug.cgi?id=1861836 +(Polyinstantiation is ignored/bypassed in GNOME sessions) +--- + src/login/systemd-user.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in +index d5597d28cb..06f7e36458 100644 +--- a/src/login/systemd-user.in ++++ b/src/login/systemd-user.in +@@ -15,6 +15,7 @@ session required pam_selinux.so nottys open + {% endif %} + session required pam_loginuid.so + session optional pam_keyinit.so force revoke ++session required pam_namespace.so + {% if ENABLE_HOMED %} + -session optional pam_systemd_home.so + {% endif %} +-- +2.38.1 + diff --git a/0003-pam-actually-align-the-columns.patch b/0003-pam-actually-align-the-columns.patch new file mode 100644 index 0000000..da4fcf2 --- /dev/null +++ b/0003-pam-actually-align-the-columns.patch @@ -0,0 +1,47 @@ +From 369dfbf43a0064b70a774ccdd3dd1c1a09fd95ca Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 14 Dec 2022 22:23:31 +0100 +Subject: [PATCH 3/4] pam: actually align the columns + +In 9efb224443d819b7d64ec76cb94c8aa625a8abf2 was supposed to align +them, but for some reason I just added a second space everywhere. +--- + src/login/systemd-user.in | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in +index 06f7e36458..9a665bd959 100644 +--- a/src/login/systemd-user.in ++++ b/src/login/systemd-user.in +@@ -4,19 +4,19 @@ + # Used by systemd --user instances. + + {% if ENABLE_HOMED %} +--account sufficient pam_systemd_home.so ++-account sufficient pam_systemd_home.so + {% endif %} + account sufficient pam_unix.so no_pass_expiry +-account required pam_permit.so ++account required pam_permit.so + + {% if HAVE_SELINUX %} +-session required pam_selinux.so close +-session required pam_selinux.so nottys open ++session required pam_selinux.so close ++session required pam_selinux.so nottys open + {% endif %} +-session required pam_loginuid.so +-session optional pam_keyinit.so force revoke +-session required pam_namespace.so ++session required pam_loginuid.so ++session optional pam_keyinit.so force revoke ++session required pam_namespace.so + {% if ENABLE_HOMED %} +--session optional pam_systemd_home.so ++-session optional pam_systemd_home.so + {% endif %} +-session optional pam_systemd.so ++session optional pam_systemd.so +-- +2.38.1 + diff --git a/fedora-use-system-auth-in-pam-systemd-user.patch b/fedora-use-system-auth-in-pam-systemd-user.patch new file mode 100644 index 0000000..3b7c10d --- /dev/null +++ b/fedora-use-system-auth-in-pam-systemd-user.patch @@ -0,0 +1,31 @@ +From 4e6479054ae2090b99a50d6ae954d22efc8340a0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 14 Dec 2022 22:24:53 +0100 +Subject: [PATCH 4/4] fedora: use system-auth in pam systemd-user + +--- + src/login/systemd-user.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in +index 9a665bd959..703a4b3174 100644 +--- a/src/login/systemd-user.in ++++ b/src/login/systemd-user.in +@@ -7,7 +7,7 @@ + -account sufficient pam_systemd_home.so + {% endif %} + account sufficient pam_unix.so no_pass_expiry +-account required pam_permit.so ++account include system-auth + + {% if HAVE_SELINUX %} + session required pam_selinux.so close +@@ -19,4 +19,4 @@ session required pam_namespace.so + {% if ENABLE_HOMED %} + -session optional pam_systemd_home.so + {% endif %} +-session optional pam_systemd.so ++session include system-auth +-- +2.38.1 + diff --git a/systemd-user b/systemd-user deleted file mode 100644 index 8ef2c18..0000000 --- a/systemd-user +++ /dev/null @@ -1,14 +0,0 @@ -# This file is part of systemd. -# -# Used by systemd --user instances. - --account sufficient pam_systemd_home.so -account sufficient pam_unix.so no_pass_expiry -account include system-auth - -session required pam_selinux.so close -session required pam_selinux.so nottys open -session required pam_loginuid.so -session required pam_namespace.so --session optional pam_systemd_home.so -session include system-auth diff --git a/systemd.spec b/systemd.spec index 306c90b..f531c1c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -89,11 +89,17 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. +Patch0001: 0001-pam-align-second-and-third-columns.patch +Patch0002: 0002-pam-add-a-call-to-pam_namespace.patch +Patch0003: 0003-pam-actually-align-the-columns.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0490: use-bfq-scheduler.patch +# Adjust upstream config to use our shared stack +Patch0491: fedora-use-system-auth-in-pam-systemd-user.patch + %ifarch %{ix86} x86_64 aarch64 %global have_gnu_efi 1 %endif From 1d366e53d87a940995041833936af9c473a469e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 15 Dec 2022 12:48:00 +0100 Subject: [PATCH 126/494] Stop trying to use removed source file [skip changelog] --- systemd.spec | 6 ------ 1 file changed, 6 deletions(-) diff --git a/systemd.spec b/systemd.spec index f531c1c..21b9f5f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -66,7 +66,6 @@ Source7: systemd-journal-remote.xml Source8: systemd-journal-gatewayd.xml Source9: 20-yama-ptrace.conf Source10: systemd-udev-trigger-no-reload.conf -Source12: systemd-user Source13: libsystemd-shared.abignore Source14: 10-oomd-defaults.conf @@ -473,11 +472,6 @@ package and is meant for use in non-systemd systems. %prep %autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1 -test -f src/login/systemd-user.in -# Restore systemd-user pam config from before "removal of Fedora-specific bits". -# We'll systemd process it and install in the right place. -cp %{SOURCE12} src/login/systemd-user.in - %build %global ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} From 732bdcb223ae95b41e37aa1ba1a3256781a51fbd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 17 Dec 2022 17:10:35 +0100 Subject: [PATCH 127/494] boot: add Provides:systemd-boot(isa) As requested in https://github.com/rhinstaller/anaconda/pull/4368#discussion_r1043839809, so that it's easier to depend on the appropriate package. Once we have the signed version built, this provides might be dropped. But let's add it at least for now so that there's a stable name to depend on. While at it, let's drop ? from %{_isa}. Systemd is always archful. --- systemd.spec | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/systemd.spec b/systemd.spec index 21b9f5f..f3c5a44 100644 --- a/systemd.spec +++ b/systemd.spec @@ -191,7 +191,7 @@ Requires: %{name}-libs = %{version}-%{release} %{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} Recommends: diffutils Requires: (util-linux-core or util-linux) -Recommends: libxkbcommon%{?_isa} +Recommends: libxkbcommon%{_isa} Provides: /bin/systemctl Provides: /sbin/shutdown Provides: syslog @@ -284,7 +284,7 @@ for information how to use those macros. %package devel Summary: Development headers for systemd License: LGPLv2+ and MIT -Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{_isa} = %{version}-%{release} Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) Provides: libudev-devel = %{version} Provides: libudev-devel%{_isa} = %{version} @@ -298,7 +298,7 @@ to libudev or libsystemd. Summary: Rule-based device node and kernel event manager License: LGPLv2+ -Requires: systemd%{?_isa} = %{version}-%{release} +Requires: systemd%{_isa} = %{version}-%{release} Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -354,6 +354,8 @@ machine, and to create or grow partitions and make file systems automatically. Summary: UEFI boot manager (unsigned version) Provides: systemd-boot-unsigned-%{efi_arch} = %version-%release +Provides: systemd-boot = %version-%release +Provides: systemd-boot%{_isa} = %version-%release # self-obsoletes to install both packages after split of systemd-boot Obsoletes: systemd-udev < 252.2^ @@ -370,7 +372,7 @@ the version that works with Secure Boot. %package container # Name is the same as in Debian Summary: Tools for containers and VMs -Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}%{_isa} = %{version}-%{release} Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -389,7 +391,7 @@ systemd-importd. %package journal-remote # Name is the same as in Debian Summary: Tools to send journal events over the network -Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}%{_isa} = %{version}-%{release} License: LGPLv2+ Requires: firewalld-filesystem Provides: %{name}-journal-gateway = %{version}-%{release} @@ -407,7 +409,7 @@ systemd-journal-upload. %package networkd Summary: System daemon that manages network configurations -Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}%{_isa} = %{version}-%{release} License: LGPLv2+ # https://src.fedoraproject.org/rpms/systemd/pull-request/34 Obsoletes: systemd < 246.6-2 @@ -419,7 +421,7 @@ devices. %package resolved Summary: Network Name Resolution manager -Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}%{_isa} = %{version}-%{release} Obsoletes: %{name} < 249~~ Requires: libidn2.so.0%{?elf_suffix} Requires: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} @@ -442,7 +444,7 @@ a userspace out-of-memory (OOM) killer. %package tests Summary: Internal unit tests for systemd -Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}%{_isa} = %{version}-%{release} License: LGPLv2+ %description tests From befb0e11ddeed785cda0ea1188b83334f52feb1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 20 Dec 2022 18:35:03 +0100 Subject: [PATCH 128/494] Version 252.4 - Fixes a few different issues (systemd-timesyncd connectivity problems, broken emoji output on the console, crashes in pid1 unit dependency logic) - CVE-2022-4415: systemd: coredump not respecting fs.suid_dumpable kernel setting --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 3e0a7b9..0a5683d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-252.3.tar.gz) = 1bd16047ef71f4a40c33382c6a785b58b1193df6048384b5ce9e831c321ab4e78d0f745df9d4e40c13271c52a252fb98ff060f2fa01f4b0b76055c763a9ede79 +SHA512 (systemd-252.4.tar.gz) = 007165a6ca0563e2fc9834179d502d3d5497c9d1b93c92a009f31a2e0d4a0b154bfa57eaf52b0c94243e09123b8184036a69c145be6efaa4baaffe687c1fd28e diff --git a/systemd.spec b/systemd.spec index f3c5a44..20d41b8 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 252.3 +Version: 252.4 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 67561d75bf7f1f8e551582c8c0a0d085ba865202 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 5 Jan 2023 13:52:34 +0100 Subject: [PATCH 129/494] Add python3 to BuildRequires Let's make it explicit that python3 is required during the build process. --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index 20d41b8..555abb9 100644 --- a/systemd.spec +++ b/systemd.spec @@ -153,6 +153,7 @@ BuildRequires: gperf BuildRequires: gawk BuildRequires: tree BuildRequires: hostname +BuildRequires: python3 BuildRequires: python3dist(lxml) BuildRequires: python3dist(jinja2) BuildRequires: firewalld-filesystem From 17d16267e2f48df7bf13b4a077214293fc53245f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 21 Jan 2023 04:33:41 +0000 Subject: [PATCH 130/494] Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering From a142c87042e93093cc5860620c4ad99bbbae92e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 22 Jan 2023 22:40:25 +0100 Subject: [PATCH 131/494] Backport patches to fix issues gcc-13 and -D_FORTIFY_SOURCE=3 gcc has a new warning which caught a bug of int/enum mismatches. And we would crash on some architectures when built with -D_FORTIFY_SOURCE=3 because of our malloc_usable_size() use. This should resolve the build failure in F38 mass build. --- ...l-Use-InstallChangeType-consistently.patch | 37 +++++++ ...ode-is-of-type-enum-MHD_RequestTermi.patch | 34 ++++++ ...er_feature_level_-_string-type-is-Dn.patch | 31 ++++++ ...tor-to-make-accesses-defined-as-per-.patch | 104 ++++++++++++++++++ ...isallow-inlining-of-expand_to_usable.patch | 48 ++++++++ systemd.spec | 6 + 6 files changed, 260 insertions(+) create mode 100644 0001-shared-install-Use-InstallChangeType-consistently.patch create mode 100644 0002-journal-remote-code-is-of-type-enum-MHD_RequestTermi.patch create mode 100644 0003-resolve-dns_server_feature_level_-_string-type-is-Dn.patch create mode 100644 0004-Use-dummy-allocator-to-make-accesses-defined-as-per-.patch create mode 100644 0005-alloc-util-Disallow-inlining-of-expand_to_usable.patch diff --git a/0001-shared-install-Use-InstallChangeType-consistently.patch b/0001-shared-install-Use-InstallChangeType-consistently.patch new file mode 100644 index 0000000..41ce82b --- /dev/null +++ b/0001-shared-install-Use-InstallChangeType-consistently.patch @@ -0,0 +1,37 @@ +From 2fdd12acd5c69bc952d9ca4d5ad796e6e830d21b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= +Date: Fri, 11 Nov 2022 15:34:32 +0000 +Subject: [PATCH 1/5] shared|install: Use InstallChangeType consistently + +gcc 13 -Wenum-int-mismatch, enabled by default, reminds us enum ! = int + +(cherry picked from commit 9264db1a0ac6034ab5b40ef3f5914d8dc7d77aba) +--- + src/shared/install.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/shared/install.h b/src/shared/install.h +index 9bb412ba06..0abc73897e 100644 +--- a/src/shared/install.h ++++ b/src/shared/install.h +@@ -197,7 +197,7 @@ int unit_file_exists(LookupScope scope, const LookupPaths *paths, const char *na + int unit_file_get_list(LookupScope scope, const char *root_dir, Hashmap *h, char **states, char **patterns); + Hashmap* unit_file_list_free(Hashmap *h); + +-InstallChangeType install_changes_add(InstallChange **changes, size_t *n_changes, int type, const char *path, const char *source); ++InstallChangeType install_changes_add(InstallChange **changes, size_t *n_changes, InstallChangeType type, const char *path, const char *source); + void install_changes_free(InstallChange *changes, size_t n_changes); + void install_changes_dump(int r, const char *verb, const InstallChange *changes, size_t n_changes, bool quiet); + +@@ -224,7 +224,7 @@ UnitFileState unit_file_state_from_string(const char *s) _pure_; + /* from_string conversion is unreliable because of the overlap between -EPERM and -1 for error. */ + + const char *install_change_type_to_string(InstallChangeType t) _const_; +-int install_change_type_from_string(const char *s) _pure_; ++InstallChangeType install_change_type_from_string(const char *s) _pure_; + + const char *unit_file_preset_mode_to_string(UnitFilePresetMode m) _const_; + UnitFilePresetMode unit_file_preset_mode_from_string(const char *s) _pure_; +-- +2.39.1 + diff --git a/0002-journal-remote-code-is-of-type-enum-MHD_RequestTermi.patch b/0002-journal-remote-code-is-of-type-enum-MHD_RequestTermi.patch new file mode 100644 index 0000000..3a86af1 --- /dev/null +++ b/0002-journal-remote-code-is-of-type-enum-MHD_RequestTermi.patch @@ -0,0 +1,34 @@ +From b1b7667a44c4e8635b6d8dc070fb2446187fcdc5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= +Date: Fri, 11 Nov 2022 15:28:51 +0000 +Subject: [PATCH 2/5] journal-remote: code is of type enum + MHD_RequestTerminationCode + +Fixes gcc 13 -Wenum-int-mismatch which are enabled by default. + +(cherry picked from commit aa70dd624bff6280ab6f2871f62d313bdb1e1bcc) +--- + src/journal-remote/microhttpd-util.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/journal-remote/microhttpd-util.h b/src/journal-remote/microhttpd-util.h +index 7e7d1b56b1..df18335469 100644 +--- a/src/journal-remote/microhttpd-util.h ++++ b/src/journal-remote/microhttpd-util.h +@@ -64,11 +64,11 @@ void microhttpd_logger(void *arg, const char *fmt, va_list ap) _printf_(2, 0); + + int mhd_respondf(struct MHD_Connection *connection, + int error, +- unsigned code, ++ enum MHD_RequestTerminationCode code, + const char *format, ...) _printf_(4,5); + + int mhd_respond(struct MHD_Connection *connection, +- unsigned code, ++ enum MHD_RequestTerminationCode code, + const char *message); + + int mhd_respond_oom(struct MHD_Connection *connection); +-- +2.39.1 + diff --git a/0003-resolve-dns_server_feature_level_-_string-type-is-Dn.patch b/0003-resolve-dns_server_feature_level_-_string-type-is-Dn.patch new file mode 100644 index 0000000..d328854 --- /dev/null +++ b/0003-resolve-dns_server_feature_level_-_string-type-is-Dn.patch @@ -0,0 +1,31 @@ +From ba5f7915d25a400f0651bc9e8546a3ec6a738eaa Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= +Date: Fri, 11 Nov 2022 15:31:18 +0000 +Subject: [PATCH 3/5] resolve: dns_server_feature_level_*_string type is + DnsServerFeatureLevel + +gcc 13 -Wenum-int-mismatch reminds us that enum != int + +(cherry picked from commit e14afe31c3e8380496dc85b57103b2f648bc7d43) +--- + src/resolve/resolved-dns-server.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/resolve/resolved-dns-server.h b/src/resolve/resolved-dns-server.h +index be9efb0a79..f939b534c3 100644 +--- a/src/resolve/resolved-dns-server.h ++++ b/src/resolve/resolved-dns-server.h +@@ -44,8 +44,8 @@ typedef enum DnsServerFeatureLevel { + #define DNS_SERVER_FEATURE_LEVEL_IS_DNSSEC(x) ((x) >= DNS_SERVER_FEATURE_LEVEL_DO) + #define DNS_SERVER_FEATURE_LEVEL_IS_UDP(x) IN_SET(x, DNS_SERVER_FEATURE_LEVEL_UDP, DNS_SERVER_FEATURE_LEVEL_EDNS0, DNS_SERVER_FEATURE_LEVEL_DO) + +-const char* dns_server_feature_level_to_string(int i) _const_; +-int dns_server_feature_level_from_string(const char *s) _pure_; ++const char* dns_server_feature_level_to_string(DnsServerFeatureLevel i) _const_; ++DnsServerFeatureLevel dns_server_feature_level_from_string(const char *s) _pure_; + + struct DnsServer { + Manager *manager; +-- +2.39.1 + diff --git a/0004-Use-dummy-allocator-to-make-accesses-defined-as-per-.patch b/0004-Use-dummy-allocator-to-make-accesses-defined-as-per-.patch new file mode 100644 index 0000000..516f45c --- /dev/null +++ b/0004-Use-dummy-allocator-to-make-accesses-defined-as-per-.patch @@ -0,0 +1,104 @@ +From 34b9eddfc12936917fab000b780a451d6277c2b4 Mon Sep 17 00:00:00 2001 +From: Siddhesh Poyarekar +Date: Tue, 13 Dec 2022 16:54:36 -0500 +Subject: [PATCH 4/5] Use dummy allocator to make accesses defined as per + standard + +systemd uses malloc_usable_size() everywhere to use memory blocks +obtained through malloc, but that is abuse since the +malloc_usable_size() interface isn't meant for this kind of use, it is +for diagnostics only. This is also why systemd behaviour is flaky when +built with _FORTIFY_SOURCE. + +One way to make this more standard (and hence safer) is to, at every +malloc_usable_size() call, also 'reallocate' the block so that the +compiler can see the larger size. This is done through a dummy +reallocator whose only purpose is to tell the compiler about the larger +usable size, it doesn't do any actual reallocation. + +Florian Weimer pointed out that this doesn't solve the problem of an +allocator potentially growing usable size at will, which will break the +implicit assumption in systemd use that the value returned remains +constant as long as the object is valid. The safest way to fix that is +for systemd to step away from using malloc_usable_size() like this. + +Resolves #22801. + +(cherry picked from commit 7929e180aa47a2692ad4f053afac2857d7198758) +--- + src/basic/alloc-util.c | 4 ++++ + src/basic/alloc-util.h | 38 ++++++++++++++++++++++++++++---------- + 2 files changed, 32 insertions(+), 10 deletions(-) + +diff --git a/src/basic/alloc-util.c b/src/basic/alloc-util.c +index b030f454b2..6063943c88 100644 +--- a/src/basic/alloc-util.c ++++ b/src/basic/alloc-util.c +@@ -102,3 +102,7 @@ void* greedy_realloc0( + + return q; + } ++ ++void *expand_to_usable(void *ptr, size_t newsize _unused_) { ++ return ptr; ++} +diff --git a/src/basic/alloc-util.h b/src/basic/alloc-util.h +index b38db7d473..eb53aae6f3 100644 +--- a/src/basic/alloc-util.h ++++ b/src/basic/alloc-util.h +@@ -2,6 +2,7 @@ + #pragma once + + #include ++#include + #include + #include + #include +@@ -184,17 +185,34 @@ void* greedy_realloc0(void **p, size_t need, size_t size); + # define msan_unpoison(r, s) + #endif + +-/* This returns the number of usable bytes in a malloc()ed region as per malloc_usable_size(), in a way that +- * is compatible with _FORTIFY_SOURCES. If _FORTIFY_SOURCES is used many memory operations will take the +- * object size as returned by __builtin_object_size() into account. Hence, let's return the smaller size of +- * malloc_usable_size() and __builtin_object_size() here, so that we definitely operate in safe territory by +- * both the compiler's and libc's standards. Note that __builtin_object_size() evaluates to SIZE_MAX if the +- * size cannot be determined, hence the MIN() expression should be safe with dynamically sized memory, +- * too. Moreover, when NULL is passed malloc_usable_size() is documented to return zero, and +- * __builtin_object_size() returns SIZE_MAX too, hence we also return a sensible value of 0 in this corner +- * case. */ ++/* Dummy allocator to tell the compiler that the new size of p is newsize. The implementation returns the ++ * pointer as is; the only reason for its existence is as a conduit for the _alloc_ attribute. This cannot be ++ * a static inline because gcc then loses the attributes on the function. ++ * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96503 */ ++void *expand_to_usable(void *p, size_t newsize) _alloc_(2) _returns_nonnull_; ++ ++static inline size_t malloc_sizeof_safe(void **xp) { ++ if (_unlikely_(!xp || !*xp)) ++ return 0; ++ ++ size_t sz = malloc_usable_size(*xp); ++ *xp = expand_to_usable(*xp, sz); ++ /* GCC doesn't see the _returns_nonnull_ when built with ubsan, so yet another hint to make it doubly ++ * clear that expand_to_usable won't return NULL. ++ * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79265 */ ++ if (!*xp) ++ assert_not_reached(); ++ return sz; ++} ++ ++/* This returns the number of usable bytes in a malloc()ed region as per malloc_usable_size(), which may ++ * return a value larger than the size that was actually allocated. Access to that additional memory is ++ * discouraged because it violates the C standard; a compiler cannot see that this as valid. To help the ++ * compiler out, the MALLOC_SIZEOF_SAFE macro 'allocates' the usable size using a dummy allocator function ++ * expand_to_usable. There is a possibility of malloc_usable_size() returning different values during the ++ * lifetime of an object, which may cause problems, but the glibc allocator does not do that at the moment. */ + #define MALLOC_SIZEOF_SAFE(x) \ +- MIN(malloc_usable_size(x), __builtin_object_size(x, 0)) ++ malloc_sizeof_safe((void**) &__builtin_choose_expr(__builtin_constant_p(x), (void*) { NULL }, (x))) + + /* Inspired by ELEMENTSOF() but operates on malloc()'ed memory areas: typesafely returns the number of items + * that fit into the specified memory block */ +-- +2.39.1 + diff --git a/0005-alloc-util-Disallow-inlining-of-expand_to_usable.patch b/0005-alloc-util-Disallow-inlining-of-expand_to_usable.patch new file mode 100644 index 0000000..0ab4473 --- /dev/null +++ b/0005-alloc-util-Disallow-inlining-of-expand_to_usable.patch @@ -0,0 +1,48 @@ +From e998c9d7c1a52ab02ff6e9c363c1cfe0b76cd6f4 Mon Sep 17 00:00:00 2001 +From: Siddhesh Poyarekar +Date: Sat, 7 Jan 2023 19:30:32 -0500 +Subject: [PATCH 5/5] alloc-util: Disallow inlining of expand_to_usable + +Explicitly set __attribute__ ((noinline)) so that the compiler does not +attempt to inline expand_to_usable, even with LTO. + +(cherry picked from commit 4f79f545b3c46c358666c9f5f2b384fe50aac4b4) +--- + src/basic/alloc-util.h | 7 ++++--- + src/fundamental/macro-fundamental.h | 1 + + 2 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/basic/alloc-util.h b/src/basic/alloc-util.h +index eb53aae6f3..bf783b15a2 100644 +--- a/src/basic/alloc-util.h ++++ b/src/basic/alloc-util.h +@@ -186,10 +186,11 @@ void* greedy_realloc0(void **p, size_t need, size_t size); + #endif + + /* Dummy allocator to tell the compiler that the new size of p is newsize. The implementation returns the +- * pointer as is; the only reason for its existence is as a conduit for the _alloc_ attribute. This cannot be +- * a static inline because gcc then loses the attributes on the function. ++ * pointer as is; the only reason for its existence is as a conduit for the _alloc_ attribute. This must not ++ * be inlined (hence a non-static function with _noinline_ because LTO otherwise tries to inline it) because ++ * gcc then loses the attributes on the function. + * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96503 */ +-void *expand_to_usable(void *p, size_t newsize) _alloc_(2) _returns_nonnull_; ++void *expand_to_usable(void *p, size_t newsize) _alloc_(2) _returns_nonnull_ _noinline_; + + static inline size_t malloc_sizeof_safe(void **xp) { + if (_unlikely_(!xp || !*xp)) +diff --git a/src/fundamental/macro-fundamental.h b/src/fundamental/macro-fundamental.h +index c11a5b15f4..e73174a593 100644 +--- a/src/fundamental/macro-fundamental.h ++++ b/src/fundamental/macro-fundamental.h +@@ -20,6 +20,7 @@ + #define _hidden_ __attribute__((__visibility__("hidden"))) + #define _likely_(x) (__builtin_expect(!!(x), 1)) + #define _malloc_ __attribute__((__malloc__)) ++#define _noinline_ __attribute__((noinline)) + #define _noreturn_ _Noreturn + #define _packed_ __attribute__((__packed__)) + #define _printf_(a, b) __attribute__((__format__(printf, a, b))) +-- +2.39.1 + diff --git a/systemd.spec b/systemd.spec index 555abb9..a48ae37 100644 --- a/systemd.spec +++ b/systemd.spec @@ -92,6 +92,12 @@ Patch0001: 0001-pam-align-second-and-third-columns.patch Patch0002: 0002-pam-add-a-call-to-pam_namespace.patch Patch0003: 0003-pam-actually-align-the-columns.patch +Patch0011: 0001-shared-install-Use-InstallChangeType-consistently.patch +Patch0012: 0002-journal-remote-code-is-of-type-enum-MHD_RequestTermi.patch +Patch0013: 0003-resolve-dns_server_feature_level_-_string-type-is-Dn.patch +Patch0014: 0004-Use-dummy-allocator-to-make-accesses-defined-as-per-.patch +Patch0015: 0005-alloc-util-Disallow-inlining-of-expand_to_usable.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0490: use-bfq-scheduler.patch From 903ce887fd7f15fed4a815487bd12698eb4e9af0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 25 Jan 2023 00:16:28 +0100 Subject: [PATCH 132/494] Version 253~rc1 - See https://raw.githubusercontent.com/systemd/systemd/v253-rc1/NEWS - New subpackages: systemd-repart-standalone, systemd-shutdown-standalone, and systemd-ukify. --- 0001-pam-align-second-and-third-columns.patch | 48 -------- ...l-Use-InstallChangeType-consistently.patch | 37 ------- ...ode-is-of-type-enum-MHD_RequestTermi.patch | 34 ------ 0002-pam-add-a-call-to-pam_namespace.patch | 41 ------- 0003-pam-actually-align-the-columns.patch | 47 -------- ...er_feature_level_-_string-type-is-Dn.patch | 31 ------ ...tor-to-make-accesses-defined-as-per-.patch | 104 ------------------ ...isallow-inlining-of-expand_to_usable.patch | 48 -------- sources | 2 +- split-files.py | 28 +++-- systemd.spec | 67 ++++++++--- 11 files changed, 69 insertions(+), 418 deletions(-) delete mode 100644 0001-pam-align-second-and-third-columns.patch delete mode 100644 0001-shared-install-Use-InstallChangeType-consistently.patch delete mode 100644 0002-journal-remote-code-is-of-type-enum-MHD_RequestTermi.patch delete mode 100644 0002-pam-add-a-call-to-pam_namespace.patch delete mode 100644 0003-pam-actually-align-the-columns.patch delete mode 100644 0003-resolve-dns_server_feature_level_-_string-type-is-Dn.patch delete mode 100644 0004-Use-dummy-allocator-to-make-accesses-defined-as-per-.patch delete mode 100644 0005-alloc-util-Disallow-inlining-of-expand_to_usable.patch diff --git a/0001-pam-align-second-and-third-columns.patch b/0001-pam-align-second-and-third-columns.patch deleted file mode 100644 index 8ab341b..0000000 --- a/0001-pam-align-second-and-third-columns.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 9efb224443d819b7d64ec76cb94c8aa625a8abf2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 23 Nov 2022 16:05:48 +0100 -Subject: [PATCH 1/2] pam: align second and third columns - -In our template file, we have jinja2 template markers, so the file -looks fairly messy. But once it's rendered, it looks pretty clean, except -that the columns are unaligned becuase of "-" in some lines in the first -column. Let's make them aligned. ---- - src/login/systemd-user.in | 18 +++++++++--------- - 1 file changed, 9 insertions(+), 9 deletions(-) - -diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in -index 39bcbd71fe..d5597d28cb 100644 ---- a/src/login/systemd-user.in -+++ b/src/login/systemd-user.in -@@ -4,18 +4,18 @@ - # Used by systemd --user instances. - - {% if ENABLE_HOMED %} ---account sufficient pam_systemd_home.so -+-account sufficient pam_systemd_home.so - {% endif %} --account sufficient pam_unix.so no_pass_expiry --account required pam_permit.so -+account sufficient pam_unix.so no_pass_expiry -+account required pam_permit.so - - {% if HAVE_SELINUX %} --session required pam_selinux.so close --session required pam_selinux.so nottys open -+session required pam_selinux.so close -+session required pam_selinux.so nottys open - {% endif %} --session required pam_loginuid.so --session optional pam_keyinit.so force revoke -+session required pam_loginuid.so -+session optional pam_keyinit.so force revoke - {% if ENABLE_HOMED %} ---session optional pam_systemd_home.so -+-session optional pam_systemd_home.so - {% endif %} --session optional pam_systemd.so -+session optional pam_systemd.so --- -2.38.1 - diff --git a/0001-shared-install-Use-InstallChangeType-consistently.patch b/0001-shared-install-Use-InstallChangeType-consistently.patch deleted file mode 100644 index 41ce82b..0000000 --- a/0001-shared-install-Use-InstallChangeType-consistently.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 2fdd12acd5c69bc952d9ca4d5ad796e6e830d21b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= -Date: Fri, 11 Nov 2022 15:34:32 +0000 -Subject: [PATCH 1/5] shared|install: Use InstallChangeType consistently - -gcc 13 -Wenum-int-mismatch, enabled by default, reminds us enum ! = int - -(cherry picked from commit 9264db1a0ac6034ab5b40ef3f5914d8dc7d77aba) ---- - src/shared/install.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/shared/install.h b/src/shared/install.h -index 9bb412ba06..0abc73897e 100644 ---- a/src/shared/install.h -+++ b/src/shared/install.h -@@ -197,7 +197,7 @@ int unit_file_exists(LookupScope scope, const LookupPaths *paths, const char *na - int unit_file_get_list(LookupScope scope, const char *root_dir, Hashmap *h, char **states, char **patterns); - Hashmap* unit_file_list_free(Hashmap *h); - --InstallChangeType install_changes_add(InstallChange **changes, size_t *n_changes, int type, const char *path, const char *source); -+InstallChangeType install_changes_add(InstallChange **changes, size_t *n_changes, InstallChangeType type, const char *path, const char *source); - void install_changes_free(InstallChange *changes, size_t n_changes); - void install_changes_dump(int r, const char *verb, const InstallChange *changes, size_t n_changes, bool quiet); - -@@ -224,7 +224,7 @@ UnitFileState unit_file_state_from_string(const char *s) _pure_; - /* from_string conversion is unreliable because of the overlap between -EPERM and -1 for error. */ - - const char *install_change_type_to_string(InstallChangeType t) _const_; --int install_change_type_from_string(const char *s) _pure_; -+InstallChangeType install_change_type_from_string(const char *s) _pure_; - - const char *unit_file_preset_mode_to_string(UnitFilePresetMode m) _const_; - UnitFilePresetMode unit_file_preset_mode_from_string(const char *s) _pure_; --- -2.39.1 - diff --git a/0002-journal-remote-code-is-of-type-enum-MHD_RequestTermi.patch b/0002-journal-remote-code-is-of-type-enum-MHD_RequestTermi.patch deleted file mode 100644 index 3a86af1..0000000 --- a/0002-journal-remote-code-is-of-type-enum-MHD_RequestTermi.patch +++ /dev/null @@ -1,34 +0,0 @@ -From b1b7667a44c4e8635b6d8dc070fb2446187fcdc5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= -Date: Fri, 11 Nov 2022 15:28:51 +0000 -Subject: [PATCH 2/5] journal-remote: code is of type enum - MHD_RequestTerminationCode - -Fixes gcc 13 -Wenum-int-mismatch which are enabled by default. - -(cherry picked from commit aa70dd624bff6280ab6f2871f62d313bdb1e1bcc) ---- - src/journal-remote/microhttpd-util.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/journal-remote/microhttpd-util.h b/src/journal-remote/microhttpd-util.h -index 7e7d1b56b1..df18335469 100644 ---- a/src/journal-remote/microhttpd-util.h -+++ b/src/journal-remote/microhttpd-util.h -@@ -64,11 +64,11 @@ void microhttpd_logger(void *arg, const char *fmt, va_list ap) _printf_(2, 0); - - int mhd_respondf(struct MHD_Connection *connection, - int error, -- unsigned code, -+ enum MHD_RequestTerminationCode code, - const char *format, ...) _printf_(4,5); - - int mhd_respond(struct MHD_Connection *connection, -- unsigned code, -+ enum MHD_RequestTerminationCode code, - const char *message); - - int mhd_respond_oom(struct MHD_Connection *connection); --- -2.39.1 - diff --git a/0002-pam-add-a-call-to-pam_namespace.patch b/0002-pam-add-a-call-to-pam_namespace.patch deleted file mode 100644 index 51564d9..0000000 --- a/0002-pam-add-a-call-to-pam_namespace.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0ef48896d9f23b9fd547a532a4e6e6b8f8b12901 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 23 Nov 2022 16:09:56 +0100 -Subject: [PATCH 2/2] pam: add a call to pam_namespace - -A call to pam_namespace is required so that children of user@.service end up in -a namespace as expected. pam_namespace gets called as part of the stack that -creates a session (login, sshd, gdm, etc.) and those processes end up in a -namespace, but it also needs to be called from our stack which is parallel and -descends from pid1 itself. - -The call to pam_namespace is similar to the call to pam_keyinit that was added -in ab79099d1684457d040ee7c28b2012e8c1ea9a4f. The pam stack for user@.service -creates a new session which is disconnected from the parent environment. Both -calls are not suitable for inclusion in the shared part of the stack (e.g. -@system-auth on Fedora/RHEL systems), because for example su/sudo/runuser -should not include them. - -Fixes #17043 (Allow to execute user service into dedicated namespace - if pam_namespace enabled) -Related to https://bugzilla.redhat.com/show_bug.cgi?id=1861836 -(Polyinstantiation is ignored/bypassed in GNOME sessions) ---- - src/login/systemd-user.in | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in -index d5597d28cb..06f7e36458 100644 ---- a/src/login/systemd-user.in -+++ b/src/login/systemd-user.in -@@ -15,6 +15,7 @@ session required pam_selinux.so nottys open - {% endif %} - session required pam_loginuid.so - session optional pam_keyinit.so force revoke -+session required pam_namespace.so - {% if ENABLE_HOMED %} - -session optional pam_systemd_home.so - {% endif %} --- -2.38.1 - diff --git a/0003-pam-actually-align-the-columns.patch b/0003-pam-actually-align-the-columns.patch deleted file mode 100644 index da4fcf2..0000000 --- a/0003-pam-actually-align-the-columns.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 369dfbf43a0064b70a774ccdd3dd1c1a09fd95ca Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 14 Dec 2022 22:23:31 +0100 -Subject: [PATCH 3/4] pam: actually align the columns - -In 9efb224443d819b7d64ec76cb94c8aa625a8abf2 was supposed to align -them, but for some reason I just added a second space everywhere. ---- - src/login/systemd-user.in | 18 +++++++++--------- - 1 file changed, 9 insertions(+), 9 deletions(-) - -diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in -index 06f7e36458..9a665bd959 100644 ---- a/src/login/systemd-user.in -+++ b/src/login/systemd-user.in -@@ -4,19 +4,19 @@ - # Used by systemd --user instances. - - {% if ENABLE_HOMED %} ---account sufficient pam_systemd_home.so -+-account sufficient pam_systemd_home.so - {% endif %} - account sufficient pam_unix.so no_pass_expiry --account required pam_permit.so -+account required pam_permit.so - - {% if HAVE_SELINUX %} --session required pam_selinux.so close --session required pam_selinux.so nottys open -+session required pam_selinux.so close -+session required pam_selinux.so nottys open - {% endif %} --session required pam_loginuid.so --session optional pam_keyinit.so force revoke --session required pam_namespace.so -+session required pam_loginuid.so -+session optional pam_keyinit.so force revoke -+session required pam_namespace.so - {% if ENABLE_HOMED %} ---session optional pam_systemd_home.so -+-session optional pam_systemd_home.so - {% endif %} --session optional pam_systemd.so -+session optional pam_systemd.so --- -2.38.1 - diff --git a/0003-resolve-dns_server_feature_level_-_string-type-is-Dn.patch b/0003-resolve-dns_server_feature_level_-_string-type-is-Dn.patch deleted file mode 100644 index d328854..0000000 --- a/0003-resolve-dns_server_feature_level_-_string-type-is-Dn.patch +++ /dev/null @@ -1,31 +0,0 @@ -From ba5f7915d25a400f0651bc9e8546a3ec6a738eaa Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= -Date: Fri, 11 Nov 2022 15:31:18 +0000 -Subject: [PATCH 3/5] resolve: dns_server_feature_level_*_string type is - DnsServerFeatureLevel - -gcc 13 -Wenum-int-mismatch reminds us that enum != int - -(cherry picked from commit e14afe31c3e8380496dc85b57103b2f648bc7d43) ---- - src/resolve/resolved-dns-server.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/resolve/resolved-dns-server.h b/src/resolve/resolved-dns-server.h -index be9efb0a79..f939b534c3 100644 ---- a/src/resolve/resolved-dns-server.h -+++ b/src/resolve/resolved-dns-server.h -@@ -44,8 +44,8 @@ typedef enum DnsServerFeatureLevel { - #define DNS_SERVER_FEATURE_LEVEL_IS_DNSSEC(x) ((x) >= DNS_SERVER_FEATURE_LEVEL_DO) - #define DNS_SERVER_FEATURE_LEVEL_IS_UDP(x) IN_SET(x, DNS_SERVER_FEATURE_LEVEL_UDP, DNS_SERVER_FEATURE_LEVEL_EDNS0, DNS_SERVER_FEATURE_LEVEL_DO) - --const char* dns_server_feature_level_to_string(int i) _const_; --int dns_server_feature_level_from_string(const char *s) _pure_; -+const char* dns_server_feature_level_to_string(DnsServerFeatureLevel i) _const_; -+DnsServerFeatureLevel dns_server_feature_level_from_string(const char *s) _pure_; - - struct DnsServer { - Manager *manager; --- -2.39.1 - diff --git a/0004-Use-dummy-allocator-to-make-accesses-defined-as-per-.patch b/0004-Use-dummy-allocator-to-make-accesses-defined-as-per-.patch deleted file mode 100644 index 516f45c..0000000 --- a/0004-Use-dummy-allocator-to-make-accesses-defined-as-per-.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 34b9eddfc12936917fab000b780a451d6277c2b4 Mon Sep 17 00:00:00 2001 -From: Siddhesh Poyarekar -Date: Tue, 13 Dec 2022 16:54:36 -0500 -Subject: [PATCH 4/5] Use dummy allocator to make accesses defined as per - standard - -systemd uses malloc_usable_size() everywhere to use memory blocks -obtained through malloc, but that is abuse since the -malloc_usable_size() interface isn't meant for this kind of use, it is -for diagnostics only. This is also why systemd behaviour is flaky when -built with _FORTIFY_SOURCE. - -One way to make this more standard (and hence safer) is to, at every -malloc_usable_size() call, also 'reallocate' the block so that the -compiler can see the larger size. This is done through a dummy -reallocator whose only purpose is to tell the compiler about the larger -usable size, it doesn't do any actual reallocation. - -Florian Weimer pointed out that this doesn't solve the problem of an -allocator potentially growing usable size at will, which will break the -implicit assumption in systemd use that the value returned remains -constant as long as the object is valid. The safest way to fix that is -for systemd to step away from using malloc_usable_size() like this. - -Resolves #22801. - -(cherry picked from commit 7929e180aa47a2692ad4f053afac2857d7198758) ---- - src/basic/alloc-util.c | 4 ++++ - src/basic/alloc-util.h | 38 ++++++++++++++++++++++++++++---------- - 2 files changed, 32 insertions(+), 10 deletions(-) - -diff --git a/src/basic/alloc-util.c b/src/basic/alloc-util.c -index b030f454b2..6063943c88 100644 ---- a/src/basic/alloc-util.c -+++ b/src/basic/alloc-util.c -@@ -102,3 +102,7 @@ void* greedy_realloc0( - - return q; - } -+ -+void *expand_to_usable(void *ptr, size_t newsize _unused_) { -+ return ptr; -+} -diff --git a/src/basic/alloc-util.h b/src/basic/alloc-util.h -index b38db7d473..eb53aae6f3 100644 ---- a/src/basic/alloc-util.h -+++ b/src/basic/alloc-util.h -@@ -2,6 +2,7 @@ - #pragma once - - #include -+#include - #include - #include - #include -@@ -184,17 +185,34 @@ void* greedy_realloc0(void **p, size_t need, size_t size); - # define msan_unpoison(r, s) - #endif - --/* This returns the number of usable bytes in a malloc()ed region as per malloc_usable_size(), in a way that -- * is compatible with _FORTIFY_SOURCES. If _FORTIFY_SOURCES is used many memory operations will take the -- * object size as returned by __builtin_object_size() into account. Hence, let's return the smaller size of -- * malloc_usable_size() and __builtin_object_size() here, so that we definitely operate in safe territory by -- * both the compiler's and libc's standards. Note that __builtin_object_size() evaluates to SIZE_MAX if the -- * size cannot be determined, hence the MIN() expression should be safe with dynamically sized memory, -- * too. Moreover, when NULL is passed malloc_usable_size() is documented to return zero, and -- * __builtin_object_size() returns SIZE_MAX too, hence we also return a sensible value of 0 in this corner -- * case. */ -+/* Dummy allocator to tell the compiler that the new size of p is newsize. The implementation returns the -+ * pointer as is; the only reason for its existence is as a conduit for the _alloc_ attribute. This cannot be -+ * a static inline because gcc then loses the attributes on the function. -+ * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96503 */ -+void *expand_to_usable(void *p, size_t newsize) _alloc_(2) _returns_nonnull_; -+ -+static inline size_t malloc_sizeof_safe(void **xp) { -+ if (_unlikely_(!xp || !*xp)) -+ return 0; -+ -+ size_t sz = malloc_usable_size(*xp); -+ *xp = expand_to_usable(*xp, sz); -+ /* GCC doesn't see the _returns_nonnull_ when built with ubsan, so yet another hint to make it doubly -+ * clear that expand_to_usable won't return NULL. -+ * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79265 */ -+ if (!*xp) -+ assert_not_reached(); -+ return sz; -+} -+ -+/* This returns the number of usable bytes in a malloc()ed region as per malloc_usable_size(), which may -+ * return a value larger than the size that was actually allocated. Access to that additional memory is -+ * discouraged because it violates the C standard; a compiler cannot see that this as valid. To help the -+ * compiler out, the MALLOC_SIZEOF_SAFE macro 'allocates' the usable size using a dummy allocator function -+ * expand_to_usable. There is a possibility of malloc_usable_size() returning different values during the -+ * lifetime of an object, which may cause problems, but the glibc allocator does not do that at the moment. */ - #define MALLOC_SIZEOF_SAFE(x) \ -- MIN(malloc_usable_size(x), __builtin_object_size(x, 0)) -+ malloc_sizeof_safe((void**) &__builtin_choose_expr(__builtin_constant_p(x), (void*) { NULL }, (x))) - - /* Inspired by ELEMENTSOF() but operates on malloc()'ed memory areas: typesafely returns the number of items - * that fit into the specified memory block */ --- -2.39.1 - diff --git a/0005-alloc-util-Disallow-inlining-of-expand_to_usable.patch b/0005-alloc-util-Disallow-inlining-of-expand_to_usable.patch deleted file mode 100644 index 0ab4473..0000000 --- a/0005-alloc-util-Disallow-inlining-of-expand_to_usable.patch +++ /dev/null @@ -1,48 +0,0 @@ -From e998c9d7c1a52ab02ff6e9c363c1cfe0b76cd6f4 Mon Sep 17 00:00:00 2001 -From: Siddhesh Poyarekar -Date: Sat, 7 Jan 2023 19:30:32 -0500 -Subject: [PATCH 5/5] alloc-util: Disallow inlining of expand_to_usable - -Explicitly set __attribute__ ((noinline)) so that the compiler does not -attempt to inline expand_to_usable, even with LTO. - -(cherry picked from commit 4f79f545b3c46c358666c9f5f2b384fe50aac4b4) ---- - src/basic/alloc-util.h | 7 ++++--- - src/fundamental/macro-fundamental.h | 1 + - 2 files changed, 5 insertions(+), 3 deletions(-) - -diff --git a/src/basic/alloc-util.h b/src/basic/alloc-util.h -index eb53aae6f3..bf783b15a2 100644 ---- a/src/basic/alloc-util.h -+++ b/src/basic/alloc-util.h -@@ -186,10 +186,11 @@ void* greedy_realloc0(void **p, size_t need, size_t size); - #endif - - /* Dummy allocator to tell the compiler that the new size of p is newsize. The implementation returns the -- * pointer as is; the only reason for its existence is as a conduit for the _alloc_ attribute. This cannot be -- * a static inline because gcc then loses the attributes on the function. -+ * pointer as is; the only reason for its existence is as a conduit for the _alloc_ attribute. This must not -+ * be inlined (hence a non-static function with _noinline_ because LTO otherwise tries to inline it) because -+ * gcc then loses the attributes on the function. - * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96503 */ --void *expand_to_usable(void *p, size_t newsize) _alloc_(2) _returns_nonnull_; -+void *expand_to_usable(void *p, size_t newsize) _alloc_(2) _returns_nonnull_ _noinline_; - - static inline size_t malloc_sizeof_safe(void **xp) { - if (_unlikely_(!xp || !*xp)) -diff --git a/src/fundamental/macro-fundamental.h b/src/fundamental/macro-fundamental.h -index c11a5b15f4..e73174a593 100644 ---- a/src/fundamental/macro-fundamental.h -+++ b/src/fundamental/macro-fundamental.h -@@ -20,6 +20,7 @@ - #define _hidden_ __attribute__((__visibility__("hidden"))) - #define _likely_(x) (__builtin_expect(!!(x), 1)) - #define _malloc_ __attribute__((__malloc__)) -+#define _noinline_ __attribute__((noinline)) - #define _noreturn_ _Noreturn - #define _packed_ __attribute__((__packed__)) - #define _printf_(a, b) __attribute__((__format__(printf, a, b))) --- -2.39.1 - diff --git a/sources b/sources index 0a5683d..e950fbd 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-252.4.tar.gz) = 007165a6ca0563e2fc9834179d502d3d5497c9d1b93c92a009f31a2e0d4a0b154bfa57eaf52b0c94243e09123b8184036a69c145be6efaa4baaffe687c1fd28e +SHA512 (systemd-253-rc1.tar.gz) = aaf0a6bf21bbc50a42015c9cb17f69d1aaf6cab6cabfba5140a94212fb864e38d638dace9a70447f62b4d2a817a0d3bd6f4ae8d9b3c2e741cdeb1cb332f70b65 diff --git a/split-files.py b/split-files.py index 783a284..c936843 100644 --- a/split-files.py +++ b/split-files.py @@ -17,6 +17,7 @@ def files(root): o_libs = open('.file-list-libs', 'w') o_udev = open('.file-list-udev', 'w') +o_ukify = open('.file-list-ukify', 'w') o_boot = open('.file-list-boot', 'w') o_pam = open('.file-list-pam', 'w') o_rpm_macros = open('.file-list-rpm-macros', 'w') @@ -27,8 +28,10 @@ o_oomd_defaults = open('.file-list-oomd-defaults', 'w') o_remote = open('.file-list-remote', 'w') o_resolve = open('.file-list-resolve', 'w') o_tests = open('.file-list-tests', 'w') +o_standalone_repart = open('.file-list-standalone-repart', 'w') o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w') o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w') +o_standalone_shutdown = open('.file-list-standalone-shutdown', 'w') o_main = open('.file-list-main', 'w') for file in files(buildroot): n = file.path[1:] @@ -53,12 +56,27 @@ for file in files(buildroot): /var(/cache|/log|/lib|/run|)$ ''', n, re.X): continue - if '/security/pam_' in n or '/man8/pam_' in n: + + if n.endswith('.standalone'): + if 'repart' in n: + o = o_standalone_repart + elif 'tmpfiles' in n: + o = o_standalone_tmpfiles + elif 'sysusers' in n: + o = o_standalone_sysusers + elif 'shutdown' in n: + o = o_standalone_shutdown + else: + assert False, 'Found .standalone not belonging to known packages' + + elif '/security/pam_' in n or '/man8/pam_' in n: o = o_pam elif '/rpm/' in n: o = o_rpm_macros elif '/usr/lib/systemd/tests' in n: o = o_tests + elif 'ukify' in n: + o = o_ukify elif re.search(r'/libsystemd-(shared|core)-.*\.so$', n): o = o_main elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n): @@ -160,14 +178,6 @@ for file in files(buildroot): elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X): o = o_oomd_defaults - elif n.endswith('.standalone'): - if 'tmpfiles' in n: - o = o_standalone_tmpfiles - elif 'sysusers' in n: - o = o_standalone_sysusers - else: - assert False, 'Found .standalone not belonging to known packages' - else: o = o_main diff --git a/systemd.spec b/systemd.spec index a48ae37..4d7ec7c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,7 +1,7 @@ #global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} -%global stable 1 +#global stable 1 # We ship a .pc file but don't want to have a dep on pkg-config. We # strip the automatically generated dep here and instead co-own the @@ -30,7 +30,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 252.4 +Version: 253~rc1 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -88,15 +88,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. -Patch0001: 0001-pam-align-second-and-third-columns.patch -Patch0002: 0002-pam-add-a-call-to-pam_namespace.patch -Patch0003: 0003-pam-actually-align-the-columns.patch - -Patch0011: 0001-shared-install-Use-InstallChangeType-consistently.patch -Patch0012: 0002-journal-remote-code-is-of-type-enum-MHD_RequestTermi.patch -Patch0013: 0003-resolve-dns_server_feature_level_-_string-type-is-Dn.patch -Patch0014: 0004-Use-dummy-allocator-to-make-accesses-defined-as-per-.patch -Patch0015: 0005-alloc-util-Disallow-inlining-of-expand_to_usable.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -160,8 +151,13 @@ BuildRequires: gawk BuildRequires: tree BuildRequires: hostname BuildRequires: python3 -BuildRequires: python3dist(lxml) +BuildRequires: python3-devel BuildRequires: python3dist(jinja2) +BuildRequires: python3dist(lxml) +BuildRequires: python3dist(pefile) +BuildRequires: python3dist(pillow) +BuildRequires: python3dist(zstd) +# gzip and lzma are provided by the stdlib BuildRequires: firewalld-filesystem %if 0%{?have_gnu_efi} BuildRequires: gnu-efi gnu-efi-devel @@ -357,6 +353,16 @@ It also contains tools to manage encrypted home areas and secrets bound to the machine, and to create or grow partitions and make file systems automatically. %if 0%{?have_gnu_efi} +%package ukify +Summary: Tool to build Unified Kernel Images +Requires: %{name} = %{version}-%{release} +BuildArch: noarch + +%description ukify +This package provides ukify, a script that combines a kernel image, an initrd, +with a command line, and possibly PCR measurements and other metadata, into a +Unified Kernel Image (UKI). + %package boot-unsigned Summary: UEFI boot manager (unsigned version) @@ -458,25 +464,45 @@ License: LGPLv2+ "Installed tests" that are usually run as part of the build system. They can be useful to test systemd internals. +%package standalone-repart +Summary: Standalone systemd-repart binary for use on systems without systemd +Provides: %{name}-tmpfiles = %{version}-%{release} +RemovePathPostfixes: .standalone + +%description standalone-repart +Standalone systemd-repart binary with no dependencies on the systemd-shared library or +other libraries from systemd-libs. This package conflicts with the main systemd +package and is meant for use on systems without systemd. + %package standalone-tmpfiles -Summary: Standalone tmpfiles binary for use in non-systemd systems +Summary: Standalone systemd-tmpfiles binary for use on systems without systemd Provides: %{name}-tmpfiles = %{version}-%{release} RemovePathPostfixes: .standalone %description standalone-tmpfiles -Standalone tmpfiles binary with no dependencies on the systemd-shared library or +Standalone systemd-tmpfiles binary with no dependencies on the systemd-shared library or other libraries from systemd-libs. This package conflicts with the main systemd -package and is meant for use in non-systemd systems. +package and is meant for use on systems without systemd. %package standalone-sysusers -Summary: Standalone sysusers binary for use in non-systemd systems +Summary: Standalone systemd-sysusers binary for use on systems without systemd Provides: %{name}-sysusers = %{version}-%{release} RemovePathPostfixes: .standalone %description standalone-sysusers -Standalone sysusers binary with no dependencies on the systemd-shared library or +Standalone systemd-sysusers binary with no dependencies on the systemd-shared library or other libraries from systemd-libs. This package conflicts with the main systemd -package and is meant for use in non-systemd systems. +package and is meant for use on systems without systemd. + +%package standalone-shutdown +Summary: Standalone systemd-shutdown binary for use on systems without systemd +Provides: %{name}-sysusers = %{version}-%{release} +RemovePathPostfixes: .standalone + +%description standalone-shutdown +Standalone systemd-shutdown binary with no dependencies on the systemd-shared library or +other libraries from systemd-libs. This package conflicts with the main systemd +package and is meant for use in exitrds. %prep %autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1 @@ -1025,6 +1051,7 @@ fi %files udev -f .file-list-udev %if 0%{?have_gnu_efi} +%files ukify -f .file-list-ukify %files boot-unsigned -f .file-list-boot %endif @@ -1039,9 +1066,13 @@ fi %files tests -f .file-list-tests +%files standalone-repart -f .file-list-standalone-repart + %files standalone-tmpfiles -f .file-list-standalone-tmpfiles %files standalone-sysusers -f .file-list-standalone-sysusers +%files standalone-shutdown -f .file-list-standalone-shutdown + %changelog %autochangelog From 58eb55671df27fb73660454aa773d9c7b563fbfc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 25 Jan 2023 08:51:13 +0100 Subject: [PATCH 133/494] Add Requires on Python modules to systemd-ukify and Recommends for libp11-kit --- systemd.spec | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 4d7ec7c..fc91a81 100644 --- a/systemd.spec +++ b/systemd.spec @@ -324,8 +324,9 @@ Recommends: libdw.so.1(ELFUTILS_0.186)%{?elf_bits} Recommends: libelf.so.1%{?elf_suffix} Recommends: libelf.so.1(ELFUTILS_1.7)%{?elf_bits} -# used by home, cryptsetup, cryptenroll +# used by home, cryptsetup, cryptenroll, logind Recommends: libfido2.so.1%{?elf_suffix} +Recommends: libp11-kit.so.0%{?elf_suffix} Recommends: libtss2-esys.so.0%{?elf_suffix} Recommends: libtss2-mu.so.0%{?elf_suffix} Recommends: libtss2-rc.so.0%{?elf_suffix} @@ -356,6 +357,15 @@ machine, and to create or grow partitions and make file systems automatically. %package ukify Summary: Tool to build Unified Kernel Images Requires: %{name} = %{version}-%{release} + +# We prefer llvm-objcopy over objcopy. +Requires: (llvm or binutils) +Recommends: llvm + +Requires: python3dist(pefile) +Requires: python3dist(zstd) +Recommends: python3dist(pillow) + BuildArch: noarch %description ukify From efa3d301b9784b3e1f4ce3307086cff9c4dc761e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 26 Jan 2023 11:14:15 +0100 Subject: [PATCH 134/494] Reenable systemd-journald-audit.socket after upgrades ... (rhbz#2164594) The socket exists and is enabled in the initrd. After switch-root, the system goes into an infinite loop trying to stop the socket while incoming audit messages trigger start jobs for the socket. This is a bug in the transaction logic, that'll need to be fixed separately. We need to preset the socket after the upgrade so that it remains enabled by default. This should fix the boot issue, though it's not a complete fix, because we actually want to allow people to disable the socket. On initial install, the socket is covered by preset-all and gets enabled. --- systemd.spec | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index fc91a81..f3a3ddd 100644 --- a/systemd.spec +++ b/systemd.spec @@ -876,11 +876,17 @@ if systemctl -q is-enabled systemd-resolved.service &>/dev/null; then systemctl start systemd-resolved.service &>/dev/null || : fi -%triggerpostun -- systemd < 247.3-2 +%triggerun -- systemd < 247.3-2 # This is for upgrades from previous versions before oomd-defaults is available. +systemctl --no-reload preset systemd-oomd.service &>/dev/null || : + +%triggerpostun -- systemd < 253~rc1-2 +# This is for upgrades from previous versions where systemd-journald-audit.socket +# had a static enablement symlink. # We use %%triggerpostun here because rpm doesn't allow a second %%triggerun with # a different package version. -systemctl --no-reload preset systemd-oomd.service &>/dev/null || : +systemctl --no-reload preset systemd-journald-audit.socket &>/dev/null || : + %global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service %{?have_gnu_efi:systemd-boot-update.service} From 189f5d16f42fc3f6cd35ec525cf99289cda5c08f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 27 Jan 2023 14:25:59 +0100 Subject: [PATCH 135/494] Add a new provides with just the version [skip changelog] --- systemd.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systemd.spec b/systemd.spec index f3a3ddd..ae1dd1c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -379,6 +379,9 @@ Summary: UEFI boot manager (unsigned version) Provides: systemd-boot-unsigned-%{efi_arch} = %version-%release Provides: systemd-boot = %version-%release Provides: systemd-boot%{_isa} = %version-%release +# A provides with just the version, no release or dist, used to build systemd-boot +Provides: version(systemd-boot-unsigned) = %version +Provides: version(systemd-boot-unsigned)%{_isa} = %version # self-obsoletes to install both packages after split of systemd-boot Obsoletes: systemd-udev < 252.2^ From 3c935dd203671ecf1d00fad7dc4a6eac25a46b13 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Wed, 1 Feb 2023 20:14:52 -0500 Subject: [PATCH 136/494] Build with xen only on Fedora --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index ae1dd1c..053ef4a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -177,10 +177,12 @@ BuildRequires: bpftool %global have_bpf 1 %endif +%if 0%{?fedora} %ifarch x86_64 aarch64 # That package is only built for those two architectures BuildRequires: xen-devel %endif +%endif Requires(post): coreutils Requires(post): grep From ba48b518172bad574402b706d36e81c9b6fc005f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 28 Jan 2023 20:44:42 +0100 Subject: [PATCH 137/494] BuildRequire pytest This is needed to run ukify tests. They were skipped because pytest was not available. [skip changelog] --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index 053ef4a..9bfea0f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -156,6 +156,7 @@ BuildRequires: python3dist(jinja2) BuildRequires: python3dist(lxml) BuildRequires: python3dist(pefile) BuildRequires: python3dist(pillow) +BuildRequires: python3dist(pytest) BuildRequires: python3dist(zstd) # gzip and lzma are provided by the stdlib BuildRequires: firewalld-filesystem From 708a09cead1078e86ff18026979202220fc1cf0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 2 Feb 2023 20:40:31 +0100 Subject: [PATCH 138/494] Version 253~rc2 - Sysusers fixup (rhbz#2156900) + other small changes --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index e950fbd..c660072 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-253-rc1.tar.gz) = aaf0a6bf21bbc50a42015c9cb17f69d1aaf6cab6cabfba5140a94212fb864e38d638dace9a70447f62b4d2a817a0d3bd6f4ae8d9b3c2e741cdeb1cb332f70b65 +SHA512 (systemd-253-rc2.tar.gz) = d0c1de06d7bfec2d1506b8f2be46c71afe731f407e5ec2698842d95f875a8ffb63bf5f4393a008c42f926256439a3967e2f1ea6bc07d96c6d38d95a1aba9f98f diff --git a/systemd.spec b/systemd.spec index 9bfea0f..a8d0605 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 253~rc1 +Version: 253~rc2 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From ba02e904964116b848080ca72243174f4ef3eced Mon Sep 17 00:00:00 2001 From: Michael Catanzaro Date: Thu, 2 Feb 2023 20:46:37 +0100 Subject: [PATCH 139/494] Shorten shutdown timeout to 45 s --- systemd.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systemd.spec b/systemd.spec index a8d0605..66ffe86 100644 --- a/systemd.spec +++ b/systemd.spec @@ -602,6 +602,9 @@ CONFIGURE_OPTS=( -Ddefault-llmnr=resolve # https://bugzilla.redhat.com/show_bug.cgi?id=2028169 -Dstatus-unit-format-default=combined + # https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer + -Ddefault-timeout-sec=45 + -Ddefault-user-timeout-sec=45 -Doomd=true -Dadm-gid=4 -Daudio-gid=63 From aff167152e212917343760f010587ddbac038761 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Thu, 2 Feb 2023 18:09:03 +0100 Subject: [PATCH 140/494] add "98-default-mac-none.link" to keep default MAC address of bridge/bond/team https://bugzilla.redhat.com/show_bug.cgi?id=2107754 https://fedoraproject.org/wiki/Changes/MAC_Address_Policy_none https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/FZGH473ZUGPXK2E3GOEQ5TBLJ62FYJBC/ --- 98-default-mac-none.link | 20 ++++++++++++++++++++ split-files.py | 1 + systemd.spec | 5 +++++ 3 files changed, 26 insertions(+) create mode 100644 98-default-mac-none.link diff --git a/98-default-mac-none.link b/98-default-mac-none.link new file mode 100644 index 0000000..ba44487 --- /dev/null +++ b/98-default-mac-none.link @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: MIT-0 +# +# This config file is installed as part of systemd. +# It may be freely copied and edited (following the MIT No Attribution license). +# +# To make local modifications, one of the following methods may be used: +# 1. add a drop-in file that extends this file by creating the +# /etc/systemd/network/99-default.link.d/ directory and creating a +# new .conf file there. +# 2. copy this file into /etc/systemd/network or one of the other paths checked +# by systemd-udevd and edit it there. +# This file should not be edited in place, because it'll be overwritten on upgrades. + +[Match] +Kind=bridge bond team + +[Link] +NamePolicy=keep kernel database onboard slot path +AlternativeNamesPolicy=database onboard slot path +MACAddressPolicy=none diff --git a/split-files.py b/split-files.py index c936843..b8def0a 100644 --- a/split-files.py +++ b/split-files.py @@ -138,6 +138,7 @@ for file in files(buildroot): pstore| sleep|suspend|hibernate| systemd-tmpfiles-setup-dev| + network/98-default-mac-none.link| network/99-default.link| growfs|makefs|makeswap|mkswap| fsck| diff --git a/systemd.spec b/systemd.spec index 66ffe86..97129de 100644 --- a/systemd.spec +++ b/systemd.spec @@ -76,6 +76,8 @@ Source22: sysusers.attr Source23: sysusers.prov Source24: sysusers.generate-pre.sh +Source25: 98-default-mac-none.link + %if 0 GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip @@ -741,6 +743,9 @@ install -Dm0644 -t %{buildroot}%{system_unit_dir}/user-.slice.d/ %{SOURCE15} install -Dm0644 -t %{buildroot}%{system_unit_dir}/system.slice.d/ %{SOURCE15} install -Dm0644 -t %{buildroot}%{user_unit_dir}/slice.d/ %{SOURCE15} +# https://bugzilla.redhat.com/show_bug.cgi?id=2107754 +install -Dm0664 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25} + sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/macros.d/ %{SOURCE21} From eb6fe37e3cdf907e3a5fad520d9abbb520a3edba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 8 Feb 2023 12:31:21 +0100 Subject: [PATCH 141/494] Update License to SPDX --- systemd.spec | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/systemd.spec b/systemd.spec index 97129de..298cbb4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -38,7 +38,7 @@ Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/- Release: %autorelease # For a breakdown of the licensing, see README -License: LGPLv2+ and MIT and GPLv2+ +License: LGPL-2.1-or-later and MIT and GPL-2.0-or-later Summary: System and Service Manager # download tarballs with "spectool -g systemd.spec" @@ -259,7 +259,7 @@ This package was built from the %{version}-stable branch of systemd. %package libs Summary: systemd libraries -License: LGPLv2+ and MIT +License: LGPL-2.1-or-later and MIT Obsoletes: libudev < 183 Obsoletes: systemd < 185-4 Conflicts: systemd < 185-4 @@ -291,7 +291,7 @@ for information how to use those macros. %package devel Summary: Development headers for systemd -License: LGPLv2+ and MIT +License: LGPL-2.1-or-later and MIT Requires: %{name}-libs%{_isa} = %{version}-%{release} Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) Provides: libudev-devel = %{version} @@ -304,7 +304,7 @@ to libudev or libsystemd. %package udev Summary: Rule-based device node and kernel event manager -License: LGPLv2+ +License: LGPL-2.1-or-later Requires: systemd%{_isa} = %{version}-%{release} Requires(post): systemd @@ -411,7 +411,7 @@ Requires(postun): systemd Obsoletes: %{name} < 229-5 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) Suggests: libcurl-minimal -License: LGPLv2+ +License: LGPL-2.1-or-later %description container Systemd tools to spawn and manage containers and virtual machines. @@ -423,7 +423,7 @@ systemd-importd. # Name is the same as in Debian Summary: Tools to send journal events over the network Requires: %{name}%{_isa} = %{version}-%{release} -License: LGPLv2+ +License: LGPL-2.1-or-later Requires: firewalld-filesystem Provides: %{name}-journal-gateway = %{version}-%{release} Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} @@ -441,7 +441,7 @@ systemd-journal-upload. %package networkd Summary: System daemon that manages network configurations Requires: %{name}%{_isa} = %{version}-%{release} -License: LGPLv2+ +License: LGPL-2.1-or-later # https://src.fedoraproject.org/rpms/systemd/pull-request/34 Obsoletes: systemd < 246.6-2 @@ -466,7 +466,7 @@ resolver, as well as an LLMNR and MulticastDNS resolver and responder. %package oomd-defaults Summary: Configuration files for systemd-oomd Requires: %{name} = %{version}-%{release} -License: LGPLv2+ +License: LGPL-2.1-or-later BuildArch: noarch %description oomd-defaults @@ -476,7 +476,7 @@ a userspace out-of-memory (OOM) killer. %package tests Summary: Internal unit tests for systemd Requires: %{name}%{_isa} = %{version}-%{release} -License: LGPLv2+ +License: LGPL-2.1-or-later %description tests "Installed tests" that are usually run as part of the build system. They can be From 0dfb1a37e184d1d33b2f5ca9161d7dd84c6850dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 8 Feb 2023 12:38:11 +0100 Subject: [PATCH 142/494] Use proper capitalization in license string [skip changelog] --- systemd.spec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index 298cbb4..37ede1d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -38,7 +38,7 @@ Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/- Release: %autorelease # For a breakdown of the licensing, see README -License: LGPL-2.1-or-later and MIT and GPL-2.0-or-later +License: LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later Summary: System and Service Manager # download tarballs with "spectool -g systemd.spec" @@ -259,7 +259,7 @@ This package was built from the %{version}-stable branch of systemd. %package libs Summary: systemd libraries -License: LGPL-2.1-or-later and MIT +License: LGPL-2.1-or-later AND MIT Obsoletes: libudev < 183 Obsoletes: systemd < 185-4 Conflicts: systemd < 185-4 @@ -291,7 +291,7 @@ for information how to use those macros. %package devel Summary: Development headers for systemd -License: LGPL-2.1-or-later and MIT +License: LGPL-2.1-or-later AND MIT Requires: %{name}-libs%{_isa} = %{version}-%{release} Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) Provides: libudev-devel = %{version} From 8eea43e7149ba2f23062995d3bf83ebab0271274 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 8 Feb 2023 16:39:45 +0100 Subject: [PATCH 143/494] Disable systemd-boot-update.service in presets --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index 37ede1d..ba70299 100644 --- a/systemd.spec +++ b/systemd.spec @@ -525,6 +525,10 @@ package and is meant for use in exitrds. %prep %autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1 +# We want to update sd-boot from packaging scriptlets after package update. +# Let's disable the service. +sed -r -i '/^enable systemd-boot-update.service/d' presets/90-systemd.preset + %build %global ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} From b642986a8479453cf07e748fd21f4a6c41a519d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 9 Feb 2023 22:55:13 +0100 Subject: [PATCH 144/494] Revert patch switch causes problems for 'systemctl isolate' ... (rhbz#2165692) --- ...plement-Type-notify-reload-protocol-.patch | 59 +++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 0001-Revert-logind-implement-Type-notify-reload-protocol-.patch diff --git a/0001-Revert-logind-implement-Type-notify-reload-protocol-.patch b/0001-Revert-logind-implement-Type-notify-reload-protocol-.patch new file mode 100644 index 0000000..5645365 --- /dev/null +++ b/0001-Revert-logind-implement-Type-notify-reload-protocol-.patch @@ -0,0 +1,59 @@ +From 6c7346b579898f9017ec98e62bfc6454a427ab05 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 9 Feb 2023 22:37:01 +0100 +Subject: [PATCH] Revert "logind: implement Type=notify-reload protocol + properly" + +This reverts commit 5d71e463f49518c7702467f6145484afa31bf8ba. + +It turns out that this commit caused a noticable change in behaviour for +'systemctl isolate graphical.target' in Fedora, as found by git bisect. +Reverting on top of current git also restores behaviour from v252. I don't have +time to analyze this right now, so this is a quick revert to unblock Fedora +and possibly allow us to release v253 in case a full solution is harder. + +Fixes #26364. +--- + src/login/logind.c | 6 ------ + units/systemd-logind.service.in | 1 - + 2 files changed, 7 deletions(-) + +diff --git a/src/login/logind.c b/src/login/logind.c +index 1feacd3601..def2f5a442 100644 +--- a/src/login/logind.c ++++ b/src/login/logind.c +@@ -1020,11 +1020,6 @@ static int manager_dispatch_reload_signal(sd_event_source *s, const struct signa + Manager *m = userdata; + int r; + +- (void) sd_notifyf(/* unset= */ false, +- "RELOADING=1\n" +- "STATUS=Reloading configuration...\n" +- "MONOTONIC_USEC=" USEC_FMT, now(CLOCK_MONOTONIC)); +- + manager_reset_config(m); + r = manager_parse_config_file(m); + if (r < 0) +@@ -1032,7 +1027,6 @@ static int manager_dispatch_reload_signal(sd_event_source *s, const struct signa + else + log_info("Config file reloaded."); + +- (void) sd_notify(/* unset= */ false, NOTIFY_READY); + return 0; + } + +diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in +index 24f5ddaa17..042ea75d7a 100644 +--- a/units/systemd-logind.service.in ++++ b/units/systemd-logind.service.in +@@ -58,7 +58,6 @@ StateDirectory=systemd/linger + SystemCallArchitectures=native + SystemCallErrorNumber=EPERM + SystemCallFilter=@system-service +-Type=notify-reload + {{SERVICE_WATCHDOG}} + + # Increase the default a bit in order to allow many simultaneous logins since +-- +2.39.1 + From 4f23aac033639209d47fb0fcedb7804bac490461 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 10 Feb 2023 18:56:26 +0100 Subject: [PATCH 145/494] Version 253-rc3 - A bunch of bugfixes for regressions, some documentation and bug fixes too. - Really fix rhbz#2165692 (previous build carried an unapplied patch). --- ...plement-Type-notify-reload-protocol-.patch | 59 ------------------- sources | 2 +- systemd.spec | 2 +- 3 files changed, 2 insertions(+), 61 deletions(-) delete mode 100644 0001-Revert-logind-implement-Type-notify-reload-protocol-.patch diff --git a/0001-Revert-logind-implement-Type-notify-reload-protocol-.patch b/0001-Revert-logind-implement-Type-notify-reload-protocol-.patch deleted file mode 100644 index 5645365..0000000 --- a/0001-Revert-logind-implement-Type-notify-reload-protocol-.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 6c7346b579898f9017ec98e62bfc6454a427ab05 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 9 Feb 2023 22:37:01 +0100 -Subject: [PATCH] Revert "logind: implement Type=notify-reload protocol - properly" - -This reverts commit 5d71e463f49518c7702467f6145484afa31bf8ba. - -It turns out that this commit caused a noticable change in behaviour for -'systemctl isolate graphical.target' in Fedora, as found by git bisect. -Reverting on top of current git also restores behaviour from v252. I don't have -time to analyze this right now, so this is a quick revert to unblock Fedora -and possibly allow us to release v253 in case a full solution is harder. - -Fixes #26364. ---- - src/login/logind.c | 6 ------ - units/systemd-logind.service.in | 1 - - 2 files changed, 7 deletions(-) - -diff --git a/src/login/logind.c b/src/login/logind.c -index 1feacd3601..def2f5a442 100644 ---- a/src/login/logind.c -+++ b/src/login/logind.c -@@ -1020,11 +1020,6 @@ static int manager_dispatch_reload_signal(sd_event_source *s, const struct signa - Manager *m = userdata; - int r; - -- (void) sd_notifyf(/* unset= */ false, -- "RELOADING=1\n" -- "STATUS=Reloading configuration...\n" -- "MONOTONIC_USEC=" USEC_FMT, now(CLOCK_MONOTONIC)); -- - manager_reset_config(m); - r = manager_parse_config_file(m); - if (r < 0) -@@ -1032,7 +1027,6 @@ static int manager_dispatch_reload_signal(sd_event_source *s, const struct signa - else - log_info("Config file reloaded."); - -- (void) sd_notify(/* unset= */ false, NOTIFY_READY); - return 0; - } - -diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in -index 24f5ddaa17..042ea75d7a 100644 ---- a/units/systemd-logind.service.in -+++ b/units/systemd-logind.service.in -@@ -58,7 +58,6 @@ StateDirectory=systemd/linger - SystemCallArchitectures=native - SystemCallErrorNumber=EPERM - SystemCallFilter=@system-service --Type=notify-reload - {{SERVICE_WATCHDOG}} - - # Increase the default a bit in order to allow many simultaneous logins since --- -2.39.1 - diff --git a/sources b/sources index c660072..e3f80b1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-253-rc2.tar.gz) = d0c1de06d7bfec2d1506b8f2be46c71afe731f407e5ec2698842d95f875a8ffb63bf5f4393a008c42f926256439a3967e2f1ea6bc07d96c6d38d95a1aba9f98f +SHA512 (systemd-253-rc3.tar.gz) = 1e2e9a08a1066a9699d0cb87f44718a0add54b283fbedac945893cb59ffb4653b8084270ee686fb64e44e3143f7e004de7bc33e5d698b71c01bd0e1b8d4eb21d diff --git a/systemd.spec b/systemd.spec index ba70299..48051d7 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 253~rc2 +Version: 253~rc3 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 296e35b05451e858ecb042ce36e4fbd229c1c257 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 20 Feb 2023 21:07:32 +0100 Subject: [PATCH 146/494] Version 253 ... (mostly some documentation fixes since -rc3). --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index e3f80b1..1294e1e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-253-rc3.tar.gz) = 1e2e9a08a1066a9699d0cb87f44718a0add54b283fbedac945893cb59ffb4653b8084270ee686fb64e44e3143f7e004de7bc33e5d698b71c01bd0e1b8d4eb21d +SHA512 (systemd-253.tar.gz) = 3bbc431a292ab590b70d3b490a528f71d30ccf478ddfa66d1c210f40c260ef49ac30651c19f2d073acf38d68398a4a6fbf95391f0e3ea0333d94b9d4e81d514f diff --git a/systemd.spec b/systemd.spec index 48051d7..f9909ba 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 253~rc3 +Version: 253 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 4bdd16eba5c409a5aa0afcc16f6e284f20793e06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 21 Feb 2023 11:06:27 +0100 Subject: [PATCH 147/494] Add workaround patch for dracut generator issue ... (rhbz#2164404) --- 26494.patch | 30 ++++++++++++++++++++++++++++++ systemd.spec | 3 +++ 2 files changed, 33 insertions(+) create mode 100644 26494.patch diff --git a/26494.patch b/26494.patch new file mode 100644 index 0000000..19bc67b --- /dev/null +++ b/26494.patch @@ -0,0 +1,30 @@ +From 6b25470ee28843a49c50442e9d8a98edc842ceca Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 20 Feb 2023 12:00:30 +0900 +Subject: [PATCH] core/manager: run generators directly when we are in initrd + +Some initrd system write files at ourside of /run, /etc, or other +allowed places. This is a kind of workaround, but in most cases, such +sandboxing is not necessary as the filesystem is on ramfs when we are in +initrd. + +Fixes #26488. +--- + src/core/manager.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 7b394794b0d4..306477c6e6c2 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -3822,8 +3822,8 @@ static int manager_run_generators(Manager *m) { + /* If we are the system manager, we fork and invoke the generators in a sanitized mount namespace. If + * we are the user manager, let's just execute the generators directly. We might not have the + * necessary privileges, and the system manager has already mounted /tmp/ and everything else for us. +- */ +- if (MANAGER_IS_USER(m)) { ++ * If we are in initrd, let's also execute the generators directly, as we are in ramfs. */ ++ if (MANAGER_IS_USER(m) || in_initrd()) { + r = manager_execute_generators(m, paths, /* remount_ro= */ false); + goto finish; + } diff --git a/systemd.spec b/systemd.spec index f9909ba..9687ff4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -90,6 +90,9 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. +# https://github.com/systemd/systemd/issues/26488 +# https://bugzilla.redhat.com/show_bug.cgi?id=2164404 +Patch0001: https://patch-diff.githubusercontent.com/raw/systemd/systemd/pull/26494.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From 0104b2cfb355025c78553ff61157223423013ec2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 21 Feb 2023 11:14:00 +0100 Subject: [PATCH 148/494] Backport patch for container compatibility ... (rhbz#2165004) --- 26478.patch | 46 ++++++++++++++++++++++++++++++++++++++++++++++ systemd.spec | 4 ++++ 2 files changed, 50 insertions(+) create mode 100644 26478.patch diff --git a/26478.patch b/26478.patch new file mode 100644 index 0000000..98f980c --- /dev/null +++ b/26478.patch @@ -0,0 +1,46 @@ +From e7662d18a14588740c245d10027e2c42a0a21c0e Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sun, 19 Feb 2023 02:42:52 +0900 +Subject: [PATCH] core/manager: falling back to execute generators without + sandboxing + +When running in a container, like podman, docker or so, creating new mount +namespace may be disabled. + +Fixes #26474. +Fixes RHBZ#2165004 (https://bugzilla.redhat.com/show_bug.cgi?id=2165004). +--- + src/core/manager.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 7b394794b0d4..380a4e30d7af 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -3829,12 +3829,25 @@ static int manager_run_generators(Manager *m) { + } + + r = safe_fork("(sd-gens)", +- FORK_RESET_SIGNALS | FORK_LOG | FORK_WAIT | FORK_NEW_MOUNTNS | FORK_MOUNTNS_SLAVE | FORK_PRIVATE_TMP, ++ FORK_RESET_SIGNALS | FORK_WAIT | FORK_NEW_MOUNTNS | FORK_MOUNTNS_SLAVE | FORK_PRIVATE_TMP, + NULL); + if (r == 0) { + r = manager_execute_generators(m, paths, /* remount_ro= */ true); + _exit(r >= 0 ? EXIT_SUCCESS : EXIT_FAILURE); + } ++ if (r < 0) { ++ if (!ERRNO_IS_PRIVILEGE(r)) { ++ log_error_errno(r, "Failed to fork off sandboxing environment for executing generators: %m"); ++ goto finish; ++ } ++ ++ /* Failed to fork with new mount namespace? Maybe, running in a container environment with ++ * seccomp or without capability. */ ++ log_debug_errno(r, ++ "Failed to fork off sandboxing environment for executing generators. " ++ "Falling back to execute generators without sandboxing: %m"); ++ r = manager_execute_generators(m, paths, /* remount_ro= */ false); ++ } + + finish: + lookup_paths_trim_generator(&m->lookup_paths); diff --git a/systemd.spec b/systemd.spec index 9687ff4..16b7972 100644 --- a/systemd.spec +++ b/systemd.spec @@ -94,6 +94,10 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 Patch0001: https://patch-diff.githubusercontent.com/raw/systemd/systemd/pull/26494.patch +# https://github.com/systemd/systemd/issues/26474 +# https://bugzilla.redhat.com/show_bug.cgi?id=2165004 +Patch0002: https://patch-diff.githubusercontent.com/raw/systemd/systemd/pull/26478.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0490: use-bfq-scheduler.patch From cfc2c60978f4efad52609ba2fe869f1823bac357 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 20 Feb 2023 22:27:04 -0500 Subject: [PATCH 149/494] fix comment instructions for 98-default-mac-none.link Fixup for aff1671. --- 98-default-mac-none.link | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/98-default-mac-none.link b/98-default-mac-none.link index ba44487..8440f98 100644 --- a/98-default-mac-none.link +++ b/98-default-mac-none.link @@ -5,7 +5,7 @@ # # To make local modifications, one of the following methods may be used: # 1. add a drop-in file that extends this file by creating the -# /etc/systemd/network/99-default.link.d/ directory and creating a +# /etc/systemd/network/98-default-mac-none.link.d/ directory and creating a # new .conf file there. # 2. copy this file into /etc/systemd/network or one of the other paths checked # by systemd-udevd and edit it there. From 6770ee3c6d0af12d1c1a6cef6c03fbf815b83a55 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 20 Feb 2023 22:28:06 -0500 Subject: [PATCH 150/494] remove group write permission from 98-default-mac-none.link The 99-default.link has 644 perms so let's do the same for 98-default-mac-none.link. This was tripping up a test in the Fedora CoreOS test framework [1]. https://github.com/coreos/fedora-coreos-tracker/issues/1427 --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 16b7972..b43c856 100644 --- a/systemd.spec +++ b/systemd.spec @@ -755,7 +755,7 @@ install -Dm0644 -t %{buildroot}%{system_unit_dir}/system.slice.d/ %{SOURCE15} install -Dm0644 -t %{buildroot}%{user_unit_dir}/slice.d/ %{SOURCE15} # https://bugzilla.redhat.com/show_bug.cgi?id=2107754 -install -Dm0664 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25} +install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25} sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py From 55ee787b7705b4cf94f7e98bdc05e74332b50843 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 22 Feb 2023 15:51:59 +0100 Subject: [PATCH 151/494] Set TimeoutStopFailureMode=abort for services ... (see https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer) --- 10-timeout-abort.conf | 14 ++++++++++++++ systemd.spec | 12 +++++++++--- 2 files changed, 23 insertions(+), 3 deletions(-) create mode 100644 10-timeout-abort.conf diff --git a/10-timeout-abort.conf b/10-timeout-abort.conf new file mode 100644 index 0000000..4852648 --- /dev/null +++ b/10-timeout-abort.conf @@ -0,0 +1,14 @@ +# This file is part of the systemd package. +# See https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer. +# +# To facilitate debugging when a service fails to stop cleanly, +# TimeoutStopFailureMode=abort is set to "crash" services that fail to stop in +# the time allotted. This will cause the service to be terminated with SIGABRT +# and a coredump to be generated. +# +# To undo this configuration change, create a mask file: +# sudo mkdir -p /etc/systemd/system/service.d +# sudo ln -sv /dev/null /etc/systemd/system/service.d/10-timeout-abort.conf + +[Service] +TimeoutStopFailureMode=abort diff --git a/systemd.spec b/systemd.spec index b43c856..67b7dc0 100644 --- a/systemd.spec +++ b/systemd.spec @@ -70,6 +70,7 @@ Source13: libsystemd-shared.abignore Source14: 10-oomd-defaults.conf Source15: 10-oomd-per-slice-defaults.conf +Source16: 10-timeout-abort.conf Source21: macros.sysusers Source22: sysusers.attr @@ -536,6 +537,8 @@ package and is meant for use in exitrds. # Let's disable the service. sed -r -i '/^enable systemd-boot-update.service/d' presets/90-systemd.preset +sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user + %build %global ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} @@ -753,9 +756,9 @@ install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14} install -Dm0644 -t %{buildroot}%{system_unit_dir}/user-.slice.d/ %{SOURCE15} install -Dm0644 -t %{buildroot}%{system_unit_dir}/system.slice.d/ %{SOURCE15} install -Dm0644 -t %{buildroot}%{user_unit_dir}/slice.d/ %{SOURCE15} - -# https://bugzilla.redhat.com/show_bug.cgi?id=2107754 -install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25} +# https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer +install -Dm0644 -t %{buildroot}%{system_unit_dir}/service.d/ %{SOURCE16} +install -Dm0644 10-timeout-abort.conf.user %{buildroot}%{user_unit_dir}/service.d/10-timeout-abort.conf sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py @@ -764,6 +767,9 @@ install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/fileattrs/ %{SOURCE22} install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE23} install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24} +# https://bugzilla.redhat.com/show_bug.cgi?id=2107754 +install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25} + %find_lang %{name} # Split files in build root into rpms. See split-files.py for the From 7a81930dd22098eca6c21ffd0732db8b1d3743a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 1 Mar 2023 14:09:03 +0100 Subject: [PATCH 152/494] Move man pages for sd-boot into systemd-boot-unsigned --- split-files.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/split-files.py b/split-files.py index b8def0a..90cb6a2 100644 --- a/split-files.py +++ b/split-files.py @@ -120,7 +120,6 @@ for file in files(buildroot): hwdb| bootctl| boot-update| - sd-boot|systemd-boot\.|loader.conf| bless-boot| boot-system-token| kernel-install| @@ -166,7 +165,9 @@ for file in files(buildroot): # confused if those user-facing binaries are not available. o = o_udev - elif re.search(r'''/boot/efi''', n, re.X): + elif re.search(r'''/boot/efi| + sd-boot|systemd-boot\.|loader.conf + ''', n, re.X): o = o_boot elif re.search(r'''resolved|resolve1| From 68db5d4680246a89de7aec958308fd4d813c513d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 3 Mar 2023 18:17:58 +0100 Subject: [PATCH 153/494] Version 253.1 - Fixes rhbz#2148464 --- 26478.patch | 46 ---------------------------------------------- sources | 2 +- systemd.spec | 12 ++++-------- 3 files changed, 5 insertions(+), 55 deletions(-) delete mode 100644 26478.patch diff --git a/26478.patch b/26478.patch deleted file mode 100644 index 98f980c..0000000 --- a/26478.patch +++ /dev/null @@ -1,46 +0,0 @@ -From e7662d18a14588740c245d10027e2c42a0a21c0e Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 19 Feb 2023 02:42:52 +0900 -Subject: [PATCH] core/manager: falling back to execute generators without - sandboxing - -When running in a container, like podman, docker or so, creating new mount -namespace may be disabled. - -Fixes #26474. -Fixes RHBZ#2165004 (https://bugzilla.redhat.com/show_bug.cgi?id=2165004). ---- - src/core/manager.c | 15 ++++++++++++++- - 1 file changed, 14 insertions(+), 1 deletion(-) - -diff --git a/src/core/manager.c b/src/core/manager.c -index 7b394794b0d4..380a4e30d7af 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -3829,12 +3829,25 @@ static int manager_run_generators(Manager *m) { - } - - r = safe_fork("(sd-gens)", -- FORK_RESET_SIGNALS | FORK_LOG | FORK_WAIT | FORK_NEW_MOUNTNS | FORK_MOUNTNS_SLAVE | FORK_PRIVATE_TMP, -+ FORK_RESET_SIGNALS | FORK_WAIT | FORK_NEW_MOUNTNS | FORK_MOUNTNS_SLAVE | FORK_PRIVATE_TMP, - NULL); - if (r == 0) { - r = manager_execute_generators(m, paths, /* remount_ro= */ true); - _exit(r >= 0 ? EXIT_SUCCESS : EXIT_FAILURE); - } -+ if (r < 0) { -+ if (!ERRNO_IS_PRIVILEGE(r)) { -+ log_error_errno(r, "Failed to fork off sandboxing environment for executing generators: %m"); -+ goto finish; -+ } -+ -+ /* Failed to fork with new mount namespace? Maybe, running in a container environment with -+ * seccomp or without capability. */ -+ log_debug_errno(r, -+ "Failed to fork off sandboxing environment for executing generators. " -+ "Falling back to execute generators without sandboxing: %m"); -+ r = manager_execute_generators(m, paths, /* remount_ro= */ false); -+ } - - finish: - lookup_paths_trim_generator(&m->lookup_paths); diff --git a/sources b/sources index 1294e1e..3639a23 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-253.tar.gz) = 3bbc431a292ab590b70d3b490a528f71d30ccf478ddfa66d1c210f40c260ef49ac30651c19f2d073acf38d68398a4a6fbf95391f0e3ea0333d94b9d4e81d514f +SHA512 (systemd-253.1.tar.gz) = 4ac7607e0fcedd8612b525ab1fb05e3f5f569d8c1e609577377a54ea8f2aedd07def4012dad70b68a9c449ec7b8d70c6b96cbdafc11c35eb4408e43fc7bb401c diff --git a/systemd.spec b/systemd.spec index 67b7dc0..cd2d9d4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,8 +1,6 @@ #global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} -#global stable 1 - # We ship a .pc file but don't want to have a dep on pkg-config. We # strip the automatically generated dep here and instead co-own the # directory. @@ -30,13 +28,15 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 253 +Version: 253.1 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') %endif Release: %autorelease +%global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) + # For a breakdown of the licensing, see README License: LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later Summary: System and Service Manager @@ -95,10 +95,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 Patch0001: https://patch-diff.githubusercontent.com/raw/systemd/systemd/pull/26494.patch -# https://github.com/systemd/systemd/issues/26474 -# https://bugzilla.redhat.com/show_bug.cgi?id=2165004 -Patch0002: https://patch-diff.githubusercontent.com/raw/systemd/systemd/pull/26478.patch - # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0490: use-bfq-scheduler.patch @@ -262,7 +258,7 @@ utilities to control basic system configuration like the hostname, date, locale, maintain a list of logged-in users, system accounts, runtime directories and settings, and a logging daemons. %if 0%{?stable} -This package was built from the %{version}-stable branch of systemd. +This package was built from the %(c=%version; echo "v${c%.*}-stable") branch of systemd. %endif %package libs From ddd4dcd1fe2875e1ba6f1e4b44415321ef6f3c70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 3 Mar 2023 18:56:53 +0100 Subject: [PATCH 154/494] Fix build with gnu-efi-3.0.11-13 --- 26659.patch | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++ systemd.spec | 5 +++- 2 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 26659.patch diff --git a/26659.patch b/26659.patch new file mode 100644 index 0000000..bb8d0b1 --- /dev/null +++ b/26659.patch @@ -0,0 +1,67 @@ +From b3ec28645a2e02d03fa0d4a618802292540acf43 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 3 Mar 2023 16:08:41 +0100 +Subject: [PATCH] meson: adjust for removal of gnu-efi compat + +gnu-efi-3.0.11-13.fc39 in Fedora dropped the old include paths. +--- + src/boot/efi/meson.build | 24 ++++++++++++++---------- + 1 file changed, 14 insertions(+), 10 deletions(-) + +diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build +index bf595c33901e..ea55f1c9fa52 100644 +--- a/src/boot/efi/meson.build ++++ b/src/boot/efi/meson.build +@@ -19,7 +19,7 @@ elif efi_arch == 'x86_64' and '-m32' in get_option('efi-cflags') + efi_arch = 'x86' + endif + efi_arch = { +- # host_cc_arch: [efi_arch (see Table 3-2 in UEFI spec), gnu_efi_inc_arch] ++ # host_cc_arch: [efi_arch (see Table 3-2 in UEFI spec), obsolete gnu_efi_inc_arch] + 'x86': ['ia32', 'ia32'], + 'x86_64': ['x64', 'x86_64'], + 'arm': ['arm', 'arm'], +@@ -28,14 +28,17 @@ efi_arch = { + }.get(efi_arch, []) + + efi_incdir = get_option('efi-includedir') +-if efi_arch.length() > 0 and not cc.has_header( +- '@0@/@1@/efibind.h'.format(efi_incdir, efi_arch[1]), +- args: get_option('efi-cflags')) +- +- efi_arch = [] +-endif ++found = false ++foreach efi_arch_candidate : efi_arch ++ efi_archdir = efi_incdir / efi_arch_candidate ++ if cc.has_header(efi_archdir / 'efibind.h', ++ args: get_option('efi-cflags')) ++ found = true ++ break ++ endif ++endforeach + +-if efi_arch.length() == 0 ++if not found + if get_option('gnu-efi') == 'true' + error('gnu-efi support requested, but headers not found or efi arch is unknown') + endif +@@ -45,7 +48,8 @@ endif + + if not cc.has_header_symbol('efi.h', 'EFI_IMAGE_MACHINE_X64', + args: ['-nostdlib', '-ffreestanding', '-fshort-wchar'] + get_option('efi-cflags'), +- include_directories: include_directories(efi_incdir, efi_incdir / efi_arch[1])) ++ include_directories: include_directories(efi_incdir, ++ efi_archdir)) + + if get_option('gnu-efi') == 'true' + error('gnu-efi support requested, but found headers are too old (3.0.5+ required)') +@@ -313,7 +317,7 @@ summary({ + 'EFI LD' : efi_ld, + 'EFI lds' : efi_lds, + 'EFI crt0' : efi_crt0, +- 'EFI include directory' : efi_incdir}, ++ 'EFI include directory' : efi_archdir}, + section : 'Extensible Firmware Interface') + + if efi_conf.get('SBAT_DISTRO', '') != '' diff --git a/systemd.spec b/systemd.spec index cd2d9d4..f22b373 100644 --- a/systemd.spec +++ b/systemd.spec @@ -93,7 +93,10 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # https://github.com/systemd/systemd/issues/26488 # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 -Patch0001: https://patch-diff.githubusercontent.com/raw/systemd/systemd/pull/26494.patch +Patch0001: https://github.com/systemd/systemd/pull/26494.patch + +# Fix build with gnu-efi-3.0.11-13.fc39 +Patch0002: https://github.com/systemd/systemd/pull/26659.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From 5227302c984839b27524362ba2f45fb6d0025512 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 3 Mar 2023 20:11:48 +0100 Subject: [PATCH 155/494] Really fix build with gnu-efi-3.0.11-13 It turns out that the patch applied cleanly when backported to v253-stable, but did not work. [skip changelog] --- 26659.patch => 265.patch | 21 ++++++++++++++++----- systemd.spec | 2 +- 2 files changed, 17 insertions(+), 6 deletions(-) rename 26659.patch => 265.patch (80%) diff --git a/26659.patch b/265.patch similarity index 80% rename from 26659.patch rename to 265.patch index bb8d0b1..0f8c817 100644 --- a/26659.patch +++ b/265.patch @@ -1,15 +1,17 @@ -From b3ec28645a2e02d03fa0d4a618802292540acf43 Mon Sep 17 00:00:00 2001 +From e2f169f816809ad4db9ebca080c73b36810f7bdc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 3 Mar 2023 16:08:41 +0100 Subject: [PATCH] meson: adjust for removal of gnu-efi compat gnu-efi-3.0.11-13.fc39 in Fedora dropped the old include paths. + +/usr/include/efi/efi.h uses 'include "efibind.h"', so we cannot use -isystem. --- - src/boot/efi/meson.build | 24 ++++++++++++++---------- - 1 file changed, 14 insertions(+), 10 deletions(-) + src/boot/efi/meson.build | 26 +++++++++++++++----------- + 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build -index bf595c33901e..ea55f1c9fa52 100644 +index 6c1934d9f1..68c5dd15dc 100644 --- a/src/boot/efi/meson.build +++ b/src/boot/efi/meson.build @@ -19,7 +19,7 @@ elif efi_arch == 'x86_64' and '-m32' in get_option('efi-cflags') @@ -56,7 +58,16 @@ index bf595c33901e..ea55f1c9fa52 100644 if get_option('gnu-efi') == 'true' error('gnu-efi support requested, but found headers are too old (3.0.5+ required)') -@@ -313,7 +317,7 @@ summary({ +@@ -184,7 +188,7 @@ efi_cflags = [ + '-I', meson.current_source_dir(), + '-include', efi_config_h, + '-include', version_h, +- '-isystem', efi_incdir / efi_arch[1], ++ '-I', efi_archdir, + '-isystem', efi_incdir, + '-std=gnu11', + '-Wall', +@@ -315,7 +319,7 @@ summary({ 'EFI LD' : efi_ld, 'EFI lds' : efi_lds, 'EFI crt0' : efi_crt0, diff --git a/systemd.spec b/systemd.spec index f22b373..db1a7d3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -96,7 +96,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ Patch0001: https://github.com/systemd/systemd/pull/26494.patch # Fix build with gnu-efi-3.0.11-13.fc39 -Patch0002: https://github.com/systemd/systemd/pull/26659.patch +Patch0002: https://github.com/systemd/systemd-stable/pull/265.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From 9a0266ff7b8c0cd4b1020813e0a3929766970353 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 3 Mar 2023 20:14:38 +0100 Subject: [PATCH 156/494] Include two more patches that didn't make it into the stable tag [skip changelog] --- ...48dfa23ef01ce1888e440f24b3d22d633a60.patch | 36 +++++++++++++++++ ...e88b92287aa97ce21eee22aca0c74dfa6570.patch | 40 +++++++++++++++++++ systemd.spec | 3 ++ 3 files changed, 79 insertions(+) create mode 100644 465d48dfa23ef01ce1888e440f24b3d22d633a60.patch create mode 100644 fef2e88b92287aa97ce21eee22aca0c74dfa6570.patch diff --git a/465d48dfa23ef01ce1888e440f24b3d22d633a60.patch b/465d48dfa23ef01ce1888e440f24b3d22d633a60.patch new file mode 100644 index 0000000..4cdc037 --- /dev/null +++ b/465d48dfa23ef01ce1888e440f24b3d22d633a60.patch @@ -0,0 +1,36 @@ +From 465d48dfa23ef01ce1888e440f24b3d22d633a60 Mon Sep 17 00:00:00 2001 +From: Samanta Navarro +Date: Thu, 16 Feb 2023 11:59:05 +0000 +Subject: [PATCH] bootctl: Fix debug messages + +Remove duplicate KERNEL_INSTALL_MACHINE_ID from message and also +specify the correct origin of layout variable. + +Signed-off-by: Samanta Navarro +(cherry picked from commit 2d5ccb0818a7c9fdc280eb84478a6b89cd46b6fe) +--- + src/boot/bootctl-install.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/boot/bootctl-install.c b/src/boot/bootctl-install.c +index c795e75bc3..ebb0d486c9 100644 +--- a/src/boot/bootctl-install.c ++++ b/src/boot/bootctl-install.c +@@ -67,7 +67,7 @@ static int load_etc_machine_info(void) { + if (r < 0) + return log_error_errno(r, "Failed to parse KERNEL_INSTALL_MACHINE_ID=%s in /etc/machine-info: %m", s); + +- log_debug("Loaded KERNEL_INSTALL_MACHINE_ID=%s from KERNEL_INSTALL_MACHINE_ID in /etc/machine-info.", ++ log_debug("Loaded KERNEL_INSTALL_MACHINE_ID=%s from /etc/machine-info.", + SD_ID128_TO_STRING(arg_machine_id)); + } + +@@ -98,7 +98,7 @@ static int load_etc_kernel_install_conf(void) { + return log_error_errno(r, "Failed to parse %s: %m", p); + + if (!isempty(layout)) { +- log_debug("layout=%s is specified in /etc/machine-info.", layout); ++ log_debug("layout=%s is specified in %s.", layout, p); + free_and_replace(arg_install_layout, layout); + } + diff --git a/fef2e88b92287aa97ce21eee22aca0c74dfa6570.patch b/fef2e88b92287aa97ce21eee22aca0c74dfa6570.patch new file mode 100644 index 0000000..6db934d --- /dev/null +++ b/fef2e88b92287aa97ce21eee22aca0c74dfa6570.patch @@ -0,0 +1,40 @@ +From fef2e88b92287aa97ce21eee22aca0c74dfa6570 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Fri, 3 Mar 2023 12:17:27 +0100 +Subject: [PATCH] systemctl: explicitly cast the constants to uint64_t + +Otherwise under certain conditions `va_arg()` might get garbage instead +of the expected value, i.e.: + +$ sudo build-o0/systemctl disable asdfasfaf +sd_bus_message_appendv: Got uint64_t: 0 +Failed to disable unit: Unit file asdfasfaf.service does not exist. + +$ sudo build-o1/systemctl disable asdfasfaf +sd_bus_message_appendv: Got uint64_t: 7954875719681572864 +Failed to disable unit: Invalid argument + +(reproduced on an armv7hl machine) + +Resolves: #26568 +Follow-up to: bf1bea43f15 +Related issue: https://github.com/systemd/systemd/pull/14470#discussion_r362893735 + +(cherry picked from commit c63bfd0884cf20e48befbee49d41f667660a8802) +--- + src/systemctl/systemctl-enable.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/systemctl/systemctl-enable.c b/src/systemctl/systemctl-enable.c +index 86d9f602fa..f94a286122 100644 +--- a/src/systemctl/systemctl-enable.c ++++ b/src/systemctl/systemctl-enable.c +@@ -211,7 +211,7 @@ int verb_enable(int argc, char *argv[], void *userdata) { + + if (send_runtime) { + if (streq(method, "DisableUnitFilesWithFlagsAndInstallInfo")) +- r = sd_bus_message_append(m, "t", arg_runtime ? UNIT_FILE_RUNTIME : 0); ++ r = sd_bus_message_append(m, "t", arg_runtime ? (uint64_t) UNIT_FILE_RUNTIME : UINT64_C(0)); + else + r = sd_bus_message_append(m, "b", arg_runtime); + if (r < 0) diff --git a/systemd.spec b/systemd.spec index db1a7d3..4b46258 100644 --- a/systemd.spec +++ b/systemd.spec @@ -98,6 +98,9 @@ Patch0001: https://github.com/systemd/systemd/pull/26494.patch # Fix build with gnu-efi-3.0.11-13.fc39 Patch0002: https://github.com/systemd/systemd-stable/pull/265.patch +Patch0003: https://github.com/systemd/systemd-stable/commit/fef2e88b92287aa97ce21eee22aca0c74dfa6570.patch +Patch0004: https://github.com/systemd/systemd-stable/commit/465d48dfa23ef01ce1888e440f24b3d22d633a60.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0490: use-bfq-scheduler.patch From 01af054efc229846ac1fb74f021d10fa0c438f96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 5 Mar 2023 14:03:12 +0100 Subject: [PATCH 157/494] Prepare to replace use of gnu-efi with the internal support See https://github.com/systemd/systemd/pull/26641. This will allow upstream pull request (and the main branch after the pull request has been merged) to be built with the new code. This doesn't do anything for official rpm builds until the new code is part of the sources. [skip changelog] --- systemd.spec | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index 4b46258..70d6d55 100644 --- a/systemd.spec +++ b/systemd.spec @@ -172,9 +172,6 @@ BuildRequires: python3dist(pytest) BuildRequires: python3dist(zstd) # gzip and lzma are provided by the stdlib BuildRequires: firewalld-filesystem -%if 0%{?have_gnu_efi} -BuildRequires: gnu-efi gnu-efi-devel -%endif BuildRequires: libseccomp-devel BuildRequires: meson >= 0.43 BuildRequires: gettext @@ -541,6 +538,16 @@ sed -r -i '/^enable systemd-boot-update.service/d' presets/90-systemd.preset sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user +%generate_buildrequires +%if 0%{?have_gnu_efi} +if grep -q gnu-efi meson_options.txt; then + echo 'gnu-efi' + echo 'gnu-efi-devel' +else + echo 'python3dist(pyelftools)' +fi +%endif + %build %global ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} @@ -589,7 +596,6 @@ CONFIGURE_OPTS=( -Dlibcurl=true -Dlibfido2=true -Defi=true - -Dgnu-efi=%[%{?have_gnu_efi}?"true":"false"] -Dtpm=true -Dtpm2=true -Dhwdb=true @@ -647,6 +653,15 @@ CONFIGURE_OPTS=( # -Dsystemd-timesync-uid=, not set yet ) +if grep gnu-efi meson_options.txt; then + CONFIGURE_OPTS+=( -Dgnu-efi=%[%{?have_gnu_efi}?"true":"false"] ) +else + # For now, let's build the bootloader in the same places where we + # built with gnu-efi. Later on, we might want to extend coverage, but + # considering that that support is untested, let's not do this now. + CONFIGURE_OPTS+=( -Dbootloader=%[%{?have_gnu_efi}?"true":"false"] ) +fi + %if %{without lto} %global _lto_cflags %nil %endif From 1a6178ce6eb7f9e289db01519ca510ad77760e83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 9 Mar 2023 09:05:16 +0100 Subject: [PATCH 158/494] Move /usr/lib/systemd/boot/ to systemd-boot-unsigned subpackage --- split-files.py | 1 + 1 file changed, 1 insertion(+) diff --git a/split-files.py b/split-files.py index 90cb6a2..dff50cc 100644 --- a/split-files.py +++ b/split-files.py @@ -166,6 +166,7 @@ for file in files(buildroot): o = o_udev elif re.search(r'''/boot/efi| + /usr/lib/systemd/boot| sd-boot|systemd-boot\.|loader.conf ''', n, re.X): o = o_boot From 1320fc300948e7c12d16ea8dd4e0fae3fd821d54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 29 Mar 2023 18:09:36 +0200 Subject: [PATCH 159/494] oomd: stop monitoring user-*.slice slices ... (rhbz#2177722) Oomd was killing a login session (user-*.slice/session-*.scope). Quoting https://bugzilla.redhat.com/show_bug.cgi?id=2177722#c21: > In F37 and prior the config was killing based on swap and pressure > on user-*.slice/user@.service. In 7665e1796f915dedbf8e014f0a78f4f576d609bb > it was changed to pressure only on system.slice and all slices under > user.slice. The relevant point here is that this change now includes > user-*.slice/session-*.scope which is the critical session bits > you're seeing killed here. > > That session scope should be omitted. The config that I intended > with the initial PR was for all slices under > user.slice/user-*.slice/user@.service to be monitored, not for all > slices under user.slice. With the file removed: $ oomctl | rg Path | sort Path: /system.slice Path: /user.slice/user-1000.slice/user@1000.service/app.slice Path: /user.slice/user-1000.slice/user@1000.service/session.slice --- systemd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 70d6d55..b106b2e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -770,7 +770,6 @@ install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3} # systemd-oomd default configuration install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14} -install -Dm0644 -t %{buildroot}%{system_unit_dir}/user-.slice.d/ %{SOURCE15} install -Dm0644 -t %{buildroot}%{system_unit_dir}/system.slice.d/ %{SOURCE15} install -Dm0644 -t %{buildroot}%{user_unit_dir}/slice.d/ %{SOURCE15} # https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer From 7f6f2305068a147ec8feaaa6dc970ba6d1b82a89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 29 Mar 2023 22:23:51 +0200 Subject: [PATCH 160/494] Version 253.2 --- 265.patch | 78 ------------------- ...48dfa23ef01ce1888e440f24b3d22d633a60.patch | 36 --------- ...e88b92287aa97ce21eee22aca0c74dfa6570.patch | 40 ---------- sources | 2 +- systemd.spec | 7 +- 5 files changed, 2 insertions(+), 161 deletions(-) delete mode 100644 265.patch delete mode 100644 465d48dfa23ef01ce1888e440f24b3d22d633a60.patch delete mode 100644 fef2e88b92287aa97ce21eee22aca0c74dfa6570.patch diff --git a/265.patch b/265.patch deleted file mode 100644 index 0f8c817..0000000 --- a/265.patch +++ /dev/null @@ -1,78 +0,0 @@ -From e2f169f816809ad4db9ebca080c73b36810f7bdc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 3 Mar 2023 16:08:41 +0100 -Subject: [PATCH] meson: adjust for removal of gnu-efi compat - -gnu-efi-3.0.11-13.fc39 in Fedora dropped the old include paths. - -/usr/include/efi/efi.h uses 'include "efibind.h"', so we cannot use -isystem. ---- - src/boot/efi/meson.build | 26 +++++++++++++++----------- - 1 file changed, 15 insertions(+), 11 deletions(-) - -diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build -index 6c1934d9f1..68c5dd15dc 100644 ---- a/src/boot/efi/meson.build -+++ b/src/boot/efi/meson.build -@@ -19,7 +19,7 @@ elif efi_arch == 'x86_64' and '-m32' in get_option('efi-cflags') - efi_arch = 'x86' - endif - efi_arch = { -- # host_cc_arch: [efi_arch (see Table 3-2 in UEFI spec), gnu_efi_inc_arch] -+ # host_cc_arch: [efi_arch (see Table 3-2 in UEFI spec), obsolete gnu_efi_inc_arch] - 'x86': ['ia32', 'ia32'], - 'x86_64': ['x64', 'x86_64'], - 'arm': ['arm', 'arm'], -@@ -28,14 +28,17 @@ efi_arch = { - }.get(efi_arch, []) - - efi_incdir = get_option('efi-includedir') --if efi_arch.length() > 0 and not cc.has_header( -- '@0@/@1@/efibind.h'.format(efi_incdir, efi_arch[1]), -- args: get_option('efi-cflags')) -- -- efi_arch = [] --endif -+found = false -+foreach efi_arch_candidate : efi_arch -+ efi_archdir = efi_incdir / efi_arch_candidate -+ if cc.has_header(efi_archdir / 'efibind.h', -+ args: get_option('efi-cflags')) -+ found = true -+ break -+ endif -+endforeach - --if efi_arch.length() == 0 -+if not found - if get_option('gnu-efi') == 'true' - error('gnu-efi support requested, but headers not found or efi arch is unknown') - endif -@@ -45,7 +48,8 @@ endif - - if not cc.has_header_symbol('efi.h', 'EFI_IMAGE_MACHINE_X64', - args: ['-nostdlib', '-ffreestanding', '-fshort-wchar'] + get_option('efi-cflags'), -- include_directories: include_directories(efi_incdir, efi_incdir / efi_arch[1])) -+ include_directories: include_directories(efi_incdir, -+ efi_archdir)) - - if get_option('gnu-efi') == 'true' - error('gnu-efi support requested, but found headers are too old (3.0.5+ required)') -@@ -184,7 +188,7 @@ efi_cflags = [ - '-I', meson.current_source_dir(), - '-include', efi_config_h, - '-include', version_h, -- '-isystem', efi_incdir / efi_arch[1], -+ '-I', efi_archdir, - '-isystem', efi_incdir, - '-std=gnu11', - '-Wall', -@@ -315,7 +319,7 @@ summary({ - 'EFI LD' : efi_ld, - 'EFI lds' : efi_lds, - 'EFI crt0' : efi_crt0, -- 'EFI include directory' : efi_incdir}, -+ 'EFI include directory' : efi_archdir}, - section : 'Extensible Firmware Interface') - - if efi_conf.get('SBAT_DISTRO', '') != '' diff --git a/465d48dfa23ef01ce1888e440f24b3d22d633a60.patch b/465d48dfa23ef01ce1888e440f24b3d22d633a60.patch deleted file mode 100644 index 4cdc037..0000000 --- a/465d48dfa23ef01ce1888e440f24b3d22d633a60.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 465d48dfa23ef01ce1888e440f24b3d22d633a60 Mon Sep 17 00:00:00 2001 -From: Samanta Navarro -Date: Thu, 16 Feb 2023 11:59:05 +0000 -Subject: [PATCH] bootctl: Fix debug messages - -Remove duplicate KERNEL_INSTALL_MACHINE_ID from message and also -specify the correct origin of layout variable. - -Signed-off-by: Samanta Navarro -(cherry picked from commit 2d5ccb0818a7c9fdc280eb84478a6b89cd46b6fe) ---- - src/boot/bootctl-install.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/boot/bootctl-install.c b/src/boot/bootctl-install.c -index c795e75bc3..ebb0d486c9 100644 ---- a/src/boot/bootctl-install.c -+++ b/src/boot/bootctl-install.c -@@ -67,7 +67,7 @@ static int load_etc_machine_info(void) { - if (r < 0) - return log_error_errno(r, "Failed to parse KERNEL_INSTALL_MACHINE_ID=%s in /etc/machine-info: %m", s); - -- log_debug("Loaded KERNEL_INSTALL_MACHINE_ID=%s from KERNEL_INSTALL_MACHINE_ID in /etc/machine-info.", -+ log_debug("Loaded KERNEL_INSTALL_MACHINE_ID=%s from /etc/machine-info.", - SD_ID128_TO_STRING(arg_machine_id)); - } - -@@ -98,7 +98,7 @@ static int load_etc_kernel_install_conf(void) { - return log_error_errno(r, "Failed to parse %s: %m", p); - - if (!isempty(layout)) { -- log_debug("layout=%s is specified in /etc/machine-info.", layout); -+ log_debug("layout=%s is specified in %s.", layout, p); - free_and_replace(arg_install_layout, layout); - } - diff --git a/fef2e88b92287aa97ce21eee22aca0c74dfa6570.patch b/fef2e88b92287aa97ce21eee22aca0c74dfa6570.patch deleted file mode 100644 index 6db934d..0000000 --- a/fef2e88b92287aa97ce21eee22aca0c74dfa6570.patch +++ /dev/null @@ -1,40 +0,0 @@ -From fef2e88b92287aa97ce21eee22aca0c74dfa6570 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Fri, 3 Mar 2023 12:17:27 +0100 -Subject: [PATCH] systemctl: explicitly cast the constants to uint64_t - -Otherwise under certain conditions `va_arg()` might get garbage instead -of the expected value, i.e.: - -$ sudo build-o0/systemctl disable asdfasfaf -sd_bus_message_appendv: Got uint64_t: 0 -Failed to disable unit: Unit file asdfasfaf.service does not exist. - -$ sudo build-o1/systemctl disable asdfasfaf -sd_bus_message_appendv: Got uint64_t: 7954875719681572864 -Failed to disable unit: Invalid argument - -(reproduced on an armv7hl machine) - -Resolves: #26568 -Follow-up to: bf1bea43f15 -Related issue: https://github.com/systemd/systemd/pull/14470#discussion_r362893735 - -(cherry picked from commit c63bfd0884cf20e48befbee49d41f667660a8802) ---- - src/systemctl/systemctl-enable.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/systemctl/systemctl-enable.c b/src/systemctl/systemctl-enable.c -index 86d9f602fa..f94a286122 100644 ---- a/src/systemctl/systemctl-enable.c -+++ b/src/systemctl/systemctl-enable.c -@@ -211,7 +211,7 @@ int verb_enable(int argc, char *argv[], void *userdata) { - - if (send_runtime) { - if (streq(method, "DisableUnitFilesWithFlagsAndInstallInfo")) -- r = sd_bus_message_append(m, "t", arg_runtime ? UNIT_FILE_RUNTIME : 0); -+ r = sd_bus_message_append(m, "t", arg_runtime ? (uint64_t) UNIT_FILE_RUNTIME : UINT64_C(0)); - else - r = sd_bus_message_append(m, "b", arg_runtime); - if (r < 0) diff --git a/sources b/sources index 3639a23..75e0d91 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-253.1.tar.gz) = 4ac7607e0fcedd8612b525ab1fb05e3f5f569d8c1e609577377a54ea8f2aedd07def4012dad70b68a9c449ec7b8d70c6b96cbdafc11c35eb4408e43fc7bb401c +SHA512 (systemd-253.2.tar.gz) = bfa8d232055603beb851156cc4dac3f8efa89da648114f97d0e62a4b9d3fda5ce6dd2358eb056c766d475c560645638ea8041794e03a7950613b791e69820280 diff --git a/systemd.spec b/systemd.spec index b106b2e..688746b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -28,7 +28,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 253.1 +Version: 253.2 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -95,11 +95,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 Patch0001: https://github.com/systemd/systemd/pull/26494.patch -# Fix build with gnu-efi-3.0.11-13.fc39 -Patch0002: https://github.com/systemd/systemd-stable/pull/265.patch - -Patch0003: https://github.com/systemd/systemd-stable/commit/fef2e88b92287aa97ce21eee22aca0c74dfa6570.patch -Patch0004: https://github.com/systemd/systemd-stable/commit/465d48dfa23ef01ce1888e440f24b3d22d633a60.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From 1fa99260fc81714550e83f70168944188140ebfd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 22 Apr 2023 12:37:06 +0200 Subject: [PATCH 161/494] pytest-flakes is required for test_ukify.py [skip changelog] --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index 688746b..aaf0917 100644 --- a/systemd.spec +++ b/systemd.spec @@ -164,6 +164,7 @@ BuildRequires: python3dist(lxml) BuildRequires: python3dist(pefile) BuildRequires: python3dist(pillow) BuildRequires: python3dist(pytest) +BuildRequires: python3dist(pytest-flakes) BuildRequires: python3dist(zstd) # gzip and lzma are provided by the stdlib BuildRequires: firewalld-filesystem From ef79df9490c8a47033c4d242feb5c55ccc5e342d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 26 Apr 2023 09:55:55 +0200 Subject: [PATCH 162/494] sysusers.generate-pre.sh: fix indentation in generated scripts We need to use a mix of spaces and tabs: the tabs are removed because of -EOF, and then the spaces indent the output. Jesus. --- sysusers.generate-pre.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh index a077bb7..6bc0ca6 100755 --- a/sysusers.generate-pre.sh +++ b/sysusers.generate-pre.sh @@ -20,16 +20,16 @@ user() { if [ "$uid" = '-' ] || [ "$uid" = '' ]; then cat <<-EOF getent passwd '$user' >/dev/null || \\ - useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : + useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : EOF else cat <<-EOF if ! getent passwd '$user' >/dev/null; then - if ! getent passwd '$uid' >/dev/null; then - useradd -r -u '$uid' -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : - else - useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : - fi + if ! getent passwd '$uid' >/dev/null; then + useradd -r -u '$uid' -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : + else + useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : + fi fi EOF @@ -57,7 +57,7 @@ usermod() { cat <<-EOF if getent group '$group' >/dev/null; then - usermod -a -G '$group' '$user' || : + usermod -a -G '$group' '$user' || : fi EOF } From 7e62bd076202062d951a58e0f0a31b1ae902e0de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 26 Apr 2023 09:52:35 +0200 Subject: [PATCH 163/494] sysusers.generate-pre.sh: properly escape quotes in description strings ... (rhbz#2104141) In the first version, I wanted to use POSIX quotes with $''. But that required 'printf %q', which brings in a dependency on coreutils. Following mcr0mmand's suggestion, ${foo@Q} is used instead, which should work equivalently, and does not require anything new. Tested with 'sysusers.generate-pre.sh /usr/lib/sysusers.d/*conf'. The output is the same before and after, apart from the dovecot user with a quote. --- sysusers.generate-pre.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh index 6bc0ca6..4a87d53 100755 --- a/sysusers.generate-pre.sh +++ b/sysusers.generate-pre.sh @@ -20,15 +20,15 @@ user() { if [ "$uid" = '-' ] || [ "$uid" = '' ]; then cat <<-EOF getent passwd '$user' >/dev/null || \\ - useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : + useradd -r -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || : EOF else cat <<-EOF - if ! getent passwd '$user' >/dev/null; then - if ! getent passwd '$uid' >/dev/null; then - useradd -r -u '$uid' -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : + if ! getent passwd ${user@Q} >/dev/null; then + if ! getent passwd ${uid@Q} >/dev/null; then + useradd -r -u ${uid@Q} -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || : else - useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : + useradd -r -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || : fi fi @@ -42,11 +42,11 @@ group() { if [ "$gid" = '-' ]; then cat <<-EOF - getent group '$group' >/dev/null || groupadd -r '$group' || : + getent group ${group@Q} >/dev/null || groupadd -r ${group@Q} || : EOF else cat <<-EOF - getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' || : + getent group ${group@Q} >/dev/null || groupadd -f -g ${gid@Q} -r ${group@Q} || : EOF fi } @@ -56,8 +56,8 @@ usermod() { group="$2" cat <<-EOF - if getent group '$group' >/dev/null; then - usermod -a -G '$group' '$user' || : + if getent group ${group@Q} >/dev/null; then + usermod -a -G ${group@Q} '$user' || : fi EOF } From 5448e2ee0e18708a6a08a36808c76854ea7ee9ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 9 May 2023 14:58:59 +0200 Subject: [PATCH 164/494] Add forgotten Provides and Conflicts for standalones --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index aaf0917..3c71b58 100644 --- a/systemd.spec +++ b/systemd.spec @@ -220,10 +220,14 @@ Conflicts: fedora-release < 23-0.12 %endif Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 +Conflicts: %{name}-standalone-repart < %{version}-%{release}^ +Provides: %{name}-repart = %{version}-%{release} Conflicts: %{name}-standalone-tmpfiles < %{version}-%{release}^ Provides: %{name}-tmpfiles = %{version}-%{release} Conflicts: %{name}-standalone-sysusers < %{version}-%{release}^ Provides: %{name}-sysusers = %{version}-%{release} +Conflicts: %{name}-standalone-shutdown < %{version}-%{release}^ +Provides: %{name}-shutdown = %{version}-%{release} # Recommends to replace normal Requires deps for stuff that is dlopen()ed Recommends: libidn2.so.0%{?elf_suffix} From 806c95e1c70af18f81d499b24cd7acfa4c36ffd6 Mon Sep 17 00:00:00 2001 From: Michael Catanzaro Date: Wed, 5 Apr 2023 17:22:48 -0500 Subject: [PATCH 165/494] Raise ManagedOOMMemoryPressureLimit from 50% to 80% Admittedly I don't know what I'm doing here, but this should make systemd-oomd kill things less often, which seems like the direction we want to move towards, so let's try it. https://pagure.io/fedora-workstation/issue/358 --- 10-oomd-per-slice-defaults.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/10-oomd-per-slice-defaults.conf b/10-oomd-per-slice-defaults.conf index fbf6f00..63d8162 100644 --- a/10-oomd-per-slice-defaults.conf +++ b/10-oomd-per-slice-defaults.conf @@ -1,3 +1,3 @@ [Slice] ManagedOOMMemoryPressure=kill -ManagedOOMMemoryPressureLimit=50% +ManagedOOMMemoryPressureLimit=80% From 3d02d53d87d4d7949a0908d598c48fe255970bd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 11 May 2023 22:28:36 +0200 Subject: [PATCH 166/494] Version 253.4 --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 75e0d91..60343f9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-253.2.tar.gz) = bfa8d232055603beb851156cc4dac3f8efa89da648114f97d0e62a4b9d3fda5ce6dd2358eb056c766d475c560645638ea8041794e03a7950613b791e69820280 +SHA512 (systemd-253.4.tar.gz) = cbd572330871fe938307cdead57637e9a03fcdb95b62dd12506f13f48fddcacfaf1e7b179bc9e1c1889a07d3bf21f840aafc773df3a1ab05b37d28950cb94ee1 diff --git a/systemd.spec b/systemd.spec index 3c71b58..9f04328 100644 --- a/systemd.spec +++ b/systemd.spec @@ -28,7 +28,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 253.2 +Version: 253.4 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 21df2af848358e77c55269ffbb923fce750c416f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 1 Jun 2023 16:44:52 +0200 Subject: [PATCH 167/494] Version 253.5 --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 60343f9..b97b829 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-253.4.tar.gz) = cbd572330871fe938307cdead57637e9a03fcdb95b62dd12506f13f48fddcacfaf1e7b179bc9e1c1889a07d3bf21f840aafc773df3a1ab05b37d28950cb94ee1 +SHA512 (systemd-253.5.tar.gz) = 39709b485cd9287e26ac8e973fa1692b280bec3b96e1da6667e4a4f2ac2228aa072b22802720a254698d32c82f5306d7feb32229e4b6d54cc0e2b1e2caa4cc2e diff --git a/systemd.spec b/systemd.spec index 9f04328..2c6b59f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -28,7 +28,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 253.4 +Version: 253.5 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From aedd5488becf13b2fbb7ceb4bc147531bb95c0e4 Mon Sep 17 00:00:00 2001 From: Alessandro Astone Date: Thu, 1 Jun 2023 23:17:44 +0200 Subject: [PATCH 168/494] Increase vm.max_map_count https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount --- 10-map-count.conf | 3 +++ systemd.spec | 4 ++++ 2 files changed, 7 insertions(+) create mode 100644 10-map-count.conf diff --git a/10-map-count.conf b/10-map-count.conf new file mode 100644 index 0000000..5cf5677 --- /dev/null +++ b/10-map-count.conf @@ -0,0 +1,3 @@ +# Increase the number of virtual memory areas that one process may request +# https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount +vm.max_map_count=1048576 diff --git a/systemd.spec b/systemd.spec index 2c6b59f..2610741 100644 --- a/systemd.spec +++ b/systemd.spec @@ -71,6 +71,7 @@ Source13: libsystemd-shared.abignore Source14: 10-oomd-defaults.conf Source15: 10-oomd-per-slice-defaults.conf Source16: 10-timeout-abort.conf +Source17: 10-map-count.conf Source21: macros.sysusers Source22: sysusers.attr @@ -776,6 +777,9 @@ install -Dm0644 -t %{buildroot}%{user_unit_dir}/slice.d/ %{SOURCE15} install -Dm0644 -t %{buildroot}%{system_unit_dir}/service.d/ %{SOURCE16} install -Dm0644 10-timeout-abort.conf.user %{buildroot}%{user_unit_dir}/service.d/10-timeout-abort.conf +# https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount +install -Dm0644 -t %{buildroot}%{_prefix}/lib/sysctl.d/ %{SOURCE17} + sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/macros.d/ %{SOURCE21} From 4980b39c441babc2c858e76acb6b8064a57370b7 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Sun, 4 Jun 2023 23:42:45 -0400 Subject: [PATCH 169/494] Avoid qrencode dependency in RHEL builds Based on c9s: https://gitlab.com/redhat/centos-stream/rpms/systemd/-/commit/c7784e658433844e056b6cab5bf3186f093b9f79 --- systemd.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 2610741..68f2539 100644 --- a/systemd.spec +++ b/systemd.spec @@ -141,7 +141,9 @@ BuildRequires: kmod-devel BuildRequires: elfutils-devel BuildRequires: openssl-devel BuildRequires: gnutls-devel +%if %{undefined rhel} BuildRequires: qrencode-devel +%endif BuildRequires: libmicrohttpd-devel BuildRequires: libxkbcommon-devel BuildRequires: iptables-devel @@ -236,7 +238,9 @@ Recommends: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} Recommends: libpcre2-8.so.0%{?elf_suffix} Recommends: libpwquality.so.1%{?elf_suffix} Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits} +%if %{undefined rhel} Recommends: libqrencode.so.4%{?elf_suffix} +%endif Recommends: libbpf.so.0%{?elf_suffix} Recommends: libbpf.so.0(LIBBPF_0.4.0)%{?elf_bits} @@ -589,7 +593,7 @@ CONFIGURE_OPTS=( -Dlibcryptsetup=%[%{with bootstrap}?"false":"true"] -Delfutils=true -Dpwquality=true - -Dqrencode=true + -Dqrencode=%[%{defined rhel}?"false":"true"] -Dgnutls=true -Dmicrohttpd=true -Dlibidn2=true From 5982ae9504c8f2697a839c6ce2a82287a60c1043 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Mon, 5 Jun 2023 12:49:57 -0400 Subject: [PATCH 170/494] Avoid pillow and pyflakes in RHEL builds These test dependencies are unwanted in RHEL. --- systemd.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 68f2539..fa69615 100644 --- a/systemd.spec +++ b/systemd.spec @@ -165,9 +165,11 @@ BuildRequires: python3-devel BuildRequires: python3dist(jinja2) BuildRequires: python3dist(lxml) BuildRequires: python3dist(pefile) +%if %{undefined rhel} BuildRequires: python3dist(pillow) -BuildRequires: python3dist(pytest) BuildRequires: python3dist(pytest-flakes) +%endif +BuildRequires: python3dist(pytest) BuildRequires: python3dist(zstd) # gzip and lzma are provided by the stdlib BuildRequires: firewalld-filesystem From d64ddbaa83ecee18431b8415829e35434e919a39 Mon Sep 17 00:00:00 2001 From: Anita Zhang Date: Wed, 21 Jun 2023 15:59:07 +0100 Subject: [PATCH 171/494] fix typos in standalone package provides --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index fa69615..e48e5e6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -498,7 +498,7 @@ useful to test systemd internals. %package standalone-repart Summary: Standalone systemd-repart binary for use on systems without systemd -Provides: %{name}-tmpfiles = %{version}-%{release} +Provides: %{name}-repart = %{version}-%{release} RemovePathPostfixes: .standalone %description standalone-repart @@ -528,7 +528,7 @@ package and is meant for use on systems without systemd. %package standalone-shutdown Summary: Standalone systemd-shutdown binary for use on systems without systemd -Provides: %{name}-sysusers = %{version}-%{release} +Provides: %{name}-shutdown = %{version}-%{release} RemovePathPostfixes: .standalone %description standalone-shutdown From dce828f1677bb5e197e2edffcff7e43dba204750 Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Wed, 21 Jun 2023 12:28:48 +0300 Subject: [PATCH 172/494] Use rpm's sysuser provide generation on Fedora >= 39 Rpm >= 4.19 has native sysusers integration and generates similar user() and group() provides but encodes additional information into them, information that is required for the rpm integration to work. Besides additional data, one noteworthy difference in the rpm generated provides is there are no provides generated for m(ember) directives. This is because users and groups possibly created by that directive are a too implicit for dependency resolution and install ordering purposes in the case where the user/group is actually owned by some other package. --- systemd.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systemd.spec b/systemd.spec index e48e5e6..158ef06 100644 --- a/systemd.spec +++ b/systemd.spec @@ -789,8 +789,11 @@ install -Dm0644 -t %{buildroot}%{_prefix}/lib/sysctl.d/ %{SOURCE17} sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/macros.d/ %{SOURCE21} +# Use rpm's own sysusers provides where available +%if 0%{?fedora} < 39 install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/fileattrs/ %{SOURCE22} install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE23} +%endif install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24} # https://bugzilla.redhat.com/show_bug.cgi?id=2107754 From 9c05b44a4b8922cdd4671298107e067302509afc Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Mon, 26 Jun 2023 10:39:41 -0400 Subject: [PATCH 173/494] Use rpm sysuser provide generation on RHEL >= 10 ELN, and as a result the future RHEL 10, also just got the new rpm version with these files. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 158ef06..ccb75b6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -790,7 +790,7 @@ sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/t install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/macros.d/ %{SOURCE21} # Use rpm's own sysusers provides where available -%if 0%{?fedora} < 39 +%if ! (0%{?fedora} >= 39 || 0%{?rhel} >= 10) install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/fileattrs/ %{SOURCE22} install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE23} %endif From d80a45533db738147b5def10874f0b84d97b8b64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 10 Jul 2023 18:52:26 +0200 Subject: [PATCH 174/494] Version 254~rc1 - Way too many changes to list. See https://raw.githubusercontent.com/systemd/systemd/v254-rc1/NEWS - Fix regression in socket activation of services (rhbz#2213660). --- fedora-use-system-auth-in-pam-systemd-user.patch | 12 ++++++------ sources | 2 +- systemd.spec | 4 ++-- use-bfq-scheduler.patch | 12 ++++++------ 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/fedora-use-system-auth-in-pam-systemd-user.patch b/fedora-use-system-auth-in-pam-systemd-user.patch index 3b7c10d..df820e2 100644 --- a/fedora-use-system-auth-in-pam-systemd-user.patch +++ b/fedora-use-system-auth-in-pam-systemd-user.patch @@ -1,14 +1,14 @@ -From 4e6479054ae2090b99a50d6ae954d22efc8340a0 Mon Sep 17 00:00:00 2001 +From c4b803dc60b63a35c977d39610b7872175ec03bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 14 Dec 2022 22:24:53 +0100 -Subject: [PATCH 4/4] fedora: use system-auth in pam systemd-user +Subject: [PATCH] fedora: use system-auth in pam systemd-user --- src/login/systemd-user.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in -index 9a665bd959..703a4b3174 100644 +index 8a3c9e0165..74ef5f2552 100644 --- a/src/login/systemd-user.in +++ b/src/login/systemd-user.in @@ -7,7 +7,7 @@ @@ -20,12 +20,12 @@ index 9a665bd959..703a4b3174 100644 {% if HAVE_SELINUX %} session required pam_selinux.so close -@@ -19,4 +19,4 @@ session required pam_namespace.so - {% if ENABLE_HOMED %} +@@ -20,4 +20,4 @@ session required pam_namespace.so -session optional pam_systemd_home.so {% endif %} + session optional pam_umask.so silent -session optional pam_systemd.so +session include system-auth -- -2.38.1 +2.41.0 diff --git a/sources b/sources index b97b829..704ea14 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-253.5.tar.gz) = 39709b485cd9287e26ac8e973fa1692b280bec3b96e1da6667e4a4f2ac2228aa072b22802720a254698d32c82f5306d7feb32229e4b6d54cc0e2b1e2caa4cc2e +SHA512 (systemd-254-rc1.tar.gz) = 84124f4f861e17734bb07e235135cb20d8a2092de6f779ff71dccf93844e7b972304660193aa14834b74a64e29af9b3f70b342aac645aa36230e5cc2462d6d77 diff --git a/systemd.spec b/systemd.spec index ccb75b6..6444e58 100644 --- a/systemd.spec +++ b/systemd.spec @@ -28,7 +28,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 253.5 +Version: 254~rc1 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -537,7 +537,7 @@ other libraries from systemd-libs. This package conflicts with the main systemd package and is meant for use in exitrds. %prep -%autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1 +%autosetup -n %{?commit:%{name}%[%stable?"-stable":""]-%{commit}}%{!?commit:%{name}%[%stable?"-stable":""]-%{version_no_tilde}} -p1 # We want to update sd-boot from packaging scriptlets after package update. # Let's disable the service. diff --git a/use-bfq-scheduler.patch b/use-bfq-scheduler.patch index 59e642a..6ad5e5d 100644 --- a/use-bfq-scheduler.patch +++ b/use-bfq-scheduler.patch @@ -27,17 +27,17 @@ index 0000000000..850b64540e + KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \ + ATTR{queue/scheduler}="bfq" diff --git a/rules.d/meson.build b/rules.d/meson.build -index 8d2878a36d..a3b395c9ce 100644 +index 20fca222da..94fee9d7c0 100644 --- a/rules.d/meson.build +++ b/rules.d/meson.build -@@ -8,6 +8,7 @@ rules = [ +@@ -7,6 +7,7 @@ install_data( + rules = [ [files('60-autosuspend.rules', '60-block.rules', - '60-cdrom_id.rules', + '60-block-scheduler.rules', + '60-cdrom_id.rules', + '60-dmi-id.rules', '60-drm.rules', - '60-evdev.rules', - '60-fido-id.rules', -- -2.37.2 +2.41.0 From c50dc7ccda56fc15f1e5532997d305deb1c3af20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 15 Jul 2023 15:40:24 +0200 Subject: [PATCH 175/494] Version 254~rc2 - Various bug fixes, in particular kernel-install should again work without /proc. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 704ea14..ed2d364 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-254-rc1.tar.gz) = 84124f4f861e17734bb07e235135cb20d8a2092de6f779ff71dccf93844e7b972304660193aa14834b74a64e29af9b3f70b342aac645aa36230e5cc2462d6d77 +SHA512 (systemd-254-rc2.tar.gz) = d19f6f709536475f200925d0a0711422878ecfebfd351a989bda98505926c0646cf18b00fb158249b51e8476b2e01754e0ed7f30fbbf775c3a99e819bcd16579 diff --git a/systemd.spec b/systemd.spec index 6444e58..1c92b17 100644 --- a/systemd.spec +++ b/systemd.spec @@ -28,7 +28,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 254~rc1 +Version: 254~rc2 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 379f9bfba1876f6e91d2acdc439cbd57e433675a Mon Sep 17 00:00:00 2001 From: Stewart Smith Date: Thu, 23 Jun 2022 01:13:02 +0000 Subject: [PATCH 176/494] Move gnutls, zlib, bzip2, lz4, xz, and zstd to bconds --- systemd.spec | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/systemd.spec b/systemd.spec index 1c92b17..6fc338e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -15,6 +15,13 @@ %global elf_suffix ()%{elf_bits} %endif +%bcond bzip2 1 +%bcond gnutls 1 +%bcond lz4 1 +%bcond xz 1 +%bcond zlib 1 +%bcond zstd 1 + # Bootstrap may be needed to break circular dependencies with cryptsetup, # e.g. when re-building cryptsetup on a json-c SONAME-bump. %bcond_with bootstrap @@ -129,18 +136,28 @@ BuildRequires: /usr/bin/getfacl BuildRequires: libacl-devel BuildRequires: gobject-introspection-devel BuildRequires: libblkid-devel +%if %{with xz} BuildRequires: xz-devel BuildRequires: xz +%endif +%if %{with lz4} BuildRequires: lz4-devel BuildRequires: lz4 +%endif +%if %{with bzip2} BuildRequires: bzip2-devel +%endif +%if %{with zstd} BuildRequires: libzstd-devel +%endif BuildRequires: libidn2-devel BuildRequires: libcurl-devel BuildRequires: kmod-devel BuildRequires: elfutils-devel BuildRequires: openssl-devel +%if %{with gnutls} BuildRequires: gnutls-devel +%endif %if %{undefined rhel} BuildRequires: qrencode-devel %endif @@ -578,11 +595,11 @@ CONFIGURE_OPTS=( -Dbpf-framework=%[0%{?have_bpf}?"true":"false"] -Dapparmor=false -Dpolkit=true - -Dxz=true - -Dzlib=true - -Dbzip2=true - -Dlz4=true - -Dzstd=true + -Dxz=%[%{with xz}?"true":"false"] + -Dzlib=%[%{with zlib}?"true":"false"] + -Dbzip2=%[%{with bzip2}?"true":"false"] + -Dlz4=%[%{with lz4}?"true":"false"] + -Dzstd=%[%{with zstd}?"true":"false"] -Dpam=true -Dacl=true -Dsmack=true @@ -596,7 +613,7 @@ CONFIGURE_OPTS=( -Delfutils=true -Dpwquality=true -Dqrencode=%[%{defined rhel}?"false":"true"] - -Dgnutls=true + -Dgnutls=%[%{with gnutls}?"true":"false"] -Dmicrohttpd=true -Dlibidn2=true -Dlibiptc=false From 5c840a72b50cdba5280a3afc1ad6363da9ad8188 Mon Sep 17 00:00:00 2001 From: Stewart Smith Date: Sun, 16 Jul 2023 16:12:46 -0700 Subject: [PATCH 177/494] Convert existing bcond_with[out] to plain bcond --- systemd.spec | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index 6fc338e..e7e279d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -24,13 +24,13 @@ # Bootstrap may be needed to break circular dependencies with cryptsetup, # e.g. when re-building cryptsetup on a json-c SONAME-bump. -%bcond_with bootstrap -%bcond_without tests -%bcond_without lto +%bcond bootstrap 0 +%bcond tests 1 +%bcond lto 1 # Support for quick builds with rpmbuild --build-in-place. # See README.build-in-place. -%bcond_with inplace +%bcond inplace 0 Name: systemd Url: https://systemd.io From 219083fc04c8a67e5360e5eade2342c4f7f3aae6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 17 Jul 2023 14:42:12 +0200 Subject: [PATCH 178/494] Fix scriptlets for various services and remote-cryptsetup.target ... (rhbz#2217997) systemd-homed.service and systemd-portabled.service are in systemd-udev but the scriptlet was attached to main subpackage, so it wouldn't work because the unit file wasn't installed yet when it was invoked. systemd-pstore.service and remote-cryptsetup.target were forgotten, so they wouldn't get enabled on installation. --- systemd.spec | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index e7e279d..0b74f82 100644 --- a/systemd.spec +++ b/systemd.spec @@ -932,7 +932,7 @@ if [ $1 -eq 1 ]; then systemd-tmpfiles --create &>/dev/null || : fi -%systemd_postun_with_restart systemd-timedated.service systemd-portabled.service systemd-homed.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-oomd.service +%systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-oomd.service # FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558) # FIXME: user@*.service needs to be restarted, but using systemctl --user daemon-reexec @@ -964,8 +964,7 @@ systemctl --no-reload preset systemd-oomd.service &>/dev/null || : # a different package version. systemctl --no-reload preset systemd-journald-audit.socket &>/dev/null || : - -%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service %{?have_gnu_efi:systemd-boot-update.service} +%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-homed.service systemd-timesyncd.service %{?have_gnu_efi:systemd-boot-update.service} systemd-portabled.service systemd-pstore.service remote-cryptsetup.target %post udev # Move old stuff around in /var/lib From 8e1134ffe72fd1b6228214d1a03732317df0566f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 22 Jul 2023 03:05:22 +0000 Subject: [PATCH 179/494] Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering From 1edbd6746621ed0d6908da13292afadb54a48fdf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 24 Jul 2023 15:14:33 +0200 Subject: [PATCH 180/494] Version 254~rc3 - A bunch of fixes, e.g. rhbz#2223795. Also a bunch of reverts of commits which were found to cause problems. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index ed2d364..a247182 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-254-rc2.tar.gz) = d19f6f709536475f200925d0a0711422878ecfebfd351a989bda98505926c0646cf18b00fb158249b51e8476b2e01754e0ed7f30fbbf775c3a99e819bcd16579 +SHA512 (systemd-254-rc3.tar.gz) = b4d0385b4e25bc3895f37480afea6a5e17dd900379e6c5f8882b8b3db26c56305642f270c139c8396fcc41d87e1a8c97b963d945cd3deb43c58f4eb2196cb0a3 diff --git a/systemd.spec b/systemd.spec index 0b74f82..5f8ad79 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 254~rc2 +Version: 254~rc3 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From d9fe7ec0439c0fcdf6b1c1d7dbd8ec17d9dd9994 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 28 Jul 2023 13:23:03 +0200 Subject: [PATCH 181/494] Version 254 ... (just a bunch of bugfixes, mostly for unusual architectures, since rc3) - rhbz#2226908 - See https://raw.githubusercontent.com/systemd/systemd/v254-rc1/NEWS for the full changeset. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index a247182..e5ebb36 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-254-rc3.tar.gz) = b4d0385b4e25bc3895f37480afea6a5e17dd900379e6c5f8882b8b3db26c56305642f270c139c8396fcc41d87e1a8c97b963d945cd3deb43c58f4eb2196cb0a3 +SHA512 (systemd-254.tar.gz) = 84b4d16980fe2e64d5c3c95b9b4fbaad1076f368f493fdd745cbafbe7ce825293384f5fa0b6360ba8188da23c4575e87402fb666a3b71f84ff8b323aba0c07ff diff --git a/systemd.spec b/systemd.spec index 5f8ad79..81bd3ae 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 254~rc3 +Version: 254 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 6775af66c5afdce348038ad3d79a23cd57b97972 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 3 Aug 2023 23:13:03 +0200 Subject: [PATCH 182/494] Update libbpf soname The libbpf package now ships the libbpf.so.1 soname, so update our spec to match that. --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 81bd3ae..af22e4b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -260,8 +260,8 @@ Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits} %if %{undefined rhel} Recommends: libqrencode.so.4%{?elf_suffix} %endif -Recommends: libbpf.so.0%{?elf_suffix} -Recommends: libbpf.so.0(LIBBPF_0.4.0)%{?elf_bits} +Recommends: libbpf.so.1%{?elf_suffix} +Recommends: libbpf.so.1(LIBBPF_0.4.0)%{?elf_bits} # used by systemd-coredump and systemd-analyze Recommends: libdw.so.1%{?elf_suffix} From 2b6870dbdccd7950db705b32998980bd8a77dc63 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 3 Aug 2023 23:13:40 +0200 Subject: [PATCH 183/494] Add a custom %clean implementation Let's make sure we clean up after ourselves. We have to remove the generated timeout user config file, the file list files and the generated .lang file. --- systemd.spec | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/systemd.spec b/systemd.spec index af22e4b..18b7b18 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1166,5 +1166,11 @@ fi %files standalone-shutdown -f .file-list-standalone-shutdown +%clean +rm -rf $RPM_BUILD_ROOT +rm -f 10-timeout-abort.conf.user +rm -f .file-list-* +rm -f %{name}.lang + %changelog %autochangelog From 993f682ecc7f09ab3a6c61349f3b4311f90bb627 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 7 Aug 2023 13:59:52 +0200 Subject: [PATCH 184/494] Revert "Supress errors on selinux systems" The selinux policy was modified in https://github.com/fedora-selinux/selinux-policy/pull/944 to allow the reload to happen, so let's revert the silencing of the logging. This reverts commit 1d712f8acf96060d022b215d51aee4a13d9f84ca. --- triggers.systemd | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) diff --git a/triggers.systemd b/triggers.systemd index 719789b..f8bb078 100644 --- a/triggers.systemd +++ b/triggers.systemd @@ -17,11 +17,7 @@ /usr/lib/systemd/systemd-update-helper system-reload-restart || : %transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user -if selinuxenabled &>/dev/null; then - /usr/lib/systemd/systemd-update-helper user-reload-restart 2>/dev/null || : -else - /usr/lib/systemd/systemd-update-helper user-reload-restart || : -fi +/usr/lib/systemd/systemd-update-helper user-reload-restart || : %transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system # On removal, we need to run daemon-reload after any units have been @@ -33,11 +29,7 @@ fi %transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user # Execute daemon-reload in user managers. -if selinuxenabled &>/dev/null; then - /usr/lib/systemd/systemd-update-helper user-reload 2>/dev/null || : -else - /usr/lib/systemd/systemd-update-helper user-reload || : -fi +/usr/lib/systemd/systemd-update-helper user-reload || : %transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system # We restart remaining system services that should be restarted here. @@ -45,11 +37,7 @@ fi %transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user /etc/systemd/user # We restart remaining user services that should be restarted here. -if selinuxenabled &>/dev/null; then - /usr/lib/systemd/systemd-update-helper user-restart 2>/dev/null || : -else - /usr/lib/systemd/systemd-update-helper user-restart || : -fi +/usr/lib/systemd/systemd-update-helper user-restart || : %transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d # This script will process files installed in /usr/lib/sysusers.d to create From c4c8de9e3ebdabf1bbc2fdf1dd1a1ef89daf459f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 28 Jul 2023 19:30:34 +0200 Subject: [PATCH 185/494] Do daemon-reexec of user managers after package upgrade --- systemd.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 18b7b18..3a41bdb 100644 --- a/systemd.spec +++ b/systemd.spec @@ -935,7 +935,8 @@ fi %systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-oomd.service # FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558) -# FIXME: user@*.service needs to be restarted, but using systemctl --user daemon-reexec + +%systemd_user_daemon_reexec %triggerun resolved -- systemd < 246.1-1 # This is for upgrades from previous versions before systemd-resolved became the default. From 453f57749fa091e8ee540dcc765ccc92ce9e4ed9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 9 Aug 2023 16:13:46 +0200 Subject: [PATCH 186/494] Version 254.1 ... (rhbz#2228089, possibly partial fix for rhbz#2229524) --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 3a41bdb..ebc2601 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 254 +Version: 254.1 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 3c4a463e490047facd3d2fc3bc9223dac95ee00b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 9 Aug 2023 17:35:10 +0200 Subject: [PATCH 187/494] Upload sources [skip changelog] --- sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources b/sources index e5ebb36..f061a52 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-254.tar.gz) = 84b4d16980fe2e64d5c3c95b9b4fbaad1076f368f493fdd745cbafbe7ce825293384f5fa0b6360ba8188da23c4575e87402fb666a3b71f84ff8b323aba0c07ff +SHA512 (systemd-254.1.tar.gz) = eb2f4a95c890792fe11080e8dafc1eb4588ee98a3084d28083c4dd1f97962f56188c41641708c23267d01f1431821e823e1b89012f90d6ede80a12a0ce11a6d7 From f5162af2a6aabbcb1d564672510dd9627d8c1acc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 10 Aug 2023 16:57:19 +0200 Subject: [PATCH 188/494] rpminspect: adjust disablement for badfuncs We had something, but apparently it stopped working. Let's try with a new format: https://github.com/rpminspect/rpminspect/issues/1229#issuecomment-1673327657 [skip changelog] --- rpminspect.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/rpminspect.yaml b/rpminspect.yaml index 174fbd2..9843e40 100644 --- a/rpminspect.yaml +++ b/rpminspect.yaml @@ -1,6 +1,9 @@ # Disable badfuncs check that has tons of false positives. badfuncs: - exclude_path: .* + allowed: + /usr/lib/systemd/tests/unit-tests/*: + - inet_addr + - inet_aton # don't report changed content of compiled files # that is expected with every update From 49575fa6eddcbbbd7da2f0a28fbdc6573207b2dd Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sun, 13 Aug 2023 19:52:15 +0900 Subject: [PATCH 189/494] spec: explicitly enable/disable xen support For upstream packit builds with https://github.com/systemd/systemd/pull/24175. --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index ebc2601..41fd40c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -207,6 +207,7 @@ BuildRequires: bpftool %if 0%{?fedora} %ifarch x86_64 aarch64 +%global have_xen 1 # That package is only built for those two architectures BuildRequires: xen-devel %endif @@ -619,6 +620,7 @@ CONFIGURE_OPTS=( -Dlibiptc=false -Dlibcurl=true -Dlibfido2=true + -Dxenctrl=%[0%{?have_xen}?"true":"false"] -Defi=true -Dtpm=true -Dtpm2=true From 45fc64ccd0a08b62c4b43a053a6365b39c0b545e Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sun, 20 Aug 2023 10:20:41 +0900 Subject: [PATCH 190/494] spec: also explicitly enable/disable ukify support For upstream packit builds with https://github.com/systemd/systemd/pull/24175. --- systemd.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 41fd40c..16cc089 100644 --- a/systemd.spec +++ b/systemd.spec @@ -685,7 +685,12 @@ else # For now, let's build the bootloader in the same places where we # built with gnu-efi. Later on, we might want to extend coverage, but # considering that that support is untested, let's not do this now. - CONFIGURE_OPTS+=( -Dbootloader=%[%{?have_gnu_efi}?"true":"false"] ) + # Note, ukify requires bootloader, let's also explicitly enable/disable it + # here for https://github.com/systemd/systemd/pull/24175. + CONFIGURE_OPTS+=( + -Dbootloader=%[%{?have_gnu_efi}?"true":"false"] + -Dukify=%[%{?have_gnu_efi}?"true":"false"] + ) fi %if %{without lto} From 46dc8f5060d66792cfbb0966471dbadc5bf9aaa2 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sat, 2 Sep 2023 18:11:39 +0200 Subject: [PATCH 191/494] Add missing ukify dependency on python-cryptography --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index 16cc089..531f3f7 100644 --- a/systemd.spec +++ b/systemd.spec @@ -401,6 +401,7 @@ Recommends: llvm Requires: python3dist(pefile) Requires: python3dist(zstd) +Requires: python3dist(cryptography) Recommends: python3dist(pillow) BuildArch: noarch From c4232bef968fefa676077480128fc2599c07adb4 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sat, 2 Sep 2023 18:12:59 +0200 Subject: [PATCH 192/494] ukify: Drop obsolete dependency on objcopy --- systemd.spec | 4 ---- 1 file changed, 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index 531f3f7..37545e2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -395,10 +395,6 @@ machine, and to create or grow partitions and make file systems automatically. Summary: Tool to build Unified Kernel Images Requires: %{name} = %{version}-%{release} -# We prefer llvm-objcopy over objcopy. -Requires: (llvm or binutils) -Recommends: llvm - Requires: python3dist(pefile) Requires: python3dist(zstd) Requires: python3dist(cryptography) From 11c465372ac03d7729bf546ec00bb6196dbf3468 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 23 Aug 2023 09:12:42 +0200 Subject: [PATCH 193/494] Actually reload user managers and backport unit reload macros The macro expansions would only work when compiled with a recent version of systemd. We don't want to create a dependency loop like this, let's just expand the string manually. Also backport the patch adding %systemd_postun_with_reload and %systemd_user_postun_with_reload so a FPC documentation change can be filed. --- ...2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch | 94 +++++++++++++++++++ systemd.spec | 11 ++- 2 files changed, 103 insertions(+), 2 deletions(-) create mode 100644 631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch diff --git a/631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch b/631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch new file mode 100644 index 0000000..81de92f --- /dev/null +++ b/631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch @@ -0,0 +1,94 @@ +From 631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 26 Jul 2023 09:02:04 +0200 +Subject: [PATCH] rpm: add %systemd_postun_with_reload and + %systemd_user_postun_with_reload + +For some units, the package would like to issue a reload. The machinery was +already in place since c9615f73521986b3607b852c139036d58973043c: + + systemctl reload-or-restart --marked + + Enqueues restart jobs for all units that have the 'needs-restart' + mark, and reload jobs for units that have the 'needs-reload' mark. + When a unit marked for reload does not support reload, restart will + be queued. + +The new macros allow a reload to be issued instead of a restart. + +Based on the discussion on fedora-devel: +https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/IJSUGIEJNYZZRE53FF4YFUEBRHRAVIXR/ + +Tested using dummy package https://github.com/keszybz/rpm-test-reload. +--- + src/rpm/macros.systemd.in | 16 ++++++++++++++++ + src/rpm/systemd-update-helper.in | 22 ++++++++++++++++++++++ + 2 files changed, 38 insertions(+) + +diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in +index c07541c7286c..f05553f557e9 100644 +--- a/src/rpm/macros.systemd.in ++++ b/src/rpm/macros.systemd.in +@@ -101,6 +101,22 @@ if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ + fi \ + %{nil} + ++%systemd_postun_with_reload() \ ++%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_reload}} \ ++if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ ++ # Package upgrade, not uninstall \ ++ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-reload-system-units %{?*} || : \ ++fi \ ++%{nil} ++ ++%systemd_user_postun_with_reload() \ ++%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_postun_with_reload}} \ ++if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ ++ # Package upgrade, not uninstall \ ++ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-reload-user-units %{?*} || : \ ++fi \ ++%{nil} ++ + %udev_hwdb_update() %{nil} + + %udev_rules_update() %{nil} +diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in +index c623a5ea1722..c81e16c3d3ff 100755 +--- a/src/rpm/systemd-update-helper.in ++++ b/src/rpm/systemd-update-helper.in +@@ -47,6 +47,15 @@ case "$command" in + wait + ;; + ++ mark-reload-system-units) ++ [ -d /run/systemd/system ] || exit 0 ++ ++ for unit in "$@"; do ++ systemctl set-property "$unit" Markers=+needs-reload & ++ done ++ wait ++ ;; ++ + mark-restart-user-units) + [ -d /run/systemd/system ] || exit 0 + +@@ -60,6 +69,19 @@ case "$command" in + wait + ;; + ++ mark-reload-user-units) ++ [ -d /run/systemd/system ] || exit 0 ++ ++ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') ++ for user in $users; do ++ for unit in "$@"; do ++ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ ++ systemctl --user -M "$user@" set-property "$unit" Markers=+needs-reload & ++ done ++ done ++ wait ++ ;; ++ + system-reload-restart|system-reload|system-restart) + if [ -n "$*" ]; then + echo "Unexpected arguments for '$command': $*" diff --git a/systemd.spec b/systemd.spec index 37545e2..f3c19c3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -99,10 +99,12 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. -# https://github.com/systemd/systemd/issues/26488 +# Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 Patch0001: https://github.com/systemd/systemd/pull/26494.patch +# Backport of patches that allow reloading of units +Patch0002: https://github.com/systemd/systemd/pull/28521/commits/631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -940,7 +942,12 @@ fi # FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558) -%systemd_user_daemon_reexec +# This is the explanded form of %%systemd_user_daemon_reexec. We +# can't use the macro because we define it ourselves. +if [ $1 -ge 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then + # Package upgrade, not uninstall + /usr/lib/systemd/systemd-update-helper user-reexec || : +fi %triggerun resolved -- systemd < 246.1-1 # This is for upgrades from previous versions before systemd-resolved became the default. From c95e750cfb5ca0733178260cb5ee55293299363b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 7 Sep 2023 09:49:11 +0200 Subject: [PATCH 194/494] Version 254.2 - A bunch of fixes in various areas: manager, coredump, sysupdate, hibernation, journal. - Should fix rhbz#2234653. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index f061a52..5e5cc91 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-254.1.tar.gz) = eb2f4a95c890792fe11080e8dafc1eb4588ee98a3084d28083c4dd1f97962f56188c41641708c23267d01f1431821e823e1b89012f90d6ede80a12a0ce11a6d7 +SHA512 (systemd-254.2.tar.gz) = 4c71dc0a9b23eac03b1c3f22a77b5a5aeb5b7c7577b1d90582852fe7da43ff6a8e2e9c06bd7951827bc07e34ab2710b4793e784e49820f2d09db9a0209ec08dd diff --git a/systemd.spec b/systemd.spec index f3c19c3..8b755a4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 254.1 +Version: 254.2 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 14701a7bc8e3f75116e63e035c4204a6188b359f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 7 Sep 2023 12:17:02 +0200 Subject: [PATCH 195/494] Make inter-subpackage dependencies archful Prompted by the discussion in https://github.com/rpminspect/rpminspect/issues/1231. --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 8b755a4..d8b4fd3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -220,9 +220,9 @@ Requires(post): grep # systemd-machine-id-setup requires libssl Requires(post): openssl-libs Requires: dbus >= 1.9.18 -Requires: %{name}-pam = %{version}-%{release} +Requires: %{name}-pam%{_isa} = %{version}-%{release} Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) -Requires: %{name}-libs = %{version}-%{release} +Requires: %{name}-libs%{_isa} = %{version}-%{release} %{?fedora:Recommends: %{name}-networkd = %{version}-%{release}} %{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} Recommends: diffutils From 8365e8181dd91d648e9718a2709e4bb8f90bc31b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 11 Sep 2023 16:58:03 +0200 Subject: [PATCH 196/494] README.build-in-place: fix example command [skip changelog] --- README.build-in-place.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.build-in-place.md b/README.build-in-place.md index 057c103..8c444c5 100644 --- a/README.build-in-place.md +++ b/README.build-in-place.md @@ -7,7 +7,7 @@ and his [talk during ASG2019](https://www.youtube.com/watch?v=fVM1kJrymRM). git clone https://github.com/systemd/systemd fedpkg clone systemd fedora-systemd cd systemd -rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with inplace ../systemd.spec +rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with inplace ../fedora-systemd/systemd.spec sudo dnf upgrade --setopt install_weak_deps=False rpms/*/*.rpm ``` From 6674346bfd734f486c517f400d5037ee75f4e92f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 11 Sep 2023 17:13:58 +0200 Subject: [PATCH 197/494] Revert "Disable systemd-boot-update.service in presets" This reverts commit 8eea43e7149ba2f23062995d3bf83ebab0271274. Fedora already ships 'disable systemd-boot-update.service' in /usr/lib/systemd/system-preset/90-default.preset, so we don't need this. [skip changelog] --- systemd.spec | 4 ---- 1 file changed, 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index d8b4fd3..6cb0774 100644 --- a/systemd.spec +++ b/systemd.spec @@ -556,10 +556,6 @@ package and is meant for use in exitrds. %prep %autosetup -n %{?commit:%{name}%[%stable?"-stable":""]-%{commit}}%{!?commit:%{name}%[%stable?"-stable":""]-%{version_no_tilde}} -p1 -# We want to update sd-boot from packaging scriptlets after package update. -# Let's disable the service. -sed -r -i '/^enable systemd-boot-update.service/d' presets/90-systemd.preset - sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user %generate_buildrequires From 32656b2b877cd089c38a8df4118f7d3120a56f67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 11 Sep 2023 17:16:11 +0200 Subject: [PATCH 198/494] Move file manipulation to %build Without this, in-place builds are broken: they don't execute %prep, so %install fails. [skip changelog] --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 6cb0774..d63ebce 100644 --- a/systemd.spec +++ b/systemd.spec @@ -556,8 +556,6 @@ package and is meant for use in exitrds. %prep %autosetup -n %{?commit:%{name}%[%stable?"-stable":""]-%{commit}}%{!?commit:%{name}%[%stable?"-stable":""]-%{version_no_tilde}} -p1 -sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user - %generate_buildrequires %if 0%{?have_gnu_efi} if grep -q gnu-efi meson_options.txt; then @@ -711,6 +709,8 @@ if ! diff -u %{SOURCE1} ${new_triggers}; then sleep 5 fi +sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user + %install %meson_install From f66faf9fa13555fe0936733159d30ba026f497fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 15 Sep 2023 10:57:19 +0200 Subject: [PATCH 199/494] Provide /usr/sbin/installkernel ... (rhbz#2239008). --- split-files.py | 1 + systemd.spec | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/split-files.py b/split-files.py index dff50cc..6ab2832 100644 --- a/split-files.py +++ b/split-files.py @@ -123,6 +123,7 @@ for file in files(buildroot): bless-boot| boot-system-token| kernel-install| + installkernel| vconsole| backlight| rfkill| diff --git a/systemd.spec b/systemd.spec index d63ebce..6cac1a2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -351,6 +351,8 @@ Obsoletes: systemd < 245.6-1 Provides: udev = %{version} Provides: udev%{_isa} = %{version} Obsoletes: udev < 183 +Conflicts: grubby < 8.40-72 +Conflicts: sdubby < 1.0-3 # Recommends to replace normal Requires deps for stuff that is dlopen()ed # used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home @@ -818,6 +820,8 @@ install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24} # https://bugzilla.redhat.com/show_bug.cgi?id=2107754 install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25} +ln -s --relative kernel-install %{buildroot}%{_sbindir}/installkernel + %find_lang %{name} # Split files in build root into rpms. See split-files.py for the From 360975c08bae5218d91d30620ccb52cd287ce514 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 18 Sep 2023 21:43:20 +0200 Subject: [PATCH 200/494] Fix creation of installkernel symlink --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 6cac1a2..01f003c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -820,7 +820,7 @@ install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24} # https://bugzilla.redhat.com/show_bug.cgi?id=2107754 install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25} -ln -s --relative kernel-install %{buildroot}%{_sbindir}/installkernel +ln -s --relative %{buildroot}%{_bindir}/kernel-install %{buildroot}%{_sbindir}/installkernel %find_lang %{name} From 3f414333026b3a356a816e431fbeecb510052f31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 19 Sep 2023 08:56:24 +0200 Subject: [PATCH 201/494] rpminspect: rename config file for rpminspect According to https://fedoraproject.org/wiki/How_to_filter_libabigail_reports and https://github.com/rpminspect/rpminspect/issues/739#issuecomment-1125258249, the name must be just the extension. [skip changelog] --- libsystemd-shared.abignore => .abignore | 0 systemd.spec | 3 ++- 2 files changed, 2 insertions(+), 1 deletion(-) rename libsystemd-shared.abignore => .abignore (100%) diff --git a/libsystemd-shared.abignore b/.abignore similarity index 100% rename from libsystemd-shared.abignore rename to .abignore diff --git a/systemd.spec b/systemd.spec index 01f003c..0a9dca5 100644 --- a/systemd.spec +++ b/systemd.spec @@ -73,7 +73,8 @@ Source7: systemd-journal-remote.xml Source8: systemd-journal-gatewayd.xml Source9: 20-yama-ptrace.conf Source10: systemd-udev-trigger-no-reload.conf -Source13: libsystemd-shared.abignore +# https://fedoraproject.org/wiki/How_to_filter_libabigail_reports +Source13: .abignore Source14: 10-oomd-defaults.conf Source15: 10-oomd-per-slice-defaults.conf From 5dfe4c64c5ae3092434dd278b6ce1c8f439b3908 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 19 Sep 2023 09:05:23 +0200 Subject: [PATCH 202/494] rpminspect: suppress complain about inet_aton in /usr/bin/networkctl [skip changelog] --- rpminspect.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/rpminspect.yaml b/rpminspect.yaml index 9843e40..7261213 100644 --- a/rpminspect.yaml +++ b/rpminspect.yaml @@ -4,6 +4,9 @@ badfuncs: /usr/lib/systemd/tests/unit-tests/*: - inet_addr - inet_aton + /usr/bin/networkctl: + - inet_addr + - inet_aton # don't report changed content of compiled files # that is expected with every update From bd2499ee336841ffb35b5508db583776eb012700 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 19 Sep 2023 09:06:15 +0200 Subject: [PATCH 203/494] rpminspect: add duplicate dependency to appease rpmispect [skip changelog] --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index 0a9dca5..e1420f8 100644 --- a/systemd.spec +++ b/systemd.spec @@ -510,6 +510,10 @@ a userspace out-of-memory (OOM) killer. %package tests Summary: Internal unit tests for systemd Requires: %{name}%{_isa} = %{version}-%{release} +# This dependency is provided transitively. Also add it explicitly to +# appease rpminspect, https://github.com/rpminspect/rpminspect/issues/1231: +Requires: %{name}-libs%{_isa} = %{version}-%{release} + License: LGPL-2.1-or-later %description tests From 592d710bfdcc627b74b1e3f2d9f580eaf4d1ae25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 19 Sep 2023 09:26:56 +0200 Subject: [PATCH 204/494] zuul: adjust config Though apparently this will not work without further work in other places, see https://pagure.io/fedora-project-config/issue/292. [skip changelog] --- .zuul.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.zuul.yaml b/.zuul.yaml index 591bb8a..b2e0850 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -1,5 +1,7 @@ - project: vars: install_repo_exclude: + - systemd-standalone-repart + - systemd-standalone-shutdown + - systemd-standalone-sysusers - systemd-standalone-tmpfiles - - systemd-standalone-sysuser From 18e1ed3201dfc35692b778c6e807d38a2d105e41 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Tue, 19 Sep 2023 14:52:46 -0700 Subject: [PATCH 205/494] Backport PR #29215 to improve keyboard layout matching This lays the ground for simplifying anaconda's keyboard layout handling while improving results from where they are currently. --- ...cy_keymap-fix-empty-variant-matching.patch | 58 +++++++++ ...ap-try-matching-with-layout-order-re.patch | 117 ++++++++++++++++++ systemd.spec | 6 + 3 files changed, 181 insertions(+) create mode 100644 0001-find_legacy_keymap-fix-empty-variant-matching.patch create mode 100644 0002-find_legacy_keymap-try-matching-with-layout-order-re.patch diff --git a/0001-find_legacy_keymap-fix-empty-variant-matching.patch b/0001-find_legacy_keymap-fix-empty-variant-matching.patch new file mode 100644 index 0000000..c15a017 --- /dev/null +++ b/0001-find_legacy_keymap-fix-empty-variant-matching.patch @@ -0,0 +1,58 @@ +From a30ae31351ffa701ca860779495d4f52db4c462c Mon Sep 17 00:00:00 2001 +From: Adam Williamson +Date: Fri, 15 Sep 2023 15:35:36 -0700 +Subject: [PATCH 1/2] find_legacy_keymap: fix empty variant matching + +We should give a match bonus if the X context variant is empty +and the xvariant column in kbd-model-map is "-" (which means +none). Currently, we don't, which means that if you call this +on a context with layouts bg,us and no variant, you get the +console layout bg_pho-utf8 instead of bg_bds-utf8 (because both +score the same, and the bg_pho-utf8 row comes first). You should +get bg_bds-utf8 in this case. + +Signed-off-by: Adam Williamson +--- + src/locale/localed-util.c | 2 +- + src/locale/test-localed-util.c | 12 ++++++++++++ + 2 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c +index 02fac9786b..6a05b50a31 100644 +--- a/src/locale/localed-util.c ++++ b/src/locale/localed-util.c +@@ -825,7 +825,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) { + if (isempty(xc->model) || streq_ptr(xc->model, a[2])) { + matching++; + +- if (streq_ptr(xc->variant, a[3])) { ++ if (streq_ptr(xc->variant, a[3]) || (isempty(xc->variant) && streq(a[3], "-"))) { + matching++; + + if (streq_ptr(xc->options, a[4])) +diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c +index cb66dffd48..a19d80a967 100644 +--- a/src/locale/test-localed-util.c ++++ b/src/locale/test-localed-util.c +@@ -173,6 +173,18 @@ TEST(x11_convert_to_vconsole) { + assert_se(streq(vc.keymap, "es-dvorak")); + vc_context_clear(&vc); + ++ /* es no-variant test is not very good as the desired match ++ comes first in the list so will win if both candidates score ++ the same. in this case the desired match comes second so will ++ not win unless we correctly give the no-variant match a bonus ++ */ ++ log_info("/* test without variant, desired match second (bg,us:) */"); ++ assert_se(free_and_strdup(&xc.layout, "bg,us") >= 0); ++ assert_se(free_and_strdup(&xc.variant, NULL) >= 0); ++ assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0); ++ assert_se(streq(vc.keymap, "bg_bds-utf8")); ++ vc_context_clear(&vc); ++ + log_info("/* test with old mapping (fr:latin9) */"); + assert_se(free_and_strdup(&xc.layout, "fr") >= 0); + assert_se(free_and_strdup(&xc.variant, "latin9") >= 0); +-- +2.41.0 + diff --git a/0002-find_legacy_keymap-try-matching-with-layout-order-re.patch b/0002-find_legacy_keymap-try-matching-with-layout-order-re.patch new file mode 100644 index 0000000..d0eb7d0 --- /dev/null +++ b/0002-find_legacy_keymap-try-matching-with-layout-order-re.patch @@ -0,0 +1,117 @@ +From cf649cc21bf997b90606db664d74726fcaf002de Mon Sep 17 00:00:00 2001 +From: Adam Williamson +Date: Fri, 15 Sep 2023 16:02:29 -0700 +Subject: [PATCH 2/2] find_legacy_keymap: try matching with layout order + reversed + +The lines in kbd-model-map date back to ye olde times (RH's old +system-config-keyboard), and I think predate this bug: + +https://bugzilla.redhat.com/show_bug.cgi?id=1039185 + +where we got strong feedback that, for 'switched' layout setups +like Russian, US English should be the *first* layout and the +native layout the *second* one. This is how anaconda and, as of +recently, gnome-initial-setup configure such cases - but that +means, if we try to use localed to convert these configurations +using kbd-model-map, we get the wrong result (we get "us" as the +console layout). See also: + +https://bugzilla.redhat.com/show_bug.cgi?id=1912609 + +where we first noticed this wasn't working right, but sadly, we +'fixed' it with a not-really-correct bodge in anaconda instead +of doing it properly. + +Signed-off-by: Adam Williamson +--- + src/locale/localed-util.c | 44 ++++++++++++++++++++++------------ + src/locale/test-localed-util.c | 5 +++- + 2 files changed, 33 insertions(+), 16 deletions(-) + +diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c +index 6a05b50a31..eba13a2ac3 100644 +--- a/src/locale/localed-util.c ++++ b/src/locale/localed-util.c +@@ -803,21 +803,35 @@ int find_legacy_keymap(const X11Context *xc, char **ret) { + /* If we got an exact match, this is the best */ + matching = 10; + else { +- /* We have multiple X layouts, look for an +- * entry that matches our key with everything +- * but the first layout stripped off. */ +- if (startswith_comma(xc->layout, a[1])) +- matching = 5; ++ /* see if we get an exact match with the order reversed */ ++ _cleanup_strv_free_ char **b = NULL; ++ _cleanup_free_ char *c = NULL; ++ r = strv_split_full(&b, a[1], ",", 0); ++ if (r < 0) ++ return r; ++ strv_reverse(b); ++ c = strv_join(b, ","); ++ if (!c) ++ return log_oom(); ++ if (streq(xc->layout, c)) ++ matching = 9; + else { +- _cleanup_free_ char *x = NULL; +- +- /* If that didn't work, strip off the +- * other layouts from the entry, too */ +- x = strdupcspn(a[1], ","); +- if (!x) +- return -ENOMEM; +- if (startswith_comma(xc->layout, x)) +- matching = 1; ++ /* We have multiple X layouts, look for an ++ * entry that matches our key with everything ++ * but the first layout stripped off. */ ++ if (startswith_comma(xc->layout, a[1])) ++ matching = 5; ++ else { ++ _cleanup_free_ char *x = NULL; ++ ++ /* If that didn't work, strip off the ++ * other layouts from the entry, too */ ++ x = strdupcspn(a[1], ","); ++ if (!x) ++ return -ENOMEM; ++ if (startswith_comma(xc->layout, x)) ++ matching = 1; ++ } + } + } + +@@ -848,7 +862,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) { + } + } + +- if (best_matching < 10 && !isempty(xc->layout)) { ++ if (best_matching < 9 && !isempty(xc->layout)) { + _cleanup_free_ char *l = NULL, *v = NULL, *converted = NULL; + + /* The best match is only the first part of the X11 +diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c +index a19d80a967..f702ff29b0 100644 +--- a/src/locale/test-localed-util.c ++++ b/src/locale/test-localed-util.c +@@ -192,11 +192,14 @@ TEST(x11_convert_to_vconsole) { + assert_se(streq(vc.keymap, "fr-latin9")); + vc_context_clear(&vc); + ++ /* https://bugzilla.redhat.com/show_bug.cgi?id=1039185 */ ++ /* us,ru is the x config users want, but they still want ru ++ as the console layout in this case */ + log_info("/* test with a compound mapping (us,ru:) */"); + assert_se(free_and_strdup(&xc.layout, "us,ru") >= 0); + assert_se(free_and_strdup(&xc.variant, NULL) >= 0); + assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0); +- assert_se(streq(vc.keymap, "us")); ++ assert_se(streq(vc.keymap, "ru")); + vc_context_clear(&vc); + + log_info("/* test with a compound mapping (ru,us:) */"); +-- +2.41.0 + diff --git a/systemd.spec b/systemd.spec index e1420f8..cf86d44 100644 --- a/systemd.spec +++ b/systemd.spec @@ -107,6 +107,12 @@ Patch0001: https://github.com/systemd/systemd/pull/26494.patch # Backport of patches that allow reloading of units Patch0002: https://github.com/systemd/systemd/pull/28521/commits/631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch +# Backport of improvements to console keyboard layout guessing +# https://github.com/systemd/systemd/pull/29215 +# https://bugzilla.redhat.com/show_bug.cgi?id=1912609 +Patch0003: 0001-find_legacy_keymap-fix-empty-variant-matching.patch +Patch0004: 0002-find_legacy_keymap-try-matching-with-layout-order-re.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0490: use-bfq-scheduler.patch From 9a522c2a5ad910bfc93dcd6e41d79f42dbabe953 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 27 Sep 2023 11:04:10 +0200 Subject: [PATCH 206/494] Change versioned Conflicts to rich Requires ... (rhbz#2240828) We currently have grubby-8.40-72.fc39 and sdubby-1.0-3.fc39. systemd had 'Conflicts: grubby < 8.40-72', which is satisfied by grubby. But sdubby has 'Provides: grubby' (with no version), which prevented installation: $ sudo rpm -i ./sdubby-1.0-3.fc39.noarch.rpm error: Failed dependencies: grubby < 8.40-72 conflicts with (installed) systemd-udev-254.2-7.fc39.x86_64 The rpm docs don't actually say what the meaning of the 'if' is: is it only satisfied by actual package names, or also by Provides. But experiments suggest that Provides are not used. The rich dependency seems to avoid the issue. --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index cf86d44..9a9f1f6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -358,8 +358,8 @@ Obsoletes: systemd < 245.6-1 Provides: udev = %{version} Provides: udev%{_isa} = %{version} Obsoletes: udev < 183 -Conflicts: grubby < 8.40-72 -Conflicts: sdubby < 1.0-3 +Requires: (grubby > 8.40-72 if grubby) +Requires: (sdubby > 1.0-3 if sdubby) # Recommends to replace normal Requires deps for stuff that is dlopen()ed # used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home From bb2f5f0fab6fa663f5584ee152a235d7c0ec42c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 27 Sep 2023 14:05:12 +0200 Subject: [PATCH 207/494] Pull in patches to add PollLimit setting --- ...-PollLimit-settings-to-.socket-units.patch | 243 ++++++++++++++++++ ...-new-PollLimitIntervalSec-PollLimitB.patch | 80 ++++++ 0003-ci-add-test-for-poll-limit.patch | 79 ++++++ systemd.spec | 5 + 4 files changed, 407 insertions(+) create mode 100644 0001-core-add-new-PollLimit-settings-to-.socket-units.patch create mode 100644 0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch create mode 100644 0003-ci-add-test-for-poll-limit.patch diff --git a/0001-core-add-new-PollLimit-settings-to-.socket-units.patch b/0001-core-add-new-PollLimit-settings-to-.socket-units.patch new file mode 100644 index 0000000..351f413 --- /dev/null +++ b/0001-core-add-new-PollLimit-settings-to-.socket-units.patch @@ -0,0 +1,243 @@ +From df25afd2cf5527fe1bb542bb146fef1be8d9a489 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Sat, 9 Sep 2023 14:46:32 +0200 +Subject: [PATCH 1/3] core: add new "PollLimit" settings to .socket units + +This adds a new "PollLimit" pair of settings to .socket units, very +similar to existing "TriggerLimit" logic. The differences are: + +* PollLimit focusses on the polling on the sockets, and pauses that + temporarily if a ratelimit on that is reached. TriggerLimit otoh + focusses on the triggering effect of socket units, and stops + triggering once the ratelimit is hit. + +* While the trigger limit being hit is an action that causes the socket + unit to fail the polling limit being reached will just temporarily + disable polling on the socket fd, and it is resumed once the ratelimit + interval is over. + +* When a socket unit operates on multiple socket fds (e,g, ListenStream= + on both some ipv6 and an ipv4 address or so). Then the PollLimit will + be specific to each fd, while the trigger limit is specific to the + whole unit. + +Implementation-wise this is mostly a wrapper around sd-event's +sd_event_source_set_ratelimit(), which exposes the desired behaviour +directly. + +Usecase for all of this: socket services which when overloaded with +connections should just slow down reception of it, but not fail +persistently. + +(cherry picked from commit 2bec84e7a5bf3687ae65205753ba3d8067cf2f0e) +--- + man/org.freedesktop.systemd1.xml | 12 ++++++++++ + src/core/dbus-socket.c | 8 +++++++ + src/core/load-fragment-gperf.gperf.in | 2 ++ + src/core/socket.c | 32 +++++++++++++++++++-------- + src/core/socket.h | 2 ++ + src/shared/bus-unit-util.c | 10 +++++---- + 6 files changed, 53 insertions(+), 13 deletions(-) + +diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml +index 56906e2f3b..0557dc2379 100644 +--- a/man/org.freedesktop.systemd1.xml ++++ b/man/org.freedesktop.systemd1.xml +@@ -4727,6 +4727,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { + readonly t TriggerLimitIntervalUSec = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("const") + readonly u TriggerLimitBurst = ...; ++ @org.freedesktop.DBus.Property.EmitsChangedSignal("const") ++ readonly t PollLimitIntervalUSec = ...; ++ @org.freedesktop.DBus.Property.EmitsChangedSignal("const") ++ readonly u PollLimitBurst = ...; + readonly u UID = ...; + readonly u GID = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates") +@@ -5961,6 +5965,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { + + + ++ ++ ++ ++ + + + +@@ -6497,6 +6505,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { + + + ++ PollLimitIntervalUSec/PollLimitBurst properties configure the ++ polling limit for the socket unit. Expects a time in µs, resp. an unsigned integer. If either is set to ++ zero the limiting feature is turned off. ++ + + Properties + +diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c +index 09a3a9502b..04552b7c60 100644 +--- a/src/core/dbus-socket.c ++++ b/src/core/dbus-socket.c +@@ -129,6 +129,8 @@ const sd_bus_vtable bus_socket_vtable[] = { + SD_BUS_PROPERTY("SocketProtocol", "i", bus_property_get_int, offsetof(Socket, socket_protocol), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("TriggerLimitIntervalUSec", "t", bus_property_get_usec, offsetof(Socket, trigger_limit.interval), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("TriggerLimitBurst", "u", bus_property_get_unsigned, offsetof(Socket, trigger_limit.burst), SD_BUS_VTABLE_PROPERTY_CONST), ++ SD_BUS_PROPERTY("PollLimitIntervalUSec", "t", bus_property_get_usec, offsetof(Socket, poll_limit_interval), SD_BUS_VTABLE_PROPERTY_CONST), ++ SD_BUS_PROPERTY("PollLimitBurst", "u", bus_property_get_unsigned, offsetof(Socket, poll_limit_burst), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("UID", "u", bus_property_get_uid, offsetof(Unit, ref_uid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), + SD_BUS_PROPERTY("GID", "u", bus_property_get_gid, offsetof(Unit, ref_gid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), + BUS_EXEC_COMMAND_LIST_VTABLE("ExecStartPre", offsetof(Socket, exec_command[SOCKET_EXEC_START_PRE]), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION), +@@ -248,6 +250,9 @@ static int bus_socket_set_transient_property( + if (streq(name, "TriggerLimitBurst")) + return bus_set_transient_unsigned(u, name, &s->trigger_limit.burst, message, flags, error); + ++ if (streq(name, "PollLimitBurst")) ++ return bus_set_transient_unsigned(u, name, &s->poll_limit_burst, message, flags, error); ++ + if (streq(name, "SocketMode")) + return bus_set_transient_mode_t(u, name, &s->socket_mode, message, flags, error); + +@@ -275,6 +280,9 @@ static int bus_socket_set_transient_property( + if (streq(name, "TriggerLimitIntervalUSec")) + return bus_set_transient_usec(u, name, &s->trigger_limit.interval, message, flags, error); + ++ if (streq(name, "PollLimitIntervalUSec")) ++ return bus_set_transient_usec(u, name, &s->poll_limit_interval, message, flags, error); ++ + if (streq(name, "SmackLabel")) + return bus_set_transient_string(u, name, &s->smack, message, flags, error); + +diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in +index b66adf2811..0d1ee9c231 100644 +--- a/src/core/load-fragment-gperf.gperf.in ++++ b/src/core/load-fragment-gperf.gperf.in +@@ -507,6 +507,8 @@ Socket.FileDescriptorName, config_parse_fdname, + Socket.Service, config_parse_socket_service, 0, 0 + Socket.TriggerLimitIntervalSec, config_parse_sec, 0, offsetof(Socket, trigger_limit.interval) + Socket.TriggerLimitBurst, config_parse_unsigned, 0, offsetof(Socket, trigger_limit.burst) ++Socket.PollLimitIntervalSec, config_parse_sec, 0, offsetof(Socket, poll_limit_interval) ++Socket.PollLimitBurst, config_parse_unsigned, 0, offsetof(Socket, poll_limit_burst) + {% if ENABLE_SMACK %} + Socket.SmackLabel, config_parse_unit_string_printf, 0, offsetof(Socket, smack) + Socket.SmackLabelIPIn, config_parse_unit_string_printf, 0, offsetof(Socket, smack_ip_in) +diff --git a/src/core/socket.c b/src/core/socket.c +index 75034ac357..dc18744f54 100644 +--- a/src/core/socket.c ++++ b/src/core/socket.c +@@ -101,6 +101,9 @@ static void socket_init(Unit *u) { + + s->trigger_limit.interval = USEC_INFINITY; + s->trigger_limit.burst = UINT_MAX; ++ ++ s->poll_limit_interval = USEC_INFINITY; ++ s->poll_limit_burst = UINT_MAX; + } + + static void socket_unwatch_control_pid(Socket *s) { +@@ -310,17 +313,20 @@ static int socket_add_extras(Socket *s) { + * off the queues, which it might not necessarily do. Moreover, while Accept=no services are supposed to + * process whatever is queued in one go, and thus should normally never have to be started frequently. This is + * different for Accept=yes where each connection is processed by a new service instance, and thus frequent +- * service starts are typical. */ ++ * service starts are typical. ++ * ++ * For the poll limit we follow a similar rule, but use 3/4th of the trigger limit parameters, to ++ * trigger this earlier. */ + + if (s->trigger_limit.interval == USEC_INFINITY) + s->trigger_limit.interval = 2 * USEC_PER_SEC; ++ if (s->trigger_limit.burst == UINT_MAX) ++ s->trigger_limit.burst = s->accept ? 200 : 20; + +- if (s->trigger_limit.burst == UINT_MAX) { +- if (s->accept) +- s->trigger_limit.burst = 200; +- else +- s->trigger_limit.burst = 20; +- } ++ if (s->poll_limit_interval == USEC_INFINITY) ++ s->poll_limit_interval = 2 * USEC_PER_SEC; ++ if (s->poll_limit_burst == UINT_MAX) ++ s->poll_limit_burst = s->accept ? 150 : 15; + + if (have_non_accept_socket(s)) { + +@@ -770,9 +776,13 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) { + + fprintf(f, + "%sTriggerLimitIntervalSec: %s\n" +- "%sTriggerLimitBurst: %u\n", ++ "%sTriggerLimitBurst: %u\n" ++ "%sPollLimitIntervalSec: %s\n" ++ "%sPollLimitBurst: %u\n", + prefix, FORMAT_TIMESPAN(s->trigger_limit.interval, USEC_PER_SEC), +- prefix, s->trigger_limit.burst); ++ prefix, s->trigger_limit.burst, ++ prefix, FORMAT_TIMESPAN(s->poll_limit_interval, USEC_PER_SEC), ++ prefix, s->poll_limit_burst); + + str = ip_protocol_to_name(s->socket_protocol); + if (str) +@@ -1765,6 +1775,10 @@ static int socket_watch_fds(Socket *s) { + + (void) sd_event_source_set_description(p->event_source, "socket-port-io"); + } ++ ++ r = sd_event_source_set_ratelimit(p->event_source, s->poll_limit_interval, s->poll_limit_burst); ++ if (r < 0) ++ log_unit_debug_errno(UNIT(s), r, "Failed to set poll limit on I/O event source, ignoring: %m"); + } + + return 0; +diff --git a/src/core/socket.h b/src/core/socket.h +index 191d27f46d..b03a291e4a 100644 +--- a/src/core/socket.h ++++ b/src/core/socket.h +@@ -158,6 +158,8 @@ struct Socket { + char *fdname; + + RateLimit trigger_limit; ++ usec_t poll_limit_interval; ++ unsigned poll_limit_burst; + }; + + SocketPeer *socket_peer_ref(SocketPeer *p); +diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c +index e7b44cc39b..9f0f37488d 100644 +--- a/src/shared/bus-unit-util.c ++++ b/src/shared/bus-unit-util.c +@@ -2170,10 +2170,10 @@ static int bus_append_path_property(sd_bus_message *m, const char *field, const + return 1; + } + +- if (streq(field, "TriggerLimitBurst")) ++ if (STR_IN_SET(field, "TriggerLimitBurst", "PollLimitBurst")) + return bus_append_safe_atou(m, field, eq); + +- if (streq(field, "TriggerLimitIntervalSec")) ++ if (STR_IN_SET(field, "TriggerLimitIntervalSec", "PollLimitIntervalSec")) + return bus_append_parse_sec_rename(m, field, eq); + + return 0; +@@ -2382,7 +2382,8 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons + "MaxConnections", + "MaxConnectionsPerSource", + "KeepAliveProbes", +- "TriggerLimitBurst")) ++ "TriggerLimitBurst", ++ "PollLimitBurst")) + return bus_append_safe_atou(m, field, eq); + + if (STR_IN_SET(field, "SocketMode", +@@ -2397,7 +2398,8 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons + "KeepAliveTimeSec", + "KeepAliveIntervalSec", + "DeferAcceptSec", +- "TriggerLimitIntervalSec")) ++ "TriggerLimitIntervalSec", ++ "PollLimitIntervalSec")) + return bus_append_parse_sec_rename(m, field, eq); + + if (STR_IN_SET(field, "ReceiveBuffer", diff --git a/0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch b/0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch new file mode 100644 index 0000000..e2e80e9 --- /dev/null +++ b/0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch @@ -0,0 +1,80 @@ +From f6b09a2ed646f0a0b54605d4c19a898ab2bbf192 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 18 Sep 2023 17:51:49 +0200 +Subject: [PATCH 2/3] man: document the new + PollLimitIntervalSec=/PollLimitBurst= settings + +(cherry picked from commit 9373fce68de183a615d44fe100dcf22e3c9b8c3e) +--- + man/systemd.socket.xml | 58 ++++++++++++++++++++++++++++++++++-------- + 1 file changed, 47 insertions(+), 11 deletions(-) + +diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml +index 45555302f1..462978d438 100644 +--- a/man/systemd.socket.xml ++++ b/man/systemd.socket.xml +@@ -830,17 +830,53 @@ + TriggerLimitIntervalSec= + TriggerLimitBurst= + +- Configures a limit on how often this socket unit may be activated within a specific time +- interval. The TriggerLimitIntervalSec= may be used to configure the length of the time +- interval in the usual time units us, ms, s, +- min, h, … and defaults to 2s (See +- systemd.time7 for details on +- the various time units understood). The TriggerLimitBurst= setting takes a positive integer +- value and specifies the number of permitted activations per time interval, and defaults to 200 for +- Accept=yes sockets (thus by default permitting 200 activations per 2s), and 20 otherwise (20 +- activations per 2s). Set either to 0 to disable any form of trigger rate limiting. If the limit is hit, the +- socket unit is placed into a failure mode, and will not be connectible anymore until restarted. Note that this +- limit is enforced before the service activation is enqueued. ++ Configures a limit on how often this socket unit may be activated within a specific ++ time interval. The TriggerLimitIntervalSec= setting may be used to configure the ++ length of the time interval in the usual time units us, ms, ++ s, min, h, … and defaults to 2s (See ++ systemd.time7 for ++ details on the various time units understood). The TriggerLimitBurst= setting ++ takes a positive integer value and specifies the number of permitted activations per time interval, ++ and defaults to 200 for Accept=yes sockets (thus by default permitting 200 ++ activations per 2s), and 20 otherwise (20 activations per 2s). Set either to 0 to disable any form of ++ trigger rate limiting. ++ ++ If the limit is hit, the socket unit is placed into a failure mode, and will not be connectible ++ anymore until restarted. Note that this limit is enforced before the service activation is ++ enqueued. ++ ++ Compare with PollLimitIntervalSec=/PollLimitBurst= ++ described below, which implements a temporary slowdown if a socket unit is flooded with incoming ++ traffic, as opposed to the permanent failure state ++ TriggerLimitIntervalSec=/TriggerLimitBurst= results in. ++ ++ ++ ++ ++ PollLimitIntervalSec= ++ PollLimitBurst= ++ ++ Configures a limit on how often polling events on the file descriptors backing this ++ socket unit will be considered. This pair of settings is similar to ++ TriggerLimitIntervalSec=/TriggerLimitBurst= but instead of ++ putting a (fatal) limit on the activation frequency puts a (transient) limit on the polling ++ frequency. The expected parameter syntax and range are identical to that of the aforementioned ++ options, and can be disabled the same way. ++ ++ If the polling limit is hit polling is temporarily disabled on it until the specified time ++ window passes. The polling limit hence slows down connection attempts if hit, but unlike the trigger ++ limit won't cause permanent failures. It's the recommended mechanism to deal with DoS attempts ++ through packet flooding. ++ ++ The polling limit is enforced per file descriptor to listen on, as opposed to the trigger limit ++ which is enforced for the entire socket unit. This distinction matters for socket units that listen ++ on multiple file descriptors (i.e. have multiple ListenXYZ= stanzas). ++ ++ These setting defaults to 150 (in case of Accept=yes) and 15 (otherwise) ++ polling events per 2s. This is considerably lower than the default values for the trigger limit (see ++ above) and means that the polling limit should typically ensure the trigger limit is never hit, ++ unless one of them is reconfigured or disabled. ++ + + + diff --git a/0003-ci-add-test-for-poll-limit.patch b/0003-ci-add-test-for-poll-limit.patch new file mode 100644 index 0000000..33e2178 --- /dev/null +++ b/0003-ci-add-test-for-poll-limit.patch @@ -0,0 +1,79 @@ +From ae92a9714744bbf92fe69ffe276a668b031a6d26 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 18 Sep 2023 18:05:27 +0200 +Subject: [PATCH 3/3] ci: add test for poll limit + +(cherry picked from commit 065e478a4a8cc8e41a6e87756c081396f253e853) +--- + test/TEST-07-PID1/test.sh | 2 ++ + test/units/testsuite-07.poll-limit.sh | 48 +++++++++++++++++++++++++++ + 2 files changed, 50 insertions(+) + create mode 100755 test/units/testsuite-07.poll-limit.sh + +diff --git a/test/TEST-07-PID1/test.sh b/test/TEST-07-PID1/test.sh +index 1c3d7137fe..d0e35d870f 100755 +--- a/test/TEST-07-PID1/test.sh ++++ b/test/TEST-07-PID1/test.sh +@@ -32,6 +32,8 @@ Alias=issue2730-alias.mount + EOF + "${SYSTEMCTL:?}" enable --root="$workspace" issue2730.mount + ln -svrf "$workspace/etc/systemd/system/issue2730.mount" "$workspace/etc/systemd/system/issue2730-alias.mount" ++ ++ image_install logger + } + + do_test "$@" +diff --git a/test/units/testsuite-07.poll-limit.sh b/test/units/testsuite-07.poll-limit.sh +new file mode 100755 +index 0000000000..480d7ee8df +--- /dev/null ++++ b/test/units/testsuite-07.poll-limit.sh +@@ -0,0 +1,48 @@ ++#!/usr/bin/env bash ++# SPDX-License-Identifier: LGPL-2.1-or-later ++set -eux ++set -o pipefail ++ ++systemd-analyze log-level debug ++ ++cat > /run/systemd/system/floodme@.service < /run/systemd/system/floodme.socket < Date: Wed, 27 Sep 2023 14:10:51 +0200 Subject: [PATCH 208/494] Version 254.5 - Resolves rhbz#29216. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 5e5cc91..1482dea 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-254.2.tar.gz) = 4c71dc0a9b23eac03b1c3f22a77b5a5aeb5b7c7577b1d90582852fe7da43ff6a8e2e9c06bd7951827bc07e34ab2710b4793e784e49820f2d09db9a0209ec08dd +SHA512 (systemd-254.5.tar.gz) = 8e9b4f802c4da2a0dea6028df78d20de5d96802d8f614d0392e89dea605cdd8d9c1724ce3ea382378d582402646f8bea2ffcd55a84262461721ee3f691105b7a diff --git a/systemd.spec b/systemd.spec index 3d32cb9..dd6664b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 254.2 +Version: 254.5 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From a9b4725785936940a78c2e89dfd9ced2573094cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 27 Sep 2023 18:02:52 +0200 Subject: [PATCH 209/494] Pull in more patches for keyboard layout matching --- ...map-extend-variant-match-bonus-again.patch | 50 +++++++++++++++++++ ...rd-model-map-correct-sk-qwerty-entry.patch | 25 ++++++++++ systemd.spec | 8 +-- 3 files changed, 80 insertions(+), 3 deletions(-) create mode 100644 0001-find_legacy_keymap-extend-variant-match-bonus-again.patch create mode 100644 0001-keyboard-model-map-correct-sk-qwerty-entry.patch diff --git a/0001-find_legacy_keymap-extend-variant-match-bonus-again.patch b/0001-find_legacy_keymap-extend-variant-match-bonus-again.patch new file mode 100644 index 0000000..02f6fc0 --- /dev/null +++ b/0001-find_legacy_keymap-extend-variant-match-bonus-again.patch @@ -0,0 +1,50 @@ +From 537c00c984910f417a2f2d4aad997f822060d4d1 Mon Sep 17 00:00:00 2001 +From: Adam Williamson +Date: Tue, 19 Sep 2023 16:06:26 -0700 +Subject: [PATCH] find_legacy_keymap: extend variant match bonus again + +If the column is "-" and the X context variant specifer only +contains commas, we should also give the match bonus. The variant +string is supposed to be a comma-separated list as long as the +list of layouts, so it's quite natural for consumers to be written +in such a way that they pass a string only containing commas if +there are multiple layouts and no variants. anaconda is a real +world case that does this. + +Signed-off-by: Adam Williamson +--- + src/locale/localed-util.c | 2 +- + src/locale/test-localed-util.c | 7 +++++++ + 2 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c +index eba13a2ac3..9b6949e14d 100644 +--- a/src/locale/localed-util.c ++++ b/src/locale/localed-util.c +@@ -839,7 +839,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) { + if (isempty(xc->model) || streq_ptr(xc->model, a[2])) { + matching++; + +- if (streq_ptr(xc->variant, a[3]) || (isempty(xc->variant) && streq(a[3], "-"))) { ++ if (streq_ptr(xc->variant, a[3]) || ((isempty(xc->variant) || streq_skip_trailing_chars(xc->variant, "", ",")) && streq(a[3], "-"))) { + matching++; + + if (streq_ptr(xc->options, a[4])) +diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c +index f702ff29b0..e92c178a98 100644 +--- a/src/locale/test-localed-util.c ++++ b/src/locale/test-localed-util.c +@@ -185,6 +185,13 @@ TEST(x11_convert_to_vconsole) { + assert_se(streq(vc.keymap, "bg_bds-utf8")); + vc_context_clear(&vc); + ++ /* same, but with variant specified as "," */ ++ log_info("/* test with variant as ',', desired match second (bg,us:) */"); ++ assert_se(free_and_strdup(&xc.variant, ",") >= 0); ++ assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0); ++ assert_se(streq(vc.keymap, "bg_bds-utf8")); ++ vc_context_clear(&vc); ++ + log_info("/* test with old mapping (fr:latin9) */"); + assert_se(free_and_strdup(&xc.layout, "fr") >= 0); + assert_se(free_and_strdup(&xc.variant, "latin9") >= 0); diff --git a/0001-keyboard-model-map-correct-sk-qwerty-entry.patch b/0001-keyboard-model-map-correct-sk-qwerty-entry.patch new file mode 100644 index 0000000..f6a042a --- /dev/null +++ b/0001-keyboard-model-map-correct-sk-qwerty-entry.patch @@ -0,0 +1,25 @@ +From ca831de1704f4e28241df513aa89ac465a7c8ab2 Mon Sep 17 00:00:00 2001 +From: Adam Williamson +Date: Wed, 20 Sep 2023 15:14:31 -0700 +Subject: [PATCH] keyboard-model-map: correct sk-qwerty entry + +qwerty here is a variant, not an option. + +Signed-off-by: Adam Williamson +--- + src/locale/kbd-model-map | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/locale/kbd-model-map b/src/locale/kbd-model-map +index a145e13ecd..279d1a36d8 100644 +--- a/src/locale/kbd-model-map ++++ b/src/locale/kbd-model-map +@@ -52,7 +52,7 @@ es es pc105 - terminate:ctrl_alt_bksp + ro-cedilla ro pc105 cedilla terminate:ctrl_alt_bksp + ie ie pc105 - terminate:ctrl_alt_bksp + et ee pc105 - terminate:ctrl_alt_bksp +-sk-qwerty sk pc105 - terminate:ctrl_alt_bksp,qwerty ++sk-qwerty sk pc105 qwerty terminate:ctrl_alt_bksp + sk-qwertz sk pc105 - terminate:ctrl_alt_bksp + fr-latin9 fr pc105 latin9 terminate:ctrl_alt_bksp + fr_CH-latin1 ch pc105 fr terminate:ctrl_alt_bksp diff --git a/systemd.spec b/systemd.spec index dd6664b..b2d550a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -112,11 +112,13 @@ Patch0002: https://github.com/systemd/systemd/pull/28521/commits/631d2b05ec # https://bugzilla.redhat.com/show_bug.cgi?id=1912609 Patch0003: 0001-find_legacy_keymap-fix-empty-variant-matching.patch Patch0004: 0002-find_legacy_keymap-try-matching-with-layout-order-re.patch +Patch0005: 0001-find_legacy_keymap-extend-variant-match-bonus-again.patch +Patch0006: 0001-keyboard-model-map-correct-sk-qwerty-entry.patch # Requested as an alternative to https://fedoraproject.org/wiki/Changes/Drop_Sshd_Socket -Patch0005: 0001-core-add-new-PollLimit-settings-to-.socket-units.patch -Patch0006: 0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch -Patch0007: 0003-ci-add-test-for-poll-limit.patch +Patch0010: 0001-core-add-new-PollLimit-settings-to-.socket-units.patch +Patch0011: 0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch +Patch0012: 0003-ci-add-test-for-poll-limit.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From e8cc280d45091673cf5d0b7d21fbfa641212b5dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 7 Nov 2023 16:27:34 +0100 Subject: [PATCH 210/494] Version 255~rc1 - See https://raw.githubusercontent.com/systemd/systemd/v255-rc1/NEWS - All the files and services related to pcrs are moved to -udev subpackage. This includes the new systemd-pcrlock binary. --- ...-PollLimit-settings-to-.socket-units.patch | 243 ------------------ ...map-extend-variant-match-bonus-again.patch | 50 ---- ...cy_keymap-fix-empty-variant-matching.patch | 58 ----- ...rd-model-map-correct-sk-qwerty-entry.patch | 25 -- ...ap-try-matching-with-layout-order-re.patch | 117 --------- ...-new-PollLimitIntervalSec-PollLimitB.patch | 80 ------ 0003-ci-add-test-for-poll-limit.patch | 79 ------ ...2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch | 94 ------- sources | 2 +- split-files.py | 2 +- systemd.spec | 126 ++++----- 11 files changed, 51 insertions(+), 825 deletions(-) delete mode 100644 0001-core-add-new-PollLimit-settings-to-.socket-units.patch delete mode 100644 0001-find_legacy_keymap-extend-variant-match-bonus-again.patch delete mode 100644 0001-find_legacy_keymap-fix-empty-variant-matching.patch delete mode 100644 0001-keyboard-model-map-correct-sk-qwerty-entry.patch delete mode 100644 0002-find_legacy_keymap-try-matching-with-layout-order-re.patch delete mode 100644 0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch delete mode 100644 0003-ci-add-test-for-poll-limit.patch delete mode 100644 631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch diff --git a/0001-core-add-new-PollLimit-settings-to-.socket-units.patch b/0001-core-add-new-PollLimit-settings-to-.socket-units.patch deleted file mode 100644 index 351f413..0000000 --- a/0001-core-add-new-PollLimit-settings-to-.socket-units.patch +++ /dev/null @@ -1,243 +0,0 @@ -From df25afd2cf5527fe1bb542bb146fef1be8d9a489 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Sat, 9 Sep 2023 14:46:32 +0200 -Subject: [PATCH 1/3] core: add new "PollLimit" settings to .socket units - -This adds a new "PollLimit" pair of settings to .socket units, very -similar to existing "TriggerLimit" logic. The differences are: - -* PollLimit focusses on the polling on the sockets, and pauses that - temporarily if a ratelimit on that is reached. TriggerLimit otoh - focusses on the triggering effect of socket units, and stops - triggering once the ratelimit is hit. - -* While the trigger limit being hit is an action that causes the socket - unit to fail the polling limit being reached will just temporarily - disable polling on the socket fd, and it is resumed once the ratelimit - interval is over. - -* When a socket unit operates on multiple socket fds (e,g, ListenStream= - on both some ipv6 and an ipv4 address or so). Then the PollLimit will - be specific to each fd, while the trigger limit is specific to the - whole unit. - -Implementation-wise this is mostly a wrapper around sd-event's -sd_event_source_set_ratelimit(), which exposes the desired behaviour -directly. - -Usecase for all of this: socket services which when overloaded with -connections should just slow down reception of it, but not fail -persistently. - -(cherry picked from commit 2bec84e7a5bf3687ae65205753ba3d8067cf2f0e) ---- - man/org.freedesktop.systemd1.xml | 12 ++++++++++ - src/core/dbus-socket.c | 8 +++++++ - src/core/load-fragment-gperf.gperf.in | 2 ++ - src/core/socket.c | 32 +++++++++++++++++++-------- - src/core/socket.h | 2 ++ - src/shared/bus-unit-util.c | 10 +++++---- - 6 files changed, 53 insertions(+), 13 deletions(-) - -diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml -index 56906e2f3b..0557dc2379 100644 ---- a/man/org.freedesktop.systemd1.xml -+++ b/man/org.freedesktop.systemd1.xml -@@ -4727,6 +4727,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { - readonly t TriggerLimitIntervalUSec = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("const") - readonly u TriggerLimitBurst = ...; -+ @org.freedesktop.DBus.Property.EmitsChangedSignal("const") -+ readonly t PollLimitIntervalUSec = ...; -+ @org.freedesktop.DBus.Property.EmitsChangedSignal("const") -+ readonly u PollLimitBurst = ...; - readonly u UID = ...; - readonly u GID = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates") -@@ -5961,6 +5965,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { - - - -+ -+ -+ -+ - - - -@@ -6497,6 +6505,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { - - - -+ PollLimitIntervalUSec/PollLimitBurst properties configure the -+ polling limit for the socket unit. Expects a time in µs, resp. an unsigned integer. If either is set to -+ zero the limiting feature is turned off. -+ - - Properties - -diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c -index 09a3a9502b..04552b7c60 100644 ---- a/src/core/dbus-socket.c -+++ b/src/core/dbus-socket.c -@@ -129,6 +129,8 @@ const sd_bus_vtable bus_socket_vtable[] = { - SD_BUS_PROPERTY("SocketProtocol", "i", bus_property_get_int, offsetof(Socket, socket_protocol), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("TriggerLimitIntervalUSec", "t", bus_property_get_usec, offsetof(Socket, trigger_limit.interval), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("TriggerLimitBurst", "u", bus_property_get_unsigned, offsetof(Socket, trigger_limit.burst), SD_BUS_VTABLE_PROPERTY_CONST), -+ SD_BUS_PROPERTY("PollLimitIntervalUSec", "t", bus_property_get_usec, offsetof(Socket, poll_limit_interval), SD_BUS_VTABLE_PROPERTY_CONST), -+ SD_BUS_PROPERTY("PollLimitBurst", "u", bus_property_get_unsigned, offsetof(Socket, poll_limit_burst), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("UID", "u", bus_property_get_uid, offsetof(Unit, ref_uid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), - SD_BUS_PROPERTY("GID", "u", bus_property_get_gid, offsetof(Unit, ref_gid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), - BUS_EXEC_COMMAND_LIST_VTABLE("ExecStartPre", offsetof(Socket, exec_command[SOCKET_EXEC_START_PRE]), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION), -@@ -248,6 +250,9 @@ static int bus_socket_set_transient_property( - if (streq(name, "TriggerLimitBurst")) - return bus_set_transient_unsigned(u, name, &s->trigger_limit.burst, message, flags, error); - -+ if (streq(name, "PollLimitBurst")) -+ return bus_set_transient_unsigned(u, name, &s->poll_limit_burst, message, flags, error); -+ - if (streq(name, "SocketMode")) - return bus_set_transient_mode_t(u, name, &s->socket_mode, message, flags, error); - -@@ -275,6 +280,9 @@ static int bus_socket_set_transient_property( - if (streq(name, "TriggerLimitIntervalUSec")) - return bus_set_transient_usec(u, name, &s->trigger_limit.interval, message, flags, error); - -+ if (streq(name, "PollLimitIntervalUSec")) -+ return bus_set_transient_usec(u, name, &s->poll_limit_interval, message, flags, error); -+ - if (streq(name, "SmackLabel")) - return bus_set_transient_string(u, name, &s->smack, message, flags, error); - -diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in -index b66adf2811..0d1ee9c231 100644 ---- a/src/core/load-fragment-gperf.gperf.in -+++ b/src/core/load-fragment-gperf.gperf.in -@@ -507,6 +507,8 @@ Socket.FileDescriptorName, config_parse_fdname, - Socket.Service, config_parse_socket_service, 0, 0 - Socket.TriggerLimitIntervalSec, config_parse_sec, 0, offsetof(Socket, trigger_limit.interval) - Socket.TriggerLimitBurst, config_parse_unsigned, 0, offsetof(Socket, trigger_limit.burst) -+Socket.PollLimitIntervalSec, config_parse_sec, 0, offsetof(Socket, poll_limit_interval) -+Socket.PollLimitBurst, config_parse_unsigned, 0, offsetof(Socket, poll_limit_burst) - {% if ENABLE_SMACK %} - Socket.SmackLabel, config_parse_unit_string_printf, 0, offsetof(Socket, smack) - Socket.SmackLabelIPIn, config_parse_unit_string_printf, 0, offsetof(Socket, smack_ip_in) -diff --git a/src/core/socket.c b/src/core/socket.c -index 75034ac357..dc18744f54 100644 ---- a/src/core/socket.c -+++ b/src/core/socket.c -@@ -101,6 +101,9 @@ static void socket_init(Unit *u) { - - s->trigger_limit.interval = USEC_INFINITY; - s->trigger_limit.burst = UINT_MAX; -+ -+ s->poll_limit_interval = USEC_INFINITY; -+ s->poll_limit_burst = UINT_MAX; - } - - static void socket_unwatch_control_pid(Socket *s) { -@@ -310,17 +313,20 @@ static int socket_add_extras(Socket *s) { - * off the queues, which it might not necessarily do. Moreover, while Accept=no services are supposed to - * process whatever is queued in one go, and thus should normally never have to be started frequently. This is - * different for Accept=yes where each connection is processed by a new service instance, and thus frequent -- * service starts are typical. */ -+ * service starts are typical. -+ * -+ * For the poll limit we follow a similar rule, but use 3/4th of the trigger limit parameters, to -+ * trigger this earlier. */ - - if (s->trigger_limit.interval == USEC_INFINITY) - s->trigger_limit.interval = 2 * USEC_PER_SEC; -+ if (s->trigger_limit.burst == UINT_MAX) -+ s->trigger_limit.burst = s->accept ? 200 : 20; - -- if (s->trigger_limit.burst == UINT_MAX) { -- if (s->accept) -- s->trigger_limit.burst = 200; -- else -- s->trigger_limit.burst = 20; -- } -+ if (s->poll_limit_interval == USEC_INFINITY) -+ s->poll_limit_interval = 2 * USEC_PER_SEC; -+ if (s->poll_limit_burst == UINT_MAX) -+ s->poll_limit_burst = s->accept ? 150 : 15; - - if (have_non_accept_socket(s)) { - -@@ -770,9 +776,13 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) { - - fprintf(f, - "%sTriggerLimitIntervalSec: %s\n" -- "%sTriggerLimitBurst: %u\n", -+ "%sTriggerLimitBurst: %u\n" -+ "%sPollLimitIntervalSec: %s\n" -+ "%sPollLimitBurst: %u\n", - prefix, FORMAT_TIMESPAN(s->trigger_limit.interval, USEC_PER_SEC), -- prefix, s->trigger_limit.burst); -+ prefix, s->trigger_limit.burst, -+ prefix, FORMAT_TIMESPAN(s->poll_limit_interval, USEC_PER_SEC), -+ prefix, s->poll_limit_burst); - - str = ip_protocol_to_name(s->socket_protocol); - if (str) -@@ -1765,6 +1775,10 @@ static int socket_watch_fds(Socket *s) { - - (void) sd_event_source_set_description(p->event_source, "socket-port-io"); - } -+ -+ r = sd_event_source_set_ratelimit(p->event_source, s->poll_limit_interval, s->poll_limit_burst); -+ if (r < 0) -+ log_unit_debug_errno(UNIT(s), r, "Failed to set poll limit on I/O event source, ignoring: %m"); - } - - return 0; -diff --git a/src/core/socket.h b/src/core/socket.h -index 191d27f46d..b03a291e4a 100644 ---- a/src/core/socket.h -+++ b/src/core/socket.h -@@ -158,6 +158,8 @@ struct Socket { - char *fdname; - - RateLimit trigger_limit; -+ usec_t poll_limit_interval; -+ unsigned poll_limit_burst; - }; - - SocketPeer *socket_peer_ref(SocketPeer *p); -diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c -index e7b44cc39b..9f0f37488d 100644 ---- a/src/shared/bus-unit-util.c -+++ b/src/shared/bus-unit-util.c -@@ -2170,10 +2170,10 @@ static int bus_append_path_property(sd_bus_message *m, const char *field, const - return 1; - } - -- if (streq(field, "TriggerLimitBurst")) -+ if (STR_IN_SET(field, "TriggerLimitBurst", "PollLimitBurst")) - return bus_append_safe_atou(m, field, eq); - -- if (streq(field, "TriggerLimitIntervalSec")) -+ if (STR_IN_SET(field, "TriggerLimitIntervalSec", "PollLimitIntervalSec")) - return bus_append_parse_sec_rename(m, field, eq); - - return 0; -@@ -2382,7 +2382,8 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons - "MaxConnections", - "MaxConnectionsPerSource", - "KeepAliveProbes", -- "TriggerLimitBurst")) -+ "TriggerLimitBurst", -+ "PollLimitBurst")) - return bus_append_safe_atou(m, field, eq); - - if (STR_IN_SET(field, "SocketMode", -@@ -2397,7 +2398,8 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons - "KeepAliveTimeSec", - "KeepAliveIntervalSec", - "DeferAcceptSec", -- "TriggerLimitIntervalSec")) -+ "TriggerLimitIntervalSec", -+ "PollLimitIntervalSec")) - return bus_append_parse_sec_rename(m, field, eq); - - if (STR_IN_SET(field, "ReceiveBuffer", diff --git a/0001-find_legacy_keymap-extend-variant-match-bonus-again.patch b/0001-find_legacy_keymap-extend-variant-match-bonus-again.patch deleted file mode 100644 index 02f6fc0..0000000 --- a/0001-find_legacy_keymap-extend-variant-match-bonus-again.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 537c00c984910f417a2f2d4aad997f822060d4d1 Mon Sep 17 00:00:00 2001 -From: Adam Williamson -Date: Tue, 19 Sep 2023 16:06:26 -0700 -Subject: [PATCH] find_legacy_keymap: extend variant match bonus again - -If the column is "-" and the X context variant specifer only -contains commas, we should also give the match bonus. The variant -string is supposed to be a comma-separated list as long as the -list of layouts, so it's quite natural for consumers to be written -in such a way that they pass a string only containing commas if -there are multiple layouts and no variants. anaconda is a real -world case that does this. - -Signed-off-by: Adam Williamson ---- - src/locale/localed-util.c | 2 +- - src/locale/test-localed-util.c | 7 +++++++ - 2 files changed, 8 insertions(+), 1 deletion(-) - -diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c -index eba13a2ac3..9b6949e14d 100644 ---- a/src/locale/localed-util.c -+++ b/src/locale/localed-util.c -@@ -839,7 +839,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) { - if (isempty(xc->model) || streq_ptr(xc->model, a[2])) { - matching++; - -- if (streq_ptr(xc->variant, a[3]) || (isempty(xc->variant) && streq(a[3], "-"))) { -+ if (streq_ptr(xc->variant, a[3]) || ((isempty(xc->variant) || streq_skip_trailing_chars(xc->variant, "", ",")) && streq(a[3], "-"))) { - matching++; - - if (streq_ptr(xc->options, a[4])) -diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c -index f702ff29b0..e92c178a98 100644 ---- a/src/locale/test-localed-util.c -+++ b/src/locale/test-localed-util.c -@@ -185,6 +185,13 @@ TEST(x11_convert_to_vconsole) { - assert_se(streq(vc.keymap, "bg_bds-utf8")); - vc_context_clear(&vc); - -+ /* same, but with variant specified as "," */ -+ log_info("/* test with variant as ',', desired match second (bg,us:) */"); -+ assert_se(free_and_strdup(&xc.variant, ",") >= 0); -+ assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0); -+ assert_se(streq(vc.keymap, "bg_bds-utf8")); -+ vc_context_clear(&vc); -+ - log_info("/* test with old mapping (fr:latin9) */"); - assert_se(free_and_strdup(&xc.layout, "fr") >= 0); - assert_se(free_and_strdup(&xc.variant, "latin9") >= 0); diff --git a/0001-find_legacy_keymap-fix-empty-variant-matching.patch b/0001-find_legacy_keymap-fix-empty-variant-matching.patch deleted file mode 100644 index c15a017..0000000 --- a/0001-find_legacy_keymap-fix-empty-variant-matching.patch +++ /dev/null @@ -1,58 +0,0 @@ -From a30ae31351ffa701ca860779495d4f52db4c462c Mon Sep 17 00:00:00 2001 -From: Adam Williamson -Date: Fri, 15 Sep 2023 15:35:36 -0700 -Subject: [PATCH 1/2] find_legacy_keymap: fix empty variant matching - -We should give a match bonus if the X context variant is empty -and the xvariant column in kbd-model-map is "-" (which means -none). Currently, we don't, which means that if you call this -on a context with layouts bg,us and no variant, you get the -console layout bg_pho-utf8 instead of bg_bds-utf8 (because both -score the same, and the bg_pho-utf8 row comes first). You should -get bg_bds-utf8 in this case. - -Signed-off-by: Adam Williamson ---- - src/locale/localed-util.c | 2 +- - src/locale/test-localed-util.c | 12 ++++++++++++ - 2 files changed, 13 insertions(+), 1 deletion(-) - -diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c -index 02fac9786b..6a05b50a31 100644 ---- a/src/locale/localed-util.c -+++ b/src/locale/localed-util.c -@@ -825,7 +825,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) { - if (isempty(xc->model) || streq_ptr(xc->model, a[2])) { - matching++; - -- if (streq_ptr(xc->variant, a[3])) { -+ if (streq_ptr(xc->variant, a[3]) || (isempty(xc->variant) && streq(a[3], "-"))) { - matching++; - - if (streq_ptr(xc->options, a[4])) -diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c -index cb66dffd48..a19d80a967 100644 ---- a/src/locale/test-localed-util.c -+++ b/src/locale/test-localed-util.c -@@ -173,6 +173,18 @@ TEST(x11_convert_to_vconsole) { - assert_se(streq(vc.keymap, "es-dvorak")); - vc_context_clear(&vc); - -+ /* es no-variant test is not very good as the desired match -+ comes first in the list so will win if both candidates score -+ the same. in this case the desired match comes second so will -+ not win unless we correctly give the no-variant match a bonus -+ */ -+ log_info("/* test without variant, desired match second (bg,us:) */"); -+ assert_se(free_and_strdup(&xc.layout, "bg,us") >= 0); -+ assert_se(free_and_strdup(&xc.variant, NULL) >= 0); -+ assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0); -+ assert_se(streq(vc.keymap, "bg_bds-utf8")); -+ vc_context_clear(&vc); -+ - log_info("/* test with old mapping (fr:latin9) */"); - assert_se(free_and_strdup(&xc.layout, "fr") >= 0); - assert_se(free_and_strdup(&xc.variant, "latin9") >= 0); --- -2.41.0 - diff --git a/0001-keyboard-model-map-correct-sk-qwerty-entry.patch b/0001-keyboard-model-map-correct-sk-qwerty-entry.patch deleted file mode 100644 index f6a042a..0000000 --- a/0001-keyboard-model-map-correct-sk-qwerty-entry.patch +++ /dev/null @@ -1,25 +0,0 @@ -From ca831de1704f4e28241df513aa89ac465a7c8ab2 Mon Sep 17 00:00:00 2001 -From: Adam Williamson -Date: Wed, 20 Sep 2023 15:14:31 -0700 -Subject: [PATCH] keyboard-model-map: correct sk-qwerty entry - -qwerty here is a variant, not an option. - -Signed-off-by: Adam Williamson ---- - src/locale/kbd-model-map | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/locale/kbd-model-map b/src/locale/kbd-model-map -index a145e13ecd..279d1a36d8 100644 ---- a/src/locale/kbd-model-map -+++ b/src/locale/kbd-model-map -@@ -52,7 +52,7 @@ es es pc105 - terminate:ctrl_alt_bksp - ro-cedilla ro pc105 cedilla terminate:ctrl_alt_bksp - ie ie pc105 - terminate:ctrl_alt_bksp - et ee pc105 - terminate:ctrl_alt_bksp --sk-qwerty sk pc105 - terminate:ctrl_alt_bksp,qwerty -+sk-qwerty sk pc105 qwerty terminate:ctrl_alt_bksp - sk-qwertz sk pc105 - terminate:ctrl_alt_bksp - fr-latin9 fr pc105 latin9 terminate:ctrl_alt_bksp - fr_CH-latin1 ch pc105 fr terminate:ctrl_alt_bksp diff --git a/0002-find_legacy_keymap-try-matching-with-layout-order-re.patch b/0002-find_legacy_keymap-try-matching-with-layout-order-re.patch deleted file mode 100644 index d0eb7d0..0000000 --- a/0002-find_legacy_keymap-try-matching-with-layout-order-re.patch +++ /dev/null @@ -1,117 +0,0 @@ -From cf649cc21bf997b90606db664d74726fcaf002de Mon Sep 17 00:00:00 2001 -From: Adam Williamson -Date: Fri, 15 Sep 2023 16:02:29 -0700 -Subject: [PATCH 2/2] find_legacy_keymap: try matching with layout order - reversed - -The lines in kbd-model-map date back to ye olde times (RH's old -system-config-keyboard), and I think predate this bug: - -https://bugzilla.redhat.com/show_bug.cgi?id=1039185 - -where we got strong feedback that, for 'switched' layout setups -like Russian, US English should be the *first* layout and the -native layout the *second* one. This is how anaconda and, as of -recently, gnome-initial-setup configure such cases - but that -means, if we try to use localed to convert these configurations -using kbd-model-map, we get the wrong result (we get "us" as the -console layout). See also: - -https://bugzilla.redhat.com/show_bug.cgi?id=1912609 - -where we first noticed this wasn't working right, but sadly, we -'fixed' it with a not-really-correct bodge in anaconda instead -of doing it properly. - -Signed-off-by: Adam Williamson ---- - src/locale/localed-util.c | 44 ++++++++++++++++++++++------------ - src/locale/test-localed-util.c | 5 +++- - 2 files changed, 33 insertions(+), 16 deletions(-) - -diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c -index 6a05b50a31..eba13a2ac3 100644 ---- a/src/locale/localed-util.c -+++ b/src/locale/localed-util.c -@@ -803,21 +803,35 @@ int find_legacy_keymap(const X11Context *xc, char **ret) { - /* If we got an exact match, this is the best */ - matching = 10; - else { -- /* We have multiple X layouts, look for an -- * entry that matches our key with everything -- * but the first layout stripped off. */ -- if (startswith_comma(xc->layout, a[1])) -- matching = 5; -+ /* see if we get an exact match with the order reversed */ -+ _cleanup_strv_free_ char **b = NULL; -+ _cleanup_free_ char *c = NULL; -+ r = strv_split_full(&b, a[1], ",", 0); -+ if (r < 0) -+ return r; -+ strv_reverse(b); -+ c = strv_join(b, ","); -+ if (!c) -+ return log_oom(); -+ if (streq(xc->layout, c)) -+ matching = 9; - else { -- _cleanup_free_ char *x = NULL; -- -- /* If that didn't work, strip off the -- * other layouts from the entry, too */ -- x = strdupcspn(a[1], ","); -- if (!x) -- return -ENOMEM; -- if (startswith_comma(xc->layout, x)) -- matching = 1; -+ /* We have multiple X layouts, look for an -+ * entry that matches our key with everything -+ * but the first layout stripped off. */ -+ if (startswith_comma(xc->layout, a[1])) -+ matching = 5; -+ else { -+ _cleanup_free_ char *x = NULL; -+ -+ /* If that didn't work, strip off the -+ * other layouts from the entry, too */ -+ x = strdupcspn(a[1], ","); -+ if (!x) -+ return -ENOMEM; -+ if (startswith_comma(xc->layout, x)) -+ matching = 1; -+ } - } - } - -@@ -848,7 +862,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) { - } - } - -- if (best_matching < 10 && !isempty(xc->layout)) { -+ if (best_matching < 9 && !isempty(xc->layout)) { - _cleanup_free_ char *l = NULL, *v = NULL, *converted = NULL; - - /* The best match is only the first part of the X11 -diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c -index a19d80a967..f702ff29b0 100644 ---- a/src/locale/test-localed-util.c -+++ b/src/locale/test-localed-util.c -@@ -192,11 +192,14 @@ TEST(x11_convert_to_vconsole) { - assert_se(streq(vc.keymap, "fr-latin9")); - vc_context_clear(&vc); - -+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1039185 */ -+ /* us,ru is the x config users want, but they still want ru -+ as the console layout in this case */ - log_info("/* test with a compound mapping (us,ru:) */"); - assert_se(free_and_strdup(&xc.layout, "us,ru") >= 0); - assert_se(free_and_strdup(&xc.variant, NULL) >= 0); - assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0); -- assert_se(streq(vc.keymap, "us")); -+ assert_se(streq(vc.keymap, "ru")); - vc_context_clear(&vc); - - log_info("/* test with a compound mapping (ru,us:) */"); --- -2.41.0 - diff --git a/0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch b/0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch deleted file mode 100644 index e2e80e9..0000000 --- a/0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch +++ /dev/null @@ -1,80 +0,0 @@ -From f6b09a2ed646f0a0b54605d4c19a898ab2bbf192 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 18 Sep 2023 17:51:49 +0200 -Subject: [PATCH 2/3] man: document the new - PollLimitIntervalSec=/PollLimitBurst= settings - -(cherry picked from commit 9373fce68de183a615d44fe100dcf22e3c9b8c3e) ---- - man/systemd.socket.xml | 58 ++++++++++++++++++++++++++++++++++-------- - 1 file changed, 47 insertions(+), 11 deletions(-) - -diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml -index 45555302f1..462978d438 100644 ---- a/man/systemd.socket.xml -+++ b/man/systemd.socket.xml -@@ -830,17 +830,53 @@ - TriggerLimitIntervalSec= - TriggerLimitBurst= - -- Configures a limit on how often this socket unit may be activated within a specific time -- interval. The TriggerLimitIntervalSec= may be used to configure the length of the time -- interval in the usual time units us, ms, s, -- min, h, … and defaults to 2s (See -- systemd.time7 for details on -- the various time units understood). The TriggerLimitBurst= setting takes a positive integer -- value and specifies the number of permitted activations per time interval, and defaults to 200 for -- Accept=yes sockets (thus by default permitting 200 activations per 2s), and 20 otherwise (20 -- activations per 2s). Set either to 0 to disable any form of trigger rate limiting. If the limit is hit, the -- socket unit is placed into a failure mode, and will not be connectible anymore until restarted. Note that this -- limit is enforced before the service activation is enqueued. -+ Configures a limit on how often this socket unit may be activated within a specific -+ time interval. The TriggerLimitIntervalSec= setting may be used to configure the -+ length of the time interval in the usual time units us, ms, -+ s, min, h, … and defaults to 2s (See -+ systemd.time7 for -+ details on the various time units understood). The TriggerLimitBurst= setting -+ takes a positive integer value and specifies the number of permitted activations per time interval, -+ and defaults to 200 for Accept=yes sockets (thus by default permitting 200 -+ activations per 2s), and 20 otherwise (20 activations per 2s). Set either to 0 to disable any form of -+ trigger rate limiting. -+ -+ If the limit is hit, the socket unit is placed into a failure mode, and will not be connectible -+ anymore until restarted. Note that this limit is enforced before the service activation is -+ enqueued. -+ -+ Compare with PollLimitIntervalSec=/PollLimitBurst= -+ described below, which implements a temporary slowdown if a socket unit is flooded with incoming -+ traffic, as opposed to the permanent failure state -+ TriggerLimitIntervalSec=/TriggerLimitBurst= results in. -+ -+ -+ -+ -+ PollLimitIntervalSec= -+ PollLimitBurst= -+ -+ Configures a limit on how often polling events on the file descriptors backing this -+ socket unit will be considered. This pair of settings is similar to -+ TriggerLimitIntervalSec=/TriggerLimitBurst= but instead of -+ putting a (fatal) limit on the activation frequency puts a (transient) limit on the polling -+ frequency. The expected parameter syntax and range are identical to that of the aforementioned -+ options, and can be disabled the same way. -+ -+ If the polling limit is hit polling is temporarily disabled on it until the specified time -+ window passes. The polling limit hence slows down connection attempts if hit, but unlike the trigger -+ limit won't cause permanent failures. It's the recommended mechanism to deal with DoS attempts -+ through packet flooding. -+ -+ The polling limit is enforced per file descriptor to listen on, as opposed to the trigger limit -+ which is enforced for the entire socket unit. This distinction matters for socket units that listen -+ on multiple file descriptors (i.e. have multiple ListenXYZ= stanzas). -+ -+ These setting defaults to 150 (in case of Accept=yes) and 15 (otherwise) -+ polling events per 2s. This is considerably lower than the default values for the trigger limit (see -+ above) and means that the polling limit should typically ensure the trigger limit is never hit, -+ unless one of them is reconfigured or disabled. -+ - - - diff --git a/0003-ci-add-test-for-poll-limit.patch b/0003-ci-add-test-for-poll-limit.patch deleted file mode 100644 index 33e2178..0000000 --- a/0003-ci-add-test-for-poll-limit.patch +++ /dev/null @@ -1,79 +0,0 @@ -From ae92a9714744bbf92fe69ffe276a668b031a6d26 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 18 Sep 2023 18:05:27 +0200 -Subject: [PATCH 3/3] ci: add test for poll limit - -(cherry picked from commit 065e478a4a8cc8e41a6e87756c081396f253e853) ---- - test/TEST-07-PID1/test.sh | 2 ++ - test/units/testsuite-07.poll-limit.sh | 48 +++++++++++++++++++++++++++ - 2 files changed, 50 insertions(+) - create mode 100755 test/units/testsuite-07.poll-limit.sh - -diff --git a/test/TEST-07-PID1/test.sh b/test/TEST-07-PID1/test.sh -index 1c3d7137fe..d0e35d870f 100755 ---- a/test/TEST-07-PID1/test.sh -+++ b/test/TEST-07-PID1/test.sh -@@ -32,6 +32,8 @@ Alias=issue2730-alias.mount - EOF - "${SYSTEMCTL:?}" enable --root="$workspace" issue2730.mount - ln -svrf "$workspace/etc/systemd/system/issue2730.mount" "$workspace/etc/systemd/system/issue2730-alias.mount" -+ -+ image_install logger - } - - do_test "$@" -diff --git a/test/units/testsuite-07.poll-limit.sh b/test/units/testsuite-07.poll-limit.sh -new file mode 100755 -index 0000000000..480d7ee8df ---- /dev/null -+++ b/test/units/testsuite-07.poll-limit.sh -@@ -0,0 +1,48 @@ -+#!/usr/bin/env bash -+# SPDX-License-Identifier: LGPL-2.1-or-later -+set -eux -+set -o pipefail -+ -+systemd-analyze log-level debug -+ -+cat > /run/systemd/system/floodme@.service < /run/systemd/system/floodme.socket < -Date: Wed, 26 Jul 2023 09:02:04 +0200 -Subject: [PATCH] rpm: add %systemd_postun_with_reload and - %systemd_user_postun_with_reload - -For some units, the package would like to issue a reload. The machinery was -already in place since c9615f73521986b3607b852c139036d58973043c: - - systemctl reload-or-restart --marked - - Enqueues restart jobs for all units that have the 'needs-restart' - mark, and reload jobs for units that have the 'needs-reload' mark. - When a unit marked for reload does not support reload, restart will - be queued. - -The new macros allow a reload to be issued instead of a restart. - -Based on the discussion on fedora-devel: -https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/IJSUGIEJNYZZRE53FF4YFUEBRHRAVIXR/ - -Tested using dummy package https://github.com/keszybz/rpm-test-reload. ---- - src/rpm/macros.systemd.in | 16 ++++++++++++++++ - src/rpm/systemd-update-helper.in | 22 ++++++++++++++++++++++ - 2 files changed, 38 insertions(+) - -diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in -index c07541c7286c..f05553f557e9 100644 ---- a/src/rpm/macros.systemd.in -+++ b/src/rpm/macros.systemd.in -@@ -101,6 +101,22 @@ if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ - fi \ - %{nil} - -+%systemd_postun_with_reload() \ -+%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_reload}} \ -+if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ -+ # Package upgrade, not uninstall \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-reload-system-units %{?*} || : \ -+fi \ -+%{nil} -+ -+%systemd_user_postun_with_reload() \ -+%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_postun_with_reload}} \ -+if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ -+ # Package upgrade, not uninstall \ -+ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-reload-user-units %{?*} || : \ -+fi \ -+%{nil} -+ - %udev_hwdb_update() %{nil} - - %udev_rules_update() %{nil} -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -index c623a5ea1722..c81e16c3d3ff 100755 ---- a/src/rpm/systemd-update-helper.in -+++ b/src/rpm/systemd-update-helper.in -@@ -47,6 +47,15 @@ case "$command" in - wait - ;; - -+ mark-reload-system-units) -+ [ -d /run/systemd/system ] || exit 0 -+ -+ for unit in "$@"; do -+ systemctl set-property "$unit" Markers=+needs-reload & -+ done -+ wait -+ ;; -+ - mark-restart-user-units) - [ -d /run/systemd/system ] || exit 0 - -@@ -60,6 +69,19 @@ case "$command" in - wait - ;; - -+ mark-reload-user-units) -+ [ -d /run/systemd/system ] || exit 0 -+ -+ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') -+ for user in $users; do -+ for unit in "$@"; do -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ -+ systemctl --user -M "$user@" set-property "$unit" Markers=+needs-reload & -+ done -+ done -+ wait -+ ;; -+ - system-reload-restart|system-reload|system-restart) - if [ -n "$*" ]; then - echo "Unexpected arguments for '$command': $*" diff --git a/sources b/sources index 1482dea..fdd7cac 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-254.5.tar.gz) = 8e9b4f802c4da2a0dea6028df78d20de5d96802d8f614d0392e89dea605cdd8d9c1724ce3ea382378d582402646f8bea2ffcd55a84262461721ee3f691105b7a +SHA512 (systemd-255-rc1.tar.gz) = 3a92f59af54e0f4988304daa9d1d186554cd07f5ebc95ab17d2d6c1cb37caf7b329e8eca67eb7349aed2f425341ef2b79e2469156a26b6e2436b900b2136f824 diff --git a/split-files.py b/split-files.py index 6ab2832..cd309cc 100644 --- a/split-files.py +++ b/split-files.py @@ -150,7 +150,7 @@ for file in files(buildroot): integritytab| remount-fs| /initrd| - systemd-pcrphase| + systemd-pcr| systemd-measure| /boot$| /kernel/| diff --git a/systemd.spec b/systemd.spec index b2d550a..3473ec4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 254.5 +Version: 255~rc1 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -104,21 +104,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 Patch0001: https://github.com/systemd/systemd/pull/26494.patch -# Backport of patches that allow reloading of units -Patch0002: https://github.com/systemd/systemd/pull/28521/commits/631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch - -# Backport of improvements to console keyboard layout guessing -# https://github.com/systemd/systemd/pull/29215 -# https://bugzilla.redhat.com/show_bug.cgi?id=1912609 -Patch0003: 0001-find_legacy_keymap-fix-empty-variant-matching.patch -Patch0004: 0002-find_legacy_keymap-try-matching-with-layout-order-re.patch -Patch0005: 0001-find_legacy_keymap-extend-variant-match-bonus-again.patch -Patch0006: 0001-keyboard-model-map-correct-sk-qwerty-entry.patch - -# Requested as an alternative to https://fedoraproject.org/wiki/Changes/Drop_Sshd_Socket -Patch0010: 0001-core-add-new-PollLimit-settings-to-.socket-units.patch -Patch0011: 0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch -Patch0012: 0003-ci-add-test-for-poll-limit.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -128,7 +113,7 @@ Patch0490: use-bfq-scheduler.patch Patch0491: fedora-use-system-auth-in-pam-systemd-user.patch %ifarch %{ix86} x86_64 aarch64 -%global have_gnu_efi 1 +%global want_bootloader 1 %endif BuildRequires: gcc @@ -204,6 +189,9 @@ BuildRequires: python3dist(pytest-flakes) %endif BuildRequires: python3dist(pytest) BuildRequires: python3dist(zstd) +%if 0%{?want_bootloader} +BuildRequires: python3dist(pyelftools) +%endif # gzip and lzma are provided by the stdlib BuildRequires: firewalld-filesystem BuildRequires: libseccomp-devel @@ -408,7 +396,7 @@ This package also provides systemd-timesyncd, a network time protocol daemon. It also contains tools to manage encrypted home areas and secrets bound to the machine, and to create or grow partitions and make file systems automatically. -%if 0%{?have_gnu_efi} +%if 0%{?want_bootloader} %package ukify Summary: Tool to build Unified Kernel Images Requires: %{name} = %{version}-%{release} @@ -576,16 +564,6 @@ package and is meant for use in exitrds. %prep %autosetup -n %{?commit:%{name}%[%stable?"-stable":""]-%{commit}}%{!?commit:%{name}%[%stable?"-stable":""]-%{version_no_tilde}} -p1 -%generate_buildrequires -%if 0%{?have_gnu_efi} -if grep -q gnu-efi meson_options.txt; then - echo 'gnu-efi' - echo 'gnu-efi-devel' -else - echo 'python3dist(pyelftools)' -fi -%endif - %build %global ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} @@ -599,44 +577,44 @@ CONFIGURE_OPTS=( -Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin -Dservice-watchdog= -Ddev-kvm-mode=0666 - -Dkmod=true - -Dxkbcommon=true - -Dblkid=true - -Dfdisk=true - -Dseccomp=true + -Dkmod=enabled + -Dxkbcommon=enabled + -Dblkid=enabled + -Dfdisk=enabled + -Dseccomp=enabled -Dima=true - -Dselinux=true - -Dbpf-framework=%[0%{?have_bpf}?"true":"false"] - -Dapparmor=false - -Dpolkit=true - -Dxz=%[%{with xz}?"true":"false"] - -Dzlib=%[%{with zlib}?"true":"false"] - -Dbzip2=%[%{with bzip2}?"true":"false"] - -Dlz4=%[%{with lz4}?"true":"false"] - -Dzstd=%[%{with zstd}?"true":"false"] - -Dpam=true - -Dacl=true + -Dselinux=enabled + -Dbpf-framework=%[0%{?have_bpf}?"enabled":"disabled"] + -Dapparmor=disabled + -Dpolkit=enabled + -Dxz=%[%{with xz}?"enabled":"disabled"] + -Dzlib=%[%{with zlib}?"enabled":"disabled"] + -Dbzip2=%[%{with bzip2}?"enabled":"disabled"] + -Dlz4=%[%{with lz4}?"enabled":"disabled"] + -Dzstd=%[%{with zstd}?"enabled":"disabled"] + -Dpam=enabled + -Dacl=enabled -Dsmack=true - -Dopenssl=true + -Dopenssl=enabled -Dcryptolib=openssl - -Dp11kit=true - -Dgcrypt=false - -Daudit=true - -Delfutils=true - -Dlibcryptsetup=%[%{with bootstrap}?"false":"true"] - -Delfutils=true - -Dpwquality=true - -Dqrencode=%[%{defined rhel}?"false":"true"] - -Dgnutls=%[%{with gnutls}?"true":"false"] - -Dmicrohttpd=true - -Dlibidn2=true + -Dp11kit=enabled + -Dgcrypt=disabled + -Daudit=enabled + -Delfutils=enabled + -Dlibcryptsetup=%[%{with bootstrap}?"disabled":"enabled"] + -Delfutils=enabled + -Dpwquality=enabled + -Dqrencode=%[%{defined rhel}?"disabled":"enabled"] + -Dgnutls=%[%{with gnutls}?"enabled":"disabled"] + -Dmicrohttpd=enabled + -Dlibidn2=enabled -Dlibiptc=false - -Dlibcurl=true - -Dlibfido2=true - -Dxenctrl=%[0%{?have_xen}?"true":"false"] + -Dlibcurl=enabled + -Dlibfido2=enabled + -Dxenctrl=%[0%{?have_xen}?"enabled":"disabled"] -Defi=true -Dtpm=true - -Dtpm2=true + -Dtpm2=enabled -Dhwdb=true -Dsysusers=true -Dstandalone-binaries=true @@ -653,7 +631,7 @@ CONFIGURE_OPTS=( -Dsplit-bin=true -Db_lto=%[%{with lto}?"true":"false"] -Db_ndebug=false - -Dman=true + -Dman=enabled -Dversion-tag=%{version}-%{release} # https://bugzilla.redhat.com/show_bug.cgi?id=1906010 -Dshared-lib-tag=%{version_no_tilde}-%{release} @@ -690,21 +668,15 @@ CONFIGURE_OPTS=( -Dsystemd-network-uid=192 -Dsystemd-resolve-uid=193 # -Dsystemd-timesync-uid=, not set yet -) -if grep gnu-efi meson_options.txt; then - CONFIGURE_OPTS+=( -Dgnu-efi=%[%{?have_gnu_efi}?"true":"false"] ) -else - # For now, let's build the bootloader in the same places where we - # built with gnu-efi. Later on, we might want to extend coverage, but - # considering that that support is untested, let's not do this now. - # Note, ukify requires bootloader, let's also explicitly enable/disable it - # here for https://github.com/systemd/systemd/pull/24175. - CONFIGURE_OPTS+=( - -Dbootloader=%[%{?have_gnu_efi}?"true":"false"] - -Dukify=%[%{?have_gnu_efi}?"true":"false"] - ) -fi + # For now, let's build the bootloader in the same places where we + # built with gnu-efi. Later on, we might want to extend coverage, but + # considering that that support is untested, let's not do this now. + # Note, ukify requires bootloader, let's also explicitly enable/disable it + # here for https://github.com/systemd/systemd/pull/24175. + -Dbootloader=%[%{?want_bootloader}?"enabled":"disabled"] + -Dukify=%[%{?want_bootloader}?"enabled":"disabled"] +) %if %{without lto} %global _lto_cflags %nil @@ -994,7 +966,7 @@ systemctl --no-reload preset systemd-oomd.service &>/dev/null || : # a different package version. systemctl --no-reload preset systemd-journald-audit.socket &>/dev/null || : -%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-homed.service systemd-timesyncd.service %{?have_gnu_efi:systemd-boot-update.service} systemd-portabled.service systemd-pstore.service remote-cryptsetup.target +%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-homed.service systemd-timesyncd.service %{?want_bootloader:systemd-boot-update.service} systemd-portabled.service systemd-pstore.service remote-cryptsetup.target %post udev # Move old stuff around in /var/lib @@ -1172,7 +1144,7 @@ fi %files udev -f .file-list-udev -%if 0%{?have_gnu_efi} +%if 0%{?want_bootloader} %files ukify -f .file-list-ukify %files boot-unsigned -f .file-list-boot %endif From 5cae6af05feca642414f9bd678f16a161265f7ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 7 Nov 2023 17:45:57 +0100 Subject: [PATCH 211/494] Move oomd to systemd-udev It is really only useful on "full" machines, either VMs or bare metal, so it should be in systemd-udev. --- split-files.py | 7 ++++--- systemd.spec | 17 +++-------------- 2 files changed, 7 insertions(+), 17 deletions(-) diff --git a/split-files.py b/split-files.py index cd309cc..83f1f46 100644 --- a/split-files.py +++ b/split-files.py @@ -116,6 +116,9 @@ for file in files(buildroot): elif '.so.' in n: o = o_libs + elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X): + o = o_oomd_defaults + elif re.search(r'''udev(?!\.pc)| hwdb| bootctl| @@ -160,6 +163,7 @@ for file in files(buildroot): sysctl| coredump| homed|home1| + oomd| portabled|portable1 ''', n, re.X): # coredumpctl, homectl, portablectl are included in the main package because # they can be used to interact with remote daemons. Also, the user could be @@ -179,9 +183,6 @@ for file in files(buildroot): ''', n, re.X): # resolvectl and nss-resolve are in the main package. o = o_resolve - elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X): - o = o_oomd_defaults - else: o = o_main diff --git a/systemd.spec b/systemd.spec index 3473ec4..8a40760 100644 --- a/systemd.spec +++ b/systemd.spec @@ -500,7 +500,7 @@ resolver, as well as an LLMNR and MulticastDNS resolver and responder. %package oomd-defaults Summary: Configuration files for systemd-oomd -Requires: %{name} = %{version}-%{release} +Requires: %{name}-udev = %{version}-%{release} License: LGPL-2.1-or-later BuildArch: noarch @@ -871,13 +871,6 @@ systemd-machine-id-setup &>/dev/null || : # this would make things worse, increasing the number of warnings we get # about needed daemon-reload. -oomd_state=$(systemctl is-active systemd-oomd 2>/dev/null || :) - -# Work-around for #1931034. Remove after F34 is released. -if [ "$oomd_state" == "active" ]; then - systemctl stop -q systemd-oomd 2>/dev/null || : -fi - systemctl daemon-reexec &>/dev/null || { # systemd v239 had bug #9553 in D-Bus authentication of the private socket, # which was later fixed in v240 by #9625. @@ -898,10 +891,6 @@ systemctl daemon-reexec &>/dev/null || { fi } -if [ "$oomd_state" == "active" ]; then - systemctl start -q systemd-oomd 2>/dev/null || : -fi - [ $1 -eq 1 ] || exit 0 # create /var/log/journal only on initial installation, @@ -928,7 +917,7 @@ if [ $1 -eq 1 ]; then systemd-tmpfiles --create &>/dev/null || : fi -%systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-oomd.service +%systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service # FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558) @@ -966,7 +955,7 @@ systemctl --no-reload preset systemd-oomd.service &>/dev/null || : # a different package version. systemctl --no-reload preset systemd-journald-audit.socket &>/dev/null || : -%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-homed.service systemd-timesyncd.service %{?want_bootloader:systemd-boot-update.service} systemd-portabled.service systemd-pstore.service remote-cryptsetup.target +%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-homed.service %{?want_bootloader:systemd-boot-update.service} systemd-oomd.service systemd-portabled.service systemd-pstore.service systemd-timesyncd.service remote-cryptsetup.target %post udev # Move old stuff around in /var/lib From 1c98102f5df560bfa33abc4cd62ef9882ec15cc9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 7 Nov 2023 18:41:08 +0100 Subject: [PATCH 212/494] Also build systemd-vmspawn --- ...7ea76e72ed89a5d86ec9b78ca8f89a989258.patch | 182 ++++++++++++++++++ ...d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch | 24 +++ split-files.py | 1 + systemd.spec | 7 +- 4 files changed, 212 insertions(+), 2 deletions(-) create mode 100644 30247ea76e72ed89a5d86ec9b78ca8f89a989258.patch create mode 100644 6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch diff --git a/30247ea76e72ed89a5d86ec9b78ca8f89a989258.patch b/30247ea76e72ed89a5d86ec9b78ca8f89a989258.patch new file mode 100644 index 0000000..e31a37a --- /dev/null +++ b/30247ea76e72ed89a5d86ec9b78ca8f89a989258.patch @@ -0,0 +1,182 @@ +From 30247ea76e72ed89a5d86ec9b78ca8f89a989258 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 7 Nov 2023 21:36:46 +0100 +Subject: [PATCH] man: many fixes systemd-vmspawn(1) + +- version information +- indentation and missing tags +- mkosi and qemu don't need root +--- + man/systemctl.xml | 8 +-- + man/systemd-vmspawn.xml | 118 +++++++++++++++++++++++----------------- + 2 files changed, 72 insertions(+), 54 deletions(-) + +diff --git a/man/systemd-vmspawn.xml b/man/systemd-vmspawn.xml +index bf3aaf028eafe..4ca6f1a74fd2f 100644 +--- a/man/systemd-vmspawn.xml ++++ b/man/systemd-vmspawn.xml +@@ -44,59 +44,73 @@ + The following options are understood: + + +- Image Options ++ Image Options + +- +- +- +- ++ ++ ++ ++ + +- Root file system disk image (or device node) for the virtual machine. +- +- ++ Root file system disk image (or device node) for the virtual machine. ++ ++ ++ ++ ++ + + + +- Host Configuration ++ Host Configuration ++ ++ ++ ++ SMP ++ ++ Configures the number of CPUs to start the virtual machine with. ++ Defaults to 1. ++ ++ ++ ++ ++ ++ ++ MEM ++ ++ Configures the amount of memory to start the virtual machine with. ++ Defaults to 2G. + +- +- +- SMP ++ ++ ++ + +- Configures the number of CPUs to start the virtual machine with. +- Defaults to 1. +- ++ ++ + +- +- MEM ++ Configures whether to use KVM. If the option is not specified KVM support will be ++ detected automatically. If true, KVM is always used, and if false, KVM is never used. + +- Configures the amount of memory to start the virtual machine with. +- Defaults to 2G. +- ++ ++ + +- +- ++ ++ + +- Configure whether to use KVM. +- If the option is not specified KVM support will be detected automatically. +- If yes is specified KVM is always used, and vice versa if no is set KVM is never used. +- ++ Start QEMU in graphical mode. + +- +- ++ ++ + +- Start QEMU in graphical mode. +- ++ ++ + +- +- ++ Configures whether to search for firmware which supports secure boot. If the option ++ is not specified, the first firmware which is detected will be used. If true, then the first ++ firmware with secure boot support will be selected. If false, then the first firmware without ++ secure boot will be selected. + +- Configure whether to search for firmware which supports secure boot. +- If the option is not specified the first firmware which is detected will be used. +- If the option is set to yes then the first firmware with secure boot support will be selected. +- If no is specified then the first firmware without secure boot will be selected. +- +- ++ ++ ++ + + + +@@ -116,19 +130,21 @@ + use C-style escaping (i.e. \n to embed a newline, or \x00 to + embed a NUL byte). Note that the invoking shell might already apply unescaping + once, hence this might require double escaping!. +- ++ ++ + + + +- +- Other ++ ++ ++ Other + +- +- +- +- +- +- ++ ++ ++ ++ ++ ++ + + + +@@ -139,8 +155,10 @@ + + Run an Arch Linux VM image generated by mkosi + +- # mkosi -d arch -p systemd -p linux --autologin -o image.raw -f build +- # systemd-vmspawn --image=image.raw ++ ++$ mkosi -d arch -p systemd -p linux --autologin -o image.raw -f build ++$ systemd-vmspawn --image=image.raw ++ + + + +@@ -155,7 +173,7 @@ + See Also + + systemd1, +- mkosi1, ++ mkosi1 + + + diff --git a/6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch b/6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch new file mode 100644 index 0000000..a204f81 --- /dev/null +++ b/6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch @@ -0,0 +1,24 @@ +From 6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 7 Nov 2023 18:54:38 +0100 +Subject: [PATCH] vmspawn: shorted --help output to fit in 80 columns + +I think that "SB" is good enough here, the option name shows the unabbreviated +name. +--- + src/vmspawn/vmspawn.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/vmspawn/vmspawn.c b/src/vmspawn/vmspawn.c +index ab137df0a7155..00166b2f7a40f 100644 +--- a/src/vmspawn/vmspawn.c ++++ b/src/vmspawn/vmspawn.c +@@ -68,7 +68,7 @@ static int help(void) { + " --qemu-mem=MEM Configure guest's RAM size\n" + " --qemu-kvm= Configure whether to use KVM or not\n" + " --qemu-gui Start QEMU in graphical mode\n" +- " --secure-boot= Configure whether to search for firmware which supports Secure Boot\n\n" ++ " --secure-boot= Configure searching for firmware with SB support\n\n" + "%3$sCredentials:%4$s\n" + " --set-credential=ID:VALUE\n" + " Pass a credential with literal value to container.\n" diff --git a/split-files.py b/split-files.py index 83f1f46..0f1260e 100644 --- a/split-files.py +++ b/split-files.py @@ -93,6 +93,7 @@ for file in files(buildroot): elif re.search(r'''mymachines| machinectl| systemd-nspawn| + systemd-vmspawn| import-pubring.gpg| systemd-(machined|import|pull)| /machine.slice| diff --git a/systemd.spec b/systemd.spec index 8a40760..0dd7068 100644 --- a/systemd.spec +++ b/systemd.spec @@ -104,6 +104,8 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 Patch0001: https://github.com/systemd/systemd/pull/26494.patch +Patch0002: https://github.com/systemd/systemd/pull/29913/commits/6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch +Patch0003: https://github.com/systemd/systemd/pull/29913/commits/30247ea76e72ed89a5d86ec9b78ca8f89a989258.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -451,8 +453,8 @@ License: LGPL-2.1-or-later %description container Systemd tools to spawn and manage containers and virtual machines. -This package contains systemd-nspawn, machinectl, systemd-machined, and -systemd-importd. +This package contains systemd-nspawn, systemd-vmspawn, machinectl, +systemd-machined, and systemd-importd. %package journal-remote # Name is the same as in Debian @@ -607,6 +609,7 @@ CONFIGURE_OPTS=( -Dqrencode=%[%{defined rhel}?"disabled":"enabled"] -Dgnutls=%[%{with gnutls}?"enabled":"disabled"] -Dmicrohttpd=enabled + -Dvmspawn=true -Dlibidn2=enabled -Dlibiptc=false -Dlibcurl=enabled From 10915ad981e2a81075daa7988065a7852fa55a90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 8 Nov 2023 16:20:57 +0100 Subject: [PATCH 213/494] Add Conflicts with older dracut which doesn't have required patches --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index 0dd7068..afb44b4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -102,6 +102,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 +# Drop when dracut-060 is available. Patch0001: https://github.com/systemd/systemd/pull/26494.patch Patch0002: https://github.com/systemd/systemd/pull/29913/commits/6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch @@ -247,6 +248,9 @@ Conflicts: initscripts < 9.56.1 %if 0%{?fedora} Conflicts: fedora-release < 23-0.12 %endif +# Make sure that dracut supports systemd-executor and the renames done for v255 +Conflicts: dracut < dracut-059-16 + Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 Conflicts: %{name}-standalone-repart < %{version}-%{release}^ From fdfc8c33c8fd11940b24d0dc129cd373cee29f79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 8 Nov 2023 17:02:18 +0100 Subject: [PATCH 214/494] Fix dracut version [skip changelog] --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index afb44b4..be8e4c9 100644 --- a/systemd.spec +++ b/systemd.spec @@ -249,7 +249,7 @@ Conflicts: initscripts < 9.56.1 Conflicts: fedora-release < 23-0.12 %endif # Make sure that dracut supports systemd-executor and the renames done for v255 -Conflicts: dracut < dracut-059-16 +Conflicts: dracut < 059-16 Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 From 82517d01b5404a5e9a4a1da0000200fc0fafce61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 14 Nov 2023 22:57:07 +0100 Subject: [PATCH 215/494] rpminspect: disable udev rules check https://github.com/rpminspect/rpminspect/issues/1294#issuecomment-1808737198 [skip changelog] --- rpminspect.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/rpminspect.yaml b/rpminspect.yaml index 7261213..6318820 100644 --- a/rpminspect.yaml +++ b/rpminspect.yaml @@ -13,7 +13,12 @@ badfuncs: changedfiles: exclude_path: .* -# completely disabled inspections: +# completely disable inspections: inspections: # we know about our patches, no need to report anything patches: off + + # this inspection uses `udevadm` which comes from this package + # disable so we do not check udev rules with a possibly outdated version + # of the command + udevrules: off From 92eed01493a5ffa83c8f9064e1ffaecbe6940b37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 15 Nov 2023 18:26:36 +0100 Subject: [PATCH 216/494] Version 255~rc2 - See See https://raw.githubusercontent.com/systemd/systemd/v255-rc2/NEWS --- ...7ea76e72ed89a5d86ec9b78ca8f89a989258.patch | 182 ------------------ ...d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch | 24 --- sources | 2 +- systemd.spec | 4 +- 4 files changed, 2 insertions(+), 210 deletions(-) delete mode 100644 30247ea76e72ed89a5d86ec9b78ca8f89a989258.patch delete mode 100644 6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch diff --git a/30247ea76e72ed89a5d86ec9b78ca8f89a989258.patch b/30247ea76e72ed89a5d86ec9b78ca8f89a989258.patch deleted file mode 100644 index e31a37a..0000000 --- a/30247ea76e72ed89a5d86ec9b78ca8f89a989258.patch +++ /dev/null @@ -1,182 +0,0 @@ -From 30247ea76e72ed89a5d86ec9b78ca8f89a989258 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 7 Nov 2023 21:36:46 +0100 -Subject: [PATCH] man: many fixes systemd-vmspawn(1) - -- version information -- indentation and missing tags -- mkosi and qemu don't need root ---- - man/systemctl.xml | 8 +-- - man/systemd-vmspawn.xml | 118 +++++++++++++++++++++++----------------- - 2 files changed, 72 insertions(+), 54 deletions(-) - -diff --git a/man/systemd-vmspawn.xml b/man/systemd-vmspawn.xml -index bf3aaf028eafe..4ca6f1a74fd2f 100644 ---- a/man/systemd-vmspawn.xml -+++ b/man/systemd-vmspawn.xml -@@ -44,59 +44,73 @@ - The following options are understood: - - -- Image Options -+ Image Options - -- -- -- -- -+ -+ -+ -+ - -- Root file system disk image (or device node) for the virtual machine. -- -- -+ Root file system disk image (or device node) for the virtual machine. -+ -+ -+ -+ -+ - - - -- Host Configuration -+ Host Configuration -+ -+ -+ -+ SMP -+ -+ Configures the number of CPUs to start the virtual machine with. -+ Defaults to 1. -+ -+ -+ -+ -+ -+ -+ MEM -+ -+ Configures the amount of memory to start the virtual machine with. -+ Defaults to 2G. - -- -- -- SMP -+ -+ -+ - -- Configures the number of CPUs to start the virtual machine with. -- Defaults to 1. -- -+ -+ - -- -- MEM -+ Configures whether to use KVM. If the option is not specified KVM support will be -+ detected automatically. If true, KVM is always used, and if false, KVM is never used. - -- Configures the amount of memory to start the virtual machine with. -- Defaults to 2G. -- -+ -+ - -- -- -+ -+ - -- Configure whether to use KVM. -- If the option is not specified KVM support will be detected automatically. -- If yes is specified KVM is always used, and vice versa if no is set KVM is never used. -- -+ Start QEMU in graphical mode. - -- -- -+ -+ - -- Start QEMU in graphical mode. -- -+ -+ - -- -- -+ Configures whether to search for firmware which supports secure boot. If the option -+ is not specified, the first firmware which is detected will be used. If true, then the first -+ firmware with secure boot support will be selected. If false, then the first firmware without -+ secure boot will be selected. - -- Configure whether to search for firmware which supports secure boot. -- If the option is not specified the first firmware which is detected will be used. -- If the option is set to yes then the first firmware with secure boot support will be selected. -- If no is specified then the first firmware without secure boot will be selected. -- -- -+ -+ -+ - - - -@@ -116,19 +130,21 @@ - use C-style escaping (i.e. \n to embed a newline, or \x00 to - embed a NUL byte). Note that the invoking shell might already apply unescaping - once, hence this might require double escaping!. -- -+ -+ - - - -- -- Other -+ -+ -+ Other - -- -- -- -- -- -- -+ -+ -+ -+ -+ -+ - - - -@@ -139,8 +155,10 @@ - - Run an Arch Linux VM image generated by mkosi - -- # mkosi -d arch -p systemd -p linux --autologin -o image.raw -f build -- # systemd-vmspawn --image=image.raw -+ -+$ mkosi -d arch -p systemd -p linux --autologin -o image.raw -f build -+$ systemd-vmspawn --image=image.raw -+ - - - -@@ -155,7 +173,7 @@ - See Also - - systemd1, -- mkosi1, -+ mkosi1 - - - diff --git a/6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch b/6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch deleted file mode 100644 index a204f81..0000000 --- a/6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 7 Nov 2023 18:54:38 +0100 -Subject: [PATCH] vmspawn: shorted --help output to fit in 80 columns - -I think that "SB" is good enough here, the option name shows the unabbreviated -name. ---- - src/vmspawn/vmspawn.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/vmspawn/vmspawn.c b/src/vmspawn/vmspawn.c -index ab137df0a7155..00166b2f7a40f 100644 ---- a/src/vmspawn/vmspawn.c -+++ b/src/vmspawn/vmspawn.c -@@ -68,7 +68,7 @@ static int help(void) { - " --qemu-mem=MEM Configure guest's RAM size\n" - " --qemu-kvm= Configure whether to use KVM or not\n" - " --qemu-gui Start QEMU in graphical mode\n" -- " --secure-boot= Configure whether to search for firmware which supports Secure Boot\n\n" -+ " --secure-boot= Configure searching for firmware with SB support\n\n" - "%3$sCredentials:%4$s\n" - " --set-credential=ID:VALUE\n" - " Pass a credential with literal value to container.\n" diff --git a/sources b/sources index fdd7cac..5e6bcd1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-255-rc1.tar.gz) = 3a92f59af54e0f4988304daa9d1d186554cd07f5ebc95ab17d2d6c1cb37caf7b329e8eca67eb7349aed2f425341ef2b79e2469156a26b6e2436b900b2136f824 +SHA512 (systemd-255-rc2.tar.gz) = f33c6868efcbe05a7a4703136bb84243e5a6889c7740d77535eb9f19bb46c209e6f797533351fcf66d1c5d4b83e20ca436bfcb625e26b729bfadca795207ec56 diff --git a/systemd.spec b/systemd.spec index be8e4c9..7ccc47b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 255~rc1 +Version: 255~rc2 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -105,8 +105,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Drop when dracut-060 is available. Patch0001: https://github.com/systemd/systemd/pull/26494.patch -Patch0002: https://github.com/systemd/systemd/pull/29913/commits/6527d175cda8c2e1feceb26eb7e3ec111ddc6ae4.patch -Patch0003: https://github.com/systemd/systemd/pull/29913/commits/30247ea76e72ed89a5d86ec9b78ca8f89a989258.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From f93a1346f0f7d1bece6599be35e3187a3b495ca0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 23 Nov 2023 00:38:44 +0100 Subject: [PATCH 217/494] Add systemd-networkd-defaults subpackage --- ...always-install-network-example-files.patch | 42 +++++++++++++++++++ split-files.py | 9 +++- systemd.spec | 16 +++++++ 3 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 0001-meson-always-install-network-example-files.patch diff --git a/0001-meson-always-install-network-example-files.patch b/0001-meson-always-install-network-example-files.patch new file mode 100644 index 0000000..de84bf7 --- /dev/null +++ b/0001-meson-always-install-network-example-files.patch @@ -0,0 +1,42 @@ +From 518d40b992abca8de5b9136e88748783200535da Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 23 Nov 2023 00:06:29 +0100 +Subject: [PATCH] meson: always install network example files + +I started working on integrating this in the Fedora package and realized that +the example files should be installed regardless of the renamed files when +default-network=true is used. This is because the renamed files become part of +a different package, and we want to have the other files which are used as +documentation in the main package anyway. +--- + network/meson.build | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/network/meson.build b/network/meson.build +index 4f17f7385e..2a472f4f51 100644 +--- a/network/meson.build ++++ b/network/meson.build +@@ -18,6 +18,10 @@ if conf.get('ENABLE_NETWORKD') == 1 + '80-wifi-station.network.example', + ) + ++ install_data( ++ example_network_files, ++ install_dir : networkdir) ++ + if get_option('default-network') + foreach f : example_network_files + install_data( +@@ -25,12 +29,7 @@ if conf.get('ENABLE_NETWORKD') == 1 + rename : fs.replace_suffix(fs.name(f), ''), + install_dir : networkdir) + endforeach +- else +- install_data( +- example_network_files, +- install_dir : networkdir) + endif +- + endif + + install_data('99-default.link', diff --git a/split-files.py b/split-files.py index 0f1260e..c6e3cb7 100644 --- a/split-files.py +++ b/split-files.py @@ -24,6 +24,7 @@ o_rpm_macros = open('.file-list-rpm-macros', 'w') o_devel = open('.file-list-devel', 'w') o_container = open('.file-list-container', 'w') o_networkd = open('.file-list-networkd', 'w') +o_networkd_defaults = open('.file-list-networkd-defaults', 'w') o_oomd_defaults = open('.file-list-oomd-defaults', 'w') o_remote = open('.file-list-remote', 'w') o_resolve = open('.file-list-resolve', 'w') @@ -103,7 +104,13 @@ for file in files(buildroot): ''', n, re.X): o = o_container - elif re.search(r'''/usr/lib/systemd/network/80-| + # .network.example files go into systemd-networkd, and the matching files + # without .example go into systemd-networkd-defaults + elif (re.search(r'''/usr/lib/systemd/network/.*\.network$''', n) + and os.path.exists(f'./{n}.example')): + o = o_networkd_defaults + + elif re.search(r'''/usr/lib/systemd/network/.*\.network| networkd| networkctl| org.freedesktop.network1| diff --git a/systemd.spec b/systemd.spec index 7ccc47b..df45e91 100644 --- a/systemd.spec +++ b/systemd.spec @@ -105,6 +105,8 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Drop when dracut-060 is available. Patch0001: https://github.com/systemd/systemd/pull/26494.patch +Patch0002: 0001-meson-always-install-network-example-files.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -489,6 +491,17 @@ systemd-networkd is a system service that manages networks. It detects and configures network devices as they appear, as well as creating virtual network devices. +%package networkd-defaults +Summary: Configure network interfaces with networkd by default +Requires: %{name}-networkd = %{version}-%{release} +License: MIT-0 +BuildArch: noarch + +%description networkd-defaults +This package contains a set of config files for systemd-networkd that cause it +to configure network interfaces by default. Note that systemd-networkd needs to +enabled for this to have any effect. + %package resolved Summary: Network Name Resolution manager Requires: %{name}%{_isa} = %{version}-%{release} @@ -625,6 +638,7 @@ CONFIGURE_OPTS=( -Dstandalone-binaries=true -Ddefault-kill-user-processes=false -Dfirst-boot-full-preset=true + -Ddefault-network=true -Dtests=unsafe -Dinstall-tests=true -Dtty-gid=5 @@ -1150,6 +1164,8 @@ fi %files networkd -f .file-list-networkd +%files networkd-defaults -f .file-list-networkd-defaults + %files oomd-defaults -f .file-list-oomd-defaults %files tests -f .file-list-tests From f071684b2e6f709185305083a5eac0cd4255714d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 22 Nov 2023 23:47:30 +0100 Subject: [PATCH 218/494] Version 255~rc3 --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 5e6bcd1..b931cf6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-255-rc2.tar.gz) = f33c6868efcbe05a7a4703136bb84243e5a6889c7740d77535eb9f19bb46c209e6f797533351fcf66d1c5d4b83e20ca436bfcb625e26b729bfadca795207ec56 +SHA512 (systemd-255-rc3.tar.gz) = f46eb9264fb03868926d1abaa4a90af41ac4b2c7770756b87b2f212cd40f3e0c044679d523cbea3078362b12c4a1ee50d73dbe2639980d55c394db9d1a587b6d diff --git a/systemd.spec b/systemd.spec index df45e91..beea696 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 255~rc2 +Version: 255~rc3 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From f216cc8c799544a9074eed84de9795d824857d93 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Thu, 23 Nov 2023 20:19:16 +0000 Subject: [PATCH 219/494] de-dupe LICENSE.LGPL2.1 in licenses The LICENSE.LGPL2.1 file is installed into the same systemd license directory for both the base systemd and -libs. Because the base systemd requires the -libs sub package it's a duplicate and will always be there, it shouldn't cause an issue but it seems in some cases the duplication into the same directory causes issues with ostree so remove it from the base systemd package as it will always be there due to the hard dep on the -libs subpackage. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index beea696..607e0ea 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1119,7 +1119,7 @@ fi %doc %{_pkgdocdir} %exclude %{_pkgdocdir}/LICENSE* # Only the licenses texts for the licenses in License line are included. -%license LICENSE.GPL2 LICENSE.LGPL2.1 +%license LICENSE.GPL2 %license LICENSES/MIT.txt %ghost %dir %attr(0755,-,-) /etc/systemd/system/basic.target.wants %ghost %dir %attr(0755,-,-) /etc/systemd/system/bluetooth.target.wants From 8ff2a6f2d902f404fedd78854dfbbe8f521fb981 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Wed, 29 Nov 2023 10:42:54 -0800 Subject: [PATCH 220/494] Backport #30197 to fix vconsole startup (RHBZ #2251394) --- ...art-rate-limit-for-systemd-vconsole-.patch | 45 +++++++++++++++++++ systemd.spec | 5 +++ 2 files changed, 50 insertions(+) create mode 100644 0001-units-disable-start-rate-limit-for-systemd-vconsole-.patch diff --git a/0001-units-disable-start-rate-limit-for-systemd-vconsole-.patch b/0001-units-disable-start-rate-limit-for-systemd-vconsole-.patch new file mode 100644 index 0000000..1c8d79a --- /dev/null +++ b/0001-units-disable-start-rate-limit-for-systemd-vconsole-.patch @@ -0,0 +1,45 @@ +From 4704176795c167d49f87dfea79193913e6c6d939 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sat, 25 Nov 2023 13:27:17 +0100 +Subject: [PATCH] units: disable start rate limit for + systemd-vconsole-setup.service + +The unit will be started or restarted a few times during boot, but but it has +StartLimitBurst = DefaultStartLimitBurst = 5, which means that the fifth +restart will already fail. On my laptop, I have exactly 4 restarts, so I don't +hit the limit, but on a slightly different system we will easily hit the limit. +In https://bugzilla.redhat.com/show_bug.cgi?id=2251394, there are five reloads +and we hit the limit. + +Since 6ef512c0bb7aeb2000588d7d05e23b4681da8657 we propagate the start counter +over switch-root and daemon reloads, so it's easier to hit the limit during +boot. + +In principle there might be systems with lots of vtcon devices, so let's just +allow the unit to be restarted without a limit. + +Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251394. +--- + units/systemd-vconsole-setup.service.in | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/units/systemd-vconsole-setup.service.in b/units/systemd-vconsole-setup.service.in +index 3475d456bc..c6c5bc9130 100644 +--- a/units/systemd-vconsole-setup.service.in ++++ b/units/systemd-vconsole-setup.service.in +@@ -17,6 +17,12 @@ DefaultDependencies=no + Before=sysinit.target + Before=initrd-switch-root.target shutdown.target + ++# This unit will be restarted by udev whenever a new vtcon device appears or is ++# triggered. Usually that happens just a handful of times during boot, but some ++# systems may have hundreds or thousands of serial consoles connected, so let's ++# just disable the limit altogether. ++StartLimitIntervalSec=0 ++ + [Service] + Type=oneshot + # This service will be restarted by udev whenever a new vtcon device appears. +-- +2.43.0 + diff --git a/systemd.spec b/systemd.spec index 607e0ea..34e2bfe 100644 --- a/systemd.spec +++ b/systemd.spec @@ -107,6 +107,11 @@ Patch0001: https://github.com/systemd/systemd/pull/26494.patch Patch0002: 0001-meson-always-install-network-example-files.patch +# https://github.com/systemd/systemd/pull/30197 +# https://bugzilla.redhat.com/show_bug.cgi?id=2251394 +# Drop vconsole restart limit to prevent it sometimes failing on boot +Patch0003: 0001-units-disable-start-rate-limit-for-systemd-vconsole-.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From f41ff634cbc300de8ffb881385da2e10f5c0807c Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Fri, 1 Dec 2023 09:10:38 -0800 Subject: [PATCH 221/494] Backport PRs #30170 and #30266 to fix BPF denials (RHBZ #2250930) --- ...se-bpf-outer-map-fd-in-systemd-execu.patch | 31 +++++++ ...ter_map_fd-to-sd-executor-only-if-Re.patch | 47 ++++++++++ ...redundant-check-when-serializing-FDs.patch | 92 +++++++++++++++++++ ...ple-of-tests-for-RestrictFileSystems.patch | 89 ++++++++++++++++++ systemd.spec | 11 +++ 5 files changed, 270 insertions(+) create mode 100644 0001-Make-sure-we-close-bpf-outer-map-fd-in-systemd-execu.patch create mode 100644 0001-core-pass-bpf_outer_map_fd-to-sd-executor-only-if-Re.patch create mode 100644 0002-core-remove-redundant-check-when-serializing-FDs.patch create mode 100644 0003-test-add-a-couple-of-tests-for-RestrictFileSystems.patch diff --git a/0001-Make-sure-we-close-bpf-outer-map-fd-in-systemd-execu.patch b/0001-Make-sure-we-close-bpf-outer-map-fd-in-systemd-execu.patch new file mode 100644 index 0000000..5388c6a --- /dev/null +++ b/0001-Make-sure-we-close-bpf-outer-map-fd-in-systemd-execu.patch @@ -0,0 +1,31 @@ +From ef90e8f9db911626c8f5c18c49cf6fe445afdefb Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 30 Nov 2023 11:01:14 +0100 +Subject: [PATCH] Make sure we close bpf outer map fd in systemd-executor + +Not doing so leaks it into the child service and causes selinux +denials. +--- + src/core/execute-serialize.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c +index 56c4f4da8a..6c19cd42a2 100644 +--- a/src/core/execute-serialize.c ++++ b/src/core/execute-serialize.c +@@ -1625,6 +1625,12 @@ static int exec_parameters_deserialize(ExecParameters *p, FILE *f, FDSet *fds) { + if (fd < 0) + continue; + ++ /* This is special and relies on close-on-exec semantics, make sure it's ++ * there */ ++ r = fd_cloexec(fd, true); ++ if (r < 0) ++ return r; ++ + p->bpf_outer_map_fd = fd; + } else if ((val = startswith(l, "exec-parameters-notify-socket="))) { + r = free_and_strdup(&p->notify_socket, val); +-- +2.43.0 + diff --git a/0001-core-pass-bpf_outer_map_fd-to-sd-executor-only-if-Re.patch b/0001-core-pass-bpf_outer_map_fd-to-sd-executor-only-if-Re.patch new file mode 100644 index 0000000..cf947f2 --- /dev/null +++ b/0001-core-pass-bpf_outer_map_fd-to-sd-executor-only-if-Re.patch @@ -0,0 +1,47 @@ +From 60ef4baeedc34b5c7ab0e2f211684f9b96d63f82 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Thu, 23 Nov 2023 19:08:22 +0000 +Subject: [PATCH 1/3] core: pass bpf_outer_map_fd to sd-executor only if + RestrictFileSystems was set + +It causes SELinux denials to be raised, so restrict it only where needed + +Follow-up for beb4ae87558cae +--- + src/core/execute-serialize.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c +index 342883994a..60c121a0d1 100644 +--- a/src/core/execute-serialize.c ++++ b/src/core/execute-serialize.c +@@ -1244,7 +1244,7 @@ static bool exec_parameters_is_idle_pipe_set(const ExecParameters *p) { + p->idle_pipe[3] >= 0; + } + +-static int exec_parameters_serialize(const ExecParameters *p, FILE *f, FDSet *fds) { ++static int exec_parameters_serialize(const ExecParameters *p, const ExecContext *c, FILE *f, FDSet *fds) { + int r; + + assert(f); +@@ -1375,7 +1375,7 @@ static int exec_parameters_serialize(const ExecParameters *p, FILE *f, FDSet *fd + return r; + } + +- if (p->bpf_outer_map_fd >= 0) { ++ if (c && exec_context_restrict_filesystems_set(c) && p->bpf_outer_map_fd >= 0) { + r = serialize_fd(f, fds, "exec-parameters-bpf-outer-map-fd", p->bpf_outer_map_fd); + if (r < 0) + return r; +@@ -3860,7 +3860,7 @@ int exec_serialize_invocation( + if (r < 0) + return log_debug_errno(r, "Failed to serialize command: %m"); + +- r = exec_parameters_serialize(p, f, fds); ++ r = exec_parameters_serialize(p, ctx, f, fds); + if (r < 0) + return log_debug_errno(r, "Failed to serialize parameters: %m"); + +-- +2.43.0 + diff --git a/0002-core-remove-redundant-check-when-serializing-FDs.patch b/0002-core-remove-redundant-check-when-serializing-FDs.patch new file mode 100644 index 0000000..e09a2e0 --- /dev/null +++ b/0002-core-remove-redundant-check-when-serializing-FDs.patch @@ -0,0 +1,92 @@ +From 2d042c75ffb71f59ebd4689c3972786c29b4bf51 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Thu, 23 Nov 2023 19:14:45 +0000 +Subject: [PATCH 2/3] core: remove redundant check when serializing FDs + +The helpers already skip if the FD is < 0 +--- + src/core/execute-serialize.c | 50 ++++++++++++++---------------------- + 1 file changed, 19 insertions(+), 31 deletions(-) + +diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c +index 60c121a0d1..56c4f4da8a 100644 +--- a/src/core/execute-serialize.c ++++ b/src/core/execute-serialize.c +@@ -1274,11 +1274,9 @@ static int exec_parameters_serialize(const ExecParameters *p, const ExecContext + return r; + } + +- if (p->n_socket_fds + p->n_storage_fds > 0) { +- r = serialize_fd_many(f, fds, "exec-parameters-fds", p->fds, p->n_socket_fds + p->n_storage_fds); +- if (r < 0) +- return r; +- } ++ r = serialize_fd_many(f, fds, "exec-parameters-fds", p->fds, p->n_socket_fds + p->n_storage_fds); ++ if (r < 0) ++ return r; + } + + r = serialize_strv(f, "exec-parameters-fd-names", p->fd_names); +@@ -1351,31 +1349,23 @@ static int exec_parameters_serialize(const ExecParameters *p, const ExecContext + return r; + } + +- if (p->stdin_fd >= 0) { +- r = serialize_fd(f, fds, "exec-parameters-stdin-fd", p->stdin_fd); +- if (r < 0) +- return r; +- } ++ r = serialize_fd(f, fds, "exec-parameters-stdin-fd", p->stdin_fd); ++ if (r < 0) ++ return r; + +- if (p->stdout_fd >= 0) { +- r = serialize_fd(f, fds, "exec-parameters-stdout-fd", p->stdout_fd); +- if (r < 0) +- return r; +- } ++ r = serialize_fd(f, fds, "exec-parameters-stdout-fd", p->stdout_fd); ++ if (r < 0) ++ return r; + +- if (p->stderr_fd >= 0) { +- r = serialize_fd(f, fds, "exec-parameters-stderr-fd", p->stderr_fd); +- if (r < 0) +- return r; +- } ++ r = serialize_fd(f, fds, "exec-parameters-stderr-fd", p->stderr_fd); ++ if (r < 0) ++ return r; + +- if (p->exec_fd >= 0) { +- r = serialize_fd(f, fds, "exec-parameters-exec-fd", p->exec_fd); +- if (r < 0) +- return r; +- } ++ r = serialize_fd(f, fds, "exec-parameters-exec-fd", p->exec_fd); ++ if (r < 0) ++ return r; + +- if (c && exec_context_restrict_filesystems_set(c) && p->bpf_outer_map_fd >= 0) { ++ if (c && exec_context_restrict_filesystems_set(c)) { + r = serialize_fd(f, fds, "exec-parameters-bpf-outer-map-fd", p->bpf_outer_map_fd); + if (r < 0) + return r; +@@ -1401,11 +1391,9 @@ static int exec_parameters_serialize(const ExecParameters *p, const ExecContext + if (r < 0) + return r; + +- if (p->user_lookup_fd >= 0) { +- r = serialize_fd(f, fds, "exec-parameters-user-lookup-fd", p->user_lookup_fd); +- if (r < 0) +- return r; +- } ++ r = serialize_fd(f, fds, "exec-parameters-user-lookup-fd", p->user_lookup_fd); ++ if (r < 0) ++ return r; + + r = serialize_strv(f, "exec-parameters-files-env", p->files_env); + if (r < 0) +-- +2.43.0 + diff --git a/0003-test-add-a-couple-of-tests-for-RestrictFileSystems.patch b/0003-test-add-a-couple-of-tests-for-RestrictFileSystems.patch new file mode 100644 index 0000000..4034b22 --- /dev/null +++ b/0003-test-add-a-couple-of-tests-for-RestrictFileSystems.patch @@ -0,0 +1,89 @@ +From 4a43c2b3a1066247f26d8a6e52ebfc40852a5f7e Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Fri, 24 Nov 2023 16:00:15 +0100 +Subject: [PATCH 3/3] test: add a couple of tests for RestrictFileSystems= + +--- + test/units/testsuite-07.exec-context.sh | 31 +++++++++++++++++++++++++ + test/units/util.sh | 19 +++++++++++++++ + 2 files changed, 50 insertions(+) + +diff --git a/test/units/testsuite-07.exec-context.sh b/test/units/testsuite-07.exec-context.sh +index b4118d2fe8..10b425359d 100755 +--- a/test/units/testsuite-07.exec-context.sh ++++ b/test/units/testsuite-07.exec-context.sh +@@ -4,6 +4,9 @@ + set -eux + set -o pipefail + ++# shellcheck source=test/units/util.sh ++. "$(dirname "$0")"/util.sh ++ + # Make sure the unit's exec context matches its configuration + # See: https://github.com/systemd/systemd/pull/29552 + +@@ -284,6 +287,34 @@ systemd-run --wait --pipe "${ARGUMENTS[@]}" \ + ulimit -R || exit 0; + : RTTIME; [[ $(ulimit -SR) -eq 666666 ]]; [[ $(ulimit -HR) -eq 666666 ]];' + ++# RestrictFileSystems= ++# ++# Note: running instrumented binaries requires at least /proc to be accessible, so let's ++# skip the test when we're running under sanitizers ++if [[ ! -v ASAN_OPTIONS ]] && systemctl --version | grep "+BPF_FRAMEWORK" && kernel_supports_lsm bpf; then ++ ROOTFS="$(df --output=fstype /usr/bin | sed --quiet 2p)" ++ systemd-run --wait --pipe -p RestrictFileSystems="" ls / ++ systemd-run --wait --pipe -p RestrictFileSystems="$ROOTFS foo bar" ls / ++ (! systemd-run --wait --pipe -p RestrictFileSystems="$ROOTFS" ls /proc) ++ (! systemd-run --wait --pipe -p RestrictFileSystems="foo" ls /) ++ systemd-run --wait --pipe -p RestrictFileSystems="$ROOTFS foo bar baz proc" ls /proc ++ systemd-run --wait --pipe -p RestrictFileSystems="$ROOTFS @foo @basic-api" ls /proc ++ systemd-run --wait --pipe -p RestrictFileSystems="$ROOTFS @foo @basic-api" ls /sys/fs/cgroup ++ ++ systemd-run --wait --pipe -p RestrictFileSystems="~" ls / ++ systemd-run --wait --pipe -p RestrictFileSystems="~proc" ls / ++ systemd-run --wait --pipe -p RestrictFileSystems="~@basic-api" ls / ++ (! systemd-run --wait --pipe -p RestrictFileSystems="~$ROOTFS" ls /) ++ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc" ls /proc) ++ (! systemd-run --wait --pipe -p RestrictFileSystems="~@basic-api" ls /proc) ++ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc foo @bar @basic-api" ls /proc) ++ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc foo @bar @basic-api" ls /sys) ++ systemd-run --wait --pipe -p RestrictFileSystems="~proc devtmpfs sysfs" ls / ++ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc devtmpfs sysfs" ls /proc) ++ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc devtmpfs sysfs" ls /dev) ++ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc devtmpfs sysfs" ls /sys) ++fi ++ + # Ensure that clean-up codepaths work correctly if activation ultimately fails + touch /run/not-a-directory + mkdir /tmp/root +diff --git a/test/units/util.sh b/test/units/util.sh +index fdfb91f8c6..b5ed73237c 100755 +--- a/test/units/util.sh ++++ b/test/units/util.sh +@@ -197,3 +197,22 @@ openssl_supports_kdf() { + # but let's do that when/if the need arises + openssl kdf -keylen 16 -kdfopt digest:SHA2-256 -kdfopt key:foo -out /dev/null "$kdf" + } ++ ++kernel_supports_lsm() { ++ local lsm="${1:?}" ++ local items item ++ ++ if [[ ! -e /sys/kernel/security/lsm ]]; then ++ echo "/sys/kernel/security/lsm doesn't exist, assuming $lsm is not supported" ++ return 1 ++ fi ++ ++ mapfile -t -d, items Date: Thu, 23 Nov 2023 14:45:33 +0100 Subject: [PATCH 222/494] split-files: move static filelist config into split-files.py The idea was that it's nicer to keep that config in .spec where it's subject to syntax highlighting. split-files.py was supposed to a stand-alone program. But in practice this split is confusing, because file rules are listed in two places and we need to modify split-files.py quite often. This will be easier if everything is in one file. [skip changelog] --- split-files.py | 39 +++++++++++++++++++++++++++++++++++++-- systemd.spec | 39 ++------------------------------------- 2 files changed, 39 insertions(+), 39 deletions(-) diff --git a/split-files.py b/split-files.py index c6e3cb7..cd19a85 100644 --- a/split-files.py +++ b/split-files.py @@ -1,8 +1,43 @@ import re, sys, os, collections buildroot = sys.argv[1] -known_files = sys.stdin.read().splitlines() -known_files = {line.split()[-1]:line for line in known_files} + +known_files = ''' +%ghost %config(noreplace) /etc/crypttab +%ghost %attr(0444,root,root) /etc/udev/hwdb.bin +/etc/inittab +/usr/lib/systemd/purge-nobody-user +%ghost %config(noreplace) /etc/vconsole.conf +%ghost %config(noreplace) /etc/X11/xorg.conf.d/00-keyboard.conf +%ghost %attr(0664,root,root) %verify(not group) /run/utmp +%ghost %attr(0664,root,root) %verify(not group) /var/log/wtmp +%ghost %attr(0660,root,root) %verify(not group) /var/log/btmp +%ghost %attr(0664,root,root) %verify(not md5 size mtime group) /var/log/lastlog +%ghost %config(noreplace) /etc/hostname +%ghost %config(noreplace) /etc/localtime +%ghost %config(noreplace) /etc/locale.conf +%ghost %attr(0444,root,root) %config(noreplace) /etc/machine-id +%ghost %config(noreplace) /etc/machine-info +%ghost %attr(0700,root,root) %dir /var/cache/private +%ghost %attr(0700,root,root) %dir /var/lib/private +%ghost %dir /var/lib/private/systemd +%ghost %dir /var/lib/private/systemd/journal-upload +%ghost /var/lib/private/systemd/journal-upload/state +%ghost %dir /var/lib/systemd/timesync +%ghost /var/lib/systemd/timesync/clock +%ghost %dir /var/lib/systemd/backlight +%ghost /var/lib/systemd/catalog/database +%ghost %dir /var/lib/systemd/coredump +%ghost /var/lib/systemd/journal-upload +%ghost %dir /var/lib/systemd/linger +%ghost %attr(0600,root,root) /var/lib/systemd/random-seed +%ghost %dir /var/lib/systemd/rfkill +%ghost %dir %verify(not mode group) /var/log/journal +%ghost %dir /var/log/journal/remote +%ghost %attr(0700,root,root) %dir /var/log/private +'''.splitlines() + +known_files = {line.split()[-1]:line for line in known_files if line} def files(root): os.chdir(root) diff --git a/systemd.spec b/systemd.spec index 28fdc6d..a70d85e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -849,43 +849,8 @@ ln -s --relative %{buildroot}%{_bindir}/kernel-install %{buildroot}%{_sbindir}/i %find_lang %{name} -# Split files in build root into rpms. See split-files.py for the -# rules towards the end, anything which is an exception needs a line -# here. -python3 %{SOURCE2} %buildroot < Date: Thu, 23 Nov 2023 14:53:53 +0100 Subject: [PATCH 223/494] split-files: use a dictionary instead of many little variables Just refactoring, to make it easier to act on the list of outputs. [skip changelog] --- split-files.py | 84 ++++++++++++++++++++++++++------------------------ 1 file changed, 44 insertions(+), 40 deletions(-) diff --git a/split-files.py b/split-files.py index cd19a85..ad0d920 100644 --- a/split-files.py +++ b/split-files.py @@ -50,25 +50,29 @@ def files(root): if file.is_dir() and not file.is_symlink(): todo.append(file) -o_libs = open('.file-list-libs', 'w') -o_udev = open('.file-list-udev', 'w') -o_ukify = open('.file-list-ukify', 'w') -o_boot = open('.file-list-boot', 'w') -o_pam = open('.file-list-pam', 'w') -o_rpm_macros = open('.file-list-rpm-macros', 'w') -o_devel = open('.file-list-devel', 'w') -o_container = open('.file-list-container', 'w') -o_networkd = open('.file-list-networkd', 'w') -o_networkd_defaults = open('.file-list-networkd-defaults', 'w') -o_oomd_defaults = open('.file-list-oomd-defaults', 'w') -o_remote = open('.file-list-remote', 'w') -o_resolve = open('.file-list-resolve', 'w') -o_tests = open('.file-list-tests', 'w') -o_standalone_repart = open('.file-list-standalone-repart', 'w') -o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w') -o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w') -o_standalone_shutdown = open('.file-list-standalone-shutdown', 'w') -o_main = open('.file-list-main', 'w') +outputs = {suffix: open(f'.file-list-{suffix}', 'w') + for suffix in ( + 'libs', + 'udev', + 'ukify', + 'boot', + 'pam', + 'rpm-macros', + 'devel', + 'container', + 'networkd', + 'networkd-defaults', + 'oomd-defaults', + 'remote', + 'resolve', + 'tests', + 'standalone-repart', + 'standalone-tmpfiles', + 'standalone-sysusers', + 'standalone-shutdown', + 'main', + )} + for file in files(buildroot): n = file.path[1:] if re.match(r'''/usr/(share|include)$| @@ -95,36 +99,36 @@ for file in files(buildroot): if n.endswith('.standalone'): if 'repart' in n: - o = o_standalone_repart + o = outputs['standalone-repart'] elif 'tmpfiles' in n: - o = o_standalone_tmpfiles + o = outputs['standalone-tmpfiles'] elif 'sysusers' in n: - o = o_standalone_sysusers + o = outputs['standalone-sysusers'] elif 'shutdown' in n: - o = o_standalone_shutdown + o = outputs['standalone-shutdown'] else: assert False, 'Found .standalone not belonging to known packages' elif '/security/pam_' in n or '/man8/pam_' in n: - o = o_pam + o = outputs['pam'] elif '/rpm/' in n: - o = o_rpm_macros + o = outputs['rpm-macros'] elif '/usr/lib/systemd/tests' in n: - o = o_tests + o = outputs['tests'] elif 'ukify' in n: - o = o_ukify + o = outputs['ukify'] elif re.search(r'/libsystemd-(shared|core)-.*\.so$', n): - o = o_main + o = outputs['main'] elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n): - o = o_udev + o = outputs['udev'] elif re.search(r'/lib.*\.pc|/man3/|/usr/include|\.so$', n): - o = o_devel + o = outputs['devel'] elif re.search(r'''journal-(remote|gateway|upload)| systemd-remote\.conf| /usr/share/systemd/gatewayd| /var/log/journal/remote ''', n, re.X): - o = o_remote + o = outputs['remote'] elif re.search(r'''mymachines| machinectl| @@ -137,13 +141,13 @@ for file in files(buildroot): var-lib-machines.mount| org.freedesktop.(import|machine)1 ''', n, re.X): - o = o_container + o = outputs['container'] # .network.example files go into systemd-networkd, and the matching files # without .example go into systemd-networkd-defaults elif (re.search(r'''/usr/lib/systemd/network/.*\.network$''', n) and os.path.exists(f'./{n}.example')): - o = o_networkd_defaults + o = outputs['networkd-defaults'] elif re.search(r'''/usr/lib/systemd/network/.*\.network| networkd| @@ -154,13 +158,13 @@ for file in files(buildroot): systemd\.network| systemd\.netdev ''', n, re.X): - o = o_networkd + o = outputs['networkd'] elif '.so.' in n: - o = o_libs + o = outputs['libs'] elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X): - o = o_oomd_defaults + o = outputs['oomd-defaults'] elif re.search(r'''udev(?!\.pc)| hwdb| @@ -211,23 +215,23 @@ for file in files(buildroot): ''', n, re.X): # coredumpctl, homectl, portablectl are included in the main package because # they can be used to interact with remote daemons. Also, the user could be # confused if those user-facing binaries are not available. - o = o_udev + o = outputs['udev'] elif re.search(r'''/boot/efi| /usr/lib/systemd/boot| sd-boot|systemd-boot\.|loader.conf ''', n, re.X): - o = o_boot + o = outputs['boot'] elif re.search(r'''resolved|resolve1| systemd-resolve| resolvconf| systemd\.(positive|negative) ''', n, re.X): # resolvectl and nss-resolve are in the main package. - o = o_resolve + o = outputs['resolve'] else: - o = o_main + o = outputs['main'] if n in known_files: prefix = ' '.join(known_files[n].split()[:-1]) From 0e8fc18fbde4c57742cc844a73bc280b8929b781 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 23 Nov 2023 14:57:31 +0100 Subject: [PATCH 224/494] split-files: fail early if we split-files produces an empty output We would fail later anyway, because rpm refuses %files with an empty filelist file. But this is much later, after %check, so let's fail already in %install. [skip changelog] --- split-files.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/split-files.py b/split-files.py index ad0d920..d978886 100644 --- a/split-files.py +++ b/split-files.py @@ -249,3 +249,8 @@ for file in files(buildroot): suffix = '*' if '/man/' in n else '' print(f'{prefix}{n}{suffix}', file=o) + +if [print(f'ERROR: no file names were written to {o.name}') + for o in outputs.values() + if o.tell() == 0]: + sys.exit(1) From 453bbcb4233717f8e5ad5213882582484da8b7b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 23 Nov 2023 15:10:10 +0100 Subject: [PATCH 225/494] split-files: also handle conditional packages This is a bit annoying, but meh. [skip changelog] --- split-files.py | 7 +++++-- systemd.spec | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/split-files.py b/split-files.py index d978886..e03484f 100644 --- a/split-files.py +++ b/split-files.py @@ -1,6 +1,7 @@ import re, sys, os, collections buildroot = sys.argv[1] +no_bootloader = '--no-bootloader' in sys.argv known_files = ''' %ghost %config(noreplace) /etc/crypttab @@ -251,6 +252,8 @@ for file in files(buildroot): print(f'{prefix}{n}{suffix}', file=o) if [print(f'ERROR: no file names were written to {o.name}') - for o in outputs.values() - if o.tell() == 0]: + for name, o in outputs.items() + if (o.tell() == 0 and + not (no_bootloader and name in ('ukify', 'boot-unsigned'))) + ]: sys.exit(1) diff --git a/systemd.spec b/systemd.spec index a70d85e..ba7f6cb 100644 --- a/systemd.spec +++ b/systemd.spec @@ -850,7 +850,7 @@ ln -s --relative %{buildroot}%{_bindir}/kernel-install %{buildroot}%{_sbindir}/i %find_lang %{name} # Split files in build root into rpms -python3 %{SOURCE2} %buildroot +python3 %{SOURCE2} %buildroot %{!?want_bootloader:--no-bootloader} %check %if %{with tests} From 268ca6a05967f1b2fa5ff6eb1bf85f9f3e6266fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 2 Dec 2023 09:56:40 +0100 Subject: [PATCH 226/494] Version 255~rc4 --- ...se-bpf-outer-map-fd-in-systemd-execu.patch | 31 ------- ...ter_map_fd-to-sd-executor-only-if-Re.patch | 47 ---------- ...always-install-network-example-files.patch | 42 --------- ...art-rate-limit-for-systemd-vconsole-.patch | 45 --------- ...redundant-check-when-serializing-FDs.patch | 92 ------------------- ...ple-of-tests-for-RestrictFileSystems.patch | 89 ------------------ systemd.spec | 20 +--- 7 files changed, 1 insertion(+), 365 deletions(-) delete mode 100644 0001-Make-sure-we-close-bpf-outer-map-fd-in-systemd-execu.patch delete mode 100644 0001-core-pass-bpf_outer_map_fd-to-sd-executor-only-if-Re.patch delete mode 100644 0001-meson-always-install-network-example-files.patch delete mode 100644 0001-units-disable-start-rate-limit-for-systemd-vconsole-.patch delete mode 100644 0002-core-remove-redundant-check-when-serializing-FDs.patch delete mode 100644 0003-test-add-a-couple-of-tests-for-RestrictFileSystems.patch diff --git a/0001-Make-sure-we-close-bpf-outer-map-fd-in-systemd-execu.patch b/0001-Make-sure-we-close-bpf-outer-map-fd-in-systemd-execu.patch deleted file mode 100644 index 5388c6a..0000000 --- a/0001-Make-sure-we-close-bpf-outer-map-fd-in-systemd-execu.patch +++ /dev/null @@ -1,31 +0,0 @@ -From ef90e8f9db911626c8f5c18c49cf6fe445afdefb Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 30 Nov 2023 11:01:14 +0100 -Subject: [PATCH] Make sure we close bpf outer map fd in systemd-executor - -Not doing so leaks it into the child service and causes selinux -denials. ---- - src/core/execute-serialize.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c -index 56c4f4da8a..6c19cd42a2 100644 ---- a/src/core/execute-serialize.c -+++ b/src/core/execute-serialize.c -@@ -1625,6 +1625,12 @@ static int exec_parameters_deserialize(ExecParameters *p, FILE *f, FDSet *fds) { - if (fd < 0) - continue; - -+ /* This is special and relies on close-on-exec semantics, make sure it's -+ * there */ -+ r = fd_cloexec(fd, true); -+ if (r < 0) -+ return r; -+ - p->bpf_outer_map_fd = fd; - } else if ((val = startswith(l, "exec-parameters-notify-socket="))) { - r = free_and_strdup(&p->notify_socket, val); --- -2.43.0 - diff --git a/0001-core-pass-bpf_outer_map_fd-to-sd-executor-only-if-Re.patch b/0001-core-pass-bpf_outer_map_fd-to-sd-executor-only-if-Re.patch deleted file mode 100644 index cf947f2..0000000 --- a/0001-core-pass-bpf_outer_map_fd-to-sd-executor-only-if-Re.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 60ef4baeedc34b5c7ab0e2f211684f9b96d63f82 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Thu, 23 Nov 2023 19:08:22 +0000 -Subject: [PATCH 1/3] core: pass bpf_outer_map_fd to sd-executor only if - RestrictFileSystems was set - -It causes SELinux denials to be raised, so restrict it only where needed - -Follow-up for beb4ae87558cae ---- - src/core/execute-serialize.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c -index 342883994a..60c121a0d1 100644 ---- a/src/core/execute-serialize.c -+++ b/src/core/execute-serialize.c -@@ -1244,7 +1244,7 @@ static bool exec_parameters_is_idle_pipe_set(const ExecParameters *p) { - p->idle_pipe[3] >= 0; - } - --static int exec_parameters_serialize(const ExecParameters *p, FILE *f, FDSet *fds) { -+static int exec_parameters_serialize(const ExecParameters *p, const ExecContext *c, FILE *f, FDSet *fds) { - int r; - - assert(f); -@@ -1375,7 +1375,7 @@ static int exec_parameters_serialize(const ExecParameters *p, FILE *f, FDSet *fd - return r; - } - -- if (p->bpf_outer_map_fd >= 0) { -+ if (c && exec_context_restrict_filesystems_set(c) && p->bpf_outer_map_fd >= 0) { - r = serialize_fd(f, fds, "exec-parameters-bpf-outer-map-fd", p->bpf_outer_map_fd); - if (r < 0) - return r; -@@ -3860,7 +3860,7 @@ int exec_serialize_invocation( - if (r < 0) - return log_debug_errno(r, "Failed to serialize command: %m"); - -- r = exec_parameters_serialize(p, f, fds); -+ r = exec_parameters_serialize(p, ctx, f, fds); - if (r < 0) - return log_debug_errno(r, "Failed to serialize parameters: %m"); - --- -2.43.0 - diff --git a/0001-meson-always-install-network-example-files.patch b/0001-meson-always-install-network-example-files.patch deleted file mode 100644 index de84bf7..0000000 --- a/0001-meson-always-install-network-example-files.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 518d40b992abca8de5b9136e88748783200535da Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 23 Nov 2023 00:06:29 +0100 -Subject: [PATCH] meson: always install network example files - -I started working on integrating this in the Fedora package and realized that -the example files should be installed regardless of the renamed files when -default-network=true is used. This is because the renamed files become part of -a different package, and we want to have the other files which are used as -documentation in the main package anyway. ---- - network/meson.build | 9 ++++----- - 1 file changed, 4 insertions(+), 5 deletions(-) - -diff --git a/network/meson.build b/network/meson.build -index 4f17f7385e..2a472f4f51 100644 ---- a/network/meson.build -+++ b/network/meson.build -@@ -18,6 +18,10 @@ if conf.get('ENABLE_NETWORKD') == 1 - '80-wifi-station.network.example', - ) - -+ install_data( -+ example_network_files, -+ install_dir : networkdir) -+ - if get_option('default-network') - foreach f : example_network_files - install_data( -@@ -25,12 +29,7 @@ if conf.get('ENABLE_NETWORKD') == 1 - rename : fs.replace_suffix(fs.name(f), ''), - install_dir : networkdir) - endforeach -- else -- install_data( -- example_network_files, -- install_dir : networkdir) - endif -- - endif - - install_data('99-default.link', diff --git a/0001-units-disable-start-rate-limit-for-systemd-vconsole-.patch b/0001-units-disable-start-rate-limit-for-systemd-vconsole-.patch deleted file mode 100644 index 1c8d79a..0000000 --- a/0001-units-disable-start-rate-limit-for-systemd-vconsole-.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 4704176795c167d49f87dfea79193913e6c6d939 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sat, 25 Nov 2023 13:27:17 +0100 -Subject: [PATCH] units: disable start rate limit for - systemd-vconsole-setup.service - -The unit will be started or restarted a few times during boot, but but it has -StartLimitBurst = DefaultStartLimitBurst = 5, which means that the fifth -restart will already fail. On my laptop, I have exactly 4 restarts, so I don't -hit the limit, but on a slightly different system we will easily hit the limit. -In https://bugzilla.redhat.com/show_bug.cgi?id=2251394, there are five reloads -and we hit the limit. - -Since 6ef512c0bb7aeb2000588d7d05e23b4681da8657 we propagate the start counter -over switch-root and daemon reloads, so it's easier to hit the limit during -boot. - -In principle there might be systems with lots of vtcon devices, so let's just -allow the unit to be restarted without a limit. - -Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251394. ---- - units/systemd-vconsole-setup.service.in | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/units/systemd-vconsole-setup.service.in b/units/systemd-vconsole-setup.service.in -index 3475d456bc..c6c5bc9130 100644 ---- a/units/systemd-vconsole-setup.service.in -+++ b/units/systemd-vconsole-setup.service.in -@@ -17,6 +17,12 @@ DefaultDependencies=no - Before=sysinit.target - Before=initrd-switch-root.target shutdown.target - -+# This unit will be restarted by udev whenever a new vtcon device appears or is -+# triggered. Usually that happens just a handful of times during boot, but some -+# systems may have hundreds or thousands of serial consoles connected, so let's -+# just disable the limit altogether. -+StartLimitIntervalSec=0 -+ - [Service] - Type=oneshot - # This service will be restarted by udev whenever a new vtcon device appears. --- -2.43.0 - diff --git a/0002-core-remove-redundant-check-when-serializing-FDs.patch b/0002-core-remove-redundant-check-when-serializing-FDs.patch deleted file mode 100644 index e09a2e0..0000000 --- a/0002-core-remove-redundant-check-when-serializing-FDs.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 2d042c75ffb71f59ebd4689c3972786c29b4bf51 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Thu, 23 Nov 2023 19:14:45 +0000 -Subject: [PATCH 2/3] core: remove redundant check when serializing FDs - -The helpers already skip if the FD is < 0 ---- - src/core/execute-serialize.c | 50 ++++++++++++++---------------------- - 1 file changed, 19 insertions(+), 31 deletions(-) - -diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c -index 60c121a0d1..56c4f4da8a 100644 ---- a/src/core/execute-serialize.c -+++ b/src/core/execute-serialize.c -@@ -1274,11 +1274,9 @@ static int exec_parameters_serialize(const ExecParameters *p, const ExecContext - return r; - } - -- if (p->n_socket_fds + p->n_storage_fds > 0) { -- r = serialize_fd_many(f, fds, "exec-parameters-fds", p->fds, p->n_socket_fds + p->n_storage_fds); -- if (r < 0) -- return r; -- } -+ r = serialize_fd_many(f, fds, "exec-parameters-fds", p->fds, p->n_socket_fds + p->n_storage_fds); -+ if (r < 0) -+ return r; - } - - r = serialize_strv(f, "exec-parameters-fd-names", p->fd_names); -@@ -1351,31 +1349,23 @@ static int exec_parameters_serialize(const ExecParameters *p, const ExecContext - return r; - } - -- if (p->stdin_fd >= 0) { -- r = serialize_fd(f, fds, "exec-parameters-stdin-fd", p->stdin_fd); -- if (r < 0) -- return r; -- } -+ r = serialize_fd(f, fds, "exec-parameters-stdin-fd", p->stdin_fd); -+ if (r < 0) -+ return r; - -- if (p->stdout_fd >= 0) { -- r = serialize_fd(f, fds, "exec-parameters-stdout-fd", p->stdout_fd); -- if (r < 0) -- return r; -- } -+ r = serialize_fd(f, fds, "exec-parameters-stdout-fd", p->stdout_fd); -+ if (r < 0) -+ return r; - -- if (p->stderr_fd >= 0) { -- r = serialize_fd(f, fds, "exec-parameters-stderr-fd", p->stderr_fd); -- if (r < 0) -- return r; -- } -+ r = serialize_fd(f, fds, "exec-parameters-stderr-fd", p->stderr_fd); -+ if (r < 0) -+ return r; - -- if (p->exec_fd >= 0) { -- r = serialize_fd(f, fds, "exec-parameters-exec-fd", p->exec_fd); -- if (r < 0) -- return r; -- } -+ r = serialize_fd(f, fds, "exec-parameters-exec-fd", p->exec_fd); -+ if (r < 0) -+ return r; - -- if (c && exec_context_restrict_filesystems_set(c) && p->bpf_outer_map_fd >= 0) { -+ if (c && exec_context_restrict_filesystems_set(c)) { - r = serialize_fd(f, fds, "exec-parameters-bpf-outer-map-fd", p->bpf_outer_map_fd); - if (r < 0) - return r; -@@ -1401,11 +1391,9 @@ static int exec_parameters_serialize(const ExecParameters *p, const ExecContext - if (r < 0) - return r; - -- if (p->user_lookup_fd >= 0) { -- r = serialize_fd(f, fds, "exec-parameters-user-lookup-fd", p->user_lookup_fd); -- if (r < 0) -- return r; -- } -+ r = serialize_fd(f, fds, "exec-parameters-user-lookup-fd", p->user_lookup_fd); -+ if (r < 0) -+ return r; - - r = serialize_strv(f, "exec-parameters-files-env", p->files_env); - if (r < 0) --- -2.43.0 - diff --git a/0003-test-add-a-couple-of-tests-for-RestrictFileSystems.patch b/0003-test-add-a-couple-of-tests-for-RestrictFileSystems.patch deleted file mode 100644 index 4034b22..0000000 --- a/0003-test-add-a-couple-of-tests-for-RestrictFileSystems.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 4a43c2b3a1066247f26d8a6e52ebfc40852a5f7e Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Fri, 24 Nov 2023 16:00:15 +0100 -Subject: [PATCH 3/3] test: add a couple of tests for RestrictFileSystems= - ---- - test/units/testsuite-07.exec-context.sh | 31 +++++++++++++++++++++++++ - test/units/util.sh | 19 +++++++++++++++ - 2 files changed, 50 insertions(+) - -diff --git a/test/units/testsuite-07.exec-context.sh b/test/units/testsuite-07.exec-context.sh -index b4118d2fe8..10b425359d 100755 ---- a/test/units/testsuite-07.exec-context.sh -+++ b/test/units/testsuite-07.exec-context.sh -@@ -4,6 +4,9 @@ - set -eux - set -o pipefail - -+# shellcheck source=test/units/util.sh -+. "$(dirname "$0")"/util.sh -+ - # Make sure the unit's exec context matches its configuration - # See: https://github.com/systemd/systemd/pull/29552 - -@@ -284,6 +287,34 @@ systemd-run --wait --pipe "${ARGUMENTS[@]}" \ - ulimit -R || exit 0; - : RTTIME; [[ $(ulimit -SR) -eq 666666 ]]; [[ $(ulimit -HR) -eq 666666 ]];' - -+# RestrictFileSystems= -+# -+# Note: running instrumented binaries requires at least /proc to be accessible, so let's -+# skip the test when we're running under sanitizers -+if [[ ! -v ASAN_OPTIONS ]] && systemctl --version | grep "+BPF_FRAMEWORK" && kernel_supports_lsm bpf; then -+ ROOTFS="$(df --output=fstype /usr/bin | sed --quiet 2p)" -+ systemd-run --wait --pipe -p RestrictFileSystems="" ls / -+ systemd-run --wait --pipe -p RestrictFileSystems="$ROOTFS foo bar" ls / -+ (! systemd-run --wait --pipe -p RestrictFileSystems="$ROOTFS" ls /proc) -+ (! systemd-run --wait --pipe -p RestrictFileSystems="foo" ls /) -+ systemd-run --wait --pipe -p RestrictFileSystems="$ROOTFS foo bar baz proc" ls /proc -+ systemd-run --wait --pipe -p RestrictFileSystems="$ROOTFS @foo @basic-api" ls /proc -+ systemd-run --wait --pipe -p RestrictFileSystems="$ROOTFS @foo @basic-api" ls /sys/fs/cgroup -+ -+ systemd-run --wait --pipe -p RestrictFileSystems="~" ls / -+ systemd-run --wait --pipe -p RestrictFileSystems="~proc" ls / -+ systemd-run --wait --pipe -p RestrictFileSystems="~@basic-api" ls / -+ (! systemd-run --wait --pipe -p RestrictFileSystems="~$ROOTFS" ls /) -+ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc" ls /proc) -+ (! systemd-run --wait --pipe -p RestrictFileSystems="~@basic-api" ls /proc) -+ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc foo @bar @basic-api" ls /proc) -+ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc foo @bar @basic-api" ls /sys) -+ systemd-run --wait --pipe -p RestrictFileSystems="~proc devtmpfs sysfs" ls / -+ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc devtmpfs sysfs" ls /proc) -+ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc devtmpfs sysfs" ls /dev) -+ (! systemd-run --wait --pipe -p RestrictFileSystems="~proc devtmpfs sysfs" ls /sys) -+fi -+ - # Ensure that clean-up codepaths work correctly if activation ultimately fails - touch /run/not-a-directory - mkdir /tmp/root -diff --git a/test/units/util.sh b/test/units/util.sh -index fdfb91f8c6..b5ed73237c 100755 ---- a/test/units/util.sh -+++ b/test/units/util.sh -@@ -197,3 +197,22 @@ openssl_supports_kdf() { - # but let's do that when/if the need arises - openssl kdf -keylen 16 -kdfopt digest:SHA2-256 -kdfopt key:foo -out /dev/null "$kdf" - } -+ -+kernel_supports_lsm() { -+ local lsm="${1:?}" -+ local items item -+ -+ if [[ ! -e /sys/kernel/security/lsm ]]; then -+ echo "/sys/kernel/security/lsm doesn't exist, assuming $lsm is not supported" -+ return 1 -+ fi -+ -+ mapfile -t -d, items Date: Sat, 2 Dec 2023 10:28:45 +0100 Subject: [PATCH 227/494] Upload sources [skip changelog] --- sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources b/sources index b931cf6..20ad87b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-255-rc3.tar.gz) = f46eb9264fb03868926d1abaa4a90af41ac4b2c7770756b87b2f212cd40f3e0c044679d523cbea3078362b12c4a1ee50d73dbe2639980d55c394db9d1a587b6d +SHA512 (systemd-255-rc4.tar.gz) = 7845aeed50a64771da6a5a39266fdbeb8b3b030aca18e03ad22a91bbd0c852e9c713a3cdf83b5b9d2f7f0fbb7a52c0d3a0dd44f28afb082ca340b45d9d4c78f5 From a3dfa110ec033f9e518e0a54be321c8ff3439c8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 2 Dec 2023 10:56:51 +0100 Subject: [PATCH 228/494] split-files: fix check for empty package [skip changelog] --- split-files.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/split-files.py b/split-files.py index e03484f..23402d3 100644 --- a/split-files.py +++ b/split-files.py @@ -254,6 +254,6 @@ for file in files(buildroot): if [print(f'ERROR: no file names were written to {o.name}') for name, o in outputs.items() if (o.tell() == 0 and - not (no_bootloader and name in ('ukify', 'boot-unsigned'))) + not (no_bootloader and name in ('ukify', 'boot'))) ]: sys.exit(1) From e36c897dbdeec1099fa9e4ec428fb3bb080df646 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 4 Dec 2023 12:42:29 +0900 Subject: [PATCH 229/494] Replace deprecated boolean value with enabled/disabled [skip changelog] --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 6394857..82161d1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -622,9 +622,9 @@ CONFIGURE_OPTS=( -Dqrencode=%[%{defined rhel}?"disabled":"enabled"] -Dgnutls=%[%{with gnutls}?"enabled":"disabled"] -Dmicrohttpd=enabled - -Dvmspawn=true + -Dvmspawn=enabled -Dlibidn2=enabled - -Dlibiptc=false + -Dlibiptc=disabled -Dlibcurl=enabled -Dlibfido2=enabled -Dxenctrl=%[0%{?have_xen}?"enabled":"disabled"] From 3bab7a695c6fdb27c7800d47067b2203e2200869 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 4 Dec 2023 12:42:46 +0900 Subject: [PATCH 230/494] Drop deprecated split-usr option [skip changelog] --- systemd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 82161d1..f574aee 100644 --- a/systemd.spec +++ b/systemd.spec @@ -644,7 +644,6 @@ CONFIGURE_OPTS=( -Dnobody-user=nobody -Dnobody-group=nobody -Dcompat-mutable-uid-boundaries=true - -Dsplit-usr=false -Dsplit-bin=true -Db_lto=%[%{with lto}?"true":"false"] -Db_ndebug=false From 81bbc12743e3d152364ae74f625033a29174426f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 6 Dec 2023 22:19:12 +0100 Subject: [PATCH 231/494] Version 255 - Just a few bugfixes since 255-rc4: seccomp filters, logging, documentation, systemd-repart - Includes a hardware database update. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 20ad87b..e196ac7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-255-rc4.tar.gz) = 7845aeed50a64771da6a5a39266fdbeb8b3b030aca18e03ad22a91bbd0c852e9c713a3cdf83b5b9d2f7f0fbb7a52c0d3a0dd44f28afb082ca340b45d9d4c78f5 +SHA512 (systemd-255.tar.gz) = 51728de604c2169d8643718ac72acb8f70f613cfcca9e9abb7dac519f291fa26a16d48f24cae6897356319096cfe8f4d9377743e7870127374f98d432e0c557c diff --git a/systemd.spec b/systemd.spec index f574aee..8c31371 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 255~rc4 +Version: 255 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 40811593d0192308d73bebbf32a950a00f5c9821 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 8 Dec 2023 09:43:00 +0100 Subject: [PATCH 232/494] Move systemd-bsod is to udev subpackage --- split-files.py | 1 + 1 file changed, 1 insertion(+) diff --git a/split-files.py b/split-files.py index 23402d3..a025062 100644 --- a/split-files.py +++ b/split-files.py @@ -173,6 +173,7 @@ for file in files(buildroot): boot-update| bless-boot| boot-system-token| + bsod| kernel-install| installkernel| vconsole| From 29eb35530b29232eed65718d0cd96d67cd7ffd6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 8 Dec 2023 12:35:59 +0100 Subject: [PATCH 233/494] Move config files to /usr/lib/systemd MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ... (e.g. /etc/systemd/system.conf → /usr/lib/systemd/systemd.conf). Both config file locations were already supported, and the files installed in /etc/ were "empty" (i.e. they had only comments and section headers). The move does not change the configuration, but just makes /etc more empty by default. See https://github.com/systemd/systemd/commit/6495361c7d for more discussion and details. --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index 8c31371..a8946de 100644 --- a/systemd.spec +++ b/systemd.spec @@ -662,6 +662,7 @@ CONFIGURE_OPTS=( # https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer -Ddefault-timeout-sec=45 -Ddefault-user-timeout-sec=45 + -Dconfigfiledir=/usr/lib -Doomd=true -Dadm-gid=4 -Daudio-gid=63 From 245a2587e095a08a61af4e48f7daa57dee3629e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 8 Dec 2023 18:17:39 +0100 Subject: [PATCH 234/494] Add /etc/ssh/sshd_config.d to the file list This is a bit of a mess: sshd can only load configuration from /etc/ssh/sshd_config.d, and that directory is declared as non-world-readable. This is in violation of the packaging guidelines which say that packaged files must be world-readable, and also makes very little sense, since those files are part of the package payload. If we create the directory with different permissions, and list it in %files, installation will fail. If we don't list it in %files, and the user doesn't have openssh-server installed, they will have an unowned directory. Another option would be to depend on owner of this directory, i.e. openssh-server, but we don't want to have that dependency. So let's copy the %files line from openssh-server and figure out what to do if it changes in openssh-server again. --- split-files.py | 1 + 1 file changed, 1 insertion(+) diff --git a/split-files.py b/split-files.py index a025062..4f939ec 100644 --- a/split-files.py +++ b/split-files.py @@ -8,6 +8,7 @@ known_files = ''' %ghost %attr(0444,root,root) /etc/udev/hwdb.bin /etc/inittab /usr/lib/systemd/purge-nobody-user +%dir %attr(0700,root,root) /etc/ssh/sshd_config.d %ghost %config(noreplace) /etc/vconsole.conf %ghost %config(noreplace) /etc/X11/xorg.conf.d/00-keyboard.conf %ghost %attr(0664,root,root) %verify(not group) /run/utmp From 1d61a36c4c436c033981305afe15dada31ada6aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 9 Dec 2023 14:36:49 +0100 Subject: [PATCH 235/494] Add comment [skip changelog] --- split-files.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/split-files.py b/split-files.py index 4f939ec..5304bcc 100644 --- a/split-files.py +++ b/split-files.py @@ -8,6 +8,8 @@ known_files = ''' %ghost %attr(0444,root,root) /etc/udev/hwdb.bin /etc/inittab /usr/lib/systemd/purge-nobody-user +# This directory is owned by openssh-server, but we don't want to introduce +# a dependency. So let's copy the config and co-own the directory. %dir %attr(0700,root,root) /etc/ssh/sshd_config.d %ghost %config(noreplace) /etc/vconsole.conf %ghost %config(noreplace) /etc/X11/xorg.conf.d/00-keyboard.conf @@ -39,7 +41,8 @@ known_files = ''' %ghost %attr(0700,root,root) %dir /var/log/private '''.splitlines() -known_files = {line.split()[-1]:line for line in known_files if line} +known_files = {line.split()[-1]:line for line in known_files.splitlines() + if line and not line.startswith('#')} def files(root): os.chdir(root) From 3a8edc754038f889f4a97641a6b286eaefaf01f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 11 Dec 2023 22:51:48 +0100 Subject: [PATCH 236/494] Fix previous commit [skip changelog] --- split-files.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/split-files.py b/split-files.py index 5304bcc..a595392 100644 --- a/split-files.py +++ b/split-files.py @@ -39,7 +39,7 @@ known_files = ''' %ghost %dir %verify(not mode group) /var/log/journal %ghost %dir /var/log/journal/remote %ghost %attr(0700,root,root) %dir /var/log/private -'''.splitlines() +''' known_files = {line.split()[-1]:line for line in known_files.splitlines() if line and not line.startswith('#')} From 4c7acded2ace6fc074b80f098ee3754de758eab7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 13 Dec 2023 13:02:45 +0100 Subject: [PATCH 237/494] Do not remove modified config files Our config files in /etc/ were marked as %config(noreplace). This means that the would not be replaced on upgraded if local modifications have been made. But when we moved them to /usr/lib, they would be be renamed to .rpmsave, if they had local modifications. This is not what I expected, but what rpm apparently does. So we need to add them as %ghost to prevent the removal. This is probably for the better anyway. --- split-files.py | 15 ++++++++------- systemd.spec | 19 +++++++++++++++++++ 2 files changed, 27 insertions(+), 7 deletions(-) diff --git a/split-files.py b/split-files.py index a595392..3f66ada 100644 --- a/split-files.py +++ b/split-files.py @@ -240,17 +240,18 @@ for file in files(buildroot): o = outputs['main'] if n in known_files: - prefix = ' '.join(known_files[n].split()[:-1]) - if prefix: - prefix += ' ' + prefix = known_files[n].split()[:-1] elif file.is_dir() and not file.is_symlink(): - prefix = '%dir ' + prefix = ['%dir'] elif 'README' in n: - prefix = '%doc ' + prefix = ['%doc'] elif n.startswith('/etc'): - prefix = '%config(noreplace) ' + prefix = ['%config(noreplace)'] + if file.stat().st_size == 0: + prefix += ['%ghost'] else: - prefix = '' + prefix = [] + prefix = ' '.join(prefix + ['']) if prefix else '' suffix = '*' if '/man/' in n else '' diff --git a/systemd.spec b/systemd.spec index a8946de..070190b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -731,6 +731,25 @@ ln -sf ../bin/udevadm %{buildroot}%{_sbindir}/udevadm touch %{buildroot}/etc/crypttab chmod 600 %{buildroot}/etc/crypttab +# Config files that were moved under /usr. +# We need to %ghost them so that they are not removed on upgrades. +touch %{buildroot}/etc/systemd/coredump.conf \ + %{buildroot}/etc/systemd/homed.conf \ + %{buildroot}/etc/systemd/journald.conf \ + %{buildroot}/etc/systemd/journal-remote.conf \ + %{buildroot}/etc/systemd/journal-upload.conf \ + %{buildroot}/etc/systemd/logind.conf \ + %{buildroot}/etc/systemd/networkd.conf \ + %{buildroot}/etc/systemd/oomd.conf \ + %{buildroot}/etc/systemd/pstore.conf \ + %{buildroot}/etc/systemd/resolved.conf \ + %{buildroot}/etc/systemd/sleep.conf \ + %{buildroot}/etc/systemd/system.conf \ + %{buildroot}/etc/systemd/timesyncd.conf \ + %{buildroot}/etc/systemd/user.conf \ + %{buildroot}/etc/udev/udev.conf \ + %{buildroot}/etc/udev/iocost.conf + # /etc/initab install -Dm0644 -t %{buildroot}/etc/ %{SOURCE5} From 3211e4adfcca38dfe24188e28a65b1cf385ecfd6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 16 Dec 2023 11:07:35 +0100 Subject: [PATCH 238/494] Version 255.1 --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index e196ac7..ad62708 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-255.tar.gz) = 51728de604c2169d8643718ac72acb8f70f613cfcca9e9abb7dac519f291fa26a16d48f24cae6897356319096cfe8f4d9377743e7870127374f98d432e0c557c +SHA512 (systemd-255.1.tar.gz) = ec1506b8e36c943920d8a5a8f6bbedd687d6a8cbc5cd28510485aaa65b96ad1bb58e77cf138818c95d31ea748bb65c56b95efd781d18c8936e910e222e9fdedb diff --git a/systemd.spec b/systemd.spec index 070190b..ec214ca 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 255 +Version: 255.1 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From cd0e291d13db4fe21a0c6ec0f262f439a6d8fb23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 9 Jan 2024 10:12:34 +0100 Subject: [PATCH 239/494] Add missing %postun scriptlets for systemd-{resolved,networkd} ... (rhbz#2255718) I'm not sure what happened here. But I think both services should be fine with a restart and there is no reason not to do this. --- systemd.spec | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/systemd.spec b/systemd.spec index ec214ca..0359026 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1032,6 +1032,24 @@ fi %preun networkd %systemd_preun systemd-networkd.service systemd-networkd-wait-online.service +%postun networkd +%systemd_postun_with_restart systemd-networkd.service +%systemd_postun systemd-networkd-wait-online.service + +%post resolved +[ $1 -eq 1 ] || exit 0 +# Initial installation + +touch %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation + +# Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263 +if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then + echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd." + exit 0 +fi + +%systemd_post systemd-resolved.service + %preun resolved if [ $1 -eq 0 ] ; then systemctl disable --quiet \ @@ -1047,19 +1065,8 @@ if [ $1 -eq 0 ] ; then fi fi -%post resolved -[ $1 -eq 1 ] || exit 0 -# Initial installation - -touch %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation - -# Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263 -if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then - echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd." - exit 0 -fi - -%systemd_post systemd-resolved.service +%postun resolved +%systemd_postun_with_restart systemd-resolved.service %posttrans resolved [ -e %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation ] || exit 0 From 047337bfbcb1a19fa5e5942f36b060553a39f9a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 9 Jan 2024 15:52:01 +0100 Subject: [PATCH 240/494] Version 255.2 - Fixes missing DNSSEC validity check in SOA DNS packets (CVE-2023-7008) - systemd-resolved and systemd-networkd are restarted after an upgrade. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 0359026..14f79f7 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 255.1 +Version: 255.2 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From cb344fd09f2896ae9242ebbd70bfd031deacc5d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 9 Jan 2024 16:21:46 +0100 Subject: [PATCH 241/494] Upload sources [skip changelog] --- sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources b/sources index ad62708..6692a85 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-255.1.tar.gz) = ec1506b8e36c943920d8a5a8f6bbedd687d6a8cbc5cd28510485aaa65b96ad1bb58e77cf138818c95d31ea748bb65c56b95efd781d18c8936e910e222e9fdedb +SHA512 (systemd-255.2.tar.gz) = 0a9a43adc6d23f52349d298cdff3f3ae6accd7e43a33253608f7a9d241699c7cba3c9f6a0fa6da3ae3cba0e246e272076bfa2cdf5bade7bc019406f407be0bb9 From 7ec963cfce80fdd6ca56421a598f0230907671e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 23 Jan 2024 18:31:57 +0100 Subject: [PATCH 242/494] Add temporary patch to adjust uid range classification ... (rhbz#2251843) --- 30846.patch | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++ systemd.spec | 4 +++- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 30846.patch diff --git a/30846.patch b/30846.patch new file mode 100644 index 0000000..84a4163 --- /dev/null +++ b/30846.patch @@ -0,0 +1,55 @@ +From 07fd822c59e29b4f5e7dab029ea1186c1b862e3e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 9 Jan 2024 11:28:04 +0100 +Subject: [PATCH] journal: again create user journals for users with high uids + +This effectively reverts a change in 115d5145a257c1a27330acf9f063b5f4d910ca4d +'journald: move uid_for_system_journal() to uid-alloc-range.h', which slipped +in an additional check of uid_is_container(uid). The problem is that that change +is not backwards-compatible at all and very hard for users to handle. +There is no common agreement on mappings of high-range uids. Systemd declares +ownership of a large range for container uids in https://systemd.io/UIDS-GIDS/, +but this is only a recent change and various sites allocated those ranges +in a different way, in particular FreeIPA uses (used?) uids from this range +for human users. On big sites with lots of users changing uids is obviously a +hard problem. We generally assume that uids cannot be "freed" and/or changed +and/or reused safely, so we shouldn't demand the same from others. + +This is somewhat similar to the situation with SYSTEM_ALLOC_UID_MIN / +SYSTEM_UID_MAX, which we tried to define to a fixed value in our code, causing +huge problems for existing systems with were created with a different +definition and couldn't be easily updated. For that case, we added a +configuration time switch and we now parse /etc/login.defs to actually use the +value that is appropriate for the local system. + +Unfortunately, login.defs doesn't have a concept of container allocation ranges +(and we don't have code to parse and use those nonexistent names either), so we +can't tell users to adjust logind.defs to work around the changed definition. + +login.defs has SUB_UID_{MIN,MAX}, but those aren't really the same thing, +because they are used to define where the add allocations for subuids, which is +generally a much smaller range. Maybe we should talk with other folks about +the appropriate allocation ranges and define some new settings in login.defs. +But this would require discussion and coordination with other projects first. + +Actualy, it seems that this change was needed at all. The code in the container +does not log to the outside journal. It talks to its own journald, which does +journal splitting using its internal logic based on shifted uids. So let's +revert the change to fix user systems. + +Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843. +--- + src/basic/uid-alloc-range.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/uid-alloc-range.c b/src/basic/uid-alloc-range.c +index 669cb6d56f7be..7b724b7959f60 100644 +--- a/src/basic/uid-alloc-range.c ++++ b/src/basic/uid-alloc-range.c +@@ -127,5 +127,5 @@ bool uid_for_system_journal(uid_t uid) { + + /* Returns true if the specified UID shall get its data stored in the system journal. */ + +- return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY || uid_is_container(uid); ++ return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY; + } diff --git a/systemd.spec b/systemd.spec index 14f79f7..1400ccc 100644 --- a/systemd.spec +++ b/systemd.spec @@ -109,9 +109,11 @@ Patch0001: https://github.com/systemd/systemd/pull/26494.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0490: use-bfq-scheduler.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2251843 +Patch0491: https://github.com/systemd/systemd/pull/30846.patch # Adjust upstream config to use our shared stack -Patch0491: fedora-use-system-auth-in-pam-systemd-user.patch +Patch0499: fedora-use-system-auth-in-pam-systemd-user.patch %ifarch %{ix86} x86_64 aarch64 %global want_bootloader 1 From 6f32627f61be709fd2b7070530661dc6e0254998 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 25 Jan 2024 16:49:50 +0100 Subject: [PATCH 243/494] Version 255.3 - A bunch of various fixes for memory and behaviour, in many different components (bootctl, systemd, udev, systemd-networkd, systemd-homed, systemd-logind, systemd-resolve, systemd-repart, systemd-analyze, systemd-dissect, systemd-boot, pam modules, systemd-storagetm, systemd-journal-remote, kernel-install) - Improved detection of virtualization (Google Compute Engine, Apple Virt) - Updates for shell completions and docs - An update for hardware database --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 6692a85..97f147b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-255.2.tar.gz) = 0a9a43adc6d23f52349d298cdff3f3ae6accd7e43a33253608f7a9d241699c7cba3c9f6a0fa6da3ae3cba0e246e272076bfa2cdf5bade7bc019406f407be0bb9 +SHA512 (systemd-255.3.tar.gz) = c2868a53df2176649b0d0c94e5d451c46ba783bcdbc89ce12434ed2d11dba44b4854ffe4c2430f3f64eef2e214cbb51d5f740170afbd9edd66761a8851157453 diff --git a/systemd.spec b/systemd.spec index 1400ccc..ba01700 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 255.2 +Version: 255.3 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') From 92ef780f99da541c9f2976cd04de686548ebed1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 29 Jan 2024 11:23:07 +0100 Subject: [PATCH 244/494] Conflicts/Provides with systemd-standalone-repart are moved udev subpackage /usr/bin/systemd-repart is in systemd-udev, so this Conflicts/Provides combo was misplaced. (For the Conflicts, this is actually not a real issue, because systemd-udev Requires systemd, so transitively, the conflicting packages could not be installed. But for Provides, the issue is real, because systemd by itself does _not_ provide the binary.) This was noticed by rpmdeplint CI job: Undeclared file conflicts: systemd-standalone-repart-255.3-1.fc40.x86_64 provides /usr/bin/systemd-repart which is also provided by systemd-udev-255.2-2.fc40.x86_64 --- systemd.spec | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index ba01700..e98b28c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -253,8 +253,6 @@ Conflicts: dracut < 059-16 Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 -Conflicts: %{name}-standalone-repart < %{version}-%{release}^ -Provides: %{name}-repart = %{version}-%{release} Conflicts: %{name}-standalone-tmpfiles < %{version}-%{release}^ Provides: %{name}-tmpfiles = %{version}-%{release} Conflicts: %{name}-standalone-sysusers < %{version}-%{release}^ @@ -392,6 +390,9 @@ Obsoletes: u2f-hidraw-policy < 1.0.2-40 # self-obsoletes to install both packages after split of systemd-boot Obsoletes: systemd-udev < 252.2^ +Conflicts: %{name}-standalone-repart < %{version}-%{release}^ +Provides: %{name}-repart = %{version}-%{release} + %description udev This package contains systemd-udev and the rules and hardware database needed to manage device nodes. This package is necessary on physical machines and in From b375f983d99f397e184b1d5ab55c7d9674c853c4 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sun, 11 Feb 2024 12:41:32 +0100 Subject: [PATCH 245/494] Stop depending on filelists There's a bug in dnf5 where it always downloads filelists metadata even for file dependencies that are in the "allowed" paths, such as /usr/bin/getfacl. Let's use the package names for now to avoid downloading the filelists metadata unnecessarily. See https://bugzilla.redhat.com/show_bug.cgi?id=2263771 --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index e98b28c..a71549f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -134,9 +134,9 @@ BuildRequires: audit-libs-devel BuildRequires: cryptsetup-devel %endif BuildRequires: dbus-devel -BuildRequires: /usr/sbin/sfdisk +BuildRequires: util-linux # /usr/bin/getfacl is needed by test-acl-util -BuildRequires: /usr/bin/getfacl +BuildRequires: acl BuildRequires: libacl-devel BuildRequires: gobject-introspection-devel BuildRequires: libblkid-devel From a9172a2e9c8cd53f00453e15ec339229925c87df Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sun, 11 Feb 2024 12:48:19 +0100 Subject: [PATCH 246/494] Remove reconfiguration logic meson handles this internally since 1.3 so we don't need this logic anymore. --- systemd.spec | 8 -------- 1 file changed, 8 deletions(-) diff --git a/systemd.spec b/systemd.spec index a71549f..fe91d40 100644 --- a/systemd.spec +++ b/systemd.spec @@ -702,14 +702,6 @@ CONFIGURE_OPTS=( %global _lto_cflags %nil %endif -# Do configuration. If doing an inplace build, try to do -# reconfiguration to pick up new options. -%if %{with inplace} - command -v ccache 2>/dev/null && { CC="${CC:-ccache %__cc}"; CXX="${CXX:-ccache %__cxx}"; } - - [ -e %{_vpath_builddir}/build.ninja ] && - %__meson configure %{_vpath_builddir} "${CONFIGURE_OPTS[@]}" || -%endif { %meson "${CONFIGURE_OPTS[@]}"; } %meson_build From a95f14a72ed67f826802bb44714b0ec7dd9a2a11 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sun, 11 Feb 2024 12:52:56 +0100 Subject: [PATCH 247/494] Replace inplace macro with upstream macro Currently, the inplace macro only influences whether we use tools/meson-vcs-tag.sh to figure out the version instead of using the predefined one. But doing an inplace build shouldn't really affect the version, since it's possible to do an inplace builds that's not a git main upstream build, so the two concepts are disjoint. Instead, let's replace the "inplace" macro with an "upstream" macro to indicate that we're building from systemd git upstream. Aside from influencing the version, this also disables various patches and adds a libarchive dependency that was added upstream recently but isn't in an official release yet. --- README.build-in-place.md | 2 +- systemd.spec | 19 +++++++++++++++---- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/README.build-in-place.md b/README.build-in-place.md index 8c444c5..df108d1 100644 --- a/README.build-in-place.md +++ b/README.build-in-place.md @@ -7,7 +7,7 @@ and his [talk during ASG2019](https://www.youtube.com/watch?v=fVM1kJrymRM). git clone https://github.com/systemd/systemd fedpkg clone systemd fedora-systemd cd systemd -rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with inplace ../fedora-systemd/systemd.spec +rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with upstream ../fedora-systemd/systemd.spec sudo dnf upgrade --setopt install_weak_deps=False rpms/*/*.rpm ``` diff --git a/systemd.spec b/systemd.spec index fe91d40..354678e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -28,13 +28,12 @@ %bcond tests 1 %bcond lto 1 -# Support for quick builds with rpmbuild --build-in-place. -# See README.build-in-place. -%bcond inplace 0 +# Build from git main +%bcond upstream 0 Name: systemd Url: https://systemd.io -%if %{without inplace} +%if %{without upstream} Version: 255.3 %else # determine the build information from local checkout @@ -100,6 +99,8 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. +%if %{without upstream} + # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 # Drop when dracut-060 is available. @@ -115,6 +116,8 @@ Patch0491: https://github.com/systemd/systemd/pull/30846.patch # Adjust upstream config to use our shared stack Patch0499: fedora-use-system-auth-in-pam-systemd-user.patch +%endif + %ifarch %{ix86} x86_64 aarch64 %global want_bootloader 1 %endif @@ -206,6 +209,10 @@ BuildRequires: pkgconfig(bash-completion) BuildRequires: perl BuildRequires: perl(IPC::SysV) +%if %{with upstream} +BuildRequires: pkgconfig(libarchive) +%endif + %ifnarch %ix86 # bpftool is not built for i368 BuildRequires: bpftool @@ -282,6 +289,10 @@ Recommends: libelf.so.1(ELFUTILS_1.7)%{?elf_bits} Recommends: libcryptsetup.so.12%{?elf_suffix} Recommends: libcryptsetup.so.12(CRYPTSETUP_2.4)%{?elf_bits} +%if %{with upstream} +Recommends: libarchive.so.13%{?elf_suffix} +%endif + %description systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket From 3f657395214b75c7c7b8028091e7f534ae6f23a0 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 15 Feb 2024 20:21:25 +0100 Subject: [PATCH 248/494] Update usage of meson-vcs-tag.sh to account for upstream changes The second argument now specifies the version tag version so let's adapt. Because the script now supports running without any arguments at all, let's just do that. The output now also doesn't use any hyphens anymore so we get rid of the sed transformation as well; --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 354678e..d8a58e5 100644 --- a/systemd.spec +++ b/systemd.spec @@ -37,7 +37,7 @@ Url: https://systemd.io Version: 255.3 %else # determine the build information from local checkout -Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') +Version: %(tools/meson-vcs-tag.sh) %endif Release: %autorelease From 4c5b844e620bc610d792cc416fc436810c6441d8 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sat, 17 Feb 2024 17:58:18 +0100 Subject: [PATCH 249/494] Don't pass b_lto to meson Let's depend on %lto_cflags doing the right thing instead of manually passing the b_lto option to meson. --- systemd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index d8a58e5..75720d8 100644 --- a/systemd.spec +++ b/systemd.spec @@ -659,7 +659,6 @@ CONFIGURE_OPTS=( -Dnobody-group=nobody -Dcompat-mutable-uid-boundaries=true -Dsplit-bin=true - -Db_lto=%[%{with lto}?"true":"false"] -Db_ndebug=false -Dman=enabled -Dversion-tag=%{version}-%{release} From 74b3ef386f602ee69c0204525083aa45ade786ad Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sat, 17 Feb 2024 17:59:21 +0100 Subject: [PATCH 250/494] Stop passing %{release} to meson when building in upstream mode When building in upstream mode, the release doesn't really have any meaning so let's stop passing it as part of the version-tag and shared-library-tag arguments. This also makes it possible to make the release a timestamp so that each package built from upstream is guaranteed to be newer. If we pass the release to meson via version-tag and shared-library-tag and the release changes every build, we end up having constant rebuilds of various targets in meson that depend on the version. --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 75720d8..10ad145 100644 --- a/systemd.spec +++ b/systemd.spec @@ -661,9 +661,9 @@ CONFIGURE_OPTS=( -Dsplit-bin=true -Db_ndebug=false -Dman=enabled - -Dversion-tag=%{version}-%{release} + -Dversion-tag=%{version}%[%{without upstream}?"-%{release}":""] # https://bugzilla.redhat.com/show_bug.cgi?id=1906010 - -Dshared-lib-tag=%{version_no_tilde}-%{release} + -Dshared-lib-tag=%{version_no_tilde}%[%{without upstream}?"-%{release}":""] -Dfallback-hostname="localhost" -Ddefault-dnssec=no -Ddefault-dns-over-tls=no From 3520bb5c9267749043db39dfd24cb090157955b1 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sat, 17 Feb 2024 18:02:24 +0100 Subject: [PATCH 251/494] Allow overriding the version and release using macros Let's allow overriding the version and release by specifying the corresponding macros on the rpmbuild command line. This allows us to specify a custom version and release when doing upstream builds. --- systemd.spec | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/systemd.spec b/systemd.spec index 10ad145..0add847 100644 --- a/systemd.spec +++ b/systemd.spec @@ -33,13 +33,8 @@ Name: systemd Url: https://systemd.io -%if %{without upstream} -Version: 255.3 -%else -# determine the build information from local checkout -Version: %(tools/meson-vcs-tag.sh) -%endif -Release: %autorelease +Version: %{?version}%{!?version:255.3} +Release: %{?release}%{!?release:%autorelease} %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From 7740aea610b37fbac557cf4e73ae35bfa49b8b13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 20 Feb 2024 11:11:20 +0100 Subject: [PATCH 252/494] Let libkmod be a dlopen'ed dependency --- systemd.spec | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/systemd.spec b/systemd.spec index 0add847..a09be1d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -285,6 +285,15 @@ Recommends: libcryptsetup.so.12%{?elf_suffix} Recommends: libcryptsetup.so.12(CRYPTSETUP_2.4)%{?elf_bits} %if %{with upstream} +# Libkmod is used to load modules. +Recommends: libkmod.so.2%{?elf_suffix} +# kmod_list_next, kmod_load_resources, kmod_module_get_initstate, +# kmod_module_get_module, kmod_module_get_name, kmod_module_new_from_lookup, +# kmod_module_probe_insert_module, kmod_module_unref, kmod_module_unref_list, +# kmod_new, kmod_set_log_fn, kmod_unref, kmod_validate_resources +# are part of LIBKMOD_5. +Recommends: libkmod.so.2(LIBKMOD_5)%{?elf_bits} + Recommends: libarchive.so.13%{?elf_suffix} %endif @@ -366,6 +375,13 @@ Obsoletes: udev < 183 Requires: (grubby > 8.40-72 if grubby) Requires: (sdubby > 1.0-3 if sdubby) +%if %{with upstream} +# Libkmod is used to load modules. Assume that if we need udevd, we certainly +# want to load modules, so make this into a hard dependency here. +Requires: libkmod.so.2%{?elf_suffix} +Requires: libkmod.so.2(LIBKMOD_5)%{?elf_bits} +%endif + # Recommends to replace normal Requires deps for stuff that is dlopen()ed # used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home Recommends: libcryptsetup.so.12%{?elf_suffix} From 0a51fe1e6ba8b30fcdb2c2171fc49ea2e2d6a56d Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 20 Feb 2024 12:20:11 +0100 Subject: [PATCH 253/494] Use %version_override/%release_override to specify version/release by users When backporting the latest changes to CentOS Hyperscale reviewers were confused by using %version and %release to define "Version" and "Release" which are supposed to specify the values for %version and %release. Let's use different macros to make it more clear that these are supposed to be set by users building the rpm and add a comment to explain why we do this. --- systemd.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index a09be1d..0dc8f07 100644 --- a/systemd.spec +++ b/systemd.spec @@ -33,8 +33,10 @@ Name: systemd Url: https://systemd.io -Version: %{?version}%{!?version:255.3} -Release: %{?release}%{!?release:%autorelease} +# Allow users to specify the version and release when building the rpm by +# setting the %%version_override and %%release_override macros. +Version: %{?version_override}%{!?version_override:255.3} +Release: %{?release_override:%{release_override}%{?dist}}%{!?release_override:%autorelease} %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From 104532bab277f06e7c808f9661ce88324d4c07a0 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 21 Feb 2024 15:42:00 +0100 Subject: [PATCH 254/494] Apply pam patch when building for upstream It applies without conflicts and ensures coverage of a pretty important patch so let's apply it when building for upstream. --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 0dc8f07..f34169b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -110,11 +110,11 @@ Patch0490: use-bfq-scheduler.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch +%endif + # Adjust upstream config to use our shared stack Patch0499: fedora-use-system-auth-in-pam-systemd-user.patch -%endif - %ifarch %{ix86} x86_64 aarch64 %global want_bootloader 1 %endif From dc3dcc011438bf86eb921c2a92770556733a6453 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 21 Feb 2024 15:42:47 +0100 Subject: [PATCH 255/494] Allow setting extra configure options using %meson_extra_configure_options Will be used when building upstream to enable developer mode or sanitizers for example. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index f34169b..1dde420 100644 --- a/systemd.spec +++ b/systemd.spec @@ -725,7 +725,7 @@ CONFIGURE_OPTS=( %global _lto_cflags %nil %endif -{ %meson "${CONFIGURE_OPTS[@]}"; } +{ %meson "${CONFIGURE_OPTS[@]}" %{?meson_extra_configure_options} ; } %meson_build From e8d02128c9bfdd86b878235fc730a2863de1d1a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 1 Mar 2024 16:38:06 +0100 Subject: [PATCH 256/494] Version 255.4 --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 97f147b..3dc0d2e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-255.3.tar.gz) = c2868a53df2176649b0d0c94e5d451c46ba783bcdbc89ce12434ed2d11dba44b4854ffe4c2430f3f64eef2e214cbb51d5f740170afbd9edd66761a8851157453 +SHA512 (systemd-255.4.tar.gz) = 8a2bde11a55f7f788ba7751789a5e9be6ce9634e88d54e49f6e832c4c49020c6cacaf2a610fe26f92998b0cbf43c6c2150a96b2c0953d23261009f57d71ea979 diff --git a/systemd.spec b/systemd.spec index 1dde420..cdc5cfb 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:255.3} +Version: %{?version_override}%{!?version_override:255.4} Release: %{?release_override:%{release_override}%{?dist}}%{!?release_override:%autorelease} %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From 2822a03dded26b9453bddbba7c6a152de8204aec Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 7 Mar 2024 11:20:56 +0100 Subject: [PATCH 257/494] Build in developer mode when building for upstream --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index cdc5cfb..789ea36 100644 --- a/systemd.spec +++ b/systemd.spec @@ -611,7 +611,7 @@ package and is meant for use in exitrds. %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} CONFIGURE_OPTS=( - -Dmode=release + -Dmode=%[%{with upstream}?"developer":"release"] -Dsysvinit-path=/etc/rc.d/init.d -Drc-local=/etc/rc.d/rc.local -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' From ae8a47e92e42244f727755274a7065d8dc12e6ba Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 18 Mar 2024 14:25:44 +0100 Subject: [PATCH 258/494] Add psutil dependency to systemd-tests Required by systemd-networkd-tests.py --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index 789ea36..f100b17 100644 --- a/systemd.spec +++ b/systemd.spec @@ -556,6 +556,7 @@ Requires: %{name}%{_isa} = %{version}-%{release} # This dependency is provided transitively. Also add it explicitly to # appease rpminspect, https://github.com/rpminspect/rpminspect/issues/1231: Requires: %{name}-libs%{_isa} = %{version}-%{release} +Requires: python3dist(psutil) License: LGPL-2.1-or-later From 95a3861e920a57ede5fcde0ca426084fe7e62171 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 16 Mar 2024 16:59:07 +0100 Subject: [PATCH 259/494] Add R:systemd-udev to systemd-networkd subpackage ... (rhbz#2173425) --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index f100b17..159b38c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -507,6 +507,7 @@ systemd-journal-upload. %package networkd Summary: System daemon that manages network configurations Requires: %{name}%{_isa} = %{version}-%{release} +%{?fedora:Recommends: %{name}-udev = %{version}-%{release}} License: LGPL-2.1-or-later # https://src.fedoraproject.org/rpms/systemd/pull-request/34 Obsoletes: systemd < 246.6-2 From 2e32a339a10caad9392a7049bccfd1c4cd7c24cc Mon Sep 17 00:00:00 2001 From: David Tardon Date: Wed, 20 Mar 2024 10:50:38 +0100 Subject: [PATCH 260/494] Make Requires(*) on systemd versioned Most systemd tools run from scriptlets need libsystemd-shared-X.so (from systemd package), which contains version and release in it's name. Therefore, the same version of systemd package must be already installed when they run. Resolves: #2282821 --- systemd.spec | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/systemd.spec b/systemd.spec index 159b38c..2bebda2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -364,9 +364,9 @@ Summary: Rule-based device node and kernel event manager License: LGPL-2.1-or-later Requires: systemd%{_isa} = %{version}-%{release} -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd +Requires(post): systemd%{_isa} = %{version}-%{release} +Requires(preun): systemd%{_isa} = %{version}-%{release} +Requires(postun): systemd%{_isa} = %{version}-%{release} Requires(post): grep Requires: kmod >= 18-4 # https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1 @@ -470,9 +470,9 @@ the version that works with Secure Boot. # Name is the same as in Debian Summary: Tools for containers and VMs Requires: %{name}%{_isa} = %{version}-%{release} -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd +Requires(post): systemd%{_isa} = %{version}-%{release} +Requires(preun): systemd%{_isa} = %{version}-%{release} +Requires(postun): systemd%{_isa} = %{version}-%{release} # obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) Obsoletes: %{name} < 229-5 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) From ec5f3a94bce2474ea250e02ef8b2bd0b57b8727c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 21 Mar 2024 11:05:08 +0100 Subject: [PATCH 261/494] BR: add versioned dependency on binutils for ukify tests [skip changelog] --- systemd.spec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/systemd.spec b/systemd.spec index 2bebda2..a7bce17 100644 --- a/systemd.spec +++ b/systemd.spec @@ -437,6 +437,13 @@ Requires: python3dist(zstd) Requires: python3dist(cryptography) Recommends: python3dist(pillow) +# for tests +%ifarch riscv64 +# 2.42 received support for riscv64 + efi targets +%global binutils_version_req >= 2.42 +%endif +BuildRequires: binutils %{?binutils_version_req} + BuildArch: noarch %description ukify From e3e9477031d88374d2c2796ce765401f68b1653e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 22 Mar 2024 12:57:04 +0100 Subject: [PATCH 262/494] BR: valgrind is not available on riscv64 [skip changelog] --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index a7bce17..6ada273 100644 --- a/systemd.spec +++ b/systemd.spec @@ -201,7 +201,9 @@ BuildRequires: libseccomp-devel BuildRequires: meson >= 0.43 BuildRequires: gettext # We use RUNNING_ON_VALGRIND in tests, so the headers need to be available +%ifarch %{valgrind_arches} BuildRequires: valgrind-devel +%endif BuildRequires: pkgconfig(bash-completion) BuildRequires: perl BuildRequires: perl(IPC::SysV) From 58b044d8e9ccf7be153a4b3e8259b9cc51034f8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 22 Mar 2024 13:00:11 +0100 Subject: [PATCH 263/494] Adjust indentation [skip changelog] --- systemd.spec | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/systemd.spec b/systemd.spec index 6ada273..63974f2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -15,12 +15,12 @@ %global elf_suffix ()%{elf_bits} %endif -%bcond bzip2 1 -%bcond gnutls 1 -%bcond lz4 1 -%bcond xz 1 -%bcond zlib 1 -%bcond zstd 1 +%bcond bzip2 1 +%bcond gnutls 1 +%bcond lz4 1 +%bcond xz 1 +%bcond zlib 1 +%bcond zstd 1 # Bootstrap may be needed to break circular dependencies with cryptsetup, # e.g. when re-building cryptsetup on a json-c SONAME-bump. @@ -29,7 +29,7 @@ %bcond lto 1 # Build from git main -%bcond upstream 0 +%bcond upstream 0 Name: systemd Url: https://systemd.io From b6f8f82d8bb1b153b7ed2518b0ad7704ce480feb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 22 Mar 2024 13:01:02 +0100 Subject: [PATCH 264/494] Adjust release tag for riscv64 If it is specified externally, we hounour that. Otherwise, default to "1.0.riscv64" on riscv. --- systemd.spec | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/systemd.spec b/systemd.spec index 63974f2..d794e11 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,6 +31,12 @@ # Build from git main %bcond upstream 0 +%ifarch riscv64 +%if !%{defined release_override} +%global release_override 1.0.riscv64 +%endif +%endif + Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by From ac2364bc4b8f36bf1ca7bc6873e76c7c8ff8a406 Mon Sep 17 00:00:00 2001 From: David Abdurachmanov Date: Fri, 22 Mar 2024 13:03:35 +0100 Subject: [PATCH 265/494] Enable bootloader stack for riscv64 --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index d794e11..7801f4d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -121,7 +121,7 @@ Patch0491: https://github.com/systemd/systemd/pull/30846.patch # Adjust upstream config to use our shared stack Patch0499: fedora-use-system-auth-in-pam-systemd-user.patch -%ifarch %{ix86} x86_64 aarch64 +%ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 %endif From f1d38667ef013aa832f43ea7b5861efd29b09fee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 22 Mar 2024 13:09:25 +0100 Subject: [PATCH 266/494] Revert "Adjust release tag for riscv64" This reverts commit b6f8f82d8bb1b153b7ed2518b0ad7704ce480feb. It was a misunderstanding, it wasn't supposed to go in. --- systemd.spec | 6 ------ 1 file changed, 6 deletions(-) diff --git a/systemd.spec b/systemd.spec index 7801f4d..89f2a9f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,12 +31,6 @@ # Build from git main %bcond upstream 0 -%ifarch riscv64 -%if !%{defined release_override} -%global release_override 1.0.riscv64 -%endif -%endif - Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by From 3a8ac5baa8b26973a06ede0a709d83d1e446ff13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 27 Mar 2024 11:39:37 +0100 Subject: [PATCH 267/494] spec: sort and deduplicate gid configuration [skip changelog] --- systemd.spec | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/systemd.spec b/systemd.spec index 89f2a9f..d41bd8f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -677,8 +677,6 @@ CONFIGURE_OPTS=( -Ddefault-network=true -Dtests=unsafe -Dinstall-tests=true - -Dtty-gid=5 - -Dusers-gid=100 -Dnobody-user=nobody -Dnobody-group=nobody -Dcompat-mutable-uid-boundaries=true @@ -701,23 +699,24 @@ CONFIGURE_OPTS=( -Ddefault-user-timeout-sec=45 -Dconfigfiledir=/usr/lib -Doomd=true + -Dadm-gid=4 - -Daudio-gid=63 + -Dtty-gid=5 + -Ddisk-gid=6 + -Dlp-gid=7 + -Dkmem-gid=9 + -Dwheel-gid=10 -Dcdrom-gid=11 -Ddialout-gid=18 - -Ddisk-gid=6 - -Dinput-gid=104 - -Dkmem-gid=9 + -Dutmp-gid=22 + -Dtape-gid=33 -Dkvm-gid=36 - -Dlp-gid=7 + -Dvideo-gid=39 + -Daudio-gid=63 + -Dusers-gid=100 + -Dinput-gid=104 -Drender-gid=105 -Dsgx-gid=106 - -Dtape-gid=33 - -Dtty-gid=5 - -Dusers-gid=100 - -Dutmp-gid=22 - -Dvideo-gid=39 - -Dwheel-gid=10 -Dsystemd-journal-gid=190 -Dsystemd-network-uid=192 -Dsystemd-resolve-uid=193 From 976e1b0a6828cdc1ec6f3d227009dff5edfa744b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 27 Mar 2024 11:40:36 +0100 Subject: [PATCH 268/494] spec: add %bcond to build without documentation Building of the man pages takes quite a while. We can skip this step in integration mkosi tests, we don't care about documentation there. --- systemd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index d41bd8f..f1a53a7 100644 --- a/systemd.spec +++ b/systemd.spec @@ -27,6 +27,7 @@ %bcond bootstrap 0 %bcond tests 1 %bcond lto 1 +%bcond docs 1 # Build from git main %bcond upstream 0 @@ -174,8 +175,10 @@ BuildRequires: pkgconfig(tss2-rc) BuildRequires: pkgconfig(tss2-mu) BuildRequires: pkgconfig(libbpf) BuildRequires: systemtap-sdt-devel +%if %{with docs} BuildRequires: libxslt BuildRequires: docbook-style-xsl +%endif BuildRequires: pkgconfig BuildRequires: gperf BuildRequires: gawk @@ -682,7 +685,7 @@ CONFIGURE_OPTS=( -Dcompat-mutable-uid-boundaries=true -Dsplit-bin=true -Db_ndebug=false - -Dman=enabled + -Dman=%[%{with docs}?"enabled":"disabled"] -Dversion-tag=%{version}%[%{without upstream}?"-%{release}":""] # https://bugzilla.redhat.com/show_bug.cgi?id=1906010 -Dshared-lib-tag=%{version_no_tilde}%[%{without upstream}?"-%{release}":""] From 5a7cc0a327f3d0fe354f34639c200e482a5462d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 7 Apr 2024 10:57:36 +0200 Subject: [PATCH 269/494] Fix build with newer kernel headers [skip changelog] --- 32134.patch | 31 +++++++++++++++++++++++++++++++ systemd.spec | 2 ++ 2 files changed, 33 insertions(+) create mode 100644 32134.patch diff --git a/32134.patch b/32134.patch new file mode 100644 index 0000000..690bd09 --- /dev/null +++ b/32134.patch @@ -0,0 +1,31 @@ +From d0515eec3c38c9b53a8e30397cf9b40cda5d6b94 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 7 Apr 2024 10:39:20 +0200 +Subject: [PATCH] meson: do not fail build with newer kernel headers +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +systemd-255 is failing a build with the latest kernel headers… Let's downgrade +this warning, because it's fine if there's a file system we don't know about +and it makes thing less brittle if we don't treat this as a hard error. + +(I initially conditionalized this on BUILD_MODE, but I don't think we need a +hard error there either. A warning will be noticed and fixed.) +--- + src/basic/meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/meson.build b/src/basic/meson.build +index 1516a9f7af3e4..386d9ab6c9c50 100644 +--- a/src/basic/meson.build ++++ b/src/basic/meson.build +@@ -240,7 +240,7 @@ filesystem_includes = ['linux/magic.h', + check_filesystems = find_program('check-filesystems.sh') + r = run_command([check_filesystems, cpp, files('filesystems-gperf.gperf')] + filesystem_includes, check: false) + if r.returncode() != 0 +- error('Unknown filesystems defined in kernel headers:\n\n' + r.stdout()) ++ warning('Unknown filesystems defined in kernel headers:\n\n' + r.stdout()) + endif + + filesystems_gperf_h = custom_target( diff --git a/systemd.spec b/systemd.spec index f1a53a7..8a11e42 100644 --- a/systemd.spec +++ b/systemd.spec @@ -104,6 +104,8 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Drop when dracut-060 is available. Patch0001: https://github.com/systemd/systemd/pull/26494.patch +Patch0002: https://github.com/systemd/systemd/pull/32134.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From 3f8c38e5d6481fa01e766516cbdf7779c4a2825b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 8 Apr 2024 13:54:32 +0200 Subject: [PATCH 270/494] Drop perl from BR It was removed upstream in 711169905e75617eabf3934273aa37dac02c6458, except for one call in test/test-functions, but we don't run those during package build. [skip changelog] --- systemd.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 8a11e42..3b1e1fe 100644 --- a/systemd.spec +++ b/systemd.spec @@ -210,8 +210,6 @@ BuildRequires: gettext BuildRequires: valgrind-devel %endif BuildRequires: pkgconfig(bash-completion) -BuildRequires: perl -BuildRequires: perl(IPC::SysV) %if %{with upstream} BuildRequires: pkgconfig(libarchive) From a37923658fbe9f511c36d31f556eaada782691eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 10 Apr 2024 21:37:19 +0200 Subject: [PATCH 271/494] Prepare for bin-sbin merge https://fedoraproject.org/wiki/Changes/Unify_bin_and_sbin Skip symlinks if they'd point to themselves, rely on filesystem to create symlinks for us. --- systemd.spec | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 3b1e1fe..bce1978 100644 --- a/systemd.spec +++ b/systemd.spec @@ -269,6 +269,19 @@ Provides: %{name}-sysusers = %{version}-%{release} Conflicts: %{name}-standalone-shutdown < %{version}-%{release}^ Provides: %{name}-shutdown = %{version}-%{release} +%if "%{_sbindir}" == "%{_bindir}" +# Compat symlinks for Requires in other packages. +# We rely on filesystem to create the symlinks for us. +Requires: filesystem(unmerged-sbin-symlinks) +Provides: /usr/sbin/halt +Provides: /usr/sbin/init +Provides: /usr/sbin/poweroff +Provides: /usr/sbin/reboot +Provides: /usr/sbin/runlevel +Provides: /usr/sbin/shutdown +Provides: /usr/sbin/telinit +%endif + # Recommends to replace normal Requires deps for stuff that is dlopen()ed Recommends: libidn2.so.0%{?elf_suffix} Recommends: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} @@ -422,6 +435,13 @@ Obsoletes: systemd-udev < 252.2^ Conflicts: %{name}-standalone-repart < %{version}-%{release}^ Provides: %{name}-repart = %{version}-%{release} +%if "%{_sbindir}" == "%{_bindir}" +# Compat symlinks for Requires in other packages. +# We rely on filesystem to create the symlinks for us. +Requires: filesystem(unmerged-sbin-symlinks) +Provides: /usr/sbin/udevadm +%endif + %description udev This package contains systemd-udev and the rules and hardware database needed to manage device nodes. This package is necessary on physical machines and in @@ -755,8 +775,10 @@ sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user %meson_install # udev links +%if "%{_sbindir}" != "%{_bindir}" mkdir -p %{buildroot}/%{_sbindir} ln -sf ../bin/udevadm %{buildroot}%{_sbindir}/udevadm +%endif # Compatiblity and documentation files touch %{buildroot}/etc/crypttab @@ -997,7 +1019,7 @@ if [ -L %{_localstatedir}/lib/systemd/timesync ]; then rm %{_localstatedir}/lib/systemd/timesync mv %{_localstatedir}/lib/private/systemd/timesync %{_localstatedir}/lib/systemd/timesync fi -if [ -f %{_localstatedir}/lib/systemd/clock ] ; then +if [ -f %{_localstatedir}/lib/systemd/clock ]; then mkdir -p %{_localstatedir}/lib/systemd/timesync mv %{_localstatedir}/lib/systemd/clock %{_localstatedir}/lib/systemd/timesync/. fi From cffa0853c9bb4c27ed22e4c581d35fc2834e876f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 18 Apr 2024 13:45:24 +0200 Subject: [PATCH 272/494] Move systemctl symlinks to /usr/bin too [skip changelog] --- systemd.spec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/systemd.spec b/systemd.spec index bce1978..a4ded85 100644 --- a/systemd.spec +++ b/systemd.spec @@ -901,6 +901,13 @@ install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25} ln -s --relative %{buildroot}%{_bindir}/kernel-install %{buildroot}%{_sbindir}/installkernel +%if "%{_sbindir}" == "%{_bindir}" +# Systemd has the split-sbin option which is also used to select the directory +# for alias symlinks. We need to keep split-sbin=true for now, to support +# unmerged systems. Move the symlinks here instead. +mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ +%endif + %find_lang %{name} # Split files in build root into rpms From 041d0e2394300bb5ff1ab46f4d84778d64fcf36c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 24 Apr 2024 16:43:34 +0200 Subject: [PATCH 273/494] Version 255.5 - Many different small fixes: systemd itself, systemd-networkd, systemd-journal-remote, compilation fixes for newer kernels and clang, systemd-homed, systemd-resolved, ukify, systemd-tmpfiles, various other. --- 32134.patch | 31 ------------------------------- sources | 2 +- systemd.spec | 4 +--- 3 files changed, 2 insertions(+), 35 deletions(-) delete mode 100644 32134.patch diff --git a/32134.patch b/32134.patch deleted file mode 100644 index 690bd09..0000000 --- a/32134.patch +++ /dev/null @@ -1,31 +0,0 @@ -From d0515eec3c38c9b53a8e30397cf9b40cda5d6b94 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sun, 7 Apr 2024 10:39:20 +0200 -Subject: [PATCH] meson: do not fail build with newer kernel headers -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -systemd-255 is failing a build with the latest kernel headers… Let's downgrade -this warning, because it's fine if there's a file system we don't know about -and it makes thing less brittle if we don't treat this as a hard error. - -(I initially conditionalized this on BUILD_MODE, but I don't think we need a -hard error there either. A warning will be noticed and fixed.) ---- - src/basic/meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/meson.build b/src/basic/meson.build -index 1516a9f7af3e4..386d9ab6c9c50 100644 ---- a/src/basic/meson.build -+++ b/src/basic/meson.build -@@ -240,7 +240,7 @@ filesystem_includes = ['linux/magic.h', - check_filesystems = find_program('check-filesystems.sh') - r = run_command([check_filesystems, cpp, files('filesystems-gperf.gperf')] + filesystem_includes, check: false) - if r.returncode() != 0 -- error('Unknown filesystems defined in kernel headers:\n\n' + r.stdout()) -+ warning('Unknown filesystems defined in kernel headers:\n\n' + r.stdout()) - endif - - filesystems_gperf_h = custom_target( diff --git a/sources b/sources index 3dc0d2e..498b802 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-255.4.tar.gz) = 8a2bde11a55f7f788ba7751789a5e9be6ce9634e88d54e49f6e832c4c49020c6cacaf2a610fe26f92998b0cbf43c6c2150a96b2c0953d23261009f57d71ea979 +SHA512 (systemd-255.5.tar.gz) = 9c0b39379e9ef2af983d885ec3cac0377c90435846341bb4e22abf33c00cc1c9f40abba1d6f598300ffac18e2b27bf917eea41885b1413f63cb9902d2efe9bcc diff --git a/systemd.spec b/systemd.spec index a4ded85..99a1ccf 100644 --- a/systemd.spec +++ b/systemd.spec @@ -36,7 +36,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:255.4} +Version: %{?version_override}%{!?version_override:255.5} Release: %{?release_override:%{release_override}%{?dist}}%{!?release_override:%autorelease} %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -104,8 +104,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Drop when dracut-060 is available. Patch0001: https://github.com/systemd/systemd/pull/26494.patch -Patch0002: https://github.com/systemd/systemd/pull/32134.patch - # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From 69d6e4469589ae42c044383cd0173572f64b20fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 24 Apr 2024 16:45:03 +0200 Subject: [PATCH 274/494] Drop workaround to run generators without sandboxing ... (requirement on dracut >= 60 is added) --- 26494.patch | 30 ------------------------------ systemd.spec | 8 +------- 2 files changed, 1 insertion(+), 37 deletions(-) delete mode 100644 26494.patch diff --git a/26494.patch b/26494.patch deleted file mode 100644 index 19bc67b..0000000 --- a/26494.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 6b25470ee28843a49c50442e9d8a98edc842ceca Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 20 Feb 2023 12:00:30 +0900 -Subject: [PATCH] core/manager: run generators directly when we are in initrd - -Some initrd system write files at ourside of /run, /etc, or other -allowed places. This is a kind of workaround, but in most cases, such -sandboxing is not necessary as the filesystem is on ramfs when we are in -initrd. - -Fixes #26488. ---- - src/core/manager.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/core/manager.c b/src/core/manager.c -index 7b394794b0d4..306477c6e6c2 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -3822,8 +3822,8 @@ static int manager_run_generators(Manager *m) { - /* If we are the system manager, we fork and invoke the generators in a sanitized mount namespace. If - * we are the user manager, let's just execute the generators directly. We might not have the - * necessary privileges, and the system manager has already mounted /tmp/ and everything else for us. -- */ -- if (MANAGER_IS_USER(m)) { -+ * If we are in initrd, let's also execute the generators directly, as we are in ramfs. */ -+ if (MANAGER_IS_USER(m) || in_initrd()) { - r = manager_execute_generators(m, paths, /* remount_ro= */ false); - goto finish; - } diff --git a/systemd.spec b/systemd.spec index 99a1ccf..c2fae5c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -99,12 +99,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ %if %{without upstream} -# Work-around for dracut issue: run generators directly when we are in initrd -# https://bugzilla.redhat.com/show_bug.cgi?id=2164404 -# Drop when dracut-060 is available. -Patch0001: https://github.com/systemd/systemd/pull/26494.patch - - # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0490: use-bfq-scheduler.patch @@ -256,7 +250,7 @@ Conflicts: initscripts < 9.56.1 Conflicts: fedora-release < 23-0.12 %endif # Make sure that dracut supports systemd-executor and the renames done for v255 -Conflicts: dracut < 059-16 +Conflicts: dracut < 060 Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 From 4e7c10c3a59d286a33077539d75585ec45245e36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 24 Apr 2024 17:28:14 +0200 Subject: [PATCH 275/494] Reexec systemd in %postun (https://github.com/systemd/systemd/issues/5096) - The workaround dbus issues in upgrades from systemd-239 is dropped --- systemd.spec | 36 ++++++------------------------------ 1 file changed, 6 insertions(+), 30 deletions(-) diff --git a/systemd.spec b/systemd.spec index c2fae5c..968f43e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -917,33 +917,6 @@ meson test -C %{_vpath_builddir} -t 6 --print-errorlogs %post systemd-machine-id-setup &>/dev/null || : -# FIXME: move to %postun. We want to restart systemd *after* removing -# files from the old rpm. Right now we may still have bits the old -# setup if the files are not present in the new version. But before -# implement restarting of *other* services after the transaction, moving -# this would make things worse, increasing the number of warnings we get -# about needed daemon-reload. - -systemctl daemon-reexec &>/dev/null || { - # systemd v239 had bug #9553 in D-Bus authentication of the private socket, - # which was later fixed in v240 by #9625. - # - # The end result is that a `systemctl daemon-reexec` call as root will fail - # when upgrading from systemd v239, which means the system will not start - # running the new version of systemd after this post install script runs. - # - # To work around this issue, let's fall back to using a `kill -TERM 1` to - # re-execute the daemon when the `systemctl daemon-reexec` call fails. - # - # In order to prevent issues when the reason why the daemon-reexec failed is - # not the aforementioned bug, let's only use this fallback when: - # - we're upgrading this RPM package; and - # - we confirm that systemd is running as PID1 on this system. - if [ $1 -gt 1 ] && [ -d /run/systemd/system ] ; then - kill -TERM 1 &>/dev/null || : - fi -} - [ $1 -eq 1 ] || exit 0 # create /var/log/journal only on initial installation, @@ -965,9 +938,12 @@ systemctl preset-all &>/dev/null || : systemctl --global preset-all &>/dev/null || : %postun -if [ $1 -eq 1 ]; then - [ -w %{_localstatedir} ] && journalctl --update-catalog || : - systemd-tmpfiles --create &>/dev/null || : +if [ $1 -ge 1 ]; then + [ -w %{_localstatedir} ] && journalctl --update-catalog || : + + systemctl daemon-reexec || : + + systemd-tmpfiles --create &>/dev/null || : fi %systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service From c29942f58b39c463349421ee975712cf79514008 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 26 Apr 2024 08:53:40 +0200 Subject: [PATCH 276/494] Version 256~rc1 - See https://raw.githubusercontent.com/systemd/systemd/v256-rc1/NEWS. Too many changes to list or discuss here. --- 30846.patch | 12 ++++++------ sources | 2 +- systemd.spec | 9 +++------ 3 files changed, 10 insertions(+), 13 deletions(-) diff --git a/30846.patch b/30846.patch index 84a4163..f135830 100644 --- a/30846.patch +++ b/30846.patch @@ -1,4 +1,4 @@ -From 07fd822c59e29b4f5e7dab029ea1186c1b862e3e Mon Sep 17 00:00:00 2001 +From ca1344d04a9c1804234417dcfbd868524abc7ce6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 9 Jan 2024 11:28:04 +0100 Subject: [PATCH] journal: again create user journals for users with high uids @@ -39,13 +39,13 @@ revert the change to fix user systems. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843. --- - src/basic/uid-alloc-range.c | 2 +- + src/basic/uid-classification.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/src/basic/uid-alloc-range.c b/src/basic/uid-alloc-range.c -index 669cb6d56f7be..7b724b7959f60 100644 ---- a/src/basic/uid-alloc-range.c -+++ b/src/basic/uid-alloc-range.c +diff --git a/src/basic/uid-classification.c b/src/basic/uid-classification.c +index e2d2cebc6d..2c8b06c0d3 100644 +--- a/src/basic/uid-classification.c ++++ b/src/basic/uid-classification.c @@ -127,5 +127,5 @@ bool uid_for_system_journal(uid_t uid) { /* Returns true if the specified UID shall get its data stored in the system journal. */ diff --git a/sources b/sources index 498b802..15d046a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-255.5.tar.gz) = 9c0b39379e9ef2af983d885ec3cac0377c90435846341bb4e22abf33c00cc1c9f40abba1d6f598300ffac18e2b27bf917eea41885b1413f63cb9902d2efe9bcc +SHA512 (systemd-256-rc1.tar.gz) = 657d3e5743f7c951322907c94bcf08497f7e28efde8f08269173de4e53e57f883bae313a0bf2b5f88d762efa5816cb78f69c1b66c1e8ace7a4e4e005e7af5f14 diff --git a/systemd.spec b/systemd.spec index 968f43e..54c37fb 100644 --- a/systemd.spec +++ b/systemd.spec @@ -36,7 +36,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:255.5} +Version: %{?version_override}%{!?version_override:256~rc1} Release: %{?release_override:%{release_override}%{?dist}}%{!?release_override:%autorelease} %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -163,6 +163,8 @@ BuildRequires: qrencode-devel BuildRequires: libmicrohttpd-devel BuildRequires: libxkbcommon-devel BuildRequires: iptables-devel +BuildRequires: pkgconfig(bash-completion) +BuildRequires: pkgconfig(libarchive) BuildRequires: pkgconfig(libfido2) BuildRequires: pkgconfig(tss2-esys) BuildRequires: pkgconfig(tss2-rc) @@ -201,11 +203,6 @@ BuildRequires: gettext %ifarch %{valgrind_arches} BuildRequires: valgrind-devel %endif -BuildRequires: pkgconfig(bash-completion) - -%if %{with upstream} -BuildRequires: pkgconfig(libarchive) -%endif %ifnarch %ix86 # bpftool is not built for i368 From 9ebc196a772412104822587cddd9e5534bf91a11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 27 Apr 2024 20:24:22 +0200 Subject: [PATCH 277/494] Add Recommends for dlopen libraries They were already in place, but disabled using %{with upstream}. So it's enough to drop this conditionalization. --- systemd.spec | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/systemd.spec b/systemd.spec index 54c37fb..e7328bd 100644 --- a/systemd.spec +++ b/systemd.spec @@ -246,8 +246,9 @@ Conflicts: initscripts < 9.56.1 %if 0%{?fedora} Conflicts: fedora-release < 23-0.12 %endif -# Make sure that dracut supports systemd-executor and the renames done for v255 -Conflicts: dracut < 060 +# Make sure that dracut supports systemd-executor and the renames done for v255, +# and dlopen libraries and read-only fs in initrd. +Conflicts: dracut < 060-2 Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 @@ -293,7 +294,6 @@ Recommends: libelf.so.1(ELFUTILS_1.7)%{?elf_bits} Recommends: libcryptsetup.so.12%{?elf_suffix} Recommends: libcryptsetup.so.12(CRYPTSETUP_2.4)%{?elf_bits} -%if %{with upstream} # Libkmod is used to load modules. Recommends: libkmod.so.2%{?elf_suffix} # kmod_list_next, kmod_load_resources, kmod_module_get_initstate, @@ -304,7 +304,6 @@ Recommends: libkmod.so.2%{?elf_suffix} Recommends: libkmod.so.2(LIBKMOD_5)%{?elf_bits} Recommends: libarchive.so.13%{?elf_suffix} -%endif %description systemd is a system and service manager that runs as PID 1 and starts the rest @@ -384,12 +383,10 @@ Obsoletes: udev < 183 Requires: (grubby > 8.40-72 if grubby) Requires: (sdubby > 1.0-3 if sdubby) -%if %{with upstream} # Libkmod is used to load modules. Assume that if we need udevd, we certainly # want to load modules, so make this into a hard dependency here. Requires: libkmod.so.2%{?elf_suffix} Requires: libkmod.so.2(LIBKMOD_5)%{?elf_bits} -%endif # Recommends to replace normal Requires deps for stuff that is dlopen()ed # used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home From 529e5aa70e40d255d6d76c6380cb6b0495c3e026 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 27 Apr 2024 20:50:57 +0200 Subject: [PATCH 278/494] Drop trigger scriptlets for upgrades from systemd < 247 --- systemd.spec | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/systemd.spec b/systemd.spec index e7328bd..0ca444f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -951,26 +951,6 @@ if [ $1 -ge 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then /usr/lib/systemd/systemd-update-helper user-reexec || : fi -%triggerun resolved -- systemd < 246.1-1 -# This is for upgrades from previous versions before systemd-resolved became the default. -systemctl --no-reload preset systemd-resolved.service &>/dev/null || : - -if systemctl -q is-enabled systemd-resolved.service &>/dev/null; then - systemctl -q is-enabled NetworkManager.service 2>/dev/null && \ - ! test -L /etc/resolv.conf 2>/dev/null && \ - ! mountpoint /etc/resolv.conf &>/dev/null && \ - grep -q 'Generated by NetworkManager' /etc/resolv.conf 2>/dev/null && \ - echo -e '/etc/resolv.conf was generated by NetworkManager.\nRemoving it to let systemd-resolved manage this file.' && \ - mv -v /etc/resolv.conf /etc/resolv.conf.orig-with-nm && \ - ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf 2>/dev/null || : - - systemctl start systemd-resolved.service &>/dev/null || : -fi - -%triggerun -- systemd < 247.3-2 -# This is for upgrades from previous versions before oomd-defaults is available. -systemctl --no-reload preset systemd-oomd.service &>/dev/null || : - %triggerpostun -- systemd < 253~rc1-2 # This is for upgrades from previous versions where systemd-journald-audit.socket # had a static enablement symlink. From c6f7df8b6c1b764cb6e32240b866a00b11156649 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 27 Apr 2024 20:28:36 +0200 Subject: [PATCH 279/494] Add additional daemon-reexec for upgrades from old systemd versions https://github.com/systemd/systemd/issues/32508#issuecomment-2079991745 > The new systemd package does the reexec in %postun, but the old one does it in > %post. So if we install the new one, we don't do any reexec (since %postun > doesn't run in this case), but once we remove the old one we also don't do any > reexec, because in this case there's no reexec in %postun: > # dnf upgrade --rpmverbosity=debug ./*.rpm |& tee log.txt > ... > : %postun(systemd-255.5-1.fc41.x86_64): scriptlet start > D: %postun(systemd-255.5-1.fc41.x86_64): execv(/bin/sh) pid 2649 > D: Plugin: calling hook scriptlet_fork_post in selinux plugin > D: setexecfilecon: (/bin/sh, rpm_script_t) > + '[' 1 -eq 1 ']' > + '[' -w /var ']' > + journalctl --update-catalog > + systemd-tmpfiles --create --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index 0ca444f..c0ef7e4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -951,6 +951,10 @@ if [ $1 -ge 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then /usr/lib/systemd/systemd-update-helper user-reexec || : fi +%triggerun -- systemd < 256 +# This is for upgrades from previous versions before systemd restart was moved to %%postun +systemctl daemon-reexec || : + %triggerpostun -- systemd < 253~rc1-2 # This is for upgrades from previous versions where systemd-journald-audit.socket # had a static enablement symlink. From 580f7f149a4ffa9e7644ab9512a12ec4add18a1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 27 Apr 2024 21:28:03 +0200 Subject: [PATCH 280/494] Override release tag I think this is a bug in rpmautospec. The release tag is always generated as "1". Before this is investigated and fixed, just set it manually. [skip changelog] --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index c0ef7e4..7bd627d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -32,6 +32,8 @@ # Build from git main %bcond upstream 0 +%global release_override 4 + Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by From b9ec39c0efa664f18666c8c94140f3bbfb0bca3b Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Tue, 30 Apr 2024 14:39:11 +0200 Subject: [PATCH 281/494] spec: `systemd-ukify` should depend on `systemd-boot` `systemd-ukify` requires `/usr/lib/systemd/boot/efi/{addonx64,linuxx64}.efi.stub` to work properly, e.g. ``` Traceback (most recent call last): File "/usr/bin/ukify", line 1660, in main() File "/usr/bin/ukify", line 1648, in main check_inputs(opts) File "/usr/bin/ukify", line 390, in check_inputs value.open().close() File "/usr/lib64/python3.9/pathlib.py", line 1252, in open return io.open(self, mode, buffering, encoding, errors, newline, File "/usr/lib64/python3.9/pathlib.py", line 1120, in _opener return self._accessor.open(self, flags, mode) FileNotFoundError: [Errno 2] No such file or directory: '/usr/lib/systemd/boot/efi/addonx64.efi.stub' ``` `/usr/lib/systemd/boot/efi/{addonx64,linuxx64}.efi.stub` are now contained in `systemd-boot-unsigned` sub-package so adding a dependency on it seems like the easiest solution. Originally reported by: Vitaly Kuznetsov in https://issues.redhat.com/browse/RHEL-33990 Signed-off-by: Jan Macku --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index 7bd627d..7eab1e1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -445,6 +445,7 @@ machine, and to create or grow partitions and make file systems automatically. Summary: Tool to build Unified Kernel Images Requires: %{name} = %{version}-%{release} +Requires: systemd-boot Requires: python3dist(pefile) Requires: python3dist(zstd) Requires: python3dist(cryptography) From f872d00c6a788a952a99337e3fe2549e49363f0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 9 May 2024 12:06:12 +0200 Subject: [PATCH 282/494] Version 256-rc1^20240509git - There were some fixes merged upstream, so let's try again before v256-rc2 is released. --- sources | 2 +- systemd.spec | 8 +++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/sources b/sources index 15d046a..cd54bd0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256-rc1.tar.gz) = 657d3e5743f7c951322907c94bcf08497f7e28efde8f08269173de4e53e57f883bae313a0bf2b5f88d762efa5816cb78f69c1b66c1e8ace7a4e4e005e7af5f14 +SHA512 (systemd-1781de1.tar.gz) = caf850fe2b0a49b0808ed1767a0eb282136682ad52a815e422ddb69d8f9d0a40451ddc658815821fa1fa26cee8a0ab13e929457b71a0f15168c81e869ab884b9 diff --git a/systemd.spec b/systemd.spec index 7eab1e1..c495ef6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,4 +1,4 @@ -#global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa +%global commit 1781de18ab8ebc3e42a607851d8effb3b0355c87 %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} # We ship a .pc file but don't want to have a dep on pkg-config. We @@ -32,13 +32,11 @@ # Build from git main %bcond upstream 0 -%global release_override 4 - Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256~rc1} +Version: %{?version_override}%{!?version_override:256~rc1^20240509git%{shortcommit}} Release: %{?release_override:%{release_override}%{?dist}}%{!?release_override:%autorelease} %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -49,7 +47,7 @@ Summary: System and Service Manager # download tarballs with "spectool -g systemd.spec" %if %{defined commit} -Source0: https://github.com/systemd/systemd%{?stable:-stable}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz +Source0: https://github.com/systemd/systemd%[%stable?"-stable":""]/archive/%{commit}/%{name}-%{shortcommit}.tar.gz %else %if 0%{?stable} Source0: https://github.com/systemd/systemd-stable/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz From a2d3bbf3d2211e946357560c71bc58f984200030 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 11 May 2024 13:28:34 +0200 Subject: [PATCH 283/494] Temporarily drop call to varlink method to avoid SELinux denial There were a bunch of other commits incl. bugfixes that mean that it'd make sense to update to the latest snapshot, but I chose not to do that to avoid introducing new issues. We'll get -rc2 soon enough anyway. --- ...add-varlink-interface-for-registerin.patch | 426 ++++++++++++++++++ systemd.spec | 5 + 2 files changed, 431 insertions(+) create mode 100644 0001-Revert-machined-add-varlink-interface-for-registerin.patch diff --git a/0001-Revert-machined-add-varlink-interface-for-registerin.patch b/0001-Revert-machined-add-varlink-interface-for-registerin.patch new file mode 100644 index 0000000..7d833af --- /dev/null +++ b/0001-Revert-machined-add-varlink-interface-for-registerin.patch @@ -0,0 +1,426 @@ +From a915f0937e7cf8cc7968a4cfb4a8880480a657a6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sat, 11 May 2024 13:27:12 +0200 +Subject: [PATCH] Revert "machined: add varlink interface for registering + machines" + +This reverts commit 5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. +--- + man/systemd-machined.service.xml | 6 +- + src/machine/machine-varlink.c | 171 ------------------------ + src/machine/machine-varlink.h | 6 - + src/machine/machined-varlink.c | 62 +-------- + src/machine/machined.c | 5 +- + src/machine/machined.h | 3 +- + src/machine/meson.build | 1 - + src/shared/meson.build | 1 - + src/shared/varlink-io.systemd.Machine.c | 22 --- + src/shared/varlink-io.systemd.Machine.h | 6 - + 10 files changed, 8 insertions(+), 275 deletions(-) + delete mode 100644 src/machine/machine-varlink.c + delete mode 100644 src/machine/machine-varlink.h + delete mode 100644 src/shared/varlink-io.systemd.Machine.c + delete mode 100644 src/shared/varlink-io.systemd.Machine.h + +diff --git a/man/systemd-machined.service.xml b/man/systemd-machined.service.xml +index b2899ff0fd..f3d7755973 100644 +--- a/man/systemd-machined.service.xml ++++ b/man/systemd-machined.service.xml +@@ -100,12 +100,10 @@ + + The daemon provides both a C library interface + (which is shared with systemd-logind.service8) +- as well as a D-Bus interface and a Varlink interface. ++ as well as a D-Bus interface. + The library interface may be used to introspect and watch the state of virtual machines/containers. + The bus interface provides the same but in addition may also be used to register or terminate +- machines. The Varlink interface may be used to register machines with optional extensions, e.g. with an +- SSH key / address; it can be queried with +- varlinkctl introspect /run/systemd/machine/io.systemd.Machine io.systemd.Machine. ++ machines. + For more information please consult + sd-login3 + and +diff --git a/src/machine/machine-varlink.c b/src/machine/machine-varlink.c +deleted file mode 100644 +index 377b3d3f0e..0000000000 +--- a/src/machine/machine-varlink.c ++++ /dev/null +@@ -1,171 +0,0 @@ +-/* SPDX-License-Identifier: LGPL-2.1-or-later */ +- +-#include +- +-#include "sd-id128.h" +- +-#include "hostname-util.h" +-#include "json.h" +-#include "machine-varlink.h" +-#include "machine.h" +-#include "path-util.h" +-#include "pidref.h" +-#include "process-util.h" +-#include "socket-util.h" +-#include "string-util.h" +-#include "varlink.h" +- +-static JSON_DISPATCH_ENUM_DEFINE(dispatch_machine_class, MachineClass, machine_class_from_string); +- +-static int machine_name(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) { +- char **m = ASSERT_PTR(userdata); +- const char *hostname; +- int r; +- +- assert(variant); +- +- if (!json_variant_is_string(variant)) +- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name)); +- +- hostname = json_variant_string(variant); +- if (!hostname_is_valid(hostname, /* flags= */ 0)) +- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Invalid machine name"); +- +- r = free_and_strdup(m, hostname); +- if (r < 0) +- return json_log_oom(variant, flags); +- +- return 0; +-} +- +-static int machine_leader(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) { +- PidRef *leader = ASSERT_PTR(userdata); +- _cleanup_(pidref_done) PidRef temp = PIDREF_NULL; +- uint64_t k; +- int r; +- +- if (!json_variant_is_unsigned(variant)) +- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an integer.", strna(name)); +- +- k = json_variant_unsigned(variant); +- if (k > PID_T_MAX || !pid_is_valid(k)) +- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid PID.", strna(name)); +- +- if (k == 1) +- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid leader PID.", strna(name)); +- +- r = pidref_set_pid(&temp, k); +- if (r < 0) +- return json_log(variant, flags, r, "Failed to pin process " PID_FMT ": %m", leader->pid); +- +- pidref_done(leader); +- +- *leader = TAKE_PIDREF(temp); +- +- return 0; +-} +- +-static int machine_ifindices(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) { +- Machine *m = ASSERT_PTR(userdata); +- _cleanup_free_ int *netif = NULL; +- size_t n_netif, k = 0; +- +- assert(variant); +- +- if (!json_variant_is_array(variant)) +- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name)); +- +- n_netif = json_variant_elements(variant); +- +- netif = new(int, n_netif); +- if (!netif) +- return json_log_oom(variant, flags); +- +- JsonVariant *i; +- JSON_VARIANT_ARRAY_FOREACH(i, variant) { +- uint64_t b; +- +- if (!json_variant_is_unsigned(i)) +- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Element %zu of JSON field '%s' is not an unsigned integer.", k, strna(name)); +- +- b = json_variant_unsigned(i); +- if (b > INT_MAX || b <= 0) +- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Invalid network interface index %"PRIu64, b); +- +- netif[k++] = (int) b; +- } +- assert(k == n_netif); +- +- free_and_replace(m->netif, netif); +- m->n_netif = n_netif; +- +- return 0; +-} +- +-static int machine_cid(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) { +- unsigned cid, *c = ASSERT_PTR(userdata); +- +- assert(variant); +- +- if (!json_variant_is_unsigned(variant)) +- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name)); +- +- cid = json_variant_unsigned(variant); +- if (!VSOCK_CID_IS_REGULAR(cid)) +- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a regular VSOCK CID.", strna(name)); +- +- *c = cid; +- +- return 0; +-} +- +-int vl_method_register(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) { +- Manager *manager = ASSERT_PTR(userdata); +- _cleanup_(machine_freep) Machine *machine = NULL; +- int r; +- +- static const JsonDispatch dispatch_table[] = { +- { "name", JSON_VARIANT_STRING, machine_name, offsetof(Machine, name), JSON_MANDATORY }, +- { "id", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(Machine, id), 0 }, +- { "service", JSON_VARIANT_STRING, json_dispatch_string, offsetof(Machine, service), 0 }, +- { "class", JSON_VARIANT_STRING, dispatch_machine_class, offsetof(Machine, class), JSON_MANDATORY }, +- { "leader", JSON_VARIANT_UNSIGNED, machine_leader, offsetof(Machine, leader), 0 }, +- { "rootDirectory", JSON_VARIANT_STRING, json_dispatch_absolute_path, offsetof(Machine, root_directory), 0 }, +- { "ifIndices", JSON_VARIANT_ARRAY, machine_ifindices, 0, 0 }, +- { "vsockCid", JSON_VARIANT_UNSIGNED, machine_cid, offsetof(Machine, vsock_cid), 0 }, +- { "sshAddress", JSON_VARIANT_STRING, json_dispatch_string, offsetof(Machine, ssh_address), JSON_SAFE }, +- { "sshPrivateKeyPath", JSON_VARIANT_STRING, json_dispatch_absolute_path, offsetof(Machine, ssh_private_key_path), 0 }, +- {} +- }; +- +- r = machine_new(_MACHINE_CLASS_INVALID, NULL, &machine); +- if (r < 0) +- return r; +- +- r = varlink_dispatch(link, parameters, dispatch_table, machine); +- if (r != 0) +- return r; +- +- if (!pidref_is_set(&machine->leader)) { +- r = varlink_get_peer_pidref(link, &machine->leader); +- if (r < 0) +- return r; +- } +- +- r = machine_link(manager, machine); +- if (r < 0) +- return r; +- +- r = cg_pidref_get_unit(&machine->leader, &machine->unit); +- if (r < 0) +- return r; +- +- r = machine_start(machine, NULL, NULL); +- if (r < 0) +- return r; +- +- /* the manager will free this machine */ +- TAKE_PTR(machine); +- +- return varlink_reply(link, NULL); +-} +diff --git a/src/machine/machine-varlink.h b/src/machine/machine-varlink.h +deleted file mode 100644 +index ce4ec54dc1..0000000000 +--- a/src/machine/machine-varlink.h ++++ /dev/null +@@ -1,6 +0,0 @@ +-/* SPDX-License-Identifier: LGPL-2.1-or-later */ +-#pragma once +- +-#include "varlink.h" +- +-int vl_method_register(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata); +diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c +index 0d3ae627c1..6ca98e27cf 100644 +--- a/src/machine/machined-varlink.c ++++ b/src/machine/machined-varlink.c +@@ -1,12 +1,10 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + + #include "format-util.h" +-#include "machine-varlink.h" + #include "machined-varlink.h" + #include "mkdir.h" + #include "user-util.h" + #include "varlink.h" +-#include "varlink-io.systemd.Machine.h" + #include "varlink-io.systemd.UserDatabase.h" + + typedef struct LookupParameters { +@@ -380,13 +378,13 @@ static int vl_method_get_memberships(Varlink *link, JsonVariant *parameters, Var + return varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL); + } + +-static int manager_varlink_init_userdb(Manager *m) { ++int manager_varlink_init(Manager *m) { + _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; + int r; + + assert(m); + +- if (m->varlink_userdb_server) ++ if (m->varlink_server) + return 0; + + r = varlink_server_new(&s, VARLINK_SERVER_ACCOUNT_UID|VARLINK_SERVER_INHERIT_USERDATA); +@@ -417,64 +415,12 @@ static int manager_varlink_init_userdb(Manager *m) { + if (r < 0) + return log_error_errno(r, "Failed to attach varlink connection to event loop: %m"); + +- m->varlink_userdb_server = TAKE_PTR(s); +- return 0; +-} +- +-static int manager_varlink_init_machine(Manager *m) { +- _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; +- int r; +- +- assert(m); +- +- if (m->varlink_machine_server) +- return 0; +- +- r = varlink_server_new(&s, VARLINK_SERVER_ROOT_ONLY|VARLINK_SERVER_INHERIT_USERDATA); +- if (r < 0) +- return log_error_errno(r, "Failed to allocate varlink server object: %m"); +- +- varlink_server_set_userdata(s, m); +- +- r = varlink_server_add_interface(s, &vl_interface_io_systemd_Machine); +- if (r < 0) +- return log_error_errno(r, "Failed to add UserDatabase interface to varlink server: %m"); +- +- r = varlink_server_bind_method(s, "io.systemd.Machine.Register", vl_method_register); +- if (r < 0) +- return log_error_errno(r, "Failed to register varlink methods: %m"); +- +- (void) mkdir_p("/run/systemd/machine", 0755); +- +- r = varlink_server_listen_address(s, "/run/systemd/machine/io.systemd.Machine", 0666); +- if (r < 0) +- return log_error_errno(r, "Failed to bind to varlink socket: %m"); +- +- r = varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); +- if (r < 0) +- return log_error_errno(r, "Failed to attach varlink connection to event loop: %m"); +- +- m->varlink_machine_server = TAKE_PTR(s); +- return 0; +-} +- +-int manager_varlink_init(Manager *m) { +- int r; +- +- r = manager_varlink_init_userdb(m); +- if (r < 0) +- return r; +- +- r = manager_varlink_init_machine(m); +- if (r < 0) +- return r; +- ++ m->varlink_server = TAKE_PTR(s); + return 0; + } + + void manager_varlink_done(Manager *m) { + assert(m); + +- m->varlink_userdb_server = varlink_server_unref(m->varlink_userdb_server); +- m->varlink_machine_server = varlink_server_unref(m->varlink_machine_server); ++ m->varlink_server = varlink_server_unref(m->varlink_server); + } +diff --git a/src/machine/machined.c b/src/machine/machined.c +index d7087e4672..2638ed572e 100644 +--- a/src/machine/machined.c ++++ b/src/machine/machined.c +@@ -316,10 +316,7 @@ static bool check_idle(void *userdata) { + if (m->operations) + return false; + +- if (varlink_server_current_connections(m->varlink_userdb_server) > 0) +- return false; +- +- if (varlink_server_current_connections(m->varlink_machine_server) > 0) ++ if (varlink_server_current_connections(m->varlink_server) > 0) + return false; + + manager_gc(m, true); +diff --git a/src/machine/machined.h b/src/machine/machined.h +index 67abed0fd6..280c32bab6 100644 +--- a/src/machine/machined.h ++++ b/src/machine/machined.h +@@ -40,8 +40,7 @@ struct Manager { + sd_event_source *nscd_cache_flush_event; + #endif + +- VarlinkServer *varlink_userdb_server; +- VarlinkServer *varlink_machine_server; ++ VarlinkServer *varlink_server; + }; + + int manager_add_machine(Manager *m, const char *name, Machine **_machine); +diff --git a/src/machine/meson.build b/src/machine/meson.build +index 3150b33de5..c82a32589d 100644 +--- a/src/machine/meson.build ++++ b/src/machine/meson.build +@@ -3,7 +3,6 @@ + libmachine_core_sources = files( + 'image-dbus.c', + 'machine-dbus.c', +- 'machine-varlink.c', + 'machine.c', + 'machined-core.c', + 'machined-dbus.c', +diff --git a/src/shared/meson.build b/src/shared/meson.build +index d01367a159..17313aefed 100644 +--- a/src/shared/meson.build ++++ b/src/shared/meson.build +@@ -180,7 +180,6 @@ shared_sources = files( + 'varlink-io.systemd.Credentials.c', + 'varlink-io.systemd.Hostname.c', + 'varlink-io.systemd.Journal.c', +- 'varlink-io.systemd.Machine.c', + 'varlink-io.systemd.ManagedOOM.c', + 'varlink-io.systemd.MountFileSystem.c', + 'varlink-io.systemd.NamespaceResource.c', +diff --git a/src/shared/varlink-io.systemd.Machine.c b/src/shared/varlink-io.systemd.Machine.c +deleted file mode 100644 +index 936f01f366..0000000000 +--- a/src/shared/varlink-io.systemd.Machine.c ++++ /dev/null +@@ -1,22 +0,0 @@ +-/* SPDX-License-Identifier: LGPL-2.1-or-later */ +- +-#include "varlink-idl.h" +-#include "varlink-io.systemd.Machine.h" +- +-static VARLINK_DEFINE_METHOD( +- Register, +- VARLINK_DEFINE_INPUT(name, VARLINK_STRING, 0), +- VARLINK_DEFINE_INPUT(id, VARLINK_STRING, VARLINK_NULLABLE), +- VARLINK_DEFINE_INPUT(service, VARLINK_STRING, VARLINK_NULLABLE), +- VARLINK_DEFINE_INPUT(class, VARLINK_STRING, 0), +- VARLINK_DEFINE_INPUT(leader, VARLINK_INT, VARLINK_NULLABLE), +- VARLINK_DEFINE_INPUT(rootDirectory, VARLINK_STRING, VARLINK_NULLABLE), +- VARLINK_DEFINE_INPUT(ifIndices, VARLINK_INT, VARLINK_ARRAY|VARLINK_NULLABLE), +- VARLINK_DEFINE_INPUT(vsockCid, VARLINK_INT, VARLINK_NULLABLE), +- VARLINK_DEFINE_INPUT(sshAddress, VARLINK_STRING, VARLINK_NULLABLE), +- VARLINK_DEFINE_INPUT(sshPrivateKeyPath, VARLINK_STRING, VARLINK_NULLABLE)); +- +-VARLINK_DEFINE_INTERFACE( +- io_systemd_Machine, +- "io.systemd.Machine", +- &vl_method_Register); +diff --git a/src/shared/varlink-io.systemd.Machine.h b/src/shared/varlink-io.systemd.Machine.h +deleted file mode 100644 +index c9fc85f150..0000000000 +--- a/src/shared/varlink-io.systemd.Machine.h ++++ /dev/null +@@ -1,6 +0,0 @@ +-/* SPDX-License-Identifier: LGPL-2.1-or-later */ +-#pragma once +- +-#include "varlink-idl.h" +- +-extern const VarlinkInterface vl_interface_io_systemd_Machine; diff --git a/systemd.spec b/systemd.spec index c495ef6..3346ee7 100644 --- a/systemd.spec +++ b/systemd.spec @@ -98,6 +98,11 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # applying upstream pull requests. %if %{without upstream} +# Drop varlink method call until selinux policy is updated, +# see https://bodhi.fedoraproject.org/updates/FEDORA-2024-d5c99f5063, +# https://bugzilla.redhat.com/show_bug.cgi?id=2279923. +# Reverts https://github.com/systemd/systemd/commit/5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. +Patch0001: 0001-Revert-machined-add-varlink-interface-for-registerin.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From 491a9ed5d15e1b535bdc80f6c1f0d55b1b63af3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 27 Apr 2024 21:28:03 +0200 Subject: [PATCH 284/494] Override release tag I think this is a bug in rpmautospec. The release tag is always generated as "1". Before this is investigated and fixed, just set it manually. [skip changelog] --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 3346ee7..edc58b3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -32,6 +32,8 @@ # Build from git main %bcond upstream 0 +%global release_override 2 + Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by From f2d12ae6d19fba28ade613fe7b39b07fb97c659f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 13 May 2024 13:26:25 +0200 Subject: [PATCH 285/494] Make %release_override overridable from outside --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index edc58b3..bfe692f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -32,7 +32,7 @@ # Build from git main %bcond upstream 0 -%global release_override 2 +%{!?release_override:%global release_override 2} Name: systemd Url: https://systemd.io From 8fe1f037d21c9d68d96728843f22e5036d769521 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 14 May 2024 20:53:33 +0200 Subject: [PATCH 286/494] Restore compatibility with F40 In systemd upstream CI, we only have the rawhide branch, because we import dist-git via git submodule. But we want to build systemd on F40 too from this branch, so conditionally ressurect the patch to make that work. This partially reverts 69d6e4469589ae42c044383cd0173572f64b20fb. [skip changelog] --- 26494.patch | 30 ++++++++++++++++++++++++++++++ systemd.spec | 13 +++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 26494.patch diff --git a/26494.patch b/26494.patch new file mode 100644 index 0000000..19bc67b --- /dev/null +++ b/26494.patch @@ -0,0 +1,30 @@ +From 6b25470ee28843a49c50442e9d8a98edc842ceca Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 20 Feb 2023 12:00:30 +0900 +Subject: [PATCH] core/manager: run generators directly when we are in initrd + +Some initrd system write files at ourside of /run, /etc, or other +allowed places. This is a kind of workaround, but in most cases, such +sandboxing is not necessary as the filesystem is on ramfs when we are in +initrd. + +Fixes #26488. +--- + src/core/manager.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 7b394794b0d4..306477c6e6c2 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -3822,8 +3822,8 @@ static int manager_run_generators(Manager *m) { + /* If we are the system manager, we fork and invoke the generators in a sanitized mount namespace. If + * we are the user manager, let's just execute the generators directly. We might not have the + * necessary privileges, and the system manager has already mounted /tmp/ and everything else for us. +- */ +- if (MANAGER_IS_USER(m)) { ++ * If we are in initrd, let's also execute the generators directly, as we are in ramfs. */ ++ if (MANAGER_IS_USER(m) || in_initrd()) { + r = manager_execute_generators(m, paths, /* remount_ro= */ false); + goto finish; + } diff --git a/systemd.spec b/systemd.spec index bfe692f..6a7d82d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -106,6 +106,13 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Reverts https://github.com/systemd/systemd/commit/5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. Patch0001: 0001-Revert-machined-add-varlink-interface-for-registerin.patch +%if 0%{?fedora} < 41 +# Work-around for dracut issue: run generators directly when we are in initrd +# https://bugzilla.redhat.com/show_bug.cgi?id=2164404 +# Drop when dracut-060 is available. +Patch0001: https://github.com/systemd/systemd/pull/26494.patch +%endif + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0490: use-bfq-scheduler.patch @@ -253,9 +260,15 @@ Conflicts: initscripts < 9.56.1 %if 0%{?fedora} Conflicts: fedora-release < 23-0.12 %endif + +%if 0%{?fedora} >= 41 # Make sure that dracut supports systemd-executor and the renames done for v255, # and dlopen libraries and read-only fs in initrd. Conflicts: dracut < 060-2 +%else +# Make sure that dracut supports systemd-executor and the renames done for v255. +Conflicts: dracut < 059-16 +%endif Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 From b64db848921a25832ef785ecc618370dd3d9bf09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 15 May 2024 10:51:15 +0200 Subject: [PATCH 287/494] Version 256~rc2 - Various small changes all over - A fix for rhbz#2273069 --- ...add-varlink-interface-for-registerin.patch | 229 +----------------- systemd.spec | 8 +- 2 files changed, 14 insertions(+), 223 deletions(-) diff --git a/0001-Revert-machined-add-varlink-interface-for-registerin.patch b/0001-Revert-machined-add-varlink-interface-for-registerin.patch index 7d833af..01946d6 100644 --- a/0001-Revert-machined-add-varlink-interface-for-registerin.patch +++ b/0001-Revert-machined-add-varlink-interface-for-registerin.patch @@ -1,4 +1,4 @@ -From a915f0937e7cf8cc7968a4cfb4a8880480a657a6 Mon Sep 17 00:00:00 2001 +From c93a24119977a11791aab0f3df5e5cb9973a34de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 11 May 2024 13:27:12 +0200 Subject: [PATCH] Revert "machined: add varlink interface for registering @@ -6,20 +6,16 @@ Subject: [PATCH] Revert "machined: add varlink interface for registering This reverts commit 5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. --- - man/systemd-machined.service.xml | 6 +- - src/machine/machine-varlink.c | 171 ------------------------ - src/machine/machine-varlink.h | 6 - - src/machine/machined-varlink.c | 62 +-------- - src/machine/machined.c | 5 +- - src/machine/machined.h | 3 +- - src/machine/meson.build | 1 - - src/shared/meson.build | 1 - - src/shared/varlink-io.systemd.Machine.c | 22 --- - src/shared/varlink-io.systemd.Machine.h | 6 - - 10 files changed, 8 insertions(+), 275 deletions(-) - delete mode 100644 src/machine/machine-varlink.c + man/systemd-machined.service.xml | 6 +-- + src/machine/machine-varlink.h | 6 --- + src/machine/machined-varlink.c | 62 ++----------------------- + src/machine/machined.c | 5 +- + src/machine/machined.h | 3 +- + src/machine/meson.build | 1 - + src/shared/meson.build | 1 - + src/shared/varlink-io.systemd.Machine.h | 6 --- + 8 files changed, 8 insertions(+), 82 deletions(-) delete mode 100644 src/machine/machine-varlink.h - delete mode 100644 src/shared/varlink-io.systemd.Machine.c delete mode 100644 src/shared/varlink-io.systemd.Machine.h diff --git a/man/systemd-machined.service.xml b/man/systemd-machined.service.xml @@ -41,183 +37,6 @@ index b2899ff0fd..f3d7755973 100644 For more information please consult sd-login3 and -diff --git a/src/machine/machine-varlink.c b/src/machine/machine-varlink.c -deleted file mode 100644 -index 377b3d3f0e..0000000000 ---- a/src/machine/machine-varlink.c -+++ /dev/null -@@ -1,171 +0,0 @@ --/* SPDX-License-Identifier: LGPL-2.1-or-later */ -- --#include -- --#include "sd-id128.h" -- --#include "hostname-util.h" --#include "json.h" --#include "machine-varlink.h" --#include "machine.h" --#include "path-util.h" --#include "pidref.h" --#include "process-util.h" --#include "socket-util.h" --#include "string-util.h" --#include "varlink.h" -- --static JSON_DISPATCH_ENUM_DEFINE(dispatch_machine_class, MachineClass, machine_class_from_string); -- --static int machine_name(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) { -- char **m = ASSERT_PTR(userdata); -- const char *hostname; -- int r; -- -- assert(variant); -- -- if (!json_variant_is_string(variant)) -- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name)); -- -- hostname = json_variant_string(variant); -- if (!hostname_is_valid(hostname, /* flags= */ 0)) -- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Invalid machine name"); -- -- r = free_and_strdup(m, hostname); -- if (r < 0) -- return json_log_oom(variant, flags); -- -- return 0; --} -- --static int machine_leader(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) { -- PidRef *leader = ASSERT_PTR(userdata); -- _cleanup_(pidref_done) PidRef temp = PIDREF_NULL; -- uint64_t k; -- int r; -- -- if (!json_variant_is_unsigned(variant)) -- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an integer.", strna(name)); -- -- k = json_variant_unsigned(variant); -- if (k > PID_T_MAX || !pid_is_valid(k)) -- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid PID.", strna(name)); -- -- if (k == 1) -- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid leader PID.", strna(name)); -- -- r = pidref_set_pid(&temp, k); -- if (r < 0) -- return json_log(variant, flags, r, "Failed to pin process " PID_FMT ": %m", leader->pid); -- -- pidref_done(leader); -- -- *leader = TAKE_PIDREF(temp); -- -- return 0; --} -- --static int machine_ifindices(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) { -- Machine *m = ASSERT_PTR(userdata); -- _cleanup_free_ int *netif = NULL; -- size_t n_netif, k = 0; -- -- assert(variant); -- -- if (!json_variant_is_array(variant)) -- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name)); -- -- n_netif = json_variant_elements(variant); -- -- netif = new(int, n_netif); -- if (!netif) -- return json_log_oom(variant, flags); -- -- JsonVariant *i; -- JSON_VARIANT_ARRAY_FOREACH(i, variant) { -- uint64_t b; -- -- if (!json_variant_is_unsigned(i)) -- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Element %zu of JSON field '%s' is not an unsigned integer.", k, strna(name)); -- -- b = json_variant_unsigned(i); -- if (b > INT_MAX || b <= 0) -- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Invalid network interface index %"PRIu64, b); -- -- netif[k++] = (int) b; -- } -- assert(k == n_netif); -- -- free_and_replace(m->netif, netif); -- m->n_netif = n_netif; -- -- return 0; --} -- --static int machine_cid(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) { -- unsigned cid, *c = ASSERT_PTR(userdata); -- -- assert(variant); -- -- if (!json_variant_is_unsigned(variant)) -- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name)); -- -- cid = json_variant_unsigned(variant); -- if (!VSOCK_CID_IS_REGULAR(cid)) -- return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a regular VSOCK CID.", strna(name)); -- -- *c = cid; -- -- return 0; --} -- --int vl_method_register(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) { -- Manager *manager = ASSERT_PTR(userdata); -- _cleanup_(machine_freep) Machine *machine = NULL; -- int r; -- -- static const JsonDispatch dispatch_table[] = { -- { "name", JSON_VARIANT_STRING, machine_name, offsetof(Machine, name), JSON_MANDATORY }, -- { "id", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(Machine, id), 0 }, -- { "service", JSON_VARIANT_STRING, json_dispatch_string, offsetof(Machine, service), 0 }, -- { "class", JSON_VARIANT_STRING, dispatch_machine_class, offsetof(Machine, class), JSON_MANDATORY }, -- { "leader", JSON_VARIANT_UNSIGNED, machine_leader, offsetof(Machine, leader), 0 }, -- { "rootDirectory", JSON_VARIANT_STRING, json_dispatch_absolute_path, offsetof(Machine, root_directory), 0 }, -- { "ifIndices", JSON_VARIANT_ARRAY, machine_ifindices, 0, 0 }, -- { "vsockCid", JSON_VARIANT_UNSIGNED, machine_cid, offsetof(Machine, vsock_cid), 0 }, -- { "sshAddress", JSON_VARIANT_STRING, json_dispatch_string, offsetof(Machine, ssh_address), JSON_SAFE }, -- { "sshPrivateKeyPath", JSON_VARIANT_STRING, json_dispatch_absolute_path, offsetof(Machine, ssh_private_key_path), 0 }, -- {} -- }; -- -- r = machine_new(_MACHINE_CLASS_INVALID, NULL, &machine); -- if (r < 0) -- return r; -- -- r = varlink_dispatch(link, parameters, dispatch_table, machine); -- if (r != 0) -- return r; -- -- if (!pidref_is_set(&machine->leader)) { -- r = varlink_get_peer_pidref(link, &machine->leader); -- if (r < 0) -- return r; -- } -- -- r = machine_link(manager, machine); -- if (r < 0) -- return r; -- -- r = cg_pidref_get_unit(&machine->leader, &machine->unit); -- if (r < 0) -- return r; -- -- r = machine_start(machine, NULL, NULL); -- if (r < 0) -- return r; -- -- /* the manager will free this machine */ -- TAKE_PTR(machine); -- -- return varlink_reply(link, NULL); --} diff --git a/src/machine/machine-varlink.h b/src/machine/machine-varlink.h deleted file mode 100644 index ce4ec54dc1..0000000000 @@ -384,34 +203,6 @@ index d01367a159..17313aefed 100644 'varlink-io.systemd.ManagedOOM.c', 'varlink-io.systemd.MountFileSystem.c', 'varlink-io.systemd.NamespaceResource.c', -diff --git a/src/shared/varlink-io.systemd.Machine.c b/src/shared/varlink-io.systemd.Machine.c -deleted file mode 100644 -index 936f01f366..0000000000 ---- a/src/shared/varlink-io.systemd.Machine.c -+++ /dev/null -@@ -1,22 +0,0 @@ --/* SPDX-License-Identifier: LGPL-2.1-or-later */ -- --#include "varlink-idl.h" --#include "varlink-io.systemd.Machine.h" -- --static VARLINK_DEFINE_METHOD( -- Register, -- VARLINK_DEFINE_INPUT(name, VARLINK_STRING, 0), -- VARLINK_DEFINE_INPUT(id, VARLINK_STRING, VARLINK_NULLABLE), -- VARLINK_DEFINE_INPUT(service, VARLINK_STRING, VARLINK_NULLABLE), -- VARLINK_DEFINE_INPUT(class, VARLINK_STRING, 0), -- VARLINK_DEFINE_INPUT(leader, VARLINK_INT, VARLINK_NULLABLE), -- VARLINK_DEFINE_INPUT(rootDirectory, VARLINK_STRING, VARLINK_NULLABLE), -- VARLINK_DEFINE_INPUT(ifIndices, VARLINK_INT, VARLINK_ARRAY|VARLINK_NULLABLE), -- VARLINK_DEFINE_INPUT(vsockCid, VARLINK_INT, VARLINK_NULLABLE), -- VARLINK_DEFINE_INPUT(sshAddress, VARLINK_STRING, VARLINK_NULLABLE), -- VARLINK_DEFINE_INPUT(sshPrivateKeyPath, VARLINK_STRING, VARLINK_NULLABLE)); -- --VARLINK_DEFINE_INTERFACE( -- io_systemd_Machine, -- "io.systemd.Machine", -- &vl_method_Register); diff --git a/src/shared/varlink-io.systemd.Machine.h b/src/shared/varlink-io.systemd.Machine.h deleted file mode 100644 index c9fc85f150..0000000000 diff --git a/systemd.spec b/systemd.spec index 6a7d82d..e9c2281 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,4 +1,4 @@ -%global commit 1781de18ab8ebc3e42a607851d8effb3b0355c87 +#global commit 1781de18ab8ebc3e42a607851d8effb3b0355c87 %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} # We ship a .pc file but don't want to have a dep on pkg-config. We @@ -32,13 +32,13 @@ # Build from git main %bcond upstream 0 -%{!?release_override:%global release_override 2} +%{!?release_override:%global release_override 1} Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256~rc1^20240509git%{shortcommit}} +Version: %{?version_override}%{!?version_override:256~rc2} Release: %{?release_override:%{release_override}%{?dist}}%{!?release_override:%autorelease} %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -110,7 +110,7 @@ Patch0001: 0001-Revert-machined-add-varlink-interface-for-registerin.patch # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 # Drop when dracut-060 is available. -Patch0001: https://github.com/systemd/systemd/pull/26494.patch +Patch0002: https://github.com/systemd/systemd/pull/26494.patch %endif # Those are downstream-only patches, but we don't want them in packit builds: From f706e12e058cc99a25c6778867d796a2bb0de818 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 15 May 2024 13:57:29 +0200 Subject: [PATCH 288/494] Upload sources [skip changelog] --- sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources b/sources index cd54bd0..713f573 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-1781de1.tar.gz) = caf850fe2b0a49b0808ed1767a0eb282136682ad52a815e422ddb69d8f9d0a40451ddc658815821fa1fa26cee8a0ab13e929457b71a0f15168c81e869ab884b9 +SHA512 (systemd-256-rc2.tar.gz) = 6db328bacb7b6b36e7cf11cc6e3a0136f1e0ea20bccb055f7524c130cc0ae5558f8a69eba2d3a50950e083f9928494c322c0a9daa4758dc2be1e09f2f05b233c From c72623872ad33b70e22b7de0756cad8bb1826137 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 23 May 2024 10:11:57 +0200 Subject: [PATCH 289/494] Version 256~rc3 The revert patch Patch0001 could be droppped, since the policy has been updated, but let's do that later separately. --- sources | 2 +- systemd.spec | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sources b/sources index 713f573..450d5cf 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256-rc2.tar.gz) = 6db328bacb7b6b36e7cf11cc6e3a0136f1e0ea20bccb055f7524c130cc0ae5558f8a69eba2d3a50950e083f9928494c322c0a9daa4758dc2be1e09f2f05b233c +SHA512 (systemd-256-rc3.tar.gz) = 0dce57bc6e4cefd59ad8f93e1e474f5a9de1857eac138fb6ca0735d2a7f8ebdea1469b8efe15b945be23281d8eddd321567d47b42a5145a86627587d34cc39c0 diff --git a/systemd.spec b/systemd.spec index e9c2281..dc9782c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -32,13 +32,13 @@ # Build from git main %bcond upstream 0 -%{!?release_override:%global release_override 1} +# %%{!?release_override:%%global release_override 1} Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256~rc2} +Version: %{?version_override}%{!?version_override:256~rc3} Release: %{?release_override:%{release_override}%{?dist}}%{!?release_override:%autorelease} %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From a94605b586d2d717f8f98a1278634e659041e0ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 29 May 2024 13:00:27 +0200 Subject: [PATCH 290/494] Add patch to work-around libbpf bug ... (rhbz#2280935) --- 0001-generator-setup-use-RET_GATHER.patch | 42 +++++++++++ ...e-stdio-array-of-safe_fork_full-wher.patch | 71 +++++++++++++++++++ ...ure-to-close-all-fds-for-invoked-gen.patch | 28 ++++++++ systemd.spec | 6 +- 4 files changed, 146 insertions(+), 1 deletion(-) create mode 100644 0001-generator-setup-use-RET_GATHER.patch create mode 100644 0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch create mode 100644 0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch diff --git a/0001-generator-setup-use-RET_GATHER.patch b/0001-generator-setup-use-RET_GATHER.patch new file mode 100644 index 0000000..220b210 --- /dev/null +++ b/0001-generator-setup-use-RET_GATHER.patch @@ -0,0 +1,42 @@ +From 89713133365b14634ed3f7e2812d4ddc17be0390 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 29 May 2024 11:45:50 +0200 +Subject: [PATCH 1/3] generator-setup: use RET_GATHER() + +--- + src/core/generator-setup.c | 12 +++--------- + 1 file changed, 3 insertions(+), 9 deletions(-) + +diff --git a/src/core/generator-setup.c b/src/core/generator-setup.c +index 00d6ad61fa..b16211e8f4 100644 +--- a/src/core/generator-setup.c ++++ b/src/core/generator-setup.c +@@ -8,7 +8,7 @@ + #include "rm-rf.h" + + int lookup_paths_mkdir_generator(LookupPaths *p) { +- int r, q; ++ int r; + + assert(p); + +@@ -16,14 +16,8 @@ int lookup_paths_mkdir_generator(LookupPaths *p) { + return -EINVAL; + + r = mkdir_p_label(p->generator, 0755); +- +- q = mkdir_p_label(p->generator_early, 0755); +- if (q < 0 && r >= 0) +- r = q; +- +- q = mkdir_p_label(p->generator_late, 0755); +- if (q < 0 && r >= 0) +- r = q; ++ RET_GATHER(r, mkdir_p_label(p->generator_early, 0755)); ++ RET_GATHER(r, mkdir_p_label(p->generator_late, 0755)); + + return r; + } +-- +2.45.0 + diff --git a/0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch b/0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch new file mode 100644 index 0000000..ae26e94 --- /dev/null +++ b/0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch @@ -0,0 +1,71 @@ +From 064e901cb34b1a3dddbbe98595a2731bb85c4424 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 29 May 2024 11:46:51 +0200 +Subject: [PATCH 2/3] exec-util: use the stdio array of safe_fork_full() where + appropriate + +--- + src/shared/exec-util.c | 28 ++++++++++++++++++---------- + 1 file changed, 18 insertions(+), 10 deletions(-) + +diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c +index 1c7b14d98d..dc0974572f 100644 +--- a/src/shared/exec-util.c ++++ b/src/shared/exec-util.c +@@ -36,27 +36,35 @@ + /* Put this test here for a lack of better place */ + assert_cc(EAGAIN == EWOULDBLOCK); + +-static int do_spawn(const char *path, char *argv[], int stdout_fd, pid_t *pid, bool set_systemd_exec_pid) { +- pid_t _pid; ++static int do_spawn( ++ const char *path, ++ char *argv[], ++ int stdout_fd, ++ pid_t *ret_pid, ++ bool set_systemd_exec_pid) { ++ + int r; + ++ assert(path); ++ assert(ret_pid); ++ + if (null_or_empty_path(path) > 0) { + log_debug("%s is empty (a mask).", path); + return 0; + } + +- r = safe_fork("(direxec)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE, &_pid); ++ pid_t pid; ++ r = safe_fork_full( ++ "(direxec)", ++ (const int[]) { STDIN_FILENO, stdout_fd < 0 ? STDOUT_FILENO : stdout_fd, STDERR_FILENO }, ++ /* except_fds= */ NULL, /* n_except_fds= */ 0, ++ FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO, ++ &pid); + if (r < 0) + return r; + if (r == 0) { + char *_argv[2]; + +- if (stdout_fd >= 0) { +- r = rearrange_stdio(STDIN_FILENO, TAKE_FD(stdout_fd), STDERR_FILENO); +- if (r < 0) +- _exit(EXIT_FAILURE); +- } +- + if (set_systemd_exec_pid) { + r = setenv_systemd_exec_pid(false); + if (r < 0) +@@ -75,7 +83,7 @@ static int do_spawn(const char *path, char *argv[], int stdout_fd, pid_t *pid, b + _exit(EXIT_FAILURE); + } + +- *pid = _pid; ++ *ret_pid = pid; + return 1; + } + +-- +2.45.0 + diff --git a/0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch b/0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch new file mode 100644 index 0000000..d2d95ac --- /dev/null +++ b/0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch @@ -0,0 +1,28 @@ +From 8263be4e65e565d8abb1d00f1c0e6ca9af44a4d1 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 29 May 2024 11:50:54 +0200 +Subject: [PATCH 3/3] exec-util: make sure to close all fds for invoked + generators + +We should really have set O_CLOEXEC for all our fds, but better be safe +than sorry. +--- + src/shared/exec-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c +index dc0974572f..ac1c150ab1 100644 +--- a/src/shared/exec-util.c ++++ b/src/shared/exec-util.c +@@ -58,7 +58,7 @@ static int do_spawn( + "(direxec)", + (const int[]) { STDIN_FILENO, stdout_fd < 0 ? STDOUT_FILENO : stdout_fd, STDERR_FILENO }, + /* except_fds= */ NULL, /* n_except_fds= */ 0, +- FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO, ++ FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO|FORK_CLOSE_ALL_FDS, + &pid); + if (r < 0) + return r; +-- +2.45.0 + diff --git a/systemd.spec b/systemd.spec index dc9782c..ba0c1d6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -106,11 +106,15 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Reverts https://github.com/systemd/systemd/commit/5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. Patch0001: 0001-Revert-machined-add-varlink-interface-for-registerin.patch +Patch0002: 0001-generator-setup-use-RET_GATHER.patch +Patch0003: 0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch +Patch0004: 0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch + %if 0%{?fedora} < 41 # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 # Drop when dracut-060 is available. -Patch0002: https://github.com/systemd/systemd/pull/26494.patch +Patch0010: https://github.com/systemd/systemd/pull/26494.patch %endif # Those are downstream-only patches, but we don't want them in packit builds: From 74810c5bc4fe7d872e54c253447ffd61bbc8839f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 29 May 2024 14:54:54 +0200 Subject: [PATCH 291/494] Fix release field [skip changelog] --- systemd.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index ba0c1d6..fc07235 100644 --- a/systemd.spec +++ b/systemd.spec @@ -32,14 +32,16 @@ # Build from git main %bcond upstream 0 -# %%{!?release_override:%%global release_override 1} +# Override %%autorelease. This is ugly, but rpmautospec doesn't implement +# autorelease correctly if the macro is conditionalized in the Release field. +%{?release_override:%global autorelease %{release_override}%{?dist}} Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. Version: %{?version_override}%{!?version_override:256~rc3} -Release: %{?release_override:%{release_override}%{?dist}}%{!?release_override:%autorelease} +Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From 1f94b56cee818068f57debfd78f035edd29f0e61 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Sun, 2 Jun 2024 10:07:04 -0700 Subject: [PATCH 292/494] Partially backport PR #33016 to fix crashes in KDE 6.3.0 --- ...e-use-correct-char-for-representing-.patch | 26 +++++ ...e-don-t-trigger-assertion-if-Working.patch | 100 ++++++++++++++++++ systemd.spec | 5 + 3 files changed, 131 insertions(+) create mode 100644 0001-core-dbus-execute-use-correct-char-for-representing-.patch create mode 100644 0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch diff --git a/0001-core-dbus-execute-use-correct-char-for-representing-.patch b/0001-core-dbus-execute-use-correct-char-for-representing-.patch new file mode 100644 index 0000000..005d49f --- /dev/null +++ b/0001-core-dbus-execute-use-correct-char-for-representing-.patch @@ -0,0 +1,26 @@ +From af87bdc6bc0d5b50af87ffd3b5cbd3e7c472dd42 Mon Sep 17 00:00:00 2001 +From: Mike Yuan +Date: Sun, 26 May 2024 00:49:09 +0800 +Subject: [PATCH 1/2] core/dbus-execute: use correct char for representing + WorkingDirectory=home + +--- + src/core/dbus-execute.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c +index e907aa67af..e55fb6ee16 100644 +--- a/src/core/dbus-execute.c ++++ b/src/core/dbus-execute.c +@@ -2755,7 +2755,7 @@ int bus_exec_context_set_transient_property( + c->working_directory_home = is_home; + c->working_directory_missing_ok = missing_ok; + +- unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "WorkingDirectory=%s%s", missing_ok ? "-" : "", c->working_directory_home ? "+" : ASSERT_PTR(c->working_directory)); ++ unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "WorkingDirectory=%s%s", missing_ok ? "-" : "", c->working_directory_home ? "~" : ASSERT_PTR(c->working_directory)); + } + + return 1; +-- +2.45.1 + diff --git a/0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch b/0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch new file mode 100644 index 0000000..fc4c89f --- /dev/null +++ b/0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch @@ -0,0 +1,100 @@ +From 6f8ef80bb3ba5d244a428aee200c168e809a0079 Mon Sep 17 00:00:00 2001 +From: Mike Yuan +Date: Sun, 26 May 2024 00:53:46 +0800 +Subject: [PATCH 2/2] core/dbus-execute: don't trigger assertion if + WorkingDirectory="" or "-" + +Follow-up for 14631951cea807de2d482a430841c604c2040718 + +Before this commit, if WorkingDirectory= is empty or literally "-", +'simplified' is not populated, resulting in the ASSERT_PTR +in unit_write_settingf() below getting triggered. + +Also, do not accept "-", so that the parser is consistent +with load-fragment.c + +Fixes #33015 +--- + src/core/dbus-execute.c | 49 ++++++++++++++++++++++------------------- + 1 file changed, 26 insertions(+), 23 deletions(-) + +diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c +index e55fb6ee16..21c260b26b 100644 +--- a/src/core/dbus-execute.c ++++ b/src/core/dbus-execute.c +@@ -2716,38 +2716,38 @@ int bus_exec_context_set_transient_property( + + } else if (streq(name, "WorkingDirectory")) { + _cleanup_free_ char *simplified = NULL; +- bool missing_ok, is_home; ++ bool missing_ok = false, is_home = false; + const char *s; + + r = sd_bus_message_read(message, "s", &s); + if (r < 0) + return r; + +- if (s[0] == '-') { +- missing_ok = true; +- s++; +- } else +- missing_ok = false; +- +- if (isempty(s)) +- is_home = false; +- else if (streq(s, "~")) +- is_home = true; +- else { +- if (!path_is_absolute(s)) +- return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "WorkingDirectory= expects an absolute path or '~'"); ++ if (!isempty(s)) { ++ if (s[0] == '-') { ++ missing_ok = true; ++ s++; ++ } + +- r = path_simplify_alloc(s, &simplified); +- if (r < 0) +- return r; ++ if (streq(s, "~")) ++ is_home = true; ++ else { ++ if (!path_is_absolute(s)) ++ return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, ++ "WorkingDirectory= expects an absolute path or '~'"); + +- if (!path_is_normalized(simplified)) +- return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "WorkingDirectory= expects a normalized path or '~'"); ++ r = path_simplify_alloc(s, &simplified); ++ if (r < 0) ++ return r; + +- if (path_below_api_vfs(simplified)) +- return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "WorkingDirectory= may not be below /proc/, /sys/ or /dev/."); ++ if (!path_is_normalized(simplified)) ++ return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, ++ "WorkingDirectory= expects a normalized path or '~'"); + +- is_home = false; ++ if (path_below_api_vfs(simplified)) ++ return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, ++ "WorkingDirectory= may not be below /proc/, /sys/ or /dev/"); ++ } + } + + if (!UNIT_WRITE_FLAGS_NOOP(flags)) { +@@ -2755,7 +2755,10 @@ int bus_exec_context_set_transient_property( + c->working_directory_home = is_home; + c->working_directory_missing_ok = missing_ok; + +- unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "WorkingDirectory=%s%s", missing_ok ? "-" : "", c->working_directory_home ? "~" : ASSERT_PTR(c->working_directory)); ++ unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, ++ "WorkingDirectory=%s%s", ++ c->working_directory_missing_ok ? "-" : "", ++ c->working_directory_home ? "~" : strempty(c->working_directory)); + } + + return 1; +-- +2.45.1 + diff --git a/systemd.spec b/systemd.spec index fc07235..6e056ae 100644 --- a/systemd.spec +++ b/systemd.spec @@ -112,6 +112,11 @@ Patch0002: 0001-generator-setup-use-RET_GATHER.patch Patch0003: 0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch Patch0004: 0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch +# Backport part of https://github.com/systemd/systemd/pull/33016 +# to fix a bug that causes crashes in KDE Frameworks 6.3.0 +Patch0005: 0001-core-dbus-execute-use-correct-char-for-representing-.patch +Patch0006: 0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch + %if 0%{?fedora} < 41 # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 From 69472997b91c457eb2e490e232592557baa76013 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 30 May 2024 13:16:53 +0200 Subject: [PATCH 293/494] Renumber sources and make order more consistent [skip changelog] --- systemd.spec | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/systemd.spec b/systemd.spec index 6e056ae..b0ce180 100644 --- a/systemd.spec +++ b/systemd.spec @@ -66,14 +66,14 @@ Source2: split-files.py Source3: purge-nobody-user # Prevent accidental removal of the systemd package -Source4: yum-protect-systemd.conf +Source5: yum-protect-systemd.conf -Source5: inittab -Source6: sysctl.conf.README -Source7: systemd-journal-remote.xml -Source8: systemd-journal-gatewayd.xml -Source9: 20-yama-ptrace.conf -Source10: systemd-udev-trigger-no-reload.conf +Source6: inittab +Source7: sysctl.conf.README +Source8: systemd-journal-remote.xml +Source9: systemd-journal-gatewayd.xml +Source10: 20-yama-ptrace.conf +Source11: systemd-udev-trigger-no-reload.conf # https://fedoraproject.org/wiki/How_to_filter_libabigail_reports Source13: .abignore @@ -821,11 +821,13 @@ touch %{buildroot}/etc/systemd/coredump.conf \ %{buildroot}/etc/udev/udev.conf \ %{buildroot}/etc/udev/iocost.conf +install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3} + # /etc/initab -install -Dm0644 -t %{buildroot}/etc/ %{SOURCE5} +install -Dm0644 -t %{buildroot}/etc/ %{SOURCE6} # /etc/sysctl.conf compat -install -Dm0644 %{SOURCE6} %{buildroot}/etc/sysctl.conf +install -Dm0644 %{SOURCE7} %{buildroot}/etc/sysctl.conf ln -s ../sysctl.conf %{buildroot}/etc/sysctl.d/99-sysctl.conf # Make sure these directories are properly owned @@ -878,21 +880,19 @@ touch %{buildroot}%{_localstatedir}/lib/systemd/timesync/clock touch %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload/state # Install yum protection fragment -install -Dm0644 %{SOURCE4} %{buildroot}/etc/dnf/protected.d/systemd.conf +install -Dm0644 %{SOURCE5} %{buildroot}/etc/dnf/protected.d/systemd.conf -install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE7} %{SOURCE8} +install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE8} %{SOURCE9} # Install additional docs # https://bugzilla.redhat.com/show_bug.cgi?id=1234951 -install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE9} +install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE10} # https://bugzilla.redhat.com/show_bug.cgi?id=1378974 -install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE10} +install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE11} install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/ %{SOURCE13} -install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3} - # systemd-oomd default configuration install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14} install -Dm0644 -t %{buildroot}%{system_unit_dir}/system.slice.d/ %{SOURCE15} From c56891fb68de56b9e40d26f2e5473aaaa8e24099 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 30 May 2024 13:21:44 +0200 Subject: [PATCH 294/494] Drop sysusers.d/basic.conf - We rely on setup to provide all necessary groups. --- systemd.spec | 13 +++++++++++++ test_sysusers_defined.py | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) create mode 100755 test_sysusers_defined.py diff --git a/systemd.spec b/systemd.spec index b0ce180..ff42fbb 100644 --- a/systemd.spec +++ b/systemd.spec @@ -64,6 +64,7 @@ Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/ Source1: triggers.systemd Source2: split-files.py Source3: purge-nobody-user +Source4: test_sysusers_defined.py # Prevent accidental removal of the systemd package Source5: yum-protect-systemd.conf @@ -271,6 +272,11 @@ Conflicts: initscripts < 9.56.1 %if 0%{?fedora} Conflicts: fedora-release < 23-0.12 %endif +%if 0%{?fedora} >= 41 +BuildRequires: setup >= 2.15.0-3 +BuildRequires: python3 +Conflicts: setup < 2.15.0-3 +%endif %if 0%{?fedora} >= 41 # Make sure that dracut supports systemd-executor and the renames done for v255, @@ -926,6 +932,13 @@ ln -s --relative %{buildroot}%{_bindir}/kernel-install %{buildroot}%{_sbindir}/i mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ %endif +%if 0%{?fedora} >= 41 +# This requires https://pagure.io/setup/pull-request/50 +# and https://src.fedoraproject.org/rpms/setup/pull-request/10. +%{python3} %{SOURCE4} /usr/lib/sysusers.d/20-setup-{users,groups}.conf %{buildroot}/usr/lib/sysusers.d/basic.conf +rm %{buildroot}/usr/lib/sysusers.d/basic.conf +%endif + %find_lang %{name} # Split files in build root into rpms diff --git a/test_sysusers_defined.py b/test_sysusers_defined.py new file mode 100755 index 0000000..2754578 --- /dev/null +++ b/test_sysusers_defined.py @@ -0,0 +1,34 @@ +#!/usr/bin/python + +import sys + +def parse_sysusers_file(filename): + users, groups = set(), set() + + for line in open(filename): + line = line.strip() + if not line or line.startswith('#'): + continue + words = line.split() + match words[0]: + case 'u': + users.add(words[1]) + case 'g': + groups.add(words[1]) + case 'm'|'r': + continue + case _: + assert False + return users, groups + +setup_users, setup_groups = parse_sysusers_file(sys.argv[1]) +setup_users2, setup_groups2 = parse_sysusers_file(sys.argv[2]) +setup_users |= setup_users2 +setup_groups |= setup_groups2 + +basic_users, basic_groups = parse_sysusers_file(sys.argv[3]) + +if d := basic_users - setup_users: + exit(f'We have new users: {d}') +if d := basic_groups - setup_groups: + exit(f'We have new groups: {d}') From 65d9b4979146fecbfb21f35ac7cfb3d01147d217 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 6 Jun 2024 21:53:54 +0200 Subject: [PATCH 295/494] Fix typo [skip changelog] --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index ff42fbb..2821ad2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -989,7 +989,7 @@ fi # FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558) -# This is the explanded form of %%systemd_user_daemon_reexec. We +# This is the expanded form of %%systemd_user_daemon_reexec. We # can't use the macro because we define it ourselves. if [ $1 -ge 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then # Package upgrade, not uninstall From 421f0041b3dc4bcf6dd611ebfab950da69ec946b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 6 Jun 2024 22:04:51 +0200 Subject: [PATCH 296/494] Version 256~rc4 --- ...add-varlink-interface-for-registerin.patch | 217 ------------------ ...e-use-correct-char-for-representing-.patch | 26 --- 0001-generator-setup-use-RET_GATHER.patch | 42 ---- ...e-don-t-trigger-assertion-if-Working.patch | 100 -------- ...e-stdio-array-of-safe_fork_full-wher.patch | 71 ------ ...ure-to-close-all-fds-for-invoked-gen.patch | 28 --- sources | 2 +- systemd.spec | 17 +- 8 files changed, 3 insertions(+), 500 deletions(-) delete mode 100644 0001-Revert-machined-add-varlink-interface-for-registerin.patch delete mode 100644 0001-core-dbus-execute-use-correct-char-for-representing-.patch delete mode 100644 0001-generator-setup-use-RET_GATHER.patch delete mode 100644 0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch delete mode 100644 0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch delete mode 100644 0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch diff --git a/0001-Revert-machined-add-varlink-interface-for-registerin.patch b/0001-Revert-machined-add-varlink-interface-for-registerin.patch deleted file mode 100644 index 01946d6..0000000 --- a/0001-Revert-machined-add-varlink-interface-for-registerin.patch +++ /dev/null @@ -1,217 +0,0 @@ -From c93a24119977a11791aab0f3df5e5cb9973a34de Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sat, 11 May 2024 13:27:12 +0200 -Subject: [PATCH] Revert "machined: add varlink interface for registering - machines" - -This reverts commit 5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. ---- - man/systemd-machined.service.xml | 6 +-- - src/machine/machine-varlink.h | 6 --- - src/machine/machined-varlink.c | 62 ++----------------------- - src/machine/machined.c | 5 +- - src/machine/machined.h | 3 +- - src/machine/meson.build | 1 - - src/shared/meson.build | 1 - - src/shared/varlink-io.systemd.Machine.h | 6 --- - 8 files changed, 8 insertions(+), 82 deletions(-) - delete mode 100644 src/machine/machine-varlink.h - delete mode 100644 src/shared/varlink-io.systemd.Machine.h - -diff --git a/man/systemd-machined.service.xml b/man/systemd-machined.service.xml -index b2899ff0fd..f3d7755973 100644 ---- a/man/systemd-machined.service.xml -+++ b/man/systemd-machined.service.xml -@@ -100,12 +100,10 @@ - - The daemon provides both a C library interface - (which is shared with systemd-logind.service8) -- as well as a D-Bus interface and a Varlink interface. -+ as well as a D-Bus interface. - The library interface may be used to introspect and watch the state of virtual machines/containers. - The bus interface provides the same but in addition may also be used to register or terminate -- machines. The Varlink interface may be used to register machines with optional extensions, e.g. with an -- SSH key / address; it can be queried with -- varlinkctl introspect /run/systemd/machine/io.systemd.Machine io.systemd.Machine. -+ machines. - For more information please consult - sd-login3 - and -diff --git a/src/machine/machine-varlink.h b/src/machine/machine-varlink.h -deleted file mode 100644 -index ce4ec54dc1..0000000000 ---- a/src/machine/machine-varlink.h -+++ /dev/null -@@ -1,6 +0,0 @@ --/* SPDX-License-Identifier: LGPL-2.1-or-later */ --#pragma once -- --#include "varlink.h" -- --int vl_method_register(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata); -diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c -index 0d3ae627c1..6ca98e27cf 100644 ---- a/src/machine/machined-varlink.c -+++ b/src/machine/machined-varlink.c -@@ -1,12 +1,10 @@ - /* SPDX-License-Identifier: LGPL-2.1-or-later */ - - #include "format-util.h" --#include "machine-varlink.h" - #include "machined-varlink.h" - #include "mkdir.h" - #include "user-util.h" - #include "varlink.h" --#include "varlink-io.systemd.Machine.h" - #include "varlink-io.systemd.UserDatabase.h" - - typedef struct LookupParameters { -@@ -380,13 +378,13 @@ static int vl_method_get_memberships(Varlink *link, JsonVariant *parameters, Var - return varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL); - } - --static int manager_varlink_init_userdb(Manager *m) { -+int manager_varlink_init(Manager *m) { - _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; - int r; - - assert(m); - -- if (m->varlink_userdb_server) -+ if (m->varlink_server) - return 0; - - r = varlink_server_new(&s, VARLINK_SERVER_ACCOUNT_UID|VARLINK_SERVER_INHERIT_USERDATA); -@@ -417,64 +415,12 @@ static int manager_varlink_init_userdb(Manager *m) { - if (r < 0) - return log_error_errno(r, "Failed to attach varlink connection to event loop: %m"); - -- m->varlink_userdb_server = TAKE_PTR(s); -- return 0; --} -- --static int manager_varlink_init_machine(Manager *m) { -- _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; -- int r; -- -- assert(m); -- -- if (m->varlink_machine_server) -- return 0; -- -- r = varlink_server_new(&s, VARLINK_SERVER_ROOT_ONLY|VARLINK_SERVER_INHERIT_USERDATA); -- if (r < 0) -- return log_error_errno(r, "Failed to allocate varlink server object: %m"); -- -- varlink_server_set_userdata(s, m); -- -- r = varlink_server_add_interface(s, &vl_interface_io_systemd_Machine); -- if (r < 0) -- return log_error_errno(r, "Failed to add UserDatabase interface to varlink server: %m"); -- -- r = varlink_server_bind_method(s, "io.systemd.Machine.Register", vl_method_register); -- if (r < 0) -- return log_error_errno(r, "Failed to register varlink methods: %m"); -- -- (void) mkdir_p("/run/systemd/machine", 0755); -- -- r = varlink_server_listen_address(s, "/run/systemd/machine/io.systemd.Machine", 0666); -- if (r < 0) -- return log_error_errno(r, "Failed to bind to varlink socket: %m"); -- -- r = varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); -- if (r < 0) -- return log_error_errno(r, "Failed to attach varlink connection to event loop: %m"); -- -- m->varlink_machine_server = TAKE_PTR(s); -- return 0; --} -- --int manager_varlink_init(Manager *m) { -- int r; -- -- r = manager_varlink_init_userdb(m); -- if (r < 0) -- return r; -- -- r = manager_varlink_init_machine(m); -- if (r < 0) -- return r; -- -+ m->varlink_server = TAKE_PTR(s); - return 0; - } - - void manager_varlink_done(Manager *m) { - assert(m); - -- m->varlink_userdb_server = varlink_server_unref(m->varlink_userdb_server); -- m->varlink_machine_server = varlink_server_unref(m->varlink_machine_server); -+ m->varlink_server = varlink_server_unref(m->varlink_server); - } -diff --git a/src/machine/machined.c b/src/machine/machined.c -index d7087e4672..2638ed572e 100644 ---- a/src/machine/machined.c -+++ b/src/machine/machined.c -@@ -316,10 +316,7 @@ static bool check_idle(void *userdata) { - if (m->operations) - return false; - -- if (varlink_server_current_connections(m->varlink_userdb_server) > 0) -- return false; -- -- if (varlink_server_current_connections(m->varlink_machine_server) > 0) -+ if (varlink_server_current_connections(m->varlink_server) > 0) - return false; - - manager_gc(m, true); -diff --git a/src/machine/machined.h b/src/machine/machined.h -index 67abed0fd6..280c32bab6 100644 ---- a/src/machine/machined.h -+++ b/src/machine/machined.h -@@ -40,8 +40,7 @@ struct Manager { - sd_event_source *nscd_cache_flush_event; - #endif - -- VarlinkServer *varlink_userdb_server; -- VarlinkServer *varlink_machine_server; -+ VarlinkServer *varlink_server; - }; - - int manager_add_machine(Manager *m, const char *name, Machine **_machine); -diff --git a/src/machine/meson.build b/src/machine/meson.build -index 3150b33de5..c82a32589d 100644 ---- a/src/machine/meson.build -+++ b/src/machine/meson.build -@@ -3,7 +3,6 @@ - libmachine_core_sources = files( - 'image-dbus.c', - 'machine-dbus.c', -- 'machine-varlink.c', - 'machine.c', - 'machined-core.c', - 'machined-dbus.c', -diff --git a/src/shared/meson.build b/src/shared/meson.build -index d01367a159..17313aefed 100644 ---- a/src/shared/meson.build -+++ b/src/shared/meson.build -@@ -180,7 +180,6 @@ shared_sources = files( - 'varlink-io.systemd.Credentials.c', - 'varlink-io.systemd.Hostname.c', - 'varlink-io.systemd.Journal.c', -- 'varlink-io.systemd.Machine.c', - 'varlink-io.systemd.ManagedOOM.c', - 'varlink-io.systemd.MountFileSystem.c', - 'varlink-io.systemd.NamespaceResource.c', -diff --git a/src/shared/varlink-io.systemd.Machine.h b/src/shared/varlink-io.systemd.Machine.h -deleted file mode 100644 -index c9fc85f150..0000000000 ---- a/src/shared/varlink-io.systemd.Machine.h -+++ /dev/null -@@ -1,6 +0,0 @@ --/* SPDX-License-Identifier: LGPL-2.1-or-later */ --#pragma once -- --#include "varlink-idl.h" -- --extern const VarlinkInterface vl_interface_io_systemd_Machine; diff --git a/0001-core-dbus-execute-use-correct-char-for-representing-.patch b/0001-core-dbus-execute-use-correct-char-for-representing-.patch deleted file mode 100644 index 005d49f..0000000 --- a/0001-core-dbus-execute-use-correct-char-for-representing-.patch +++ /dev/null @@ -1,26 +0,0 @@ -From af87bdc6bc0d5b50af87ffd3b5cbd3e7c472dd42 Mon Sep 17 00:00:00 2001 -From: Mike Yuan -Date: Sun, 26 May 2024 00:49:09 +0800 -Subject: [PATCH 1/2] core/dbus-execute: use correct char for representing - WorkingDirectory=home - ---- - src/core/dbus-execute.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c -index e907aa67af..e55fb6ee16 100644 ---- a/src/core/dbus-execute.c -+++ b/src/core/dbus-execute.c -@@ -2755,7 +2755,7 @@ int bus_exec_context_set_transient_property( - c->working_directory_home = is_home; - c->working_directory_missing_ok = missing_ok; - -- unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "WorkingDirectory=%s%s", missing_ok ? "-" : "", c->working_directory_home ? "+" : ASSERT_PTR(c->working_directory)); -+ unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "WorkingDirectory=%s%s", missing_ok ? "-" : "", c->working_directory_home ? "~" : ASSERT_PTR(c->working_directory)); - } - - return 1; --- -2.45.1 - diff --git a/0001-generator-setup-use-RET_GATHER.patch b/0001-generator-setup-use-RET_GATHER.patch deleted file mode 100644 index 220b210..0000000 --- a/0001-generator-setup-use-RET_GATHER.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 89713133365b14634ed3f7e2812d4ddc17be0390 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 29 May 2024 11:45:50 +0200 -Subject: [PATCH 1/3] generator-setup: use RET_GATHER() - ---- - src/core/generator-setup.c | 12 +++--------- - 1 file changed, 3 insertions(+), 9 deletions(-) - -diff --git a/src/core/generator-setup.c b/src/core/generator-setup.c -index 00d6ad61fa..b16211e8f4 100644 ---- a/src/core/generator-setup.c -+++ b/src/core/generator-setup.c -@@ -8,7 +8,7 @@ - #include "rm-rf.h" - - int lookup_paths_mkdir_generator(LookupPaths *p) { -- int r, q; -+ int r; - - assert(p); - -@@ -16,14 +16,8 @@ int lookup_paths_mkdir_generator(LookupPaths *p) { - return -EINVAL; - - r = mkdir_p_label(p->generator, 0755); -- -- q = mkdir_p_label(p->generator_early, 0755); -- if (q < 0 && r >= 0) -- r = q; -- -- q = mkdir_p_label(p->generator_late, 0755); -- if (q < 0 && r >= 0) -- r = q; -+ RET_GATHER(r, mkdir_p_label(p->generator_early, 0755)); -+ RET_GATHER(r, mkdir_p_label(p->generator_late, 0755)); - - return r; - } --- -2.45.0 - diff --git a/0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch b/0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch deleted file mode 100644 index fc4c89f..0000000 --- a/0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 6f8ef80bb3ba5d244a428aee200c168e809a0079 Mon Sep 17 00:00:00 2001 -From: Mike Yuan -Date: Sun, 26 May 2024 00:53:46 +0800 -Subject: [PATCH 2/2] core/dbus-execute: don't trigger assertion if - WorkingDirectory="" or "-" - -Follow-up for 14631951cea807de2d482a430841c604c2040718 - -Before this commit, if WorkingDirectory= is empty or literally "-", -'simplified' is not populated, resulting in the ASSERT_PTR -in unit_write_settingf() below getting triggered. - -Also, do not accept "-", so that the parser is consistent -with load-fragment.c - -Fixes #33015 ---- - src/core/dbus-execute.c | 49 ++++++++++++++++++++++------------------- - 1 file changed, 26 insertions(+), 23 deletions(-) - -diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c -index e55fb6ee16..21c260b26b 100644 ---- a/src/core/dbus-execute.c -+++ b/src/core/dbus-execute.c -@@ -2716,38 +2716,38 @@ int bus_exec_context_set_transient_property( - - } else if (streq(name, "WorkingDirectory")) { - _cleanup_free_ char *simplified = NULL; -- bool missing_ok, is_home; -+ bool missing_ok = false, is_home = false; - const char *s; - - r = sd_bus_message_read(message, "s", &s); - if (r < 0) - return r; - -- if (s[0] == '-') { -- missing_ok = true; -- s++; -- } else -- missing_ok = false; -- -- if (isempty(s)) -- is_home = false; -- else if (streq(s, "~")) -- is_home = true; -- else { -- if (!path_is_absolute(s)) -- return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "WorkingDirectory= expects an absolute path or '~'"); -+ if (!isempty(s)) { -+ if (s[0] == '-') { -+ missing_ok = true; -+ s++; -+ } - -- r = path_simplify_alloc(s, &simplified); -- if (r < 0) -- return r; -+ if (streq(s, "~")) -+ is_home = true; -+ else { -+ if (!path_is_absolute(s)) -+ return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, -+ "WorkingDirectory= expects an absolute path or '~'"); - -- if (!path_is_normalized(simplified)) -- return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "WorkingDirectory= expects a normalized path or '~'"); -+ r = path_simplify_alloc(s, &simplified); -+ if (r < 0) -+ return r; - -- if (path_below_api_vfs(simplified)) -- return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "WorkingDirectory= may not be below /proc/, /sys/ or /dev/."); -+ if (!path_is_normalized(simplified)) -+ return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, -+ "WorkingDirectory= expects a normalized path or '~'"); - -- is_home = false; -+ if (path_below_api_vfs(simplified)) -+ return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, -+ "WorkingDirectory= may not be below /proc/, /sys/ or /dev/"); -+ } - } - - if (!UNIT_WRITE_FLAGS_NOOP(flags)) { -@@ -2755,7 +2755,10 @@ int bus_exec_context_set_transient_property( - c->working_directory_home = is_home; - c->working_directory_missing_ok = missing_ok; - -- unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "WorkingDirectory=%s%s", missing_ok ? "-" : "", c->working_directory_home ? "~" : ASSERT_PTR(c->working_directory)); -+ unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, -+ "WorkingDirectory=%s%s", -+ c->working_directory_missing_ok ? "-" : "", -+ c->working_directory_home ? "~" : strempty(c->working_directory)); - } - - return 1; --- -2.45.1 - diff --git a/0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch b/0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch deleted file mode 100644 index ae26e94..0000000 --- a/0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 064e901cb34b1a3dddbbe98595a2731bb85c4424 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 29 May 2024 11:46:51 +0200 -Subject: [PATCH 2/3] exec-util: use the stdio array of safe_fork_full() where - appropriate - ---- - src/shared/exec-util.c | 28 ++++++++++++++++++---------- - 1 file changed, 18 insertions(+), 10 deletions(-) - -diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c -index 1c7b14d98d..dc0974572f 100644 ---- a/src/shared/exec-util.c -+++ b/src/shared/exec-util.c -@@ -36,27 +36,35 @@ - /* Put this test here for a lack of better place */ - assert_cc(EAGAIN == EWOULDBLOCK); - --static int do_spawn(const char *path, char *argv[], int stdout_fd, pid_t *pid, bool set_systemd_exec_pid) { -- pid_t _pid; -+static int do_spawn( -+ const char *path, -+ char *argv[], -+ int stdout_fd, -+ pid_t *ret_pid, -+ bool set_systemd_exec_pid) { -+ - int r; - -+ assert(path); -+ assert(ret_pid); -+ - if (null_or_empty_path(path) > 0) { - log_debug("%s is empty (a mask).", path); - return 0; - } - -- r = safe_fork("(direxec)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE, &_pid); -+ pid_t pid; -+ r = safe_fork_full( -+ "(direxec)", -+ (const int[]) { STDIN_FILENO, stdout_fd < 0 ? STDOUT_FILENO : stdout_fd, STDERR_FILENO }, -+ /* except_fds= */ NULL, /* n_except_fds= */ 0, -+ FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO, -+ &pid); - if (r < 0) - return r; - if (r == 0) { - char *_argv[2]; - -- if (stdout_fd >= 0) { -- r = rearrange_stdio(STDIN_FILENO, TAKE_FD(stdout_fd), STDERR_FILENO); -- if (r < 0) -- _exit(EXIT_FAILURE); -- } -- - if (set_systemd_exec_pid) { - r = setenv_systemd_exec_pid(false); - if (r < 0) -@@ -75,7 +83,7 @@ static int do_spawn(const char *path, char *argv[], int stdout_fd, pid_t *pid, b - _exit(EXIT_FAILURE); - } - -- *pid = _pid; -+ *ret_pid = pid; - return 1; - } - --- -2.45.0 - diff --git a/0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch b/0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch deleted file mode 100644 index d2d95ac..0000000 --- a/0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 8263be4e65e565d8abb1d00f1c0e6ca9af44a4d1 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 29 May 2024 11:50:54 +0200 -Subject: [PATCH 3/3] exec-util: make sure to close all fds for invoked - generators - -We should really have set O_CLOEXEC for all our fds, but better be safe -than sorry. ---- - src/shared/exec-util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c -index dc0974572f..ac1c150ab1 100644 ---- a/src/shared/exec-util.c -+++ b/src/shared/exec-util.c -@@ -58,7 +58,7 @@ static int do_spawn( - "(direxec)", - (const int[]) { STDIN_FILENO, stdout_fd < 0 ? STDOUT_FILENO : stdout_fd, STDERR_FILENO }, - /* except_fds= */ NULL, /* n_except_fds= */ 0, -- FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO, -+ FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO|FORK_CLOSE_ALL_FDS, - &pid); - if (r < 0) - return r; --- -2.45.0 - diff --git a/sources b/sources index 450d5cf..2f0f391 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256-rc3.tar.gz) = 0dce57bc6e4cefd59ad8f93e1e474f5a9de1857eac138fb6ca0735d2a7f8ebdea1469b8efe15b945be23281d8eddd321567d47b42a5145a86627587d34cc39c0 +SHA512 (systemd-256-rc4.tar.gz) = 0233c4d6c99027192312b38fff66258860570d3b09324c2748767b318697958383ecf5133bd187d52778671c286afd41eb7c83e755dffd4c12e46b16fc3f0d0d diff --git a/systemd.spec b/systemd.spec index 2821ad2..9c9a588 100644 --- a/systemd.spec +++ b/systemd.spec @@ -40,7 +40,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256~rc3} +Version: %{?version_override}%{!?version_override:256~rc4} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -103,20 +103,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # applying upstream pull requests. %if %{without upstream} -# Drop varlink method call until selinux policy is updated, -# see https://bodhi.fedoraproject.org/updates/FEDORA-2024-d5c99f5063, -# https://bugzilla.redhat.com/show_bug.cgi?id=2279923. -# Reverts https://github.com/systemd/systemd/commit/5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. -Patch0001: 0001-Revert-machined-add-varlink-interface-for-registerin.patch - -Patch0002: 0001-generator-setup-use-RET_GATHER.patch -Patch0003: 0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch -Patch0004: 0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch - -# Backport part of https://github.com/systemd/systemd/pull/33016 -# to fix a bug that causes crashes in KDE Frameworks 6.3.0 -Patch0005: 0001-core-dbus-execute-use-correct-char-for-representing-.patch -Patch0006: 0002-core-dbus-execute-don-t-trigger-assertion-if-Working.patch %if 0%{?fedora} < 41 # Work-around for dracut issue: run generators directly when we are in initrd @@ -276,6 +262,7 @@ Conflicts: fedora-release < 23-0.12 BuildRequires: setup >= 2.15.0-3 BuildRequires: python3 Conflicts: setup < 2.15.0-3 +Conflicts: selinux-policy-any < 41.1 %endif %if 0%{?fedora} >= 41 From b32641170ec138988700a915222e0220d901731f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 7 Jun 2024 17:03:20 +0200 Subject: [PATCH 297/494] Restore patch to drop varlink method call It still seems to fail in the CI. Maybe the selinux policy does not work as expected. --- ...add-varlink-interface-for-registerin.patch | 217 ++++++++++++++++++ systemd.spec | 5 + 2 files changed, 222 insertions(+) create mode 100644 0001-Revert-machined-add-varlink-interface-for-registerin.patch diff --git a/0001-Revert-machined-add-varlink-interface-for-registerin.patch b/0001-Revert-machined-add-varlink-interface-for-registerin.patch new file mode 100644 index 0000000..01946d6 --- /dev/null +++ b/0001-Revert-machined-add-varlink-interface-for-registerin.patch @@ -0,0 +1,217 @@ +From c93a24119977a11791aab0f3df5e5cb9973a34de Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sat, 11 May 2024 13:27:12 +0200 +Subject: [PATCH] Revert "machined: add varlink interface for registering + machines" + +This reverts commit 5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. +--- + man/systemd-machined.service.xml | 6 +-- + src/machine/machine-varlink.h | 6 --- + src/machine/machined-varlink.c | 62 ++----------------------- + src/machine/machined.c | 5 +- + src/machine/machined.h | 3 +- + src/machine/meson.build | 1 - + src/shared/meson.build | 1 - + src/shared/varlink-io.systemd.Machine.h | 6 --- + 8 files changed, 8 insertions(+), 82 deletions(-) + delete mode 100644 src/machine/machine-varlink.h + delete mode 100644 src/shared/varlink-io.systemd.Machine.h + +diff --git a/man/systemd-machined.service.xml b/man/systemd-machined.service.xml +index b2899ff0fd..f3d7755973 100644 +--- a/man/systemd-machined.service.xml ++++ b/man/systemd-machined.service.xml +@@ -100,12 +100,10 @@ + + The daemon provides both a C library interface + (which is shared with systemd-logind.service8) +- as well as a D-Bus interface and a Varlink interface. ++ as well as a D-Bus interface. + The library interface may be used to introspect and watch the state of virtual machines/containers. + The bus interface provides the same but in addition may also be used to register or terminate +- machines. The Varlink interface may be used to register machines with optional extensions, e.g. with an +- SSH key / address; it can be queried with +- varlinkctl introspect /run/systemd/machine/io.systemd.Machine io.systemd.Machine. ++ machines. + For more information please consult + sd-login3 + and +diff --git a/src/machine/machine-varlink.h b/src/machine/machine-varlink.h +deleted file mode 100644 +index ce4ec54dc1..0000000000 +--- a/src/machine/machine-varlink.h ++++ /dev/null +@@ -1,6 +0,0 @@ +-/* SPDX-License-Identifier: LGPL-2.1-or-later */ +-#pragma once +- +-#include "varlink.h" +- +-int vl_method_register(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata); +diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c +index 0d3ae627c1..6ca98e27cf 100644 +--- a/src/machine/machined-varlink.c ++++ b/src/machine/machined-varlink.c +@@ -1,12 +1,10 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + + #include "format-util.h" +-#include "machine-varlink.h" + #include "machined-varlink.h" + #include "mkdir.h" + #include "user-util.h" + #include "varlink.h" +-#include "varlink-io.systemd.Machine.h" + #include "varlink-io.systemd.UserDatabase.h" + + typedef struct LookupParameters { +@@ -380,13 +378,13 @@ static int vl_method_get_memberships(Varlink *link, JsonVariant *parameters, Var + return varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL); + } + +-static int manager_varlink_init_userdb(Manager *m) { ++int manager_varlink_init(Manager *m) { + _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; + int r; + + assert(m); + +- if (m->varlink_userdb_server) ++ if (m->varlink_server) + return 0; + + r = varlink_server_new(&s, VARLINK_SERVER_ACCOUNT_UID|VARLINK_SERVER_INHERIT_USERDATA); +@@ -417,64 +415,12 @@ static int manager_varlink_init_userdb(Manager *m) { + if (r < 0) + return log_error_errno(r, "Failed to attach varlink connection to event loop: %m"); + +- m->varlink_userdb_server = TAKE_PTR(s); +- return 0; +-} +- +-static int manager_varlink_init_machine(Manager *m) { +- _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; +- int r; +- +- assert(m); +- +- if (m->varlink_machine_server) +- return 0; +- +- r = varlink_server_new(&s, VARLINK_SERVER_ROOT_ONLY|VARLINK_SERVER_INHERIT_USERDATA); +- if (r < 0) +- return log_error_errno(r, "Failed to allocate varlink server object: %m"); +- +- varlink_server_set_userdata(s, m); +- +- r = varlink_server_add_interface(s, &vl_interface_io_systemd_Machine); +- if (r < 0) +- return log_error_errno(r, "Failed to add UserDatabase interface to varlink server: %m"); +- +- r = varlink_server_bind_method(s, "io.systemd.Machine.Register", vl_method_register); +- if (r < 0) +- return log_error_errno(r, "Failed to register varlink methods: %m"); +- +- (void) mkdir_p("/run/systemd/machine", 0755); +- +- r = varlink_server_listen_address(s, "/run/systemd/machine/io.systemd.Machine", 0666); +- if (r < 0) +- return log_error_errno(r, "Failed to bind to varlink socket: %m"); +- +- r = varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); +- if (r < 0) +- return log_error_errno(r, "Failed to attach varlink connection to event loop: %m"); +- +- m->varlink_machine_server = TAKE_PTR(s); +- return 0; +-} +- +-int manager_varlink_init(Manager *m) { +- int r; +- +- r = manager_varlink_init_userdb(m); +- if (r < 0) +- return r; +- +- r = manager_varlink_init_machine(m); +- if (r < 0) +- return r; +- ++ m->varlink_server = TAKE_PTR(s); + return 0; + } + + void manager_varlink_done(Manager *m) { + assert(m); + +- m->varlink_userdb_server = varlink_server_unref(m->varlink_userdb_server); +- m->varlink_machine_server = varlink_server_unref(m->varlink_machine_server); ++ m->varlink_server = varlink_server_unref(m->varlink_server); + } +diff --git a/src/machine/machined.c b/src/machine/machined.c +index d7087e4672..2638ed572e 100644 +--- a/src/machine/machined.c ++++ b/src/machine/machined.c +@@ -316,10 +316,7 @@ static bool check_idle(void *userdata) { + if (m->operations) + return false; + +- if (varlink_server_current_connections(m->varlink_userdb_server) > 0) +- return false; +- +- if (varlink_server_current_connections(m->varlink_machine_server) > 0) ++ if (varlink_server_current_connections(m->varlink_server) > 0) + return false; + + manager_gc(m, true); +diff --git a/src/machine/machined.h b/src/machine/machined.h +index 67abed0fd6..280c32bab6 100644 +--- a/src/machine/machined.h ++++ b/src/machine/machined.h +@@ -40,8 +40,7 @@ struct Manager { + sd_event_source *nscd_cache_flush_event; + #endif + +- VarlinkServer *varlink_userdb_server; +- VarlinkServer *varlink_machine_server; ++ VarlinkServer *varlink_server; + }; + + int manager_add_machine(Manager *m, const char *name, Machine **_machine); +diff --git a/src/machine/meson.build b/src/machine/meson.build +index 3150b33de5..c82a32589d 100644 +--- a/src/machine/meson.build ++++ b/src/machine/meson.build +@@ -3,7 +3,6 @@ + libmachine_core_sources = files( + 'image-dbus.c', + 'machine-dbus.c', +- 'machine-varlink.c', + 'machine.c', + 'machined-core.c', + 'machined-dbus.c', +diff --git a/src/shared/meson.build b/src/shared/meson.build +index d01367a159..17313aefed 100644 +--- a/src/shared/meson.build ++++ b/src/shared/meson.build +@@ -180,7 +180,6 @@ shared_sources = files( + 'varlink-io.systemd.Credentials.c', + 'varlink-io.systemd.Hostname.c', + 'varlink-io.systemd.Journal.c', +- 'varlink-io.systemd.Machine.c', + 'varlink-io.systemd.ManagedOOM.c', + 'varlink-io.systemd.MountFileSystem.c', + 'varlink-io.systemd.NamespaceResource.c', +diff --git a/src/shared/varlink-io.systemd.Machine.h b/src/shared/varlink-io.systemd.Machine.h +deleted file mode 100644 +index c9fc85f150..0000000000 +--- a/src/shared/varlink-io.systemd.Machine.h ++++ /dev/null +@@ -1,6 +0,0 @@ +-/* SPDX-License-Identifier: LGPL-2.1-or-later */ +-#pragma once +- +-#include "varlink-idl.h" +- +-extern const VarlinkInterface vl_interface_io_systemd_Machine; diff --git a/systemd.spec b/systemd.spec index 9c9a588..ff4ea6c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -103,6 +103,11 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # applying upstream pull requests. %if %{without upstream} +# Drop varlink method call until selinux policy is updated, +# see https://bodhi.fedoraproject.org/updates/FEDORA-2024-d5c99f5063, +# https://bugzilla.redhat.com/show_bug.cgi?id=2279923. +# Reverts https://github.com/systemd/systemd/commit/5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. +Patch0001: 0001-Revert-machined-add-varlink-interface-for-registerin.patch %if 0%{?fedora} < 41 # Work-around for dracut issue: run generators directly when we are in initrd From 1ae0516ae7111cab8415408a79f8691b7d5b6675 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 12 Jun 2024 00:08:45 +0200 Subject: [PATCH 298/494] Version 256 - Only minor changes since -rc4. - Hardward db is updated. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 2f0f391..bc2cd5b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256-rc4.tar.gz) = 0233c4d6c99027192312b38fff66258860570d3b09324c2748767b318697958383ecf5133bd187d52778671c286afd41eb7c83e755dffd4c12e46b16fc3f0d0d +SHA512 (systemd-256.tar.gz) = cfb2bff8d9937245e65581253bba9278533b76ae0f0275fdad59471d8c6089bba2bcd3f0655b34f4b8d7d82fa037c4e6fe18c2227e9f93d62494a2a6cb2db4ec diff --git a/systemd.spec b/systemd.spec index ff4ea6c..11121b4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -40,7 +40,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256~rc4} +Version: %{?version_override}%{!?version_override:256} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From ebf352d292924fd989d81e8ca572a70cffeb1b4e Mon Sep 17 00:00:00 2001 From: U2FsdGVkX1 Date: Sat, 15 Jun 2024 22:56:39 -0400 Subject: [PATCH 299/494] disable auto-features when bootstrapping --- systemd.spec | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/systemd.spec b/systemd.spec index 11121b4..7098829 100644 --- a/systemd.spec +++ b/systemd.spec @@ -32,6 +32,13 @@ # Build from git main %bcond upstream 0 +# When bootstrap, libcryptsetup is disabled +# but auto-features causes many options to be turned on +# that depend on libcryptsetup (e.g. libcryptsetup-plugins, homed) +%if %{with bootstrap} +%global __meson_auto_features disabled +%endif + # Override %%autorelease. This is ugly, but rpmautospec doesn't implement # autorelease correctly if the macro is conditionalized in the Release field. %{?release_override:%global autorelease %{release_override}%{?dist}} @@ -695,6 +702,7 @@ CONFIGURE_OPTS=( -Delfutils=enabled -Dlibcryptsetup=%[%{with bootstrap}?"disabled":"enabled"] -Delfutils=enabled + -Drepart=enabled -Dpwquality=enabled -Dqrencode=%[%{defined rhel}?"disabled":"enabled"] -Dgnutls=%[%{with gnutls}?"enabled":"disabled"] From 4a29ab3f3be4f20ac0b8248ab44b4c4d0bb5225b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 18 Jun 2024 21:00:59 +0200 Subject: [PATCH 300/494] Version 256.1 --- sources | 2 +- systemd.spec | 10 +++------- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/sources b/sources index bc2cd5b..6ceb957 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256.tar.gz) = cfb2bff8d9937245e65581253bba9278533b76ae0f0275fdad59471d8c6089bba2bcd3f0655b34f4b8d7d82fa037c4e6fe18c2227e9f93d62494a2a6cb2db4ec +SHA512 (systemd-256.1.tar.gz) = 5441f634f43b726c13fe57d1ba0030f1b91427d7c2d4f4f32e4add8ff93aeb5139e9337422653df3b897c241e0a8760dafcd441dc622d1e2c1230bbe27dd1a1c diff --git a/systemd.spec b/systemd.spec index 7098829..d33d46b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256} +Version: %{?version_override}%{!?version_override:256.1} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -58,14 +58,10 @@ Summary: System and Service Manager # download tarballs with "spectool -g systemd.spec" %if %{defined commit} -Source0: https://github.com/systemd/systemd%[%stable?"-stable":""]/archive/%{commit}/%{name}-%{shortcommit}.tar.gz -%else -%if 0%{?stable} -Source0: https://github.com/systemd/systemd-stable/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz +Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{shortcommit}.tar.gz %else Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %endif -%endif # This file must be available before %%prep. # It is generated during systemd build and can be found in build/src/core/. Source1: triggers.systemd @@ -661,7 +657,7 @@ other libraries from systemd-libs. This package conflicts with the main systemd package and is meant for use in exitrds. %prep -%autosetup -n %{?commit:%{name}%[%stable?"-stable":""]-%{commit}}%{!?commit:%{name}%[%stable?"-stable":""]-%{version_no_tilde}} -p1 +%autosetup -n %{?commit:%{name}-%{commit}}%{!?commit:%{name}-%{version_no_tilde}} -p1 %build %global ntpvendor %(source /etc/os-release; echo ${ID}) From b3e1d52cb4f69520fa5d2679d68549b7c24ecbca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 18 Jun 2024 20:34:21 +0200 Subject: [PATCH 301/494] Soft-disable tmpfiles --purge until a good use case comes up --- ...-tmpfiles-make-purge-hard-to-mis-use.patch | 63 +++++++++++++++++++ systemd.spec | 2 + 2 files changed, 65 insertions(+) create mode 100644 0001-tmpfiles-make-purge-hard-to-mis-use.patch diff --git a/0001-tmpfiles-make-purge-hard-to-mis-use.patch b/0001-tmpfiles-make-purge-hard-to-mis-use.patch new file mode 100644 index 0000000..87b5fa5 --- /dev/null +++ b/0001-tmpfiles-make-purge-hard-to-mis-use.patch @@ -0,0 +1,63 @@ +From f62d1f6ea55fc0dcccbe60582804c9b033f8ad0e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 18 Jun 2024 20:32:10 +0200 +Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use + +Follow-up for https://github.com/systemd/systemd/pull/33383. +--- + src/tmpfiles/tmpfiles.c | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c +index 5841db293e..9b0f744ba9 100644 +--- a/src/tmpfiles/tmpfiles.c ++++ b/src/tmpfiles/tmpfiles.c +@@ -4195,6 +4195,7 @@ static int parse_argv(int argc, char *argv[]) { + ARG_IMAGE_POLICY, + ARG_REPLACE, + ARG_DRY_RUN, ++ ARG_DESTROY_DATA, + ARG_NO_PAGER, + }; + +@@ -4218,10 +4219,18 @@ static int parse_argv(int argc, char *argv[]) { + { "replace", required_argument, NULL, ARG_REPLACE }, + { "dry-run", no_argument, NULL, ARG_DRY_RUN }, + { "no-pager", no_argument, NULL, ARG_NO_PAGER }, ++ ++ /* This is not documented on purpose. ++ * If you think --purge should be allowed without jumping through hoops, ++ * consider opening a bug report with the description of the use case. ++ */ ++ { "destroy-data", no_argument, NULL, ARG_DESTROY_DATA }, ++ + {} + }; + + int c, r; ++ bool destroy_data = false; + + assert(argc >= 0); + assert(argv); +@@ -4328,6 +4337,10 @@ static int parse_argv(int argc, char *argv[]) { + arg_dry_run = true; + break; + ++ case ARG_DESTROY_DATA: ++ destroy_data = true; ++ break; ++ + case ARG_NO_PAGER: + arg_pager_flags |= PAGER_DISABLE; + break; +@@ -4347,6 +4360,10 @@ static int parse_argv(int argc, char *argv[]) { + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Refusing --purge without specification of a configuration file."); + ++ if (FLAGS_SET(arg_operation, OPERATION_PURGE) && !arg_dry_run && !destroy_data) ++ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), ++ "Refusing --purge without --destroy-data."); ++ + if (arg_replace && arg_cat_flags != CAT_CONFIG_OFF) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Option --replace= is not supported with --cat-config/--tldr."); diff --git a/systemd.spec b/systemd.spec index d33d46b..1fdfc20 100644 --- a/systemd.spec +++ b/systemd.spec @@ -125,6 +125,8 @@ Patch0490: use-bfq-scheduler.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch +# Soft-disable tmpfiles --purge until a good use case comes up. +Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch %endif # Adjust upstream config to use our shared stack From a76669ee222fc4374f14f7e2a6e9a28c5ad87c0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 18 Jun 2024 20:36:14 +0200 Subject: [PATCH 302/494] Remove tmpfiles snippet for /home and /srv --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index 1fdfc20..eb527cc 100644 --- a/systemd.spec +++ b/systemd.spec @@ -937,6 +937,10 @@ mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ rm %{buildroot}/usr/lib/sysusers.d/basic.conf %endif +# /home and /srv are created by filesystem. +# Remove our config to avoid confusion where those are defined. +rm %{buildroot}/usr/lib/tmpfiles.d/home.conf + %find_lang %{name} # Split files in build root into rpms From 8153d9b0f978d633c8422011d4c547ae1f0e51a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 25 Jun 2024 10:29:02 +0200 Subject: [PATCH 303/494] Revert "Remove tmpfiles snippet for /home and /srv" This reverts commit a76669ee222fc4374f14f7e2a6e9a28c5ad87c0e. People create /usr-only images by making an installation and only picking up /usr from it. In that case, the snippet is needed to re-recreate /home on the rootfs. --- systemd.spec | 4 ---- 1 file changed, 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index eb527cc..1fdfc20 100644 --- a/systemd.spec +++ b/systemd.spec @@ -937,10 +937,6 @@ mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ rm %{buildroot}/usr/lib/sysusers.d/basic.conf %endif -# /home and /srv are created by filesystem. -# Remove our config to avoid confusion where those are defined. -rm %{buildroot}/usr/lib/tmpfiles.d/home.conf - %find_lang %{name} # Split files in build root into rpms From 750e910c7cfdac4d066c74ff00171706702943d2 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 1 Jul 2024 15:18:07 +0200 Subject: [PATCH 304/494] Drop BuildRequires on python3-zstd python3-zstd is only required by ukify and ukify already has a Requires dependency on python3-zstd so let's drop the BuildRequires. --- systemd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 1fdfc20..b5352c4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -212,7 +212,6 @@ BuildRequires: python3dist(pillow) BuildRequires: python3dist(pytest-flakes) %endif BuildRequires: python3dist(pytest) -BuildRequires: python3dist(zstd) %if 0%{?want_bootloader} BuildRequires: python3dist(pyelftools) %endif From 8ae009f929d93ef523242f15baa8e13a1526abeb Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 1 Jul 2024 15:18:47 +0200 Subject: [PATCH 305/494] Only add Requires on python3-zstd on Fedora python3-zstd is not packaged on for CentOS Stream. --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index b5352c4..209c85b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -478,7 +478,9 @@ Requires: %{name} = %{version}-%{release} Requires: systemd-boot Requires: python3dist(pefile) +%if %{undefined rhel} Requires: python3dist(zstd) +%endif Requires: python3dist(cryptography) Recommends: python3dist(pillow) From 9cbad936a67181f5eb6503d8ce081fdaf5adf410 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 2 Jul 2024 13:26:55 +0200 Subject: [PATCH 306/494] Pull in openssl-devel-engine --- systemd.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systemd.spec b/systemd.spec index 209c85b..681c95d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -176,6 +176,9 @@ BuildRequires: libcurl-devel BuildRequires: kmod-devel BuildRequires: elfutils-devel BuildRequires: openssl-devel +%if 0%{?fedora} >= 41 +BuildRequires: openssl-devel-engine +%endif %if %{with gnutls} BuildRequires: gnutls-devel %endif From f9fe17dbdee7242ccd4fd2858128c8952890bdb8 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 2 Jul 2024 13:01:47 +0200 Subject: [PATCH 307/494] Use vmlinux.h from kernel-devel Let's make sure we use the vmlinux.h from kernel-devel or none at all. This makes sure the systemd BPF programs are built against a known version of vmlinux.h and we don't depend on /sys being available to generate vmlinux.h ourselves. Use rpmdev-vercmp to select vmlinux.h from the latest kernel. --- systemd.spec | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/systemd.spec b/systemd.spec index 681c95d..2321d4a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -140,6 +140,7 @@ BuildRequires: gcc BuildRequires: gcc-c++ BuildRequires: clang BuildRequires: coreutils +BuildRequires: rpmdevtools BuildRequires: libcap-devel BuildRequires: libmount-devel BuildRequires: libfdisk-devel @@ -231,6 +232,7 @@ BuildRequires: valgrind-devel %ifnarch %ix86 # bpftool is not built for i368 BuildRequires: bpftool +BuildRequires: kernel-devel %global have_bpf 1 %endif @@ -669,6 +671,28 @@ package and is meant for use in exitrds. %global ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} +VMLINUX_H_PATH='' + +%if 0%{?have_bpf} + +%global find_vmlinux_h %{expand: +import functools, glob, subprocess +def cmp(a, b): + c = subprocess.call(["rpmdev-vercmp", a, b], stdout=subprocess.DEVNULL) + return {0:0, 11:+1, 12:-1}[c] +choices = list(glob.glob("/usr/src/kernels/*/vmlinux.h")) +assert choices +print(max(choices, key=functools.cmp_to_key(cmp))) +} + +# The build fails on ppc64le with +# "GCC error "Must specify a BPF target arch via __TARGET_ARCH_xxx". +# TODO: Remove this when libbpf checks for __powerpc64__ macro. +%ifnarch ppc64le +VMLINUX_H_PATH=$(%python3 -c '%find_vmlinux_h') +%endif +%endif + CONFIGURE_OPTS=( -Dmode=%[%{with upstream}?"developer":"release"] -Dsysvinit-path=/etc/rc.d/init.d @@ -686,6 +710,8 @@ CONFIGURE_OPTS=( -Dima=true -Dselinux=enabled -Dbpf-framework=%[0%{?have_bpf}?"enabled":"disabled"] + -Dvmlinux-h=%[0%{?have_bpf}?"auto":"disabled"] + -Dvmlinux-h-path="$VMLINUX_H_PATH" -Dapparmor=disabled -Dpolkit=enabled -Dxz=%[%{with xz}?"enabled":"disabled"] From 7db154308bafbdf6a0898ce94b19aeff1928ecaa Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 5 Jul 2024 11:09:10 +0200 Subject: [PATCH 308/494] Conditionalize dracut Conflicts more Make sure on centos stream 10 we also conflict with dracut 060-2 and that on centos stream 9 so that the spec can still be used to build systemd rpms for centos stream 9 upstream in systemd CI that can be installed on centos stream 9. (dracut is pulled in as a required dependency of kernel-core so we can't just not install it on centos stream 9 unfortunately). --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 2321d4a..4d7e826 100644 --- a/systemd.spec +++ b/systemd.spec @@ -279,11 +279,11 @@ Conflicts: setup < 2.15.0-3 Conflicts: selinux-policy-any < 41.1 %endif -%if 0%{?fedora} >= 41 +%if 0%{?fedora} >= 41 || 0%{?rhel} >= 10 # Make sure that dracut supports systemd-executor and the renames done for v255, # and dlopen libraries and read-only fs in initrd. Conflicts: dracut < 060-2 -%else +%elif 0%{?fedora} # Make sure that dracut supports systemd-executor and the renames done for v255. Conflicts: dracut < 059-16 %endif From 3f68c5d802f018d7c4e7153757420844249bccab Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 5 Jul 2024 15:26:40 +0200 Subject: [PATCH 309/494] Only exclude dracut conflicts on non-fedora on upstream builds For the CentOS Stream Hyperscale SIG we backport a newer version of dracut and still want the Conflicts to apply so let's conditionalize the check on the %upstream macro since we only need it for upstream builds anyway. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 4d7e826..a24a611 100644 --- a/systemd.spec +++ b/systemd.spec @@ -283,7 +283,7 @@ Conflicts: selinux-policy-any < 41.1 # Make sure that dracut supports systemd-executor and the renames done for v255, # and dlopen libraries and read-only fs in initrd. Conflicts: dracut < 060-2 -%elif 0%{?fedora} +%elif 0%{?fedora} || %{without upstream} # Make sure that dracut supports systemd-executor and the renames done for v255. Conflicts: dracut < 059-16 %endif From c96f54de2262ae36d579f8383c0a7ebc9f397be5 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Fri, 5 Jul 2024 18:00:39 -0400 Subject: [PATCH 310/494] Fix ELN build ELN, following rawhide, now also splits out the openssl-devel-engine headers in preparation for their eventual removal. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index a24a611..a1ae692 100644 --- a/systemd.spec +++ b/systemd.spec @@ -177,7 +177,7 @@ BuildRequires: libcurl-devel BuildRequires: kmod-devel BuildRequires: elfutils-devel BuildRequires: openssl-devel -%if 0%{?fedora} >= 41 +%if 0%{?fedora} >= 41 || 0%{?rhel} >= 11 BuildRequires: openssl-devel-engine %endif %if %{with gnutls} From 0319e62d9c1d0d121a9c1f1c4a946ef3c28df767 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Fri, 5 Jul 2024 18:56:02 -0400 Subject: [PATCH 311/494] Update dracut workaround Fedora 40 and RHEL 10 both now have dracut 101. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index a1ae692..0dc781e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -112,7 +112,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Reverts https://github.com/systemd/systemd/commit/5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. Patch0001: 0001-Revert-machined-add-varlink-interface-for-registerin.patch -%if 0%{?fedora} < 41 +%if ! (0%{?fedora} >= 40 || 0%{?rhel} >= 10) # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 # Drop when dracut-060 is available. From 1cc4f8300258a4c68c4036d08d53fd907d444e34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 3 Jul 2024 17:36:55 +0200 Subject: [PATCH 312/494] Link systemd-executor statically --- ...n-rename-libbasic-to-libbasic_static.patch | 176 ++++++++++++++++++ ...ystemd-core-via-an-intermediate-stat.patch | 59 ++++++ ...-to-build-systemd-executor-staticall.patch | 97 ++++++++++ systemd.spec | 5 + 4 files changed, 337 insertions(+) create mode 100644 0001-meson-rename-libbasic-to-libbasic_static.patch create mode 100644 0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch create mode 100644 0003-meson-add-option-to-build-systemd-executor-staticall.patch diff --git a/0001-meson-rename-libbasic-to-libbasic_static.patch b/0001-meson-rename-libbasic-to-libbasic_static.patch new file mode 100644 index 0000000..b1fdd9e --- /dev/null +++ b/0001-meson-rename-libbasic-to-libbasic_static.patch @@ -0,0 +1,176 @@ +From d5534ba7444f7733b55e56284eb27d16dc6a267d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 3 Jul 2024 16:51:05 +0200 +Subject: [PATCH 1/3] meson: rename libbasic to libbasic_static + +Our variables for internal libraries are named 'libfoo' for the shared lib +variant, and 'libfoo_static' for the static lib variant. The only exception was +libbasic, because we didn't have a shared variant for it. But let's rename it +for consitency. This makes the build config easier to understand. + +(cherry picked from commit 732ed8a84e8b264fccd3f5c0fc68ec2894b6d8ea) +--- + meson.build | 4 ++-- + src/basic/meson.build | 2 +- + src/libsystemd/meson.build | 2 +- + src/partition/meson.build | 2 +- + src/shared/meson.build | 2 +- + src/shutdown/meson.build | 2 +- + src/sysusers/meson.build | 2 +- + src/test/meson.build | 8 ++++---- + src/tmpfiles/meson.build | 2 +- + 9 files changed, 13 insertions(+), 13 deletions(-) + +diff --git a/meson.build b/meson.build +index e42151998b..18115cad5e 100644 +--- a/meson.build ++++ b/meson.build +@@ -2078,7 +2078,7 @@ libsystemd = shared_library( + # Make sure our library is never deleted from memory, so that our open logging fds don't leak on dlopen/dlclose cycles. + '-z', 'nodelete', + '-Wl,--version-script=' + libsystemd_sym_path], +- link_with : [libbasic], ++ link_with : [libbasic_static], + link_whole : [libsystemd_static], + dependencies : [librt, + threads, +@@ -2243,7 +2243,7 @@ nss_template = { + 'link_with' : [ + libsystemd_static, + libshared_static, +- libbasic, ++ libbasic_static, + ], + 'dependencies' : [ + librt, +diff --git a/src/basic/meson.build b/src/basic/meson.build +index 9a214575a5..b538775576 100644 +--- a/src/basic/meson.build ++++ b/src/basic/meson.build +@@ -274,7 +274,7 @@ filesystem_switch_case_h = custom_target( + + basic_sources += [filesystem_list_h, filesystem_switch_case_h, filesystems_gperf_h] + +-libbasic = static_library( ++libbasic_static = static_library( + 'basic', + basic_sources, + fundamental_sources, +diff --git a/src/libsystemd/meson.build b/src/libsystemd/meson.build +index 6d4337d1a7..243549299f 100644 +--- a/src/libsystemd/meson.build ++++ b/src/libsystemd/meson.build +@@ -118,7 +118,7 @@ libsystemd_static = static_library( + libsystemd_sources, + include_directories : libsystemd_includes, + c_args : libsystemd_c_args, +- link_with : [libbasic], ++ link_with : [libbasic_static], + dependencies : [threads, + librt, + userspace], +diff --git a/src/partition/meson.build b/src/partition/meson.build +index 52e1368116..2cfe43e029 100644 +--- a/src/partition/meson.build ++++ b/src/partition/meson.build +@@ -32,7 +32,7 @@ executables += [ + 'sources' : files('repart.c'), + 'c_args' : '-DSTANDALONE', + 'link_with' : [ +- libbasic, ++ libbasic_static, + libshared_fdisk, + libshared_static, + libsystemd_static, +diff --git a/src/shared/meson.build b/src/shared/meson.build +index c5106d87d5..e513c0ec1c 100644 +--- a/src/shared/meson.build ++++ b/src/shared/meson.build +@@ -358,7 +358,7 @@ libshared = shared_library( + '-Wl,--version-script=' + libshared_sym_path], + link_depends : libshared_sym_path, + link_whole : [libshared_static, +- libbasic, ++ libbasic_static, + libsystemd_static], + dependencies : [libshared_deps, + userspace], +diff --git a/src/shutdown/meson.build b/src/shutdown/meson.build +index 219f9fd308..9bc60f83e5 100644 +--- a/src/shutdown/meson.build ++++ b/src/shutdown/meson.build +@@ -20,7 +20,7 @@ executables += [ + 'sources' : systemd_shutdown_sources, + 'c_args' : '-DSTANDALONE', + 'link_with' : [ +- libbasic, ++ libbasic_static, + libshared_static, + libsystemd_static, + ], +diff --git a/src/sysusers/meson.build b/src/sysusers/meson.build +index 0f9c067d50..403d82a340 100644 +--- a/src/sysusers/meson.build ++++ b/src/sysusers/meson.build +@@ -14,7 +14,7 @@ executables += [ + 'sources' : files('sysusers.c'), + 'c_args' : '-DSTANDALONE', + 'link_with' : [ +- libbasic, ++ libbasic_static, + libshared_static, + libsystemd_static, + ], +diff --git a/src/test/meson.build b/src/test/meson.build +index 3abbb94d9f..9d3c7d675f 100644 +--- a/src/test/meson.build ++++ b/src/test/meson.build +@@ -274,7 +274,7 @@ executables += [ + # only static linking apart from libdl, to make sure that the + # module is linked to all libraries that it uses. + 'sources' : files('test-dlopen.c'), +- 'link_with' : libbasic, ++ 'link_with' : libbasic_static, + 'dependencies' : libdl, + 'install' : false, + 'type' : 'manual', +@@ -410,7 +410,7 @@ executables += [ + }, + test_template + { + 'sources' : files('test-sizeof.c'), +- 'link_with' : libbasic, ++ 'link_with' : libbasic_static, + }, + test_template + { + 'sources' : files('test-time-util.c'), +@@ -590,7 +590,7 @@ executables += [ + test_template + { + 'sources' : files('../libsystemd/sd-device/test-sd-device-thread.c'), + 'link_with' : [ +- libbasic, ++ libbasic_static, + libsystemd, + ], + 'dependencies' : threads, +@@ -598,7 +598,7 @@ executables += [ + test_template + { + 'sources' : files('../libudev/test-udev-device-thread.c'), + 'link_with' : [ +- libbasic, ++ libbasic_static, + libudev, + ], + 'dependencies' : threads, +diff --git a/src/tmpfiles/meson.build b/src/tmpfiles/meson.build +index 2e918509a7..09ad839586 100644 +--- a/src/tmpfiles/meson.build ++++ b/src/tmpfiles/meson.build +@@ -20,7 +20,7 @@ executables += [ + 'sources' : systemd_tmpfiles_sources, + 'c_args' : '-DSTANDALONE', + 'link_with' : [ +- libbasic, ++ libbasic_static, + libshared_static, + libsystemd_static, + ], diff --git a/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch b/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch new file mode 100644 index 0000000..1d27b04 --- /dev/null +++ b/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch @@ -0,0 +1,59 @@ +From 63178ad7e51dae8730158573318388ea8c3e488e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 3 Jul 2024 17:03:26 +0200 +Subject: [PATCH 2/3] meson: build libsystemd-core via an intermediate static + library + +By itself, this is not useful. I'm making this a separate commit to +make debugging easier. It turns out that meson does static libraries +using references, so the "static library" a tiny stub stub that refers +to the object files on disk and this has negligible cost: +$ ls -lhd build/src/core/libsystemd-core-257.{a,so} +-rw-r--r-- 1 zbyszek zbyszek 36K Jul 3 16:54 build/src/core/libsystemd-core-257.a +-rwxr-xr-x 1 zbyszek zbyszek 6.1M Jul 3 16:54 build/src/core/libsystemd-core-257.so + +(cherry picked from commit d0689ee5fbfafa736e6eca89bc80cb2d372f2229) +--- + src/core/meson.build | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/src/core/meson.build b/src/core/meson.build +index 7a2012a372..1ef31cc529 100644 +--- a/src/core/meson.build ++++ b/src/core/meson.build +@@ -110,17 +110,13 @@ load_fragment_gperf_nulstr_c = custom_target( + + libcore_name = 'systemd-core-@0@'.format(shared_lib_tag) + +-libcore = shared_library( ++libcore_static = static_library( + libcore_name, + libcore_sources, + load_fragment_gperf_c, + load_fragment_gperf_nulstr_c, + include_directories : includes, + c_args : ['-fvisibility=default'], +- link_args : ['-shared', +- '-Wl,--version-script=' + libshared_sym_path], +- link_depends : libshared_sym_path, +- link_with : libshared, + dependencies : [libacl, + libapparmor, + libaudit, +@@ -135,6 +131,16 @@ libcore = shared_library( + libselinux, + threads, + userspace], ++ build_by_default : false) ++ ++libcore = shared_library( ++ libcore_name, ++ c_args : ['-fvisibility=default'], ++ link_args : ['-shared', ++ '-Wl,--version-script=' + libshared_sym_path], ++ link_depends : libshared_sym_path, ++ link_whole: libcore_static, ++ link_with : libshared, + install : true, + install_dir : pkglibdir) + diff --git a/0003-meson-add-option-to-build-systemd-executor-staticall.patch b/0003-meson-add-option-to-build-systemd-executor-staticall.patch new file mode 100644 index 0000000..f942c59 --- /dev/null +++ b/0003-meson-add-option-to-build-systemd-executor-staticall.patch @@ -0,0 +1,97 @@ +From 66df80d8c37dce4b597dfa26e1050856a610cf7f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 3 Jul 2024 17:05:31 +0200 +Subject: [PATCH 3/3] meson: add option to build systemd-executor "statically" + +The new link-executor-shared option is similar to the existing +link-udev-shared: when set to false, we link to the static versions of our +internal libraries. + +The resulting exuctor binary is fairly large, about as large as libsystemd-core +(14 MB without lto, 8 with lto). + +This is intended as a workaround for the fuckup with the pinned executor +binary: +when an upgrade is performed, the package manager will install new version of +the libraries and new version of the code, and some time later reexecute the +managers. This creates a window when the pinned executor binary will fail to +execute. There are two factors which make the issue easier to hit: + +- when the distribution uses a finely-grained shared-lib-tag. E.g. Fedora + uses version-release as the tag, which means that the issue occurs on + every package upgrade. This is the right thing to do, because the + ABI of our internal libraries is not stable at all, so replacing the + library from a different version in place creates a window where our + programs may crash or misbehave. + +- when the distribution doesn't immediately reexec all the managers after + upgrade. In early versions of systemd, we used to hammer the machine during + upgrade, doing daemon-reexecs repeatedly. This works, but is ugly and + wasteful. Doing the reexecs while the upgrade is in progres also creates a + window where a mix of old and new configs or both is loaded. Users are + particularly annoyed by those reloads if there is some issue in the + configuration causing us to emit warnings on every reexec. Doing the + reexecs once after the new configuration and libraries have been put + in place is nicer. + +The pinning of the executor binary breaks upgrades and in particular +it penalizes the distributions which make use of the features which +were previously added to avoid bugs and inefficiency during upgrades. + +When the executor is linked statically, there is a smaller chance that it'll +fail to load libraries. The issue can still occur because other libraries, not +our own, are linked dynamically. + +(cherry picked from commit d59cae6cebd0fc25a16a020bd28e5303901f1b19) +--- + meson_options.txt | 2 ++ + src/core/meson.build | 16 ++++++++++++---- + 2 files changed, 14 insertions(+), 4 deletions(-) + +diff --git a/meson_options.txt b/meson_options.txt +index d52ca4e4b5..3cce818392 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -21,6 +21,8 @@ option('rootprefix', type : 'string', deprecated: true, + description : '''This option is deprecated and will be removed in a future release''') + option('link-udev-shared', type : 'boolean', + description : 'link systemd-udevd and its helpers to libsystemd-shared.so') ++option('link-executor-shared', type : 'boolean', ++ description : 'link systemd-executor to libsystemd-shared.so and libsystemd-core.so') + option('link-systemctl-shared', type: 'boolean', + description : 'link systemctl against libsystemd-shared.so') + option('link-networkd-shared', type: 'boolean', +diff --git a/src/core/meson.build b/src/core/meson.build +index 1ef31cc529..dbeb752977 100644 +--- a/src/core/meson.build ++++ b/src/core/meson.build +@@ -156,6 +156,17 @@ systemd_executor_sources = files( + 'exec-invoke.c', + ) + ++executor_libs = get_option('link-executor-shared') ? \ ++ [ ++ libcore, ++ libshared, ++ ] : [ ++ libcore_static, ++ libshared_static, ++ libbasic_static, ++ libsystemd_static, ++ ] ++ + executables += [ + libexec_template + { + 'name' : 'systemd', +@@ -173,10 +184,7 @@ executables += [ + 'public' : true, + 'sources' : systemd_executor_sources, + 'include_directories' : core_includes, +- 'link_with' : [ +- libcore, +- libshared, +- ], ++ 'link_with' : executor_libs, + 'dependencies' : [ + libapparmor, + libpam, diff --git a/systemd.spec b/systemd.spec index 0dc781e..2aba928 100644 --- a/systemd.spec +++ b/systemd.spec @@ -119,6 +119,10 @@ Patch0001: 0001-Revert-machined-add-varlink-interface-for-registerin.patch Patch0010: https://github.com/systemd/systemd/pull/26494.patch %endif +Patch0020: 0001-meson-rename-libbasic-to-libbasic_static.patch +Patch0021: 0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch +Patch0022: 0003-meson-add-option-to-build-systemd-executor-staticall.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0490: use-bfq-scheduler.patch @@ -761,6 +765,7 @@ CONFIGURE_OPTS=( -Dversion-tag=%{version}%[%{without upstream}?"-%{release}":""] # https://bugzilla.redhat.com/show_bug.cgi?id=1906010 -Dshared-lib-tag=%{version_no_tilde}%[%{without upstream}?"-%{release}":""] + -Dlink-executor-shared=false -Dfallback-hostname="localhost" -Ddefault-dnssec=no -Ddefault-dns-over-tls=no From 8881fa94ee53587426d8c7ea8acbea015cac01d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 8 Jul 2024 15:36:28 +0200 Subject: [PATCH 313/494] Version 256.2 - A bunch of various small fixes --- 0001-meson-rename-libbasic-to-libbasic_static.patch | 8 ++++---- ...n-build-libsystemd-core-via-an-intermediate-stat.patch | 2 +- ...n-add-option-to-build-systemd-executor-staticall.patch | 6 +++--- sources | 2 +- systemd.spec | 2 +- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/0001-meson-rename-libbasic-to-libbasic_static.patch b/0001-meson-rename-libbasic-to-libbasic_static.patch index b1fdd9e..8059d87 100644 --- a/0001-meson-rename-libbasic-to-libbasic_static.patch +++ b/0001-meson-rename-libbasic-to-libbasic_static.patch @@ -1,4 +1,4 @@ -From d5534ba7444f7733b55e56284eb27d16dc6a267d Mon Sep 17 00:00:00 2001 +From 8954e7ccc1f2005df221f50882f3253518c63159 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 3 Jul 2024 16:51:05 +0200 Subject: [PATCH 1/3] meson: rename libbasic to libbasic_static @@ -22,10 +22,10 @@ for consitency. This makes the build config easier to understand. 9 files changed, 13 insertions(+), 13 deletions(-) diff --git a/meson.build b/meson.build -index e42151998b..18115cad5e 100644 +index b1a110cbfc..58748a37a3 100644 --- a/meson.build +++ b/meson.build -@@ -2078,7 +2078,7 @@ libsystemd = shared_library( +@@ -2089,7 +2089,7 @@ libsystemd = shared_library( # Make sure our library is never deleted from memory, so that our open logging fds don't leak on dlopen/dlclose cycles. '-z', 'nodelete', '-Wl,--version-script=' + libsystemd_sym_path], @@ -34,7 +34,7 @@ index e42151998b..18115cad5e 100644 link_whole : [libsystemd_static], dependencies : [librt, threads, -@@ -2243,7 +2243,7 @@ nss_template = { +@@ -2254,7 +2254,7 @@ nss_template = { 'link_with' : [ libsystemd_static, libshared_static, diff --git a/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch b/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch index 1d27b04..c7423e9 100644 --- a/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch +++ b/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch @@ -1,4 +1,4 @@ -From 63178ad7e51dae8730158573318388ea8c3e488e Mon Sep 17 00:00:00 2001 +From 3b101982011d787c05d7708740e6eada560c62cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 3 Jul 2024 17:03:26 +0200 Subject: [PATCH 2/3] meson: build libsystemd-core via an intermediate static diff --git a/0003-meson-add-option-to-build-systemd-executor-staticall.patch b/0003-meson-add-option-to-build-systemd-executor-staticall.patch index f942c59..73a12b2 100644 --- a/0003-meson-add-option-to-build-systemd-executor-staticall.patch +++ b/0003-meson-add-option-to-build-systemd-executor-staticall.patch @@ -1,4 +1,4 @@ -From 66df80d8c37dce4b597dfa26e1050856a610cf7f Mon Sep 17 00:00:00 2001 +From 254338a838354d9d3e43efa14190ca1203ef3afe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 3 Jul 2024 17:05:31 +0200 Subject: [PATCH 3/3] meson: add option to build systemd-executor "statically" @@ -49,11 +49,11 @@ our own, are linked dynamically. 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/meson_options.txt b/meson_options.txt -index d52ca4e4b5..3cce818392 100644 +index 667340ca59..909e2d53e8 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -21,6 +21,8 @@ option('rootprefix', type : 'string', deprecated: true, - description : '''This option is deprecated and will be removed in a future release''') + description : 'This option is deprecated and will be removed in a future release') option('link-udev-shared', type : 'boolean', description : 'link systemd-udevd and its helpers to libsystemd-shared.so') +option('link-executor-shared', type : 'boolean', diff --git a/sources b/sources index 6ceb957..2e30e2f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256.1.tar.gz) = 5441f634f43b726c13fe57d1ba0030f1b91427d7c2d4f4f32e4add8ff93aeb5139e9337422653df3b897c241e0a8760dafcd441dc622d1e2c1230bbe27dd1a1c +SHA512 (systemd-256.2.tar.gz) = 10da82ee58d3608c41cb0204fdf0227af965b13b8f3716e4f5dea994c236c08a5e31f09ba0d3774cea20a365e1d959c8c865fdeacc82400da55e94ad800e75ba diff --git a/systemd.spec b/systemd.spec index 2aba928..47691ff 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256.1} +Version: %{?version_override}%{!?version_override:256.2} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From d569018a92da3fe91f3f604a93f444751f0e4a50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 9 Jul 2024 12:40:39 +0200 Subject: [PATCH 314/494] Rebuilt for the bin-sbin merge https://fedoraproject.org/wiki/Changes/Unify_bin_and_sbin From 980ede8c0f65965b272872001de5f85e9d741623 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 11 Jul 2024 13:05:04 +0200 Subject: [PATCH 315/494] Drop machined revert The selinux-policy was fixed (https://bugzilla.redhat.com/show_bug.cgi?id=2279923) so let's drop the revert. The minimum version for the selinux-policy Conflicts is updated to make sure it is installed. --- ...add-varlink-interface-for-registerin.patch | 217 ------------------ systemd.spec | 8 +- 2 files changed, 1 insertion(+), 224 deletions(-) delete mode 100644 0001-Revert-machined-add-varlink-interface-for-registerin.patch diff --git a/0001-Revert-machined-add-varlink-interface-for-registerin.patch b/0001-Revert-machined-add-varlink-interface-for-registerin.patch deleted file mode 100644 index 01946d6..0000000 --- a/0001-Revert-machined-add-varlink-interface-for-registerin.patch +++ /dev/null @@ -1,217 +0,0 @@ -From c93a24119977a11791aab0f3df5e5cb9973a34de Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sat, 11 May 2024 13:27:12 +0200 -Subject: [PATCH] Revert "machined: add varlink interface for registering - machines" - -This reverts commit 5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. ---- - man/systemd-machined.service.xml | 6 +-- - src/machine/machine-varlink.h | 6 --- - src/machine/machined-varlink.c | 62 ++----------------------- - src/machine/machined.c | 5 +- - src/machine/machined.h | 3 +- - src/machine/meson.build | 1 - - src/shared/meson.build | 1 - - src/shared/varlink-io.systemd.Machine.h | 6 --- - 8 files changed, 8 insertions(+), 82 deletions(-) - delete mode 100644 src/machine/machine-varlink.h - delete mode 100644 src/shared/varlink-io.systemd.Machine.h - -diff --git a/man/systemd-machined.service.xml b/man/systemd-machined.service.xml -index b2899ff0fd..f3d7755973 100644 ---- a/man/systemd-machined.service.xml -+++ b/man/systemd-machined.service.xml -@@ -100,12 +100,10 @@ - - The daemon provides both a C library interface - (which is shared with systemd-logind.service8) -- as well as a D-Bus interface and a Varlink interface. -+ as well as a D-Bus interface. - The library interface may be used to introspect and watch the state of virtual machines/containers. - The bus interface provides the same but in addition may also be used to register or terminate -- machines. The Varlink interface may be used to register machines with optional extensions, e.g. with an -- SSH key / address; it can be queried with -- varlinkctl introspect /run/systemd/machine/io.systemd.Machine io.systemd.Machine. -+ machines. - For more information please consult - sd-login3 - and -diff --git a/src/machine/machine-varlink.h b/src/machine/machine-varlink.h -deleted file mode 100644 -index ce4ec54dc1..0000000000 ---- a/src/machine/machine-varlink.h -+++ /dev/null -@@ -1,6 +0,0 @@ --/* SPDX-License-Identifier: LGPL-2.1-or-later */ --#pragma once -- --#include "varlink.h" -- --int vl_method_register(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata); -diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c -index 0d3ae627c1..6ca98e27cf 100644 ---- a/src/machine/machined-varlink.c -+++ b/src/machine/machined-varlink.c -@@ -1,12 +1,10 @@ - /* SPDX-License-Identifier: LGPL-2.1-or-later */ - - #include "format-util.h" --#include "machine-varlink.h" - #include "machined-varlink.h" - #include "mkdir.h" - #include "user-util.h" - #include "varlink.h" --#include "varlink-io.systemd.Machine.h" - #include "varlink-io.systemd.UserDatabase.h" - - typedef struct LookupParameters { -@@ -380,13 +378,13 @@ static int vl_method_get_memberships(Varlink *link, JsonVariant *parameters, Var - return varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL); - } - --static int manager_varlink_init_userdb(Manager *m) { -+int manager_varlink_init(Manager *m) { - _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; - int r; - - assert(m); - -- if (m->varlink_userdb_server) -+ if (m->varlink_server) - return 0; - - r = varlink_server_new(&s, VARLINK_SERVER_ACCOUNT_UID|VARLINK_SERVER_INHERIT_USERDATA); -@@ -417,64 +415,12 @@ static int manager_varlink_init_userdb(Manager *m) { - if (r < 0) - return log_error_errno(r, "Failed to attach varlink connection to event loop: %m"); - -- m->varlink_userdb_server = TAKE_PTR(s); -- return 0; --} -- --static int manager_varlink_init_machine(Manager *m) { -- _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; -- int r; -- -- assert(m); -- -- if (m->varlink_machine_server) -- return 0; -- -- r = varlink_server_new(&s, VARLINK_SERVER_ROOT_ONLY|VARLINK_SERVER_INHERIT_USERDATA); -- if (r < 0) -- return log_error_errno(r, "Failed to allocate varlink server object: %m"); -- -- varlink_server_set_userdata(s, m); -- -- r = varlink_server_add_interface(s, &vl_interface_io_systemd_Machine); -- if (r < 0) -- return log_error_errno(r, "Failed to add UserDatabase interface to varlink server: %m"); -- -- r = varlink_server_bind_method(s, "io.systemd.Machine.Register", vl_method_register); -- if (r < 0) -- return log_error_errno(r, "Failed to register varlink methods: %m"); -- -- (void) mkdir_p("/run/systemd/machine", 0755); -- -- r = varlink_server_listen_address(s, "/run/systemd/machine/io.systemd.Machine", 0666); -- if (r < 0) -- return log_error_errno(r, "Failed to bind to varlink socket: %m"); -- -- r = varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); -- if (r < 0) -- return log_error_errno(r, "Failed to attach varlink connection to event loop: %m"); -- -- m->varlink_machine_server = TAKE_PTR(s); -- return 0; --} -- --int manager_varlink_init(Manager *m) { -- int r; -- -- r = manager_varlink_init_userdb(m); -- if (r < 0) -- return r; -- -- r = manager_varlink_init_machine(m); -- if (r < 0) -- return r; -- -+ m->varlink_server = TAKE_PTR(s); - return 0; - } - - void manager_varlink_done(Manager *m) { - assert(m); - -- m->varlink_userdb_server = varlink_server_unref(m->varlink_userdb_server); -- m->varlink_machine_server = varlink_server_unref(m->varlink_machine_server); -+ m->varlink_server = varlink_server_unref(m->varlink_server); - } -diff --git a/src/machine/machined.c b/src/machine/machined.c -index d7087e4672..2638ed572e 100644 ---- a/src/machine/machined.c -+++ b/src/machine/machined.c -@@ -316,10 +316,7 @@ static bool check_idle(void *userdata) { - if (m->operations) - return false; - -- if (varlink_server_current_connections(m->varlink_userdb_server) > 0) -- return false; -- -- if (varlink_server_current_connections(m->varlink_machine_server) > 0) -+ if (varlink_server_current_connections(m->varlink_server) > 0) - return false; - - manager_gc(m, true); -diff --git a/src/machine/machined.h b/src/machine/machined.h -index 67abed0fd6..280c32bab6 100644 ---- a/src/machine/machined.h -+++ b/src/machine/machined.h -@@ -40,8 +40,7 @@ struct Manager { - sd_event_source *nscd_cache_flush_event; - #endif - -- VarlinkServer *varlink_userdb_server; -- VarlinkServer *varlink_machine_server; -+ VarlinkServer *varlink_server; - }; - - int manager_add_machine(Manager *m, const char *name, Machine **_machine); -diff --git a/src/machine/meson.build b/src/machine/meson.build -index 3150b33de5..c82a32589d 100644 ---- a/src/machine/meson.build -+++ b/src/machine/meson.build -@@ -3,7 +3,6 @@ - libmachine_core_sources = files( - 'image-dbus.c', - 'machine-dbus.c', -- 'machine-varlink.c', - 'machine.c', - 'machined-core.c', - 'machined-dbus.c', -diff --git a/src/shared/meson.build b/src/shared/meson.build -index d01367a159..17313aefed 100644 ---- a/src/shared/meson.build -+++ b/src/shared/meson.build -@@ -180,7 +180,6 @@ shared_sources = files( - 'varlink-io.systemd.Credentials.c', - 'varlink-io.systemd.Hostname.c', - 'varlink-io.systemd.Journal.c', -- 'varlink-io.systemd.Machine.c', - 'varlink-io.systemd.ManagedOOM.c', - 'varlink-io.systemd.MountFileSystem.c', - 'varlink-io.systemd.NamespaceResource.c', -diff --git a/src/shared/varlink-io.systemd.Machine.h b/src/shared/varlink-io.systemd.Machine.h -deleted file mode 100644 -index c9fc85f150..0000000000 ---- a/src/shared/varlink-io.systemd.Machine.h -+++ /dev/null -@@ -1,6 +0,0 @@ --/* SPDX-License-Identifier: LGPL-2.1-or-later */ --#pragma once -- --#include "varlink-idl.h" -- --extern const VarlinkInterface vl_interface_io_systemd_Machine; diff --git a/systemd.spec b/systemd.spec index 47691ff..a5a8ce7 100644 --- a/systemd.spec +++ b/systemd.spec @@ -106,12 +106,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # applying upstream pull requests. %if %{without upstream} -# Drop varlink method call until selinux policy is updated, -# see https://bodhi.fedoraproject.org/updates/FEDORA-2024-d5c99f5063, -# https://bugzilla.redhat.com/show_bug.cgi?id=2279923. -# Reverts https://github.com/systemd/systemd/commit/5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. -Patch0001: 0001-Revert-machined-add-varlink-interface-for-registerin.patch - %if ! (0%{?fedora} >= 40 || 0%{?rhel} >= 10) # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 @@ -280,7 +274,7 @@ Conflicts: fedora-release < 23-0.12 BuildRequires: setup >= 2.15.0-3 BuildRequires: python3 Conflicts: setup < 2.15.0-3 -Conflicts: selinux-policy-any < 41.1 +Conflicts: selinux-policy-any < 41.3 %endif %if 0%{?fedora} >= 41 || 0%{?rhel} >= 10 From a3524fc837f5e7b68f86b3e0a9d470a94a04c4c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 14 Jul 2024 11:28:29 +0200 Subject: [PATCH 316/494] Use a more precise Recommends for libkxbcommon The old one was the first one added, and referred to the package. The later ones refer to the soname. Let's convert that one to that too. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index a5a8ce7..a43c783 100644 --- a/systemd.spec +++ b/systemd.spec @@ -254,7 +254,6 @@ Requires: %{name}-libs%{_isa} = %{version}-%{release} %{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} Recommends: diffutils Requires: (util-linux-core or util-linux) -Recommends: libxkbcommon%{_isa} Provides: /bin/systemctl Provides: /sbin/shutdown Provides: syslog @@ -309,6 +308,7 @@ Provides: /usr/sbin/telinit %endif # Recommends to replace normal Requires deps for stuff that is dlopen()ed +Recommends: libxkbcommon.so.0%{?elf_suffix} Recommends: libidn2.so.0%{?elf_suffix} Recommends: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} Recommends: libpcre2-8.so.0%{?elf_suffix} From b7800e3e6629b14ae91743915d23c8681754f350 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 15 Jul 2024 11:33:37 +0200 Subject: [PATCH 317/494] Drop versions from Conflicts for standalone packages Because the conflicts are in one direction, dnf may try to install older systemd/systemd-duev and newer systemd-standalone-*. This is not what we want: $ sudo dnf5 install systemd-standalone-repart Updating and loading repositories: Repositories loaded. Package Arch Version Repository Size Downgrading: systemd x86_64 255.4-1.fc40 fedora 14.6 MiB replacing systemd x86_64 256.2-1.fc40 @commandline 16.8 MiB systemd-container x86_64 255.4-1.fc40 fedora 1.4 MiB replacing systemd-container x86_64 256.2-1.fc40 @commandline 1.5 MiB systemd-devel x86_64 255.4-1.fc40 fedora 550.3 KiB replacing systemd-devel x86_64 256.2-1.fc40 @commandline 556.1 KiB systemd-libs x86_64 255.4-1.fc40 fedora 1.9 MiB replacing systemd-libs x86_64 256.2-1.fc40 @commandline 2.0 MiB systemd-networkd x86_64 255.4-1.fc40 fedora 2.0 MiB replacing systemd-networkd x86_64 256.2-1.fc40 @commandline 2.1 MiB systemd-oomd-defaults noarch 255.4-1.fc40 fedora 187.0 B replacing systemd-oomd-defaults noarch 256.2-1.fc40 @commandline 187.0 B systemd-pam x86_64 255.4-1.fc40 fedora 1.0 MiB replacing systemd-pam x86_64 256.2-1.fc40 @commandline 1.1 MiB systemd-resolved x86_64 255.4-1.fc40 fedora 629.9 KiB replacing systemd-resolved x86_64 256.2-1.fc40 @commandline 667.1 KiB systemd-rpm-macros noarch 255.4-1.fc40 fedora 9.5 KiB replacing systemd-rpm-macros noarch 256.2-1.fc40 @commandline 9.3 KiB systemd-tests x86_64 255.4-1.fc40 fedora 16.5 MiB replacing systemd-tests x86_64 256.2-1.fc40 @commandline 20.0 MiB systemd-udev x86_64 255.4-1.fc40 fedora 11.5 MiB replacing systemd-udev x86_64 256.2-1.fc40 @commandline 11.7 MiB systemd-ukify noarch 255.4-1.fc40 fedora 69.9 KiB replacing systemd-ukify noarch 256.2-1.fc40 @commandline 73.3 KiB Installing: systemd-standalone-repart x86_64 255.8-1.fc40 updates 986.6 KiB Transaction Summary: Installing: 1 packages Replacing: 12 packages Downgrading: 12 packages Also, declare the Conflicts on both sides, so that the issue is resolved immediately. Otherwise, it could still occur when an older version of the non-standalone packages are available (or installed). --- systemd.spec | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index a43c783..44a0f16 100644 --- a/systemd.spec +++ b/systemd.spec @@ -287,11 +287,11 @@ Conflicts: dracut < 059-16 Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 -Conflicts: %{name}-standalone-tmpfiles < %{version}-%{release}^ +Conflicts: %{name}-standalone-tmpfiles Provides: %{name}-tmpfiles = %{version}-%{release} -Conflicts: %{name}-standalone-sysusers < %{version}-%{release}^ +Conflicts: %{name}-standalone-sysusers Provides: %{name}-sysusers = %{version}-%{release} -Conflicts: %{name}-standalone-shutdown < %{version}-%{release}^ +Conflicts: %{name}-standalone-shutdown Provides: %{name}-shutdown = %{version}-%{release} %if "%{_sbindir}" == "%{_bindir}" @@ -454,7 +454,7 @@ Obsoletes: u2f-hidraw-policy < 1.0.2-40 # self-obsoletes to install both packages after split of systemd-boot Obsoletes: systemd-udev < 252.2^ -Conflicts: %{name}-standalone-repart < %{version}-%{release}^ +Conflicts: %{name}-standalone-repart Provides: %{name}-repart = %{version}-%{release} %if "%{_sbindir}" == "%{_bindir}" @@ -625,6 +625,7 @@ useful to test systemd internals. %package standalone-repart Summary: Standalone systemd-repart binary for use on systems without systemd Provides: %{name}-repart = %{version}-%{release} +Conflicts: %{name}-udev RemovePathPostfixes: .standalone %description standalone-repart @@ -635,6 +636,7 @@ package and is meant for use on systems without systemd. %package standalone-tmpfiles Summary: Standalone systemd-tmpfiles binary for use on systems without systemd Provides: %{name}-tmpfiles = %{version}-%{release} +Conflicts: %{name} RemovePathPostfixes: .standalone %description standalone-tmpfiles @@ -645,6 +647,7 @@ package and is meant for use on systems without systemd. %package standalone-sysusers Summary: Standalone systemd-sysusers binary for use on systems without systemd Provides: %{name}-sysusers = %{version}-%{release} +Conflicts: %{name} RemovePathPostfixes: .standalone %description standalone-sysusers @@ -655,6 +658,7 @@ package and is meant for use on systems without systemd. %package standalone-shutdown Summary: Standalone systemd-shutdown binary for use on systems without systemd Provides: %{name}-shutdown = %{version}-%{release} +Conflicts: %{name} RemovePathPostfixes: .standalone %description standalone-shutdown From 3889da947eefa17777535e7f6b29e61776b2896c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 15 Jul 2024 11:56:59 +0200 Subject: [PATCH 318/494] In standalone subpackages, suggest coreutils-single In a minimal installation, we pull in coreutils via dependencies. coreutils-single is much smaller, so bias the resolved towards that. $ sudo dnf5 install --releasever=rawhide --installroot=/var/tmp/inst1 --use-host-config \ /var/lib/mock/fedora-rawhide-x86_64/result/systemd-standalone-{repart,shutdown,sysusers,tmpfiles}-256.2-5*rpm After this operation 57 MiB will be used (install 57 MiB, remove 0 B). $ sudo dnf5 install --releasever=rawhide --installroot=/var/tmp/inst1 --use-host-config \ /var/lib/mock/fedora-rawhide-x86_64/result/systemd-standalone-{repart,shutdown,sysusers,tmpfiles}-256.2-6*rpm After this operation 41 MiB will be used (install 41 MiB, remove 0 B). --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index 44a0f16..8ce14eb 100644 --- a/systemd.spec +++ b/systemd.spec @@ -626,6 +626,7 @@ useful to test systemd internals. Summary: Standalone systemd-repart binary for use on systems without systemd Provides: %{name}-repart = %{version}-%{release} Conflicts: %{name}-udev +Suggests: coreutils-single RemovePathPostfixes: .standalone %description standalone-repart @@ -637,6 +638,7 @@ package and is meant for use on systems without systemd. Summary: Standalone systemd-tmpfiles binary for use on systems without systemd Provides: %{name}-tmpfiles = %{version}-%{release} Conflicts: %{name} +Suggests: coreutils-single RemovePathPostfixes: .standalone %description standalone-tmpfiles @@ -648,6 +650,7 @@ package and is meant for use on systems without systemd. Summary: Standalone systemd-sysusers binary for use on systems without systemd Provides: %{name}-sysusers = %{version}-%{release} Conflicts: %{name} +Suggests: coreutils-single RemovePathPostfixes: .standalone %description standalone-sysusers @@ -659,6 +662,7 @@ package and is meant for use on systems without systemd. Summary: Standalone systemd-shutdown binary for use on systems without systemd Provides: %{name}-shutdown = %{version}-%{release} Conflicts: %{name} +Suggests: coreutils-single RemovePathPostfixes: .standalone %description standalone-shutdown From cb9d631ca058450733fb5eea60a866a85b968c34 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 16 Jul 2024 18:17:54 +0200 Subject: [PATCH 319/494] Update PR patch metadata The PR was recently rebased so let's include the newest patch metadata in the repo. --- 30846.patch | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/30846.patch b/30846.patch index f135830..ca9cffb 100644 --- a/30846.patch +++ b/30846.patch @@ -1,4 +1,4 @@ -From ca1344d04a9c1804234417dcfbd868524abc7ce6 Mon Sep 17 00:00:00 2001 +From 9e3d6b193d79ce447cd329617ada941f331570a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 9 Jan 2024 11:28:04 +0100 Subject: [PATCH] journal: again create user journals for users with high uids @@ -43,7 +43,7 @@ Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843. 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/basic/uid-classification.c b/src/basic/uid-classification.c -index e2d2cebc6d..2c8b06c0d3 100644 +index e2d2cebc6de27..2c8b06c0d3088 100644 --- a/src/basic/uid-classification.c +++ b/src/basic/uid-classification.c @@ -127,5 +127,5 @@ bool uid_for_system_journal(uid_t uid) { From 60844538070a76169181dcda4325901439d32b72 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 16 Jul 2024 18:18:36 +0200 Subject: [PATCH 320/494] Add support for building from a specific branch For our nightly systemd build for the CentOS Hyperscale build it would be very useful to download sources straight from git main on github so let's allow defining the "branch" macro to do just that. --- systemd.spec | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 8ce14eb..191a7f6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -57,7 +57,9 @@ License: LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later Summary: System and Service Manager # download tarballs with "spectool -g systemd.spec" -%if %{defined commit} +%if %{defined branch} +Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz +%elif %{defined commit} Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{shortcommit}.tar.gz %else Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz @@ -671,7 +673,13 @@ other libraries from systemd-libs. This package conflicts with the main systemd package and is meant for use in exitrds. %prep -%autosetup -n %{?commit:%{name}-%{commit}}%{!?commit:%{name}-%{version_no_tilde}} -p1 +%if %{defined branch} +%autosetup -n %{name}-%{branch} -p1 +%elif %{defined commit} +%autosetup -n %{name}-%{commit} -p1 +%else +%autosetup -n %{name}-%{version_no_tilde} -p1 +%endif %build %global ntpvendor %(source /etc/os-release; echo ${ID}) From 8d080fb5cbcb2e081dbe5e571506a8540ad1eeb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 17 Jul 2024 11:49:37 +0200 Subject: [PATCH 321/494] Backport udma buffer access patch ... (rhbz#2298422) --- 33738.patch | 37 +++++++++++++++++++++++++++++++++++++ systemd.spec | 3 +++ 2 files changed, 40 insertions(+) create mode 100644 33738.patch diff --git a/33738.patch b/33738.patch new file mode 100644 index 0000000..58ab604 --- /dev/null +++ b/33738.patch @@ -0,0 +1,37 @@ +From 69c5d6bea7cc2168a2a483d232aa9a77202173f0 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Tue, 16 Jul 2024 17:46:09 +0200 +Subject: [PATCH] rules: Add uaccess tag to /dev/udmabuf + +In some cases userspace may need to create dmabuffers from userspace +on such example is the software ISP part of libcamera which needs to +allocate dma-buffers for the output of the software ISP. + +At first the plan was to allow console users access to /dev/dma_heap/*, +this was discussed with various kernel folks here: +https://lore.kernel.org/all/bb372250-e8b8-4458-bc99-dd8365b06991@redhat.com/ + +Giving console users access to the dma_heap's was deemed a bad idea +because memory allocated this way is not accounted in cgroup limits. + +Giving access to /dev/udmabuf OTOH was deemed acceptable so that +is what this patch adds. + +Resolves: #32662 +--- + rules.d/70-uaccess.rules.in | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/rules.d/70-uaccess.rules.in b/rules.d/70-uaccess.rules.in +index b82ce04a39d38..e683bb1114461 100644 +--- a/rules.d/70-uaccess.rules.in ++++ b/rules.d/70-uaccess.rules.in +@@ -34,6 +34,8 @@ SUBSYSTEM=="sound", TAG+="uaccess", \ + SUBSYSTEM=="video4linux", TAG+="uaccess" + SUBSYSTEM=="dvb", TAG+="uaccess" + SUBSYSTEM=="media", TAG+="uaccess" ++# libcamera software ISP used with some cams requires udmabuf access ++KERNEL=="udmabuf", TAG+="uaccess" + + # industrial cameras, some webcams, camcorders, set-top boxes, TV sets, audio devices, and more + SUBSYSTEM=="firewire", TEST=="units", ENV{IEEE1394_UNIT_FUNCTION_MIDI}=="1", TAG+="uaccess" diff --git a/systemd.spec b/systemd.spec index 191a7f6..2cda531 100644 --- a/systemd.spec +++ b/systemd.spec @@ -115,6 +115,9 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ Patch0010: https://github.com/systemd/systemd/pull/26494.patch %endif +# Requested in https://bugzilla.redhat.com/show_bug.cgi?id=2298422 +Patch0011: https://github.com/systemd/systemd/pull/33738.patch + Patch0020: 0001-meson-rename-libbasic-to-libbasic_static.patch Patch0021: 0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch Patch0022: 0003-meson-add-option-to-build-systemd-executor-staticall.patch From c5d3af1638de70a3cd7b39cd812cff5c7a5d5441 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 16 Jul 2024 21:04:26 +0200 Subject: [PATCH 322/494] Add build dependency on rsync on CentOS Stream 9 meson on CentOS Stream 9 is too old to properly handle symlinks when installing test data so the systemd meson build script uses rsync instead. Let's add the requisite build requires to make that work. --- systemd.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systemd.spec b/systemd.spec index 2cda531..73a6d69 100644 --- a/systemd.spec +++ b/systemd.spec @@ -231,6 +231,9 @@ BuildRequires: gettext %ifarch %{valgrind_arches} BuildRequires: valgrind-devel %endif +%if %{defined rhel} && 0%{?rhel} < 10 +BuildRequires: rsync +%endif %ifnarch %ix86 # bpftool is not built for i368 From 79828f2753fa8e9f297cdb86795bac449ae2e463 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 18 Jul 2024 10:12:15 +0200 Subject: [PATCH 323/494] spec: use "positive" conditions in conditionals I think it's easier to read this way. [skip changelog] --- systemd.spec | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/systemd.spec b/systemd.spec index 73a6d69..b436ad8 100644 --- a/systemd.spec +++ b/systemd.spec @@ -108,7 +108,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # applying upstream pull requests. %if %{without upstream} -%if ! (0%{?fedora} >= 40 || 0%{?rhel} >= 10) +%if 0%{?fedora} < 40 && 0%{?rhel} < 10 # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 # Drop when dracut-060 is available. @@ -186,7 +186,7 @@ BuildRequires: openssl-devel-engine %if %{with gnutls} BuildRequires: gnutls-devel %endif -%if %{undefined rhel} +%if 0%{?fedora} BuildRequires: qrencode-devel %endif BuildRequires: libmicrohttpd-devel @@ -214,7 +214,7 @@ BuildRequires: python3-devel BuildRequires: python3dist(jinja2) BuildRequires: python3dist(lxml) BuildRequires: python3dist(pefile) -%if %{undefined rhel} +%if 0%{?fedora} BuildRequires: python3dist(pillow) BuildRequires: python3dist(pytest-flakes) %endif @@ -322,7 +322,7 @@ Recommends: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} Recommends: libpcre2-8.so.0%{?elf_suffix} Recommends: libpwquality.so.1%{?elf_suffix} Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits} -%if %{undefined rhel} +%if 0%{?fedora} Recommends: libqrencode.so.4%{?elf_suffix} %endif Recommends: libbpf.so.1%{?elf_suffix} @@ -489,7 +489,7 @@ Requires: %{name} = %{version}-%{release} Requires: systemd-boot Requires: python3dist(pefile) -%if %{undefined rhel} +%if 0%{?fedora} Requires: python3dist(zstd) %endif Requires: python3dist(cryptography) From 9378a0733a1a01eebe73067fd70f0823b475c392 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 19 Jul 2024 11:52:58 +0200 Subject: [PATCH 324/494] Deal with systemd-timesyncd backport in EPEL --- systemd.spec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/systemd.spec b/systemd.spec index b436ad8..7cafd60 100644 --- a/systemd.spec +++ b/systemd.spec @@ -426,6 +426,13 @@ Provides: udev%{_isa} = %{version} Obsoletes: udev < 183 Requires: (grubby > 8.40-72 if grubby) Requires: (sdubby > 1.0-3 if sdubby) +# A backport of systemd-timesyncd is shipped as a separate package in EPEL so +# let's make sure we properly handle that. +%if 0%{?rhel} +Conflicts: systemd-timesyncd < %{version}-%{release} +Obsoletes: systemd-timesyncd < %{version}-%{release} +Provides: systemd-timesyncd = %{version}-%{release} +%endif # Libkmod is used to load modules. Assume that if we need udevd, we certainly # want to load modules, so make this into a hard dependency here. From 12d1f050295e2e88235a5478b07eebdbda461ae3 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 19 Jul 2024 16:31:45 +0200 Subject: [PATCH 325/494] Don't claim /sbin/installkernel if building for CentOS Stream 9 CentOS Stream 9 has older grubby that still claims /sbin/installkernel for itself so let's not install the symlink in that case. --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index b436ad8..4c2542d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -972,7 +972,9 @@ install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24} # https://bugzilla.redhat.com/show_bug.cgi?id=2107754 install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25} +%if 0%{?fedora} || 0%{?rhel} >= 10 ln -s --relative %{buildroot}%{_bindir}/kernel-install %{buildroot}%{_sbindir}/installkernel +%endif %if "%{_sbindir}" == "%{_bindir}" # Systemd has the split-sbin option which is also used to select the directory From a8c5c736f65445cc3fd4c190b13f3481b3933796 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 19 Jul 2024 16:24:45 +0200 Subject: [PATCH 326/494] Only apply shorter shutdown timer changes on Fedora We had a *lot* of breakage caused by this change internally so let's make the spec a little more conservative by only applying the shorter shutdown timer for Fedora builds. --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index ca12e4e..8547d82 100644 --- a/systemd.spec +++ b/systemd.spec @@ -797,9 +797,11 @@ CONFIGURE_OPTS=( -Ddefault-llmnr=resolve # https://bugzilla.redhat.com/show_bug.cgi?id=2028169 -Dstatus-unit-format-default=combined +%if 0%{?fedora} # https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer -Ddefault-timeout-sec=45 -Ddefault-user-timeout-sec=45 +%endif -Dconfigfiledir=/usr/lib -Doomd=true @@ -959,9 +961,11 @@ install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/ %{SOURCE13} install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14} install -Dm0644 -t %{buildroot}%{system_unit_dir}/system.slice.d/ %{SOURCE15} install -Dm0644 -t %{buildroot}%{user_unit_dir}/slice.d/ %{SOURCE15} +%if 0%{?fedora} # https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer install -Dm0644 -t %{buildroot}%{system_unit_dir}/service.d/ %{SOURCE16} install -Dm0644 10-timeout-abort.conf.user %{buildroot}%{user_unit_dir}/service.d/10-timeout-abort.conf +%endif # https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount install -Dm0644 -t %{buildroot}%{_prefix}/lib/sysctl.d/ %{SOURCE17} From 5b4a5461d6af7017b9b8d5ae91159998085d37b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 19 Jul 2024 16:56:23 +0200 Subject: [PATCH 327/494] Fix changelog rpmautospec doesn't like the merge: "unresolvable merge". To avoid the issue, re-add the changelog file. Also, let's drop the stuff that is only specific to EPEL, since this branch is primarily for rawhide. --- changelog | 604 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 604 insertions(+) diff --git a/changelog b/changelog index d19adec..fb6584d 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,607 @@ +* Wed Jul 17 2024 Zbigniew Jędrzejewski-Szmek - 256.2-9 +- Backport udma buffer access patch (rhbz#2298422) + +* Tue Jul 16 2024 Daan De Meyer - 256.2-8 +- Add support for building from a specific branch + +* Tue Jul 16 2024 Daan De Meyer - 256.2-7 +- Update PR patch metadata + +* Mon Jul 15 2024 Zbigniew Jędrzejewski-Szmek - 256.2-6 +- In standalone subpackages, suggest coreutils-single + +* Mon Jul 15 2024 Zbigniew Jędrzejewski-Szmek - 256.2-5 +- Drop versions from Conflicts for standalone packages + +* Sun Jul 14 2024 Zbigniew Jędrzejewski-Szmek - 256.2-4 +- Use a more precise Recommends for libkxbcommon + +* Thu Jul 11 2024 Daan De Meyer - 256.2-3 +- Drop machined revert + +* Tue Jul 09 2024 Zbigniew Jędrzejewski-Szmek - 256.2-2 +- Rebuilt for the bin-sbin merge + +* Mon Jul 08 2024 Zbigniew Jędrzejewski-Szmek - 256.2-1 +- Version 256.2 +- A bunch of various small fixes + +* Mon Jul 08 2024 Zbigniew Jędrzejewski-Szmek - 256.1-13 +- Link systemd-executor statically + +* Fri Jul 05 2024 Yaakov Selkowitz - 256.1-12 +- Update dracut workaround + +* Fri Jul 05 2024 Yaakov Selkowitz - 256.1-11 +- Fix ELN build + +* Fri Jul 05 2024 Daan De Meyer - 256.1-10 +- Only exclude dracut conflicts on non-fedora on upstream builds + +* Fri Jul 05 2024 Daan De Meyer - 256.1-9 +- Conditionalize dracut Conflicts more + +* Tue Jul 02 2024 Daan De Meyer - 256.1-8 +- Use vmlinux.h from kernel-devel + +* Tue Jul 02 2024 Zbigniew Jędrzejewski-Szmek - 256.1-7 +- Pull in openssl-devel-engine + +* Mon Jul 01 2024 Daan De Meyer - 256.1-6 +- Only add Requires on python3-zstd on Fedora + +* Mon Jul 01 2024 Daan De Meyer - 256.1-5 +- Drop BuildRequires on python3-zstd + +* Tue Jun 25 2024 Zbigniew Jędrzejewski-Szmek - 256.1-4 +- Revert "Remove tmpfiles snippet for /home and /srv" + +* Tue Jun 18 2024 Zbigniew Jędrzejewski-Szmek - 256.1-3 +- Remove tmpfiles snippet for /home and /srv + +* Tue Jun 18 2024 Zbigniew Jędrzejewski-Szmek - 256.1-2 +- Soft-disable tmpfiles --purge until a good use case comes up + +* Tue Jun 18 2024 Zbigniew Jędrzejewski-Szmek - 256.1-1 +- Version 256.1 + +* Sun Jun 16 2024 U2FsdGVkX1 - 256-2 +- disable auto-features when bootstrapping + +* Tue Jun 11 2024 Zbigniew Jędrzejewski-Szmek - 256-1 +- Version 256 +- Only minor changes since -rc4. +- Hardward db is updated. + +* Fri Jun 07 2024 Zbigniew Jędrzejewski-Szmek - 256~rc4-2 +- Restore patch to drop varlink method call + +* Thu Jun 06 2024 Zbigniew Jędrzejewski-Szmek - 256~rc4-1 +- Version 256~rc4 + +* Thu Jun 06 2024 Zbigniew Jędrzejewski-Szmek - 256~rc3-6 +- Drop sysusers.d/basic.conf +- We rely on setup to provide all necessary groups. + +* Sun Jun 02 2024 Adam Williamson - 256~rc3-4 +- Partially backport PR #33016 to fix crashes in KDE 6.3.0 + +* Wed May 29 2024 Zbigniew Jędrzejewski-Szmek - 256~rc3-2 +- Add patch to work-around libbpf bug (rhbz#2280935) + +* Thu May 23 2024 Zbigniew Jędrzejewski-Szmek - 256~rc3-1 +- Version 256~rc3 + +* Wed May 15 2024 Zbigniew Jędrzejewski-Szmek - 256~rc2-6 +- Version 256~rc2 +- Various small changes all over +- A fix for rhbz#2273069 + +* Mon May 13 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1^20240509git1781de1-4 +- Make %%release_override overridable from outside + +* Sat May 11 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1^20240509git1781de1-2 +- Temporarily drop call to varlink method to avoid SELinux denial + +* Thu May 09 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1^20240509git1781de1-1 +- Version 256-rc1^20240509git +- There were some fixes merged upstream, so let's try again before v256-rc2 + is released. + +* Thu May 02 2024 Jan Macku - 256~rc1-6 +- spec: `systemd-ukify` should depend on `systemd-boot` + +* Sat Apr 27 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1-4 +- Add additional daemon-reexec for upgrades from old systemd versions + +* Sat Apr 27 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1-3 +- Drop trigger scriptlets for upgrades from systemd < 247 + +* Sat Apr 27 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1-2 +- Add Recommends for dlopen libraries + +* Fri Apr 26 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1-1 +- Version 256~rc1 +- See https://raw.githubusercontent.com/systemd/systemd/v256-rc1/NEWS. Too + many changes to list or discuss here. + +* Wed Apr 24 2024 Zbigniew Jędrzejewski-Szmek - 255.5-3 +- Reexec systemd in %%postun + (https://github.com/systemd/systemd/issues/5096) +- The workaround dbus issues in upgrades from systemd-239 is dropped + +* Wed Apr 24 2024 Zbigniew Jędrzejewski-Szmek - 255.5-2 +- Drop workaround to run generators without sandboxing (requirement on + dracut >= 60 is added) + +* Wed Apr 24 2024 Zbigniew Jędrzejewski-Szmek - 255.5-1 +- Version 255.5 +- Many different small fixes: systemd itself, systemd-networkd, systemd- + journal-remote, compilation fixes for newer kernels and clang, systemd- + homed, systemd-resolved, ukify, systemd-tmpfiles, various other. + +* Wed Apr 10 2024 Zbigniew Jędrzejewski-Szmek - 255.4-16 +- Prepare for bin-sbin merge + +* Wed Mar 27 2024 Zbigniew Jędrzejewski-Szmek - 255.4-13 +- spec: add %%bcond to build without documentation + +* Fri Mar 22 2024 Zbigniew Jędrzejewski-Szmek - 255.4-11 +- Revert "Adjust release tag for riscv64" + +* Fri Mar 22 2024 David Abdurachmanov - 255.4-10 +- Enable bootloader stack for riscv64 + +* Fri Mar 22 2024 Zbigniew Jędrzejewski-Szmek - 255.4-9 +- Adjust release tag for riscv64 + +* Wed Mar 20 2024 David Tardon - 255.4-5 +- Make Requires(*) on systemd versioned + +* Wed Mar 20 2024 Zbigniew Jędrzejewski-Szmek - 255.4-4 +- Add R:systemd-udev to systemd-networkd subpackage (rhbz#2173425) + +* Mon Mar 18 2024 Daan De Meyer - 255.4-3 +- Add psutil dependency to systemd-tests + +* Thu Mar 07 2024 Daan De Meyer - 255.4-2 +- Build in developer mode when building for upstream + +* Fri Mar 01 2024 Zbigniew Jędrzejewski-Szmek - 255.4-1 +- Version 255.4 + +* Wed Feb 21 2024 Daan De Meyer - 255.3-13 +- Allow setting extra configure options using + %%meson_extra_configure_options + +* Wed Feb 21 2024 Daan De Meyer - 255.3-12 +- Apply pam patch when building for upstream + +* Wed Feb 21 2024 Daan De Meyer - 255.3-11 +- Use %%version_override/%%release_override to specify version/release by + users + +* Tue Feb 20 2024 Zbigniew Jędrzejewski-Szmek - 255.3-10 +- Let libkmod be a dlopen'ed dependency + +* Sat Feb 17 2024 Daan De Meyer - 255.3-9 +- Allow overriding the version and release using macros + +* Sat Feb 17 2024 Daan De Meyer - 255.3-8 +- Stop passing %%{release} to meson when building in upstream mode + +* Sat Feb 17 2024 Daan De Meyer - 255.3-7 +- Don't pass b_lto to meson + +* Thu Feb 15 2024 Daan De Meyer - 255.3-6 +- Update usage of meson-vcs-tag.sh to account for upstream changes + +* Sun Feb 11 2024 Daan De Meyer - 255.3-5 +- Replace inplace macro with upstream macro + +* Sun Feb 11 2024 Daan De Meyer - 255.3-4 +- Remove reconfiguration logic + +* Sun Feb 11 2024 Daan De Meyer - 255.3-3 +- Stop depending on filelists + +* Mon Jan 29 2024 Zbigniew Jędrzejewski-Szmek - 255.3-2 +- Conflicts/Provides with systemd-standalone-repart are moved udev + subpackage + +* Thu Jan 25 2024 Zbigniew Jędrzejewski-Szmek - 255.3-1 +- Version 255.3 +- A bunch of various fixes for memory and behaviour, in many different + components (bootctl, systemd, udev, systemd-networkd, systemd-homed, + systemd-logind, systemd-resolve, systemd-repart, systemd-analyze, + systemd-dissect, systemd-boot, pam modules, systemd-storagetm, systemd- + journal-remote, kernel-install) +- Improved detection of virtualization (Google Compute Engine, Apple Virt) +- Updates for shell completions and docs +- An update for hardware database + +* Tue Jan 23 2024 Zbigniew Jędrzejewski-Szmek - 255.2-3 +- Add temporary patch to adjust uid range classification (rhbz#2251843) + +* Tue Jan 09 2024 Zbigniew Jędrzejewski-Szmek - 255.2-1 +- Version 255.2 +- Fixes missing DNSSEC validity check in SOA DNS packets (CVE-2023-7008) +- systemd-resolved and systemd-networkd are restarted after an upgrade. + +* Tue Jan 09 2024 Zbigniew Jędrzejewski-Szmek - 255.1-2 +- Add missing %%postun scriptlets for systemd-{resolved,networkd} + (rhbz#2255718) + +* Sat Dec 16 2023 Zbigniew Jędrzejewski-Szmek - 255.1-1 +- Version 255.1 + +* Wed Dec 13 2023 Zbigniew Jędrzejewski-Szmek - 255-7 +- Do not remove modified config files + +* Fri Dec 08 2023 Zbigniew Jędrzejewski-Szmek - 255-4 +- Add /etc/ssh/sshd_config.d to the file list + +* Fri Dec 08 2023 Zbigniew Jędrzejewski-Szmek - 255-3 +- Move config files to /usr/lib/systemd (e.g. /etc/systemd/system.conf → + /usr/lib/systemd/systemd.conf). Both config file locations were already + supported, and the files installed in /etc/ were "empty" (i.e. they had + only comments and section headers). The move does not change the + configuration, but just makes /etc more empty by default. See + https://github.com/systemd/systemd/commit/6495361c7d for more discussion + and details. + +* Fri Dec 08 2023 Zbigniew Jędrzejewski-Szmek - 255-2 +- Move systemd-bsod is to udev subpackage + +* Wed Dec 06 2023 Zbigniew Jędrzejewski-Szmek - 255-1 +- Version 255 +- Just a few bugfixes since 255-rc4: seccomp filters, logging, + documentation, systemd-repart +- Includes a hardware database update. + +* Sat Dec 02 2023 Zbigniew Jędrzejewski-Szmek - 255~rc4-1 +- Version 255~rc4 + +* Fri Dec 01 2023 Adam Williamson - 255~rc3-4 +- Backport PRs #30170 and #30266 to fix BPF denials (RHBZ #2250930) + +* Wed Nov 29 2023 Adam Williamson - 255~rc3-3 +- Backport #30197 to fix vconsole startup (RHBZ #2251394) + +* Thu Nov 23 2023 Peter Robinson - 255~rc3-2 +- de-dupe LICENSE.LGPL2.1 in licenses + +* Wed Nov 22 2023 Zbigniew Jędrzejewski-Szmek - 255~rc3-1 +- Version 255~rc3 + +* Wed Nov 22 2023 Zbigniew Jędrzejewski-Szmek - 255~rc2-2 +- Add systemd-networkd-defaults subpackage + +* Wed Nov 15 2023 Zbigniew Jędrzejewski-Szmek - 255~rc2-1 +- Version 255~rc2 +- See See https://raw.githubusercontent.com/systemd/systemd/v255-rc2/NEWS + +* Wed Nov 08 2023 Zbigniew Jędrzejewski-Szmek +- Add Conflicts with older dracut which doesn't have required patches + +* Tue Nov 07 2023 Zbigniew Jędrzejewski-Szmek - 255~rc1-3 +- Also build systemd-vmspawn + +* Tue Nov 07 2023 Zbigniew Jędrzejewski-Szmek - 255~rc1-2 +- Move oomd to systemd-udev + +* Tue Nov 07 2023 Zbigniew Jędrzejewski-Szmek - 255~rc1-1 +- Version 255~rc1 +- See https://raw.githubusercontent.com/systemd/systemd/v255-rc1/NEWS +- All the files and services related to pcrs are moved to -udev subpackage. + This includes the new systemd-pcrlock binary. + +* Wed Sep 27 2023 Zbigniew Jędrzejewski-Szmek - 254.5-2 +- Pull in more patches for keyboard layout matching + +* Wed Sep 27 2023 Zbigniew Jędrzejewski-Szmek - 254.5-1 +- Version 254.5 +- Resolves rhbz#29216. + +* Wed Sep 27 2023 Zbigniew Jędrzejewski-Szmek - 254.2-14 +- Pull in patches to add PollLimit setting + +* Wed Sep 27 2023 Zbigniew Jędrzejewski-Szmek - 254.2-13 +- Change versioned Conflicts to rich Requires (rhbz#2240828) + +* Tue Sep 19 2023 Adam Williamson - 254.2-12 +- Backport PR #29215 to improve keyboard layout matching + +* Mon Sep 18 2023 Zbigniew Jędrzejewski-Szmek - 254.2-7 +- Fix creation of installkernel symlink + +* Fri Sep 15 2023 Zbigniew Jędrzejewski-Szmek - 254.2-6 +- Provide /usr/sbin/installkernel (rhbz#2239008). + +* Thu Sep 07 2023 Zbigniew Jędrzejewski-Szmek - 254.2-2 +- Make inter-subpackage dependencies archful + +* Thu Sep 07 2023 Zbigniew Jędrzejewski-Szmek - 254.2-1 +- Version 254.2 +- A bunch of fixes in various areas: manager, coredump, sysupdate, + hibernation, journal. +- Should fix rhbz#2234653. + +* Wed Sep 06 2023 Zbigniew Jędrzejewski-Szmek - 254.1-8 +- Actually reload user managers and backport unit reload macros + +* Sat Sep 02 2023 Daan De Meyer - 254.1-7 +- ukify: Drop obsolete dependency on objcopy + +* Sat Sep 02 2023 Daan De Meyer - 254.1-6 +- Add missing ukify dependency on python-cryptography + +* Sun Aug 20 2023 Yu Watanabe - 254.1-5 +- spec: also explicitly enable/disable ukify support + +* Sun Aug 13 2023 Yu Watanabe - 254.1-4 +- spec: explicitly enable/disable xen support + +* Wed Aug 09 2023 Zbigniew Jędrzejewski-Szmek - 254.1-1 +- Version 254.1 (rhbz#2228089, possibly partial fix for rhbz#2229524) + +* Wed Aug 09 2023 Zbigniew Jędrzejewski-Szmek - 254-5 +- Do daemon-reexec of user managers after package upgrade + +* Mon Aug 07 2023 Daan De Meyer - 254-4 +- Revert "Supress errors on selinux systems" + +* Thu Aug 03 2023 Daan De Meyer - 254-3 +- Add a custom %%clean implementation + +* Thu Aug 03 2023 Daan De Meyer - 254-2 +- Update libbpf soname + +* Fri Jul 28 2023 Zbigniew Jędrzejewski-Szmek - 254-1 +- Version 254 (just a bunch of bugfixes, mostly for unusual architectures, + since rc3) +- rhbz#2226908 +- See https://raw.githubusercontent.com/systemd/systemd/v254-rc1/NEWS for + the full changeset. + +* Mon Jul 24 2023 Zbigniew Jędrzejewski-Szmek - 254~rc3-1 +- Version 254~rc3 +- A bunch of fixes, e.g. rhbz#2223795. Also a bunch of reverts of commits + which were found to cause problems. + +* Sat Jul 22 2023 Fedora Release Engineering - 254~rc2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Mon Jul 17 2023 Zbigniew Jędrzejewski-Szmek - 254~rc2-4 +- Fix scriptlets for various services and remote-cryptsetup.target + (rhbz#2217997) + +* Sun Jul 16 2023 Stewart Smith - 254~rc2-3 +- Convert existing bcond_with[out] to plain bcond + +* Sun Jul 16 2023 Stewart Smith - 254~rc2-2 +- Move gnutls, zlib, bzip2, lz4, xz, and zstd to bconds + +* Sat Jul 15 2023 Zbigniew Jędrzejewski-Szmek - 254~rc2-1 +- Version 254~rc2 +- Various bug fixes, in particular kernel-install should again work without + /proc. + +* Thu Jul 13 2023 Zbigniew Jędrzejewski-Szmek - 254~rc1-1 +- Version 254~rc1 +- Way too many changes to list. See + https://raw.githubusercontent.com/systemd/systemd/v254-rc1/NEWS +- Fix regression in socket activation of services (rhbz#2213660). + +* Mon Jun 26 2023 Yaakov Selkowitz - 253.5-7 +- Use rpm sysuser provide generation on RHEL >= 10 + +* Thu Jun 22 2023 Panu Matilainen - 253.5-6 +- Use rpm's sysuser provide generation on Fedora >= 39 + +* Wed Jun 21 2023 Anita Zhang - 253.5-5 +- fix typos in standalone package provides + +* Mon Jun 05 2023 Yaakov Selkowitz - 253.5-4 +- Avoid pillow and pyflakes in RHEL builds + +* Mon Jun 05 2023 Yaakov Selkowitz - 253.5-3 +- Avoid qrencode dependency in RHEL builds + +* Fri Jun 02 2023 Alessandro Astone - 253.5-2 +- Increase vm.max_map_count + +* Thu Jun 01 2023 Zbigniew Jędrzejewski-Szmek - 253.5-1 +- Version 253.5 + +* Thu May 11 2023 Zbigniew Jędrzejewski-Szmek - 253.4-1 +- Version 253.4 + +* Thu May 11 2023 Michael Catanzaro - 253.2-6 +- Raise ManagedOOMMemoryPressureLimit from 50%% to 80%% + +* Tue May 09 2023 Zbigniew Jędrzejewski-Szmek - 253.2-5 +- Add forgotten Provides and Conflicts for standalones + +* Wed Apr 26 2023 Zbigniew Jędrzejewski-Szmek - 253.2-4 +- sysusers.generate-pre.sh: properly escape quotes in description strings + (rhbz#2104141) + +* Wed Apr 26 2023 Zbigniew Jędrzejewski-Szmek - 253.2-3 +- sysusers.generate-pre.sh: fix indentation in generated scripts + +* Wed Mar 29 2023 Zbigniew Jędrzejewski-Szmek - 253.2-1 +- Version 253.2 + +* Wed Mar 29 2023 Zbigniew Jędrzejewski-Szmek - 253.1-7 +- oomd: stop monitoring user-*.slice slices (rhbz#2177722) + +* Thu Mar 09 2023 Zbigniew Jędrzejewski-Szmek - 253.1-6 +- Move /usr/lib/systemd/boot/ to systemd-boot-unsigned subpackage + +* Fri Mar 03 2023 Zbigniew Jędrzejewski-Szmek - 253.1-2 +- Fix build with gnu-efi-3.0.11-13 + +* Fri Mar 03 2023 Zbigniew Jędrzejewski-Szmek - 253.1-1 +- Version 253.1 +- Fixes rhbz#2148464 + +* Wed Mar 01 2023 Zbigniew Jędrzejewski-Szmek - 253-7 +- Move man pages for sd-boot into systemd-boot-unsigned + +* Wed Feb 22 2023 Zbigniew Jędrzejewski-Szmek - 253-6 +- Set TimeoutStopFailureMode=abort for services (see + https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer) + +* Tue Feb 21 2023 Dusty Mabe - 253-5 +- remove group write permission from 98-default-mac-none.link + +* Tue Feb 21 2023 Dusty Mabe - 253-4 +- fix comment instructions for 98-default-mac-none.link + +* Tue Feb 21 2023 Zbigniew Jędrzejewski-Szmek - 253-3 +- Backport patch for container compatibility (rhbz#2165004) + +* Tue Feb 21 2023 Zbigniew Jędrzejewski-Szmek - 253-2 +- Add workaround patch for dracut generator issue (rhbz#2164404) + +* Mon Feb 20 2023 Zbigniew Jędrzejewski-Szmek - 253-1 +- Version 253 (mostly some documentation fixes since -rc3). + +* Fri Feb 10 2023 Zbigniew Jędrzejewski-Szmek - 253~rc3-1 +- Version 253-rc3 +- A bunch of bugfixes for regressions, some documentation and bug fixes + too. +- Really fix rhbz#2165692 (previous build carried an unapplied patch). + +* Thu Feb 09 2023 Zbigniew Jędrzejewski-Szmek - 253~rc2-7 +- Revert patch switch causes problems for 'systemctl isolate' + (rhbz#2165692) + +* Wed Feb 08 2023 Zbigniew Jędrzejewski-Szmek - 253~rc2-6 +- Disable systemd-boot-update.service in presets + +* Wed Feb 08 2023 Zbigniew Jędrzejewski-Szmek - 253~rc2-4 +- Update License to SPDX + +* Mon Feb 06 2023 Thomas Haller - 253~rc2-3 +- add "98-default-mac-none.link" to keep default MAC address of + bridge/bond/team + +* Thu Feb 02 2023 Michael Catanzaro - 253~rc2-2 +- Shorten shutdown timeout to 45 s + +* Thu Feb 02 2023 Zbigniew Jędrzejewski-Szmek - 253~rc2-1 +- Version 253~rc2 +- Sysusers fixup (rhbz#2156900) + other small changes + +* Thu Feb 02 2023 Yaakov Selkowitz - 253~rc1-5 +- Build with xen only on Fedora + +* Thu Jan 26 2023 Zbigniew Jędrzejewski-Szmek - 253~rc1-3 +- Reenable systemd-journald-audit.socket after upgrades (rhbz#2164594) + +* Wed Jan 25 2023 Zbigniew Jędrzejewski-Szmek - 253~rc1-2 +- Add Requires on Python modules to systemd-ukify and Recommends for + libp11-kit + +* Tue Jan 24 2023 Zbigniew Jędrzejewski-Szmek - 253~rc1-1 +- Version 253~rc1 +- See https://raw.githubusercontent.com/systemd/systemd/v253-rc1/NEWS +- New subpackages: systemd-repart-standalone, systemd-shutdown-standalone, + and systemd-ukify. + +* Sun Jan 22 2023 Zbigniew Jędrzejewski-Szmek - 252.4-4 +- Backport patches to fix issues gcc-13 and -D_FORTIFY_SOURCE=3 + +* Sat Jan 21 2023 Fedora Release Engineering - 252.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Thu Jan 05 2023 Daan De Meyer - 252.4-2 +- Add python3 to BuildRequires + +* Tue Dec 20 2022 Zbigniew Jędrzejewski-Szmek - 252.4-1 +- Version 252.4 +- Fixes a few different issues (systemd-timesyncd connectivity problems, + broken emoji output on the console, crashes in pid1 unit dependency + logic) +- CVE-2022-4415: systemd: coredump not respecting fs.suid_dumpable kernel + setting + +* Sat Dec 17 2022 Zbigniew Jędrzejewski-Szmek - 252.3-4 +- boot: add Provides:systemd-boot(isa) + +* Wed Dec 14 2022 Zbigniew Jędrzejewski-Szmek - 252.3-2 +- Use upstream pam systemd-auth file with a patch, add pam_keyinit + +* Thu Dec 08 2022 Zbigniew Jędrzejewski-Szmek - 252.3-1 +- Version 252.3 (rhbz#2136916, rhbz#2083900) + +* Fri Dec 02 2022 Zbigniew Jędrzejewski-Szmek - 252.2-2 +- Split out systemd-boot-unsigned package + +* Thu Nov 24 2022 Zbigniew Jędrzejewski-Szmek - 252.2-1 +- Version 252.2 +- Latest batch of bugfixes (rhbz#2137631) + +* Thu Nov 24 2022 Martin Osvald - 252.1-3 +- Support user:group notation by sysusers.generate-pre.sh script + +* Tue Nov 08 2022 Zbigniew Jędrzejewski-Szmek - 252.1-1 +- Version 252.1 (just some small fixes). + +* Mon Oct 31 2022 Zbigniew Jędrzejewski-Szmek - 252-1 +- Version 252 + +* Tue Oct 25 2022 Zbigniew Jędrzejewski-Szmek - 252~rc3-1 +- Version 252-rc3 (#2135778) + +* Tue Oct 18 2022 Zbigniew Jędrzejewski-Szmek - 252~rc2-28 +- Version 252-rc2 (#2134741, #2133792) + +* Fri Oct 14 2022 Zbigniew Jędrzejewski-Szmek - 252~rc1-31 +- Fix upgrade detection in %%posttrans scriptlet (rhbz#2115094) + +* Sun Oct 09 2022 Zbigniew Jędrzejewski-Szmek - 252~rc1-30 +- Fix indentation in %%sysusers_create_compat macro (rhbz#2132835) + +* Sun Oct 09 2022 Zbigniew Jędrzejewski-Szmek - 252~rc1-29 +- Correctly move systemd-measure to systemd-udev subpackage + +* Fri Oct 07 2022 Zbigniew Jędrzejewski-Szmek - 252~rc1-28 +- Version 252-rc1 (for details see + https://raw.githubusercontent.com/systemd/systemd/v252-rc1/NEWS) + +* Sat Oct 01 2022 Zbigniew Jędrzejewski-Szmek - 251.5-29 +- Fix permissions on %%ghost files (rhbz#2122889) + +* Sat Oct 01 2022 Zbigniew Jędrzejewski-Szmek - 251.5-28 +- Version 251.5 (rhbz#2129343, rhbz#2121106, rhbz#2130188) + +* Fri Sep 30 2022 Yu Watanabe - 251.4-41 +- Replace patch for test-mountpoint-util + +* Fri Sep 30 2022 Yu Watanabe - 251.4-40 +- patch: fix regression in bfq patch + +* Fri Sep 30 2022 Luca BRUNO - 251.4-39 +- sysusers/generate: bridge 'm' entries to usermod + +* Fri Sep 30 2022 Anita Zhang - 251.4-38 +- Update systemd-oomd defaults to friendlier values +- Remove swap policy. Default amount of swap (8GB?) is a lot lower than + what we use internally with the swap policy. Which frequently leads to + GNOME getting killed (e.g. + https://bugzilla.redhat.com/show_bug.cgi?id=1941170, and other BZs not + linked here). Internally we use 0.5x-1x size of physical memory for swap + via swapfiles (this will be documented in systemd upstream). In simple + cases of using more memory than is available (but without memory + pressure), the Kernel OOM killer can handle killing the offending + process. + +* Thu Sep 29 2022 Zbigniew Jędrzejewski-Szmek - 251.4-37 +- Make systemd-devel conditionally pull in systemd-rpm-macros + * Fri Aug 19 2022 Neal Gompa - 251.4-53 - Set compile-time fallback hostname to "localhost" https://fedoraproject.org/wiki/Changes/FallbackHostname From ef8ddb130b5995ddf21a7d06b5cb723f7bd18909 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 20 Jul 2024 06:58:47 +0000 Subject: [PATCH 328/494] Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild From 00babccdea1576d96edfdb7ab12958564cc4f1b6 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sat, 20 Jul 2024 17:06:40 +0200 Subject: [PATCH 329/494] Simplify BFQ scheduler enablement This doesn't need to be a patch, let's instead install it as part of %install to simplify things a little. --- 60-block-scheduler.rules | 5 +++++ systemd.spec | 9 +++++++-- use-bfq-scheduler.patch | 43 ---------------------------------------- 3 files changed, 12 insertions(+), 45 deletions(-) create mode 100644 60-block-scheduler.rules delete mode 100644 use-bfq-scheduler.patch diff --git a/60-block-scheduler.rules b/60-block-scheduler.rules new file mode 100644 index 0000000..850b645 --- /dev/null +++ b/60-block-scheduler.rules @@ -0,0 +1,5 @@ +# do not edit this file, it will be overwritten on update + +ACTION=="add", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", \ + KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \ + ATTR{queue/scheduler}="bfq" diff --git a/systemd.spec b/systemd.spec index 8547d82..4d80273 100644 --- a/systemd.spec +++ b/systemd.spec @@ -87,6 +87,7 @@ Source14: 10-oomd-defaults.conf Source15: 10-oomd-per-slice-defaults.conf Source16: 10-timeout-abort.conf Source17: 10-map-count.conf +Source18: 60-block-scheduler.rules Source21: macros.sysusers Source22: sysusers.attr @@ -123,8 +124,6 @@ Patch0021: 0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch Patch0022: 0003-meson-add-option-to-build-systemd-executor-staticall.patch # Those are downstream-only patches, but we don't want them in packit builds: -# https://bugzilla.redhat.com/show_bug.cgi?id=1738828 -Patch0490: use-bfq-scheduler.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch @@ -970,6 +969,12 @@ install -Dm0644 10-timeout-abort.conf.user %{buildroot}%{user_unit_dir}/service. # https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount install -Dm0644 -t %{buildroot}%{_prefix}/lib/sysctl.d/ %{SOURCE17} +# As requested in https://bugzilla.redhat.com/show_bug.cgi?id=1738828. +# Test results are that bfq seems to behave better and more consistently on +# typical hardware. The kernel does not have a configuration option to set the +# default scheduler, and it currently needs to be set by userspace. +install -Dm0644 -t %{buildroot}%{_prefix}/lib/udev/rules.d/ %{SOURCE18} + sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/macros.d/ %{SOURCE21} diff --git a/use-bfq-scheduler.patch b/use-bfq-scheduler.patch deleted file mode 100644 index 6ad5e5d..0000000 --- a/use-bfq-scheduler.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 1990fb757f6d275d807fcb48ad09f5fc7c947bc6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 14 Aug 2019 15:57:42 +0200 -Subject: [PATCH] udev: use bfq as the default scheduler - -As requested in https://bugzilla.redhat.com/show_bug.cgi?id=1738828. -Test results are that bfq seems to behave better and more consistently on -typical hardware. The kernel does not have a configuration option to set -the default scheduler, and it currently needs to be set by userspace. - -See the bug for more discussion and links. ---- - rules.d/60-block-scheduler.rules | 5 +++++ - rules.d/meson.build | 1 + - 2 files changed, 6 insertions(+) - create mode 100644 rules.d/60-block-scheduler.rules - -diff --git a/rules.d/60-block-scheduler.rules b/rules.d/60-block-scheduler.rules -new file mode 100644 -index 0000000000..850b64540e ---- /dev/null -+++ b/rules.d/60-block-scheduler.rules -@@ -0,0 +1,5 @@ -+# do not edit this file, it will be overwritten on update -+ -+ACTION=="add", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", \ -+ KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \ -+ ATTR{queue/scheduler}="bfq" -diff --git a/rules.d/meson.build b/rules.d/meson.build -index 20fca222da..94fee9d7c0 100644 ---- a/rules.d/meson.build -+++ b/rules.d/meson.build -@@ -7,6 +7,7 @@ install_data( - rules = [ - [files('60-autosuspend.rules', - '60-block.rules', -+ '60-block-scheduler.rules', - '60-cdrom_id.rules', - '60-dmi-id.rules', - '60-drm.rules', --- -2.41.0 - From 3c3772150d2403f1f7a9c0bb1cda9c1c375c623a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 23 Jul 2024 10:25:28 +0200 Subject: [PATCH 330/494] Version 256.3 - A bunch of fixes for systemd (pid1) - Various upgrades related to running tests in mkosi --- ...n-rename-libbasic-to-libbasic_static.patch | 176 ------------------ ...ystemd-core-via-an-intermediate-stat.patch | 59 ------ ...-to-build-systemd-executor-staticall.patch | 97 ---------- systemd.spec | 6 +- 4 files changed, 1 insertion(+), 337 deletions(-) delete mode 100644 0001-meson-rename-libbasic-to-libbasic_static.patch delete mode 100644 0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch delete mode 100644 0003-meson-add-option-to-build-systemd-executor-staticall.patch diff --git a/0001-meson-rename-libbasic-to-libbasic_static.patch b/0001-meson-rename-libbasic-to-libbasic_static.patch deleted file mode 100644 index 8059d87..0000000 --- a/0001-meson-rename-libbasic-to-libbasic_static.patch +++ /dev/null @@ -1,176 +0,0 @@ -From 8954e7ccc1f2005df221f50882f3253518c63159 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 3 Jul 2024 16:51:05 +0200 -Subject: [PATCH 1/3] meson: rename libbasic to libbasic_static - -Our variables for internal libraries are named 'libfoo' for the shared lib -variant, and 'libfoo_static' for the static lib variant. The only exception was -libbasic, because we didn't have a shared variant for it. But let's rename it -for consitency. This makes the build config easier to understand. - -(cherry picked from commit 732ed8a84e8b264fccd3f5c0fc68ec2894b6d8ea) ---- - meson.build | 4 ++-- - src/basic/meson.build | 2 +- - src/libsystemd/meson.build | 2 +- - src/partition/meson.build | 2 +- - src/shared/meson.build | 2 +- - src/shutdown/meson.build | 2 +- - src/sysusers/meson.build | 2 +- - src/test/meson.build | 8 ++++---- - src/tmpfiles/meson.build | 2 +- - 9 files changed, 13 insertions(+), 13 deletions(-) - -diff --git a/meson.build b/meson.build -index b1a110cbfc..58748a37a3 100644 ---- a/meson.build -+++ b/meson.build -@@ -2089,7 +2089,7 @@ libsystemd = shared_library( - # Make sure our library is never deleted from memory, so that our open logging fds don't leak on dlopen/dlclose cycles. - '-z', 'nodelete', - '-Wl,--version-script=' + libsystemd_sym_path], -- link_with : [libbasic], -+ link_with : [libbasic_static], - link_whole : [libsystemd_static], - dependencies : [librt, - threads, -@@ -2254,7 +2254,7 @@ nss_template = { - 'link_with' : [ - libsystemd_static, - libshared_static, -- libbasic, -+ libbasic_static, - ], - 'dependencies' : [ - librt, -diff --git a/src/basic/meson.build b/src/basic/meson.build -index 9a214575a5..b538775576 100644 ---- a/src/basic/meson.build -+++ b/src/basic/meson.build -@@ -274,7 +274,7 @@ filesystem_switch_case_h = custom_target( - - basic_sources += [filesystem_list_h, filesystem_switch_case_h, filesystems_gperf_h] - --libbasic = static_library( -+libbasic_static = static_library( - 'basic', - basic_sources, - fundamental_sources, -diff --git a/src/libsystemd/meson.build b/src/libsystemd/meson.build -index 6d4337d1a7..243549299f 100644 ---- a/src/libsystemd/meson.build -+++ b/src/libsystemd/meson.build -@@ -118,7 +118,7 @@ libsystemd_static = static_library( - libsystemd_sources, - include_directories : libsystemd_includes, - c_args : libsystemd_c_args, -- link_with : [libbasic], -+ link_with : [libbasic_static], - dependencies : [threads, - librt, - userspace], -diff --git a/src/partition/meson.build b/src/partition/meson.build -index 52e1368116..2cfe43e029 100644 ---- a/src/partition/meson.build -+++ b/src/partition/meson.build -@@ -32,7 +32,7 @@ executables += [ - 'sources' : files('repart.c'), - 'c_args' : '-DSTANDALONE', - 'link_with' : [ -- libbasic, -+ libbasic_static, - libshared_fdisk, - libshared_static, - libsystemd_static, -diff --git a/src/shared/meson.build b/src/shared/meson.build -index c5106d87d5..e513c0ec1c 100644 ---- a/src/shared/meson.build -+++ b/src/shared/meson.build -@@ -358,7 +358,7 @@ libshared = shared_library( - '-Wl,--version-script=' + libshared_sym_path], - link_depends : libshared_sym_path, - link_whole : [libshared_static, -- libbasic, -+ libbasic_static, - libsystemd_static], - dependencies : [libshared_deps, - userspace], -diff --git a/src/shutdown/meson.build b/src/shutdown/meson.build -index 219f9fd308..9bc60f83e5 100644 ---- a/src/shutdown/meson.build -+++ b/src/shutdown/meson.build -@@ -20,7 +20,7 @@ executables += [ - 'sources' : systemd_shutdown_sources, - 'c_args' : '-DSTANDALONE', - 'link_with' : [ -- libbasic, -+ libbasic_static, - libshared_static, - libsystemd_static, - ], -diff --git a/src/sysusers/meson.build b/src/sysusers/meson.build -index 0f9c067d50..403d82a340 100644 ---- a/src/sysusers/meson.build -+++ b/src/sysusers/meson.build -@@ -14,7 +14,7 @@ executables += [ - 'sources' : files('sysusers.c'), - 'c_args' : '-DSTANDALONE', - 'link_with' : [ -- libbasic, -+ libbasic_static, - libshared_static, - libsystemd_static, - ], -diff --git a/src/test/meson.build b/src/test/meson.build -index 3abbb94d9f..9d3c7d675f 100644 ---- a/src/test/meson.build -+++ b/src/test/meson.build -@@ -274,7 +274,7 @@ executables += [ - # only static linking apart from libdl, to make sure that the - # module is linked to all libraries that it uses. - 'sources' : files('test-dlopen.c'), -- 'link_with' : libbasic, -+ 'link_with' : libbasic_static, - 'dependencies' : libdl, - 'install' : false, - 'type' : 'manual', -@@ -410,7 +410,7 @@ executables += [ - }, - test_template + { - 'sources' : files('test-sizeof.c'), -- 'link_with' : libbasic, -+ 'link_with' : libbasic_static, - }, - test_template + { - 'sources' : files('test-time-util.c'), -@@ -590,7 +590,7 @@ executables += [ - test_template + { - 'sources' : files('../libsystemd/sd-device/test-sd-device-thread.c'), - 'link_with' : [ -- libbasic, -+ libbasic_static, - libsystemd, - ], - 'dependencies' : threads, -@@ -598,7 +598,7 @@ executables += [ - test_template + { - 'sources' : files('../libudev/test-udev-device-thread.c'), - 'link_with' : [ -- libbasic, -+ libbasic_static, - libudev, - ], - 'dependencies' : threads, -diff --git a/src/tmpfiles/meson.build b/src/tmpfiles/meson.build -index 2e918509a7..09ad839586 100644 ---- a/src/tmpfiles/meson.build -+++ b/src/tmpfiles/meson.build -@@ -20,7 +20,7 @@ executables += [ - 'sources' : systemd_tmpfiles_sources, - 'c_args' : '-DSTANDALONE', - 'link_with' : [ -- libbasic, -+ libbasic_static, - libshared_static, - libsystemd_static, - ], diff --git a/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch b/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch deleted file mode 100644 index c7423e9..0000000 --- a/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 3b101982011d787c05d7708740e6eada560c62cc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 3 Jul 2024 17:03:26 +0200 -Subject: [PATCH 2/3] meson: build libsystemd-core via an intermediate static - library - -By itself, this is not useful. I'm making this a separate commit to -make debugging easier. It turns out that meson does static libraries -using references, so the "static library" a tiny stub stub that refers -to the object files on disk and this has negligible cost: -$ ls -lhd build/src/core/libsystemd-core-257.{a,so} --rw-r--r-- 1 zbyszek zbyszek 36K Jul 3 16:54 build/src/core/libsystemd-core-257.a --rwxr-xr-x 1 zbyszek zbyszek 6.1M Jul 3 16:54 build/src/core/libsystemd-core-257.so - -(cherry picked from commit d0689ee5fbfafa736e6eca89bc80cb2d372f2229) ---- - src/core/meson.build | 16 +++++++++++----- - 1 file changed, 11 insertions(+), 5 deletions(-) - -diff --git a/src/core/meson.build b/src/core/meson.build -index 7a2012a372..1ef31cc529 100644 ---- a/src/core/meson.build -+++ b/src/core/meson.build -@@ -110,17 +110,13 @@ load_fragment_gperf_nulstr_c = custom_target( - - libcore_name = 'systemd-core-@0@'.format(shared_lib_tag) - --libcore = shared_library( -+libcore_static = static_library( - libcore_name, - libcore_sources, - load_fragment_gperf_c, - load_fragment_gperf_nulstr_c, - include_directories : includes, - c_args : ['-fvisibility=default'], -- link_args : ['-shared', -- '-Wl,--version-script=' + libshared_sym_path], -- link_depends : libshared_sym_path, -- link_with : libshared, - dependencies : [libacl, - libapparmor, - libaudit, -@@ -135,6 +131,16 @@ libcore = shared_library( - libselinux, - threads, - userspace], -+ build_by_default : false) -+ -+libcore = shared_library( -+ libcore_name, -+ c_args : ['-fvisibility=default'], -+ link_args : ['-shared', -+ '-Wl,--version-script=' + libshared_sym_path], -+ link_depends : libshared_sym_path, -+ link_whole: libcore_static, -+ link_with : libshared, - install : true, - install_dir : pkglibdir) - diff --git a/0003-meson-add-option-to-build-systemd-executor-staticall.patch b/0003-meson-add-option-to-build-systemd-executor-staticall.patch deleted file mode 100644 index 73a12b2..0000000 --- a/0003-meson-add-option-to-build-systemd-executor-staticall.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 254338a838354d9d3e43efa14190ca1203ef3afe Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 3 Jul 2024 17:05:31 +0200 -Subject: [PATCH 3/3] meson: add option to build systemd-executor "statically" - -The new link-executor-shared option is similar to the existing -link-udev-shared: when set to false, we link to the static versions of our -internal libraries. - -The resulting exuctor binary is fairly large, about as large as libsystemd-core -(14 MB without lto, 8 with lto). - -This is intended as a workaround for the fuckup with the pinned executor -binary: -when an upgrade is performed, the package manager will install new version of -the libraries and new version of the code, and some time later reexecute the -managers. This creates a window when the pinned executor binary will fail to -execute. There are two factors which make the issue easier to hit: - -- when the distribution uses a finely-grained shared-lib-tag. E.g. Fedora - uses version-release as the tag, which means that the issue occurs on - every package upgrade. This is the right thing to do, because the - ABI of our internal libraries is not stable at all, so replacing the - library from a different version in place creates a window where our - programs may crash or misbehave. - -- when the distribution doesn't immediately reexec all the managers after - upgrade. In early versions of systemd, we used to hammer the machine during - upgrade, doing daemon-reexecs repeatedly. This works, but is ugly and - wasteful. Doing the reexecs while the upgrade is in progres also creates a - window where a mix of old and new configs or both is loaded. Users are - particularly annoyed by those reloads if there is some issue in the - configuration causing us to emit warnings on every reexec. Doing the - reexecs once after the new configuration and libraries have been put - in place is nicer. - -The pinning of the executor binary breaks upgrades and in particular -it penalizes the distributions which make use of the features which -were previously added to avoid bugs and inefficiency during upgrades. - -When the executor is linked statically, there is a smaller chance that it'll -fail to load libraries. The issue can still occur because other libraries, not -our own, are linked dynamically. - -(cherry picked from commit d59cae6cebd0fc25a16a020bd28e5303901f1b19) ---- - meson_options.txt | 2 ++ - src/core/meson.build | 16 ++++++++++++---- - 2 files changed, 14 insertions(+), 4 deletions(-) - -diff --git a/meson_options.txt b/meson_options.txt -index 667340ca59..909e2d53e8 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -21,6 +21,8 @@ option('rootprefix', type : 'string', deprecated: true, - description : 'This option is deprecated and will be removed in a future release') - option('link-udev-shared', type : 'boolean', - description : 'link systemd-udevd and its helpers to libsystemd-shared.so') -+option('link-executor-shared', type : 'boolean', -+ description : 'link systemd-executor to libsystemd-shared.so and libsystemd-core.so') - option('link-systemctl-shared', type: 'boolean', - description : 'link systemctl against libsystemd-shared.so') - option('link-networkd-shared', type: 'boolean', -diff --git a/src/core/meson.build b/src/core/meson.build -index 1ef31cc529..dbeb752977 100644 ---- a/src/core/meson.build -+++ b/src/core/meson.build -@@ -156,6 +156,17 @@ systemd_executor_sources = files( - 'exec-invoke.c', - ) - -+executor_libs = get_option('link-executor-shared') ? \ -+ [ -+ libcore, -+ libshared, -+ ] : [ -+ libcore_static, -+ libshared_static, -+ libbasic_static, -+ libsystemd_static, -+ ] -+ - executables += [ - libexec_template + { - 'name' : 'systemd', -@@ -173,10 +184,7 @@ executables += [ - 'public' : true, - 'sources' : systemd_executor_sources, - 'include_directories' : core_includes, -- 'link_with' : [ -- libcore, -- libshared, -- ], -+ 'link_with' : executor_libs, - 'dependencies' : [ - libapparmor, - libpam, diff --git a/systemd.spec b/systemd.spec index 4d80273..cd4e455 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256.2} +Version: %{?version_override}%{!?version_override:256.3} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -119,10 +119,6 @@ Patch0010: https://github.com/systemd/systemd/pull/26494.patch # Requested in https://bugzilla.redhat.com/show_bug.cgi?id=2298422 Patch0011: https://github.com/systemd/systemd/pull/33738.patch -Patch0020: 0001-meson-rename-libbasic-to-libbasic_static.patch -Patch0021: 0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch -Patch0022: 0003-meson-add-option-to-build-systemd-executor-staticall.patch - # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch From 4fd4ef72a6088bbc7791ff03739ce05932bc02e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 23 Jul 2024 10:58:29 +0200 Subject: [PATCH 331/494] Upload sources [skip changelog] --- sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources b/sources index 2e30e2f..aeac4c9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256.2.tar.gz) = 10da82ee58d3608c41cb0204fdf0227af965b13b8f3716e4f5dea994c236c08a5e31f09ba0d3774cea20a365e1d959c8c865fdeacc82400da55e94ad800e75ba +SHA512 (systemd-256.3.tar.gz) = 474a4bf24fc7180f2edef6c61ec2cc502a671ba944e54dd44d4b8d3d34fec22935dd8da247deafbce828c90041672c0a963472593e9d1fd54c98c6ee01861a4f From 1cdae03391665f76c25519197aa036fe7957d4c2 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 23 Jul 2024 13:16:26 +0200 Subject: [PATCH 332/494] Update tmpfiles --destroy-data patch Let's make sure we patch the integration test for systemd-tmpfiles --purge as well so it doesn't fail. --- ...-tmpfiles-make-purge-hard-to-mis-use.patch | 45 ++++++++++++++----- 1 file changed, 35 insertions(+), 10 deletions(-) diff --git a/0001-tmpfiles-make-purge-hard-to-mis-use.patch b/0001-tmpfiles-make-purge-hard-to-mis-use.patch index 87b5fa5..033b575 100644 --- a/0001-tmpfiles-make-purge-hard-to-mis-use.patch +++ b/0001-tmpfiles-make-purge-hard-to-mis-use.patch @@ -1,18 +1,19 @@ -From f62d1f6ea55fc0dcccbe60582804c9b033f8ad0e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 18 Jun 2024 20:32:10 +0200 +From 1e788a7fb535a37a8268aa7dc5130f670eb72a6b Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Tue, 23 Jul 2024 13:14:05 +0200 Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use Follow-up for https://github.com/systemd/systemd/pull/33383. --- - src/tmpfiles/tmpfiles.c | 17 +++++++++++++++++ - 1 file changed, 17 insertions(+) + src/tmpfiles/tmpfiles.c | 17 +++++++++++++++++ + test/units/TEST-22-TMPFILES.18.sh | 4 ++-- + 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c -index 5841db293e..9b0f744ba9 100644 +index 8cc8c1ccd6..14048545db 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c -@@ -4195,6 +4195,7 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4197,6 +4197,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_IMAGE_POLICY, ARG_REPLACE, ARG_DRY_RUN, @@ -20,7 +21,7 @@ index 5841db293e..9b0f744ba9 100644 ARG_NO_PAGER, }; -@@ -4218,10 +4219,18 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4220,10 +4221,18 @@ static int parse_argv(int argc, char *argv[]) { { "replace", required_argument, NULL, ARG_REPLACE }, { "dry-run", no_argument, NULL, ARG_DRY_RUN }, { "no-pager", no_argument, NULL, ARG_NO_PAGER }, @@ -39,7 +40,7 @@ index 5841db293e..9b0f744ba9 100644 assert(argc >= 0); assert(argv); -@@ -4328,6 +4337,10 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4330,6 +4339,10 @@ static int parse_argv(int argc, char *argv[]) { arg_dry_run = true; break; @@ -50,7 +51,7 @@ index 5841db293e..9b0f744ba9 100644 case ARG_NO_PAGER: arg_pager_flags |= PAGER_DISABLE; break; -@@ -4347,6 +4360,10 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4349,6 +4362,10 @@ static int parse_argv(int argc, char *argv[]) { return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Refusing --purge without specification of a configuration file."); @@ -61,3 +62,27 @@ index 5841db293e..9b0f744ba9 100644 if (arg_replace && arg_cat_flags != CAT_CONFIG_OFF) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Option --replace= is not supported with --cat-config/--tldr."); +diff --git a/test/units/TEST-22-TMPFILES.18.sh b/test/units/TEST-22-TMPFILES.18.sh +index 5d24197c81..de23bbb95f 100755 +--- a/test/units/TEST-22-TMPFILES.18.sh ++++ b/test/units/TEST-22-TMPFILES.18.sh +@@ -21,7 +21,7 @@ systemd-tmpfiles --purge --dry-run - <<<"$c" + test -f /tmp/somedir/somefile + grep -q baz /tmp/somedir/somefile + +-systemd-tmpfiles --purge - <<<"$c" ++systemd-tmpfiles --purge --destroy-data - <<<"$c" + test ! -f /tmp/somedir/somefile + test ! -d /tmp/somedir/ + +@@ -29,6 +29,6 @@ systemd-tmpfiles --create --purge --dry-run - <<<"$c" + test ! -f /tmp/somedir/somefile + test ! -d /tmp/somedir/ + +-systemd-tmpfiles --create --purge - <<<"$c" ++systemd-tmpfiles --create --destroy-data --purge - <<<"$c" + test -f /tmp/somedir/somefile + grep -q baz /tmp/somedir/somefile +-- +2.45.2 + From b29a66006c90e692ec8364ea6fb5d78e3be672e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 25 Jul 2024 12:50:06 +0200 Subject: [PATCH 333/494] Version 256.4 - Hardware db update - Minor fixes for systemd-udevd and varlink protocol --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index aeac4c9..dca53b1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256.3.tar.gz) = 474a4bf24fc7180f2edef6c61ec2cc502a671ba944e54dd44d4b8d3d34fec22935dd8da247deafbce828c90041672c0a963472593e9d1fd54c98c6ee01861a4f +SHA512 (systemd-256.4.tar.gz) = 0357f1b61a07e594aff118dec54bd7233f37b69ccdfa393b91f46f32f08238fa7dd44df70d1df858464c866e114868ae1bec66dc685703d425cbd4c86baddfb8 diff --git a/systemd.spec b/systemd.spec index cd4e455..210c1f7 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256.3} +Version: %{?version_override}%{!?version_override:256.4} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From 903e8e0f888de31d02fb75a1cfdeeebd0d7be359 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 29 Jul 2024 15:49:54 +0200 Subject: [PATCH 334/494] Backport upstream patch to try more initrd variants in 90-loaderentry.install This makes sure that 90-loaderentry.install plays nicely with the dracut kernel-install plugin that is shipped in Fedora and CentOS Stream. --- 33861.patch | 38 ++++++++++++++++++++++++++++++++++++++ systemd.spec | 2 ++ 2 files changed, 40 insertions(+) create mode 100644 33861.patch diff --git a/33861.patch b/33861.patch new file mode 100644 index 0000000..b443387 --- /dev/null +++ b/33861.patch @@ -0,0 +1,38 @@ +From 1310492f7a58db4315390db174da65aef699aa91 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Mon, 29 Jul 2024 15:41:51 +0200 +Subject: [PATCH] kernel-install: Try some more initrd variants in + 90-loaderentry.install + +On CentOS/Fedora, dracut is configured to write the initrd to +/boot/initramfs-$KERNEL_VERSION...img so let's check for that as well +if no initrds were supplied. +--- + src/kernel-install/90-loaderentry.install.in | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/src/kernel-install/90-loaderentry.install.in b/src/kernel-install/90-loaderentry.install.in +index 4ef6aca169c1a..84f7a4a97fb43 100755 +--- a/src/kernel-install/90-loaderentry.install.in ++++ b/src/kernel-install/90-loaderentry.install.in +@@ -205,8 +205,18 @@ mkdir -p "${LOADER_ENTRY%/*}" || { + have_initrd=yes + done + +- # Try "initrd", generated by dracut in its kernel-install hook, if no initrds were supplied +- [ -z "$have_initrd" ] && [ -f "$ENTRY_DIR_ABS/initrd" ] && echo "initrd $ENTRY_DIR/initrd" ++ # Try a few variations that are generated by various initrd generators in their kernel-install hooks if ++ # no initrds were supplied. ++ ++ if [ -z "$have_initrd" ] && [ -f "$ENTRY_DIR_ABS/initrd" ]; then ++ echo "initrd $ENTRY_DIR/initrd" ++ have_initrd=yes ++ fi ++ ++ if [ -z "$have_initrd" ] && [ -f "$BOOT_ROOT/initramfs-$KERNEL_VERSION.img" ]; then ++ echo "initrd /initramfs-$KERNEL_VERSION.img" ++ have_initrd=yes ++ fi + : + } >"$LOADER_ENTRY" || { + echo "Error: could not create loader entry '$LOADER_ENTRY'." >&2 diff --git a/systemd.spec b/systemd.spec index 210c1f7..fc511ba 100644 --- a/systemd.spec +++ b/systemd.spec @@ -119,6 +119,8 @@ Patch0010: https://github.com/systemd/systemd/pull/26494.patch # Requested in https://bugzilla.redhat.com/show_bug.cgi?id=2298422 Patch0011: https://github.com/systemd/systemd/pull/33738.patch +Patch0012: https://github.com/systemd/systemd/pull/33861.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch From 53118d2112c2dc686a04aefc564f9e062caba33d Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 29 Jul 2024 19:00:12 +0200 Subject: [PATCH 335/494] Backport patch to only read /proc/cmdline when not in container --- 33864.patch | 39 +++++++++++++++++++++++++++++++++++++++ systemd.spec | 1 + 2 files changed, 40 insertions(+) create mode 100644 33864.patch diff --git a/33864.patch b/33864.patch new file mode 100644 index 0000000..290af4c --- /dev/null +++ b/33864.patch @@ -0,0 +1,39 @@ +From 94a2999f250e3f7579883f5c79815b80398043cd Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Mon, 29 Jul 2024 17:13:28 +0200 +Subject: [PATCH] kernel-install: Only read cmdline from /proc/cmdline when not + in container + +If we're running from within a container, we're very likely not going +to want to use the kernel command line from /proc/cmdline, so let's add +a check to see if we're running from a container to decide whether we'll +use the kernel command line from /proc/cmdline. +--- + src/kernel-install/90-loaderentry.install.in | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/kernel-install/90-loaderentry.install.in b/src/kernel-install/90-loaderentry.install.in +index 4ef6aca169c1a..79427684cc5c9 100755 +--- a/src/kernel-install/90-loaderentry.install.in ++++ b/src/kernel-install/90-loaderentry.install.in +@@ -79,8 +79,10 @@ elif [ -f /etc/kernel/cmdline ]; then + BOOT_OPTIONS="$(tr -s "$IFS" ' ' Date: Tue, 20 Aug 2024 18:42:34 +0200 Subject: [PATCH 336/494] Disable integration of userdb in sshd --- systemd.spec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/systemd.spec b/systemd.spec index 63d5c95..8f88804 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1005,6 +1005,13 @@ mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ rm %{buildroot}/usr/lib/sysusers.d/basic.conf %endif +# Disable sshd_config.d/20-systemd-userdb.conf for now. +# This option may override an existing AuthorizedKeysCommand setting +# (or be ineffective, depending on the order of configuration). +# See https://github.com/systemd/systemd/issues/33648. +rm %{buildroot}/etc/ssh/sshd_config.d/20-systemd-userdb.conf +mv %{buildroot}/usr/lib/tmpfiles.d/20-systemd-userdb.conf{,.example} + %find_lang %{name} # Split files in build root into rpms From d38cacfd3af154d18f4ead14db8fb8d3108498ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 20 Aug 2024 19:04:55 +0200 Subject: [PATCH 337/494] Version 256.5 - Includes the patches for the kernel change with kernel threads in leaf cgroups (https://github.com/systemd/systemd/pull/33885) - Various smaller fixes --- 33861.patch | 38 -------------------------------------- 33864.patch | 39 --------------------------------------- sources | 2 +- systemd.spec | 5 +---- 4 files changed, 2 insertions(+), 82 deletions(-) delete mode 100644 33861.patch delete mode 100644 33864.patch diff --git a/33861.patch b/33861.patch deleted file mode 100644 index b443387..0000000 --- a/33861.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 1310492f7a58db4315390db174da65aef699aa91 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Mon, 29 Jul 2024 15:41:51 +0200 -Subject: [PATCH] kernel-install: Try some more initrd variants in - 90-loaderentry.install - -On CentOS/Fedora, dracut is configured to write the initrd to -/boot/initramfs-$KERNEL_VERSION...img so let's check for that as well -if no initrds were supplied. ---- - src/kernel-install/90-loaderentry.install.in | 14 ++++++++++++-- - 1 file changed, 12 insertions(+), 2 deletions(-) - -diff --git a/src/kernel-install/90-loaderentry.install.in b/src/kernel-install/90-loaderentry.install.in -index 4ef6aca169c1a..84f7a4a97fb43 100755 ---- a/src/kernel-install/90-loaderentry.install.in -+++ b/src/kernel-install/90-loaderentry.install.in -@@ -205,8 +205,18 @@ mkdir -p "${LOADER_ENTRY%/*}" || { - have_initrd=yes - done - -- # Try "initrd", generated by dracut in its kernel-install hook, if no initrds were supplied -- [ -z "$have_initrd" ] && [ -f "$ENTRY_DIR_ABS/initrd" ] && echo "initrd $ENTRY_DIR/initrd" -+ # Try a few variations that are generated by various initrd generators in their kernel-install hooks if -+ # no initrds were supplied. -+ -+ if [ -z "$have_initrd" ] && [ -f "$ENTRY_DIR_ABS/initrd" ]; then -+ echo "initrd $ENTRY_DIR/initrd" -+ have_initrd=yes -+ fi -+ -+ if [ -z "$have_initrd" ] && [ -f "$BOOT_ROOT/initramfs-$KERNEL_VERSION.img" ]; then -+ echo "initrd /initramfs-$KERNEL_VERSION.img" -+ have_initrd=yes -+ fi - : - } >"$LOADER_ENTRY" || { - echo "Error: could not create loader entry '$LOADER_ENTRY'." >&2 diff --git a/33864.patch b/33864.patch deleted file mode 100644 index 290af4c..0000000 --- a/33864.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 94a2999f250e3f7579883f5c79815b80398043cd Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Mon, 29 Jul 2024 17:13:28 +0200 -Subject: [PATCH] kernel-install: Only read cmdline from /proc/cmdline when not - in container - -If we're running from within a container, we're very likely not going -to want to use the kernel command line from /proc/cmdline, so let's add -a check to see if we're running from a container to decide whether we'll -use the kernel command line from /proc/cmdline. ---- - src/kernel-install/90-loaderentry.install.in | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/kernel-install/90-loaderentry.install.in b/src/kernel-install/90-loaderentry.install.in -index 4ef6aca169c1a..79427684cc5c9 100755 ---- a/src/kernel-install/90-loaderentry.install.in -+++ b/src/kernel-install/90-loaderentry.install.in -@@ -79,8 +79,10 @@ elif [ -f /etc/kernel/cmdline ]; then - BOOT_OPTIONS="$(tr -s "$IFS" ' ' Date: Sat, 24 Aug 2024 08:29:48 -0700 Subject: [PATCH 338/494] Do not require grubby on CentOS Stream 9 This is a fixup for 12d1f050295e2e88235a5478b07eebdbda461ae3. --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 1865706..524109a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -419,8 +419,10 @@ Obsoletes: systemd < 245.6-1 Provides: udev = %{version} Provides: udev%{_isa} = %{version} Obsoletes: udev < 183 +%if 0%{?fedora} || 0%{?rhel} >= 10 Requires: (grubby > 8.40-72 if grubby) Requires: (sdubby > 1.0-3 if sdubby) +%endif # A backport of systemd-timesyncd is shipped as a separate package in EPEL so # let's make sure we properly handle that. %if 0%{?rhel} From 28076e6232412aa7138e09aaec8c0a414faa3dce Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 27 Aug 2024 15:04:08 +0200 Subject: [PATCH 339/494] Only make python3-pillow Recommends on Fedora python3-pillow is not available in CentOS Stream 9/10 so let's not mark it as Recommends. --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 524109a..2ebce1d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -497,7 +497,9 @@ Requires: python3dist(pefile) Requires: python3dist(zstd) %endif Requires: python3dist(cryptography) +%if 0%{?fedora} Recommends: python3dist(pillow) +%endif # for tests %ifarch riscv64 From 196ec98228ac7ba72652635e29fbdfdf1b88a2a4 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 28 Aug 2024 10:22:26 +0200 Subject: [PATCH 340/494] Drop %upstream conditionalization for patches rpm will imply --noprep when using --build-in-place in rpm 4.20 and we're switching the mkosi rpm builds to use --noprep as well on older rpm versions. This means we don't need to gate out patch applications anymore with the %upstream macro. --- systemd.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 2ebce1d..0b107ef 100644 --- a/systemd.spec +++ b/systemd.spec @@ -108,7 +108,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. -%if %{without upstream} %if 0%{?fedora} < 40 && 0%{?rhel} < 10 # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 @@ -125,7 +124,6 @@ Patch0491: https://github.com/systemd/systemd/pull/30846.patch # Soft-disable tmpfiles --purge until a good use case comes up. Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch -%endif # Adjust upstream config to use our shared stack Patch0499: fedora-use-system-auth-in-pam-systemd-user.patch From abb115a9057a0ae7acf8c4dd6d9d79423b89a591 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 28 Aug 2024 10:23:54 +0200 Subject: [PATCH 341/494] Do not use patch to modify systemd-user pam config file We still want the Fedora systemd-user pam config when building with --noprep so let's install the pam config file using a regular source instead of patching the one provided by systemd. --- ...-use-system-auth-in-pam-systemd-user.patch | 31 ------------------- systemd-user | 14 +++++++++ systemd.spec | 7 +++-- 3 files changed, 18 insertions(+), 34 deletions(-) delete mode 100644 fedora-use-system-auth-in-pam-systemd-user.patch create mode 100644 systemd-user diff --git a/fedora-use-system-auth-in-pam-systemd-user.patch b/fedora-use-system-auth-in-pam-systemd-user.patch deleted file mode 100644 index df820e2..0000000 --- a/fedora-use-system-auth-in-pam-systemd-user.patch +++ /dev/null @@ -1,31 +0,0 @@ -From c4b803dc60b63a35c977d39610b7872175ec03bd Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 14 Dec 2022 22:24:53 +0100 -Subject: [PATCH] fedora: use system-auth in pam systemd-user - ---- - src/login/systemd-user.in | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in -index 8a3c9e0165..74ef5f2552 100644 ---- a/src/login/systemd-user.in -+++ b/src/login/systemd-user.in -@@ -7,7 +7,7 @@ - -account sufficient pam_systemd_home.so - {% endif %} - account sufficient pam_unix.so no_pass_expiry --account required pam_permit.so -+account include system-auth - - {% if HAVE_SELINUX %} - session required pam_selinux.so close -@@ -20,4 +20,4 @@ session required pam_namespace.so - -session optional pam_systemd_home.so - {% endif %} - session optional pam_umask.so silent --session optional pam_systemd.so -+session include system-auth --- -2.41.0 - diff --git a/systemd-user b/systemd-user new file mode 100644 index 0000000..82dcd32 --- /dev/null +++ b/systemd-user @@ -0,0 +1,14 @@ +# Used by systemd --user instances. + +-account sufficient pam_systemd_home.so +account sufficient pam_unix.so no_pass_expiry +account include system-auth + +session required pam_selinux.so close +session required pam_selinux.so nottys open +session required pam_loginuid.so +session optional pam_keyinit.so force revoke +session required pam_namespace.so +-session optional pam_systemd_home.so +session optional pam_umask.so silent +session include system-auth diff --git a/systemd.spec b/systemd.spec index 0b107ef..456f4f9 100644 --- a/systemd.spec +++ b/systemd.spec @@ -96,6 +96,8 @@ Source24: sysusers.generate-pre.sh Source25: 98-default-mac-none.link +Source26: systemd-user + %if 0 GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip @@ -125,9 +127,6 @@ Patch0491: https://github.com/systemd/systemd/pull/30846.patch # Soft-disable tmpfiles --purge until a good use case comes up. Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch -# Adjust upstream config to use our shared stack -Patch0499: fedora-use-system-auth-in-pam-systemd-user.patch - %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 %endif @@ -1011,6 +1010,8 @@ rm %{buildroot}/usr/lib/sysusers.d/basic.conf rm %{buildroot}/etc/ssh/sshd_config.d/20-systemd-userdb.conf mv %{buildroot}/usr/lib/tmpfiles.d/20-systemd-userdb.conf{,.example} +install -m 0644 -t %{buildroot}%{_prefix}/lib/pam.d/ %{SOURCE26} + %find_lang %{name} # Split files in build root into rpms From a67221c3f0d0b81b9b5b3230a71d09044342f1a4 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 28 Aug 2024 11:57:41 +0200 Subject: [PATCH 342/494] Always build ukify package Even on non-uefi architectures, ukify can be used to build UKIs for UEFI images. For example, mkosi can use it to build UKIs on s390x. To enable this use case, let's always build ukify, but with a conditional dependency on systemd-boot only on arches that support UEFI. --- 34154.patch | 27 +++++++++++++++++++++++++++ split-files.py | 2 +- systemd.spec | 18 ++++++++++++------ 3 files changed, 40 insertions(+), 7 deletions(-) create mode 100644 34154.patch diff --git a/34154.patch b/34154.patch new file mode 100644 index 0000000..acab80c --- /dev/null +++ b/34154.patch @@ -0,0 +1,27 @@ +From e3486e1494ab4bc23df39cae8b4bda6182265408 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 28 Aug 2024 14:08:30 +0200 +Subject: [PATCH] ukify: Skip test on architectures without UEFI + +--- + src/ukify/test/test_ukify.py | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/ukify/test/test_ukify.py b/src/ukify/test/test_ukify.py +index bbd26c0d42343..a08996cb55cf6 100755 +--- a/src/ukify/test/test_ukify.py ++++ b/src/ukify/test/test_ukify.py +@@ -45,6 +45,13 @@ + sys.path.append(os.path.dirname(__file__) + '/..') + import ukify + ++# Skip if we're running on an architecture that does not use UEFI. ++try: ++ ukify.guess_efi_arch() ++except ValueError as e: ++ print(str(e), file=sys.stderr) ++ sys.exit(77) ++ + build_root = os.getenv('PROJECT_BUILD_ROOT') + try: + slow_tests = bool(int(os.getenv('SYSTEMD_SLOW_TESTS', '1'))) diff --git a/split-files.py b/split-files.py index 3f66ada..51400fd 100644 --- a/split-files.py +++ b/split-files.py @@ -260,6 +260,6 @@ for file in files(buildroot): if [print(f'ERROR: no file names were written to {o.name}') for name, o in outputs.items() if (o.tell() == 0 and - not (no_bootloader and name in ('ukify', 'boot'))) + not (no_bootloader and name == 'boot')) ]: sys.exit(1) diff --git a/systemd.spec b/systemd.spec index 456f4f9..614db47 100644 --- a/systemd.spec +++ b/systemd.spec @@ -120,6 +120,9 @@ Patch0010: https://github.com/systemd/systemd/pull/26494.patch # Requested in https://bugzilla.redhat.com/show_bug.cgi?id=2298422 Patch0011: https://github.com/systemd/systemd/pull/33738.patch +# Make test-ukify skip itself on architectures without UEFI. +Patch0012: https://github.com/systemd/systemd/pull/34154.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch @@ -483,12 +486,16 @@ This package also provides systemd-timesyncd, a network time protocol daemon. It also contains tools to manage encrypted home areas and secrets bound to the machine, and to create or grow partitions and make file systems automatically. -%if 0%{?want_bootloader} %package ukify Summary: Tool to build Unified Kernel Images Requires: %{name} = %{version}-%{release} -Requires: systemd-boot +Requires: (systemd-boot if %{shrink:( + filesystem(x86-32) or + filesystem(x86-64) or + filesystem(aarch64) or + filesystem(riscv64) +)}) Requires: python3dist(pefile) %if 0%{?fedora} Requires: python3dist(zstd) @@ -512,6 +519,7 @@ This package provides ukify, a script that combines a kernel image, an initrd, with a command line, and possibly PCR measurements and other metadata, into a Unified Kernel Image (UKI). +%if 0%{?want_bootloader} %package boot-unsigned Summary: UEFI boot manager (unsigned version) @@ -826,10 +834,8 @@ CONFIGURE_OPTS=( # For now, let's build the bootloader in the same places where we # built with gnu-efi. Later on, we might want to extend coverage, but # considering that that support is untested, let's not do this now. - # Note, ukify requires bootloader, let's also explicitly enable/disable it - # here for https://github.com/systemd/systemd/pull/24175. -Dbootloader=%[%{?want_bootloader}?"enabled":"disabled"] - -Dukify=%[%{?want_bootloader}?"enabled":"disabled"] + -Dukify=enabled ) %if %{without lto} @@ -1265,8 +1271,8 @@ fi %files udev -f .file-list-udev -%if 0%{?want_bootloader} %files ukify -f .file-list-ukify +%if 0%{?want_bootloader} %files boot-unsigned -f .file-list-boot %endif From ce99022f7b7c6b545cdbfac2436e578d41ca3162 Mon Sep 17 00:00:00 2001 From: Matteo Croce Date: Thu, 12 Sep 2024 01:18:42 +0200 Subject: [PATCH 343/494] Version 256.6 Bump version and remove already present ukify patch --- 34154.patch | 27 --------------------------- sources | 2 +- systemd.spec | 5 +---- 3 files changed, 2 insertions(+), 32 deletions(-) delete mode 100644 34154.patch diff --git a/34154.patch b/34154.patch deleted file mode 100644 index acab80c..0000000 --- a/34154.patch +++ /dev/null @@ -1,27 +0,0 @@ -From e3486e1494ab4bc23df39cae8b4bda6182265408 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 28 Aug 2024 14:08:30 +0200 -Subject: [PATCH] ukify: Skip test on architectures without UEFI - ---- - src/ukify/test/test_ukify.py | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/ukify/test/test_ukify.py b/src/ukify/test/test_ukify.py -index bbd26c0d42343..a08996cb55cf6 100755 ---- a/src/ukify/test/test_ukify.py -+++ b/src/ukify/test/test_ukify.py -@@ -45,6 +45,13 @@ - sys.path.append(os.path.dirname(__file__) + '/..') - import ukify - -+# Skip if we're running on an architecture that does not use UEFI. -+try: -+ ukify.guess_efi_arch() -+except ValueError as e: -+ print(str(e), file=sys.stderr) -+ sys.exit(77) -+ - build_root = os.getenv('PROJECT_BUILD_ROOT') - try: - slow_tests = bool(int(os.getenv('SYSTEMD_SLOW_TESTS', '1'))) diff --git a/sources b/sources index 87067ab..ad04ada 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256.5.tar.gz) = 40558194e05a17b218adf3d6df48b738c866855d43d09c1e9381c2c568a44a8f1617b64476736fc7e34416ad9e8d25dc023cf9de090b4ef9079866919377009f +SHA512 (systemd-256.6.tar.gz) = 99d0fad02cab3559e081dabc2797d1d66bbc21daf9aaec847aeb6bce289456ff9c8599a34563c9bfa3826db36ae9ab30836b09bae00bf1a410b54d0bad9bd4dc diff --git a/systemd.spec b/systemd.spec index 614db47..2e4c79d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256.5} +Version: %{?version_override}%{!?version_override:256.6} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -120,9 +120,6 @@ Patch0010: https://github.com/systemd/systemd/pull/26494.patch # Requested in https://bugzilla.redhat.com/show_bug.cgi?id=2298422 Patch0011: https://github.com/systemd/systemd/pull/33738.patch -# Make test-ukify skip itself on architectures without UEFI. -Patch0012: https://github.com/systemd/systemd/pull/34154.patch - # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch From 5a82129a41aef1f8c7f5b58b695dd8d88bc2b333 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 20 Sep 2024 17:45:09 +0200 Subject: [PATCH 344/494] Reword some descriptions Also reflow %descriptions to 80 columns. [skip changelog] --- systemd.spec | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/systemd.spec b/systemd.spec index 2e4c79d..cb4f895 100644 --- a/systemd.spec +++ b/systemd.spec @@ -635,8 +635,8 @@ Requires: python3dist(psutil) License: LGPL-2.1-or-later %description tests -"Installed tests" that are usually run as part of the build system. They can be -useful to test systemd internals. +Systemd unit tests used to test the internal implementation after a build. +Different binaries test different parts of the codebase. %package standalone-repart Summary: Standalone systemd-repart binary for use on systems without systemd @@ -646,9 +646,9 @@ Suggests: coreutils-single RemovePathPostfixes: .standalone %description standalone-repart -Standalone systemd-repart binary with no dependencies on the systemd-shared library or -other libraries from systemd-libs. This package conflicts with the main systemd -package and is meant for use on systems without systemd. +Standalone systemd-repart binary with no dependencies on the systemd-shared +library or other libraries from systemd-libs. This package conflicts with the +main systemd package and is meant for use on systems without systemd. %package standalone-tmpfiles Summary: Standalone systemd-tmpfiles binary for use on systems without systemd @@ -658,9 +658,9 @@ Suggests: coreutils-single RemovePathPostfixes: .standalone %description standalone-tmpfiles -Standalone systemd-tmpfiles binary with no dependencies on the systemd-shared library or -other libraries from systemd-libs. This package conflicts with the main systemd -package and is meant for use on systems without systemd. +Standalone systemd-tmpfiles binary with no dependencies on the systemd-shared +library or other libraries from systemd-libs. This package conflicts with the +main systemd package and is meant for use on systems without systemd. %package standalone-sysusers Summary: Standalone systemd-sysusers binary for use on systems without systemd @@ -670,21 +670,21 @@ Suggests: coreutils-single RemovePathPostfixes: .standalone %description standalone-sysusers -Standalone systemd-sysusers binary with no dependencies on the systemd-shared library or -other libraries from systemd-libs. This package conflicts with the main systemd -package and is meant for use on systems without systemd. +Standalone systemd-sysusers binary with no dependencies on the systemd-shared +library or other libraries from systemd-libs. This package conflicts with the +main systemd package and is meant for use on systems without systemd. %package standalone-shutdown -Summary: Standalone systemd-shutdown binary for use on systems without systemd +Summary: Standalone systemd-shutdown binary for use in exitrds Provides: %{name}-shutdown = %{version}-%{release} Conflicts: %{name} Suggests: coreutils-single RemovePathPostfixes: .standalone %description standalone-shutdown -Standalone systemd-shutdown binary with no dependencies on the systemd-shared library or -other libraries from systemd-libs. This package conflicts with the main systemd -package and is meant for use in exitrds. +Standalone systemd-shutdown binary with no dependencies on the systemd-shared +library or other libraries from systemd-libs. This package conflicts with the +main systemd package and is meant for use in exitrds. %prep %if %{defined branch} From bedc0270e72071dd027f998629f6d633700c5b89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 24 Sep 2024 16:22:27 +0200 Subject: [PATCH 345/494] Move yum/dnf protection removal config file under /usr https://github.com/uapi-group/specifications/issues/76 Actually, add a new file under /usr, but keep the old file in /etc because it's still needed for dnf. The new file in the new location is useful because it means that we get the correct behaviour even when /etc is emptied (on systems with new dnf version). dnf5 reads the new location: https://github.com/rpm-software-management/dnf5/issues/1107 https://github.com/rpm-software-management/dnf5/pull/1110 --- systemd.spec | 17 ++++++++++++----- yum-protect-systemd.conf | 2 -- 2 files changed, 12 insertions(+), 7 deletions(-) delete mode 100644 yum-protect-systemd.conf diff --git a/systemd.spec b/systemd.spec index cb4f895..b1d69a4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -71,9 +71,6 @@ Source2: split-files.py Source3: purge-nobody-user Source4: test_sysusers_defined.py -# Prevent accidental removal of the systemd package -Source5: yum-protect-systemd.conf - Source6: inittab Source7: sysctl.conf.README Source8: systemd-journal-remote.xml @@ -942,8 +939,18 @@ touch %{buildroot}%{_localstatedir}/lib/systemd/random-seed touch %{buildroot}%{_localstatedir}/lib/systemd/timesync/clock touch %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload/state -# Install yum protection fragment -install -Dm0644 %{SOURCE5} %{buildroot}/etc/dnf/protected.d/systemd.conf +# Install yum protection config. Old location in /etc. +mkdir -p %{buildroot}/etc/dnf/protected.d/ +cat >%{buildroot}/etc/dnf/protected.d/systemd.conf <%{buildroot}/usr/share/dnf5/libdnf.conf.d/protect-systemd.conf < Date: Fri, 11 Oct 2024 18:32:58 +0200 Subject: [PATCH 346/494] Version 256.7 - Various small fixes in many components - Documentation updates --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index ad04ada..db248bb 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256.6.tar.gz) = 99d0fad02cab3559e081dabc2797d1d66bbc21daf9aaec847aeb6bce289456ff9c8599a34563c9bfa3826db36ae9ab30836b09bae00bf1a410b54d0bad9bd4dc +SHA512 (systemd-256.7.tar.gz) = 2ff3805a7d97780a716b23ddeea3722a85aba6326ecee527e53e9d35510a0ffa5ec0bf0cdbf8f3409bb9c6832406916f63eb7e8305db5f67c284e5590c642422 diff --git a/systemd.spec b/systemd.spec index b1d69a4..b06d182 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256.6} +Version: %{?version_override}%{!?version_override:256.7} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From e42eed4afd6267cd954d393d8eec79e0e7573de0 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 24 Oct 2024 18:11:05 +0900 Subject: [PATCH 347/494] test_sysusers_defined: support new ! line flag for creating fully locked accounts For https://github.com/systemd/systemd/pull/34876. --- test_sysusers_defined.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test_sysusers_defined.py b/test_sysusers_defined.py index 2754578..6f04f15 100755 --- a/test_sysusers_defined.py +++ b/test_sysusers_defined.py @@ -11,7 +11,7 @@ def parse_sysusers_file(filename): continue words = line.split() match words[0]: - case 'u': + case 'u'|'u!': users.add(words[1]) case 'g': groups.add(words[1]) From 009c64d6a2bfc60153d1c418f384cf527bccb2a0 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Thu, 24 Oct 2024 09:24:58 +0200 Subject: [PATCH 348/494] Use %systemd_preun in systemd-resolved With that, systemd-resolved.service is not only disabled but also stopped on package uninstall. ... (rhbz#2305391) --- systemd.spec | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index b06d182..22bc752 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1185,10 +1185,8 @@ fi %systemd_post systemd-resolved.service %preun resolved +%systemd_preun systemd-resolved.service if [ $1 -eq 0 ] ; then - systemctl disable --quiet \ - systemd-resolved.service \ - >/dev/null || : if [ -L /etc/resolv.conf ] && \ realpath /etc/resolv.conf | grep ^/run/systemd/resolve/; then rm -f /etc/resolv.conf # no longer useful From 86ca699d18c427aee4b8ceb89ea303f124f878b6 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 11 Oct 2024 11:09:41 +0200 Subject: [PATCH 349/494] Backport user manager reexec changes This drastically simplifier reexecs of user managers by using systemctl reload to do a user manager reexec. This means we don't need systemd-run, a pam session or systemd-stdio-bridge anymore to do a user manager reexec and all job tracking is handled by pid 1 instead of bash. --- systemd.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systemd.spec b/systemd.spec index 22bc752..78db443 100644 --- a/systemd.spec +++ b/systemd.spec @@ -117,6 +117,9 @@ Patch0010: https://github.com/systemd/systemd/pull/26494.patch # Requested in https://bugzilla.redhat.com/show_bug.cgi?id=2298422 Patch0011: https://github.com/systemd/systemd/pull/33738.patch +# Simplify user manager upgrades +Patch0012: https://github.com/systemd/systemd/pull/34707.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch From 8f44e8097dbafa1e5857ab594aa823ec82f8ff46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 7 Nov 2024 11:45:37 +0100 Subject: [PATCH 350/494] Add forgotten patch [skip changelog] --- 34707.patch | 233 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 233 insertions(+) create mode 100644 34707.patch diff --git a/34707.patch b/34707.patch new file mode 100644 index 0000000..5d8e278 --- /dev/null +++ b/34707.patch @@ -0,0 +1,233 @@ +From da81a108653e2ef19102698dbc0184bd18b084d9 Mon Sep 17 00:00:00 2001 +From: Mike Yuan +Date: Thu, 10 Oct 2024 21:16:05 +0200 +Subject: [PATCH 1/4] core/manager: still send out STATUS=Ready for user + manager + +This effectively reverts 37d15cd132f3a8a0bf42fb252c1604e804171ff2. + +The offending commit wrongly assumed that the second READY=1 +notification is for system scope only, but it also serves the purpose +of flushing out previous STATUS= containing user unit job status. +--- + src/core/manager.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 2789f0e3d0c9c..456ad46135b72 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -3885,7 +3885,7 @@ static void manager_notify_finished(Manager *m) { + log_taint_string(m); + } + +-static void manager_send_ready_user_scope(Manager *m) { ++static void manager_send_ready_on_basic_target(Manager *m) { + int r; + + assert(m); +@@ -3904,18 +3904,18 @@ static void manager_send_ready_user_scope(Manager *m) { + m->status_ready = false; + } + +-static void manager_send_ready_system_scope(Manager *m) { ++static void manager_send_ready_on_idle(Manager *m) { + int r; + + assert(m); + +- if (!MANAGER_IS_SYSTEM(m)) +- return; +- + /* Skip the notification if nothing changed. */ + if (m->ready_sent && m->status_ready) + return; + ++ /* Note that for user managers, we might have already sent READY=1 in manager_send_ready_user_scope(). ++ * But we still need to flush STATUS=. The second READY=1 will be treated as a noop so it doesn't ++ * hurt to send it twice. */ + r = sd_notify(/* unset_environment= */ false, + "READY=1\n" + "STATUS=Ready."); +@@ -3940,7 +3940,7 @@ static void manager_check_basic_target(Manager *m) { + return; + + /* For user managers, send out READY=1 as soon as we reach basic.target */ +- manager_send_ready_user_scope(m); ++ manager_send_ready_on_basic_target(m); + + /* Log the taint string as soon as we reach basic.target */ + log_taint_string(m); +@@ -3971,7 +3971,7 @@ void manager_check_finished(Manager *m) { + if (hashmap_buckets(m->jobs) > hashmap_size(m->units) / 10) + m->jobs = hashmap_free(m->jobs); + +- manager_send_ready_system_scope(m); ++ manager_send_ready_on_idle(m); + + /* Notify Type=idle units that we are done now */ + manager_close_idle_pipe(m); + +From 155098a702c4f6de6b1dca534661492625773fed Mon Sep 17 00:00:00 2001 +From: Mike Yuan +Date: Thu, 10 Oct 2024 21:06:35 +0200 +Subject: [PATCH 2/4] core/manager-serialize: drop serialization for + Manager.ready_sent + +This field indicates whether READY=1 has been sent to +the service manager/supervisor. Whenever we reload/reexec/soft-reboot, +manager_send_reloading() always resets it to false first, +so that READY=1 is sent after reloading finishes. Hence +we utterly get "false" at all times. Kill it. +--- + src/core/manager-serialize.c | 12 +----------- + 1 file changed, 1 insertion(+), 11 deletions(-) + +diff --git a/src/core/manager-serialize.c b/src/core/manager-serialize.c +index 62dfce93a0a85..3f624619dfd19 100644 +--- a/src/core/manager-serialize.c ++++ b/src/core/manager-serialize.c +@@ -92,7 +92,6 @@ int manager_serialize( + (void) serialize_item_format(f, "current-job-id", "%" PRIu32, m->current_job_id); + (void) serialize_item_format(f, "n-installed-jobs", "%u", m->n_installed_jobs); + (void) serialize_item_format(f, "n-failed-jobs", "%u", m->n_failed_jobs); +- (void) serialize_bool(f, "ready-sent", m->ready_sent); + (void) serialize_bool(f, "taint-logged", m->taint_logged); + (void) serialize_bool(f, "service-watchdogs", m->service_watchdogs); + +@@ -356,15 +355,6 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { + else + m->n_failed_jobs += n; + +- } else if ((val = startswith(l, "ready-sent="))) { +- int b; +- +- b = parse_boolean(val); +- if (b < 0) +- log_notice("Failed to parse ready-sent flag '%s', ignoring.", val); +- else +- m->ready_sent = m->ready_sent || b; +- + } else if ((val = startswith(l, "taint-logged="))) { + int b; + +@@ -558,7 +548,7 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { + + if (q < _MANAGER_TIMESTAMP_MAX) /* found it */ + (void) deserialize_dual_timestamp(val, m->timestamps + q); +- else if (!STARTSWITH_SET(l, "kdbus-fd=", "honor-device-enumeration=")) /* ignore deprecated values */ ++ else if (!STARTSWITH_SET(l, "kdbus-fd=", "honor-device-enumeration=", "ready-sent=")) /* ignore deprecated values */ + log_notice("Unknown serialization item '%s', ignoring.", l); + } + } + +From a375e145190482e8a2f0971bffb332e31211622f Mon Sep 17 00:00:00 2001 +From: Mike Yuan +Date: Thu, 10 Oct 2024 21:32:17 +0200 +Subject: [PATCH 3/4] units/{user,capsule}@.service: issue daemon-reexec when + notify-reloading + +Closes #28367 (but not really in the exact form, see below) + +We have the problem of restarting all user manager instances +after upgrade. Current approaches involve systemctl kill +with SIGRTMIN+25, which is async and feels rather ugly [1][2]; +or systemctl --machine=user@ --user, which requires entering +each user session. Neither is particularly elegant. +Instead, let's just signal daemon-reexec when user@.service +is reloaded from system manager. Our long goal of dropping +daemon-reload in favor of reexec (see TODO) is unlikely to happen +due to user dbus restrictions, but here the synchronization +is done via READY=1. + +[1] https://gitlab.archlinux.org/archlinux/packaging/packages/systemd/-/blob/main/systemd.install?ref_type=heads#L37 +[2] https://salsa.debian.org/systemd-team/systemd/-/blob/debian/master/debian/systemd.postinst#L24 + +#28367 would not really work for us now I come to think about it, +because all processes will be reparented to pid1 as soon as +original user manager process exits. This alternative approach +seems good enough for our use case. +--- + units/capsule@.service.in | 4 ++++ + units/user@.service.in | 4 ++++ + 2 files changed, 8 insertions(+) + +diff --git a/units/capsule@.service.in b/units/capsule@.service.in +index f2bb9e3a45a83..a64298786e490 100644 +--- a/units/capsule@.service.in ++++ b/units/capsule@.service.in +@@ -23,6 +23,10 @@ StateDirectory=capsules/%i + RuntimeDirectory=capsules/%i + LogExtraFields=CAPSULE=%i + Slice=capsule.slice ++# Reexecute the manager on service reload, instead of reloading. ++# This provides a synchronous method for restarting all user manager ++# instances after upgrade. ++ReloadSignal=RTMIN+25 + KillMode=mixed + Delegate=pids memory cpu + DelegateSubgroup=init.scope +diff --git a/units/user@.service.in b/units/user@.service.in +index 5695465747217..381ab2a0db54e 100644 +--- a/units/user@.service.in ++++ b/units/user@.service.in +@@ -20,6 +20,10 @@ PAMName=systemd-user + Type=notify-reload + ExecStart={{LIBEXECDIR}}/systemd --user + Slice=user-%i.slice ++# Reexecute the manager on service reload, instead of reloading. ++# This provides a synchronous method for restarting all user manager ++# instances after upgrade. ++ReloadSignal=RTMIN+25 + KillMode=mixed + Delegate=pids memory cpu + DelegateSubgroup=init.scope + +From 2d0af8bc354f4a1429cebedfb387af72c88720a0 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 10 Oct 2024 22:37:39 +0200 +Subject: [PATCH 4/4] rpm/systemd-update-helper: Use systemctl reload to + reexec/reload user managers + +Let's always use systemctl reload to reexec and reload user managers +now that it always implies a reexec. This moves all the job management +logic to pid 1 instead of bash and reduces the complexity of the logic +as we remove systemd-run, pam and systemd-stdio-bridge from the equation. +--- + src/rpm/systemd-update-helper.in | 20 ++++---------------- + 1 file changed, 4 insertions(+), 16 deletions(-) + +diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in +index c81e16c3d3ffb..8af914935261a 100755 +--- a/src/rpm/systemd-update-helper.in ++++ b/src/rpm/systemd-update-helper.in +@@ -107,25 +107,13 @@ case "$command" in + + [ -d /run/systemd/system ] || exit 0 + +- users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') +- +- if [[ "$command" =~ reexec ]]; then +- for user in $users; do +- SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ +- systemctl --user -M "$user@" daemon-reexec & +- done +- wait +- fi +- +- if [[ "$command" =~ reload ]]; then +- for user in $users; do +- SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ +- systemctl --user -M "$user@" daemon-reload & +- done +- wait ++ if [[ "$command" =~ reexec|reload ]]; then ++ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s systemctl reload "user@*.service" + fi + + if [[ "$command" =~ restart ]]; then ++ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') ++ + for user in $users; do + SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ + systemctl --user -M "$user@" reload-or-restart --marked & From 8dafa3810b3cec0dd297b8686fb4a00c6972712e Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Wed, 6 Nov 2024 14:29:38 -0500 Subject: [PATCH 351/494] Disable OpenSSL v3 ENGINE on RHEL RHEL 10+ does not provide and defines OPENSSL_NO_ENGINE. https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 78db443..f3e717e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -172,7 +172,7 @@ BuildRequires: libcurl-devel BuildRequires: kmod-devel BuildRequires: elfutils-devel BuildRequires: openssl-devel -%if 0%{?fedora} >= 41 || 0%{?rhel} >= 11 +%if 0%{?fedora} >= 41 BuildRequires: openssl-devel-engine %endif %if %{with gnutls} From 834ba50e798a42be20b00d4553ba2ddb91f7ffd0 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 3 Oct 2024 16:42:29 +0200 Subject: [PATCH 352/494] Use %posttrans instead of %postun to restart services Anything we put in a %postun script needs two releases of the rpm before it is invoked. The reason for using %postun to restart services is because it runs after the old version has been removed so we can be sure all remaining dropins and such files from the old version have been removed. %posttrans gives us the same guarantee but the %posttrans of the new version will run on install and upgrade which means the changes will be applied immediately instead of having to release twice before the changes take effect. We define the systemd_posttrans_with_restart macro in the spec because we can't use the upstream one as we ship it ourselves. --- systemd.spec | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/systemd.spec b/systemd.spec index f3e717e..6a962cd 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1039,6 +1039,16 @@ meson test -C %{_vpath_builddir} -t 6 --print-errorlogs %include %{SOURCE1} +# This macro is newly added upstream so we can't rely on it being always being available +# in the systemd-rpm-macros yet so we define it ourselves. +%global systemd_posttrans_with_restart() \ +%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_posttrans_with_restart}} \ +if [ $1 -ge 2 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then \ + # Package upgrade, not install \ + /usr/lib/systemd/systemd-update-helper mark-restart-system-units %* || : \ +fi \ +%{nil} + %post systemd-machine-id-setup &>/dev/null || : @@ -1062,8 +1072,8 @@ systemd-tmpfiles --create &>/dev/null || : systemctl preset-all &>/dev/null || : systemctl --global preset-all &>/dev/null || : -%postun -if [ $1 -ge 1 ]; then +%posttrans +if [ $1 -ge 2 ]; then [ -w %{_localstatedir} ] && journalctl --update-catalog || : systemctl daemon-reexec || : @@ -1071,13 +1081,13 @@ if [ $1 -ge 1 ]; then systemd-tmpfiles --create &>/dev/null || : fi -%systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service +%systemd_posttrans_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service # FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558) # This is the expanded form of %%systemd_user_daemon_reexec. We # can't use the macro because we define it ourselves. -if [ $1 -ge 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then +if [ $1 -ge 2 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then # Package upgrade, not uninstall /usr/lib/systemd/systemd-update-helper user-reexec || : fi @@ -1124,11 +1134,10 @@ grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null && %preun udev %systemd_preun %udev_services -%postun udev +%posttrans udev # Restart some services. # Others are either oneshot services, or sockets, and restarting them causes issues (#1378974) -%systemd_postun_with_restart systemd-udevd.service systemd-timesyncd.service - +%systemd_posttrans_with_restart systemd-udevd.service systemd-timesyncd.service %global journal_remote_units_restart systemd-journal-gatewayd.service systemd-journal-remote.service systemd-journal-upload.service %global journal_remote_units_norestart systemd-journal-gatewayd.socket systemd-journal-remote.socket @@ -1146,8 +1155,8 @@ if [ $1 -eq 1 ] ; then fi fi -%postun journal-remote -%systemd_postun_with_restart %journal_remote_units_restart +%posttrans journal-remote +%systemd_posttrans_with_restart %journal_remote_units_restart %firewalld_reload %post networkd @@ -1169,9 +1178,8 @@ fi %preun networkd %systemd_preun systemd-networkd.service systemd-networkd-wait-online.service -%postun networkd -%systemd_postun_with_restart systemd-networkd.service -%systemd_postun systemd-networkd-wait-online.service +%posttrans networkd +%systemd_posttrans_with_restart systemd-networkd.service %post resolved [ $1 -eq 1 ] || exit 0 @@ -1200,10 +1208,8 @@ if [ $1 -eq 0 ] ; then fi fi -%postun resolved -%systemd_postun_with_restart systemd-resolved.service - %posttrans resolved +%systemd_posttrans_with_restart systemd-resolved.service [ -e %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation ] || exit 0 rm %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation # Initial installation From ea947ce068a67be565245a295db738d66c4af954 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 7 Nov 2024 16:13:20 +0100 Subject: [PATCH 353/494] Version 257~rc1 --- ...-tmpfiles-make-purge-hard-to-mis-use.patch | 27 +- 33738.patch | 37 --- 34707.patch | 233 ------------------ systemd.spec | 8 +- 4 files changed, 15 insertions(+), 290 deletions(-) delete mode 100644 33738.patch delete mode 100644 34707.patch diff --git a/0001-tmpfiles-make-purge-hard-to-mis-use.patch b/0001-tmpfiles-make-purge-hard-to-mis-use.patch index 033b575..79964e8 100644 --- a/0001-tmpfiles-make-purge-hard-to-mis-use.patch +++ b/0001-tmpfiles-make-purge-hard-to-mis-use.patch @@ -1,4 +1,4 @@ -From 1e788a7fb535a37a8268aa7dc5130f670eb72a6b Mon Sep 17 00:00:00 2001 +From 45cfee930ab4067348cea5244c9c2dc31c64d14d Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 23 Jul 2024 13:14:05 +0200 Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use @@ -10,10 +10,10 @@ Follow-up for https://github.com/systemd/systemd/pull/33383. 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c -index 8cc8c1ccd6..14048545db 100644 +index 5a4f989668..c5b544f1df 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c -@@ -4197,6 +4197,7 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4213,6 +4213,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_IMAGE_POLICY, ARG_REPLACE, ARG_DRY_RUN, @@ -21,7 +21,7 @@ index 8cc8c1ccd6..14048545db 100644 ARG_NO_PAGER, }; -@@ -4220,10 +4221,18 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4236,10 +4237,18 @@ static int parse_argv(int argc, char *argv[]) { { "replace", required_argument, NULL, ARG_REPLACE }, { "dry-run", no_argument, NULL, ARG_DRY_RUN }, { "no-pager", no_argument, NULL, ARG_NO_PAGER }, @@ -40,7 +40,7 @@ index 8cc8c1ccd6..14048545db 100644 assert(argc >= 0); assert(argv); -@@ -4330,6 +4339,10 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4346,6 +4355,10 @@ static int parse_argv(int argc, char *argv[]) { arg_dry_run = true; break; @@ -51,7 +51,7 @@ index 8cc8c1ccd6..14048545db 100644 case ARG_NO_PAGER: arg_pager_flags |= PAGER_DISABLE; break; -@@ -4349,6 +4362,10 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4365,6 +4378,10 @@ static int parse_argv(int argc, char *argv[]) { return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Refusing --purge without specification of a configuration file."); @@ -63,26 +63,27 @@ index 8cc8c1ccd6..14048545db 100644 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Option --replace= is not supported with --cat-config/--tldr."); diff --git a/test/units/TEST-22-TMPFILES.18.sh b/test/units/TEST-22-TMPFILES.18.sh -index 5d24197c81..de23bbb95f 100755 +index c81f6bd0ef..dd536172d4 100755 --- a/test/units/TEST-22-TMPFILES.18.sh +++ b/test/units/TEST-22-TMPFILES.18.sh -@@ -21,7 +21,7 @@ systemd-tmpfiles --purge --dry-run - <<<"$c" - test -f /tmp/somedir/somefile +@@ -24,7 +24,7 @@ test -f /tmp/somedir/somefile grep -q baz /tmp/somedir/somefile + grep -q qux /tmp/someotherfile -systemd-tmpfiles --purge - <<<"$c" +systemd-tmpfiles --purge --destroy-data - <<<"$c" test ! -f /tmp/somedir/somefile test ! -d /tmp/somedir/ - -@@ -29,6 +29,6 @@ systemd-tmpfiles --create --purge --dry-run - <<<"$c" - test ! -f /tmp/somedir/somefile + grep -q qux /tmp/someotherfile +@@ -34,7 +34,7 @@ test ! -f /tmp/somedir/somefile test ! -d /tmp/somedir/ + grep -q qux /tmp/someotherfile -systemd-tmpfiles --create --purge - <<<"$c" +systemd-tmpfiles --create --destroy-data --purge - <<<"$c" test -f /tmp/somedir/somefile grep -q baz /tmp/somedir/somefile + grep -q qux /tmp/someotherfile -- -2.45.2 +2.47.0 diff --git a/33738.patch b/33738.patch deleted file mode 100644 index 58ab604..0000000 --- a/33738.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 69c5d6bea7cc2168a2a483d232aa9a77202173f0 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Tue, 16 Jul 2024 17:46:09 +0200 -Subject: [PATCH] rules: Add uaccess tag to /dev/udmabuf - -In some cases userspace may need to create dmabuffers from userspace -on such example is the software ISP part of libcamera which needs to -allocate dma-buffers for the output of the software ISP. - -At first the plan was to allow console users access to /dev/dma_heap/*, -this was discussed with various kernel folks here: -https://lore.kernel.org/all/bb372250-e8b8-4458-bc99-dd8365b06991@redhat.com/ - -Giving console users access to the dma_heap's was deemed a bad idea -because memory allocated this way is not accounted in cgroup limits. - -Giving access to /dev/udmabuf OTOH was deemed acceptable so that -is what this patch adds. - -Resolves: #32662 ---- - rules.d/70-uaccess.rules.in | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/rules.d/70-uaccess.rules.in b/rules.d/70-uaccess.rules.in -index b82ce04a39d38..e683bb1114461 100644 ---- a/rules.d/70-uaccess.rules.in -+++ b/rules.d/70-uaccess.rules.in -@@ -34,6 +34,8 @@ SUBSYSTEM=="sound", TAG+="uaccess", \ - SUBSYSTEM=="video4linux", TAG+="uaccess" - SUBSYSTEM=="dvb", TAG+="uaccess" - SUBSYSTEM=="media", TAG+="uaccess" -+# libcamera software ISP used with some cams requires udmabuf access -+KERNEL=="udmabuf", TAG+="uaccess" - - # industrial cameras, some webcams, camcorders, set-top boxes, TV sets, audio devices, and more - SUBSYSTEM=="firewire", TEST=="units", ENV{IEEE1394_UNIT_FUNCTION_MIDI}=="1", TAG+="uaccess" diff --git a/34707.patch b/34707.patch deleted file mode 100644 index 5d8e278..0000000 --- a/34707.patch +++ /dev/null @@ -1,233 +0,0 @@ -From da81a108653e2ef19102698dbc0184bd18b084d9 Mon Sep 17 00:00:00 2001 -From: Mike Yuan -Date: Thu, 10 Oct 2024 21:16:05 +0200 -Subject: [PATCH 1/4] core/manager: still send out STATUS=Ready for user - manager - -This effectively reverts 37d15cd132f3a8a0bf42fb252c1604e804171ff2. - -The offending commit wrongly assumed that the second READY=1 -notification is for system scope only, but it also serves the purpose -of flushing out previous STATUS= containing user unit job status. ---- - src/core/manager.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/src/core/manager.c b/src/core/manager.c -index 2789f0e3d0c9c..456ad46135b72 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -3885,7 +3885,7 @@ static void manager_notify_finished(Manager *m) { - log_taint_string(m); - } - --static void manager_send_ready_user_scope(Manager *m) { -+static void manager_send_ready_on_basic_target(Manager *m) { - int r; - - assert(m); -@@ -3904,18 +3904,18 @@ static void manager_send_ready_user_scope(Manager *m) { - m->status_ready = false; - } - --static void manager_send_ready_system_scope(Manager *m) { -+static void manager_send_ready_on_idle(Manager *m) { - int r; - - assert(m); - -- if (!MANAGER_IS_SYSTEM(m)) -- return; -- - /* Skip the notification if nothing changed. */ - if (m->ready_sent && m->status_ready) - return; - -+ /* Note that for user managers, we might have already sent READY=1 in manager_send_ready_user_scope(). -+ * But we still need to flush STATUS=. The second READY=1 will be treated as a noop so it doesn't -+ * hurt to send it twice. */ - r = sd_notify(/* unset_environment= */ false, - "READY=1\n" - "STATUS=Ready."); -@@ -3940,7 +3940,7 @@ static void manager_check_basic_target(Manager *m) { - return; - - /* For user managers, send out READY=1 as soon as we reach basic.target */ -- manager_send_ready_user_scope(m); -+ manager_send_ready_on_basic_target(m); - - /* Log the taint string as soon as we reach basic.target */ - log_taint_string(m); -@@ -3971,7 +3971,7 @@ void manager_check_finished(Manager *m) { - if (hashmap_buckets(m->jobs) > hashmap_size(m->units) / 10) - m->jobs = hashmap_free(m->jobs); - -- manager_send_ready_system_scope(m); -+ manager_send_ready_on_idle(m); - - /* Notify Type=idle units that we are done now */ - manager_close_idle_pipe(m); - -From 155098a702c4f6de6b1dca534661492625773fed Mon Sep 17 00:00:00 2001 -From: Mike Yuan -Date: Thu, 10 Oct 2024 21:06:35 +0200 -Subject: [PATCH 2/4] core/manager-serialize: drop serialization for - Manager.ready_sent - -This field indicates whether READY=1 has been sent to -the service manager/supervisor. Whenever we reload/reexec/soft-reboot, -manager_send_reloading() always resets it to false first, -so that READY=1 is sent after reloading finishes. Hence -we utterly get "false" at all times. Kill it. ---- - src/core/manager-serialize.c | 12 +----------- - 1 file changed, 1 insertion(+), 11 deletions(-) - -diff --git a/src/core/manager-serialize.c b/src/core/manager-serialize.c -index 62dfce93a0a85..3f624619dfd19 100644 ---- a/src/core/manager-serialize.c -+++ b/src/core/manager-serialize.c -@@ -92,7 +92,6 @@ int manager_serialize( - (void) serialize_item_format(f, "current-job-id", "%" PRIu32, m->current_job_id); - (void) serialize_item_format(f, "n-installed-jobs", "%u", m->n_installed_jobs); - (void) serialize_item_format(f, "n-failed-jobs", "%u", m->n_failed_jobs); -- (void) serialize_bool(f, "ready-sent", m->ready_sent); - (void) serialize_bool(f, "taint-logged", m->taint_logged); - (void) serialize_bool(f, "service-watchdogs", m->service_watchdogs); - -@@ -356,15 +355,6 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { - else - m->n_failed_jobs += n; - -- } else if ((val = startswith(l, "ready-sent="))) { -- int b; -- -- b = parse_boolean(val); -- if (b < 0) -- log_notice("Failed to parse ready-sent flag '%s', ignoring.", val); -- else -- m->ready_sent = m->ready_sent || b; -- - } else if ((val = startswith(l, "taint-logged="))) { - int b; - -@@ -558,7 +548,7 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { - - if (q < _MANAGER_TIMESTAMP_MAX) /* found it */ - (void) deserialize_dual_timestamp(val, m->timestamps + q); -- else if (!STARTSWITH_SET(l, "kdbus-fd=", "honor-device-enumeration=")) /* ignore deprecated values */ -+ else if (!STARTSWITH_SET(l, "kdbus-fd=", "honor-device-enumeration=", "ready-sent=")) /* ignore deprecated values */ - log_notice("Unknown serialization item '%s', ignoring.", l); - } - } - -From a375e145190482e8a2f0971bffb332e31211622f Mon Sep 17 00:00:00 2001 -From: Mike Yuan -Date: Thu, 10 Oct 2024 21:32:17 +0200 -Subject: [PATCH 3/4] units/{user,capsule}@.service: issue daemon-reexec when - notify-reloading - -Closes #28367 (but not really in the exact form, see below) - -We have the problem of restarting all user manager instances -after upgrade. Current approaches involve systemctl kill -with SIGRTMIN+25, which is async and feels rather ugly [1][2]; -or systemctl --machine=user@ --user, which requires entering -each user session. Neither is particularly elegant. -Instead, let's just signal daemon-reexec when user@.service -is reloaded from system manager. Our long goal of dropping -daemon-reload in favor of reexec (see TODO) is unlikely to happen -due to user dbus restrictions, but here the synchronization -is done via READY=1. - -[1] https://gitlab.archlinux.org/archlinux/packaging/packages/systemd/-/blob/main/systemd.install?ref_type=heads#L37 -[2] https://salsa.debian.org/systemd-team/systemd/-/blob/debian/master/debian/systemd.postinst#L24 - -#28367 would not really work for us now I come to think about it, -because all processes will be reparented to pid1 as soon as -original user manager process exits. This alternative approach -seems good enough for our use case. ---- - units/capsule@.service.in | 4 ++++ - units/user@.service.in | 4 ++++ - 2 files changed, 8 insertions(+) - -diff --git a/units/capsule@.service.in b/units/capsule@.service.in -index f2bb9e3a45a83..a64298786e490 100644 ---- a/units/capsule@.service.in -+++ b/units/capsule@.service.in -@@ -23,6 +23,10 @@ StateDirectory=capsules/%i - RuntimeDirectory=capsules/%i - LogExtraFields=CAPSULE=%i - Slice=capsule.slice -+# Reexecute the manager on service reload, instead of reloading. -+# This provides a synchronous method for restarting all user manager -+# instances after upgrade. -+ReloadSignal=RTMIN+25 - KillMode=mixed - Delegate=pids memory cpu - DelegateSubgroup=init.scope -diff --git a/units/user@.service.in b/units/user@.service.in -index 5695465747217..381ab2a0db54e 100644 ---- a/units/user@.service.in -+++ b/units/user@.service.in -@@ -20,6 +20,10 @@ PAMName=systemd-user - Type=notify-reload - ExecStart={{LIBEXECDIR}}/systemd --user - Slice=user-%i.slice -+# Reexecute the manager on service reload, instead of reloading. -+# This provides a synchronous method for restarting all user manager -+# instances after upgrade. -+ReloadSignal=RTMIN+25 - KillMode=mixed - Delegate=pids memory cpu - DelegateSubgroup=init.scope - -From 2d0af8bc354f4a1429cebedfb387af72c88720a0 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 10 Oct 2024 22:37:39 +0200 -Subject: [PATCH 4/4] rpm/systemd-update-helper: Use systemctl reload to - reexec/reload user managers - -Let's always use systemctl reload to reexec and reload user managers -now that it always implies a reexec. This moves all the job management -logic to pid 1 instead of bash and reduces the complexity of the logic -as we remove systemd-run, pam and systemd-stdio-bridge from the equation. ---- - src/rpm/systemd-update-helper.in | 20 ++++---------------- - 1 file changed, 4 insertions(+), 16 deletions(-) - -diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in -index c81e16c3d3ffb..8af914935261a 100755 ---- a/src/rpm/systemd-update-helper.in -+++ b/src/rpm/systemd-update-helper.in -@@ -107,25 +107,13 @@ case "$command" in - - [ -d /run/systemd/system ] || exit 0 - -- users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') -- -- if [[ "$command" =~ reexec ]]; then -- for user in $users; do -- SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ -- systemctl --user -M "$user@" daemon-reexec & -- done -- wait -- fi -- -- if [[ "$command" =~ reload ]]; then -- for user in $users; do -- SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ -- systemctl --user -M "$user@" daemon-reload & -- done -- wait -+ if [[ "$command" =~ reexec|reload ]]; then -+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s systemctl reload "user@*.service" - fi - - if [[ "$command" =~ restart ]]; then -+ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p') -+ - for user in $users; do - SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ - systemctl --user -M "$user@" reload-or-restart --marked & diff --git a/systemd.spec b/systemd.spec index 6a962cd..6d2f175 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256.7} +Version: %{?version_override}%{!?version_override:257~rc1} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -114,12 +114,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ Patch0010: https://github.com/systemd/systemd/pull/26494.patch %endif -# Requested in https://bugzilla.redhat.com/show_bug.cgi?id=2298422 -Patch0011: https://github.com/systemd/systemd/pull/33738.patch - -# Simplify user manager upgrades -Patch0012: https://github.com/systemd/systemd/pull/34707.patch - # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch From 0c236cedb9e18fbbf8962aa418d3036a94834159 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 7 Nov 2024 17:14:33 +0100 Subject: [PATCH 354/494] Upload sources [skip changelog] --- sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources b/sources index db248bb..9708ba2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256.7.tar.gz) = 2ff3805a7d97780a716b23ddeea3722a85aba6326ecee527e53e9d35510a0ffa5ec0bf0cdbf8f3409bb9c6832406916f63eb7e8305db5f67c284e5590c642422 +SHA512 (systemd-257-rc1.tar.gz) = c0326d27fed08af116a27309872a00aa85bc91445c17c4b15a17c1c27f5b40277074c3424c8654fc555cdfda42872a4720595a46e99ea00b86434a2ad6015c92 From 6162965002f9e6052e0ce8d6810028da4679e55a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 14 Nov 2024 11:21:39 +0100 Subject: [PATCH 355/494] Disable freezing of user sessions ... (rhbz#2321268) --- systemd.spec | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/systemd.spec b/systemd.spec index 6d2f175..3eebc2f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1019,6 +1019,15 @@ mv %{buildroot}/usr/lib/tmpfiles.d/20-systemd-userdb.conf{,.example} install -m 0644 -t %{buildroot}%{_prefix}/lib/pam.d/ %{SOURCE26} +# Disable freezing of user sessions while we're working out the details. +mkdir -p %{buildroot}/usr/lib/systemd/system/service.d/ +cat >>%{buildroot}/usr/lib/systemd/system/service.d/50-keep-warm.conf < Date: Fri, 15 Nov 2024 21:42:10 +0100 Subject: [PATCH 356/494] Version 257~rc2 - Changes in systemd-measure, systemd-networkd, documentation, systemd-sysupdated, systemd-sbsign, systemd-boot, systemd-stub, systemd-nspawn, run0, ukify - Hardware database update --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 9708ba2..c30dd34 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257-rc1.tar.gz) = c0326d27fed08af116a27309872a00aa85bc91445c17c4b15a17c1c27f5b40277074c3424c8654fc555cdfda42872a4720595a46e99ea00b86434a2ad6015c92 +SHA512 (systemd-257-rc2.tar.gz) = 31e4e01a2df738fddbe609ffcff97452ddaa0829521f063b981e628c4616d77ced32bcf29fdfb5cd68562d774627ab25e854156eade249bad31d968be31b2efd diff --git a/systemd.spec b/systemd.spec index 3eebc2f..8f83d67 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:257~rc1} +Version: %{?version_override}%{!?version_override:257~rc2} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From 7bd1d09f7fd16d20a041de0eb9af7cc8dbef6a99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 15 Nov 2024 22:05:21 +0100 Subject: [PATCH 357/494] Change sysusers u! lines to u because we don't have support in rpm --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index 8f83d67..9503f7e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -689,6 +689,10 @@ main systemd package and is meant for use in exitrds. %autosetup -n %{name}-%{version_no_tilde} -p1 %endif +# Disable user lockdown until rpm implements it natively. +# https://github.com/rpm-software-management/rpm/issues/3450 +sed -r -i 's/^u!/u/' sysusers.d/*.conf* + %build %global ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} From 37c10f5b0337af1efeaa33296b31a8c1a6bdc2b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 19 Nov 2024 13:16:16 +0100 Subject: [PATCH 358/494] Pull in qemu from systemd-container Based on https://gitlab.archlinux.org/archlinux/packaging/packages/systemd/-/issues/27. --- systemd.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 9503f7e..0447dd5 100644 --- a/systemd.spec +++ b/systemd.spec @@ -540,7 +540,11 @@ Requires: %{name}%{_isa} = %{version}-%{release} Requires(post): systemd%{_isa} = %{version}-%{release} Requires(preun): systemd%{_isa} = %{version}-%{release} Requires(postun): systemd%{_isa} = %{version}-%{release} -# obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) +# For systemd-vmspawn which uses qemu: +Recommends: qemu-kvm +Recommends: qemu-device-display-virtio-gpu +Recommends: qemu-device-display-virtio-vga +# Obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) Obsoletes: %{name} < 229-5 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) Suggests: libcurl-minimal From 243a05542994b2b39d8d2fd521be748ece734eab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 26 Nov 2024 10:04:35 +0100 Subject: [PATCH 359/494] Make systemd-network-generator co-owned by -udev and -networkd ... (rhbz#2328723) The files systemd-networkd-generator generates are read by udev (.link files) and by networkd (.netdev, .netdev files). We can't move it to systemd-networkd subpackage only, because that would potentially break the corner case of people having systemd-udev installed and using the generator, but not systemd-networkd. And there is no dependency from systemd-networkd to systemd-udev. I think this is correct, because networkd can be used in containers without udev. But the generator is not useful without either of those two daemons, so let's move it to make the core package a bit lighter. --- split-files.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/split-files.py b/split-files.py index 51400fd..b08c2bd 100644 --- a/split-files.py +++ b/split-files.py @@ -154,6 +154,9 @@ for file in files(buildroot): and os.path.exists(f'./{n}.example')): o = outputs['networkd-defaults'] + # Files that are "consumed" by systemd-networkd go into the -networkd + # subpackage. As a special case, network-generator is co-owned also by + # the -udev subpackage because systemd-udevd reads .link files. elif re.search(r'''/usr/lib/systemd/network/.*\.network| networkd| networkctl| @@ -164,6 +167,8 @@ for file in files(buildroot): systemd\.netdev ''', n, re.X): o = outputs['networkd'] + elif 'network-generator' in n: + o = (outputs['networkd'], outputs['udev']) elif '.so.' in n: o = outputs['libs'] @@ -255,7 +260,10 @@ for file in files(buildroot): suffix = '*' if '/man/' in n else '' - print(f'{prefix}{n}{suffix}', file=o) + if not isinstance(o, tuple): + o = (o,) + for file in o: + print(f'{prefix}{n}{suffix}', file=file) if [print(f'ERROR: no file names were written to {o.name}') for name, o in outputs.items() From 04f0a692da310691844c8313b2649b99dfab61e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 28 Nov 2024 00:17:19 +0100 Subject: [PATCH 360/494] Version 257~rc3 - A bunch of small fixes here and there: virtualization detection, udev, systemd-networked, pid1. - Includes a hardware database update. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index c30dd34..a2bd4e2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257-rc2.tar.gz) = 31e4e01a2df738fddbe609ffcff97452ddaa0829521f063b981e628c4616d77ced32bcf29fdfb5cd68562d774627ab25e854156eade249bad31d968be31b2efd +SHA512 (systemd-257-rc3.tar.gz) = 28235d685187a2dc1534d0cea6b4ccba7965316aa8023a656301dd1c555366b65ce227f7a2d05cf8a6c03e3a5ef65280f6b32d99b67eb3111781583b00ba31c8 diff --git a/systemd.spec b/systemd.spec index 0447dd5..891d905 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:257~rc2} +Version: %{?version_override}%{!?version_override:257~rc3} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From 53cfdea02aa6fdf50730ef2cfab215aa4c74db9d Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 30 Nov 2024 00:00:19 +0900 Subject: [PATCH 361/494] Update tmpfiles --destroy-data patch This adds one more --destroy-data switch to make the test pass. --- 0001-tmpfiles-make-purge-hard-to-mis-use.patch | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/0001-tmpfiles-make-purge-hard-to-mis-use.patch b/0001-tmpfiles-make-purge-hard-to-mis-use.patch index 79964e8..e34df8c 100644 --- a/0001-tmpfiles-make-purge-hard-to-mis-use.patch +++ b/0001-tmpfiles-make-purge-hard-to-mis-use.patch @@ -1,4 +1,4 @@ -From 45cfee930ab4067348cea5244c9c2dc31c64d14d Mon Sep 17 00:00:00 2001 +From 248b69d63068cabd7463c325d2ecc3db3239272e Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 23 Jul 2024 13:14:05 +0200 Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use @@ -6,11 +6,11 @@ Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use Follow-up for https://github.com/systemd/systemd/pull/33383. --- src/tmpfiles/tmpfiles.c | 17 +++++++++++++++++ - test/units/TEST-22-TMPFILES.18.sh | 4 ++-- - 2 files changed, 19 insertions(+), 2 deletions(-) + test/units/TEST-22-TMPFILES.18.sh | 6 +++--- + 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c -index 5a4f989668..c5b544f1df 100644 +index 86bf16356d..539c18f5e0 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -4213,6 +4213,7 @@ static int parse_argv(int argc, char *argv[]) { @@ -63,7 +63,7 @@ index 5a4f989668..c5b544f1df 100644 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Option --replace= is not supported with --cat-config/--tldr."); diff --git a/test/units/TEST-22-TMPFILES.18.sh b/test/units/TEST-22-TMPFILES.18.sh -index c81f6bd0ef..dd536172d4 100755 +index c81f6bd0ef..1eb264a279 100755 --- a/test/units/TEST-22-TMPFILES.18.sh +++ b/test/units/TEST-22-TMPFILES.18.sh @@ -24,7 +24,7 @@ test -f /tmp/somedir/somefile @@ -75,7 +75,7 @@ index c81f6bd0ef..dd536172d4 100755 test ! -f /tmp/somedir/somefile test ! -d /tmp/somedir/ grep -q qux /tmp/someotherfile -@@ -34,7 +34,7 @@ test ! -f /tmp/somedir/somefile +@@ -34,12 +34,12 @@ test ! -f /tmp/somedir/somefile test ! -d /tmp/somedir/ grep -q qux /tmp/someotherfile @@ -84,6 +84,12 @@ index c81f6bd0ef..dd536172d4 100755 test -f /tmp/somedir/somefile grep -q baz /tmp/somedir/somefile grep -q qux /tmp/someotherfile + +-systemd-tmpfiles --purge - <<<"$c" ++systemd-tmpfiles --purge --destroy-data - <<<"$c" + test ! -f /tmp/somedir/somefile + test ! -d /tmp/somedir/ + grep -q qux /tmp/someotherfile -- 2.47.0 From 8dc31eaf041f4ec6e0aa75a3c45d993f49f6c9c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 3 Dec 2024 14:11:24 +0100 Subject: [PATCH 362/494] Recommend qemu-kvm-core instead of qemu-kvm ... (rhbz#2329979) --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 891d905..97b40e3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -541,7 +541,7 @@ Requires(post): systemd%{_isa} = %{version}-%{release} Requires(preun): systemd%{_isa} = %{version}-%{release} Requires(postun): systemd%{_isa} = %{version}-%{release} # For systemd-vmspawn which uses qemu: -Recommends: qemu-kvm +Recommends: qemu-kvm-core Recommends: qemu-device-display-virtio-gpu Recommends: qemu-device-display-virtio-vga # Obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) From 433efb38f49a016733c805b2dba914c39ed99ec8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 4 Dec 2024 11:38:32 +0100 Subject: [PATCH 363/494] Only apply the new Recommends in fedora Our mkosi.conf.d/10-centos-fedora/mkosi.prepare script tries to install the soft dependencies too. The build fails in centos 9 and 10: Error: Unable to find a match: qemu-device-display-virtio-gpu qemu-device-display-virtio-vga [skip changelog] --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 97b40e3..716b31a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -542,8 +542,10 @@ Requires(preun): systemd%{_isa} = %{version}-%{release} Requires(postun): systemd%{_isa} = %{version}-%{release} # For systemd-vmspawn which uses qemu: Recommends: qemu-kvm-core +%if 0%{?fedora} Recommends: qemu-device-display-virtio-gpu Recommends: qemu-device-display-virtio-vga +%endif # Obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) Obsoletes: %{name} < 229-5 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) From 31aaef8e173b34a128bac1a44b5119b782435db3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 5 Dec 2024 12:50:39 +0100 Subject: [PATCH 364/494] Enable slow tests during build The build is slow anyway, so the difference shouldn't matter. But more tests is better. The build logs show that slow tests were disabled. Inspired by https://github.com/systemd/systemd/issues/34471. --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index 716b31a..45da1f7 100644 --- a/systemd.spec +++ b/systemd.spec @@ -727,6 +727,7 @@ VMLINUX_H_PATH=$(%python3 -c '%find_vmlinux_h') CONFIGURE_OPTS=( -Dmode=%[%{with upstream}?"developer":"release"] + -Dslow-tests=true -Dsysvinit-path=/etc/rc.d/init.d -Drc-local=/etc/rc.d/rc.local -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' From c2f5f4a68a3fbc54885c22d42287ed588345b4b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 10 Dec 2024 21:23:13 +0100 Subject: [PATCH 365/494] Version 257 - A bunch of small fixes in various components: systemd itself, systemd-cryptenroll, sd-varlink, sd-boot, documentation, tests - Includes an update of the hardware database --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index a2bd4e2..30a8993 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257-rc3.tar.gz) = 28235d685187a2dc1534d0cea6b4ccba7965316aa8023a656301dd1c555366b65ce227f7a2d05cf8a6c03e3a5ef65280f6b32d99b67eb3111781583b00ba31c8 +SHA512 (systemd-257.tar.gz) = 5f95367e004e44c6a7448d2c0a04d0c4ad90f0e5052b84b362a8886e3d761ef1d5bf9db98408598a75303d18d041beaa0a9bc312c7451ab957b8d1ae7b88678c diff --git a/systemd.spec b/systemd.spec index 45da1f7..1b0ef00 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:257~rc3} +Version: %{?version_override}%{!?version_override:257} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From bd8339bf00caf230a0a620369fe844dc83af7a13 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 16 Dec 2024 03:33:22 +0900 Subject: [PATCH 366/494] sysusers: support new ! line flag for creating fully locked accounts For https://github.com/systemd/systemd/pull/34876. Follow-ups for e42eed4afd6267cd954d393d8eec79e0e7573de0. --- sysusers.generate-pre.sh | 2 +- sysusers.prov | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh index 4a87d53..944abff 100755 --- a/sysusers.generate-pre.sh +++ b/sysusers.generate-pre.sh @@ -69,7 +69,7 @@ parse() { [ -z "$line" ] && continue eval "arr=( $line )" case "${arr[0]}" in - ('u') + ('u'|'u!') if [[ "${arr[2]}" == *":"* ]]; then user "${arr[1]}" "${arr[2]%:*}" "${arr[3]}" "${arr[2]#*:}" "${arr[4]}" "${arr[5]}" else diff --git a/sysusers.prov b/sysusers.prov index f12e929..7b3d704 100755 --- a/sysusers.prov +++ b/sysusers.prov @@ -42,7 +42,7 @@ parse() { [ -z "$line" ] && continue set -- $line case "$1" in - ('u') + ('u'|'u!') process_u "$2" "$3" ;; ('g') From 35e6814ef43aa546222e8fbea18f46e27199498c Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 16 Dec 2024 04:16:57 +0900 Subject: [PATCH 367/494] Add patch for test-time-util --- ...e-util-fix-truncation-of-usec-to-sec.patch | 58 +++++++++++++++++++ systemd.spec | 3 + 2 files changed, 61 insertions(+) create mode 100644 0002-test-time-util-fix-truncation-of-usec-to-sec.patch diff --git a/0002-test-time-util-fix-truncation-of-usec-to-sec.patch b/0002-test-time-util-fix-truncation-of-usec-to-sec.patch new file mode 100644 index 0000000..7b91ac5 --- /dev/null +++ b/0002-test-time-util-fix-truncation-of-usec-to-sec.patch @@ -0,0 +1,58 @@ +From 3f1d499964abb6a4c0141d7ea8f852829880adff Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sat, 14 Dec 2024 16:49:54 +0900 +Subject: [PATCH] test-time-util: fix truncation of usec to sec + +Also +- use ASSERT_XYZ() macros, +- log tzname[] on failure. +--- + src/test/test-time-util.c | 18 +++++++++++------- + 1 file changed, 11 insertions(+), 7 deletions(-) + +diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c +index d761261e24..d717ca94d2 100644 +--- a/src/test/test-time-util.c ++++ b/src/test/test-time-util.c +@@ -393,27 +393,31 @@ TEST(format_timestamp) { + static void test_format_timestamp_impl(usec_t x) { + bool success, override; + const char *xx, *yy; +- usec_t y; ++ usec_t y, x_sec, y_sec; + + xx = FORMAT_TIMESTAMP(x); +- assert_se(xx); +- assert_se(parse_timestamp(xx, &y) >= 0); ++ ASSERT_NOT_NULL(xx); ++ ASSERT_OK(parse_timestamp(xx, &y)); + yy = FORMAT_TIMESTAMP(y); +- assert_se(yy); ++ ASSERT_NOT_NULL(yy); + +- success = (x / USEC_PER_SEC == y / USEC_PER_SEC) && streq(xx, yy); ++ x_sec = x / USEC_PER_SEC; ++ y_sec = y / USEC_PER_SEC; ++ success = (x_sec == y_sec) && streq(xx, yy); + /* Workaround for https://github.com/systemd/systemd/issues/28472 + * and https://github.com/systemd/systemd/pull/35471. */ + override = !success && + (STRPTR_IN_SET(tzname[0], "CAT", "EAT", "WET") || + STRPTR_IN_SET(tzname[1], "CAT", "EAT", "WET")) && +- DIV_ROUND_UP(x > y ? x - y : y - x, USEC_PER_SEC) == 3600; /* 1 hour, ignore fractional second */ ++ (x_sec > y_sec ? x_sec - y_sec : y_sec - x_sec) == 3600; /* 1 hour, ignore fractional second */ + log_full(success ? LOG_DEBUG : override ? LOG_WARNING : LOG_ERR, + "@" USEC_FMT " → %s → @" USEC_FMT " → %s%s", + x, xx, y, yy, + override ? ", ignoring." : ""); + if (!override) { +- assert_se(x / USEC_PER_SEC == y / USEC_PER_SEC); ++ if (!success) ++ log_warning("tzname[0]=\"%s\", tzname[1]=\"%s\"", tzname[0], tzname[1]); ++ ASSERT_EQ(x_sec, y_sec); + ASSERT_STREQ(xx, yy); + } + } +-- +2.47.1 + diff --git a/systemd.spec b/systemd.spec index 1b0ef00..1313d23 100644 --- a/systemd.spec +++ b/systemd.spec @@ -121,6 +121,9 @@ Patch0491: https://github.com/systemd/systemd/pull/30846.patch # Soft-disable tmpfiles --purge until a good use case comes up. Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch +# https://github.com/systemd/systemd/pull/35615 +Patch0493: 0002-test-time-util-fix-truncation-of-usec-to-sec.patch + %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 %endif From 62abb21906759fba1b2120456843329fd9c7423e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 20 Dec 2024 09:05:23 +0100 Subject: [PATCH 368/494] Version 257.1 - A bunch of post-release fixes, incl. for systemd-resolved, tpm2 support, systemd-networkd, systemd-logind, journalct. - Should fix rhbz#2325780. --- ...e-util-fix-truncation-of-usec-to-sec.patch | 58 ------------------- sources | 2 +- systemd.spec | 5 +- 3 files changed, 2 insertions(+), 63 deletions(-) delete mode 100644 0002-test-time-util-fix-truncation-of-usec-to-sec.patch diff --git a/0002-test-time-util-fix-truncation-of-usec-to-sec.patch b/0002-test-time-util-fix-truncation-of-usec-to-sec.patch deleted file mode 100644 index 7b91ac5..0000000 --- a/0002-test-time-util-fix-truncation-of-usec-to-sec.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 3f1d499964abb6a4c0141d7ea8f852829880adff Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 14 Dec 2024 16:49:54 +0900 -Subject: [PATCH] test-time-util: fix truncation of usec to sec - -Also -- use ASSERT_XYZ() macros, -- log tzname[] on failure. ---- - src/test/test-time-util.c | 18 +++++++++++------- - 1 file changed, 11 insertions(+), 7 deletions(-) - -diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c -index d761261e24..d717ca94d2 100644 ---- a/src/test/test-time-util.c -+++ b/src/test/test-time-util.c -@@ -393,27 +393,31 @@ TEST(format_timestamp) { - static void test_format_timestamp_impl(usec_t x) { - bool success, override; - const char *xx, *yy; -- usec_t y; -+ usec_t y, x_sec, y_sec; - - xx = FORMAT_TIMESTAMP(x); -- assert_se(xx); -- assert_se(parse_timestamp(xx, &y) >= 0); -+ ASSERT_NOT_NULL(xx); -+ ASSERT_OK(parse_timestamp(xx, &y)); - yy = FORMAT_TIMESTAMP(y); -- assert_se(yy); -+ ASSERT_NOT_NULL(yy); - -- success = (x / USEC_PER_SEC == y / USEC_PER_SEC) && streq(xx, yy); -+ x_sec = x / USEC_PER_SEC; -+ y_sec = y / USEC_PER_SEC; -+ success = (x_sec == y_sec) && streq(xx, yy); - /* Workaround for https://github.com/systemd/systemd/issues/28472 - * and https://github.com/systemd/systemd/pull/35471. */ - override = !success && - (STRPTR_IN_SET(tzname[0], "CAT", "EAT", "WET") || - STRPTR_IN_SET(tzname[1], "CAT", "EAT", "WET")) && -- DIV_ROUND_UP(x > y ? x - y : y - x, USEC_PER_SEC) == 3600; /* 1 hour, ignore fractional second */ -+ (x_sec > y_sec ? x_sec - y_sec : y_sec - x_sec) == 3600; /* 1 hour, ignore fractional second */ - log_full(success ? LOG_DEBUG : override ? LOG_WARNING : LOG_ERR, - "@" USEC_FMT " → %s → @" USEC_FMT " → %s%s", - x, xx, y, yy, - override ? ", ignoring." : ""); - if (!override) { -- assert_se(x / USEC_PER_SEC == y / USEC_PER_SEC); -+ if (!success) -+ log_warning("tzname[0]=\"%s\", tzname[1]=\"%s\"", tzname[0], tzname[1]); -+ ASSERT_EQ(x_sec, y_sec); - ASSERT_STREQ(xx, yy); - } - } --- -2.47.1 - diff --git a/sources b/sources index 30a8993..165fa9d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.tar.gz) = 5f95367e004e44c6a7448d2c0a04d0c4ad90f0e5052b84b362a8886e3d761ef1d5bf9db98408598a75303d18d041beaa0a9bc312c7451ab957b8d1ae7b88678c +SHA512 (systemd-257.1.tar.gz) = dded7555077f85d0f8106b72cc46604fbe4249452be6b2d55800770b6deb2a3a122697c5a5f23b22dab416e8c050e53fc30d59dfd3bfd7c9fbbdab3162e8ebe5 diff --git a/systemd.spec b/systemd.spec index 1313d23..b9563f2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:257} +Version: %{?version_override}%{!?version_override:257.1} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -121,9 +121,6 @@ Patch0491: https://github.com/systemd/systemd/pull/30846.patch # Soft-disable tmpfiles --purge until a good use case comes up. Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch -# https://github.com/systemd/systemd/pull/35615 -Patch0493: 0002-test-time-util-fix-truncation-of-usec-to-sec.patch - %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 %endif From fc47a92e4a3828d6b3fc7901b481135a87132cd7 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 13 Dec 2024 16:04:18 +0100 Subject: [PATCH 369/494] Re-enable upstream behaviour of systemd-tmpfiles --purge From the 257 release notes: * The --purge switch of systemd-tmpfiles (which was added in v256) has been reworked: it will now only apply to tmpfiles.d/ lines marked with the new "$" flag. This is an incompatible change, and means any tmpfiles.d/ files which shall be used together with --purge need to be updated accordingly. This change has been made to make it harder to accidentally delete too many files when using --purge incorrectly. The feature is now sufficiently hard to misuse that we can drop the patch. --- ...-tmpfiles-make-purge-hard-to-mis-use.patch | 95 ------------------- systemd.spec | 3 - 2 files changed, 98 deletions(-) delete mode 100644 0001-tmpfiles-make-purge-hard-to-mis-use.patch diff --git a/0001-tmpfiles-make-purge-hard-to-mis-use.patch b/0001-tmpfiles-make-purge-hard-to-mis-use.patch deleted file mode 100644 index e34df8c..0000000 --- a/0001-tmpfiles-make-purge-hard-to-mis-use.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 248b69d63068cabd7463c325d2ecc3db3239272e Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Tue, 23 Jul 2024 13:14:05 +0200 -Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use - -Follow-up for https://github.com/systemd/systemd/pull/33383. ---- - src/tmpfiles/tmpfiles.c | 17 +++++++++++++++++ - test/units/TEST-22-TMPFILES.18.sh | 6 +++--- - 2 files changed, 20 insertions(+), 3 deletions(-) - -diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c -index 86bf16356d..539c18f5e0 100644 ---- a/src/tmpfiles/tmpfiles.c -+++ b/src/tmpfiles/tmpfiles.c -@@ -4213,6 +4213,7 @@ static int parse_argv(int argc, char *argv[]) { - ARG_IMAGE_POLICY, - ARG_REPLACE, - ARG_DRY_RUN, -+ ARG_DESTROY_DATA, - ARG_NO_PAGER, - }; - -@@ -4236,10 +4237,18 @@ static int parse_argv(int argc, char *argv[]) { - { "replace", required_argument, NULL, ARG_REPLACE }, - { "dry-run", no_argument, NULL, ARG_DRY_RUN }, - { "no-pager", no_argument, NULL, ARG_NO_PAGER }, -+ -+ /* This is not documented on purpose. -+ * If you think --purge should be allowed without jumping through hoops, -+ * consider opening a bug report with the description of the use case. -+ */ -+ { "destroy-data", no_argument, NULL, ARG_DESTROY_DATA }, -+ - {} - }; - - int c, r; -+ bool destroy_data = false; - - assert(argc >= 0); - assert(argv); -@@ -4346,6 +4355,10 @@ static int parse_argv(int argc, char *argv[]) { - arg_dry_run = true; - break; - -+ case ARG_DESTROY_DATA: -+ destroy_data = true; -+ break; -+ - case ARG_NO_PAGER: - arg_pager_flags |= PAGER_DISABLE; - break; -@@ -4365,6 +4378,10 @@ static int parse_argv(int argc, char *argv[]) { - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Refusing --purge without specification of a configuration file."); - -+ if (FLAGS_SET(arg_operation, OPERATION_PURGE) && !arg_dry_run && !destroy_data) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), -+ "Refusing --purge without --destroy-data."); -+ - if (arg_replace && arg_cat_flags != CAT_CONFIG_OFF) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Option --replace= is not supported with --cat-config/--tldr."); -diff --git a/test/units/TEST-22-TMPFILES.18.sh b/test/units/TEST-22-TMPFILES.18.sh -index c81f6bd0ef..1eb264a279 100755 ---- a/test/units/TEST-22-TMPFILES.18.sh -+++ b/test/units/TEST-22-TMPFILES.18.sh -@@ -24,7 +24,7 @@ test -f /tmp/somedir/somefile - grep -q baz /tmp/somedir/somefile - grep -q qux /tmp/someotherfile - --systemd-tmpfiles --purge - <<<"$c" -+systemd-tmpfiles --purge --destroy-data - <<<"$c" - test ! -f /tmp/somedir/somefile - test ! -d /tmp/somedir/ - grep -q qux /tmp/someotherfile -@@ -34,12 +34,12 @@ test ! -f /tmp/somedir/somefile - test ! -d /tmp/somedir/ - grep -q qux /tmp/someotherfile - --systemd-tmpfiles --create --purge - <<<"$c" -+systemd-tmpfiles --create --destroy-data --purge - <<<"$c" - test -f /tmp/somedir/somefile - grep -q baz /tmp/somedir/somefile - grep -q qux /tmp/someotherfile - --systemd-tmpfiles --purge - <<<"$c" -+systemd-tmpfiles --purge --destroy-data - <<<"$c" - test ! -f /tmp/somedir/somefile - test ! -d /tmp/somedir/ - grep -q qux /tmp/someotherfile --- -2.47.0 - diff --git a/systemd.spec b/systemd.spec index b9563f2..b5ba89e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -118,9 +118,6 @@ Patch0010: https://github.com/systemd/systemd/pull/26494.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch0491: https://github.com/systemd/systemd/pull/30846.patch -# Soft-disable tmpfiles --purge until a good use case comes up. -Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch - %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 %endif From e157552c6c76837026108842300c6e95963d453d Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 6 Jan 2025 14:35:05 +0100 Subject: [PATCH 370/494] Always build in release mode Building with %upstream doesn't necessarily imply we want a developer build, so let's always build in release mode. If needed %meson_extra_configure_options can be used to override this and build in developer mode after all. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index b5ba89e..ff1d95a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -723,7 +723,7 @@ VMLINUX_H_PATH=$(%python3 -c '%find_vmlinux_h') %endif CONFIGURE_OPTS=( - -Dmode=%[%{with upstream}?"developer":"release"] + -Dmode=release -Dslow-tests=true -Dsysvinit-path=/etc/rc.d/init.d -Drc-local=/etc/rc.d/rc.local From 133ae30e33b0eb25da572a93e19f19726210d3bb Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 6 Jan 2025 14:37:23 +0100 Subject: [PATCH 371/494] Drop patches based on %upstream macro instead of patch number Let's use the %upstream macro to gate patches which are backports of upstream instead of relying on patch numbers. We'll build with %upstream defined in packit so that patches which should not be applied on upstream builds are skipped. --- systemd.spec | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/systemd.spec b/systemd.spec index ff1d95a..3faeeb1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -101,12 +101,6 @@ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done| GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py >hwdb.patch %endif -# Backports of patches from upstream (0000–0499) -# -# Any patches which are "in preparation" upstream should be listed here, rather -# than in the next section. Packit CI will drop any patches in this range before -# applying upstream pull requests. - %if 0%{?fedora} < 40 && 0%{?rhel} < 10 # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 @@ -114,9 +108,13 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ Patch0010: https://github.com/systemd/systemd/pull/26494.patch %endif +%if %{without upstream} + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 -Patch0491: https://github.com/systemd/systemd/pull/30846.patch +Patch0011: https://github.com/systemd/systemd/pull/30846.patch + +%endif %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 From fd860fd12d2662797540fd428f1d601a108e1cdc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Thu, 2 Jan 2025 13:55:00 +0100 Subject: [PATCH 372/494] Drop a build dependency on a linter package: pytest-flakes See https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#_linters Also, the package is orphaned. --- systemd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 3faeeb1..456ebb0 100644 --- a/systemd.spec +++ b/systemd.spec @@ -197,7 +197,6 @@ BuildRequires: python3dist(lxml) BuildRequires: python3dist(pefile) %if 0%{?fedora} BuildRequires: python3dist(pillow) -BuildRequires: python3dist(pytest-flakes) %endif BuildRequires: python3dist(pytest) %if 0%{?want_bootloader} From 3386f5d70426c129dd01b39f7b95fc2dc4e150d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 7 Jan 2025 18:03:50 +0100 Subject: [PATCH 373/494] Rename source .abignore file OBS does not support files with names starting with a dot. https://fedoraproject.org/wiki/How_to_filter_libabigail_reports does not make it really clear if the file can renamed. (The first part of the paragraph implies a positive answer, the second is unclear.) Let's see how this goes. --- .abignore => libabigail.abignore | 0 systemd.spec | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) rename .abignore => libabigail.abignore (100%) diff --git a/.abignore b/libabigail.abignore similarity index 100% rename from .abignore rename to libabigail.abignore diff --git a/systemd.spec b/systemd.spec index 456ebb0..60c3242 100644 --- a/systemd.spec +++ b/systemd.spec @@ -78,7 +78,7 @@ Source9: systemd-journal-gatewayd.xml Source10: 20-yama-ptrace.conf Source11: systemd-udev-trigger-no-reload.conf # https://fedoraproject.org/wiki/How_to_filter_libabigail_reports -Source13: .abignore +Source13: libabigail.abignore Source14: 10-oomd-defaults.conf Source15: 10-oomd-per-slice-defaults.conf @@ -963,7 +963,7 @@ install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE10} # https://bugzilla.redhat.com/show_bug.cgi?id=1378974 install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE11} -install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/ %{SOURCE13} +install -Dm0644 %{SOURCE13} %{buildroot}%{_prefix}/lib/systemd/.abignore # systemd-oomd default configuration install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14} From c7379c94601ff1eae2ef471ec0f72dc7b039a02f Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 8 Jan 2025 04:29:25 +0900 Subject: [PATCH 374/494] Replace 'udevadm hwdb' with systemd-hwdb systemd-hwdb was added in v219 (released in 2015) and 'udevadm hwdb' was deprecated in v253. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 60c3242..f214d21 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1126,7 +1126,7 @@ if [ -f %{_localstatedir}/lib/systemd/clock ]; then mv %{_localstatedir}/lib/systemd/clock %{_localstatedir}/lib/systemd/timesync/. fi -udevadm hwdb --update &>/dev/null +systemd-hwdb update &>/dev/null %systemd_post %udev_services From e570cd53dfd776c33de51538cd8783e42f752369 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 7 Jan 2025 19:51:44 +0000 Subject: [PATCH 375/494] spec: drop trailing whitespace [skip changelog] --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index f214d21..b526871 100644 --- a/systemd.spec +++ b/systemd.spec @@ -45,7 +45,7 @@ Name: systemd Url: https://systemd.io -# Allow users to specify the version and release when building the rpm by +# Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. Version: %{?version_override}%{!?version_override:257.1} Release: %autorelease From 4df2711a9f69c979dd8731d8bcd05872afae4a20 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 7 Jan 2025 19:50:18 +0000 Subject: [PATCH 376/494] Add bcond for OBS-specific quirks The version substitution system is not able to fully subst the current Version field due to the inline use of macros, so you end up with like: 257-123-gabcd257.1 instead of: 257-123-gabcd I.e., the hard-coded 257.1 gets appended to the OBS-specified version. If it was simply hardcoded as 257.1 it would work, but the inline macros throw it off. [skip changelog] --- systemd.spec | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/systemd.spec b/systemd.spec index b526871..0b19b99 100644 --- a/systemd.spec +++ b/systemd.spec @@ -32,6 +32,9 @@ # Build from git main %bcond upstream 0 +# Build with OBS-specific quirks +%bcond obs 0 + # When bootstrap, libcryptsetup is disabled # but auto-features causes many options to be turned on # that depend on libcryptsetup (e.g. libcryptsetup-plugins, homed) @@ -47,7 +50,13 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. +# But don't do that on OBS, otherwise the version subst fails, and will be +# like 257-123-gabcd257.1 instead of 257-123-gabcd +%if %{without obs} Version: %{?version_override}%{!?version_override:257.1} +%else +Version: %{?version_override}%{!?version_override:%(cat meson.version)} +%endif Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) From 3a9c32b8a982bb6a767e39041fc93960f64c5ffc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 8 Jan 2025 12:43:11 +0100 Subject: [PATCH 377/494] Version 257.2 - Fixes for assertion crashes and memory access issues in pid1 and systemd-machined, and other fixes for systemd-repart, systemd-resolved, systemd-stdio-bridge, systemctl, journalctl, sd-device, hibernation, and the hardware database. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 165fa9d..b8843e6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.1.tar.gz) = dded7555077f85d0f8106b72cc46604fbe4249452be6b2d55800770b6deb2a3a122697c5a5f23b22dab416e8c050e53fc30d59dfd3bfd7c9fbbdab3162e8ebe5 +SHA512 (systemd-257.2.tar.gz) = 4f47fcd9a4148101ee7b85cf5908a04ec9e025dc7a5a2e8e61c05439cfd427851b6d356bb96a0dfae55566bbf6d3c93a13251d220840c09296e94f80bd4a5945 diff --git a/systemd.spec b/systemd.spec index 0b19b99..e13a5b3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -53,7 +53,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:257.1} +Version: %{?version_override}%{!?version_override:257.2} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From 1814bfe7949a56db5918c6785d2c46a8eda1e026 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 8 Jan 2025 15:50:45 +0100 Subject: [PATCH 378/494] remove STI test The test fails because of the same reason as the installability test, it tries to install every subpackage which fails because the standalone subpackages conflict with all the other packages. Given there's no owner for the test, nobody looks at or seems interested in the results, STI itself will likely be deprecated soon (https://fedoraproject.org/wiki/Changes/DeprecateSTI) and systemd's upstream integration tests will soon support checking for AVC denials (https://github.com/systemd/systemd/pull/35921), let's remove the STI test. --- tests/tests-reboot.yml | 50 ------------------------------------------ 1 file changed, 50 deletions(-) delete mode 100644 tests/tests-reboot.yml diff --git a/tests/tests-reboot.yml b/tests/tests-reboot.yml deleted file mode 100644 index 94ea8a5..0000000 --- a/tests/tests-reboot.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -- hosts: localhost - vars: - - artifacts: "{{ lookup('env', 'TEST_ARTIFACTS')|default('./artifacts', true) }}" - tags: - - classic - tasks: - # switch SELinux to permissive mode - - name: Get default kernel - command: "grubby --default-kernel" - register: default_kernel - - debug: msg="{{ default_kernel.stdout }}" - - name: Set permissive mode - command: "grubby --args=enforcing=0 --update-kernel {{ default_kernel.stdout }}" - - - name: reboot - block: - - name: restart host - shell: sleep 2 && shutdown -r now "Ansible updates triggered" - async: 1 - poll: 0 - ignore_errors: true - - - name: wait for host to come back - wait_for_connection: - delay: 10 - timeout: 300 - - - name: Re-create /tmp/artifacts - command: mkdir /tmp/artifacts - - - name: Gather SELinux denials since boot - shell: | - result=pass - dmesg | grep -i -e type=1300 -e type=1400 > /tmp/avc.log && result=fail - ausearch -m avc -m selinux_err -m user_avc -ts boot &>> /tmp/avc.log - grep -q '' /tmp/avc.log || result=fail - echo -e "\nresults:\n- test: reboot and collect AVC\n result: $result\n logs:\n - avc.log\n\n" > /tmp/results.yml - ( [ $result = "pass" ] && echo PASS test-reboot || echo FAIL test-reboot ) > /tmp/test.log - - always: - - name: Pull out the artifacts - fetch: - dest: "{{ artifacts }}/" - src: "{{ item }}" - flat: yes - with_items: - - /tmp/test.log - - /tmp/avc.log - - /tmp/results.yml From 30f50b18709d84b6f7830febf2c13b1465a75340 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 10 Jan 2025 17:02:55 +0100 Subject: [PATCH 379/494] Drop patch numbers In the past, we used patch numbers to skip some patches in upstream CI builds. The upstream bcond is now used for this instead, so we can drop the numbering to make it easier to add an remove patches. [skip changelog] --- systemd.spec | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/systemd.spec b/systemd.spec index e13a5b3..eeb632c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -104,25 +104,17 @@ Source25: 98-default-mac-none.link Source26: systemd-user -%if 0 -GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable -i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip -GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py >hwdb.patch -%endif - %if 0%{?fedora} < 40 && 0%{?rhel} < 10 # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 # Drop when dracut-060 is available. -Patch0010: https://github.com/systemd/systemd/pull/26494.patch +Patch: https://github.com/systemd/systemd/pull/26494.patch %endif %if %{without upstream} - # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 -Patch0011: https://github.com/systemd/systemd/pull/30846.patch - +Patch: https://github.com/systemd/systemd/pull/30846.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From b1bd57ecce6d56e22e74eded8377faa5326ddccb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 10 Jan 2025 17:05:52 +0100 Subject: [PATCH 380/494] Revert use of PrivateTmp=disconnected ... (rhbz#2334015, https://github.com/coreos/fedora-coreos-tracker/issues/1857) --- ...-PrivateTmp-disconnected-instead-of-.patch | 69 +++++++++++++++++++ systemd.spec | 6 ++ 2 files changed, 75 insertions(+) create mode 100644 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch diff --git a/0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch b/0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch new file mode 100644 index 0000000..eca67f0 --- /dev/null +++ b/0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch @@ -0,0 +1,69 @@ +From 0792bb7a9d25a1ab8a5f208f2f5cea8a362dc1c6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 10 Jan 2025 17:00:08 +0100 +Subject: [PATCH] Revert "units: use PrivateTmp=disconnected instead of 'yes' + if DefaultDependencies=no" + +This reverts commit 1f6e1928488d461d19fd1e4b4d645b0ea5ea8bf5. +--- + units/systemd-coredump@.service.in | 2 +- + units/systemd-oomd.service.in | 2 +- + units/systemd-resolved.service.in | 2 +- + units/systemd-timesyncd.service.in | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in +index c74dc7a5a1..fa3206d07b 100644 +--- a/units/systemd-coredump@.service.in ++++ b/units/systemd-coredump@.service.in +@@ -26,7 +26,7 @@ NoNewPrivileges=yes + OOMScoreAdjust=500 + PrivateDevices=yes + PrivateNetwork=yes +-PrivateTmp=disconnected ++PrivateTmp=yes + ProtectControlGroups=yes + ProtectHome=read-only + ProtectHostname=yes +diff --git a/units/systemd-oomd.service.in b/units/systemd-oomd.service.in +index 670d5e6140..82bd6245f8 100644 +--- a/units/systemd-oomd.service.in ++++ b/units/systemd-oomd.service.in +@@ -37,7 +37,7 @@ MemoryLow=64M + NoNewPrivileges=yes + OOMScoreAdjust=-900 + PrivateDevices=yes +-PrivateTmp=disconnected ++PrivateTmp=yes + ProtectClock=yes + ProtectHome=yes + ProtectHostname=yes +diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in +index e181b2528a..4aa0788ac4 100644 +--- a/units/systemd-resolved.service.in ++++ b/units/systemd-resolved.service.in +@@ -29,7 +29,7 @@ LockPersonality=yes + MemoryDenyWriteExecute=yes + NoNewPrivileges=yes + PrivateDevices=yes +-PrivateTmp=disconnected ++PrivateTmp=yes + ProtectClock=yes + ProtectControlGroups=yes + ProtectHome=yes +diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in +index 835d6327e7..cf233fbffd 100644 +--- a/units/systemd-timesyncd.service.in ++++ b/units/systemd-timesyncd.service.in +@@ -31,7 +31,7 @@ LockPersonality=yes + MemoryDenyWriteExecute=yes + NoNewPrivileges=yes + PrivateDevices=yes +-PrivateTmp=disconnected ++PrivateTmp=yes + ProtectProc=invisible + ProtectControlGroups=yes + ProtectHome=yes +-- +2.47.1 + diff --git a/systemd.spec b/systemd.spec index eeb632c..1910a32 100644 --- a/systemd.spec +++ b/systemd.spec @@ -112,6 +112,12 @@ Patch: https://github.com/systemd/systemd/pull/26494.patch %endif %if %{without upstream} +# Temporarily drop use of PrivateTmp=disconnected. This is causing failures +# in various places: +# https://bugzilla.redhat.com/show_bug.cgi?id=2334015 +# https://github.com/coreos/fedora-coreos-tracker/issues/1857 +Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch From 20cc578e59c292a3c5ceaf43cac2c248aa26b9b7 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 8 Jan 2025 00:46:28 +0000 Subject: [PATCH 381/494] Enable signing systemd-boot on OBS builds On OBS the https://github.com/openSUSE/pesign-obs-integration package is the way to get binaries signed. Build depend on it, and call its hook. Also rename and change the description and provides of the package, given it is signed. [skip changelog] --- systemd.spec | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/systemd.spec b/systemd.spec index 1910a32..2fba134 100644 --- a/systemd.spec +++ b/systemd.spec @@ -237,6 +237,10 @@ BuildRequires: xen-devel %endif %endif +%if %{with obs} +BuildRequires: pesign-obs-integration +%endif + Requires(post): coreutils Requires(post): grep # systemd-machine-id-setup requires libssl @@ -512,6 +516,7 @@ with a command line, and possibly PCR measurements and other metadata, into a Unified Kernel Image (UKI). %if 0%{?want_bootloader} +%if %{without obs} %package boot-unsigned Summary: UEFI boot manager (unsigned version) @@ -532,6 +537,27 @@ line. systemd-boot supports systems with UEFI firmware only. This package contains the unsigned version. Install systemd-boot instead to get the version that works with Secure Boot. +%else +%package boot +Summary: UEFI boot manager (signed version) + +Provides: systemd-boot-signed-%{efi_arch} = %version-%release +Provides: systemd-boot = %version-%release +Provides: systemd-boot%{_isa} = %version-%release +# A provides with just the version, no release or dist, used to build systemd-boot +Provides: version(systemd-boot-signed) = %version +Provides: version(systemd-boot-signed)%{_isa} = %version + +# self-obsoletes to install both packages after split of systemd-boot +Obsoletes: systemd-udev < 252.2^ + +%description boot +systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a +graphical menu to select the entry to boot and an editor for the kernel command +line. systemd-boot supports systems with UEFI firmware only. + +This package contains the signed version. +%endif %endif %package container @@ -1045,6 +1071,11 @@ EOF # Split files in build root into rpms python3 %{SOURCE2} %buildroot %{!?want_bootloader:--no-bootloader} +# Stage sd-boot binaries for signing +%if %{with obs} && 0%{?want_bootloader} +BRP_PESIGN_FILES=/usr/lib/systemd/boot/efi/systemd-boot%{efi_arch}.efi BRP_PESIGN_PACKAGES=systemd-boot /usr/lib/rpm/brp-suse.d/brp-99-pesign +%endif + %check %if %{with tests} meson test -C %{_vpath_builddir} -t 6 --print-errorlogs @@ -1299,7 +1330,11 @@ fi %files ukify -f .file-list-ukify %if 0%{?want_bootloader} +%if %{without obs} %files boot-unsigned -f .file-list-boot +%else +%files boot -f .file-list-boot +%endif %endif %files container -f .file-list-container From cddeca136f617641ce81c448ae7a66c4682f719f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 12 Jan 2025 16:24:13 +0100 Subject: [PATCH 382/494] Rebuilt for the bin-sbin merge (2nd attempt) https://fedoraproject.org/wiki/Changes/Unify_bin_and_sbin From fd36e4c562f9a0bda309405fd199e91e1f51f2eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 12 Jan 2025 18:23:30 +0100 Subject: [PATCH 383/494] Rebuilt for the bin-sbin merge (2nd attempt) This time in the side tag. [skip changelog] From a7eec4d33deb2605ebc5d2c0cc433ce035bbd2f1 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 8 Jan 2025 14:15:18 +0100 Subject: [PATCH 384/494] Run upstream integration test suite with Fedora CI Let's add a tmt plan to read the upstream fmf metadata which contains a single test to run the upstream integration tests. To make this work, we also add a downstream patch with some fmf test script fixes that landed after 257.2 was released. We request virtualization support so we can run qemu based integration tests in qemu with KVM. --- .fmf/version | 1 + 35938.patch | 879 +++++++++++++++++++++++++++++++++++++++++++++ plans/upstream.fmf | 16 + systemd.spec | 3 + 4 files changed, 899 insertions(+) create mode 100644 .fmf/version create mode 100644 35938.patch create mode 100644 plans/upstream.fmf diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/35938.patch b/35938.patch new file mode 100644 index 0000000..7f9f9be --- /dev/null +++ b/35938.patch @@ -0,0 +1,879 @@ +From 1f21bbecade2c74a02ec8e2d5ebc8757752ea7b2 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 8 Jan 2025 10:25:05 +0100 +Subject: [PATCH 01/22] fmf: Don't fail if we can't put selinux in permissive + mode + +The tests might be running unprivileged or in an environment without +selinux so let's not fail if we can't put it in permissive mode. + +(cherry picked from commit 0250db0139b159cb9e6c1a87ad91ffdd03e80236) +--- + test/fmf/integration-tests/test.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 4984fb119b571..fe139567bdf06 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -4,8 +4,8 @@ + set -eux + set -o pipefail + +-# Switch SELinux to permissive, since the tests don't set proper contexts +-setenforce 0 ++# Switch SELinux to permissive if possible, since the tests don't set proper contexts ++setenforce 0 || true + + # Allow running the integration tests downstream in dist-git with something like + # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: + +From 006ff34ef7d27aa10fd7343dacd1663f25561799 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 8 Jan 2025 10:25:50 +0100 +Subject: [PATCH 02/22] fmf: Fix dist-git example + +All that's needed is dist-git-source: true so remove the other settings +that aren't required. + +(cherry picked from commit 0a85b3757968a2750286119760244e017c990263) +--- + test/fmf/integration-tests/test.sh | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index fe139567bdf06..73771d4237207 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -13,9 +13,6 @@ setenforce 0 || true + # summary: systemd Fedora test suite + # discover: + # how: fmf +-# url: https://github.com/systemd/systemd +-# ref: main +-# path: test/fmf + # dist-git-source: true + # dist-git-install-builddeps: false + # prepare: + +From fc5028ef24af77c9bf0965bb9e3518cdc1041797 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 8 Jan 2025 10:38:21 +0100 +Subject: [PATCH 03/22] fmf: Fix glob + +Globs inside quotes aren't expanded and we need the glob to be more +specific to avoid matching multiple entries inside the tmt source +directory. + +(cherry picked from commit fc1b08dee2ccf706580fa448e66831d1e853d054) +--- + test/fmf/integration-tests/test.sh | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 73771d4237207..0a1595fa97268 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -23,8 +23,11 @@ setenforce 0 || true + # execute: + # how: tmt + ++shopt -s extglob ++ + if [[ -n "${TMT_SOURCE_DIR:-}" ]]; then +- pushd "$TMT_SOURCE_DIR/*/" ++ # Match either directories ending with branch names (e.g. systemd-fmf) or releases (e.g systemd-257.1). ++ pushd "$TMT_SOURCE_DIR"/systemd-+([0-9a-z.~])/ + elif [[ -n "${PACKIT_TARGET_URL:-}" ]]; then + # Prepare systemd source tree + git clone "$PACKIT_TARGET_URL" systemd --branch "$PACKIT_TARGET_BRANCH" + +From bff09b9634e0160bd33302eec1c25438cdba2af5 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 8 Jan 2025 12:12:15 +0100 +Subject: [PATCH 04/22] fmf: Only mess with /etc/yum.repos.d when running + within testing farm + +If running tmt locally to debug the test script, make sure we don't +mess with /etc/yum.repos.d. + +(cherry picked from commit 8e3347f3bd3d9a01b8f39b0858eab74084ecf20a) +--- + test/fmf/integration-tests/test.sh | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 0a1595fa97268..347cd219a458a 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -63,6 +63,11 @@ Release=${VERSION_ID:-rawhide} + [Build] + ToolsTreeDistribution=$ID + ToolsTreeRelease=${VERSION_ID:-rawhide} ++EOF ++ ++if [[ -n "${TESTING_FARM_REQUEST_ID:-}" ]]; then ++ tee --append mkosi.local.conf <> /etc/yum.repos.d/copr_build* ++ # Ensure packages built for this test have highest priority ++ echo -e "\npriority=1" >> /etc/yum.repos.d/copr_build* + +-# Disable mkosi's own repository logic +-touch /etc/yum.repos.d/mkosi.repo ++ # Disable mkosi's own repository logic ++ touch /etc/yum.repos.d/mkosi.repo ++fi + + # TODO: drop once BTRFS regression is fixed in kernel 6.13 + sed -i "s/Format=btrfs/Format=ext4/" mkosi.repart/10-root.conf + +From d0b9af0f2bb5f8891eb4def4ec201bf527fe2096 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 8 Jan 2025 16:41:46 +0100 +Subject: [PATCH 05/22] fmf: Dump CPU and memory information + +(cherry picked from commit 44368f84d7ddbec7a50648a65c27cb6a31090a29) +--- + test/fmf/integration-tests/test.sh | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 347cd219a458a..4545090c3c1ab 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -7,6 +7,10 @@ set -o pipefail + # Switch SELinux to permissive if possible, since the tests don't set proper contexts + setenforce 0 || true + ++echo "CPU and Memory information:" ++lscpu ++lsmem ++ + # Allow running the integration tests downstream in dist-git with something like + # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: + # + +From c8cd705e5ed0a1f1fe642772a7605b36f30215a1 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 8 Jan 2025 13:31:11 +0100 +Subject: [PATCH 06/22] TEST-06-SELINUX: Add knob to allow checking for AVCs + +When running the integration tests downstream, it's useful to be +able to test that a new systemd version doesn't introduce any AVC +denials, so let's add a knob to make that possible. + +(cherry picked from commit de19520ec979902fd457515d1a795210fdaedf93) +--- + test/README.testsuite | 10 ++++++++++ + test/fmf/integration-tests/test.sh | 7 +++++++ + test/units/TEST-06-SELINUX.sh | 4 ++++ + 3 files changed, 21 insertions(+) + +diff --git a/test/README.testsuite b/test/README.testsuite +index da2d17a6dba7c..6b367aa6738fa 100644 +--- a/test/README.testsuite ++++ b/test/README.testsuite +@@ -151,6 +151,16 @@ that make use of `run_testcases`. + + `TEST_SKIP_TESTCASE=testcase`: takes a space separated list of testcases to skip. + ++### SELinux AVCs ++ ++To have `TEST-06-SELINUX` check for SELinux denials, write the following to ++mkosi.local.conf: ++ ++```conf ++[Runtime] ++KernelCommandLineExtra=systemd.setenv=TEST_SELINUX_CHECK_AVCS=1 ++``` ++ + ## Ubuntu CI + + New PRs submitted to the project are run through regression tests, and one set +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 4545090c3c1ab..fccfa15c72821 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -69,6 +69,13 @@ ToolsTreeDistribution=$ID + ToolsTreeRelease=${VERSION_ID:-rawhide} + EOF + ++if [[ -n "${TEST_SELINUX_CHECK_AVCS:-}" ]]; then ++ tee --append mkosi.local.conf < +Date: Wed, 8 Jan 2025 16:03:06 +0100 +Subject: [PATCH 07/22] fmf: Force SELinux relabel when running within testing + farm + +We expect to run as root within testing farm and to have permissions +to do selinux relabelling so let's enable it explicitly. + +(cherry picked from commit e1c883bf32f3922bfc977701062e353c0a0a4ac5) +--- + test/fmf/integration-tests/test.sh | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index fccfa15c72821..8cea79cf30274 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -78,6 +78,9 @@ fi + + if [[ -n "${TESTING_FARM_REQUEST_ID:-}" ]]; then + tee --append mkosi.local.conf < +Date: Thu, 9 Jan 2025 11:27:51 +0100 +Subject: [PATCH 08/22] test: Drop set -x from integration-test-setup.sh + +(cherry picked from commit 90538ede55ac9d40dc513f64f052c687672cae89) +--- + test/integration-test-setup.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/integration-test-setup.sh b/test/integration-test-setup.sh +index d7c384a97cf48..c67f938acf26f 100755 +--- a/test/integration-test-setup.sh ++++ b/test/integration-test-setup.sh +@@ -1,6 +1,6 @@ + #!/usr/bin/env bash + # SPDX-License-Identifier: LGPL-2.1-or-later +-set -eux ++set -eu + set -o pipefail + + case "$1" in + +From 9f6617a1a086ecbdd4abb29d4a5b4eada05eb9c4 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 9 Jan 2025 11:28:15 +0100 +Subject: [PATCH 09/22] test: Only plug in integration-test-setup.sh in + interactive mode + +If we're not running interactively, there's no point in the features +from integration-test-setup.sh which are intended for interactive +development and debugging so lets skip adding it in that case. + +(cherry picked from commit 794d456cf402a35290d6562c21f0ff846511026c) +--- + test/integration-test-wrapper.py | 9 +++++++++ + test/test.service.in | 2 -- + 2 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py +index ef6df8840f50d..5fa0325b889e5 100755 +--- a/test/integration-test-wrapper.py ++++ b/test/integration-test-wrapper.py +@@ -459,6 +459,15 @@ def main() -> None: + """ + ) + ++ if sys.stderr.isatty(): ++ dropin += textwrap.dedent( ++ """ ++ [Service] ++ ExecStartPre=/usr/lib/systemd/tests/testdata/integration-test-setup.sh setup ++ ExecStopPost=/usr/lib/systemd/tests/testdata/integration-test-setup.sh finalize ++ """ ++ ) ++ + cmd = [ + args.mkosi, + '--directory', os.fspath(args.meson_source_dir), +diff --git a/test/test.service.in b/test/test.service.in +index 6400be0700288..75f703698f687 100644 +--- a/test/test.service.in ++++ b/test/test.service.in +@@ -7,9 +7,7 @@ Before=getty-pre.target + + [Service] + ExecStartPre=rm -f /failed /testok +-ExecStartPre=/usr/lib/systemd/tests/testdata/integration-test-setup.sh setup + ExecStart=@command@ +-ExecStopPost=/usr/lib/systemd/tests/testdata/integration-test-setup.sh finalize + Type=oneshot + MemoryAccounting=@memory-accounting@ + StateDirectory=%N + +From 2aa2a0c9d166fd7a77c027852255bf248fe63aa0 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Tue, 7 Jan 2025 15:01:02 +0100 +Subject: [PATCH 10/22] mkosi: Re-enable TEST-21-DFUZZER when running with + sanitizers + +Similar to how CentOS CI did it previously, let's only run +TEST-21-DFUZZER when built with sanitizers for maximum effect. + +(cherry picked from commit 103e92810a4bd3f01d2a49d85ef9575d60a8d244) +--- + .github/workflows/mkosi.yml | 8 ++++++++ + test/TEST-21-DFUZZER/meson.build | 1 - + 2 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml +index a043022ce05a1..592ed41051458 100644 +--- a/.github/workflows/mkosi.yml ++++ b/.github/workflows/mkosi.yml +@@ -61,6 +61,7 @@ jobs: + cflags: "-O2 -D_FORTIFY_SOURCE=3" + relabel: no + vm: 1 ++ skip: TEST-21-DFUZZER + - distro: debian + release: testing + sanitizers: "" +@@ -68,6 +69,7 @@ jobs: + cflags: "-Og" + relabel: no + vm: 0 ++ skip: TEST-21-DFUZZER + - distro: ubuntu + release: noble + sanitizers: "" +@@ -75,6 +77,7 @@ jobs: + cflags: "-Og" + relabel: no + vm: 0 ++ skip: TEST-21-DFUZZER + - distro: fedora + release: "41" + sanitizers: "" +@@ -82,6 +85,7 @@ jobs: + cflags: "-Og" + relabel: yes + vm: 0 ++ skip: TEST-21-DFUZZER + - distro: fedora + release: rawhide + sanitizers: address,undefined +@@ -96,6 +100,7 @@ jobs: + cflags: "-Og" + relabel: no + vm: 0 ++ skip: TEST-21-DFUZZER + - distro: centos + release: "9" + sanitizers: "" +@@ -103,6 +108,7 @@ jobs: + cflags: "-Og" + relabel: yes + vm: 0 ++ skip: TEST-21-DFUZZER + - distro: centos + release: "10" + sanitizers: "" +@@ -110,6 +116,7 @@ jobs: + cflags: "-Og" + relabel: yes + vm: 0 ++ skip: TEST-21-DFUZZER + + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 +@@ -195,6 +202,7 @@ jobs: + mkosi sandbox \ + env \ + TEST_PREFER_QEMU=${{ matrix.vm }} \ ++ TEST_SKIP=${{ matrix.skip }} \ + meson test \ + -C build \ + --no-rebuild \ +diff --git a/test/TEST-21-DFUZZER/meson.build b/test/TEST-21-DFUZZER/meson.build +index f57be63380222..932f0c5f0e407 100644 +--- a/test/TEST-21-DFUZZER/meson.build ++++ b/test/TEST-21-DFUZZER/meson.build +@@ -6,6 +6,5 @@ integration_tests += [ + 'timeout' : 3600, + 'priority' : 50, + 'vm' : true, +- 'enabled' : false, + }, + ] + +From 0d6306c37144494e8b029a5f73aec40372587203 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 9 Jan 2025 15:13:18 +0100 +Subject: [PATCH 11/22] fmf: Move meson logs and failed test journals to test + artifacts dir + +(cherry picked from commit 0e444c948e7d8ddbdec83116b68af7d876e2d2f6) +--- + test/fmf/integration-tests/test.sh | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 8cea79cf30274..762016f2a5c1c 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -125,6 +125,11 @@ mkosi -f sandbox \ + --suite integration-tests \ + --print-errorlogs \ + --no-stdsplit \ +- --num-processes "$(($(nproc) - 1))" ++ --num-processes "$(($(nproc) - 1))" && EC=0 || EC=$? ++ ++find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; ++find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; + + popd ++ ++exit "$EC" + +From 80d2d53b0d8573b69597a37f6ced38df97ad2746 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 9 Jan 2025 15:24:51 +0100 +Subject: [PATCH 12/22] fmf: Log clock source + +(cherry picked from commit 6e761c5a93278fc719a66f7c984af9608b836991) +--- + test/fmf/integration-tests/test.sh | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 762016f2a5c1c..d1e43b1d7dbc9 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -11,6 +11,8 @@ echo "CPU and Memory information:" + lscpu + lsmem + ++echo "Clock source: $(cat /sys/devices/system/clocksource/clocksource0/current_clocksource)" ++ + # Allow running the integration tests downstream in dist-git with something like + # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: + # + +From 0584ff62f23838d2a85d48ce22a56aeb61e6f3e7 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 9 Jan 2025 16:24:22 +0100 +Subject: [PATCH 13/22] tree-wide: Fix python formatting + +The new release of ruff formats a few more things which causes linter +failures in CI so let's fix those formatting nits. + +(cherry picked from commit 96403d5121d93dd47dbe9dab5b90ff973e664ac3) +--- + src/ukify/ukify.py | 6 +++--- + test/integration-test-wrapper.py | 6 +++--- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py +index 3f36aa7af6b08..be4e30eb8e36e 100755 +--- a/src/ukify/ukify.py ++++ b/src/ukify/ukify.py +@@ -763,7 +763,7 @@ def call_systemd_measure(uki: UKI, opts: UkifyConfig, profile_start: int = 0) -> + cmd = [ + measure_tool, + 'calculate', +- *(f"--{s.name.removeprefix('.')}={s.content}" for s in to_measure.values()), ++ *(f'--{s.name.removeprefix(".")}={s.content}' for s in to_measure.values()), + *(f'--bank={bank}' for bank in banks), + # For measurement, the keys are not relevant, so we can lump all the phase paths + # into one call to systemd-measure calculate. +@@ -786,7 +786,7 @@ def call_systemd_measure(uki: UKI, opts: UkifyConfig, profile_start: int = 0) -> + cmd = [ + measure_tool, + 'sign', +- *(f"--{s.name.removeprefix('.')}={s.content}" for s in to_measure.values()), ++ *(f'--{s.name.removeprefix(".")}={s.content}' for s in to_measure.values()), + *(f'--bank={bank}' for bank in banks), + ] + +@@ -1284,7 +1284,7 @@ def make_uki(opts: UkifyConfig) -> None: + os.umask(umask := os.umask(0)) + os.chmod(opts.output, 0o777 & ~umask) + +- print(f"Wrote {'signed' if sign_args_present else 'unsigned'} {opts.output}") ++ print(f'Wrote {"signed" if sign_args_present else "unsigned"} {opts.output}') + + + @contextlib.contextmanager +diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py +index 5fa0325b889e5..d9d92fcba3b0e 100755 +--- a/test/integration-test-wrapper.py ++++ b/test/integration-test-wrapper.py +@@ -429,7 +429,7 @@ def main() -> None: + dropin += textwrap.dedent( + f""" + [Service] +- Environment=TEST_MATCH_SUBTEST={os.environ["TEST_MATCH_SUBTEST"]} ++ Environment=TEST_MATCH_SUBTEST={os.environ['TEST_MATCH_SUBTEST']} + """ + ) + +@@ -437,7 +437,7 @@ def main() -> None: + dropin += textwrap.dedent( + f""" + [Service] +- Environment=TEST_MATCH_TESTCASE={os.environ["TEST_MATCH_TESTCASE"]} ++ Environment=TEST_MATCH_TESTCASE={os.environ['TEST_MATCH_TESTCASE']} + """ + ) + +@@ -568,7 +568,7 @@ def main() -> None: + + ops += [f'journalctl --file {journal_file} --no-hostname -o short-monotonic -u {args.unit} -p info'] + +- print("Test failed, relevant logs can be viewed with: \n\n" f"{(' && '.join(ops))}\n", file=sys.stderr) ++ print(f'Test failed, relevant logs can be viewed with: \n\n{(" && ".join(ops))}\n', file=sys.stderr) + + # 0 also means we failed so translate that to a non-zero exit code to mark the test as failed. + exit(result.returncode or 1) + +From eb15a87fb0ba3d37b58e0b74f6c796f6d632c273 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 10 Jan 2025 14:27:33 +0100 +Subject: [PATCH 14/22] test: Add option to save in progress test journals to + /tmp + +The journal isn't the best at being fast, especially when writing +to disk and not to memory, which can cause integration tests to +grind to a halt on beefy systems due to all the systemd-journal-remote +instances not being able to write journal entries to disk fast enough. + +Let's introduce an option to allow writing in progress test journals +to use /tmp which can be used on beefy systems with lots of memory to +speed things up. + +(cherry picked from commit e49fdecd161b3d391e55311652fda3220d851fa1) +--- + test/README.testsuite | 4 ++++ + test/integration-test-wrapper.py | 12 +++++++++++- + 2 files changed, 15 insertions(+), 1 deletion(-) + +diff --git a/test/README.testsuite b/test/README.testsuite +index 6b367aa6738fa..e33c08f33a20e 100644 +--- a/test/README.testsuite ++++ b/test/README.testsuite +@@ -151,6 +151,10 @@ that make use of `run_testcases`. + + `TEST_SKIP_TESTCASE=testcase`: takes a space separated list of testcases to skip. + ++`TEST_JOURNAL_USE_TMP=1`: Write test journal to `/tmp` while the test is in ++progress and only move the journal to its final location in the build directory ++(`$BUILD_DIR/test/journal`) when the test is finished. ++ + ### SELinux AVCs + + To have `TEST-06-SELINUX` check for SELinux denials, write the following to +diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py +index d9d92fcba3b0e..1c28cf3776e80 100755 +--- a/test/integration-test-wrapper.py ++++ b/test/integration-test-wrapper.py +@@ -10,6 +10,7 @@ + import os + import re + import shlex ++import shutil + import subprocess + import sys + import tempfile +@@ -441,7 +442,11 @@ def main() -> None: + """ + ) + +- journal_file = (args.meson_build_dir / (f'test/journal/{name}.journal')).absolute() ++ if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': ++ journal_file = Path(f'/tmp/systemd-integration-tests/journal/{name.journal}') ++ else: ++ journal_file = (args.meson_build_dir / f'test/journal/{name}.journal').absolute() ++ + journal_file.unlink(missing_ok=True) + + if not sys.stderr.isatty(): +@@ -551,6 +556,11 @@ def main() -> None: + ): + journal_file.unlink(missing_ok=True) + ++ if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': ++ dst = args.meson_build_dir / f'test/journal/{name}.journal' ++ dst.parent.mkdir(parents=True, exist_ok=True) ++ shutil.move(journal_file, dst) ++ + if shell or (result.returncode in (args.exit_code, 77) and not coredumps and not sanitizer): + exit(0 if shell or result.returncode == args.exit_code else 77) + + +From ce86b8086e92c84e33385fb48467384abe74ca6d Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 10 Jan 2025 14:29:58 +0100 +Subject: [PATCH 15/22] test: Don't register machines with machined unless + we're in interactive mode + +(cherry picked from commit 84b30442d257102a9a39122f9a537fa48fb0bfda) +--- + test/integration-test-wrapper.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py +index 1c28cf3776e80..94904cfbc4c05 100755 +--- a/test/integration-test-wrapper.py ++++ b/test/integration-test-wrapper.py +@@ -516,7 +516,7 @@ def main() -> None: + ] + ), + '--credential', f"journal.storage={'persistent' if sys.stderr.isatty() else args.storage}", +- *(['--runtime-build-sources=no'] if not sys.stderr.isatty() else []), ++ *(['--runtime-build-sources=no', '--register=no'] if not sys.stderr.isatty() else []), + 'vm' if args.vm or os.getuid() != 0 or os.getenv('TEST_PREFER_QEMU', '0') == '1' else 'boot', + ] # fmt: skip + + +From 504eee6eb099c80b48d8bf7e82ca9e0d6549e076 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 10 Jan 2025 14:51:24 +0100 +Subject: [PATCH 16/22] test: Move StateDirectory= directive into dropin + +The integration-test-setup calls require StateDirectory= but some +tests override the test unit used which then won't have StateDirectory= +so let's move StateDirectory= into the dropin as well to avoid this +issue. + +(cherry picked from commit 1f17ec0ed419627a686ee6e719ac7f55cf082ada) +--- + test/integration-test-wrapper.py | 1 + + test/test.service.in | 1 - + 2 files changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py +index 94904cfbc4c05..610c34c903425 100755 +--- a/test/integration-test-wrapper.py ++++ b/test/integration-test-wrapper.py +@@ -470,6 +470,7 @@ def main() -> None: + [Service] + ExecStartPre=/usr/lib/systemd/tests/testdata/integration-test-setup.sh setup + ExecStopPost=/usr/lib/systemd/tests/testdata/integration-test-setup.sh finalize ++ StateDirectory=%N + """ + ) + +diff --git a/test/test.service.in b/test/test.service.in +index 75f703698f687..790c513da4338 100644 +--- a/test/test.service.in ++++ b/test/test.service.in +@@ -10,4 +10,3 @@ ExecStartPre=rm -f /failed /testok + ExecStart=@command@ + Type=oneshot + MemoryAccounting=@memory-accounting@ +-StateDirectory=%N + +From 4fc1059282f5e39b3385fe175d377de96461f68b Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 10 Jan 2025 15:26:37 +0100 +Subject: [PATCH 17/22] fmf: Bump inotify limits to avoid systemd-nspawn + failures + +(cherry picked from commit c32a8cdaa0f03ae29e9edade1213cc2001b28000) +--- + test/fmf/integration-tests/test.sh | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index d1e43b1d7dbc9..34bf1abfa8943 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -13,6 +13,10 @@ lsmem + + echo "Clock source: $(cat /sys/devices/system/clocksource/clocksource0/current_clocksource)" + ++# Bump inotify limits so nspawn containers don't run out of inotify file descriptors. ++sysctl fs.inotify.max_user_watches=65536 ++sysctl fs.inotify.max_user_instances=1024 ++ + # Allow running the integration tests downstream in dist-git with something like + # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: + # + +From 7f3639f9a0ead8ea70f2d975de4271bb7d8ab05b Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 10 Jan 2025 15:26:54 +0100 +Subject: [PATCH 18/22] fmf: Use different heuristic on beefy systems + +If we save journals in /tmp, we can run a larger number of tests in +parallel so let's make use of the larger number of CPUs if the tests +run on a beefy machine. + +(cherry picked from commit 53546c71fe0a1b30ee296df84bb8c3577f5675a4) +--- + test/fmf/integration-tests/test.sh | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 34bf1abfa8943..06a98bfd7a0be 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -116,6 +116,14 @@ if [[ ! -e /dev/kvm ]]; then + export TEST_NO_QEMU=1 + fi + ++NPROC="$(nproc)" ++if [[ "$NPROC" -ge 10 ]]; then ++ export TEST_JOURNAL_USE_TMP=1 ++ NPROC="$((NPROC / 3))" ++else ++ NPROC="$((NPROC - 1))" ++fi ++ + # Create missing mountpoint for mkosi sandbox. + mkdir -p /etc/pacman.d/gnupg + +@@ -131,7 +139,7 @@ mkosi -f sandbox \ + --suite integration-tests \ + --print-errorlogs \ + --no-stdsplit \ +- --num-processes "$(($(nproc) - 1))" && EC=0 || EC=$? ++ --num-processes "$NPROC" && EC=0 || EC=$? + + find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; + find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; + +From 3661dcc1cbf43dca2a9a77c3dffe50cbe1a7ea18 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 10 Jan 2025 15:29:28 +0100 +Subject: [PATCH 19/22] fmf: Skip TEST-21-DFUZZER + +Similar to Github Actions, since we don't build with sanitizers in +the packit job, let's skip TEST-21-DFUZZER. + +(cherry picked from commit e0c2fd6a3345d26afdf4159406c38cd9101d2e0d) +--- + test/fmf/integration-tests/test.sh | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 06a98bfd7a0be..f82961f9599d0 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -124,6 +124,10 @@ else + NPROC="$((NPROC - 1))" + fi + ++# This test is only really useful if we're building with sanitizers and takes a long time, so let's skip it ++# for now. ++export TEST_SKIP="TEST-21-DFUZZER" ++ + # Create missing mountpoint for mkosi sandbox. + mkdir -p /etc/pacman.d/gnupg + + +From 25c8ee9dc089b593940cefefb2dba7660768a7a8 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Mon, 13 Jan 2025 10:33:20 +0100 +Subject: [PATCH 20/22] test: Fix bug in integration test wrapper + +(cherry picked from commit 79ac78e3680a425d86c7a90e6846c630c9583b48) +--- + test/integration-test-wrapper.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py +index 610c34c903425..5321faef57818 100755 +--- a/test/integration-test-wrapper.py ++++ b/test/integration-test-wrapper.py +@@ -443,7 +443,7 @@ def main() -> None: + ) + + if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': +- journal_file = Path(f'/tmp/systemd-integration-tests/journal/{name.journal}') ++ journal_file = Path(f'/tmp/systemd-integration-tests/journal/{name}.journal') + else: + journal_file = (args.meson_build_dir / f'test/journal/{name}.journal').absolute() + + +From 051ad7661f7cf29b6cbf99c70a6a504f777bc240 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Tue, 14 Jan 2025 09:52:40 +0100 +Subject: [PATCH 21/22] test: Only move journal file if we didn't just unlink + it + +(cherry picked from commit 1d77ac19cfa1c9b194d7e9805430ab6fd38ba97e) +--- + test/integration-test-wrapper.py | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py +index 5321faef57818..a7bf5ea6060d4 100755 +--- a/test/integration-test-wrapper.py ++++ b/test/integration-test-wrapper.py +@@ -556,8 +556,7 @@ def main() -> None: + and not sanitizer + ): + journal_file.unlink(missing_ok=True) +- +- if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': ++ elif os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': + dst = args.meson_build_dir / f'test/journal/{name}.journal' + dst.parent.mkdir(parents=True, exist_ok=True) + shutil.move(journal_file, dst) + +From 6cd2c87e4ef1379520c98316ac5d6bcf21ef1bd1 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Tue, 14 Jan 2025 11:41:17 +0100 +Subject: [PATCH 22/22] fmf: Only move logs if corresponding directory exists + +Otherwise find fails with an error. + +(cherry picked from commit 3c2fa8e0501f9f39b3b7ca0506a7d548a39af928) +--- + test/fmf/integration-tests/test.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index f82961f9599d0..aff79340f79fe 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -145,8 +145,8 @@ mkosi -f sandbox \ + --no-stdsplit \ + --num-processes "$NPROC" && EC=0 || EC=$? + +-find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; +-find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; ++[[ -d build/meson-logs ]] && find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; ++[[ -d build/test/journal ]] && find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; + + popd + diff --git a/plans/upstream.fmf b/plans/upstream.fmf new file mode 100644 index 0000000..fd348ad --- /dev/null +++ b/plans/upstream.fmf @@ -0,0 +1,16 @@ +summary: systemd upstream test suite +discover: + how: fmf + dist-git-source: true + dist-git-install-builddeps: false +prepare: + - name: systemd + how: install + exclude: + - systemd-standalone-.* +execute: + how: tmt +provision: + hardware: + virtualization: + is-supported: true diff --git a/systemd.spec b/systemd.spec index 2fba134..14df243 100644 --- a/systemd.spec +++ b/systemd.spec @@ -121,6 +121,9 @@ Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch + +# Backport various fmf fixes to allow running the integration tests in Fedora CI. +Patch: https://github.com/systemd/systemd/pull/35938.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From 01e5bc1c93907a41421f3744211e9be645747695 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 14 Jan 2025 21:47:40 +0000 Subject: [PATCH 385/494] Set SBAT in sd-boot when building on OBS We are doing self-signing, so don't tag the EFI binaries as if they were Fedora's, since they are not. Set upstream-specific tags, that are the same for all distros built on OBS.. [skip changelog] --- systemd.spec | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/systemd.spec b/systemd.spec index 14df243..4ba5825 100644 --- a/systemd.spec +++ b/systemd.spec @@ -868,6 +868,11 @@ CONFIGURE_OPTS=( # considering that that support is untested, let's not do this now. -Dbootloader=%[%{?want_bootloader}?"enabled":"disabled"] -Dukify=enabled +%if 0%{?want_bootloader} && %{with obs} + -Dsbat-distro-url=https://github.com/systemd/systemd + -Dsbat-distro=upstream + -Dsbat-distro-summary='Upstream build from git' +%endif ) %if %{without lto} From aa5546e9ed9b3fe92efb29bae842da997d153cf8 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 16 Jan 2025 12:29:01 +0100 Subject: [PATCH 386/494] Add a few mkosi artifact directories to .gitignore --- .gitignore | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitignore b/.gitignore index 6cf7897..ca73e11 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,7 @@ /systemd-*.tar.xz /systemd-*.tar.gz /*.rpm +/mkosi.output/ +/mkosi.cache/ +/mkosi.builddir/ +/mkosi.local.conf From f257050dddc1c86fe4358f7b663ec0fe0ab1c407 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 16 Jan 2025 12:29:21 +0100 Subject: [PATCH 387/494] Add a .editorconfig file --- .editorconfig | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .editorconfig diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..1b58baf --- /dev/null +++ b/.editorconfig @@ -0,0 +1,11 @@ +root = true + +[*] +charset = utf-8 +indent_size = 4 +indent_style = space +insert_final_newline = true +trim_trailing_whitespace = true + +[*.{yml,yaml}] +indent_size = 2 From c7fecc18eba700cc97b04394f67afd0b4e965781 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 16 Jan 2025 22:14:36 +0100 Subject: [PATCH 388/494] Skip test_sysusers_defined on upstream builds --- systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd.spec b/systemd.spec index 4ba5825..c513a1c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1050,9 +1050,13 @@ mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ %endif %if 0%{?fedora} >= 41 +%if %{without upstream} # This requires https://pagure.io/setup/pull-request/50 # and https://src.fedoraproject.org/rpms/setup/pull-request/10. +# We skip this on upstream builds so that new users and groups +# can be added without breaking the build. %{python3} %{SOURCE4} /usr/lib/sysusers.d/20-setup-{users,groups}.conf %{buildroot}/usr/lib/sysusers.d/basic.conf +%endif rm %{buildroot}/usr/lib/sysusers.d/basic.conf %endif From e54ec2f978a1408b15ea25d8ff28961860e541bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 17 Jan 2025 14:04:00 +0100 Subject: [PATCH 389/494] Trim changelog entries that are not relevant to users --- changelog | 153 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 153 insertions(+) diff --git a/changelog b/changelog index fb6584d..216ab62 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,156 @@ +* Sun Jan 12 2025 Zbigniew Jędrzejewski-Szmek - 257.2-6 +- Rebuilt for the bin-sbin merge (2nd attempt) + +* Fri Jan 10 2025 Zbigniew Jędrzejewski-Szmek - 257.2-4 +- Revert use of PrivateTmp=disconnected (rhbz#2334015, + https://github.com/coreos/fedora-coreos-tracker/issues/1857) + +* Wed Jan 08 2025 Zbigniew Jędrzejewski-Szmek - 257.2-1 +- Version 257.2 +- Fixes for assertion crashes and memory access issues in pid1 and systemd- + machined, and other fixes for systemd-repart, systemd-resolved, systemd- + stdio-bridge, systemctl, journalctl, sd-device, hibernation, and the + hardware database. + +* Tue Jan 07 2025 Yu Watanabe - 257.1-7 +- Replace 'udevadm hwdb' with systemd-hwdb + +* Tue Jan 07 2025 Zbigniew Jędrzejewski-Szmek - 257.1-6 +- Rename source .abignore file + +* Fri Dec 20 2024 Daan De Meyer - 257.1-2 +- Re-enable upstream behaviour of systemd-tmpfiles --purge + +* Fri Dec 20 2024 Zbigniew Jędrzejewski-Szmek - 257.1-1 +- Version 257.1 +- A bunch of post-release fixes, incl. for systemd-resolved, tpm2 support, + systemd-networkd, systemd-logind, journalct. +- Should fix rhbz#2325780. + +* Sun Dec 15 2024 Yu Watanabe - 257-3 +- Add patch for test-time-util + +* Sun Dec 15 2024 Yu Watanabe - 257-2 +- sysusers: support new ! line flag for creating fully locked accounts + +* Tue Dec 10 2024 Zbigniew Jędrzejewski-Szmek - 257-1 +- Version 257 +- A bunch of small fixes in various components: systemd itself, systemd- + cryptenroll, sd-varlink, sd-boot, documentation, tests +- Includes an update of the hardware database + +* Thu Dec 05 2024 Zbigniew Jędrzejewski-Szmek - 257~rc3-5 +- Enable slow tests during build + +* Tue Dec 03 2024 Zbigniew Jędrzejewski-Szmek - 257~rc3-3 +- Recommend qemu-kvm-core instead of qemu-kvm (rhbz#2329979) + +* Fri Nov 29 2024 Yu Watanabe - 257~rc3-2 +- Update tmpfiles --destroy-data patch + +* Wed Nov 27 2024 Zbigniew Jędrzejewski-Szmek - 257~rc3-1 +- Version 257~rc3 +- A bunch of small fixes here and there: virtualization detection, udev, + systemd-networked, pid1. +- Includes a hardware database update. + +* Tue Nov 26 2024 Zbigniew Jędrzejewski-Szmek - 257~rc2-4 +- Make systemd-network-generator co-owned by -udev and -networkd + (rhbz#2328723) + +* Tue Nov 19 2024 Zbigniew Jędrzejewski-Szmek - 257~rc2-3 +- Pull in qemu from systemd-container + +* Fri Nov 15 2024 Zbigniew Jędrzejewski-Szmek - 257~rc2-2 +- Change sysusers u! lines to u because we don't have support in rpm + +* Fri Nov 15 2024 Zbigniew Jędrzejewski-Szmek - 257~rc2-1 +- Version 257~rc2 +- Changes in systemd-measure, systemd-networkd, documentation, systemd- + sysupdated, systemd-sbsign, systemd-boot, systemd-stub, systemd-nspawn, + run0, ukify +- Hardware database update + +* Fri Nov 15 2024 Zbigniew Jędrzejewski-Szmek - 257~rc1-3 +- Disable freezing of user sessions (rhbz#2321268) + +* Thu Nov 07 2024 Zbigniew Jędrzejewski-Szmek - 257~rc1-1 +- Version 257~rc1 + +* Thu Nov 07 2024 Daan De Meyer - 256.7-7 +- Use %%posttrans instead of %%postun to restart services + +* Thu Nov 07 2024 Yaakov Selkowitz - 256.7-6 +- Disable OpenSSL v3 ENGINE on RHEL + +* Tue Nov 05 2024 Daan De Meyer - 256.7-4 +- Backport user manager reexec changes + +* Tue Nov 05 2024 David Tardon - 256.7-3 +- Use %%systemd_preun in systemd-resolved + +* Thu Oct 24 2024 Yu Watanabe - 256.7-2 +- test_sysusers_defined: support new ! line flag for creating fully locked + accounts + +* Fri Oct 11 2024 Zbigniew Jędrzejewski-Szmek - 256.7-1 +- Version 256.7 +- Various small fixes in many components +- Documentation updates + +* Tue Sep 24 2024 Zbigniew Jędrzejewski-Szmek - 256.6-3 +- Move yum/dnf protection removal config file under /usr + +* Thu Sep 12 2024 Matteo Croce - 256.6-1 +- Version 256.6 + +* Thu Aug 29 2024 Daan De Meyer - 256.5-6 +- Always build ukify package + +* Wed Aug 28 2024 Daan De Meyer - 256.5-5 +- Do not use patch to modify systemd-user pam config file + +* Tue Aug 27 2024 Daan De Meyer - 256.5-3 +- Only make python3-pillow Recommends on Fedora + +* Sat Aug 24 2024 Davide Cavalca - 256.5-2 +- Do not require grubby on CentOS Stream 9 + +* Tue Aug 20 2024 Zbigniew Jędrzejewski-Szmek - 256.5-1 +- Version 256.5 +- Includes the patches for the kernel change with kernel threads in leaf + cgroups (https://github.com/systemd/systemd/pull/33885) +- Various smaller fixes + +* Tue Aug 20 2024 Zbigniew Jędrzejewski-Szmek - 256.4-4 +- Disable integration of userdb in sshd + +* Mon Jul 29 2024 Daan De Meyer - 256.4-3 +- Backport patch to only read /proc/cmdline when not in container + +* Mon Jul 29 2024 Daan De Meyer - 256.4-2 +- Backport upstream patch to try more initrd variants in + 90-loaderentry.install + +* Thu Jul 25 2024 Zbigniew Jędrzejewski-Szmek - 256.4-1 +- Version 256.4 +- Hardware db update +- Minor fixes for systemd-udevd and varlink protocol + +* Tue Jul 23 2024 Daan De Meyer - 256.3-3 +- Update tmpfiles --destroy-data patch + +* Tue Jul 23 2024 Zbigniew Jędrzejewski-Szmek - 256.3-1 +- Version 256.3 +- A bunch of fixes for systemd (pid1) +- Various upgrades related to running tests in mkosi + +* Sat Jul 20 2024 Daan De Meyer - 256.2-17 +- Simplify BFQ scheduler enablement + +* Sat Jul 20 2024 Fedora Release Engineering - 256.2-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + * Wed Jul 17 2024 Zbigniew Jędrzejewski-Szmek - 256.2-9 - Backport udma buffer access patch (rhbz#2298422) From d0973df8633edfe039c8040d1773f7e89c7dd2f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 17 Jan 2025 14:00:44 +0100 Subject: [PATCH 390/494] Backport patch to emit audit events from systemd-sysusers A second patch is backported to avoid conflict and also because it seems reasoanble to backport. --- ...ot-give-up-if-the-first-attempt-at-c.patch | 75 +++++ ...dit-events-for-user-and-group-creati.patch | 287 ++++++++++++++++++ systemd.spec | 5 + 3 files changed, 367 insertions(+) create mode 100644 0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch create mode 100644 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch diff --git a/0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch b/0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch new file mode 100644 index 0000000..76c2be1 --- /dev/null +++ b/0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch @@ -0,0 +1,75 @@ +From 8ed12b37afea9ccc36789aad2cef0d60eb6c5073 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 18 Dec 2024 22:27:29 +0900 +Subject: [PATCH 1/2] update-utmp: do not give up if the first attempt at + connecting bus failed +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Otherwise, the program exits with failure if the first attempt in run() failed: +``` +Dec 18 20:27:37 systemd-update-utmp[254]: Bus n/a: changing state UNSET → OPENING +Dec 18 20:27:37 systemd-update-utmp[254]: sd-bus: starting bus by connecting to /run/systemd/private... +Dec 18 20:27:37 systemd-update-utmp[254]: Bus n/a: changing state OPENING → CLOSED +Dec 18 20:27:37 systemd-update-utmp[254]: Failed to get D-Bus connection: Connection refused +``` + +(cherry picked from commit 85d040dabd2cc67c89b7ed6157429b8f6f2240f4) +--- + src/update-utmp/update-utmp.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/src/update-utmp/update-utmp.c b/src/update-utmp/update-utmp.c +index e40843cf35..a10e6d478a 100644 +--- a/src/update-utmp/update-utmp.c ++++ b/src/update-utmp/update-utmp.c +@@ -53,6 +53,12 @@ static int get_startup_monotonic_time(Context *c, usec_t *ret) { + assert(c); + assert(ret); + ++ if (!c->bus) { ++ r = bus_connect_system_systemd(&c->bus); ++ if (r < 0) ++ return log_warning_errno(r, "Failed to get D-Bus connection, ignoring: %m"); ++ } ++ + r = bus_get_property_trivial( + c->bus, + bus_systemd_mgr, +@@ -94,10 +100,13 @@ static int get_current_runlevel(Context *c) { + UINT64_C(100) * USEC_PER_MSEC + + random_u64_range(UINT64_C(1900) * USEC_PER_MSEC * n_attempts / MAX_ATTEMPTS); + (void) usleep_safe(usec); ++ } + ++ if (!c->bus) { + r = bus_connect_system_systemd(&c->bus); + if (r == -ECONNREFUSED && n_attempts < 64) { +- log_debug_errno(r, "Failed to reconnect to system bus, retrying after a slight delay: %m"); ++ log_debug_errno(r, "Failed to %s to system bus, retrying after a slight delay: %m", ++ n_attempts <= 1 ? "connect" : "reconnect"); + continue; + } + if (r < 0) +@@ -251,7 +260,6 @@ static int run(int argc, char *argv[]) { + .audit_fd = -EBADF, + #endif + }; +- int r; + + log_setup(); + +@@ -264,9 +272,6 @@ static int run(int argc, char *argv[]) { + log_full_errno(IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT) ? LOG_DEBUG : LOG_WARNING, + errno, "Failed to connect to audit log, ignoring: %m"); + #endif +- r = bus_connect_system_systemd(&c.bus); +- if (r < 0) +- return log_error_errno(r, "Failed to get D-Bus connection: %m"); + + return dispatch_verb(argc, argv, verbs, &c); + } +-- +2.47.1 + diff --git a/0002-sysusers-emit-audit-events-for-user-and-group-creati.patch b/0002-sysusers-emit-audit-events-for-user-and-group-creati.patch new file mode 100644 index 0000000..d442f5a --- /dev/null +++ b/0002-sysusers-emit-audit-events-for-user-and-group-creati.patch @@ -0,0 +1,287 @@ +From 398049208b4aae5f2a9f0d4914dee6ab6e101118 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 10 Jan 2025 15:35:13 +0100 +Subject: [PATCH 2/2] sysusers: emit audit events for user and group creation + +Background: Fedora/RHEL are switching to sysusers.d metadata for creation of +users and groups for system users defined by packages +(https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers). +Packages carry sysusers files. During package installation, rpm calls an +program to execute on this config. This program may either be +/usr/lib/rpm/sysusers.sh which calls useradd/groupadd, or +/usr/bin/systemd-sysusers. To match the functionality provided by +useradd/groupadd from the shadow-utils project, systemd-sysusers must emit +audit events so that it provides a drop-in replacement. + +systemd-sysuers will emit audit events AUDIT_ADD_USER/AUDIT_ADD_GROUP when +adding users and groups. The operation "names" are copied from shadow-utils in +Fedora (which has a patch to change them from the upstream version), so the +format of the events that is generated on success should be identical. + +The helper code is shared between sysusers and utmp-wtmp. I changed the +audit_fd variable to be unconditional. This way we can avoid ugly iffdefery +every time the variable would be used. The cost is that 4 bytes of unused +storage might be present. This is negligible, and the compiler might even be +able to optimize that away if it inlines things. +--- + src/basic/audit-util.h | 33 +++++++++++++++++++++ + src/sysusers/meson.build | 2 ++ + src/sysusers/sysusers.c | 56 +++++++++++++++++++++++++++++++++++ + src/update-utmp/update-utmp.c | 23 ++------------ + 4 files changed, 94 insertions(+), 20 deletions(-) + +diff --git a/src/basic/audit-util.h b/src/basic/audit-util.h +index 9a74e4f102..d8ecf14f69 100644 +--- a/src/basic/audit-util.h ++++ b/src/basic/audit-util.h +@@ -1,10 +1,16 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + #pragma once + ++#if HAVE_AUDIT ++# include ++#endif ++ + #include + #include + #include + ++#include "errno-util.h" ++#include "log.h" + #include "pidref.h" + + #define AUDIT_SESSION_INVALID UINT32_MAX +@@ -17,3 +23,30 @@ bool use_audit(void); + static inline bool audit_session_is_valid(uint32_t id) { + return id > 0 && id != AUDIT_SESSION_INVALID; + } ++ ++/* The wrappers for audit_open() and audit_close() are inline functions so that we don't get a spurious ++ * linkage to libaudit in libbasic, but we also don't need to create a separate source file for two very ++ * short functions. */ ++ ++static inline int close_audit_fd(int fd) { ++#if HAVE_AUDIT ++ if (fd >= 0) ++ audit_close(fd); ++#else ++ assert(fd < 0); ++#endif ++ return -EBADF; ++} ++ ++static inline int open_audit_fd_or_warn(void) { ++ int fd = -EBADF; ++ ++#if HAVE_AUDIT ++ /* If the kernel lacks netlink or audit support, don't worry about it. */ ++ fd = audit_open(); ++ if (fd < 0) ++ return log_full_errno(ERRNO_IS_NOT_SUPPORTED(errno) ? LOG_DEBUG : LOG_WARNING, ++ errno, "Failed to connect to audit log, ignoring: %m"); ++#endif ++ return fd; ++} +diff --git a/src/sysusers/meson.build b/src/sysusers/meson.build +index 123ff41d3f..c968f55110 100644 +--- a/src/sysusers/meson.build ++++ b/src/sysusers/meson.build +@@ -9,6 +9,7 @@ executables += [ + 'name' : 'systemd-sysusers', + 'public' : true, + 'sources' : files('sysusers.c'), ++ 'dependencies' : libaudit, + }, + executable_template + { + 'name' : 'systemd-sysusers.standalone', +@@ -20,6 +21,7 @@ executables += [ + libshared_static, + libsystemd_static, + ], ++ 'dependencies' : libaudit, + 'build_by_default' : have_standalone_binaries, + 'install' : have_standalone_binaries, + }, +diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c +index 44253483db..84eb9fc0c3 100644 +--- a/src/sysusers/sysusers.c ++++ b/src/sysusers/sysusers.c +@@ -3,6 +3,7 @@ + #include + + #include "alloc-util.h" ++#include "audit-util.h" + #include "build.h" + #include "chase.h" + #include "conf-files.h" +@@ -106,6 +107,8 @@ STATIC_DESTRUCTOR_REGISTER(arg_image, freep); + STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep); + + typedef struct Context { ++ int audit_fd; ++ + OrderedHashmap *users, *groups; + OrderedHashmap *todo_uids, *todo_gids; + OrderedHashmap *members; +@@ -126,6 +129,8 @@ typedef struct Context { + static void context_done(Context *c) { + assert(c); + ++ c->audit_fd = close_audit_fd(c->audit_fd); ++ + ordered_hashmap_free(c->groups); + ordered_hashmap_free(c->users); + ordered_hashmap_free(c->members); +@@ -163,6 +168,48 @@ static void maybe_emit_login_defs_warning(Context *c) { + c->login_defs_need_warning = false; + } + ++static void log_audit_accounts(Context *c, ItemType what) { ++#if HAVE_AUDIT ++ assert(c); ++ assert(IN_SET(what, ADD_USER, ADD_GROUP)); ++ ++ if (arg_dry_run || c->audit_fd < 0) ++ return; ++ ++ Item *i; ++ int type = what == ADD_USER ? AUDIT_ADD_USER : AUDIT_ADD_GROUP; ++ const char *op = what == ADD_USER ? "adding-user" : "adding-group"; ++ ++ /* Notes: ++ * ++ * The op must not contain whitespace. The format with a dash matches what Fedora shadow-utils uses. ++ * ++ * We send id == -1, even though we know the number, in particular on success. This is because if we ++ * send the id, the generated audit message will not contain the name. The name seems more useful ++ * than the number, hence send just the name: ++ * ++ * type=ADD_USER msg=audit(01/10/2025 16:02:00.639:3854) : ++ * pid=3846380 uid=root auid=zbyszek ses=2 msg='op=adding-user id=unknown(952) exe=systemd-sysusers ... res=success' ++ * vs. ++ * type=ADD_USER msg=audit(01/10/2025 16:03:15.457:3908) : ++ * pid=3846607 uid=root auid=zbyszek ses=2 msg='op=adding-user acct=foo5 exe=systemd-sysusers ... res=success' ++ */ ++ ++ ORDERED_HASHMAP_FOREACH(i, what == ADD_USER ? c->todo_uids : c->todo_gids) ++ audit_log_acct_message( ++ c->audit_fd, ++ type, ++ program_invocation_short_name, ++ op, ++ i->name, ++ /* id= */ (unsigned) -1, ++ /* host= */ NULL, ++ /* addr= */ NULL, ++ /* tty= */ NULL, ++ /* success= */ 1); ++#endif ++} ++ + static int load_user_database(Context *c) { + _cleanup_fclose_ FILE *f = NULL; + const char *passwd_path; +@@ -971,6 +1018,8 @@ static int write_files(Context *c) { + group_tmp, group_path); + group_tmp = mfree(group_tmp); + } ++ /* OK, we have written the group entries successfully */ ++ log_audit_accounts(c, ADD_GROUP); + if (gshadow) { + r = rename_and_apply_smack_floor_label(gshadow_tmp, gshadow_path); + if (r < 0) +@@ -988,6 +1037,8 @@ static int write_files(Context *c) { + + passwd_tmp = mfree(passwd_tmp); + } ++ /* OK, we have written the user entries successfully */ ++ log_audit_accounts(c, ADD_USER); + if (shadow) { + r = rename_and_apply_smack_floor_label(shadow_tmp, shadow_path); + if (r < 0) +@@ -2232,6 +2283,7 @@ static int run(int argc, char *argv[]) { + #endif + _cleanup_close_ int lock = -EBADF; + _cleanup_(context_done) Context c = { ++ .audit_fd = -EBADF, + .search_uid = UID_INVALID, + }; + +@@ -2281,6 +2333,10 @@ static int run(int argc, char *argv[]) { + assert(!arg_image); + #endif + ++ /* Prepare to emit audit events, but only if we're operating on the host system. */ ++ if (!arg_root) ++ c.audit_fd = open_audit_fd_or_warn(); ++ + /* If command line arguments are specified along with --replace, read all configuration files and + * insert the positional arguments at the specified place. Otherwise, if command line arguments are + * specified, execute just them, and finally, without --replace= or any positional arguments, just +diff --git a/src/update-utmp/update-utmp.c b/src/update-utmp/update-utmp.c +index a10e6d478a..6df9414063 100644 +--- a/src/update-utmp/update-utmp.c ++++ b/src/update-utmp/update-utmp.c +@@ -5,12 +5,9 @@ + #include + #include + +-#if HAVE_AUDIT +-#include +-#endif +- + #include "sd-bus.h" + ++#include "audit-util.h" + #include "alloc-util.h" + #include "bus-error.h" + #include "bus-locator.h" +@@ -30,20 +27,14 @@ + + typedef struct Context { + sd_bus *bus; +-#if HAVE_AUDIT + int audit_fd; +-#endif + } Context; + + static void context_clear(Context *c) { + assert(c); + + c->bus = sd_bus_flush_close_unref(c->bus); +-#if HAVE_AUDIT +- if (c->audit_fd >= 0) +- audit_close(c->audit_fd); +- c->audit_fd = -EBADF; +-#endif ++ c->audit_fd = close_audit_fd(c->audit_fd); + } + + static int get_startup_monotonic_time(Context *c, usec_t *ret) { +@@ -256,22 +247,14 @@ static int run(int argc, char *argv[]) { + }; + + _cleanup_(context_clear) Context c = { +-#if HAVE_AUDIT + .audit_fd = -EBADF, +-#endif + }; + + log_setup(); + + umask(0022); + +-#if HAVE_AUDIT +- /* If the kernel lacks netlink or audit support, don't worry about it. */ +- c.audit_fd = audit_open(); +- if (c.audit_fd < 0) +- log_full_errno(IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT) ? LOG_DEBUG : LOG_WARNING, +- errno, "Failed to connect to audit log, ignoring: %m"); +-#endif ++ c.audit_fd = open_audit_fd_or_warn(); + + return dispatch_verb(argc, argv, verbs, &c); + } +-- +2.47.1 + diff --git a/systemd.spec b/systemd.spec index c513a1c..8b7735e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -118,6 +118,11 @@ Patch: https://github.com/systemd/systemd/pull/26494.patch # https://github.com/coreos/fedora-coreos-tracker/issues/1857 Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch +# Backport of sysusers audit support for +# https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers. +Patch: 0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch +Patch: 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch From cc9bce7893d956c5e0a5041e0890150b21c0d6d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 21 Jan 2025 21:57:39 +0100 Subject: [PATCH 391/494] Drop override of $PATH in the user manager We had the override so that the user would have /usr/bin:/usr/sbin, which root had /usr/sbin:/usr/bin. Now that /usr/sbin and /usr/bin are merged, we don't want this. This should fix the issue reported in https://discussion.fedoraproject.org/t/f40-change-proposal-unify-usr-bin-and-usr-sbin-system-wide/99853/25. --- systemd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 8b7735e..e41fab3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -767,7 +767,6 @@ CONFIGURE_OPTS=( -Drc-local=/etc/rc.d/rc.local -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' -Ddns-servers= - -Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin -Dservice-watchdog= -Ddev-kvm-mode=0666 -Dkmod=enabled From de4ae54a3486ca1e0139fc3efdb862883dd6d01a Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Mon, 27 Jan 2025 13:49:04 -0800 Subject: [PATCH 392/494] Backport PR #36194 to add Georgian mapping to kbd-model-map Signed-off-by: Adam Williamson --- ...kbd-model-map-add-a-georgian-mapping.patch | 26 +++++++++++++++++++ systemd.spec | 5 ++++ 2 files changed, 31 insertions(+) create mode 100644 0001-kbd-model-map-add-a-georgian-mapping.patch diff --git a/0001-kbd-model-map-add-a-georgian-mapping.patch b/0001-kbd-model-map-add-a-georgian-mapping.patch new file mode 100644 index 0000000..29d2b40 --- /dev/null +++ b/0001-kbd-model-map-add-a-georgian-mapping.patch @@ -0,0 +1,26 @@ +From d8a47df70daaf1694efe6734348827b57911d65f Mon Sep 17 00:00:00 2001 +From: Adam Williamson +Date: Fri, 10 Jan 2025 13:01:47 -0800 +Subject: [PATCH] kbd-model-map: add a georgian mapping + +https://github.com/legionus/kbd/pull/127 adds a Georgian mapping +to kbd. console-setup already has one. Let's support it here, so +it's used for Georgian installs on distros that use this table. + +Signed-off-by: Adam Williamson +--- + src/locale/kbd-model-map | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/locale/kbd-model-map b/src/locale/kbd-model-map +index 279d1a36d8..612f6d749a 100644 +--- a/src/locale/kbd-model-map ++++ b/src/locale/kbd-model-map +@@ -70,3 +70,4 @@ khmer kh,us pc105 - terminate:ctrl_alt_bksp + es-dvorak es microsoftpro dvorak terminate:ctrl_alt_bksp + lv lv pc105 apostrophe terminate:ctrl_alt_bksp + lv-tilde lv pc105 tilde terminate:ctrl_alt_bksp ++ge ge,us pc105 - terminate:ctrl_alt_bksp +-- +2.47.1 + diff --git a/systemd.spec b/systemd.spec index e41fab3..ed0f857 100644 --- a/systemd.spec +++ b/systemd.spec @@ -131,6 +131,11 @@ Patch: https://github.com/systemd/systemd/pull/30846.patch Patch: https://github.com/systemd/systemd/pull/35938.patch %endif +# https://github.com/systemd/systemd/pull/36194 +# https://bugzilla.redhat.com/show_bug.cgi?id=2336875 +# add Georgian mapping to kbd-model-map +Patch: 0001-kbd-model-map-add-a-georgian-mapping.patch + %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 %endif From 1ffa7bf7c74e09fa42525f17e9da5f51c72ada02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 28 Jan 2025 10:08:50 +0100 Subject: [PATCH 393/494] Make Georgian mapping patch downstream-only [skip changelog] --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index ed0f857..484fc46 100644 --- a/systemd.spec +++ b/systemd.spec @@ -129,12 +129,12 @@ Patch: https://github.com/systemd/systemd/pull/30846.patch # Backport various fmf fixes to allow running the integration tests in Fedora CI. Patch: https://github.com/systemd/systemd/pull/35938.patch -%endif # https://github.com/systemd/systemd/pull/36194 # https://bugzilla.redhat.com/show_bug.cgi?id=2336875 # add Georgian mapping to kbd-model-map Patch: 0001-kbd-model-map-add-a-georgian-mapping.patch +%endif %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 From d66f99791591eb8be0825173326aa0af64598f0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Sat, 1 Feb 2025 19:57:43 +0100 Subject: [PATCH 394/494] Add explicit BR: libxcrypt-devel MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Björn Esser --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index 484fc46..dfe0393 100644 --- a/systemd.spec +++ b/systemd.spec @@ -149,6 +149,7 @@ BuildRequires: libcap-devel BuildRequires: libmount-devel BuildRequires: libfdisk-devel BuildRequires: libpwquality-devel +BuildRequires: libxcrypt-devel BuildRequires: pam-devel BuildRequires: libselinux-devel BuildRequires: audit-libs-devel From 2c0b984bf41db96b6e80ef53947aeb878b326cbb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 13 Feb 2025 20:27:12 +0100 Subject: [PATCH 395/494] Version 257.3 - updates to systemd, systemctl, systemd-udev, systemd-sbsign, systemd-machined, systemd-resolved, systemd-firstboot, systemd-sysupdate, systemd-repart, systemd-vmspawn, systemd-networkd, systemd-update-utmp, systemd-tmpfiles, systemd-logind, bootctl, varlink, ukify, homectl, userdbctl, UKI support, sd-stub, log messages, man pages - the hwdb is updated from mainline at 2025-02-07 - resolves rhbz#2345544 --- ...kbd-model-map-add-a-georgian-mapping.patch | 26 - 35938.patch | 879 ------------------ sources | 2 +- systemd.spec | 10 +- 4 files changed, 2 insertions(+), 915 deletions(-) delete mode 100644 0001-kbd-model-map-add-a-georgian-mapping.patch delete mode 100644 35938.patch diff --git a/0001-kbd-model-map-add-a-georgian-mapping.patch b/0001-kbd-model-map-add-a-georgian-mapping.patch deleted file mode 100644 index 29d2b40..0000000 --- a/0001-kbd-model-map-add-a-georgian-mapping.patch +++ /dev/null @@ -1,26 +0,0 @@ -From d8a47df70daaf1694efe6734348827b57911d65f Mon Sep 17 00:00:00 2001 -From: Adam Williamson -Date: Fri, 10 Jan 2025 13:01:47 -0800 -Subject: [PATCH] kbd-model-map: add a georgian mapping - -https://github.com/legionus/kbd/pull/127 adds a Georgian mapping -to kbd. console-setup already has one. Let's support it here, so -it's used for Georgian installs on distros that use this table. - -Signed-off-by: Adam Williamson ---- - src/locale/kbd-model-map | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/locale/kbd-model-map b/src/locale/kbd-model-map -index 279d1a36d8..612f6d749a 100644 ---- a/src/locale/kbd-model-map -+++ b/src/locale/kbd-model-map -@@ -70,3 +70,4 @@ khmer kh,us pc105 - terminate:ctrl_alt_bksp - es-dvorak es microsoftpro dvorak terminate:ctrl_alt_bksp - lv lv pc105 apostrophe terminate:ctrl_alt_bksp - lv-tilde lv pc105 tilde terminate:ctrl_alt_bksp -+ge ge,us pc105 - terminate:ctrl_alt_bksp --- -2.47.1 - diff --git a/35938.patch b/35938.patch deleted file mode 100644 index 7f9f9be..0000000 --- a/35938.patch +++ /dev/null @@ -1,879 +0,0 @@ -From 1f21bbecade2c74a02ec8e2d5ebc8757752ea7b2 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 8 Jan 2025 10:25:05 +0100 -Subject: [PATCH 01/22] fmf: Don't fail if we can't put selinux in permissive - mode - -The tests might be running unprivileged or in an environment without -selinux so let's not fail if we can't put it in permissive mode. - -(cherry picked from commit 0250db0139b159cb9e6c1a87ad91ffdd03e80236) ---- - test/fmf/integration-tests/test.sh | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 4984fb119b571..fe139567bdf06 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -4,8 +4,8 @@ - set -eux - set -o pipefail - --# Switch SELinux to permissive, since the tests don't set proper contexts --setenforce 0 -+# Switch SELinux to permissive if possible, since the tests don't set proper contexts -+setenforce 0 || true - - # Allow running the integration tests downstream in dist-git with something like - # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: - -From 006ff34ef7d27aa10fd7343dacd1663f25561799 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 8 Jan 2025 10:25:50 +0100 -Subject: [PATCH 02/22] fmf: Fix dist-git example - -All that's needed is dist-git-source: true so remove the other settings -that aren't required. - -(cherry picked from commit 0a85b3757968a2750286119760244e017c990263) ---- - test/fmf/integration-tests/test.sh | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index fe139567bdf06..73771d4237207 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -13,9 +13,6 @@ setenforce 0 || true - # summary: systemd Fedora test suite - # discover: - # how: fmf --# url: https://github.com/systemd/systemd --# ref: main --# path: test/fmf - # dist-git-source: true - # dist-git-install-builddeps: false - # prepare: - -From fc5028ef24af77c9bf0965bb9e3518cdc1041797 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 8 Jan 2025 10:38:21 +0100 -Subject: [PATCH 03/22] fmf: Fix glob - -Globs inside quotes aren't expanded and we need the glob to be more -specific to avoid matching multiple entries inside the tmt source -directory. - -(cherry picked from commit fc1b08dee2ccf706580fa448e66831d1e853d054) ---- - test/fmf/integration-tests/test.sh | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 73771d4237207..0a1595fa97268 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -23,8 +23,11 @@ setenforce 0 || true - # execute: - # how: tmt - -+shopt -s extglob -+ - if [[ -n "${TMT_SOURCE_DIR:-}" ]]; then -- pushd "$TMT_SOURCE_DIR/*/" -+ # Match either directories ending with branch names (e.g. systemd-fmf) or releases (e.g systemd-257.1). -+ pushd "$TMT_SOURCE_DIR"/systemd-+([0-9a-z.~])/ - elif [[ -n "${PACKIT_TARGET_URL:-}" ]]; then - # Prepare systemd source tree - git clone "$PACKIT_TARGET_URL" systemd --branch "$PACKIT_TARGET_BRANCH" - -From bff09b9634e0160bd33302eec1c25438cdba2af5 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 8 Jan 2025 12:12:15 +0100 -Subject: [PATCH 04/22] fmf: Only mess with /etc/yum.repos.d when running - within testing farm - -If running tmt locally to debug the test script, make sure we don't -mess with /etc/yum.repos.d. - -(cherry picked from commit 8e3347f3bd3d9a01b8f39b0858eab74084ecf20a) ---- - test/fmf/integration-tests/test.sh | 18 ++++++++++++------ - 1 file changed, 12 insertions(+), 6 deletions(-) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 0a1595fa97268..347cd219a458a 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -63,6 +63,11 @@ Release=${VERSION_ID:-rawhide} - [Build] - ToolsTreeDistribution=$ID - ToolsTreeRelease=${VERSION_ID:-rawhide} -+EOF -+ -+if [[ -n "${TESTING_FARM_REQUEST_ID:-}" ]]; then -+ tee --append mkosi.local.conf <> /etc/yum.repos.d/copr_build* -+ # Ensure packages built for this test have highest priority -+ echo -e "\npriority=1" >> /etc/yum.repos.d/copr_build* - --# Disable mkosi's own repository logic --touch /etc/yum.repos.d/mkosi.repo -+ # Disable mkosi's own repository logic -+ touch /etc/yum.repos.d/mkosi.repo -+fi - - # TODO: drop once BTRFS regression is fixed in kernel 6.13 - sed -i "s/Format=btrfs/Format=ext4/" mkosi.repart/10-root.conf - -From d0b9af0f2bb5f8891eb4def4ec201bf527fe2096 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 8 Jan 2025 16:41:46 +0100 -Subject: [PATCH 05/22] fmf: Dump CPU and memory information - -(cherry picked from commit 44368f84d7ddbec7a50648a65c27cb6a31090a29) ---- - test/fmf/integration-tests/test.sh | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 347cd219a458a..4545090c3c1ab 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -7,6 +7,10 @@ set -o pipefail - # Switch SELinux to permissive if possible, since the tests don't set proper contexts - setenforce 0 || true - -+echo "CPU and Memory information:" -+lscpu -+lsmem -+ - # Allow running the integration tests downstream in dist-git with something like - # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: - # - -From c8cd705e5ed0a1f1fe642772a7605b36f30215a1 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 8 Jan 2025 13:31:11 +0100 -Subject: [PATCH 06/22] TEST-06-SELINUX: Add knob to allow checking for AVCs - -When running the integration tests downstream, it's useful to be -able to test that a new systemd version doesn't introduce any AVC -denials, so let's add a knob to make that possible. - -(cherry picked from commit de19520ec979902fd457515d1a795210fdaedf93) ---- - test/README.testsuite | 10 ++++++++++ - test/fmf/integration-tests/test.sh | 7 +++++++ - test/units/TEST-06-SELINUX.sh | 4 ++++ - 3 files changed, 21 insertions(+) - -diff --git a/test/README.testsuite b/test/README.testsuite -index da2d17a6dba7c..6b367aa6738fa 100644 ---- a/test/README.testsuite -+++ b/test/README.testsuite -@@ -151,6 +151,16 @@ that make use of `run_testcases`. - - `TEST_SKIP_TESTCASE=testcase`: takes a space separated list of testcases to skip. - -+### SELinux AVCs -+ -+To have `TEST-06-SELINUX` check for SELinux denials, write the following to -+mkosi.local.conf: -+ -+```conf -+[Runtime] -+KernelCommandLineExtra=systemd.setenv=TEST_SELINUX_CHECK_AVCS=1 -+``` -+ - ## Ubuntu CI - - New PRs submitted to the project are run through regression tests, and one set -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 4545090c3c1ab..fccfa15c72821 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -69,6 +69,13 @@ ToolsTreeDistribution=$ID - ToolsTreeRelease=${VERSION_ID:-rawhide} - EOF - -+if [[ -n "${TEST_SELINUX_CHECK_AVCS:-}" ]]; then -+ tee --append mkosi.local.conf < -Date: Wed, 8 Jan 2025 16:03:06 +0100 -Subject: [PATCH 07/22] fmf: Force SELinux relabel when running within testing - farm - -We expect to run as root within testing farm and to have permissions -to do selinux relabelling so let's enable it explicitly. - -(cherry picked from commit e1c883bf32f3922bfc977701062e353c0a0a4ac5) ---- - test/fmf/integration-tests/test.sh | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index fccfa15c72821..8cea79cf30274 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -78,6 +78,9 @@ fi - - if [[ -n "${TESTING_FARM_REQUEST_ID:-}" ]]; then - tee --append mkosi.local.conf < -Date: Thu, 9 Jan 2025 11:27:51 +0100 -Subject: [PATCH 08/22] test: Drop set -x from integration-test-setup.sh - -(cherry picked from commit 90538ede55ac9d40dc513f64f052c687672cae89) ---- - test/integration-test-setup.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/test/integration-test-setup.sh b/test/integration-test-setup.sh -index d7c384a97cf48..c67f938acf26f 100755 ---- a/test/integration-test-setup.sh -+++ b/test/integration-test-setup.sh -@@ -1,6 +1,6 @@ - #!/usr/bin/env bash - # SPDX-License-Identifier: LGPL-2.1-or-later --set -eux -+set -eu - set -o pipefail - - case "$1" in - -From 9f6617a1a086ecbdd4abb29d4a5b4eada05eb9c4 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 9 Jan 2025 11:28:15 +0100 -Subject: [PATCH 09/22] test: Only plug in integration-test-setup.sh in - interactive mode - -If we're not running interactively, there's no point in the features -from integration-test-setup.sh which are intended for interactive -development and debugging so lets skip adding it in that case. - -(cherry picked from commit 794d456cf402a35290d6562c21f0ff846511026c) ---- - test/integration-test-wrapper.py | 9 +++++++++ - test/test.service.in | 2 -- - 2 files changed, 9 insertions(+), 2 deletions(-) - -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index ef6df8840f50d..5fa0325b889e5 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -459,6 +459,15 @@ def main() -> None: - """ - ) - -+ if sys.stderr.isatty(): -+ dropin += textwrap.dedent( -+ """ -+ [Service] -+ ExecStartPre=/usr/lib/systemd/tests/testdata/integration-test-setup.sh setup -+ ExecStopPost=/usr/lib/systemd/tests/testdata/integration-test-setup.sh finalize -+ """ -+ ) -+ - cmd = [ - args.mkosi, - '--directory', os.fspath(args.meson_source_dir), -diff --git a/test/test.service.in b/test/test.service.in -index 6400be0700288..75f703698f687 100644 ---- a/test/test.service.in -+++ b/test/test.service.in -@@ -7,9 +7,7 @@ Before=getty-pre.target - - [Service] - ExecStartPre=rm -f /failed /testok --ExecStartPre=/usr/lib/systemd/tests/testdata/integration-test-setup.sh setup - ExecStart=@command@ --ExecStopPost=/usr/lib/systemd/tests/testdata/integration-test-setup.sh finalize - Type=oneshot - MemoryAccounting=@memory-accounting@ - StateDirectory=%N - -From 2aa2a0c9d166fd7a77c027852255bf248fe63aa0 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Tue, 7 Jan 2025 15:01:02 +0100 -Subject: [PATCH 10/22] mkosi: Re-enable TEST-21-DFUZZER when running with - sanitizers - -Similar to how CentOS CI did it previously, let's only run -TEST-21-DFUZZER when built with sanitizers for maximum effect. - -(cherry picked from commit 103e92810a4bd3f01d2a49d85ef9575d60a8d244) ---- - .github/workflows/mkosi.yml | 8 ++++++++ - test/TEST-21-DFUZZER/meson.build | 1 - - 2 files changed, 8 insertions(+), 1 deletion(-) - -diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml -index a043022ce05a1..592ed41051458 100644 ---- a/.github/workflows/mkosi.yml -+++ b/.github/workflows/mkosi.yml -@@ -61,6 +61,7 @@ jobs: - cflags: "-O2 -D_FORTIFY_SOURCE=3" - relabel: no - vm: 1 -+ skip: TEST-21-DFUZZER - - distro: debian - release: testing - sanitizers: "" -@@ -68,6 +69,7 @@ jobs: - cflags: "-Og" - relabel: no - vm: 0 -+ skip: TEST-21-DFUZZER - - distro: ubuntu - release: noble - sanitizers: "" -@@ -75,6 +77,7 @@ jobs: - cflags: "-Og" - relabel: no - vm: 0 -+ skip: TEST-21-DFUZZER - - distro: fedora - release: "41" - sanitizers: "" -@@ -82,6 +85,7 @@ jobs: - cflags: "-Og" - relabel: yes - vm: 0 -+ skip: TEST-21-DFUZZER - - distro: fedora - release: rawhide - sanitizers: address,undefined -@@ -96,6 +100,7 @@ jobs: - cflags: "-Og" - relabel: no - vm: 0 -+ skip: TEST-21-DFUZZER - - distro: centos - release: "9" - sanitizers: "" -@@ -103,6 +108,7 @@ jobs: - cflags: "-Og" - relabel: yes - vm: 0 -+ skip: TEST-21-DFUZZER - - distro: centos - release: "10" - sanitizers: "" -@@ -110,6 +116,7 @@ jobs: - cflags: "-Og" - relabel: yes - vm: 0 -+ skip: TEST-21-DFUZZER - - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 -@@ -195,6 +202,7 @@ jobs: - mkosi sandbox \ - env \ - TEST_PREFER_QEMU=${{ matrix.vm }} \ -+ TEST_SKIP=${{ matrix.skip }} \ - meson test \ - -C build \ - --no-rebuild \ -diff --git a/test/TEST-21-DFUZZER/meson.build b/test/TEST-21-DFUZZER/meson.build -index f57be63380222..932f0c5f0e407 100644 ---- a/test/TEST-21-DFUZZER/meson.build -+++ b/test/TEST-21-DFUZZER/meson.build -@@ -6,6 +6,5 @@ integration_tests += [ - 'timeout' : 3600, - 'priority' : 50, - 'vm' : true, -- 'enabled' : false, - }, - ] - -From 0d6306c37144494e8b029a5f73aec40372587203 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 9 Jan 2025 15:13:18 +0100 -Subject: [PATCH 11/22] fmf: Move meson logs and failed test journals to test - artifacts dir - -(cherry picked from commit 0e444c948e7d8ddbdec83116b68af7d876e2d2f6) ---- - test/fmf/integration-tests/test.sh | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 8cea79cf30274..762016f2a5c1c 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -125,6 +125,11 @@ mkosi -f sandbox \ - --suite integration-tests \ - --print-errorlogs \ - --no-stdsplit \ -- --num-processes "$(($(nproc) - 1))" -+ --num-processes "$(($(nproc) - 1))" && EC=0 || EC=$? -+ -+find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; -+find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; - - popd -+ -+exit "$EC" - -From 80d2d53b0d8573b69597a37f6ced38df97ad2746 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 9 Jan 2025 15:24:51 +0100 -Subject: [PATCH 12/22] fmf: Log clock source - -(cherry picked from commit 6e761c5a93278fc719a66f7c984af9608b836991) ---- - test/fmf/integration-tests/test.sh | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 762016f2a5c1c..d1e43b1d7dbc9 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -11,6 +11,8 @@ echo "CPU and Memory information:" - lscpu - lsmem - -+echo "Clock source: $(cat /sys/devices/system/clocksource/clocksource0/current_clocksource)" -+ - # Allow running the integration tests downstream in dist-git with something like - # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: - # - -From 0584ff62f23838d2a85d48ce22a56aeb61e6f3e7 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 9 Jan 2025 16:24:22 +0100 -Subject: [PATCH 13/22] tree-wide: Fix python formatting - -The new release of ruff formats a few more things which causes linter -failures in CI so let's fix those formatting nits. - -(cherry picked from commit 96403d5121d93dd47dbe9dab5b90ff973e664ac3) ---- - src/ukify/ukify.py | 6 +++--- - test/integration-test-wrapper.py | 6 +++--- - 2 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py -index 3f36aa7af6b08..be4e30eb8e36e 100755 ---- a/src/ukify/ukify.py -+++ b/src/ukify/ukify.py -@@ -763,7 +763,7 @@ def call_systemd_measure(uki: UKI, opts: UkifyConfig, profile_start: int = 0) -> - cmd = [ - measure_tool, - 'calculate', -- *(f"--{s.name.removeprefix('.')}={s.content}" for s in to_measure.values()), -+ *(f'--{s.name.removeprefix(".")}={s.content}' for s in to_measure.values()), - *(f'--bank={bank}' for bank in banks), - # For measurement, the keys are not relevant, so we can lump all the phase paths - # into one call to systemd-measure calculate. -@@ -786,7 +786,7 @@ def call_systemd_measure(uki: UKI, opts: UkifyConfig, profile_start: int = 0) -> - cmd = [ - measure_tool, - 'sign', -- *(f"--{s.name.removeprefix('.')}={s.content}" for s in to_measure.values()), -+ *(f'--{s.name.removeprefix(".")}={s.content}' for s in to_measure.values()), - *(f'--bank={bank}' for bank in banks), - ] - -@@ -1284,7 +1284,7 @@ def make_uki(opts: UkifyConfig) -> None: - os.umask(umask := os.umask(0)) - os.chmod(opts.output, 0o777 & ~umask) - -- print(f"Wrote {'signed' if sign_args_present else 'unsigned'} {opts.output}") -+ print(f'Wrote {"signed" if sign_args_present else "unsigned"} {opts.output}') - - - @contextlib.contextmanager -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index 5fa0325b889e5..d9d92fcba3b0e 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -429,7 +429,7 @@ def main() -> None: - dropin += textwrap.dedent( - f""" - [Service] -- Environment=TEST_MATCH_SUBTEST={os.environ["TEST_MATCH_SUBTEST"]} -+ Environment=TEST_MATCH_SUBTEST={os.environ['TEST_MATCH_SUBTEST']} - """ - ) - -@@ -437,7 +437,7 @@ def main() -> None: - dropin += textwrap.dedent( - f""" - [Service] -- Environment=TEST_MATCH_TESTCASE={os.environ["TEST_MATCH_TESTCASE"]} -+ Environment=TEST_MATCH_TESTCASE={os.environ['TEST_MATCH_TESTCASE']} - """ - ) - -@@ -568,7 +568,7 @@ def main() -> None: - - ops += [f'journalctl --file {journal_file} --no-hostname -o short-monotonic -u {args.unit} -p info'] - -- print("Test failed, relevant logs can be viewed with: \n\n" f"{(' && '.join(ops))}\n", file=sys.stderr) -+ print(f'Test failed, relevant logs can be viewed with: \n\n{(" && ".join(ops))}\n', file=sys.stderr) - - # 0 also means we failed so translate that to a non-zero exit code to mark the test as failed. - exit(result.returncode or 1) - -From eb15a87fb0ba3d37b58e0b74f6c796f6d632c273 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 10 Jan 2025 14:27:33 +0100 -Subject: [PATCH 14/22] test: Add option to save in progress test journals to - /tmp - -The journal isn't the best at being fast, especially when writing -to disk and not to memory, which can cause integration tests to -grind to a halt on beefy systems due to all the systemd-journal-remote -instances not being able to write journal entries to disk fast enough. - -Let's introduce an option to allow writing in progress test journals -to use /tmp which can be used on beefy systems with lots of memory to -speed things up. - -(cherry picked from commit e49fdecd161b3d391e55311652fda3220d851fa1) ---- - test/README.testsuite | 4 ++++ - test/integration-test-wrapper.py | 12 +++++++++++- - 2 files changed, 15 insertions(+), 1 deletion(-) - -diff --git a/test/README.testsuite b/test/README.testsuite -index 6b367aa6738fa..e33c08f33a20e 100644 ---- a/test/README.testsuite -+++ b/test/README.testsuite -@@ -151,6 +151,10 @@ that make use of `run_testcases`. - - `TEST_SKIP_TESTCASE=testcase`: takes a space separated list of testcases to skip. - -+`TEST_JOURNAL_USE_TMP=1`: Write test journal to `/tmp` while the test is in -+progress and only move the journal to its final location in the build directory -+(`$BUILD_DIR/test/journal`) when the test is finished. -+ - ### SELinux AVCs - - To have `TEST-06-SELINUX` check for SELinux denials, write the following to -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index d9d92fcba3b0e..1c28cf3776e80 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -10,6 +10,7 @@ - import os - import re - import shlex -+import shutil - import subprocess - import sys - import tempfile -@@ -441,7 +442,11 @@ def main() -> None: - """ - ) - -- journal_file = (args.meson_build_dir / (f'test/journal/{name}.journal')).absolute() -+ if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': -+ journal_file = Path(f'/tmp/systemd-integration-tests/journal/{name.journal}') -+ else: -+ journal_file = (args.meson_build_dir / f'test/journal/{name}.journal').absolute() -+ - journal_file.unlink(missing_ok=True) - - if not sys.stderr.isatty(): -@@ -551,6 +556,11 @@ def main() -> None: - ): - journal_file.unlink(missing_ok=True) - -+ if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': -+ dst = args.meson_build_dir / f'test/journal/{name}.journal' -+ dst.parent.mkdir(parents=True, exist_ok=True) -+ shutil.move(journal_file, dst) -+ - if shell or (result.returncode in (args.exit_code, 77) and not coredumps and not sanitizer): - exit(0 if shell or result.returncode == args.exit_code else 77) - - -From ce86b8086e92c84e33385fb48467384abe74ca6d Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 10 Jan 2025 14:29:58 +0100 -Subject: [PATCH 15/22] test: Don't register machines with machined unless - we're in interactive mode - -(cherry picked from commit 84b30442d257102a9a39122f9a537fa48fb0bfda) ---- - test/integration-test-wrapper.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index 1c28cf3776e80..94904cfbc4c05 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -516,7 +516,7 @@ def main() -> None: - ] - ), - '--credential', f"journal.storage={'persistent' if sys.stderr.isatty() else args.storage}", -- *(['--runtime-build-sources=no'] if not sys.stderr.isatty() else []), -+ *(['--runtime-build-sources=no', '--register=no'] if not sys.stderr.isatty() else []), - 'vm' if args.vm or os.getuid() != 0 or os.getenv('TEST_PREFER_QEMU', '0') == '1' else 'boot', - ] # fmt: skip - - -From 504eee6eb099c80b48d8bf7e82ca9e0d6549e076 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 10 Jan 2025 14:51:24 +0100 -Subject: [PATCH 16/22] test: Move StateDirectory= directive into dropin - -The integration-test-setup calls require StateDirectory= but some -tests override the test unit used which then won't have StateDirectory= -so let's move StateDirectory= into the dropin as well to avoid this -issue. - -(cherry picked from commit 1f17ec0ed419627a686ee6e719ac7f55cf082ada) ---- - test/integration-test-wrapper.py | 1 + - test/test.service.in | 1 - - 2 files changed, 1 insertion(+), 1 deletion(-) - -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index 94904cfbc4c05..610c34c903425 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -470,6 +470,7 @@ def main() -> None: - [Service] - ExecStartPre=/usr/lib/systemd/tests/testdata/integration-test-setup.sh setup - ExecStopPost=/usr/lib/systemd/tests/testdata/integration-test-setup.sh finalize -+ StateDirectory=%N - """ - ) - -diff --git a/test/test.service.in b/test/test.service.in -index 75f703698f687..790c513da4338 100644 ---- a/test/test.service.in -+++ b/test/test.service.in -@@ -10,4 +10,3 @@ ExecStartPre=rm -f /failed /testok - ExecStart=@command@ - Type=oneshot - MemoryAccounting=@memory-accounting@ --StateDirectory=%N - -From 4fc1059282f5e39b3385fe175d377de96461f68b Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 10 Jan 2025 15:26:37 +0100 -Subject: [PATCH 17/22] fmf: Bump inotify limits to avoid systemd-nspawn - failures - -(cherry picked from commit c32a8cdaa0f03ae29e9edade1213cc2001b28000) ---- - test/fmf/integration-tests/test.sh | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index d1e43b1d7dbc9..34bf1abfa8943 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -13,6 +13,10 @@ lsmem - - echo "Clock source: $(cat /sys/devices/system/clocksource/clocksource0/current_clocksource)" - -+# Bump inotify limits so nspawn containers don't run out of inotify file descriptors. -+sysctl fs.inotify.max_user_watches=65536 -+sysctl fs.inotify.max_user_instances=1024 -+ - # Allow running the integration tests downstream in dist-git with something like - # the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: - # - -From 7f3639f9a0ead8ea70f2d975de4271bb7d8ab05b Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 10 Jan 2025 15:26:54 +0100 -Subject: [PATCH 18/22] fmf: Use different heuristic on beefy systems - -If we save journals in /tmp, we can run a larger number of tests in -parallel so let's make use of the larger number of CPUs if the tests -run on a beefy machine. - -(cherry picked from commit 53546c71fe0a1b30ee296df84bb8c3577f5675a4) ---- - test/fmf/integration-tests/test.sh | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 34bf1abfa8943..06a98bfd7a0be 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -116,6 +116,14 @@ if [[ ! -e /dev/kvm ]]; then - export TEST_NO_QEMU=1 - fi - -+NPROC="$(nproc)" -+if [[ "$NPROC" -ge 10 ]]; then -+ export TEST_JOURNAL_USE_TMP=1 -+ NPROC="$((NPROC / 3))" -+else -+ NPROC="$((NPROC - 1))" -+fi -+ - # Create missing mountpoint for mkosi sandbox. - mkdir -p /etc/pacman.d/gnupg - -@@ -131,7 +139,7 @@ mkosi -f sandbox \ - --suite integration-tests \ - --print-errorlogs \ - --no-stdsplit \ -- --num-processes "$(($(nproc) - 1))" && EC=0 || EC=$? -+ --num-processes "$NPROC" && EC=0 || EC=$? - - find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; - find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; - -From 3661dcc1cbf43dca2a9a77c3dffe50cbe1a7ea18 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 10 Jan 2025 15:29:28 +0100 -Subject: [PATCH 19/22] fmf: Skip TEST-21-DFUZZER - -Similar to Github Actions, since we don't build with sanitizers in -the packit job, let's skip TEST-21-DFUZZER. - -(cherry picked from commit e0c2fd6a3345d26afdf4159406c38cd9101d2e0d) ---- - test/fmf/integration-tests/test.sh | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index 06a98bfd7a0be..f82961f9599d0 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -124,6 +124,10 @@ else - NPROC="$((NPROC - 1))" - fi - -+# This test is only really useful if we're building with sanitizers and takes a long time, so let's skip it -+# for now. -+export TEST_SKIP="TEST-21-DFUZZER" -+ - # Create missing mountpoint for mkosi sandbox. - mkdir -p /etc/pacman.d/gnupg - - -From 25c8ee9dc089b593940cefefb2dba7660768a7a8 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Mon, 13 Jan 2025 10:33:20 +0100 -Subject: [PATCH 20/22] test: Fix bug in integration test wrapper - -(cherry picked from commit 79ac78e3680a425d86c7a90e6846c630c9583b48) ---- - test/integration-test-wrapper.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index 610c34c903425..5321faef57818 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -443,7 +443,7 @@ def main() -> None: - ) - - if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': -- journal_file = Path(f'/tmp/systemd-integration-tests/journal/{name.journal}') -+ journal_file = Path(f'/tmp/systemd-integration-tests/journal/{name}.journal') - else: - journal_file = (args.meson_build_dir / f'test/journal/{name}.journal').absolute() - - -From 051ad7661f7cf29b6cbf99c70a6a504f777bc240 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Tue, 14 Jan 2025 09:52:40 +0100 -Subject: [PATCH 21/22] test: Only move journal file if we didn't just unlink - it - -(cherry picked from commit 1d77ac19cfa1c9b194d7e9805430ab6fd38ba97e) ---- - test/integration-test-wrapper.py | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index 5321faef57818..a7bf5ea6060d4 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -556,8 +556,7 @@ def main() -> None: - and not sanitizer - ): - journal_file.unlink(missing_ok=True) -- -- if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': -+ elif os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1': - dst = args.meson_build_dir / f'test/journal/{name}.journal' - dst.parent.mkdir(parents=True, exist_ok=True) - shutil.move(journal_file, dst) - -From 6cd2c87e4ef1379520c98316ac5d6bcf21ef1bd1 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Tue, 14 Jan 2025 11:41:17 +0100 -Subject: [PATCH 22/22] fmf: Only move logs if corresponding directory exists - -Otherwise find fails with an error. - -(cherry picked from commit 3c2fa8e0501f9f39b3b7ca0506a7d548a39af928) ---- - test/fmf/integration-tests/test.sh | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh -index f82961f9599d0..aff79340f79fe 100755 ---- a/test/fmf/integration-tests/test.sh -+++ b/test/fmf/integration-tests/test.sh -@@ -145,8 +145,8 @@ mkosi -f sandbox \ - --no-stdsplit \ - --num-processes "$NPROC" && EC=0 || EC=$? - --find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; --find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; -+[[ -d build/meson-logs ]] && find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; -+[[ -d build/test/journal ]] && find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; - - popd - diff --git a/sources b/sources index b8843e6..ab9fabe 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.2.tar.gz) = 4f47fcd9a4148101ee7b85cf5908a04ec9e025dc7a5a2e8e61c05439cfd427851b6d356bb96a0dfae55566bbf6d3c93a13251d220840c09296e94f80bd4a5945 +SHA512 (systemd-257.3.tar.gz) = ef395998df4b24537147fa3b2e3ae2d100d3345f386fc39018bca0fe8092b7874bf9a6e6058a142342b3a0caebe1312ea9519bcbb4327a9d3649f593c49b3dab diff --git a/systemd.spec b/systemd.spec index dfe0393..b69e405 100644 --- a/systemd.spec +++ b/systemd.spec @@ -53,7 +53,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:257.2} +Version: %{?version_override}%{!?version_override:257.3} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif @@ -126,14 +126,6 @@ Patch: 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch - -# Backport various fmf fixes to allow running the integration tests in Fedora CI. -Patch: https://github.com/systemd/systemd/pull/35938.patch - -# https://github.com/systemd/systemd/pull/36194 -# https://bugzilla.redhat.com/show_bug.cgi?id=2336875 -# add Georgian mapping to kbd-model-map -Patch: 0001-kbd-model-map-add-a-georgian-mapping.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From 49ec9f3286e6c18e48f3ee3a08da950d0113f853 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 13 Feb 2025 20:56:21 +0100 Subject: [PATCH 396/494] Move some files into subpackages - systemd-ac-power is moved to systemd-udev - portablectl and importctl are moved to systemd-container (rhbz#2345551) ac-power clearly is only useful for real hardware. portablectl and importctl are niche tools that don't need to be in the main package (even though they could theoretically be used not for containers). --- split-files.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/split-files.py b/split-files.py index b08c2bd..2cdc655 100644 --- a/split-files.py +++ b/split-files.py @@ -137,6 +137,8 @@ for file in files(buildroot): elif re.search(r'''mymachines| machinectl| + importctl| + portablectl| systemd-nspawn| systemd-vmspawn| import-pubring.gpg| @@ -178,6 +180,7 @@ for file in files(buildroot): elif re.search(r'''udev(?!\.pc)| hwdb| + ac-power| bootctl| boot-update| bless-boot| From 5c40e0872889b20108072a64845b2c87aa162e1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 13 Feb 2025 21:10:02 +0100 Subject: [PATCH 397/494] Remove patch that is already upstream [skip changelog] --- ...ot-give-up-if-the-first-attempt-at-c.patch | 75 ------------------- systemd.spec | 1 - 2 files changed, 76 deletions(-) delete mode 100644 0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch diff --git a/0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch b/0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch deleted file mode 100644 index 76c2be1..0000000 --- a/0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 8ed12b37afea9ccc36789aad2cef0d60eb6c5073 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 18 Dec 2024 22:27:29 +0900 -Subject: [PATCH 1/2] update-utmp: do not give up if the first attempt at - connecting bus failed -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Otherwise, the program exits with failure if the first attempt in run() failed: -``` -Dec 18 20:27:37 systemd-update-utmp[254]: Bus n/a: changing state UNSET → OPENING -Dec 18 20:27:37 systemd-update-utmp[254]: sd-bus: starting bus by connecting to /run/systemd/private... -Dec 18 20:27:37 systemd-update-utmp[254]: Bus n/a: changing state OPENING → CLOSED -Dec 18 20:27:37 systemd-update-utmp[254]: Failed to get D-Bus connection: Connection refused -``` - -(cherry picked from commit 85d040dabd2cc67c89b7ed6157429b8f6f2240f4) ---- - src/update-utmp/update-utmp.c | 15 ++++++++++----- - 1 file changed, 10 insertions(+), 5 deletions(-) - -diff --git a/src/update-utmp/update-utmp.c b/src/update-utmp/update-utmp.c -index e40843cf35..a10e6d478a 100644 ---- a/src/update-utmp/update-utmp.c -+++ b/src/update-utmp/update-utmp.c -@@ -53,6 +53,12 @@ static int get_startup_monotonic_time(Context *c, usec_t *ret) { - assert(c); - assert(ret); - -+ if (!c->bus) { -+ r = bus_connect_system_systemd(&c->bus); -+ if (r < 0) -+ return log_warning_errno(r, "Failed to get D-Bus connection, ignoring: %m"); -+ } -+ - r = bus_get_property_trivial( - c->bus, - bus_systemd_mgr, -@@ -94,10 +100,13 @@ static int get_current_runlevel(Context *c) { - UINT64_C(100) * USEC_PER_MSEC + - random_u64_range(UINT64_C(1900) * USEC_PER_MSEC * n_attempts / MAX_ATTEMPTS); - (void) usleep_safe(usec); -+ } - -+ if (!c->bus) { - r = bus_connect_system_systemd(&c->bus); - if (r == -ECONNREFUSED && n_attempts < 64) { -- log_debug_errno(r, "Failed to reconnect to system bus, retrying after a slight delay: %m"); -+ log_debug_errno(r, "Failed to %s to system bus, retrying after a slight delay: %m", -+ n_attempts <= 1 ? "connect" : "reconnect"); - continue; - } - if (r < 0) -@@ -251,7 +260,6 @@ static int run(int argc, char *argv[]) { - .audit_fd = -EBADF, - #endif - }; -- int r; - - log_setup(); - -@@ -264,9 +272,6 @@ static int run(int argc, char *argv[]) { - log_full_errno(IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT) ? LOG_DEBUG : LOG_WARNING, - errno, "Failed to connect to audit log, ignoring: %m"); - #endif -- r = bus_connect_system_systemd(&c.bus); -- if (r < 0) -- return log_error_errno(r, "Failed to get D-Bus connection: %m"); - - return dispatch_verb(argc, argv, verbs, &c); - } --- -2.47.1 - diff --git a/systemd.spec b/systemd.spec index b69e405..2e85244 100644 --- a/systemd.spec +++ b/systemd.spec @@ -120,7 +120,6 @@ Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch # Backport of sysusers audit support for # https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers. -Patch: 0001-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch Patch: 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch # Those are downstream-only patches, but we don't want them in packit builds: From 3671a5cc790f4aa82cbf1a179a15e11a96b76438 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 14 Feb 2025 13:54:12 +0100 Subject: [PATCH 398/494] Move more auxiliary files into subpackages Follow-up for rhbz#2345551. Also split up some nested patterns into separate lines for readability. --- split-files.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/split-files.py b/split-files.py index 2cdc655..c1fc623 100644 --- a/split-files.py +++ b/split-files.py @@ -140,9 +140,17 @@ for file in files(buildroot): importctl| portablectl| systemd-nspawn| + systemd\.nspawn| systemd-vmspawn| + systemd-dissect| import-pubring.gpg| - systemd-(machined|import|pull)| + systemd-machined| + systemd-import| + systemd-export| + systemd-pull| + systemd-mountfsd| + systemd-mountwork| + systemd-nsresource| /machine.slice| /machines.target| var-lib-machines.mount| From ac9c438e27441491195cc924e77f5045226394c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 14 Feb 2025 19:02:31 +0100 Subject: [PATCH 399/494] Use dynamic spec generation for triggers This way we don't need a separate Source. --- systemd.spec | 13 ++------ triggers.systemd | 87 ------------------------------------------------ 2 files changed, 2 insertions(+), 98 deletions(-) delete mode 100644 triggers.systemd diff --git a/systemd.spec b/systemd.spec index 2e85244..204bf40 100644 --- a/systemd.spec +++ b/systemd.spec @@ -73,9 +73,6 @@ Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{s %else Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %endif -# This file must be available before %%prep. -# It is generated during systemd build and can be found in build/src/core/. -Source1: triggers.systemd Source2: split-files.py Source3: purge-nobody-user Source4: test_sysusers_defined.py @@ -884,12 +881,8 @@ CONFIGURE_OPTS=( %meson_build -new_triggers=%{_vpath_builddir}/src/rpm/triggers.systemd.sh -if ! diff -u %{SOURCE1} ${new_triggers}; then - echo -e "\n\n\nWARNING: triggers.systemd in Source1 is different!" - echo -e " cp $PWD/${new_triggers} %{SOURCE1}\n\n\n" - sleep 5 -fi +# Include the triggers +cp %{_vpath_builddir}/src/rpm/triggers.systemd.sh %{specpartsdir}/triggers.specpart sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user @@ -1096,8 +1089,6 @@ meson test -C %{_vpath_builddir} -t 6 --print-errorlogs ############################################################################################# -%include %{SOURCE1} - # This macro is newly added upstream so we can't rely on it being always being available # in the systemd-rpm-macros yet so we define it ourselves. %global systemd_posttrans_with_restart() \ diff --git a/triggers.systemd b/triggers.systemd deleted file mode 100644 index f8bb078..0000000 --- a/triggers.systemd +++ /dev/null @@ -1,87 +0,0 @@ -# -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */ -# SPDX-License-Identifier: LGPL-2.1-or-later -# -# This file is part of systemd. -# -# Copyright 2018 Neal Gompa - -# The contents of this are an example to be copied into systemd.spec. -# -# Minimum rpm version supported: 4.14.0 - -%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system -# This script will run after any package is initially installed or -# upgraded. We care about the case where a package is initially -# installed, because other cases are covered by the *un scriptlets, -# so sometimes we will reload needlessly. -/usr/lib/systemd/systemd-update-helper system-reload-restart || : - -%transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user -/usr/lib/systemd/systemd-update-helper user-reload-restart || : - -%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system -# On removal, we need to run daemon-reload after any units have been -# removed. -# On upgrade, we need to run daemon-reload after any new unit files -# have been installed, but before %postun scripts in packages get -# executed. -/usr/lib/systemd/systemd-update-helper system-reload || : - -%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user -# Execute daemon-reload in user managers. -/usr/lib/systemd/systemd-update-helper user-reload || : - -%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system -# We restart remaining system services that should be restarted here. -/usr/lib/systemd/systemd-update-helper system-restart || : - -%transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user /etc/systemd/user -# We restart remaining user services that should be restarted here. -/usr/lib/systemd/systemd-update-helper user-restart || : - -%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d -# This script will process files installed in /usr/lib/sysusers.d to create -# specified users automatically. The priority is set such that it -# will run before the tmpfiles file trigger. -systemd-sysusers || : - -%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d -# This script will automatically invoke hwdb update if files have been -# installed or updated in /usr/lib/udev/hwdb.d. -systemd-hwdb update || : - -%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog -# This script will automatically invoke journal catalog update if files -# have been installed or updated in /usr/lib/systemd/catalog. -journalctl --update-catalog || : - -%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d -# This script will automatically apply binfmt rules if files have been -# installed or updated in /usr/lib/binfmt.d. -if test -d "/run/systemd/system"; then - # systemd-binfmt might fail if binfmt_misc kernel module is not loaded - # during install - /usr/lib/systemd/systemd-binfmt || : -fi - -%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d -# This script will process files installed in /usr/lib/tmpfiles.d to create -# tmpfiles automatically. The priority is set such that it will run -# after the sysusers file trigger, but before any other triggers. -if test -d "/run/systemd/system"; then - systemd-tmpfiles --create || : -fi - -%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d -# This script will automatically update udev with new rules if files -# have been installed or updated in /usr/lib/udev/rules.d. -if test -e /run/udev/control; then - udevadm control --reload || : -fi - -%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d -# This script will automatically apply sysctl rules if files have been -# installed or updated in /usr/lib/sysctl.d. -if test -d "/run/systemd/system"; then - /usr/lib/systemd/systemd-sysctl || : -fi From eba17216783bac0e531a29ad3ac330147ed31d95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 14 Feb 2025 19:33:03 +0100 Subject: [PATCH 400/494] Split out -sysusers and -shared ... (rhbz#2344322) rpm-libs has Requires:/usr/bin/systemd-sysusers. We split split out /usr/bin/systemd-sysusers (the normal version) to a subpackage, and the shared library /usr/lib64/systemd/libsystemd-shared-257.2-14.fc42.so to a second subpackage. (In preparation for maybe making further splits later.) systemd-sysusers+libsystemd-shared.so is 4.8MB, but libsystemd-shared.so also pulls in a bunch of libraries. We'll find out what the actual change in installation footprint (compared to systemd-standalone-sysusers) really is when we build some images with the new split. --- split-files.py | 14 +++++++++++++- systemd.spec | 28 +++++++++++++++++++++++++--- 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/split-files.py b/split-files.py index c1fc623..9114c99 100644 --- a/split-files.py +++ b/split-files.py @@ -57,12 +57,14 @@ def files(root): outputs = {suffix: open(f'.file-list-{suffix}', 'w') for suffix in ( + 'shared', 'libs', 'udev', 'ukify', 'boot', 'pam', 'rpm-macros', + 'sysusers', 'devel', 'container', 'networkd', @@ -122,8 +124,10 @@ for file in files(buildroot): o = outputs['tests'] elif 'ukify' in n: o = outputs['ukify'] - elif re.search(r'/libsystemd-(shared|core)-.*\.so$', n): + elif re.search(r'/libsystemd-core-.*\.so$', n): o = outputs['main'] + elif re.search(r'/libsystemd-shared-.*\.so$', n): + o = outputs['shared'] elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n): o = outputs['udev'] elif re.search(r'/lib.*\.pc|/man3/|/usr/include|\.so$', n): @@ -135,6 +139,14 @@ for file in files(buildroot): ''', n, re.X): o = outputs['remote'] + # Just the binary, the dir, and the man page. + elif re.search(r'''systemd-sysusers$| + sysusers\.d$| + man/.*sysusers\.d\.5| + man/.*systemd-sysusers\.8 + ''', n, re.X): + o = outputs['sysusers'] + elif re.search(r'''mymachines| machinectl| importctl| diff --git a/systemd.spec b/systemd.spec index 204bf40..a3310a2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -253,6 +253,8 @@ Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) Requires: %{name}-libs%{_isa} = %{version}-%{release} %{?fedora:Recommends: %{name}-networkd = %{version}-%{release}} %{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} +Requires: %{name}-shared%{_isa} = %{version}-%{release} +Requires: %{name}-sysusers%{_isa} = %{version}-%{release} Recommends: diffutils Requires: (util-linux-core or util-linux) Provides: /bin/systemctl @@ -264,7 +266,7 @@ Provides: system-setup-keyboard = 0.9 # systemd-sysv-convert was removed in f20: https://fedorahosted.org/fpc/ticket/308 Obsoletes: systemd-sysv < 206 # self-obsoletes so that dnf will install new subpackages on upgrade (#1260394) -Obsoletes: %{name} < 249~~ +Obsoletes: systemd < 257.3-4 Provides: systemd-sysv = 206 Conflicts: initscripts < 9.56.1 %if 0%{?fedora} @@ -290,8 +292,6 @@ Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 Conflicts: %{name}-standalone-tmpfiles Provides: %{name}-tmpfiles = %{version}-%{release} -Conflicts: %{name}-standalone-sysusers -Provides: %{name}-sysusers = %{version}-%{release} Conflicts: %{name}-standalone-shutdown Provides: %{name}-shutdown = %{version}-%{release} @@ -371,6 +371,13 @@ Provides: nss-myhostname%{_isa} = 0.4 %description libs Libraries for systemd and udev. +%package shared +Summary: Internal systemd shared library +License: LGPL-2.1-or-later AND MIT + +%description shared +Internal libraries used by various systemd binaries. + %package pam Summary: systemd PAM module Requires: %{name} = %{version}-%{release} @@ -389,6 +396,15 @@ See https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_systemd for information how to use those macros. +%package sysusers +Summary: systemd-sysusers program +Requires: %{name}-shared%{_isa} = %{version}-%{release} +Conflicts: %{name}-standalone-sysusers +Obsoletes: systemd < 257.3-4 + +%description sysusers +This package contains the systemd-sysusers program. + %package devel Summary: Development headers for systemd License: LGPL-2.1-or-later AND MIT @@ -1322,10 +1338,16 @@ fi %files libs -f .file-list-libs %license LICENSE.LGPL2.1 +%files shared -f .file-list-shared +%license LICENSE.LGPL2.1 +%license LICENSES/MIT.txt + %files pam -f .file-list-pam %files rpm-macros -f .file-list-rpm-macros +%files sysusers -f .file-list-sysusers + %files resolved -f .file-list-resolve %files devel -f .file-list-devel From 6201755b365a7cf57aa925490e88624dacfd0e70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 16 Feb 2025 14:30:07 +0100 Subject: [PATCH 401/494] Allow co-installation of systemd-sysusers-standalone and systemd Previously, /usr/bin/systemd-sysusers was provided by both systemd and systemd-standalone-sysusers, creating a file conflict, and the packages declared Conflicts. This changed when systemd-sysusers was split out to a separate subpackage. So we don't need the Conflicts and can allow a "cross installation" of systemd-sysusers-standalone and and the other "normal" systemd subpackages. This should solve https://bugzilla.redhat.com/show_bug.cgi?id=2344322 without requiring changes in the container definitions. (Though those changes probably should be made anyway. If we end up installing systemd, we probably want to use shared systemd-sysusers, to avoid wasting space.) --- systemd.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index a3310a2..af3e1cb 100644 --- a/systemd.spec +++ b/systemd.spec @@ -254,7 +254,10 @@ Requires: %{name}-libs%{_isa} = %{version}-%{release} %{?fedora:Recommends: %{name}-networkd = %{version}-%{release}} %{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} Requires: %{name}-shared%{_isa} = %{version}-%{release} -Requires: %{name}-sysusers%{_isa} = %{version}-%{release} +Requires: /usr/bin/systemd-sysusers +# The standalone version doesn't Provide the _isa suffix, +# so this biases towards the common version. +Recommends: %{name}-sysusers%{_isa} = %{version}-%{release} Recommends: diffutils Requires: (util-linux-core or util-linux) Provides: /bin/systemctl @@ -710,7 +713,6 @@ main systemd package and is meant for use on systems without systemd. %package standalone-sysusers Summary: Standalone systemd-sysusers binary for use on systems without systemd Provides: %{name}-sysusers = %{version}-%{release} -Conflicts: %{name} Suggests: coreutils-single RemovePathPostfixes: .standalone From 6c7c4a510d8337f6d5e3e5ad08ee56ecb69335bd Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 19 Feb 2025 09:41:47 +0100 Subject: [PATCH 402/494] Do not use dynamic spec generation for non-upstream builds This reverts commit ac9c438e27441491195cc924e77f5045226394c9. --- systemd.spec | 18 ++++++++++ triggers.systemd | 87 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100644 triggers.systemd diff --git a/systemd.spec b/systemd.spec index af3e1cb..2340972 100644 --- a/systemd.spec +++ b/systemd.spec @@ -73,6 +73,9 @@ Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{s %else Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %endif +# This file must be available before %%prep. +# It is generated during systemd build and can be found at build/src/rpm/triggers.systemd.sh. +Source1: triggers.systemd Source2: split-files.py Source3: purge-nobody-user Source4: test_sysusers_defined.py @@ -899,8 +902,19 @@ CONFIGURE_OPTS=( %meson_build +# If dynamic spec generation is available, directly pick up the triggers +# from the build directory for upstream builds. +%if %{with upstream} && (0%{?fedora} >= 41 || 0%{?rhel} >= 11) # Include the triggers cp %{_vpath_builddir}/src/rpm/triggers.systemd.sh %{specpartsdir}/triggers.specpart +%else +new_triggers=%{_vpath_builddir}/src/rpm/triggers.systemd.sh +if ! diff -u %{SOURCE1} ${new_triggers}; then + echo -e "\n\n\nWARNING: triggers.systemd in Source1 is different!" + echo -e " cp $PWD/${new_triggers} %{SOURCE1}\n\n\n" + sleep 5 +fi +%endif sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user @@ -1107,6 +1121,10 @@ meson test -C %{_vpath_builddir} -t 6 --print-errorlogs ############################################################################################# +%if %{without upstream} || (0%{?fedora} < 41 && 0%{?rhel} < 11) +%include %{SOURCE1} +%endif + # This macro is newly added upstream so we can't rely on it being always being available # in the systemd-rpm-macros yet so we define it ourselves. %global systemd_posttrans_with_restart() \ diff --git a/triggers.systemd b/triggers.systemd new file mode 100644 index 0000000..f8bb078 --- /dev/null +++ b/triggers.systemd @@ -0,0 +1,87 @@ +# -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# Copyright 2018 Neal Gompa + +# The contents of this are an example to be copied into systemd.spec. +# +# Minimum rpm version supported: 4.14.0 + +%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system +# This script will run after any package is initially installed or +# upgraded. We care about the case where a package is initially +# installed, because other cases are covered by the *un scriptlets, +# so sometimes we will reload needlessly. +/usr/lib/systemd/systemd-update-helper system-reload-restart || : + +%transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user +/usr/lib/systemd/systemd-update-helper user-reload-restart || : + +%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system +# On removal, we need to run daemon-reload after any units have been +# removed. +# On upgrade, we need to run daemon-reload after any new unit files +# have been installed, but before %postun scripts in packages get +# executed. +/usr/lib/systemd/systemd-update-helper system-reload || : + +%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user +# Execute daemon-reload in user managers. +/usr/lib/systemd/systemd-update-helper user-reload || : + +%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system +# We restart remaining system services that should be restarted here. +/usr/lib/systemd/systemd-update-helper system-restart || : + +%transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user /etc/systemd/user +# We restart remaining user services that should be restarted here. +/usr/lib/systemd/systemd-update-helper user-restart || : + +%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d +# This script will process files installed in /usr/lib/sysusers.d to create +# specified users automatically. The priority is set such that it +# will run before the tmpfiles file trigger. +systemd-sysusers || : + +%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d +# This script will automatically invoke hwdb update if files have been +# installed or updated in /usr/lib/udev/hwdb.d. +systemd-hwdb update || : + +%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog +# This script will automatically invoke journal catalog update if files +# have been installed or updated in /usr/lib/systemd/catalog. +journalctl --update-catalog || : + +%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d +# This script will automatically apply binfmt rules if files have been +# installed or updated in /usr/lib/binfmt.d. +if test -d "/run/systemd/system"; then + # systemd-binfmt might fail if binfmt_misc kernel module is not loaded + # during install + /usr/lib/systemd/systemd-binfmt || : +fi + +%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d +# This script will process files installed in /usr/lib/tmpfiles.d to create +# tmpfiles automatically. The priority is set such that it will run +# after the sysusers file trigger, but before any other triggers. +if test -d "/run/systemd/system"; then + systemd-tmpfiles --create || : +fi + +%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d +# This script will automatically update udev with new rules if files +# have been installed or updated in /usr/lib/udev/rules.d. +if test -e /run/udev/control; then + udevadm control --reload || : +fi + +%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d +# This script will automatically apply sysctl rules if files have been +# installed or updated in /usr/lib/sysctl.d. +if test -d "/run/systemd/system"; then + /usr/lib/systemd/systemd-sysctl || : +fi From 5671cf6132e2a1b915b39fe5a46a1fe9b6fa50bf Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 25 Feb 2025 13:18:40 +0100 Subject: [PATCH 403/494] List the fallback Source0 first packit will only rewrite the first Source0 that it finds, so we list the Source0 that gets used if neither %branch nor %commit are defined first. --- systemd.spec | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index 2340972..4e4020a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -66,12 +66,14 @@ License: LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later Summary: System and Service Manager # download tarballs with "spectool -g systemd.spec" -%if %{defined branch} +# packit will always rewrite the first Source0 it finds, ignoring any conditionals so list +# the fallback source that's used if neither %%branch nor %%commit are defined first. +%if %{undefined branch} && %{undefined commit} +Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz +%elif %{defined branch} Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz %elif %{defined commit} Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{shortcommit}.tar.gz -%else -Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %endif # This file must be available before %%prep. # It is generated during systemd build and can be found at build/src/rpm/triggers.systemd.sh. From 9b6884d2e1c1664cf07ef90e28ab072eda61431f Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 25 Feb 2025 17:25:34 +0100 Subject: [PATCH 404/494] Stop using version_no_tilde for github archives None of the systemd git tags have tildes in them, so there's no need to use version_no_tilde for these. This is another change to make packit work as the archive it sets up for us based on the systemd upstream packit config file does have a tilde in its name which then makes %prep fail as we transform the tilde to a hyphen and then fail to find the systemd source directory. """ + /usr/lib/rpm/rpmuncompress -x /builddir/build/SOURCES/systemd-258~devel.tar.gz + STATUS=0 + '[' 0 -ne 0 ']' + cd systemd-258-devel /var/tmp/rpm-tmp.gw7KSw: line 42: cd: systemd-258-devel: No such file or directory """ --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 4e4020a..1f39a7a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -69,7 +69,7 @@ Summary: System and Service Manager # packit will always rewrite the first Source0 it finds, ignoring any conditionals so list # the fallback source that's used if neither %%branch nor %%commit are defined first. %if %{undefined branch} && %{undefined commit} -Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz +Source0: https://github.com/systemd/systemd/archive/v%{version}/%{name}-%{version}.tar.gz %elif %{defined branch} Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz %elif %{defined commit} @@ -744,7 +744,7 @@ main systemd package and is meant for use in exitrds. %elif %{defined commit} %autosetup -n %{name}-%{commit} -p1 %else -%autosetup -n %{name}-%{version_no_tilde} -p1 +%autosetup -n %{name}-%{version} -p1 %endif # Disable user lockdown until rpm implements it natively. From 8230f501b6cc6e47f2073a388f0f61c1c204013c Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 3 Mar 2025 21:46:20 +0100 Subject: [PATCH 405/494] Make sure we pull in libbpf >= 1.5.0 if libbpf is installed libbpf 1.4.0 + systemd 257 + a newer kernel results in segmentation faults in libbpf 1.4.0, so let's explicitly pull in libbpf 1.5.0 or newer to avoid this issue. Fixes https://pagure.io/centos-sig-hyperscale/package-bugs/issue/22 --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index 1f39a7a..0000937 100644 --- a/systemd.spec +++ b/systemd.spec @@ -265,6 +265,7 @@ Requires: /usr/bin/systemd-sysusers Recommends: %{name}-sysusers%{_isa} = %{version}-%{release} Recommends: diffutils Requires: (util-linux-core or util-linux) +Requires: (libbpf >= 1.5.0 if libbpf) Provides: /bin/systemctl Provides: /sbin/shutdown Provides: syslog From 0d95af264fda2c8b3ecfedf9cc45ee450c933753 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 4 Mar 2025 13:02:20 +0100 Subject: [PATCH 406/494] Include epoch in versioned libbpf dependency """ $ rpmdev-vercmp '2:1.4.6-1.fc42' '1.5.0' 2:1.4.6-1.fc42 > 1.5.0 $ rpmdev-vercmp '2:1.4.6-1.fc42' '2:1.5.0' 2:1.4.6-1.fc42 < 2:1.5.0 """ --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 0000937..371ea43 100644 --- a/systemd.spec +++ b/systemd.spec @@ -265,7 +265,7 @@ Requires: /usr/bin/systemd-sysusers Recommends: %{name}-sysusers%{_isa} = %{version}-%{release} Recommends: diffutils Requires: (util-linux-core or util-linux) -Requires: (libbpf >= 1.5.0 if libbpf) +Requires: (libbpf >= 2:1.5.0 if libbpf) Provides: /bin/systemctl Provides: /sbin/shutdown Provides: syslog From 1f8d2b0ebd8942b390f65a1a82f8b8b746d965cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 25 Feb 2025 11:47:02 +0100 Subject: [PATCH 407/494] Make self-obsoletes for the sysusers split conditional In CI builds we have %version that it smaller than 257.3-4 when the split happened, and this causes problems when the packages are installed: Failed to resolve the transaction: Problem: package systemd-sysusers-257-1.20250225060108317145.pr36507.1659.g4635c37946.fc43.x86_64 from @commandline obsoletes systemd < 257.3-4 provided by systemd-257-1.20250225060108317145.pr36507.1659.g4635c37946.fc43.x86_64 from @commandline - conflicting requests I'm not sure if we even need the self-Obsoletes. We have a Requires and Recommends in the main systemd package that will cause on of the providers of /usr/bin/systemd-sysusers to be installed, and the non-standalone version is preferred. But it's possible that if recommends are disabled, the non-standalone package could be installed for some reason. So let's keep the self-Obsoletes for now. Another caveat is that it's not clear if v-string comparisons require %[] as a wrapper. Some chat in #fedora-devel suggested that that's the case, but things seem to work without it. --- systemd.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 371ea43..cc7c33b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -274,9 +274,11 @@ Obsoletes: system-setup-keyboard < 0.9 Provides: system-setup-keyboard = 0.9 # systemd-sysv-convert was removed in f20: https://fedorahosted.org/fpc/ticket/308 Obsoletes: systemd-sysv < 206 +Provides: systemd-sysv = 206 +%if v"%{version}" >= v"257.3" # self-obsoletes so that dnf will install new subpackages on upgrade (#1260394) Obsoletes: systemd < 257.3-4 -Provides: systemd-sysv = 206 +%endif Conflicts: initscripts < 9.56.1 %if 0%{?fedora} Conflicts: fedora-release < 23-0.12 @@ -409,7 +411,9 @@ for information how to use those macros. Summary: systemd-sysusers program Requires: %{name}-shared%{_isa} = %{version}-%{release} Conflicts: %{name}-standalone-sysusers +%if v"%{version}" >= v"257.3" Obsoletes: systemd < 257.3-4 +%endif %description sysusers This package contains the systemd-sysusers program. From ec182495e7ffaffa5d85feb2e25d1f6dd3ca47ae Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 5 Mar 2025 12:31:55 +0100 Subject: [PATCH 408/494] Drop libbpf versioned dependency version to 1.4.7 We don't need 1.5.0 to avoid the libbpf crash, the latest libbpf 1.4 patch release (1.4.7) also has the necessary fixes, so relax the requirement a little to allow builds on Fedora 41 to succeed. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index cc7c33b..4a6d0e3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -265,7 +265,7 @@ Requires: /usr/bin/systemd-sysusers Recommends: %{name}-sysusers%{_isa} = %{version}-%{release} Recommends: diffutils Requires: (util-linux-core or util-linux) -Requires: (libbpf >= 2:1.5.0 if libbpf) +Requires: (libbpf >= 2:1.4.7 if libbpf) Provides: /bin/systemctl Provides: /sbin/shutdown Provides: syslog From 4ab2a9e539b0346d0d9d370308d7c5e79bff9541 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 5 Mar 2025 17:47:54 +0100 Subject: [PATCH 409/494] Drop old self-Obsoletes and provides We had a bunch of Obsolets on self. This is useful when a subpackage is split out to make it optional, and we want to install both the original subpackage and the subpackage on ugprades. If both new subpackages have Obsoletes on the old name, dnf will install both. But we don't need to keep this infinitely, it's mostly useful for the duration of a single stable release. Apparatenly, those Obsoletes cause problems with downgrades. The most recently added case is for the split of systemd-sysusers. But we have an alternative mechanism in place: systemd Requires /usr/bin/systemd-sysusers, and this path is provided by systemd-sysusers and systemd-standalone-sysusers, with a bias towards systemd-sysusers. So we should be able to drop the self-Obsoletes without a change in functionality. Also, drop some old Provides where 'dnf repoquery' indicates it is not used by anything. Actually, only 'timedatex'. All the other ones are used by one spec or another. --- systemd.spec | 33 --------------------------------- 1 file changed, 33 deletions(-) diff --git a/systemd.spec b/systemd.spec index 4a6d0e3..ecaa80b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -275,10 +275,6 @@ Provides: system-setup-keyboard = 0.9 # systemd-sysv-convert was removed in f20: https://fedorahosted.org/fpc/ticket/308 Obsoletes: systemd-sysv < 206 Provides: systemd-sysv = 206 -%if v"%{version}" >= v"257.3" -# self-obsoletes so that dnf will install new subpackages on upgrade (#1260394) -Obsoletes: systemd < 257.3-4 -%endif Conflicts: initscripts < 9.56.1 %if 0%{?fedora} Conflicts: fedora-release < 23-0.12 @@ -299,8 +295,6 @@ Conflicts: dracut < 060-2 Conflicts: dracut < 059-16 %endif -Obsoletes: timedatex < 0.6-3 -Provides: timedatex = 0.6-3 Conflicts: %{name}-standalone-tmpfiles Provides: %{name}-tmpfiles = %{version}-%{release} Conflicts: %{name}-standalone-shutdown @@ -371,11 +365,6 @@ This package was built from the %(c=%version; echo "v${c%.*}-stable") branch of %package libs Summary: systemd libraries License: LGPL-2.1-or-later AND MIT -Obsoletes: libudev < 183 -Obsoletes: systemd < 185-4 -Conflicts: systemd < 185-4 -Obsoletes: systemd-compat-libs < 230 -Obsoletes: nss-myhostname < 0.4 Provides: nss-myhostname = 0.4 Provides: nss-myhostname%{_isa} = 0.4 @@ -411,9 +400,6 @@ for information how to use those macros. Summary: systemd-sysusers program Requires: %{name}-shared%{_isa} = %{version}-%{release} Conflicts: %{name}-standalone-sysusers -%if v"%{version}" >= v"257.3" -Obsoletes: systemd < 257.3-4 -%endif %description sysusers This package contains the systemd-sysusers program. @@ -425,7 +411,6 @@ Requires: %{name}-libs%{_isa} = %{version}-%{release} Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) Provides: libudev-devel = %{version} Provides: libudev-devel%{_isa} = %{version} -Obsoletes: libudev-devel < 183 %description devel Development headers and auxiliary files for developing applications linking @@ -441,11 +426,8 @@ Requires(preun): systemd%{_isa} = %{version}-%{release} Requires(postun): systemd%{_isa} = %{version}-%{release} Requires(post): grep Requires: kmod >= 18-4 -# https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1 -Obsoletes: systemd < 245.6-1 Provides: udev = %{version} Provides: udev%{_isa} = %{version} -Obsoletes: udev < 183 %if 0%{?fedora} || 0%{?rhel} >= 10 Requires: (grubby > 8.40-72 if grubby) Requires: (sdubby > 1.0-3 if sdubby) @@ -490,9 +472,6 @@ Requires: kbd Provides: u2f-hidraw-policy = 1.0.2-40 Obsoletes: u2f-hidraw-policy < 1.0.2-40 -# self-obsoletes to install both packages after split of systemd-boot -Obsoletes: systemd-udev < 252.2^ - Conflicts: %{name}-standalone-repart Provides: %{name}-repart = %{version}-%{release} @@ -558,9 +537,6 @@ Provides: systemd-boot%{_isa} = %version-%release Provides: version(systemd-boot-unsigned) = %version Provides: version(systemd-boot-unsigned)%{_isa} = %version -# self-obsoletes to install both packages after split of systemd-boot -Obsoletes: systemd-udev < 252.2^ - %description boot-unsigned systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a graphical menu to select the entry to boot and an editor for the kernel command @@ -579,9 +555,6 @@ Provides: systemd-boot%{_isa} = %version-%release Provides: version(systemd-boot-signed) = %version Provides: version(systemd-boot-signed)%{_isa} = %version -# self-obsoletes to install both packages after split of systemd-boot -Obsoletes: systemd-udev < 252.2^ - %description boot systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a graphical menu to select the entry to boot and an editor for the kernel command @@ -604,8 +577,6 @@ Recommends: qemu-kvm-core Recommends: qemu-device-display-virtio-gpu Recommends: qemu-device-display-virtio-vga %endif -# Obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) -Obsoletes: %{name} < 229-5 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) Suggests: libcurl-minimal License: LGPL-2.1-or-later @@ -624,7 +595,6 @@ License: LGPL-2.1-or-later Requires: firewalld-filesystem Provides: %{name}-journal-gateway = %{version}-%{release} Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} -Obsoletes: %{name}-journal-gateway < 227-7 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) Suggests: libcurl-minimal @@ -640,8 +610,6 @@ Summary: System daemon that manages network configurations Requires: %{name}%{_isa} = %{version}-%{release} %{?fedora:Recommends: %{name}-udev = %{version}-%{release}} License: LGPL-2.1-or-later -# https://src.fedoraproject.org/rpms/systemd/pull-request/34 -Obsoletes: systemd < 246.6-2 %description networkd systemd-networkd is a system service that manages networks. It detects and @@ -662,7 +630,6 @@ enabled for this to have any effect. %package resolved Summary: Network Name Resolution manager Requires: %{name}%{_isa} = %{version}-%{release} -Obsoletes: %{name} < 249~~ Requires: libidn2.so.0%{?elf_suffix} Requires: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} Requires(posttrans): grep From 1bdfa29ce262bd10b0096538f32d275e8016cc4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 6 Mar 2025 09:30:31 +0100 Subject: [PATCH 410/494] Neuter sysusers macros https://pagure.io/packaging-committee/pull-request/1436 was merged, packaging guidelines describe the new method as the default option for f42+. --- macros.sysusers | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/macros.sysusers b/macros.sysusers index d8d8c1d..534b0e7 100644 --- a/macros.sysusers +++ b/macros.sysusers @@ -2,9 +2,9 @@ # # Turn a sysusers.d file into macros specified by # https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation +# +# After https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers, +# those macros are not needed anymore. -%sysusers_requires_compat Requires(pre): shadow-utils - -%sysusers_create_compat() \ -%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \ -%{nil} +%sysusers_requires_compat %nil +%sysusers_create_compat() %nil From 0a3907745e2960c3ce6155bce7ff8bbf64ce72c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 7 Mar 2025 09:33:55 +0100 Subject: [PATCH 411/494] Version 257.4 - Fixes for systemd itself, systemd-dissect, systemd-sbsign, systemd-networkd, systemd-repart, systemd-tmpfiles, systemd-id128, systemd-resolved, ukify, internal shared library, fido2 code, virtualization detection, shell completions, documentation. - Adds new DNSSEC anchor key for systemd-resolved. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index ab9fabe..828efd5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.3.tar.gz) = ef395998df4b24537147fa3b2e3ae2d100d3345f386fc39018bca0fe8092b7874bf9a6e6058a142342b3a0caebe1312ea9519bcbb4327a9d3649f593c49b3dab +SHA512 (systemd-257.4.tar.gz) = dfa0f6de38fa30daffabf6b02d6533ca4e7027188186d7e2e9648b99dad5c4afa30773138f18a34111e7bb2e6ddae8302284429b98b580e757dc67535846afbe diff --git a/systemd.spec b/systemd.spec index ecaa80b..463fa36 100644 --- a/systemd.spec +++ b/systemd.spec @@ -53,7 +53,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:257.3} +Version: %{?version_override}%{!?version_override:257.4} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From e825459f2dcd3ea653e6e3d5ab675e2c2f9e78dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 7 Mar 2025 11:17:57 +0100 Subject: [PATCH 412/494] Change python-zstd depenedency to python-zstandard There is no BuildRequires dependency. I think we don't have any tests which would require this. --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 463fa36..3dcfa8c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -504,7 +504,7 @@ Requires: (systemd-boot if %{shrink:( )}) Requires: python3dist(pefile) %if 0%{?fedora} -Requires: python3dist(zstd) +Requires: python3dist(zstandard) %endif Requires: python3dist(cryptography) %if 0%{?fedora} From d22561d59ede6e2942428708ae028bcfe422ad98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 7 Mar 2025 11:25:27 +0100 Subject: [PATCH 413/494] Also drop auxiliary files related to sysusers compat And in non-Fedora builds, undo the neutering of sysusers macros. Downstreams like CentosStream did not go through the same changes as Fedora but they may use packages built from the rawhide branch. --- macros.sysusers.compat | 10 ++++++++++ systemd.spec | 7 ++++++- 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 macros.sysusers.compat diff --git a/macros.sysusers.compat b/macros.sysusers.compat new file mode 100644 index 0000000..d8d8c1d --- /dev/null +++ b/macros.sysusers.compat @@ -0,0 +1,10 @@ +# RPM macros for packages creating system accounts +# +# Turn a sysusers.d file into macros specified by +# https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation + +%sysusers_requires_compat Requires(pre): shadow-utils + +%sysusers_create_compat() \ +%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \ +%{nil} diff --git a/systemd.spec b/systemd.spec index 3dcfa8c..012df9d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -97,6 +97,7 @@ Source16: 10-timeout-abort.conf Source17: 10-map-count.conf Source18: 60-block-scheduler.rules +Source20: macros.sysusers.compat Source21: macros.sysusers Source22: sysusers.attr Source23: sysusers.prov @@ -1027,13 +1028,17 @@ install -Dm0644 -t %{buildroot}%{_prefix}/lib/udev/rules.d/ %{SOURCE18} sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py -install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/macros.d/ %{SOURCE21} +%if 0%{fedora} >= 42 +install -m 0644 -D %{SOURCE21} %{buildroot}%{_rpmconfigdir}/macros.d/macros.sysusers +%else +install -m 0644 -D %{SOURCE20} %{buildroot}%{_rpmconfigdir}/macros.d/macros.sysusers # Use rpm's own sysusers provides where available %if ! (0%{?fedora} >= 39 || 0%{?rhel} >= 10) install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/fileattrs/ %{SOURCE22} install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE23} %endif install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24} +%endif # https://bugzilla.redhat.com/show_bug.cgi?id=2107754 install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25} From 7bc5883654e6ead7f43e0df2a1511db625caeda3 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 7 Mar 2025 12:37:17 +0100 Subject: [PATCH 414/494] Fix missing question mark --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 012df9d..a87de66 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1028,7 +1028,7 @@ install -Dm0644 -t %{buildroot}%{_prefix}/lib/udev/rules.d/ %{SOURCE18} sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py -%if 0%{fedora} >= 42 +%if 0%{?fedora} >= 42 install -m 0644 -D %{SOURCE21} %{buildroot}%{_rpmconfigdir}/macros.d/macros.sysusers %else install -m 0644 -D %{SOURCE20} %{buildroot}%{_rpmconfigdir}/macros.d/macros.sysusers From 38b41a729ea836133d7e53a4c0cc8e5fee7e2b8a Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 7 Mar 2025 12:05:42 +0100 Subject: [PATCH 415/494] Clean up debuginfo files as well in %clean When using --build-in-place + debuginfo these get written to the source directory so let's make sure we clean them up as well. --- systemd.spec | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index a87de66..145b35b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1384,10 +1384,16 @@ fi %files standalone-shutdown -f .file-list-standalone-shutdown %clean -rm -rf $RPM_BUILD_ROOT -rm -f 10-timeout-abort.conf.user -rm -f .file-list-* -rm -f %{name}.lang +rm -rf \ + $RPM_BUILD_ROOT \ + 10-timeout-abort.conf.user \ + .file-list-* \ + %{name}.lang \ + debugfiles.list \ + debuglinks.list \ + debugsourcefiles.list \ + debugsources.list \ + elfbins.list %changelog %autochangelog From d366b5965725a7ff1cd586e1ae2539e4cfc404db Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 20 Mar 2025 10:20:16 +0100 Subject: [PATCH 416/494] Fix test_sysusers_defined check https://src.fedoraproject.org/rpms/setup/c/7ced36d60b67c9e74f7951123225200597e3d2fa?branch=rawhide merged the two setup sysusers files into one and changed the name, so let's adapt the test_sysusers_defined check for those changes. --- systemd.spec | 2 +- test_sysusers_defined.py | 6 +----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/systemd.spec b/systemd.spec index 145b35b..5187e35 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1060,7 +1060,7 @@ mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ # and https://src.fedoraproject.org/rpms/setup/pull-request/10. # We skip this on upstream builds so that new users and groups # can be added without breaking the build. -%{python3} %{SOURCE4} /usr/lib/sysusers.d/20-setup-{users,groups}.conf %{buildroot}/usr/lib/sysusers.d/basic.conf +%{python3} %{SOURCE4} /usr/lib/sysusers.d/setup.conf %{buildroot}/usr/lib/sysusers.d/basic.conf %endif rm %{buildroot}/usr/lib/sysusers.d/basic.conf %endif diff --git a/test_sysusers_defined.py b/test_sysusers_defined.py index 6f04f15..7ea2fea 100755 --- a/test_sysusers_defined.py +++ b/test_sysusers_defined.py @@ -22,11 +22,7 @@ def parse_sysusers_file(filename): return users, groups setup_users, setup_groups = parse_sysusers_file(sys.argv[1]) -setup_users2, setup_groups2 = parse_sysusers_file(sys.argv[2]) -setup_users |= setup_users2 -setup_groups |= setup_groups2 - -basic_users, basic_groups = parse_sysusers_file(sys.argv[3]) +basic_users, basic_groups = parse_sysusers_file(sys.argv[2]) if d := basic_users - setup_users: exit(f'We have new users: {d}') From e346d9f33e530bd5e05885621b837073ea090cc4 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Thu, 20 Mar 2025 19:15:52 -0400 Subject: [PATCH 417/494] Limit sdubby dependency to Fedora dnf repoclosure raises an error even when a boolean dependency is missing. While technically a bug in dnf, since these dependencies are already conditional, simply adjusting the condition is simplest. https://github.com/rpm-software-management/dnf-plugins-core/issues/549 --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 145b35b..0655c6e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -431,6 +431,8 @@ Provides: udev = %{version} Provides: udev%{_isa} = %{version} %if 0%{?fedora} || 0%{?rhel} >= 10 Requires: (grubby > 8.40-72 if grubby) +%endif +%if 0%{?fedora} Requires: (sdubby > 1.0-3 if sdubby) %endif # A backport of systemd-timesyncd is shipped as a separate package in EPEL so From 3e9051124e4447c238ae65af9ad1562924aeb18a Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 20 Mar 2025 09:34:33 +0100 Subject: [PATCH 418/494] Migrate fmf metadata and test script from the upstream repository Primarily, this allows us to get rid of dist-git-source which makes the fmf stuff reusable for CentOS Stream in gitlab which we'd like to make use of in the systemd backport in the Hyperscale SIG. Also in general making the integration touch points with Fedora CI and the other systems as small as possible seems like a good thing. --- plans/run-integration-tests.sh | 114 +++++++++++++++++++++++++++++++++ plans/upstream.fmf | 28 ++++---- 2 files changed, 131 insertions(+), 11 deletions(-) create mode 100755 plans/run-integration-tests.sh diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh new file mode 100755 index 0000000..a06b3a3 --- /dev/null +++ b/plans/run-integration-tests.sh @@ -0,0 +1,114 @@ +#!/bin/bash + +set -eux +set -o pipefail + +# Switch SELinux to permissive if possible, since the tests don't set proper contexts +setenforce 0 || true + +echo "CPU and Memory information:" +lscpu +lsmem + +echo "Clock source: $(cat /sys/devices/system/clocksource/clocksource0/current_clocksource)" + +# Bump inotify limits if we can so nspawn containers don't run out of inotify file descriptors. +sysctl fs.inotify.max_user_watches=65536 || true +sysctl fs.inotify.max_user_instances=1024 || true + +if [[ -n "${KOJI_TASK_ID:-}" ]]; then + koji download-task --noprogress --arch="src,noarch,$(rpm --eval '%{_arch}')" "$KOJI_TASK_ID" +elif [[ -n "${CBS_TASK_ID:-}" ]]; then + cbs download-task --noprogress --arch="src,noarch,$(rpm --eval '%{_arch}')" "$CBS_TASK_ID" +elif [[ -n "${PACKIT_SRPM_URL:-}" ]]; then + COPR_BUILD_ID="$(basename "$(dirname "$PACKIT_SRPM_URL")")" + COPR_CHROOT="$(basename "$(dirname "$(dirname "$PACKIT_BUILD_LOG_URL")")")" + copr download-build --rpms --chroot "$COPR_CHROOT" "$COPR_BUILD_ID" + mv "$COPR_CHROOT"/* . +else + echo "Not running within packit and no CBS/koji task ID provided" + exit 1 +fi + +mkdir systemd +rpm2cpio ./systemd-*.src.rpm | cpio --to-stdout --extract './systemd-*.tar.gz' | tar xz --strip-components=1 -C systemd +pushd systemd + +# Now prepare mkosi at the same version required by the systemd repo. +git clone https://github.com/systemd/mkosi +mkosi_hash="$(grep systemd/mkosi@ .github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" +git -C mkosi checkout "$mkosi_hash" + +export PATH="$PWD/mkosi/bin:$PATH" + +# shellcheck source=/dev/null +. /etc/os-release || . /usr/lib/os-release + +tee mkosi.local.conf < Date: Fri, 21 Mar 2025 14:38:40 +0100 Subject: [PATCH 419/494] Use old setup sysusers files on Fedora < 43 --- systemd.spec | 4 ++++ test_sysusers_defined.py | 10 ++++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 74a2b08..e637cf8 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1062,7 +1062,11 @@ mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ # and https://src.fedoraproject.org/rpms/setup/pull-request/10. # We skip this on upstream builds so that new users and groups # can be added without breaking the build. +%if 0%{?fedora} >= 43 %{python3} %{SOURCE4} /usr/lib/sysusers.d/setup.conf %{buildroot}/usr/lib/sysusers.d/basic.conf +%else +%{python3} %{SOURCE4} /usr/lib/sysusers.d/20-setup-{users,groups}.conf %{buildroot}/usr/lib/sysusers.d/basic.conf +%endif %endif rm %{buildroot}/usr/lib/sysusers.d/basic.conf %endif diff --git a/test_sysusers_defined.py b/test_sysusers_defined.py index 7ea2fea..f6358fb 100755 --- a/test_sysusers_defined.py +++ b/test_sysusers_defined.py @@ -21,8 +21,14 @@ def parse_sysusers_file(filename): assert False return users, groups -setup_users, setup_groups = parse_sysusers_file(sys.argv[1]) -basic_users, basic_groups = parse_sysusers_file(sys.argv[2]) +setup_users, setup_groups = set(), set() + +for arg in sys.argv[1:-1]: + users, groups = parse_sysusers_file(arg) + setup_users |= users + setup_groups |= groups + +basic_users, basic_groups = parse_sysusers_file(sys.argv[-1]) if d := basic_users - setup_users: exit(f'We have new users: {d}') From 2ecfbec1a444a2ec9e3dab91d04565330cf809ea Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 21 Mar 2025 15:59:32 +0100 Subject: [PATCH 420/494] Support specifying extra mkosi repositories to the test script --- plans/run-integration-tests.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index a06b3a3..79bf71c 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -61,6 +61,16 @@ Environment=NO_BUILD=1 WithTests=yes EOF +if [[ -n "${MKOSI_REPOSITORIES:-}" ]]; then + tee --append mkosi.local.conf < Date: Fri, 21 Mar 2025 21:40:07 +0100 Subject: [PATCH 421/494] Make the source tarball glob in the test script more generic If we download the main branch from github by defining %branch, the source tarball will be named main.tar.gz, so let's make the tarball pattern more generic to match. --- plans/run-integration-tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 79bf71c..32751ab 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -31,7 +31,7 @@ else fi mkdir systemd -rpm2cpio ./systemd-*.src.rpm | cpio --to-stdout --extract './systemd-*.tar.gz' | tar xz --strip-components=1 -C systemd +rpm2cpio ./systemd-*.src.rpm | cpio --to-stdout --extract './*.tar.gz' | tar xz --strip-components=1 -C systemd pushd systemd # Now prepare mkosi at the same version required by the systemd repo. From 6f0d03443d2f5695e05146e3bd17f6dab84ab459 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 14 Mar 2025 17:40:59 +0100 Subject: [PATCH 422/494] Fix paths for /usr/sbin/nologin and related progs I noticed that systemd-sysusers creates accounts with /usr/bin/nologin. On merged systems is fine, but would not work for systems where /usr/sbin is still a separate directory and /usr/bin/nologin does not exist. This problem occurs because the meson configuration script discovers the location using $PATH, which on recent builds results in /usr/bin always. Just specify all the paths so that we don't depend on the presence and order of paths in $PATH. --- systemd.spec | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/systemd.spec b/systemd.spec index e637cf8..7767e1f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -859,6 +859,19 @@ CONFIGURE_OPTS=( -Dsystemd-resolve-uid=193 # -Dsystemd-timesync-uid=, not set yet + # Make sure we use the original paths to maintain compatibility + # with unmerged systems + -Dquotaon-path=/usr/sbin/quotaon + -Dquotacheck-path=/usr/sbin/quotacheck + -Dkmod-path=/usr/bin/kmod + -Dkexec-path=/usr/sbin/kexec + -Dsulogin-path=/usr/sbin/sulogin + -Dmount-path=/usr/bin/mount + -Dumount-path=/usr/bin/umount + -Dloadkeys-path=/usr/bin/loadkeys + -Dsetfont-path=/usr/bin/setfont + -Dnologin-path=/usr/sbin/nologin + # For now, let's build the bootloader in the same places where we # built with gnu-efi. Later on, we might want to extend coverage, but # considering that that support is untested, let's not do this now. From d1380dc1146fd81a42dcf685ef4e69780db6fb2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 22 Mar 2025 20:08:53 +0100 Subject: [PATCH 423/494] Add more services to %post for udev and networkd Noticed in https://bugzilla.redhat.com/show_bug.cgi?id=2348669#c25. Most of those units listed don't have an [Install] section, and of those that have, almost all were disabled by default. This might be something to fix, e.g. we might want to enable systemd-udev-load-credentials.service, this is something to consider. But it's clearer if we list all the units that those packages ship. In priciple somebody might ship a preset to enable them. Anyway, the impact of this change is much smaller than might seem at first. But systemd-network-generator.service has an [Install] section and is preset to true, so not listing it in the scriptlets was a visible bug. There's the additional caveat that systemd-network-generator.service is coowned by two packages. The current system does not have a way of handling this properly, because unit enablement is tied to the package install state. Let's just call the scriptlet for this unit twice for now. I think that's not going to cause any real problem. --- systemd.spec | 115 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 111 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index 7767e1f..72afb14 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1187,7 +1187,106 @@ systemctl daemon-reexec || : # a different package version. systemctl --no-reload preset systemd-journald-audit.socket &>/dev/null || : -%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-homed.service %{?want_bootloader:systemd-boot-update.service} systemd-oomd.service systemd-portabled.service systemd-pstore.service systemd-timesyncd.service remote-cryptsetup.target +%global udev_services %{shrink: + cryptsetup-pre.target + cryptsetup.target + hibernate.target + hybrid-sleep.target + initrd-cleanup.service + initrd-fs.target + initrd-parse-etc.service + initrd-root-device.target + initrd-root-fs.target + initrd-switch-root.service + initrd-switch-root.target + initrd-udevadm-cleanup-db.service + initrd-usr-fs.target + initrd.target + integritysetup-pre.target + integritysetup.target + kmod-static-nodes.service + proc-sys-fs-binfmt_misc.automount + proc-sys-fs-binfmt_misc.mount + quotaon-root.service + quotaon@.service + remote-cryptsetup.target + remote-veritysetup.target + sleep.target + suspend-then-hibernate.target + suspend.target + system-systemd\x2dcryptsetup.slice + system-systemd\x2dveritysetup.slice + systemd-backlight@.service + systemd-binfmt.service + systemd-bless-boot.service + systemd-bsod.service + systemd-coredump.socket + systemd-coredump@.service + systemd-fsck-root.service + systemd-fsck@.service + systemd-growfs-root.service + systemd-growfs@.service + systemd-hibernate-clear.service + systemd-hibernate-resume.service + systemd-hibernate.service + systemd-homed-activate.service + systemd-homed-firstboot.service + systemd-homed.service + systemd-hwdb-update.service + systemd-hybrid-sleep.service + systemd-modules-load.service + systemd-network-generator.service + systemd-oomd.service + systemd-oomd.socket + systemd-pcrextend.socket + systemd-pcrextend@.service + systemd-pcrfs-root.service + systemd-pcrfs@.service + systemd-pcrlock-file-system.service + systemd-pcrlock-firmware-code.service + systemd-pcrlock-firmware-config.service + systemd-pcrlock-machine-id.service + systemd-pcrlock-make-policy.service + systemd-pcrlock-secureboot-authority.service + systemd-pcrlock-secureboot-policy.service + systemd-pcrlock.socket + systemd-pcrlock@.service + systemd-pcrmachine.service + systemd-pcrphase-initrd.service + systemd-pcrphase-sysinit.service + systemd-pcrphase.service + systemd-portabled.service + systemd-pstore.service + systemd-quotacheck-root.service + systemd-quotacheck@.service + systemd-random-seed.service + systemd-remount-fs.service + systemd-repart.service + systemd-rfkill.service + systemd-rfkill.socket + systemd-suspend-then-hibernate.service + systemd-suspend.service + systemd-sysctl.service + systemd-timesyncd.service + systemd-tmpfiles-setup-dev-early.service + systemd-tmpfiles-setup-dev.service + systemd-udev-load-credentials.service + systemd-udev-settle.service + systemd-udev-trigger.service + systemd-udevd-control.socket + systemd-udevd-kernel.socket + systemd-udevd.service + systemd-vconsole-setup.service + systemd-volatile-root.service + veritysetup-pre.target + veritysetup.target + %{?want_bootloader: + systemd-boot-random-seed.service + systemd-boot-update.service + systemd-bootctl.socket + systemd-bootctl@.service + } + } %post udev # Move old stuff around in /var/lib @@ -1221,7 +1320,7 @@ grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null && %posttrans udev # Restart some services. # Others are either oneshot services, or sockets, and restarting them causes issues (#1378974) -%systemd_posttrans_with_restart systemd-udevd.service systemd-timesyncd.service +%systemd_posttrans_with_restart systemd-udevd.service systemd-timesyncd.service systemd-homed.service systemd-oomd.service systemd-portabled.service %global journal_remote_units_restart systemd-journal-gatewayd.service systemd-journal-remote.service systemd-journal-upload.service %global journal_remote_units_norestart systemd-journal-gatewayd.socket systemd-journal-remote.socket @@ -1243,6 +1342,14 @@ fi %systemd_posttrans_with_restart %journal_remote_units_restart %firewalld_reload +%global networkd_services %{shrink: + systemd-networkd.service + systemd-networkd.socket + systemd-networkd-wait-online.service + systemd-network-generator.service + systemd-networkd-persistent-storage.service + } + %post networkd # systemd-networkd was split out in systemd-246.6-2. # Ideally, we would have a trigger scriptlet to record enablement @@ -1256,11 +1363,11 @@ fi if [ $1 -eq 1 ] && ls /usr/lib/systemd/libsystemd-shared-24[0-6].so &>/dev/null; then echo "Skipping presets for systemd-networkd.service, seems we are upgrading from old systemd." else - %systemd_post systemd-networkd.service systemd-networkd-wait-online.service + %systemd_post %networkd_services fi %preun networkd -%systemd_preun systemd-networkd.service systemd-networkd-wait-online.service +%systemd_preun %networkd_services %posttrans networkd %systemd_posttrans_with_restart systemd-networkd.service From 59378485beb32bb6da06040a45049b3d09355524 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 21 Mar 2025 11:24:54 +0100 Subject: [PATCH 424/494] Remove purge-nobody-user script The corresponding change proposal is from 2018. Enough time has passed since then that we don't need to carry this around anymore --- purge-nobody-user | 101 ---------------------------------------------- split-files.py | 1 - systemd.spec | 3 -- 3 files changed, 105 deletions(-) delete mode 100755 purge-nobody-user diff --git a/purge-nobody-user b/purge-nobody-user deleted file mode 100755 index 66404fe..0000000 --- a/purge-nobody-user +++ /dev/null @@ -1,101 +0,0 @@ -#!/bin/bash -eu - -if [ $UID -ne 0 ]; then - echo "WARNING: This script needs to run as root to be effective" - exit 1 -fi - -export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 - -if [ "${1:-}" = "--ignore-journal" ]; then - shift - ignore_journal=1 -else - ignore_journal=0 -fi - -echo "Checking processes..." -if ps h -u 99 | grep .; then - echo "ERROR: ps reports processes with UID 99!" - exit 2 -fi -echo "... not found" - -echo "Checking UTMP..." -if w -h 199 | grep . ; then - echo "ERROR: w reports UID 99 as active!" - exit 2 -fi -if w -h nobody | grep . ; then - echo "ERROR: w reports user nobody as active!" - exit 2 -fi -echo "... not found" - -echo "Checking the journal..." -if [ "$ignore_journal" = 0 ] && journalctl -q -b -n10 _UID=99 | grep . ; then - echo "ERROR: journalctl reports messages from UID 99 in current boot!" - exit 2 -fi -echo "... not found" - -echo "Looking for files in /etc, /run, /tmp, and /var..." -if find /etc /run /tmp /var -uid 99 -print | grep -m 10 . ; then - echo "ERROR: found files belonging to UID 99" - exit 2 -fi -echo "... not found" - -echo "Checking if nobody is defined correctly..." -if getent passwd nobody | - grep '^nobody:[x*]:65534:65534:.*:/:/sbin/nologin'; -then - echo "OK, nothing to do." - exit 0 -else - echo "NOTICE: User nobody is not defined correctly" -fi - -echo "Checking if nfsnobody or something else is using the uid..." -if getent passwd 65534 | grep . ; then - echo "NOTICE: will have to remove this user" -else - echo "... not found" -fi - -if [ "${1:-}" = "-x" ]; then - if getent passwd nobody >/dev/null; then - # this will remove both the user and the group. - ( set -x - userdel nobody - ) - fi - - if getent passwd 65534 >/dev/null; then - # Make sure the uid is unused. This should free gid too. - name="$(getent passwd 65534 | cut -d: -f1)" - ( set -x - userdel "$name" - ) - fi - - if grep -qE '^(passwd|group):.*\bsss\b' /etc/nsswitch.conf; then - echo "Sleeping, so sss can catch up" - sleep 3 - fi - - if getent group 65534; then - # Make sure the gid is unused, even if uid wasn't. - name="$(getent group 65534 | cut -d: -f1)" - ( set -x - groupdel "$name" - ) - fi - - # systemd-sysusers uses the same gid and uid - ( set -x - systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin' - ) -else - echo "Pass '-x' to perform changes" -fi diff --git a/split-files.py b/split-files.py index 9114c99..61c539e 100644 --- a/split-files.py +++ b/split-files.py @@ -7,7 +7,6 @@ known_files = ''' %ghost %config(noreplace) /etc/crypttab %ghost %attr(0444,root,root) /etc/udev/hwdb.bin /etc/inittab -/usr/lib/systemd/purge-nobody-user # This directory is owned by openssh-server, but we don't want to introduce # a dependency. So let's copy the config and co-own the directory. %dir %attr(0700,root,root) /etc/ssh/sshd_config.d diff --git a/systemd.spec b/systemd.spec index 72afb14..78bf380 100644 --- a/systemd.spec +++ b/systemd.spec @@ -79,7 +79,6 @@ Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{s # It is generated during systemd build and can be found at build/src/rpm/triggers.systemd.sh. Source1: triggers.systemd Source2: split-files.py -Source3: purge-nobody-user Source4: test_sysusers_defined.py Source6: inittab @@ -940,8 +939,6 @@ touch %{buildroot}/etc/systemd/coredump.conf \ %{buildroot}/etc/udev/udev.conf \ %{buildroot}/etc/udev/iocost.conf -install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3} - # /etc/initab install -Dm0644 -t %{buildroot}/etc/ %{SOURCE6} From 13d523f84d5607b0e062101239cb853949fbffdb Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 24 Mar 2025 14:09:10 +0100 Subject: [PATCH 425/494] Relax dependencies from noarch packages on archful packages for OBS builds In OBS, noarch packages are shared between all architectures and independent architectures can be rebuilt automatically without all the other architectures getting rebuilt. This can result in the noarch packages being newer than the archful packages for some architectures, which means our current strict deps from the noarch packages on the archful packages can't be satisfied. To address this problem, let's relax the dependencies from the noarch packages on the archful packages for OBS builds. Let's only do this for OBS builds because this isn't an issue on Fedora as it's impossible to build a package for only some of the architectures. --- systemd.spec | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index 78bf380..59c906d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -46,6 +46,23 @@ # autorelease correctly if the macro is conditionalized in the Release field. %{?release_override:%global autorelease %{release_override}%{?dist}} +# In OBS, noarch packages are shared between all architectures and +# independent architectures can be rebuilt automatically without all +# the other architectures getting rebuilt. This can result in the noarch +# packages being newer than the archful packages for some architectures, +# which means our current strict deps from the noarch packages on the +# archful packages can't be satisfied. +# +# To address this problem, let's relax the dependencies from the noarch +# packages on the archful packages for OBS builds. Let's only do this for +# OBS builds because this isn't an issue on Fedora as it's impossible to +# build a package for only some of the architectures. +%if %{with obs} +%define noarch_requires_version %{version} +%else +%define noarch_requires_version %{version}-%{release} +%endif + Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by @@ -496,7 +513,7 @@ machine, and to create or grow partitions and make file systems automatically. %package ukify Summary: Tool to build Unified Kernel Images -Requires: %{name} = %{version}-%{release} +Requires: %{name} = %{noarch_requires_version} Requires: (systemd-boot if %{shrink:( filesystem(x86-32) or @@ -620,7 +637,7 @@ devices. %package networkd-defaults Summary: Configure network interfaces with networkd by default -Requires: %{name}-networkd = %{version}-%{release} +Requires: %{name}-networkd = %{noarch_requires_version} License: MIT-0 BuildArch: noarch @@ -643,7 +660,7 @@ resolver, as well as an LLMNR and MulticastDNS resolver and responder. %package oomd-defaults Summary: Configuration files for systemd-oomd -Requires: %{name}-udev = %{version}-%{release} +Requires: %{name}-udev = %{noarch_requires_version} License: LGPL-2.1-or-later BuildArch: noarch From 617952132de4ed882b9b00ceeed077f843130f91 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 27 Mar 2025 21:48:29 +0100 Subject: [PATCH 426/494] Run integration testsuite standalone if available [skip changelog] --- plans/run-integration-tests.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 32751ab..9f8bd5f 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -104,7 +104,11 @@ export TEST_SKIP="TEST-21-DFUZZER" mkosi summary mkosi -f sandbox -- true -mkosi sandbox -- meson setup --buildtype=debugoptimized -Dintegration-tests=true build +if [[ -d test/integration-tests/standalone ]]; then + mkosi sandbox -- meson setup build test/integration-tests/standalone +else + mkosi sandbox -- meson setup -Dintegration-tests=true build +fi mkosi genkey mkosi -f mkosi sandbox -- \ From e2b2ea3776bda9d537cf01012c8b236cdfad4230 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 3 Apr 2025 09:36:37 +0200 Subject: [PATCH 427/494] fmf: Use mkosi/mkosi.local.conf if the mkosi/ directory exists https://github.com/systemd/systemd/pull/36954 will move all the mkosi configuration in the systemd repository into a mkosi/ subdirectory. This means we have to put mkosi.local.conf in that subdirectory as well, so check if the mkosi/ directory exists and put mkosi.local.conf in there if it exists. The mkosi/ directory will conflict with our checkout of mkosi so we move that checkout one level up. Additionally, we can't use .. anymore as the package directory as that only works when mkosi.local.conf is in the top level directory of the repository so we use an absolute path instead. --- plans/run-integration-tests.sh | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 9f8bd5f..1393b72 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -30,39 +30,48 @@ else exit 1 fi +PACKAGEDIR="$PWD" + mkdir systemd rpm2cpio ./systemd-*.src.rpm | cpio --to-stdout --extract './*.tar.gz' | tar xz --strip-components=1 -C systemd -pushd systemd # Now prepare mkosi at the same version required by the systemd repo. git clone https://github.com/systemd/mkosi -mkosi_hash="$(grep systemd/mkosi@ .github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" +mkosi_hash="$(grep systemd/mkosi@ systemd/.github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" git -C mkosi checkout "$mkosi_hash" export PATH="$PWD/mkosi/bin:$PATH" +pushd systemd + # shellcheck source=/dev/null . /etc/os-release || . /usr/lib/os-release -tee mkosi.local.conf < Date: Thu, 3 Apr 2025 09:58:17 +0200 Subject: [PATCH 428/494] Don't try to modify mkosi.repart config if mkosi conf is in subdir [skip changelog] --- plans/run-integration-tests.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 1393b72..976ceda 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -90,8 +90,13 @@ fi # Create missing mountpoint for mkosi sandbox. mkdir -p /etc/pacman.d/gnupg -# TODO: drop once BTRFS regression is fixed -sed -i "s/Format=btrfs/Format=ext4/" mkosi.repart/10-root.conf +# We don't bother with this change if the mkosi configuration is +# in mkosi/ as if that's the case then we know for sure that the +# upstream has this fix as well. +# TODO: drop once BTRFS regression is fixed. +if [[ -f mkosi.repart/10-root.conf ]]; then + sed -i "s/Format=btrfs/Format=ext4/" mkosi.repart/10-root.conf +fi # If we don't have KVM, skip running in qemu, as it's too slow. But try to load the module first. modprobe kvm || true From cc473d807fe58c6a1cd9ade1162517fed66f6090 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 3 Apr 2025 13:05:38 +0200 Subject: [PATCH 429/494] fmf: Check out mkosi to some directory in /var/tmp Using the source tree of the spec can still lead to conflicts if a mkosi/ directory exists there (which is the case in the hyperscale systemd spec repo), so let's check out mkosi in /var/tmp to ensure we don't conflict. --- plans/run-integration-tests.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 976ceda..b3651ba 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -36,11 +36,11 @@ mkdir systemd rpm2cpio ./systemd-*.src.rpm | cpio --to-stdout --extract './*.tar.gz' | tar xz --strip-components=1 -C systemd # Now prepare mkosi at the same version required by the systemd repo. -git clone https://github.com/systemd/mkosi +git clone https://github.com/systemd/mkosi /var/tmp/systemd-integration-tests-mkosi mkosi_hash="$(grep systemd/mkosi@ systemd/.github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" -git -C mkosi checkout "$mkosi_hash" +git -C /var/tmp/systemd-integration-tests-mkosi checkout "$mkosi_hash" -export PATH="$PWD/mkosi/bin:$PATH" +export PATH="/var/tmp/systemd-integration-tests-mkosi/bin:$PATH" pushd systemd From 1126a7c6b80b9d89e7488e5409d4ef549416072a Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 3 Apr 2025 15:23:17 +0200 Subject: [PATCH 430/494] Download commit archives via full sha instead of short one Both work and if we do full sha we can retrieve the full sha from the source filename in the source rpm later on which is useful for various use cases. [skip changelog] --- systemd.spec | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index 59c906d..ecef8f6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,6 +1,3 @@ -#global commit 1781de18ab8ebc3e42a607851d8effb3b0355c87 -%{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} - # We ship a .pc file but don't want to have a dep on pkg-config. We # strip the automatically generated dep here and instead co-own the # directory. @@ -90,7 +87,7 @@ Source0: https://github.com/systemd/systemd/archive/v%{version}/%{name}-% %elif %{defined branch} Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz %elif %{defined commit} -Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{shortcommit}.tar.gz +Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{commit}.tar.gz %endif # This file must be available before %%prep. # It is generated during systemd build and can be found at build/src/rpm/triggers.systemd.sh. From 08ce156d74460867657fb9b201c8be93d31e07de Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 3 Apr 2025 16:32:38 +0200 Subject: [PATCH 431/494] fmf: Run mkosi genkey before mkosi summary Otherwise mkosi summary might fail because the key/cert don't exist yet. [skip changelog] --- plans/run-integration-tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index b3651ba..9d2e852 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -116,6 +116,7 @@ fi # for now. export TEST_SKIP="TEST-21-DFUZZER" +mkosi genkey mkosi summary mkosi -f sandbox -- true if [[ -d test/integration-tests/standalone ]]; then @@ -123,7 +124,6 @@ if [[ -d test/integration-tests/standalone ]]; then else mkosi sandbox -- meson setup -Dintegration-tests=true build fi -mkosi genkey mkosi -f mkosi sandbox -- \ meson test \ From 6646d13acae64665f63354cd60ecf963ee563b96 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 8 Apr 2025 22:02:11 +0200 Subject: [PATCH 432/494] fmf: Run tests from systemd-tests rpm if possible Running from the source tarball implies running with unpatched tests, whereas the same files from the systemd-tests package (which now contains the mkosi and integration test files) will be patched. [skip changelog] --- plans/run-integration-tests.sh | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 9d2e852..9a90fa7 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -32,18 +32,28 @@ fi PACKAGEDIR="$PWD" -mkdir systemd -rpm2cpio ./systemd-*.src.rpm | cpio --to-stdout --extract './*.tar.gz' | tar xz --strip-components=1 -C systemd +# TODO: Remove fallback once v257.6 is released. Also stop downloading source rpms then. + +# This will match both the regular and the debuginfo rpm so make sure we select only the +# non-debuginfo rpm. +RPMS=(systemd-tests-*.rpm) +rpm2cpio "${RPMS[0]}" | cpio --make-directories --extract +if [[ -d usr/lib/systemd/tests/mkosi ]]; then + pushd usr/lib/systemd/tests + mkosi_hash="$(grep "MinimumVersion=commit:" mkosi/mkosi.conf | sed "s|MinimumVersion=commit:||g")" +else + mkdir systemd + rpm2cpio systemd-*.src.rpm | cpio --to-stdout --extract './*.tar.gz' | tar xz --strip-components=1 -C systemd + pushd systemd + mkosi_hash="$(grep systemd/mkosi@ .github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" +fi # Now prepare mkosi at the same version required by the systemd repo. git clone https://github.com/systemd/mkosi /var/tmp/systemd-integration-tests-mkosi -mkosi_hash="$(grep systemd/mkosi@ systemd/.github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" git -C /var/tmp/systemd-integration-tests-mkosi checkout "$mkosi_hash" export PATH="/var/tmp/systemd-integration-tests-mkosi/bin:$PATH" -pushd systemd - # shellcheck source=/dev/null . /etc/os-release || . /usr/lib/os-release @@ -119,7 +129,9 @@ export TEST_SKIP="TEST-21-DFUZZER" mkosi genkey mkosi summary mkosi -f sandbox -- true -if [[ -d test/integration-tests/standalone ]]; then +if [[ -d integration-tests/standalone ]]; then + mkosi sandbox -- meson setup build integration-tests/standalone +elif [[ -d test/integration-tests/standalone ]]; then mkosi sandbox -- meson setup build test/integration-tests/standalone else mkosi sandbox -- meson setup -Dintegration-tests=true build From d30447702396fee8fb4a94ce4e779eaac1aab5ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 9 Apr 2025 22:35:03 +0200 Subject: [PATCH 433/494] Version 257.5 - A lot of small fixes in various components --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 828efd5..eb2dbfc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.4.tar.gz) = dfa0f6de38fa30daffabf6b02d6533ca4e7027188186d7e2e9648b99dad5c4afa30773138f18a34111e7bb2e6ddae8302284429b98b580e757dc67535846afbe +SHA512 (systemd-257.5.tar.gz) = 9e5352c20c9edac53f302a534532035185139998628ed0a85411f440df47f1dd7cce6651aec787484809bb1aa2825008d062714c37936cbfd08451fbe29a998f diff --git a/systemd.spec b/systemd.spec index ecef8f6..95ff25e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -67,7 +67,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:257.4} +Version: %{?version_override}%{!?version_override:257.5} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From f6b814cc0fad58ed1c2e8df7918489bf4217dfaa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 10 Apr 2025 15:52:59 +0200 Subject: [PATCH 434/494] Backport CI fix --- ...imit-the-number-of-iterations-when-t.patch | 62 +++++++++++++++++++ systemd.spec | 3 + 2 files changed, 65 insertions(+) create mode 100644 0001-test-sd-device-limit-the-number-of-iterations-when-t.patch diff --git a/0001-test-sd-device-limit-the-number-of-iterations-when-t.patch b/0001-test-sd-device-limit-the-number-of-iterations-when-t.patch new file mode 100644 index 0000000..8b9dddc --- /dev/null +++ b/0001-test-sd-device-limit-the-number-of-iterations-when-t.patch @@ -0,0 +1,62 @@ +From e35435b0a11e6c61c8c43b0cf8dc65a563b4a670 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 10 Apr 2025 13:51:21 +0200 +Subject: [PATCH] test-sd-device: limit the number of iterations when testing + device parent/child functions + +The test "hangs" and times out on some arm64 machines. It actually works as +expected, but the machine has 2016 children under /sys/devices/system/memory/, +and the tests do a double loop over this, which is slow enough to hit the 120 s +limit. Add a limit on the number of iterations. + +Another option would be to exclude "memory" subsystem. But we may have other +subsystems which have the same problem in the future, so I think it'll be more +robust to not try to limit the fix to a specific subsystem. + +(cherry picked from commit 74cb65e45fbf3468cf6b522e4b4fa568d95f12c6) +--- + src/libsystemd/sd-device/test-sd-device.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/libsystemd/sd-device/test-sd-device.c b/src/libsystemd/sd-device/test-sd-device.c +index 620615b6bb..aa235cf8d0 100644 +--- a/src/libsystemd/sd-device/test-sd-device.c ++++ b/src/libsystemd/sd-device/test-sd-device.c +@@ -456,6 +456,8 @@ static void check_parent_match(sd_device_enumerator *e, sd_device *dev) { + + TEST(sd_device_enumerator_add_match_parent) { + _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; ++ /* Some devices have thousands of children. Avoid spending too much time in the double loop below. */ ++ unsigned iterations = 200; + int r; + + assert_se(sd_device_enumerator_new(&e) >= 0); +@@ -473,6 +475,9 @@ TEST(sd_device_enumerator_add_match_parent) { + const char *syspath; + sd_device *parent; + ++ if (iterations-- == 0) ++ break; ++ + assert_se(sd_device_get_syspath(dev, &syspath) >= 0); + + r = sd_device_get_parent(dev, &parent); +@@ -501,6 +506,8 @@ TEST(sd_device_enumerator_add_match_parent) { + + TEST(sd_device_get_child) { + _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; ++ /* Some devices have thousands of children. Avoid spending too much time in the double loop below. */ ++ unsigned iterations = 3000; + int r; + + assert_se(sd_device_enumerator_new(&e) >= 0); +@@ -534,6 +541,9 @@ TEST(sd_device_get_child) { + FOREACH_DEVICE_CHILD_WITH_SUFFIX(parent, child, suffix) { + const char *s; + ++ if (iterations-- == 0) ++ return; ++ + assert_se(child); + assert_se(suffix); + diff --git a/systemd.spec b/systemd.spec index 95ff25e..1cb135b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -141,6 +141,9 @@ Patch: 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch + +# Backport of CI fix +Patch: 0001-test-sd-device-limit-the-number-of-iterations-when-t.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From f6af46db12a93d9bc8ab097f2fe2b4887543ff80 Mon Sep 17 00:00:00 2001 From: LuK1337 Date: Fri, 18 Apr 2025 00:18:57 +0200 Subject: [PATCH 435/494] Backport adb/fastboot udev rules (BZ#2356537) --- 36939.patch | 44 ++++++++++++++++++++++++++++++++++++++++++++ systemd.spec | 4 ++++ 2 files changed, 48 insertions(+) create mode 100644 36939.patch diff --git a/36939.patch b/36939.patch new file mode 100644 index 0000000..a90d8cc --- /dev/null +++ b/36939.patch @@ -0,0 +1,44 @@ +From 1bd33efc903923b551cfde93457d0c446f7ec253 Mon Sep 17 00:00:00 2001 +From: LuK1337 +Date: Tue, 1 Apr 2025 22:23:06 +0200 +Subject: [PATCH] rules: Make ADB and fastboot work out-of-the-box + +https://android.googlesource.com/platform/packages/modules/adb/+/d0db47dcdf941673f405e1095e6ffb5e565902e5/adb.h#199 +https://android.googlesource.com/platform/system/core/+/7199051aaf0ddfa2849650933119307327d8669c/fastboot/fastboot.cpp#244 +--- + rules.d/70-uaccess.rules.in | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/rules.d/70-uaccess.rules.in b/rules.d/70-uaccess.rules.in +index 046f169e447b9..96b61cec32b25 100644 +--- a/rules.d/70-uaccess.rules.in ++++ b/rules.d/70-uaccess.rules.in +@@ -77,6 +77,20 @@ ENV{DDC_DEVICE}=="?*", TAG+="uaccess" + # media player raw devices (for user-mode drivers, Android SDK, etc.) + SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="uaccess" + ++# Android devices (ADB DbC, ADB, Fastboot) ++# Used to interact with devices over Android Debug Bridge and Fastboot protocols, see: ++# * https://developer.android.com/tools/adb ++# * https://source.android.com/docs/setup/test/running ++# * https://source.android.com/docs/setup/test/flash ++# ++# The bInterfaceClass and bInterfaceSubClass used are documented in source code here: ++# * https://android.googlesource.com/platform/packages/modules/adb/+/d0db47dcdf941673f405e1095e6ffb5e565902e5/adb.h#199 ++# * https://android.googlesource.com/platform/system/core/+/7199051aaf0ddfa2849650933119307327d8669c/fastboot/fastboot.cpp#244 ++# ++# Since it's using a generic vendor specific interface class, this can potentially result ++# in a rare case where non-ADB/Fastboot device ends up with an ID_DEBUG_APPLIANCE="android". ++SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:dc0201:*|*:ff4201:*|*:ff4203:*", ENV{ID_DEBUG_APPLIANCE}="android" ++ + # software-defined radio communication devices + ENV{ID_SOFTWARE_RADIO}=="?*", TAG+="uaccess" + +@@ -111,4 +125,7 @@ SUBSYSTEM=="hidraw", ENV{ID_HARDWARE_WALLET}=="1", TAG+="uaccess" + # As defined in https://en.wikipedia.org/wiki/3Dconnexion + SUBSYSTEM=="hidraw", ENV{ID_INPUT_3D_MOUSE}=="1", TAG+="uaccess" + ++# Debug interfaces (e.g. Android Debug Bridge) ++ENV{ID_DEBUG_APPLIANCE}=="?*", TAG+="uaccess" ++ + LABEL="uaccess_end" diff --git a/systemd.spec b/systemd.spec index 1cb135b..fa5ad80 100644 --- a/systemd.spec +++ b/systemd.spec @@ -138,6 +138,10 @@ Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch # https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers. Patch: 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch +# Backport of adb/fastboot udev rules: +# https://bugzilla.redhat.com/show_bug.cgi?id=2356537 +Patch: https://github.com/systemd/systemd/pull/36939.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch From 451184cbea3d4dfc9310fd6abe47221d942ad0ab Mon Sep 17 00:00:00 2001 From: LuK1337 Date: Fri, 2 May 2025 09:54:13 +0200 Subject: [PATCH 436/494] Revert "Disable freezing of user sessions" This breaks suspend on my machine as of Linux 6.14, furthermore both linked issues in rhbz#2321268 are closed and fixed in Linux upstream. This reverts commit 6162965002f9e6052e0ce8d6810028da4679e55a. --- systemd.spec | 9 --------- 1 file changed, 9 deletions(-) diff --git a/systemd.spec b/systemd.spec index fa5ad80..4949a58 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1111,15 +1111,6 @@ mv %{buildroot}/usr/lib/tmpfiles.d/20-systemd-userdb.conf{,.example} install -m 0644 -t %{buildroot}%{_prefix}/lib/pam.d/ %{SOURCE26} -# Disable freezing of user sessions while we're working out the details. -mkdir -p %{buildroot}/usr/lib/systemd/system/service.d/ -cat >>%{buildroot}/usr/lib/systemd/system/service.d/50-keep-warm.conf < Date: Thu, 8 May 2025 14:14:40 +0200 Subject: [PATCH 437/494] Move mount.ddi symlinks to -container subpackage Those symlinks point to systemd-dissect, so with just the main subpackage installed, the symlink was dangling. --- split-files.py | 1 + 1 file changed, 1 insertion(+) diff --git a/split-files.py b/split-files.py index 61c539e..9afeaeb 100644 --- a/split-files.py +++ b/split-files.py @@ -148,6 +148,7 @@ for file in files(buildroot): elif re.search(r'''mymachines| machinectl| + mount.ddi| importctl| portablectl| systemd-nspawn| From 5a53eac13c5e0c1c1700957420fd19ecf4a6aab9 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Tue, 20 May 2025 12:48:35 +0200 Subject: [PATCH 438/494] Package pcrlock files together with systemd-pcrlock ... (rhbz#2366948) --- split-files.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/split-files.py b/split-files.py index 9afeaeb..0cf0f6c 100644 --- a/split-files.py +++ b/split-files.py @@ -129,7 +129,7 @@ for file in files(buildroot): o = outputs['shared'] elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n): o = outputs['udev'] - elif re.search(r'/lib.*\.pc|/man3/|/usr/include|\.so$', n): + elif re.search(r'/lib.*\.pc$|/man3/|/usr/include|\.so$', n): o = outputs['devel'] elif re.search(r'''journal-(remote|gateway|upload)| systemd-remote\.conf| @@ -234,7 +234,8 @@ for file in files(buildroot): integritytab| remount-fs| /initrd| - systemd-pcr| + systemd[.-]pcr| + /pcrlock\.d| systemd-measure| /boot$| /kernel/| From ed6b885327a9a46dc692576220e2187b9b6ff0e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 29 May 2025 18:57:50 +0200 Subject: [PATCH 439/494] Version 257.6 - Fix for local information disclosure in systemd-coredump (CVE-2025-4598) - Fixes for systemd itself, run0, systemd-networkd, "secure" pager, man pages, shell completions, sd-boot, sd-varlink - Hardware database update --- ...imit-the-number-of-iterations-when-t.patch | 62 ------------------- 36939.patch | 44 ------------- sources | 2 +- systemd.spec | 12 +--- 4 files changed, 4 insertions(+), 116 deletions(-) delete mode 100644 0001-test-sd-device-limit-the-number-of-iterations-when-t.patch delete mode 100644 36939.patch diff --git a/0001-test-sd-device-limit-the-number-of-iterations-when-t.patch b/0001-test-sd-device-limit-the-number-of-iterations-when-t.patch deleted file mode 100644 index 8b9dddc..0000000 --- a/0001-test-sd-device-limit-the-number-of-iterations-when-t.patch +++ /dev/null @@ -1,62 +0,0 @@ -From e35435b0a11e6c61c8c43b0cf8dc65a563b4a670 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 10 Apr 2025 13:51:21 +0200 -Subject: [PATCH] test-sd-device: limit the number of iterations when testing - device parent/child functions - -The test "hangs" and times out on some arm64 machines. It actually works as -expected, but the machine has 2016 children under /sys/devices/system/memory/, -and the tests do a double loop over this, which is slow enough to hit the 120 s -limit. Add a limit on the number of iterations. - -Another option would be to exclude "memory" subsystem. But we may have other -subsystems which have the same problem in the future, so I think it'll be more -robust to not try to limit the fix to a specific subsystem. - -(cherry picked from commit 74cb65e45fbf3468cf6b522e4b4fa568d95f12c6) ---- - src/libsystemd/sd-device/test-sd-device.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/src/libsystemd/sd-device/test-sd-device.c b/src/libsystemd/sd-device/test-sd-device.c -index 620615b6bb..aa235cf8d0 100644 ---- a/src/libsystemd/sd-device/test-sd-device.c -+++ b/src/libsystemd/sd-device/test-sd-device.c -@@ -456,6 +456,8 @@ static void check_parent_match(sd_device_enumerator *e, sd_device *dev) { - - TEST(sd_device_enumerator_add_match_parent) { - _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; -+ /* Some devices have thousands of children. Avoid spending too much time in the double loop below. */ -+ unsigned iterations = 200; - int r; - - assert_se(sd_device_enumerator_new(&e) >= 0); -@@ -473,6 +475,9 @@ TEST(sd_device_enumerator_add_match_parent) { - const char *syspath; - sd_device *parent; - -+ if (iterations-- == 0) -+ break; -+ - assert_se(sd_device_get_syspath(dev, &syspath) >= 0); - - r = sd_device_get_parent(dev, &parent); -@@ -501,6 +506,8 @@ TEST(sd_device_enumerator_add_match_parent) { - - TEST(sd_device_get_child) { - _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; -+ /* Some devices have thousands of children. Avoid spending too much time in the double loop below. */ -+ unsigned iterations = 3000; - int r; - - assert_se(sd_device_enumerator_new(&e) >= 0); -@@ -534,6 +541,9 @@ TEST(sd_device_get_child) { - FOREACH_DEVICE_CHILD_WITH_SUFFIX(parent, child, suffix) { - const char *s; - -+ if (iterations-- == 0) -+ return; -+ - assert_se(child); - assert_se(suffix); - diff --git a/36939.patch b/36939.patch deleted file mode 100644 index a90d8cc..0000000 --- a/36939.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 1bd33efc903923b551cfde93457d0c446f7ec253 Mon Sep 17 00:00:00 2001 -From: LuK1337 -Date: Tue, 1 Apr 2025 22:23:06 +0200 -Subject: [PATCH] rules: Make ADB and fastboot work out-of-the-box - -https://android.googlesource.com/platform/packages/modules/adb/+/d0db47dcdf941673f405e1095e6ffb5e565902e5/adb.h#199 -https://android.googlesource.com/platform/system/core/+/7199051aaf0ddfa2849650933119307327d8669c/fastboot/fastboot.cpp#244 ---- - rules.d/70-uaccess.rules.in | 17 +++++++++++++++++ - 1 file changed, 17 insertions(+) - -diff --git a/rules.d/70-uaccess.rules.in b/rules.d/70-uaccess.rules.in -index 046f169e447b9..96b61cec32b25 100644 ---- a/rules.d/70-uaccess.rules.in -+++ b/rules.d/70-uaccess.rules.in -@@ -77,6 +77,20 @@ ENV{DDC_DEVICE}=="?*", TAG+="uaccess" - # media player raw devices (for user-mode drivers, Android SDK, etc.) - SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="uaccess" - -+# Android devices (ADB DbC, ADB, Fastboot) -+# Used to interact with devices over Android Debug Bridge and Fastboot protocols, see: -+# * https://developer.android.com/tools/adb -+# * https://source.android.com/docs/setup/test/running -+# * https://source.android.com/docs/setup/test/flash -+# -+# The bInterfaceClass and bInterfaceSubClass used are documented in source code here: -+# * https://android.googlesource.com/platform/packages/modules/adb/+/d0db47dcdf941673f405e1095e6ffb5e565902e5/adb.h#199 -+# * https://android.googlesource.com/platform/system/core/+/7199051aaf0ddfa2849650933119307327d8669c/fastboot/fastboot.cpp#244 -+# -+# Since it's using a generic vendor specific interface class, this can potentially result -+# in a rare case where non-ADB/Fastboot device ends up with an ID_DEBUG_APPLIANCE="android". -+SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:dc0201:*|*:ff4201:*|*:ff4203:*", ENV{ID_DEBUG_APPLIANCE}="android" -+ - # software-defined radio communication devices - ENV{ID_SOFTWARE_RADIO}=="?*", TAG+="uaccess" - -@@ -111,4 +125,7 @@ SUBSYSTEM=="hidraw", ENV{ID_HARDWARE_WALLET}=="1", TAG+="uaccess" - # As defined in https://en.wikipedia.org/wiki/3Dconnexion - SUBSYSTEM=="hidraw", ENV{ID_INPUT_3D_MOUSE}=="1", TAG+="uaccess" - -+# Debug interfaces (e.g. Android Debug Bridge) -+ENV{ID_DEBUG_APPLIANCE}=="?*", TAG+="uaccess" -+ - LABEL="uaccess_end" diff --git a/sources b/sources index eb2dbfc..3600679 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.5.tar.gz) = 9e5352c20c9edac53f302a534532035185139998628ed0a85411f440df47f1dd7cce6651aec787484809bb1aa2825008d062714c37936cbfd08451fbe29a998f +SHA512 (systemd-257.6.tar.gz) = ceed65196d4235f53db00f5970eadff79149629d8c34f79593d0b326ece536ea0b4f97192458989b5fccbd9438bb2dbb0abda2a5e6c3449a709c9a0889e29d3d diff --git a/systemd.spec b/systemd.spec index 4949a58..990e4b1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -67,7 +67,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:257.5} +Version: %{?version_override}%{!?version_override:257.6} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif @@ -128,6 +128,8 @@ Patch: https://github.com/systemd/systemd/pull/26494.patch %endif %if %{without upstream} +# Those are downstream-only patches, but we don't want them in packit builds. + # Temporarily drop use of PrivateTmp=disconnected. This is causing failures # in various places: # https://bugzilla.redhat.com/show_bug.cgi?id=2334015 @@ -138,16 +140,8 @@ Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch # https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers. Patch: 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch -# Backport of adb/fastboot udev rules: -# https://bugzilla.redhat.com/show_bug.cgi?id=2356537 -Patch: https://github.com/systemd/systemd/pull/36939.patch - -# Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch - -# Backport of CI fix -Patch: 0001-test-sd-device-limit-the-number-of-iterations-when-t.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From 92c16c1daba4375f394b256d6dc2198232edbc87 Mon Sep 17 00:00:00 2001 From: Matteo Croce Date: Wed, 16 Apr 2025 15:39:33 +0200 Subject: [PATCH 440/494] Let systemd-{sysusers,shared} conflict with older systemd When downgrading to package versions before 257.3-6 we have this error: Error: Transaction test error: file /usr/bin/systemd-sysusers from install of systemd-257-9.el10.x86_64 conflicts with file from package systemd-sysusers-258~devel-20250416115850.el10.x86_64 Add Conflicts on systemd-sysusers subpackage to allow downgrades across version 257.3-6. --- systemd.spec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/systemd.spec b/systemd.spec index 990e4b1..977a88f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -389,6 +389,10 @@ Libraries for systemd and udev. %package shared Summary: Internal systemd shared library License: LGPL-2.1-or-later AND MIT +# in 257.3-6 /usr/lib64/systemd/libsystemd-shared-257.2-14.fc42.so +# was moved from package systemd to systemd-shared. +# Add a conflit to allow downgrades across this change. +Conflicts: %{name} < 257.3-6 %description shared Internal libraries used by various systemd binaries. @@ -415,6 +419,9 @@ for information how to use those macros. Summary: systemd-sysusers program Requires: %{name}-shared%{_isa} = %{version}-%{release} Conflicts: %{name}-standalone-sysusers +# in 257.3-6 /usr/bin/systemd-sysusers was moved from package systemd +# to systemd-sysusers. Add a conflit to allow downgrades across this change. +Conflicts: %{name} < 257.3-6 %description sysusers This package contains the systemd-sysusers program. From 7de88c66bdc26920db570e67ef74e579f8461d9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 5 Jun 2025 01:08:22 +0200 Subject: [PATCH 441/494] Do not mark symlinks as %ghost When testing build reproducibility, we got the following result: + rpmdiff cache/rpms/systemd-257.6-1.fc43/systemd-257.6-1.fc43.x86_64.rpm \ cache/build/systemd-257.6-1.fc43/rebuild/systemd-257.6-1.fc43.x86_64.rpm ......V..F. /etc/xdg/systemd/user This is because we'd apply %ghost to a symlink to a directory, if the directory stat reported 0 blocks. It seems that this depends on the filesystem type or something and didn't pop up in previous rebuilds. The first chunk is a noop to increase clarity. The resulting difference from this patch in the file list: $ diff -u systemd-257.6-build/systemd-257.6/.file-list-main{.0,} -%config(noreplace) %ghost /etc/xdg/systemd/user +%config(noreplace) /etc/xdg/systemd/user --- split-files.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/split-files.py b/split-files.py index 0cf0f6c..d533c51 100644 --- a/split-files.py +++ b/split-files.py @@ -270,13 +270,13 @@ for file in files(buildroot): if n in known_files: prefix = known_files[n].split()[:-1] - elif file.is_dir() and not file.is_symlink(): + elif file.is_dir(follow_symlinks=False): prefix = ['%dir'] elif 'README' in n: prefix = ['%doc'] elif n.startswith('/etc'): prefix = ['%config(noreplace)'] - if file.stat().st_size == 0: + if not file.is_symlink() and file.stat().st_size == 0: prefix += ['%ghost'] else: prefix = [] From 5d30fd3b269b979fb982df7439aac568ddf5e53c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 26 Jun 2025 14:17:05 +0200 Subject: [PATCH 442/494] Version 257.7 - Fixes for systemd itself, systemd-repart, systemd-resolved, systemd-vmspawn, systemd-networkd, resolvectl, bootctl, the shared library code, man pages, shell completions, and tests. - Hardware database is updated. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 3600679..5c43434 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.6.tar.gz) = ceed65196d4235f53db00f5970eadff79149629d8c34f79593d0b326ece536ea0b4f97192458989b5fccbd9438bb2dbb0abda2a5e6c3449a709c9a0889e29d3d +SHA512 (systemd-257.7.tar.gz) = fdc7c0153432b261ad8018c869dc714ce1d6d2a8428bdec46f7c5f120b196d3a553a375ae433f0c166c57b6e8b3c56549f585349b7b6ff83c2a86a32982d8411 diff --git a/systemd.spec b/systemd.spec index 977a88f..d57bd48 100644 --- a/systemd.spec +++ b/systemd.spec @@ -67,7 +67,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:257.6} +Version: %{?version_override}%{!?version_override:257.7} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From 40b38a04d27fd2a8b6fc277df67e14a0abbb3cfc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 2 Jul 2025 16:21:29 +0200 Subject: [PATCH 443/494] Build docs on 64-bit architectures only In the light of the recent discussion about dropping i686 packages, let's stop building our docs there. This reduces the amount of tools needed in the mock root. Unfortunately we need to move the man page out of the noarch ukify subpackage, because it needs to be the same on all architectures where it is built. --- split-files.py | 2 +- systemd.spec | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/split-files.py b/split-files.py index d533c51..5b20b85 100644 --- a/split-files.py +++ b/split-files.py @@ -121,7 +121,7 @@ for file in files(buildroot): o = outputs['rpm-macros'] elif '/usr/lib/systemd/tests' in n: o = outputs['tests'] - elif 'ukify' in n: + elif 'ukify' in n and '/man/' not in n: o = outputs['ukify'] elif re.search(r'/libsystemd-core-.*\.so$', n): o = outputs['main'] diff --git a/systemd.spec b/systemd.spec index d57bd48..056f7a6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -24,7 +24,8 @@ %bcond bootstrap 0 %bcond tests 1 %bcond lto 1 -%bcond docs 1 +# Build docs on 64-bit architectures only +%bcond docs %[%{?__isa_bits} >= 64] # Build from git main %bcond upstream 0 From ed7d2f11320e3d185bb378abdf422541b845bad4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 8 Jul 2025 12:50:10 +0200 Subject: [PATCH 444/494] Add "test" that LTO effectively removes unused code from shared lib --- systemd.spec | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/systemd.spec b/systemd.spec index 056f7a6..9f1c661 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1128,6 +1128,14 @@ BRP_PESIGN_FILES=/usr/lib/systemd/boot/efi/systemd-boot%{efi_arch}.efi BRP_PESIG meson test -C %{_vpath_builddir} -t 6 --print-errorlogs %endif +%if %{with lto} +# Make sure that LTO is effective at removing unused code. When compiled +# without LTO, we end up with all of libbasic_static.a in libsystemd.so. +# For example, all the configuration stuff is not needed for libsystemd.so. +# Make sure it is gone. +(! strings %{buildroot}%{_libdir}/libsystemd.so | grep Config) +%endif + ############################################################################################# %if %{without upstream} || (0%{?fedora} < 41 && 0%{?rhel} < 11) From 98cc5fd91a04856a5d5c6a4c41f3294327e14146 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 23 Jul 2025 22:50:45 +0200 Subject: [PATCH 445/494] Version 258~rc1 - See https://raw.githubusercontent.com/systemd/systemd/v258-rc1/NEWS. Too many changes to list or discuss here. --- ...dit-events-for-user-and-group-creati.patch | 287 ------------------ 30846.patch | 15 +- sources | 2 +- split-files.py | 2 +- systemd.spec | 15 +- 5 files changed, 17 insertions(+), 304 deletions(-) delete mode 100644 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch diff --git a/0002-sysusers-emit-audit-events-for-user-and-group-creati.patch b/0002-sysusers-emit-audit-events-for-user-and-group-creati.patch deleted file mode 100644 index d442f5a..0000000 --- a/0002-sysusers-emit-audit-events-for-user-and-group-creati.patch +++ /dev/null @@ -1,287 +0,0 @@ -From 398049208b4aae5f2a9f0d4914dee6ab6e101118 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 10 Jan 2025 15:35:13 +0100 -Subject: [PATCH 2/2] sysusers: emit audit events for user and group creation - -Background: Fedora/RHEL are switching to sysusers.d metadata for creation of -users and groups for system users defined by packages -(https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers). -Packages carry sysusers files. During package installation, rpm calls an -program to execute on this config. This program may either be -/usr/lib/rpm/sysusers.sh which calls useradd/groupadd, or -/usr/bin/systemd-sysusers. To match the functionality provided by -useradd/groupadd from the shadow-utils project, systemd-sysusers must emit -audit events so that it provides a drop-in replacement. - -systemd-sysuers will emit audit events AUDIT_ADD_USER/AUDIT_ADD_GROUP when -adding users and groups. The operation "names" are copied from shadow-utils in -Fedora (which has a patch to change them from the upstream version), so the -format of the events that is generated on success should be identical. - -The helper code is shared between sysusers and utmp-wtmp. I changed the -audit_fd variable to be unconditional. This way we can avoid ugly iffdefery -every time the variable would be used. The cost is that 4 bytes of unused -storage might be present. This is negligible, and the compiler might even be -able to optimize that away if it inlines things. ---- - src/basic/audit-util.h | 33 +++++++++++++++++++++ - src/sysusers/meson.build | 2 ++ - src/sysusers/sysusers.c | 56 +++++++++++++++++++++++++++++++++++ - src/update-utmp/update-utmp.c | 23 ++------------ - 4 files changed, 94 insertions(+), 20 deletions(-) - -diff --git a/src/basic/audit-util.h b/src/basic/audit-util.h -index 9a74e4f102..d8ecf14f69 100644 ---- a/src/basic/audit-util.h -+++ b/src/basic/audit-util.h -@@ -1,10 +1,16 @@ - /* SPDX-License-Identifier: LGPL-2.1-or-later */ - #pragma once - -+#if HAVE_AUDIT -+# include -+#endif -+ - #include - #include - #include - -+#include "errno-util.h" -+#include "log.h" - #include "pidref.h" - - #define AUDIT_SESSION_INVALID UINT32_MAX -@@ -17,3 +23,30 @@ bool use_audit(void); - static inline bool audit_session_is_valid(uint32_t id) { - return id > 0 && id != AUDIT_SESSION_INVALID; - } -+ -+/* The wrappers for audit_open() and audit_close() are inline functions so that we don't get a spurious -+ * linkage to libaudit in libbasic, but we also don't need to create a separate source file for two very -+ * short functions. */ -+ -+static inline int close_audit_fd(int fd) { -+#if HAVE_AUDIT -+ if (fd >= 0) -+ audit_close(fd); -+#else -+ assert(fd < 0); -+#endif -+ return -EBADF; -+} -+ -+static inline int open_audit_fd_or_warn(void) { -+ int fd = -EBADF; -+ -+#if HAVE_AUDIT -+ /* If the kernel lacks netlink or audit support, don't worry about it. */ -+ fd = audit_open(); -+ if (fd < 0) -+ return log_full_errno(ERRNO_IS_NOT_SUPPORTED(errno) ? LOG_DEBUG : LOG_WARNING, -+ errno, "Failed to connect to audit log, ignoring: %m"); -+#endif -+ return fd; -+} -diff --git a/src/sysusers/meson.build b/src/sysusers/meson.build -index 123ff41d3f..c968f55110 100644 ---- a/src/sysusers/meson.build -+++ b/src/sysusers/meson.build -@@ -9,6 +9,7 @@ executables += [ - 'name' : 'systemd-sysusers', - 'public' : true, - 'sources' : files('sysusers.c'), -+ 'dependencies' : libaudit, - }, - executable_template + { - 'name' : 'systemd-sysusers.standalone', -@@ -20,6 +21,7 @@ executables += [ - libshared_static, - libsystemd_static, - ], -+ 'dependencies' : libaudit, - 'build_by_default' : have_standalone_binaries, - 'install' : have_standalone_binaries, - }, -diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c -index 44253483db..84eb9fc0c3 100644 ---- a/src/sysusers/sysusers.c -+++ b/src/sysusers/sysusers.c -@@ -3,6 +3,7 @@ - #include - - #include "alloc-util.h" -+#include "audit-util.h" - #include "build.h" - #include "chase.h" - #include "conf-files.h" -@@ -106,6 +107,8 @@ STATIC_DESTRUCTOR_REGISTER(arg_image, freep); - STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep); - - typedef struct Context { -+ int audit_fd; -+ - OrderedHashmap *users, *groups; - OrderedHashmap *todo_uids, *todo_gids; - OrderedHashmap *members; -@@ -126,6 +129,8 @@ typedef struct Context { - static void context_done(Context *c) { - assert(c); - -+ c->audit_fd = close_audit_fd(c->audit_fd); -+ - ordered_hashmap_free(c->groups); - ordered_hashmap_free(c->users); - ordered_hashmap_free(c->members); -@@ -163,6 +168,48 @@ static void maybe_emit_login_defs_warning(Context *c) { - c->login_defs_need_warning = false; - } - -+static void log_audit_accounts(Context *c, ItemType what) { -+#if HAVE_AUDIT -+ assert(c); -+ assert(IN_SET(what, ADD_USER, ADD_GROUP)); -+ -+ if (arg_dry_run || c->audit_fd < 0) -+ return; -+ -+ Item *i; -+ int type = what == ADD_USER ? AUDIT_ADD_USER : AUDIT_ADD_GROUP; -+ const char *op = what == ADD_USER ? "adding-user" : "adding-group"; -+ -+ /* Notes: -+ * -+ * The op must not contain whitespace. The format with a dash matches what Fedora shadow-utils uses. -+ * -+ * We send id == -1, even though we know the number, in particular on success. This is because if we -+ * send the id, the generated audit message will not contain the name. The name seems more useful -+ * than the number, hence send just the name: -+ * -+ * type=ADD_USER msg=audit(01/10/2025 16:02:00.639:3854) : -+ * pid=3846380 uid=root auid=zbyszek ses=2 msg='op=adding-user id=unknown(952) exe=systemd-sysusers ... res=success' -+ * vs. -+ * type=ADD_USER msg=audit(01/10/2025 16:03:15.457:3908) : -+ * pid=3846607 uid=root auid=zbyszek ses=2 msg='op=adding-user acct=foo5 exe=systemd-sysusers ... res=success' -+ */ -+ -+ ORDERED_HASHMAP_FOREACH(i, what == ADD_USER ? c->todo_uids : c->todo_gids) -+ audit_log_acct_message( -+ c->audit_fd, -+ type, -+ program_invocation_short_name, -+ op, -+ i->name, -+ /* id= */ (unsigned) -1, -+ /* host= */ NULL, -+ /* addr= */ NULL, -+ /* tty= */ NULL, -+ /* success= */ 1); -+#endif -+} -+ - static int load_user_database(Context *c) { - _cleanup_fclose_ FILE *f = NULL; - const char *passwd_path; -@@ -971,6 +1018,8 @@ static int write_files(Context *c) { - group_tmp, group_path); - group_tmp = mfree(group_tmp); - } -+ /* OK, we have written the group entries successfully */ -+ log_audit_accounts(c, ADD_GROUP); - if (gshadow) { - r = rename_and_apply_smack_floor_label(gshadow_tmp, gshadow_path); - if (r < 0) -@@ -988,6 +1037,8 @@ static int write_files(Context *c) { - - passwd_tmp = mfree(passwd_tmp); - } -+ /* OK, we have written the user entries successfully */ -+ log_audit_accounts(c, ADD_USER); - if (shadow) { - r = rename_and_apply_smack_floor_label(shadow_tmp, shadow_path); - if (r < 0) -@@ -2232,6 +2283,7 @@ static int run(int argc, char *argv[]) { - #endif - _cleanup_close_ int lock = -EBADF; - _cleanup_(context_done) Context c = { -+ .audit_fd = -EBADF, - .search_uid = UID_INVALID, - }; - -@@ -2281,6 +2333,10 @@ static int run(int argc, char *argv[]) { - assert(!arg_image); - #endif - -+ /* Prepare to emit audit events, but only if we're operating on the host system. */ -+ if (!arg_root) -+ c.audit_fd = open_audit_fd_or_warn(); -+ - /* If command line arguments are specified along with --replace, read all configuration files and - * insert the positional arguments at the specified place. Otherwise, if command line arguments are - * specified, execute just them, and finally, without --replace= or any positional arguments, just -diff --git a/src/update-utmp/update-utmp.c b/src/update-utmp/update-utmp.c -index a10e6d478a..6df9414063 100644 ---- a/src/update-utmp/update-utmp.c -+++ b/src/update-utmp/update-utmp.c -@@ -5,12 +5,9 @@ - #include - #include - --#if HAVE_AUDIT --#include --#endif -- - #include "sd-bus.h" - -+#include "audit-util.h" - #include "alloc-util.h" - #include "bus-error.h" - #include "bus-locator.h" -@@ -30,20 +27,14 @@ - - typedef struct Context { - sd_bus *bus; --#if HAVE_AUDIT - int audit_fd; --#endif - } Context; - - static void context_clear(Context *c) { - assert(c); - - c->bus = sd_bus_flush_close_unref(c->bus); --#if HAVE_AUDIT -- if (c->audit_fd >= 0) -- audit_close(c->audit_fd); -- c->audit_fd = -EBADF; --#endif -+ c->audit_fd = close_audit_fd(c->audit_fd); - } - - static int get_startup_monotonic_time(Context *c, usec_t *ret) { -@@ -256,22 +247,14 @@ static int run(int argc, char *argv[]) { - }; - - _cleanup_(context_clear) Context c = { --#if HAVE_AUDIT - .audit_fd = -EBADF, --#endif - }; - - log_setup(); - - umask(0022); - --#if HAVE_AUDIT -- /* If the kernel lacks netlink or audit support, don't worry about it. */ -- c.audit_fd = audit_open(); -- if (c.audit_fd < 0) -- log_full_errno(IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT) ? LOG_DEBUG : LOG_WARNING, -- errno, "Failed to connect to audit log, ignoring: %m"); --#endif -+ c.audit_fd = open_audit_fd_or_warn(); - - return dispatch_verb(argc, argv, verbs, &c); - } --- -2.47.1 - diff --git a/30846.patch b/30846.patch index ca9cffb..77da69f 100644 --- a/30846.patch +++ b/30846.patch @@ -1,4 +1,4 @@ -From 9e3d6b193d79ce447cd329617ada941f331570a9 Mon Sep 17 00:00:00 2001 +From 07bedc8f93277f705622625f440a1f56ccff1cd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 9 Jan 2024 11:28:04 +0100 Subject: [PATCH] journal: again create user journals for users with high uids @@ -39,17 +39,18 @@ revert the change to fix user systems. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843. --- - src/basic/uid-classification.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + src/basic/uid-classification.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/basic/uid-classification.c b/src/basic/uid-classification.c -index e2d2cebc6de27..2c8b06c0d3088 100644 +index 203ce2c68a..2eb384395d 100644 --- a/src/basic/uid-classification.c +++ b/src/basic/uid-classification.c -@@ -127,5 +127,5 @@ bool uid_for_system_journal(uid_t uid) { +@@ -129,5 +129,6 @@ bool uid_for_system_journal(uid_t uid) { /* Returns true if the specified UID shall get its data stored in the system journal. */ -- return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY || uid_is_container(uid); -+ return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY; +- return uid_is_system(uid) || uid_is_dynamic(uid) || uid_is_greeter(uid) || uid == UID_NOBODY || uid_is_container(uid) || uid_is_foreign(uid); ++ return uid_is_system(uid) || uid_is_dynamic(uid) || uid_is_greeter(uid) || uid == UID_NOBODY || uid_is_foreign(uid); ++ } diff --git a/sources b/sources index 5c43434..f685aed 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.7.tar.gz) = fdc7c0153432b261ad8018c869dc714ce1d6d2a8428bdec46f7c5f120b196d3a553a375ae433f0c166c57b6e8b3c56549f585349b7b6ff83c2a86a32982d8411 +SHA512 (systemd-258-rc1.tar.gz) = 4dff1d4de6deb085cfa6827208692fe84a3adfe04f048d7a88e6f980ce11afee3cc53f2e7f1bc878480f24a085c0acff84b64c150032dde235a279c742dbff08 diff --git a/split-files.py b/split-files.py index 5b20b85..8405956 100644 --- a/split-files.py +++ b/split-files.py @@ -155,7 +155,7 @@ for file in files(buildroot): systemd\.nspawn| systemd-vmspawn| systemd-dissect| - import-pubring.gpg| + import-pubring| systemd-machined| systemd-import| systemd-export| diff --git a/systemd.spec b/systemd.spec index 9f1c661..cbbce96 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:257.7} +Version: %{?version_override}%{!?version_override:258~rc1} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif @@ -84,7 +84,7 @@ Summary: System and Service Manager # packit will always rewrite the first Source0 it finds, ignoring any conditionals so list # the fallback source that's used if neither %%branch nor %%commit are defined first. %if %{undefined branch} && %{undefined commit} -Source0: https://github.com/systemd/systemd/archive/v%{version}/%{name}-%{version}.tar.gz +Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %elif %{defined branch} Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz %elif %{defined commit} @@ -137,10 +137,6 @@ Patch: https://github.com/systemd/systemd/pull/26494.patch # https://github.com/coreos/fedora-coreos-tracker/issues/1857 Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch -# Backport of sysusers audit support for -# https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers. -Patch: 0002-sysusers-emit-audit-events-for-user-and-group-creati.patch - # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch %endif @@ -500,6 +496,10 @@ Obsoletes: u2f-hidraw-policy < 1.0.2-40 Conflicts: %{name}-standalone-repart Provides: %{name}-repart = %{version}-%{release} +# Newer versions of those are required to support X11 keycode remapping +Conflicts: xorg-x11-drv-evdev < 2.11.0 +Conflicts: xorg-x11-drv-libinput < 1.5.0 + %if "%{_sbindir}" == "%{_bindir}" # Compat symlinks for Requires in other packages. # We rely on filesystem to create the symlinks for us. @@ -741,7 +741,7 @@ main systemd package and is meant for use in exitrds. %elif %{defined commit} %autosetup -n %{name}-%{commit} -p1 %else -%autosetup -n %{name}-%{version} -p1 +%autosetup -n %{name}-%{version_no_tilde} -p1 %endif # Disable user lockdown until rpm implements it natively. @@ -804,7 +804,6 @@ CONFIGURE_OPTS=( -Dacl=enabled -Dsmack=true -Dopenssl=enabled - -Dcryptolib=openssl -Dp11kit=enabled -Dgcrypt=disabled -Daudit=enabled From 8d1645af7549815a89b8262621be4c95afa4201f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 25 Jul 2025 14:08:10 +0200 Subject: [PATCH 446/494] Use again %{version} when building in OBS %{version_no_tilde} no work. [skip changelog] --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index cbbce96..5911992 100644 --- a/systemd.spec +++ b/systemd.spec @@ -740,6 +740,8 @@ main systemd package and is meant for use in exitrds. %autosetup -n %{name}-%{branch} -p1 %elif %{defined commit} %autosetup -n %{name}-%{commit} -p1 +%elif %{with obs} +%autosetup -n %{name}-%{version} -p1 %else %autosetup -n %{name}-%{version_no_tilde} -p1 %endif From 2ace9416e85dd4759f7c0db4bb79d2bc9302dd77 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 25 Jul 2025 18:05:35 +0200 Subject: [PATCH 447/494] obs: also use version with tilde for Source0 [skip changelog] --- systemd.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 5911992..e15b511 100644 --- a/systemd.spec +++ b/systemd.spec @@ -83,7 +83,9 @@ Summary: System and Service Manager # download tarballs with "spectool -g systemd.spec" # packit will always rewrite the first Source0 it finds, ignoring any conditionals so list # the fallback source that's used if neither %%branch nor %%commit are defined first. -%if %{undefined branch} && %{undefined commit} +%if %{with obs} +Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version}.tar.gz +%elif %{undefined branch} && %{undefined commit} Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %elif %{defined branch} Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz From be7a4d0863f5747ca49396db08fec55397d390c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 6 Aug 2025 08:56:51 +0200 Subject: [PATCH 448/494] Version 258~rc2 --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index f685aed..2cde49e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-258-rc1.tar.gz) = 4dff1d4de6deb085cfa6827208692fe84a3adfe04f048d7a88e6f980ce11afee3cc53f2e7f1bc878480f24a085c0acff84b64c150032dde235a279c742dbff08 +SHA512 (systemd-258-rc2.tar.gz) = d864f756fe3288f09b917498fc1a075abe0708f894ff9e5a8fd9d5204f76437e1539a168f55ef2542af33b6e3e9aba8567d0eadb11b936f57be40d209b678c92 diff --git a/systemd.spec b/systemd.spec index e15b511..2363513 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:258~rc1} +Version: %{?version_override}%{!?version_override:258~rc2} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From 1bdb4efe409c912031dba2e44ba5e2b92875cdb7 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 8 Aug 2025 01:59:13 +0100 Subject: [PATCH 449/494] obs: switch to xz for compression [skip changelog] --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 2363513..740cdd8 100644 --- a/systemd.spec +++ b/systemd.spec @@ -84,7 +84,7 @@ Summary: System and Service Manager # packit will always rewrite the first Source0 it finds, ignoring any conditionals so list # the fallback source that's used if neither %%branch nor %%commit are defined first. %if %{with obs} -Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version}.tar.gz +Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version}.tar.xz %elif %{undefined branch} && %{undefined commit} Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %elif %{defined branch} From 50936458a75224fab9b33c5abbae480d14f9bf16 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 8 Aug 2025 01:59:49 +0100 Subject: [PATCH 450/494] obs: move recipe files in place The RPM recipe files for SUSE and Fedora conflict and cannot be both unpacked at the same time (e.g.: triggers.systemd, systemd.spec, etc). The tarballs creation are unconditional. This means the same project build cannot build for both Fedora and SUSE. All other distros can co-habitate in the same project, so that a single repository checkout, single trigger, single everything is used. By storing the RPM recipe files in a separate directory it means they don't conflict anymore, and they are moved in place in the right recipe at the right time. This allows building fedora/suse/centos/debian/ubuntu/arch from a single project. [skip changelog] --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 740cdd8..50eff92 100644 --- a/systemd.spec +++ b/systemd.spec @@ -743,6 +743,8 @@ main systemd package and is meant for use in exitrds. %elif %{defined commit} %autosetup -n %{name}-%{commit} -p1 %elif %{with obs} +# Recipe files in the OBS build are in a distro-specific dir, as they conflict (e.g. with SUSE ones) +mv %{_sourcedir}/%{name}.fedora/* %{_sourcedir} %autosetup -n %{name}-%{version} -p1 %else %autosetup -n %{name}-%{version_no_tilde} -p1 From 1f5ed0da1f0b235e13a06a23fda53eae0d43a9d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 20 Aug 2025 17:01:17 +0200 Subject: [PATCH 451/494] Version 258~rc3 - A large number of fixes in various components - Hardware database and syscall numbers are updated --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 2cde49e..cc03c85 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-258-rc2.tar.gz) = d864f756fe3288f09b917498fc1a075abe0708f894ff9e5a8fd9d5204f76437e1539a168f55ef2542af33b6e3e9aba8567d0eadb11b936f57be40d209b678c92 +SHA512 (systemd-258-rc3.tar.gz) = 166ea5c16dbacdaff6ab205417a2d43a2df7aad4a69c933453beea3cc9a2ac584b147d4bb4bda00e56d8b7bc3db723a29a1818a53c475b494947a60f8608fbbc diff --git a/systemd.spec b/systemd.spec index 50eff92..4e18207 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:258~rc2} +Version: %{?version_override}%{!?version_override:258~rc3} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From 5acde9f1fd649ae82e9ee38e0be18947197dabec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 26 Aug 2025 15:15:17 +0200 Subject: [PATCH 452/494] Add workaround patch to hopefully pass podman CI tests --- 38724.patch | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++ systemd.spec | 2 ++ 2 files changed, 66 insertions(+) create mode 100644 38724.patch diff --git a/38724.patch b/38724.patch new file mode 100644 index 0000000..c639cd0 --- /dev/null +++ b/38724.patch @@ -0,0 +1,64 @@ +From 5bc3a82e81355a0aa1fd25bb6232145f868fac12 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 26 Aug 2025 15:00:02 +0200 +Subject: [PATCH] debug: disable ioctl(PIDFD_GET_INFO) + +In https://bodhi.fedoraproject.org/updates/FEDORA-2025-a0ce059969 it was +reported that the tests fail: + +> Rootless podman tests all show something like this eventually +> +> OCI runtime error: crun: join keyctl `7509a871d2ab7df6549f5cb5bd2d4daf990cc45c0022f116bd0882966ae53f30`: Disk quota exceeded +> +> Each container creates its own keyring but I assume they get leaked so at one +> point we run our of available keyrings and all following tests fail like +> that. Given I only see this on this update and from looking at the podman +> tests logs it only starts happening after we run a bunch of our own systemd +> services I wonder if systemd maybe leaks keyrings and thus it fails? + +After some very tediuos bisecting, I got the answer that +dcf0ef3f42b0ea12e199540a4088bd582875ddfa is the first bad commit. This doesn't +make much sense. I thought that maybe the answer is wrong somehow, or the fd we +pass in has problems, but everything seems to work correctly. Both +pidfd_get_pid_ioctl and pidfd_get_pid_fdinfo work fine and return the same +answer. Nevertheless, skipping the call to pidfd_get_pid_ioctl makes the +problem go away. + +bisection recipe: +1. compile systemd, systemd-executor, pam_systemd: + $ ninja -C build systemd systemd-executor pam_systemd.so + (Not all intermediate commits compile :) ) +2. use the compiled manager for the user running the tests: + # /etc/systemd/system/user@1000.service.d/override.conf + [Service] + ExecStart= + ExecStart=/home/fedora/src/systemd/build/systemd --user +3. install the new code: + # cp ~fedora/src/systemd/build/pam_systemd.so /usr/lib64/security/ && systemctl restart user@1000 +3. log out and log in again (via ssh) +4. run the test: + $ grep -Ec '[a-f0-9]{64}: empty' /proc/keys && podman run -it fedora date && grep -Ec '[a-f0-9]{64}: empty' /proc/keys + 17 + Tue Aug 26 12:47:44 UTC 2025 + 18 + +It seems that both the pam module and the user manager somehow matter. + +This smells like a kernel bug or some strange race condition. +--- + src/basic/pidfd-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/pidfd-util.c b/src/basic/pidfd-util.c +index 9910819aa79d9..b317be267f445 100644 +--- a/src/basic/pidfd-util.c ++++ b/src/basic/pidfd-util.c +@@ -74,7 +74,7 @@ int pidfd_get_namespace(int fd, unsigned long ns_type_cmd) { + } + + static int pidfd_get_info(int fd, struct pidfd_info *info) { +- static bool cached_supported = true; ++ static bool cached_supported = false; + + assert(fd >= 0); + assert(info); diff --git a/systemd.spec b/systemd.spec index 4e18207..a739a69 100644 --- a/systemd.spec +++ b/systemd.spec @@ -141,6 +141,8 @@ Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch + +Patch: https://github.com/systemd/systemd/pull/38724.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From 2289d65726d86bf523b1d565e274b15d8c978a3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 3 Sep 2025 08:02:02 +0200 Subject: [PATCH 453/494] Fix unit name in scriptlet [80/89] Installing systemd-udev-0:258~rc3-1.fc44.x86_64 >>> Running %post scriptlet: systemd-udev-0:258~rc3-1.fc44.x86_64 >>> Finished %post scriptlet: systemd-udev-0:258~rc3-1.fc44.x86_64 >>> Scriptlet output: >>> Failed to preset unit: Unit system-systemdx2dcryptsetup.slice does not exist --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index a739a69..8ec0b31 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1240,8 +1240,8 @@ systemctl --no-reload preset systemd-journald-audit.socket &>/dev/null || : sleep.target suspend-then-hibernate.target suspend.target - system-systemd\x2dcryptsetup.slice - system-systemd\x2dveritysetup.slice + system-systemd\\x2dcryptsetup.slice + system-systemd\\x2dveritysetup.slice systemd-backlight@.service systemd-binfmt.service systemd-bless-boot.service From 327e54e42196c4ed3d0655b40aabed492c75e2bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 4 Sep 2025 13:56:28 +0200 Subject: [PATCH 454/494] Add to patch to create userdb root directory with correct label The upstream PR was closed with the intent to force the SELinux policy to be updated instead. While we're waiting for that to happen, include the patch here. --- 38769.patch | 42 ++++++++++++++++++++++++++++++++++++++++++ systemd.spec | 4 ++++ 2 files changed, 46 insertions(+) create mode 100644 38769.patch diff --git a/38769.patch b/38769.patch new file mode 100644 index 0000000..35b50e4 --- /dev/null +++ b/38769.patch @@ -0,0 +1,42 @@ +From e4e1e425394dcef01317c42b34c133768c26b765 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Sat, 30 Aug 2025 13:55:56 +0200 +Subject: [PATCH] core: create userdb root directory with correct label + +Set up the /run/systemd/userdb directory with the default SELinux context +on creation. + +With version 257.7-1 on Debian the directory was automatically created with the +correct label. Starting with version 258 (only tested with 258~rc3-1) it no +longer is. Regression introduced in 736349958efe34089131ca88950e2e5bb391d36a. + +[zjs: edited the patch to apply comments from review and update the description.] +--- + src/core/varlink.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/core/varlink.c b/src/core/varlink.c +index 8c6b95e31d1d5..110b281842373 100644 +--- a/src/core/varlink.c ++++ b/src/core/varlink.c +@@ -6,6 +6,7 @@ + #include "errno-util.h" + #include "json-util.h" + #include "manager.h" ++#include "mkdir-label.h" + #include "path-util.h" + #include "pidref.h" + #include "string-util.h" +@@ -424,7 +425,11 @@ static int manager_varlink_init_system(Manager *m) { + if (!fresh && varlink_server_contains_socket(m->varlink_server, address)) + continue; + +- r = sd_varlink_server_listen_address(m->varlink_server, address, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); ++ r = mkdir_parents_label(address, 0755); ++ if (r < 0) ++ log_warning_errno(r, "Failed to create parent directory of '%s', ignoring: %m", address); ++ ++ r = sd_varlink_server_listen_address(m->varlink_server, address, 0666); + if (r < 0) + return log_error_errno(r, "Failed to bind to varlink socket '%s': %m", address); + } diff --git a/systemd.spec b/systemd.spec index 8ec0b31..cf580d0 100644 --- a/systemd.spec +++ b/systemd.spec @@ -143,6 +143,10 @@ Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch Patch: https://github.com/systemd/systemd/pull/30846.patch Patch: https://github.com/systemd/systemd/pull/38724.patch + +# userdb: create userdb root directory with correct label +# We can drop this after SELinux policy is updated to handle the transition. +Patch: https://github.com/systemd/systemd/pull/38769.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From b442086d5fc7c7a478be064ab380a50fed9b9c86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 5 Sep 2025 15:14:21 +0200 Subject: [PATCH 455/494] Version 258~rc4 --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index cc03c85..b6fda1a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-258-rc3.tar.gz) = 166ea5c16dbacdaff6ab205417a2d43a2df7aad4a69c933453beea3cc9a2ac584b147d4bb4bda00e56d8b7bc3db723a29a1818a53c475b494947a60f8608fbbc +SHA512 (systemd-258-rc4.tar.gz) = 2fa7e0b9e7deb449ecd4fd6e8a22b5cf896ac5662f3ac3ca04db34254d6fb6409582f996ad7fa065939241377268f9742e3ff3b75e9f55f98e3a6c48058d323a diff --git a/systemd.spec b/systemd.spec index cf580d0..edc747f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:258~rc3} +Version: %{?version_override}%{!?version_override:258~rc4} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From cceac934914337911c799174ac9dd96c881d5f66 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 12 Sep 2025 10:36:06 +0200 Subject: [PATCH 456/494] Pre-create /etc/userdb directory An admin can create users in this directory instead of /etc/passwd. As the .user file can contain hashed password, only root should be able to read the files. --- systemd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd.spec b/systemd.spec index edc747f..0ecedf4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1005,6 +1005,7 @@ touch %{buildroot}%{_sysconfdir}/machine-info touch %{buildroot}%{_sysconfdir}/localtime mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d touch %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/00-keyboard.conf +install -d -m 0700 %{buildroot}%{_sysconfdir}/userdb # Make sure the shutdown/sleep drop-in dirs exist mkdir -p %{buildroot}%{pkgdir}/system-shutdown/ From 8a446daec74122d234c39b7571dc50d3935ef6f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 17 Sep 2025 15:29:03 +0200 Subject: [PATCH 457/494] =?UTF-8?q?Version=20258=20=F0=9F=92=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - See https://raw.githubusercontent.com/systemd/systemd/v258/NEWS for the final list of changes. --- sources | 2 +- systemd.spec | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/sources b/sources index b6fda1a..68b70a3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-258-rc4.tar.gz) = 2fa7e0b9e7deb449ecd4fd6e8a22b5cf896ac5662f3ac3ca04db34254d6fb6409582f996ad7fa065939241377268f9742e3ff3b75e9f55f98e3a6c48058d323a +SHA512 (systemd-258.tar.gz) = c488354da1c170ad02e10926f561d1985c3c3393fec878562f295ef764fdf3a1b2877c3b2549253f19bf23e357be6e443a50b937f60f4677f286d3402d611b85 diff --git a/systemd.spec b/systemd.spec index 0ecedf4..04fcf73 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:258~rc4} +Version: %{?version_override}%{!?version_override:258} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif @@ -142,6 +142,7 @@ Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch +# Workaround for a kernel issue. Fixed in kernel-core-6.17.0-0.rc3.31.fc44.x86_64. Patch: https://github.com/systemd/systemd/pull/38724.patch # userdb: create userdb root directory with correct label From 88877a418450c16c1c85c680687da05f403af7bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 27 Sep 2025 14:37:48 +0300 Subject: [PATCH 458/494] Require systemd-networkd and systemd-udev to be in the same version ... (rhbz#2397579) In https://bugzilla.redhat.com/show_bug.cgi?id=2397579 users are doing a partial upgrade (seemingly) and that fails because of a file conflict. Add Conflicts to prevent such partial upgrades. --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 04fcf73..c1a8f7e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -469,6 +469,7 @@ Conflicts: systemd-timesyncd < %{version}-%{release} Obsoletes: systemd-timesyncd < %{version}-%{release} Provides: systemd-timesyncd = %{version}-%{release} %endif +Conflicts: systemd-networkd < %{version}-%{release} # Libkmod is used to load modules. Assume that if we need udevd, we certainly # want to load modules, so make this into a hard dependency here. @@ -643,6 +644,7 @@ systemd-journal-upload. Summary: System daemon that manages network configurations Requires: %{name}%{_isa} = %{version}-%{release} %{?fedora:Recommends: %{name}-udev = %{version}-%{release}} +Conflicts: systemd-udev < %{version}-%{release} License: LGPL-2.1-or-later %description networkd From a3e9e2798227f4811f4953204ae5e631ea1d9442 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 27 Sep 2025 14:40:28 +0300 Subject: [PATCH 459/494] Change '%{systemd}' to systemd in Conflicts/Provides/Requires/Recommends MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We were using both styles… Having a macro creates some mental overhead for little gain. Switch to the fixed string everywhere. [skip changelog] --- systemd.spec | 78 ++++++++++++++++++++++++++-------------------------- 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/systemd.spec b/systemd.spec index c1a8f7e..56933ed 100644 --- a/systemd.spec +++ b/systemd.spec @@ -274,16 +274,16 @@ Requires(post): grep # systemd-machine-id-setup requires libssl Requires(post): openssl-libs Requires: dbus >= 1.9.18 -Requires: %{name}-pam%{_isa} = %{version}-%{release} -Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) -Requires: %{name}-libs%{_isa} = %{version}-%{release} -%{?fedora:Recommends: %{name}-networkd = %{version}-%{release}} -%{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} -Requires: %{name}-shared%{_isa} = %{version}-%{release} +Requires: systemd-pam%{_isa} = %{version}-%{release} +Requires(meta): (systemd-rpm-macros = %{version}-%{release} if rpm-build) +Requires: systemd-libs%{_isa} = %{version}-%{release} +%{?fedora:Recommends: systemd-networkd = %{version}-%{release}} +%{?fedora:Recommends: systemd-resolved = %{version}-%{release}} +Requires: systemd-shared%{_isa} = %{version}-%{release} Requires: /usr/bin/systemd-sysusers # The standalone version doesn't Provide the _isa suffix, # so this biases towards the common version. -Recommends: %{name}-sysusers%{_isa} = %{version}-%{release} +Recommends: systemd-sysusers%{_isa} = %{version}-%{release} Recommends: diffutils Requires: (util-linux-core or util-linux) Requires: (libbpf >= 2:1.4.7 if libbpf) @@ -316,10 +316,10 @@ Conflicts: dracut < 060-2 Conflicts: dracut < 059-16 %endif -Conflicts: %{name}-standalone-tmpfiles -Provides: %{name}-tmpfiles = %{version}-%{release} -Conflicts: %{name}-standalone-shutdown -Provides: %{name}-shutdown = %{version}-%{release} +Conflicts: systemd-standalone-tmpfiles +Provides: systemd-tmpfiles = %{version}-%{release} +Conflicts: systemd-standalone-shutdown +Provides: systemd-shutdown = %{version}-%{release} %if "%{_sbindir}" == "%{_bindir}" # Compat symlinks for Requires in other packages. @@ -398,14 +398,14 @@ License: LGPL-2.1-or-later AND MIT # in 257.3-6 /usr/lib64/systemd/libsystemd-shared-257.2-14.fc42.so # was moved from package systemd to systemd-shared. # Add a conflit to allow downgrades across this change. -Conflicts: %{name} < 257.3-6 +Conflicts: systemd < 257.3-6 %description shared Internal libraries used by various systemd binaries. %package pam Summary: systemd PAM module -Requires: %{name} = %{version}-%{release} +Requires: systemd = %{version}-%{release} %description pam Systemd PAM module registers the session with systemd-logind. @@ -423,11 +423,11 @@ for information how to use those macros. %package sysusers Summary: systemd-sysusers program -Requires: %{name}-shared%{_isa} = %{version}-%{release} -Conflicts: %{name}-standalone-sysusers +Requires: systemd-shared%{_isa} = %{version}-%{release} +Conflicts: systemd-standalone-sysusers # in 257.3-6 /usr/bin/systemd-sysusers was moved from package systemd # to systemd-sysusers. Add a conflit to allow downgrades across this change. -Conflicts: %{name} < 257.3-6 +Conflicts: systemd < 257.3-6 %description sysusers This package contains the systemd-sysusers program. @@ -435,8 +435,8 @@ This package contains the systemd-sysusers program. %package devel Summary: Development headers for systemd License: LGPL-2.1-or-later AND MIT -Requires: %{name}-libs%{_isa} = %{version}-%{release} -Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) +Requires: systemd-libs%{_isa} = %{version}-%{release} +Requires(meta): (systemd-rpm-macros = %{version}-%{release} if rpm-build) Provides: libudev-devel = %{version} Provides: libudev-devel%{_isa} = %{version} @@ -503,8 +503,8 @@ Requires: kbd Provides: u2f-hidraw-policy = 1.0.2-40 Obsoletes: u2f-hidraw-policy < 1.0.2-40 -Conflicts: %{name}-standalone-repart -Provides: %{name}-repart = %{version}-%{release} +Conflicts: systemd-standalone-repart +Provides: systemd-repart = %{version}-%{release} # Newer versions of those are required to support X11 keycode remapping Conflicts: xorg-x11-drv-evdev < 2.11.0 @@ -529,7 +529,7 @@ machine, and to create or grow partitions and make file systems automatically. %package ukify Summary: Tool to build Unified Kernel Images -Requires: %{name} = %{noarch_requires_version} +Requires: systemd = %{noarch_requires_version} Requires: (systemd-boot if %{shrink:( filesystem(x86-32) or @@ -602,7 +602,7 @@ This package contains the signed version. %package container # Name is the same as in Debian Summary: Tools for containers and VMs -Requires: %{name}%{_isa} = %{version}-%{release} +Requires: systemd%{_isa} = %{version}-%{release} Requires(post): systemd%{_isa} = %{version}-%{release} Requires(preun): systemd%{_isa} = %{version}-%{release} Requires(postun): systemd%{_isa} = %{version}-%{release} @@ -625,11 +625,11 @@ systemd-machined, and systemd-importd. %package journal-remote # Name is the same as in Debian Summary: Tools to send journal events over the network -Requires: %{name}%{_isa} = %{version}-%{release} +Requires: systemd%{_isa} = %{version}-%{release} License: LGPL-2.1-or-later Requires: firewalld-filesystem -Provides: %{name}-journal-gateway = %{version}-%{release} -Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} +Provides: systemd-journal-gateway = %{version}-%{release} +Provides: systemd-journal-gateway%{_isa} = %{version}-%{release} # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) Suggests: libcurl-minimal @@ -642,8 +642,8 @@ systemd-journal-upload. %package networkd Summary: System daemon that manages network configurations -Requires: %{name}%{_isa} = %{version}-%{release} -%{?fedora:Recommends: %{name}-udev = %{version}-%{release}} +Requires: systemd%{_isa} = %{version}-%{release} +%{?fedora:Recommends: systemd-udev = %{version}-%{release}} Conflicts: systemd-udev < %{version}-%{release} License: LGPL-2.1-or-later @@ -654,7 +654,7 @@ devices. %package networkd-defaults Summary: Configure network interfaces with networkd by default -Requires: %{name}-networkd = %{noarch_requires_version} +Requires: systemd-networkd = %{noarch_requires_version} License: MIT-0 BuildArch: noarch @@ -665,7 +665,7 @@ enabled for this to have any effect. %package resolved Summary: Network Name Resolution manager -Requires: %{name}%{_isa} = %{version}-%{release} +Requires: systemd%{_isa} = %{version}-%{release} Requires: libidn2.so.0%{?elf_suffix} Requires: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} Requires(posttrans): grep @@ -677,7 +677,7 @@ resolver, as well as an LLMNR and MulticastDNS resolver and responder. %package oomd-defaults Summary: Configuration files for systemd-oomd -Requires: %{name}-udev = %{noarch_requires_version} +Requires: systemd-udev = %{noarch_requires_version} License: LGPL-2.1-or-later BuildArch: noarch @@ -687,10 +687,10 @@ a userspace out-of-memory (OOM) killer. %package tests Summary: Internal unit tests for systemd -Requires: %{name}%{_isa} = %{version}-%{release} +Requires: systemd%{_isa} = %{version}-%{release} # This dependency is provided transitively. Also add it explicitly to # appease rpminspect, https://github.com/rpminspect/rpminspect/issues/1231: -Requires: %{name}-libs%{_isa} = %{version}-%{release} +Requires: systemd-libs%{_isa} = %{version}-%{release} Requires: python3dist(psutil) License: LGPL-2.1-or-later @@ -701,8 +701,8 @@ Different binaries test different parts of the codebase. %package standalone-repart Summary: Standalone systemd-repart binary for use on systems without systemd -Provides: %{name}-repart = %{version}-%{release} -Conflicts: %{name}-udev +Provides: systemd-repart = %{version}-%{release} +Conflicts: systemd-udev Suggests: coreutils-single RemovePathPostfixes: .standalone @@ -713,8 +713,8 @@ main systemd package and is meant for use on systems without systemd. %package standalone-tmpfiles Summary: Standalone systemd-tmpfiles binary for use on systems without systemd -Provides: %{name}-tmpfiles = %{version}-%{release} -Conflicts: %{name} +Provides: systemd-tmpfiles = %{version}-%{release} +Conflicts: systemd Suggests: coreutils-single RemovePathPostfixes: .standalone @@ -725,7 +725,7 @@ main systemd package and is meant for use on systems without systemd. %package standalone-sysusers Summary: Standalone systemd-sysusers binary for use on systems without systemd -Provides: %{name}-sysusers = %{version}-%{release} +Provides: systemd-sysusers = %{version}-%{release} Suggests: coreutils-single RemovePathPostfixes: .standalone @@ -736,8 +736,8 @@ main systemd package and is meant for use on systems without systemd. %package standalone-shutdown Summary: Standalone systemd-shutdown binary for use in exitrds -Provides: %{name}-shutdown = %{version}-%{release} -Conflicts: %{name} +Provides: systemd-shutdown = %{version}-%{release} +Conflicts: systemd Suggests: coreutils-single RemovePathPostfixes: .standalone From 593a204189b195d530f5cc643465c7711dac7acf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 13 Oct 2025 17:09:52 +0200 Subject: [PATCH 460/494] Version 258.1 - This is the first (large) batch of fixes after v258: - fixes for boot loader and early boot code - fixes for systemd itself, systemd-udevd, systemd-logind, systemd-machined, and library code - unprivileged operation in systemd-machined is disabled for now - lots of documentation and shell-completion fixes - includes an hwdb update --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 68b70a3..6b4fe22 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-258.tar.gz) = c488354da1c170ad02e10926f561d1985c3c3393fec878562f295ef764fdf3a1b2877c3b2549253f19bf23e357be6e443a50b937f60f4677f286d3402d611b85 +SHA512 (systemd-258.1.tar.gz) = 0fd62724d4b9cc0789445f3072a7052f52533e2a928cb4a6c3d7375169d087f9cc3941f37c9f208c870042f4e32d90a17cfbb96930a31ac875b41aa7efac8f53 diff --git a/systemd.spec b/systemd.spec index 56933ed..1387788 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:258} +Version: %{?version_override}%{!?version_override:258.1} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From db38445a7ec7e885b070727cc489586e2e67ef21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 13 Oct 2025 17:15:42 +0200 Subject: [PATCH 461/494] Drop two patches with workaround (selinux, kernel) --- ...-PrivateTmp-disconnected-instead-of-.patch | 69 ------------------- 38724.patch | 64 ----------------- systemd.spec | 10 +-- 3 files changed, 1 insertion(+), 142 deletions(-) delete mode 100644 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch delete mode 100644 38724.patch diff --git a/0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch b/0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch deleted file mode 100644 index eca67f0..0000000 --- a/0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 0792bb7a9d25a1ab8a5f208f2f5cea8a362dc1c6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 10 Jan 2025 17:00:08 +0100 -Subject: [PATCH] Revert "units: use PrivateTmp=disconnected instead of 'yes' - if DefaultDependencies=no" - -This reverts commit 1f6e1928488d461d19fd1e4b4d645b0ea5ea8bf5. ---- - units/systemd-coredump@.service.in | 2 +- - units/systemd-oomd.service.in | 2 +- - units/systemd-resolved.service.in | 2 +- - units/systemd-timesyncd.service.in | 2 +- - 4 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in -index c74dc7a5a1..fa3206d07b 100644 ---- a/units/systemd-coredump@.service.in -+++ b/units/systemd-coredump@.service.in -@@ -26,7 +26,7 @@ NoNewPrivileges=yes - OOMScoreAdjust=500 - PrivateDevices=yes - PrivateNetwork=yes --PrivateTmp=disconnected -+PrivateTmp=yes - ProtectControlGroups=yes - ProtectHome=read-only - ProtectHostname=yes -diff --git a/units/systemd-oomd.service.in b/units/systemd-oomd.service.in -index 670d5e6140..82bd6245f8 100644 ---- a/units/systemd-oomd.service.in -+++ b/units/systemd-oomd.service.in -@@ -37,7 +37,7 @@ MemoryLow=64M - NoNewPrivileges=yes - OOMScoreAdjust=-900 - PrivateDevices=yes --PrivateTmp=disconnected -+PrivateTmp=yes - ProtectClock=yes - ProtectHome=yes - ProtectHostname=yes -diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in -index e181b2528a..4aa0788ac4 100644 ---- a/units/systemd-resolved.service.in -+++ b/units/systemd-resolved.service.in -@@ -29,7 +29,7 @@ LockPersonality=yes - MemoryDenyWriteExecute=yes - NoNewPrivileges=yes - PrivateDevices=yes --PrivateTmp=disconnected -+PrivateTmp=yes - ProtectClock=yes - ProtectControlGroups=yes - ProtectHome=yes -diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in -index 835d6327e7..cf233fbffd 100644 ---- a/units/systemd-timesyncd.service.in -+++ b/units/systemd-timesyncd.service.in -@@ -31,7 +31,7 @@ LockPersonality=yes - MemoryDenyWriteExecute=yes - NoNewPrivileges=yes - PrivateDevices=yes --PrivateTmp=disconnected -+PrivateTmp=yes - ProtectProc=invisible - ProtectControlGroups=yes - ProtectHome=yes --- -2.47.1 - diff --git a/38724.patch b/38724.patch deleted file mode 100644 index c639cd0..0000000 --- a/38724.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 5bc3a82e81355a0aa1fd25bb6232145f868fac12 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 26 Aug 2025 15:00:02 +0200 -Subject: [PATCH] debug: disable ioctl(PIDFD_GET_INFO) - -In https://bodhi.fedoraproject.org/updates/FEDORA-2025-a0ce059969 it was -reported that the tests fail: - -> Rootless podman tests all show something like this eventually -> -> OCI runtime error: crun: join keyctl `7509a871d2ab7df6549f5cb5bd2d4daf990cc45c0022f116bd0882966ae53f30`: Disk quota exceeded -> -> Each container creates its own keyring but I assume they get leaked so at one -> point we run our of available keyrings and all following tests fail like -> that. Given I only see this on this update and from looking at the podman -> tests logs it only starts happening after we run a bunch of our own systemd -> services I wonder if systemd maybe leaks keyrings and thus it fails? - -After some very tediuos bisecting, I got the answer that -dcf0ef3f42b0ea12e199540a4088bd582875ddfa is the first bad commit. This doesn't -make much sense. I thought that maybe the answer is wrong somehow, or the fd we -pass in has problems, but everything seems to work correctly. Both -pidfd_get_pid_ioctl and pidfd_get_pid_fdinfo work fine and return the same -answer. Nevertheless, skipping the call to pidfd_get_pid_ioctl makes the -problem go away. - -bisection recipe: -1. compile systemd, systemd-executor, pam_systemd: - $ ninja -C build systemd systemd-executor pam_systemd.so - (Not all intermediate commits compile :) ) -2. use the compiled manager for the user running the tests: - # /etc/systemd/system/user@1000.service.d/override.conf - [Service] - ExecStart= - ExecStart=/home/fedora/src/systemd/build/systemd --user -3. install the new code: - # cp ~fedora/src/systemd/build/pam_systemd.so /usr/lib64/security/ && systemctl restart user@1000 -3. log out and log in again (via ssh) -4. run the test: - $ grep -Ec '[a-f0-9]{64}: empty' /proc/keys && podman run -it fedora date && grep -Ec '[a-f0-9]{64}: empty' /proc/keys - 17 - Tue Aug 26 12:47:44 UTC 2025 - 18 - -It seems that both the pam module and the user manager somehow matter. - -This smells like a kernel bug or some strange race condition. ---- - src/basic/pidfd-util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/pidfd-util.c b/src/basic/pidfd-util.c -index 9910819aa79d9..b317be267f445 100644 ---- a/src/basic/pidfd-util.c -+++ b/src/basic/pidfd-util.c -@@ -74,7 +74,7 @@ int pidfd_get_namespace(int fd, unsigned long ns_type_cmd) { - } - - static int pidfd_get_info(int fd, struct pidfd_info *info) { -- static bool cached_supported = true; -+ static bool cached_supported = false; - - assert(fd >= 0); - assert(info); diff --git a/systemd.spec b/systemd.spec index 1387788..5bbc38d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -133,18 +133,10 @@ Patch: https://github.com/systemd/systemd/pull/26494.patch %if %{without upstream} # Those are downstream-only patches, but we don't want them in packit builds. -# Temporarily drop use of PrivateTmp=disconnected. This is causing failures -# in various places: -# https://bugzilla.redhat.com/show_bug.cgi?id=2334015 -# https://github.com/coreos/fedora-coreos-tracker/issues/1857 -Patch: 0001-Revert-units-use-PrivateTmp-disconnected-instead-of-.patch - +# Create user journals for users with high UIDs # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch -# Workaround for a kernel issue. Fixed in kernel-core-6.17.0-0.rc3.31.fc44.x86_64. -Patch: https://github.com/systemd/systemd/pull/38724.patch - # userdb: create userdb root directory with correct label # We can drop this after SELinux policy is updated to handle the transition. Patch: https://github.com/systemd/systemd/pull/38769.patch From 79c9db1bc8f2f0c95cc8af38c5b495c815778b2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 15 Oct 2025 13:54:29 +0200 Subject: [PATCH 462/494] Require systemd-libs and systemd-shared to be in the same version ... (rhbz#2404143) --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index 5bbc38d..166d95b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -380,6 +380,7 @@ Summary: systemd libraries License: LGPL-2.1-or-later AND MIT Provides: nss-myhostname = 0.4 Provides: nss-myhostname%{_isa} = 0.4 +Conflicts: systemd-shared < %{version}-%{release} %description libs Libraries for systemd and udev. @@ -391,6 +392,7 @@ License: LGPL-2.1-or-later AND MIT # was moved from package systemd to systemd-shared. # Add a conflit to allow downgrades across this change. Conflicts: systemd < 257.3-6 +Conflicts: systemd-libs < %{version}-%{release} %description shared Internal libraries used by various systemd binaries. From 2e1a6c7474502ca63c677cd7070b6e13e6329057 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Zaoral?= Date: Mon, 20 Oct 2025 16:00:31 +0200 Subject: [PATCH 463/494] Require python3-zstandard in ELN Related: https://issues.redhat.com/browse/RHEL-103523 --- systemd.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 166d95b..be35a41 100644 --- a/systemd.spec +++ b/systemd.spec @@ -532,9 +532,7 @@ Requires: (systemd-boot if %{shrink:( filesystem(riscv64) )}) Requires: python3dist(pefile) -%if 0%{?fedora} Requires: python3dist(zstandard) -%endif Requires: python3dist(cryptography) %if 0%{?fedora} Recommends: python3dist(pillow) From f8932309d95f37b0f81c54a8d38010ced60ae99b Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 21 Oct 2025 13:06:49 +0200 Subject: [PATCH 464/494] Drop backwards compat logic from integration tests script --- plans/run-integration-tests.sh | 60 ++++++++-------------------------- 1 file changed, 14 insertions(+), 46 deletions(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 9a90fa7..46ea433 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -17,9 +17,9 @@ sysctl fs.inotify.max_user_watches=65536 || true sysctl fs.inotify.max_user_instances=1024 || true if [[ -n "${KOJI_TASK_ID:-}" ]]; then - koji download-task --noprogress --arch="src,noarch,$(rpm --eval '%{_arch}')" "$KOJI_TASK_ID" + koji download-task --noprogress --arch="noarch,$(rpm --eval '%{_arch}')" "$KOJI_TASK_ID" elif [[ -n "${CBS_TASK_ID:-}" ]]; then - cbs download-task --noprogress --arch="src,noarch,$(rpm --eval '%{_arch}')" "$CBS_TASK_ID" + cbs download-task --noprogress --arch="noarch,$(rpm --eval '%{_arch}')" "$CBS_TASK_ID" elif [[ -n "${PACKIT_SRPM_URL:-}" ]]; then COPR_BUILD_ID="$(basename "$(dirname "$PACKIT_SRPM_URL")")" COPR_CHROOT="$(basename "$(dirname "$(dirname "$PACKIT_BUILD_LOG_URL")")")" @@ -32,21 +32,12 @@ fi PACKAGEDIR="$PWD" -# TODO: Remove fallback once v257.6 is released. Also stop downloading source rpms then. - # This will match both the regular and the debuginfo rpm so make sure we select only the # non-debuginfo rpm. RPMS=(systemd-tests-*.rpm) rpm2cpio "${RPMS[0]}" | cpio --make-directories --extract -if [[ -d usr/lib/systemd/tests/mkosi ]]; then - pushd usr/lib/systemd/tests - mkosi_hash="$(grep "MinimumVersion=commit:" mkosi/mkosi.conf | sed "s|MinimumVersion=commit:||g")" -else - mkdir systemd - rpm2cpio systemd-*.src.rpm | cpio --to-stdout --extract './*.tar.gz' | tar xz --strip-components=1 -C systemd - pushd systemd - mkosi_hash="$(grep systemd/mkosi@ .github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" -fi +pushd usr/lib/systemd/tests +mkosi_hash="$(grep "MinimumVersion=commit:" mkosi/mkosi.conf | sed "s|MinimumVersion=commit:||g")" # Now prepare mkosi at the same version required by the systemd repo. git clone https://github.com/systemd/mkosi /var/tmp/systemd-integration-tests-mkosi @@ -57,13 +48,7 @@ export PATH="/var/tmp/systemd-integration-tests-mkosi/bin:$PATH" # shellcheck source=/dev/null . /etc/os-release || . /usr/lib/os-release -if [[ -d mkosi ]]; then - LOCAL_CONF=mkosi/mkosi.local.conf -else - LOCAL_CONF=mkosi.local.conf -fi - -tee "$LOCAL_CONF" < Date: Thu, 23 Oct 2025 20:40:58 +0200 Subject: [PATCH 465/494] Require systemd-rpm-macros for build We use our own macros. They get pulled into the buildroot in Fedora builds, but we shouldn't rely on this. In OBS builds, they are not pulled in and the build fails. --- systemd.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systemd.spec b/systemd.spec index be35a41..f1a8d6c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -161,6 +161,9 @@ BuildRequires: libselinux-devel BuildRequires: audit-libs-devel %if %{without bootstrap} BuildRequires: cryptsetup-devel +# Require (previous version) of our macros package. +# We use the %%systemd_{post,preun,…} macros for various services. +BuildRequires: systemd-rpm-macros %endif BuildRequires: dbus-devel BuildRequires: util-linux From ea1d871ecd6c2fe063523840c1e4cf9bcf200e32 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 29 Oct 2025 10:32:12 +0100 Subject: [PATCH 466/494] Add missing networkd socket units systemd-networkd-resolve-hook.socket will be introduced by https://github.com/systemd/systemd/pull/39293 but we need the spec to handle the socket for the upgrade/downgrade test to pass so adding it early behind the upstream bcond. --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index f1a8d6c..b433af5 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1374,6 +1374,8 @@ fi %global networkd_services %{shrink: systemd-networkd.service systemd-networkd.socket + systemd-networkd-varlink.socket + %[%{with upstream}?"systemd-networkd-resolve-hook.socket":""] systemd-networkd-wait-online.service systemd-network-generator.service systemd-networkd-persistent-storage.service From 1d3b89210552dcc25f89519045fb54439176ac25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 23 Oct 2025 23:36:16 +0200 Subject: [PATCH 467/494] Enable sysupdate and sysupdated The files will land in the -udev subpackage. --- split-files.py | 1 + systemd.spec | 2 ++ 2 files changed, 3 insertions(+) diff --git a/split-files.py b/split-files.py index 8405956..38bde60 100644 --- a/split-files.py +++ b/split-files.py @@ -245,6 +245,7 @@ for file in files(buildroot): sysctl| coredump| homed|home1| + sysupdate|updatctl| oomd| portabled|portable1 ''', n, re.X): # coredumpctl, homectl, portablectl are included in the main package because diff --git a/systemd.spec b/systemd.spec index b433af5..9e756a3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -832,6 +832,8 @@ CONFIGURE_OPTS=( -Dlibfido2=enabled -Dxenctrl=%[0%{?have_xen}?"enabled":"disabled"] -Defi=true + -Dsysupdate=enabled + -Dsysupdated=enabled -Dtpm=true -Dtpm2=enabled -Dhwdb=true From dffbf2beba916ad79eeb2ccff9768ab48855a2eb Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 3 Nov 2025 11:17:40 +0100 Subject: [PATCH 468/494] Make sure fallback source is listed first 2ace9416e85dd4759f7c0db4bb79d2bc9302dd77 broke packit as the fallback url wasn't listed first anymore. Make sure the fallback URL is listed first again as clearly documented just above the conditionals. --- systemd.spec | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index 9e756a3..ce57011 100644 --- a/systemd.spec +++ b/systemd.spec @@ -82,15 +82,15 @@ Summary: System and Service Manager # download tarballs with "spectool -g systemd.spec" # packit will always rewrite the first Source0 it finds, ignoring any conditionals so list -# the fallback source that's used if neither %%branch nor %%commit are defined first. -%if %{with obs} -Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version}.tar.xz -%elif %{undefined branch} && %{undefined commit} +# the fallback source that's used if neither %%branch, %%commit or %%obs are defined first. +%if %{undefined branch} && %{undefined commit} && %{without obs} Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %elif %{defined branch} Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz %elif %{defined commit} Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{commit}.tar.gz +%elif %{with obs} +Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version}.tar.xz %endif # This file must be available before %%prep. # It is generated during systemd build and can be found at build/src/rpm/triggers.systemd.sh. From 8e2833a5b64f7e2ce62ea0a2d0ec9e393e718dfa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Nov 2025 12:08:50 +0100 Subject: [PATCH 469/494] Automatically figure out the name of the top-level tar dir --- systemd.spec | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/systemd.spec b/systemd.spec index ce57011..fcb9a44 100644 --- a/systemd.spec +++ b/systemd.spec @@ -742,18 +742,15 @@ library or other libraries from systemd-libs. This package conflicts with the main systemd package and is meant for use in exitrds. %prep -%if %{defined branch} -%autosetup -n %{name}-%{branch} -p1 -%elif %{defined commit} -%autosetup -n %{name}-%{commit} -p1 -%elif %{with obs} +%if %{with obs} # Recipe files in the OBS build are in a distro-specific dir, as they conflict (e.g. with SUSE ones) mv %{_sourcedir}/%{name}.fedora/* %{_sourcedir} -%autosetup -n %{name}-%{version} -p1 -%else -%autosetup -n %{name}-%{version_no_tilde} -p1 %endif +# Automatically figure out the name of the top-level directory. +# rpm really should do this automatically. +%autosetup -n %(tar -tf %{SOURCE0} | head -n1) -p1 + # Disable user lockdown until rpm implements it natively. # https://github.com/rpm-software-management/rpm/issues/3450 sed -r -i 's/^u!/u/' sysusers.d/*.conf* From fe18084a0583d134e424d70acb341860e69e8540 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 3 Nov 2025 14:33:02 +0100 Subject: [PATCH 470/494] Remove hack to stop systemd-networkd-resolve-hook.socket This didn't end up working, so drop the hack as we have a better fix coming up in https://github.com/systemd/systemd/pull/39415. --- systemd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index fcb9a44..24abac1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1374,7 +1374,6 @@ fi systemd-networkd.service systemd-networkd.socket systemd-networkd-varlink.socket - %[%{with upstream}?"systemd-networkd-resolve-hook.socket":""] systemd-networkd-wait-online.service systemd-network-generator.service systemd-networkd-persistent-storage.service From b17d9c3474f6cd4c07e01ffdfedf6a93c157d859 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 4 Nov 2025 16:18:12 +0100 Subject: [PATCH 471/494] Use %autosetup -C This is supported since rpm 4.20 but not advertised much. --- systemd.spec | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index 24abac1..3356f27 100644 --- a/systemd.spec +++ b/systemd.spec @@ -747,9 +747,7 @@ main systemd package and is meant for use in exitrds. mv %{_sourcedir}/%{name}.fedora/* %{_sourcedir} %endif -# Automatically figure out the name of the top-level directory. -# rpm really should do this automatically. -%autosetup -n %(tar -tf %{SOURCE0} | head -n1) -p1 +%autosetup -C -p1 # Disable user lockdown until rpm implements it natively. # https://github.com/rpm-software-management/rpm/issues/3450 From 256463d69051665ea25d584a35ea817f94e18a41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 5 Nov 2025 17:55:32 +0100 Subject: [PATCH 472/494] Restore runlevelX.target units ... (rhbz#2411195) --- ...vert-units-drop-runlevel-0-6-.target.patch | 87 +++++++++++++++++++ systemd.spec | 4 + 2 files changed, 91 insertions(+) create mode 100644 0001-Revert-units-drop-runlevel-0-6-.target.patch diff --git a/0001-Revert-units-drop-runlevel-0-6-.target.patch b/0001-Revert-units-drop-runlevel-0-6-.target.patch new file mode 100644 index 0000000..4180211 --- /dev/null +++ b/0001-Revert-units-drop-runlevel-0-6-.target.patch @@ -0,0 +1,87 @@ +From 27f4f96c4e56744ecbffec0595236e1441278804 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 5 Nov 2025 17:52:16 +0100 +Subject: [PATCH] Revert "units: drop runlevel[0-6].target" + +This partially reverts commit e58ba80a40fb6e96543d56774a5bc5aa9cdadbf3. +The unit are still needed for compat. +--- + units/meson.build | 27 ++++++++++++++++++++++----- + 1 file changed, 22 insertions(+), 5 deletions(-) + +diff --git a/units/meson.build b/units/meson.build +index 4f47a3b2bd..34b3222f11 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -1,5 +1,7 @@ + # SPDX-License-Identifier: LGPL-2.1-or-later + ++with_runlevels = conf.get('HAVE_SYSV_COMPAT') == 1 ++ + units = [ + { 'file' : 'basic.target' }, + { 'file' : 'blockdev@.target' }, +@@ -49,7 +51,7 @@ units = [ + }, + { + 'file' : 'graphical.target', +- 'symlinks' : ['default.target'], ++ 'symlinks' : ['default.target'] + (with_runlevels ? ['runlevel5.target'] : []), + }, + { 'file' : 'halt.target' }, + { +@@ -142,14 +144,20 @@ units = [ + 'conditions' : ['ENABLE_MACHINED'], + }, + { 'file' : 'modprobe@.service' }, +- { 'file' : 'multi-user.target' }, ++ { ++ 'file' : 'multi-user.target', ++ 'symlinks' : with_runlevels ? ['runlevel2.target', 'runlevel3.target', 'runlevel4.target'] : [], ++ }, + { 'file' : 'network-online.target' }, + { 'file' : 'network-pre.target' }, + { 'file' : 'network.target' }, + { 'file' : 'nss-lookup.target' }, + { 'file' : 'nss-user-lookup.target' }, + { 'file' : 'paths.target' }, +- { 'file' : 'poweroff.target' }, ++ { ++ 'file' : 'poweroff.target', ++ 'symlinks' : with_runlevels ? ['runlevel0.target'] : [], ++ }, + { 'file' : 'printer.target' }, + { + 'file' : 'proc-sys-fs-binfmt_misc.automount', +@@ -174,7 +182,7 @@ units = [ + }, + { + 'file' : 'reboot.target', +- 'symlinks' : ['ctrl-alt-del.target'], ++ 'symlinks' : ['ctrl-alt-del.target'] + (with_runlevels ? ['runlevel6.target'] : []), + }, + { + 'file' : 'remote-cryptsetup.target', +@@ -194,7 +202,10 @@ units = [ + 'symlinks' : ['initrd-root-device.target.wants/'], + }, + { 'file' : 'rescue.service.in' }, +- { 'file' : 'rescue.target' }, ++ { ++ 'file' : 'rescue.target', ++ 'symlinks' : with_runlevels ? ['runlevel1.target'] : [], ++ }, + { 'file' : 'rpcbind.target' }, + { 'file' : 'serial-getty@.service.in' }, + { 'file' : 'shutdown.target' }, +@@ -972,4 +983,10 @@ else + dbussessionservicedir / 'org.freedesktop.systemd1.service')) + endif + ++if conf.get('HAVE_SYSV_COMPAT') == 1 ++ foreach i : [1, 2, 3, 4, 5] ++ install_emptydir(systemunitdir / 'runlevel@0@.target.wants'.format(i)) ++ endforeach ++endif ++ + subdir('user') diff --git a/systemd.spec b/systemd.spec index 3356f27..c8fcbfb 100644 --- a/systemd.spec +++ b/systemd.spec @@ -137,6 +137,10 @@ Patch: https://github.com/systemd/systemd/pull/26494.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 Patch: https://github.com/systemd/systemd/pull/30846.patch +# Again create runlevelX.target. Dropping those files breaks upgrades. +# https://bugzilla.redhat.com/show_bug.cgi?id=2411195 +Patch: 0001-Revert-units-drop-runlevel-0-6-.target.patch + # userdb: create userdb root directory with correct label # We can drop this after SELinux policy is updated to handle the transition. Patch: https://github.com/systemd/systemd/pull/38769.patch From 1a7506a1051c8361714463825b83febcb04b5639 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 7 Nov 2025 14:02:48 +0100 Subject: [PATCH 473/494] Version 258.2 - A bunch of fixes in many components. - Stop creating user namespace for system services (rhbz#2391343) - Systemd trigger scriptlets are updated --- sources | 2 +- systemd.spec | 2 +- triggers.systemd | 30 ++++++++++++++---------------- 3 files changed, 16 insertions(+), 18 deletions(-) diff --git a/sources b/sources index 6b4fe22..a9f4297 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-258.1.tar.gz) = 0fd62724d4b9cc0789445f3072a7052f52533e2a928cb4a6c3d7375169d087f9cc3941f37c9f208c870042f4e32d90a17cfbb96930a31ac875b41aa7efac8f53 +SHA512 (systemd-258.2.tar.gz) = 1dc016a5a037aec2682e08d2add0dcf8d03db15b45ce8c6b677898f734aefd4694ce18e588d579e42514071fc4c167b2bf53808478b2bd3856b257c9fbcde45d diff --git a/systemd.spec b/systemd.spec index c8fcbfb..f5fbd50 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:258.1} +Version: %{?version_override}%{!?version_override:258.2} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif diff --git a/triggers.systemd b/triggers.systemd index f8bb078..28ddc1f 100644 --- a/triggers.systemd +++ b/triggers.systemd @@ -9,17 +9,17 @@ # # Minimum rpm version supported: 4.14.0 -%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system +%transfiletriggerin -P 900900 -- /usr/lib/systemd/system/ /etc/systemd/system/ # This script will run after any package is initially installed or # upgraded. We care about the case where a package is initially # installed, because other cases are covered by the *un scriptlets, # so sometimes we will reload needlessly. /usr/lib/systemd/systemd-update-helper system-reload-restart || : -%transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user +%transfiletriggerin -P 900899 -- /usr/lib/systemd/user/ /etc/systemd/user/ /usr/lib/systemd/systemd-update-helper user-reload-restart || : -%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system +%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system/ /etc/systemd/system/ # On removal, we need to run daemon-reload after any units have been # removed. # On upgrade, we need to run daemon-reload after any new unit files @@ -27,35 +27,35 @@ # executed. /usr/lib/systemd/systemd-update-helper system-reload || : -%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user +%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user/ /etc/systemd/user/ # Execute daemon-reload in user managers. /usr/lib/systemd/systemd-update-helper user-reload || : -%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system +%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system/ /etc/systemd/system/ # We restart remaining system services that should be restarted here. /usr/lib/systemd/systemd-update-helper system-restart || : -%transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user /etc/systemd/user +%transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user/ /etc/systemd/user/ # We restart remaining user services that should be restarted here. /usr/lib/systemd/systemd-update-helper user-restart || : -%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d +%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d/ # This script will process files installed in /usr/lib/sysusers.d to create # specified users automatically. The priority is set such that it # will run before the tmpfiles file trigger. systemd-sysusers || : -%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d +%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d/ # This script will automatically invoke hwdb update if files have been # installed or updated in /usr/lib/udev/hwdb.d. systemd-hwdb update || : -%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog +%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog/ # This script will automatically invoke journal catalog update if files # have been installed or updated in /usr/lib/systemd/catalog. journalctl --update-catalog || : -%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d +%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d/ # This script will automatically apply binfmt rules if files have been # installed or updated in /usr/lib/binfmt.d. if test -d "/run/systemd/system"; then @@ -64,7 +64,7 @@ if test -d "/run/systemd/system"; then /usr/lib/systemd/systemd-binfmt || : fi -%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d +%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d/ # This script will process files installed in /usr/lib/tmpfiles.d to create # tmpfiles automatically. The priority is set such that it will run # after the sysusers file trigger, but before any other triggers. @@ -72,14 +72,12 @@ if test -d "/run/systemd/system"; then systemd-tmpfiles --create || : fi -%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d +%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d/ # This script will automatically update udev with new rules if files # have been installed or updated in /usr/lib/udev/rules.d. -if test -e /run/udev/control; then - udevadm control --reload || : -fi +/usr/lib/systemd/systemd-update-helper mark-reload-system-units systemd-udevd.service || : -%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d +%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d/ # This script will automatically apply sysctl rules if files have been # installed or updated in /usr/lib/sysctl.d. if test -d "/run/systemd/system"; then From e455d82fd898e87fbd4cc848437a6582fdcab7f6 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 25 Sep 2025 10:34:15 +0200 Subject: [PATCH 474/494] Add various extra explicit Requires Upstream is moving towards making a lot more libraries dlopen() style dependencies. Let's make sure to add these as Requires to corresponding packages so they still get pulled in. --- systemd.spec | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/systemd.spec b/systemd.spec index f5fbd50..03acb85 100644 --- a/systemd.spec +++ b/systemd.spec @@ -333,6 +333,12 @@ Provides: /usr/sbin/shutdown Provides: /usr/sbin/telinit %endif +# libmount is always required, even in containers, so make it a hard dependency. +Requires: libmount.so.1%{?elf_suffix} +Requires: libmount.so.1(MOUNT_2.26)%{?elf_bits} +# Various systemd services have syscall filters so make libseccomp a hard dependency. +Requires: libseccomp.so.2%{?elf_suffix} + # Recommends to replace normal Requires deps for stuff that is dlopen()ed Recommends: libxkbcommon.so.0%{?elf_suffix} Recommends: libidn2.so.0%{?elf_suffix} @@ -476,6 +482,9 @@ Conflicts: systemd-networkd < %{version}-%{release} # want to load modules, so make this into a hard dependency here. Requires: libkmod.so.2%{?elf_suffix} Requires: libkmod.so.2(LIBKMOD_5)%{?elf_bits} +# udev uses libblkid in various builtins so make it a hard dependency. +Requires: libblkid.so.1%{?elf_suffix} +Requires: libblkid.so.1(BLKID_2.30)%{?elf_bits} # Recommends to replace normal Requires deps for stuff that is dlopen()ed # used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home From a0acca210d8f62039d6a419431f9b198fddc4302 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 17 Nov 2025 20:39:22 +0100 Subject: [PATCH 475/494] Version 259~rc1 - See https://raw.githubusercontent.com/systemd/systemd/v259-rc1/NEWS. Too many changes to list or discuss here. --- ...vert-units-drop-runlevel-0-6-.target.patch | 19 ++++++++++--------- 38769.patch | 10 +++++----- sources | 2 +- systemd.spec | 2 +- 4 files changed, 17 insertions(+), 16 deletions(-) diff --git a/0001-Revert-units-drop-runlevel-0-6-.target.patch b/0001-Revert-units-drop-runlevel-0-6-.target.patch index 4180211..5a4dacd 100644 --- a/0001-Revert-units-drop-runlevel-0-6-.target.patch +++ b/0001-Revert-units-drop-runlevel-0-6-.target.patch @@ -1,4 +1,4 @@ -From 27f4f96c4e56744ecbffec0595236e1441278804 Mon Sep 17 00:00:00 2001 +From 5b18cc5d62e6225c373aa36f6ff9a8f3539387e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 5 Nov 2025 17:52:16 +0100 Subject: [PATCH] Revert "units: drop runlevel[0-6].target" @@ -10,7 +10,7 @@ The unit are still needed for compat. 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/units/meson.build b/units/meson.build -index 4f47a3b2bd..34b3222f11 100644 +index 2e04c4aa2b..46eaac4073 100644 --- a/units/meson.build +++ b/units/meson.build @@ -1,5 +1,7 @@ @@ -30,7 +30,7 @@ index 4f47a3b2bd..34b3222f11 100644 }, { 'file' : 'halt.target' }, { -@@ -142,14 +144,20 @@ units = [ +@@ -142,7 +144,10 @@ units = [ 'conditions' : ['ENABLE_MACHINED'], }, { 'file' : 'modprobe@.service' }, @@ -39,9 +39,10 @@ index 4f47a3b2bd..34b3222f11 100644 + 'file' : 'multi-user.target', + 'symlinks' : with_runlevels ? ['runlevel2.target', 'runlevel3.target', 'runlevel4.target'] : [], + }, - { 'file' : 'network-online.target' }, - { 'file' : 'network-pre.target' }, - { 'file' : 'network.target' }, + { + 'file' : 'systemd-mute-console.socket', + 'symlinks' : ['sockets.target.wants/'] +@@ -155,7 +160,10 @@ units = [ { 'file' : 'nss-lookup.target' }, { 'file' : 'nss-user-lookup.target' }, { 'file' : 'paths.target' }, @@ -53,7 +54,7 @@ index 4f47a3b2bd..34b3222f11 100644 { 'file' : 'printer.target' }, { 'file' : 'proc-sys-fs-binfmt_misc.automount', -@@ -174,7 +182,7 @@ units = [ +@@ -180,7 +188,7 @@ units = [ }, { 'file' : 'reboot.target', @@ -62,7 +63,7 @@ index 4f47a3b2bd..34b3222f11 100644 }, { 'file' : 'remote-cryptsetup.target', -@@ -194,7 +202,10 @@ units = [ +@@ -200,7 +208,10 @@ units = [ 'symlinks' : ['initrd-root-device.target.wants/'], }, { 'file' : 'rescue.service.in' }, @@ -74,7 +75,7 @@ index 4f47a3b2bd..34b3222f11 100644 { 'file' : 'rpcbind.target' }, { 'file' : 'serial-getty@.service.in' }, { 'file' : 'shutdown.target' }, -@@ -972,4 +983,10 @@ else +@@ -1001,4 +1012,10 @@ else dbussessionservicedir / 'org.freedesktop.systemd1.service')) endif diff --git a/38769.patch b/38769.patch index 35b50e4..09a7423 100644 --- a/38769.patch +++ b/38769.patch @@ -1,4 +1,4 @@ -From e4e1e425394dcef01317c42b34c133768c26b765 Mon Sep 17 00:00:00 2001 +From 00d70f36a0866660693347009446b7f872a05bf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Sat, 30 Aug 2025 13:55:56 +0200 Subject: [PATCH] core: create userdb root directory with correct label @@ -16,18 +16,18 @@ longer is. Regression introduced in 736349958efe34089131ca88950e2e5bb391d36a. 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/core/varlink.c b/src/core/varlink.c -index 8c6b95e31d1d5..110b281842373 100644 +index 99f12c59e5..71a8ffd0e5 100644 --- a/src/core/varlink.c +++ b/src/core/varlink.c -@@ -6,6 +6,7 @@ +@@ -5,6 +5,7 @@ + #include "constants.h" #include "errno-util.h" - #include "json-util.h" #include "manager.h" +#include "mkdir-label.h" #include "path-util.h" #include "pidref.h" #include "string-util.h" -@@ -424,7 +425,11 @@ static int manager_varlink_init_system(Manager *m) { +@@ -441,7 +442,11 @@ static int manager_varlink_init_system(Manager *m) { if (!fresh && varlink_server_contains_socket(m->varlink_server, address)) continue; diff --git a/sources b/sources index a9f4297..752c9ae 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-258.2.tar.gz) = 1dc016a5a037aec2682e08d2add0dcf8d03db15b45ce8c6b677898f734aefd4694ce18e588d579e42514071fc4c167b2bf53808478b2bd3856b257c9fbcde45d +SHA512 (systemd-259-rc1.tar.gz) = 18a4305e0577647993dacf2369f374af5af67268c62aa49eb93680b6bb7986bd6d48f00328d20913c8eaa8204f4cbe47296e5087688290ae46910b909b307042 diff --git a/systemd.spec b/systemd.spec index 03acb85..4645686 100644 --- a/systemd.spec +++ b/systemd.spec @@ -68,7 +68,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:258.2} +Version: %{?version_override}%{!?version_override:259~rc1} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From 044cff4700898340708ff684614f48e3b3faec9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 17 Nov 2025 21:20:23 +0100 Subject: [PATCH 476/494] Allow empower group This will need to be patched into setup. --- systemd.spec | 5 +++-- test_sysusers_defined.py | 7 +++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index 4645686..f49d0cc 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1116,12 +1116,13 @@ mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ # We skip this on upstream builds so that new users and groups # can be added without breaking the build. %if 0%{?fedora} >= 43 -%{python3} %{SOURCE4} /usr/lib/sysusers.d/setup.conf %{buildroot}/usr/lib/sysusers.d/basic.conf +IGNORED=empower \ + %{python3} %{SOURCE4} /usr/lib/sysusers.d/setup.conf %{buildroot}/usr/lib/sysusers.d/basic.conf %else %{python3} %{SOURCE4} /usr/lib/sysusers.d/20-setup-{users,groups}.conf %{buildroot}/usr/lib/sysusers.d/basic.conf %endif %endif -rm %{buildroot}/usr/lib/sysusers.d/basic.conf +sed -n -r -i '1,7p; /can .do.|empower/p' %{buildroot}/usr/lib/sysusers.d/basic.conf %endif # Disable sshd_config.d/20-systemd-userdb.conf for now. diff --git a/test_sysusers_defined.py b/test_sysusers_defined.py index f6358fb..3c1e04f 100755 --- a/test_sysusers_defined.py +++ b/test_sysusers_defined.py @@ -1,5 +1,6 @@ #!/usr/bin/python +import os import sys def parse_sysusers_file(filename): @@ -30,7 +31,9 @@ for arg in sys.argv[1:-1]: basic_users, basic_groups = parse_sysusers_file(sys.argv[-1]) -if d := basic_users - setup_users: +ignored = set(os.getenv('IGNORED', '').split()) + +if d := basic_users - setup_users - ignored: exit(f'We have new users: {d}') -if d := basic_groups - setup_groups: +if d := basic_groups - setup_groups - ignored: exit(f'We have new groups: {d}') From f9916b6fd1399261371c7fb1255a2be4dc8c4a25 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 20 Nov 2025 13:37:45 +0100 Subject: [PATCH 477/494] Revert "Use %autosetup -C" This effectively reverts commit b17d9c3474f6cd4c07e01ffdfedf6a93c157d859. --- systemd.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index f49d0cc..f4c1b30 100644 --- a/systemd.spec +++ b/systemd.spec @@ -760,7 +760,9 @@ main systemd package and is meant for use in exitrds. mv %{_sourcedir}/%{name}.fedora/* %{_sourcedir} %endif -%autosetup -C -p1 +# Automatically figure out the name of the top-level directory. +# TODO: Use %%autosetup -C once we can depend on rpm >= 4.20. +%autosetup -n %(tar -tf %{SOURCE0} | head -n1) -p1 # Disable user lockdown until rpm implements it natively. # https://github.com/rpm-software-management/rpm/issues/3450 From 12f95f807fef5075a8842dd107f83b4c41d5ac26 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 20 Nov 2025 14:11:10 +0100 Subject: [PATCH 478/494] Wrap %autosetup in %_build_in_place check The shell expansion we use to determine the top-level directory will get expanded even if we don't execute %prep, so add a %_build_in_place check to make sure we don't try to search for the top-level directory if --build-in-place is set. --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index f4c1b30..868b09b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -762,7 +762,9 @@ mv %{_sourcedir}/%{name}.fedora/* %{_sourcedir} # Automatically figure out the name of the top-level directory. # TODO: Use %%autosetup -C once we can depend on rpm >= 4.20. +%if %{undefined _build_in_place} %autosetup -n %(tar -tf %{SOURCE0} | head -n1) -p1 +%endif # Disable user lockdown until rpm implements it natively. # https://github.com/rpm-software-management/rpm/issues/3450 From 9ac8c363070586c41877b782d1c7f1b408a1f0ec Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 19 Nov 2025 23:13:54 +0100 Subject: [PATCH 479/494] Set meson auto features to auto when building for upstream We don't want new options to be forcefully enabled if we don't have the dependencies available. --- systemd.spec | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/systemd.spec b/systemd.spec index 868b09b..eda018e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -38,6 +38,11 @@ # that depend on libcryptsetup (e.g. libcryptsetup-plugins, homed) %if %{with bootstrap} %global __meson_auto_features disabled +# If we're building for upstream, don't unconditionally enable all +# new features as new features might be introduced for which we're +# missing build dependencies. +%elif %{with upstream} +%global __meson_auto_features auto %endif # Override %%autorelease. This is ugly, but rpmautospec doesn't implement From ddb6474e949910c9c6972f96862551f41902fc58 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Fri, 21 Nov 2025 15:07:07 +0100 Subject: [PATCH 480/494] Drop provides for removed sysvinit tools ... (rhbz#2413557) --- systemd.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index eda018e..3afd8bc 100644 --- a/systemd.spec +++ b/systemd.spec @@ -333,9 +333,7 @@ Provides: /usr/sbin/halt Provides: /usr/sbin/init Provides: /usr/sbin/poweroff Provides: /usr/sbin/reboot -Provides: /usr/sbin/runlevel Provides: /usr/sbin/shutdown -Provides: /usr/sbin/telinit %endif # libmount is always required, even in containers, so make it a hard dependency. From 33b38cdbc74dadf280448a0693677595cb78f4c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 26 Nov 2025 15:29:29 +0100 Subject: [PATCH 481/494] Suppress errors from tar MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Without this, 'spectool -g …' will print to the console. [skip changelog] --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 3afd8bc..50f58c0 100644 --- a/systemd.spec +++ b/systemd.spec @@ -766,7 +766,7 @@ mv %{_sourcedir}/%{name}.fedora/* %{_sourcedir} # Automatically figure out the name of the top-level directory. # TODO: Use %%autosetup -C once we can depend on rpm >= 4.20. %if %{undefined _build_in_place} -%autosetup -n %(tar -tf %{SOURCE0} | head -n1) -p1 +%autosetup -n %(tar -tf %{SOURCE0} 2>/dev/null | head -n1) -p1 %endif # Disable user lockdown until rpm implements it natively. From 7e409130ee736cfe54b8d03a94b7d53b2e0d9f89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 26 Nov 2025 15:47:05 +0100 Subject: [PATCH 482/494] Version 259~rc2 This has a bunch of fixes for various issues reported with -rc1, in particular varlink socket communication. --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 752c9ae..d50c204 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-259-rc1.tar.gz) = 18a4305e0577647993dacf2369f374af5af67268c62aa49eb93680b6bb7986bd6d48f00328d20913c8eaa8204f4cbe47296e5087688290ae46910b909b307042 +SHA512 (systemd-259-rc2.tar.gz) = 667fe1deff5020f751f3721472f2b3a1dfc32e3d10a78b5efd1673b7a42b3d445ab504687e6cd2f42dc5cbfc5c42ba3a435939ec5957c9e73833486112f9bd91 diff --git a/systemd.spec b/systemd.spec index 50f58c0..38eccf6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -73,7 +73,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:259~rc1} +Version: %{?version_override}%{!?version_override:259~rc2} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From 0289127dae861518d708cf1a3b83e0745a303630 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 26 Nov 2025 22:35:50 +0100 Subject: [PATCH 483/494] Patch machined to continue after selinux denial --- ...cription-to-varlink-server-unify-err.patch | 53 +++++++++++++++++++ ...continue-without-resolve.hook-socket.patch | 30 +++++++++++ systemd.spec | 4 ++ 3 files changed, 87 insertions(+) create mode 100644 0001-machined-add-description-to-varlink-server-unify-err.patch create mode 100644 0002-machined-continue-without-resolve.hook-socket.patch diff --git a/0001-machined-add-description-to-varlink-server-unify-err.patch b/0001-machined-add-description-to-varlink-server-unify-err.patch new file mode 100644 index 0000000..27f0e38 --- /dev/null +++ b/0001-machined-add-description-to-varlink-server-unify-err.patch @@ -0,0 +1,53 @@ +From b984311d5c993d4d90c67b225b68b115301b565a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 26 Nov 2025 22:11:24 +0100 +Subject: [PATCH 1/2] machined: add description to varlink server, unify error + messages + +manager_varlink_init_resolve_hook and +manager_varlink_init_userdb are very similar, but one +didn't set a description and the other one had an error message +which didn't print the offending path. +--- + src/machine/machined-varlink.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c +index f4714c545d..cf87065443 100644 +--- a/src/machine/machined-varlink.c ++++ b/src/machine/machined-varlink.c +@@ -745,6 +745,8 @@ static int manager_varlink_init_userdb(Manager *m) { + if (r < 0) + return log_error_errno(r, "Failed to allocate varlink server object: %m"); + ++ (void) sd_varlink_server_set_description(s, "varlink-userdb"); ++ + r = sd_varlink_server_add_interface(s, &vl_interface_io_systemd_UserDatabase); + if (r < 0) + return log_error_errno(r, "Failed to add UserDatabase interface to varlink server: %m"); +@@ -757,9 +759,10 @@ static int manager_varlink_init_userdb(Manager *m) { + if (r < 0) + return log_error_errno(r, "Failed to register varlink methods: %m"); + +- r = sd_varlink_server_listen_address(s, "/run/systemd/userdb/io.systemd.Machine", 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); ++ const char *path = "/run/systemd/userdb/io.systemd.Machine"; ++ r = sd_varlink_server_listen_address(s, path, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); + if (r < 0) +- return log_error_errno(r, "Failed to bind to varlink socket '/run/systemd/userdb/io.systemd.Machine': %m"); ++ return log_error_errno(r, "Failed to bind to varlink socket %s: %m", path); + + r = sd_varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); + if (r < 0) +@@ -889,9 +892,10 @@ static int manager_varlink_init_resolve_hook(Manager *m) { + if (r < 0) + return log_error_errno(r, "Failed to bind on resolve hook disconnection events: %m"); + +- r = sd_varlink_server_listen_address(s, "/run/systemd/resolve.hook/io.systemd.Machine", 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); ++ const char *path = "/run/systemd/resolve.hook/io.systemd.Machine"; ++ r = sd_varlink_server_listen_address(s, path, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); + if (r < 0) +- return log_error_errno(r, "Failed to bind to varlink socket: %m"); ++ return log_error_errno(r, "Failed to bind to varlink socket %s: %m", path); + + r = sd_varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); + if (r < 0) diff --git a/0002-machined-continue-without-resolve.hook-socket.patch b/0002-machined-continue-without-resolve.hook-socket.patch new file mode 100644 index 0000000..f1c12e0 --- /dev/null +++ b/0002-machined-continue-without-resolve.hook-socket.patch @@ -0,0 +1,30 @@ +From 74f2ac66b118a7f5d0fb0d9b4444f951466cd30d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 26 Nov 2025 22:29:53 +0100 +Subject: [PATCH 2/2] machined: continue without resolve.hook socket + +--- + src/machine/machined-varlink.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c +index cf87065443..bae0577122 100644 +--- a/src/machine/machined-varlink.c ++++ b/src/machine/machined-varlink.c +@@ -894,8 +894,14 @@ static int manager_varlink_init_resolve_hook(Manager *m) { + + const char *path = "/run/systemd/resolve.hook/io.systemd.Machine"; + r = sd_varlink_server_listen_address(s, path, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); +- if (r < 0) +- return log_error_errno(r, "Failed to bind to varlink socket %s: %m", path); ++ if (r < 0) { ++ bool ignore = ERRNO_IS_NEG_PRIVILEGE(r); ++ log_full_errno(ignore ? LOG_WARNING : LOG_ERR, ++ r, ++ "Failed to bind to varlink socket %s%s: %m", ++ path, ignore ? ", ignoring" : ""); ++ return ignore ? 0 : r; ++ } + + r = sd_varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); + if (r < 0) diff --git a/systemd.spec b/systemd.spec index 38eccf6..0949cb1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -149,6 +149,10 @@ Patch: 0001-Revert-units-drop-runlevel-0-6-.target.patch # userdb: create userdb root directory with correct label # We can drop this after SELinux policy is updated to handle the transition. Patch: https://github.com/systemd/systemd/pull/38769.patch + +# Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2415701 +Patch: 0001-machined-add-description-to-varlink-server-unify-err.patch +Patch: 0002-machined-continue-without-resolve.hook-socket.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64 From b562e38e22a8e558de31947d2ba08b17458f5385 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 28 Nov 2025 12:50:05 +0100 Subject: [PATCH 484/494] Fix use of removed $LOCAL_CONF variable Follow up for f8932309d95f37b0f81c54a8d38010ced60ae99b [skip changelog] --- plans/run-integration-tests.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 46ea433..e3f0059 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -66,7 +66,7 @@ WithTests=yes EOF if [[ -n "${MKOSI_REPOSITORIES:-}" ]]; then - tee --append "$LOCAL_CONF" < Date: Fri, 28 Nov 2025 14:52:38 +0100 Subject: [PATCH 485/494] Check if --max-lines is supported by meson --- plans/run-integration-tests.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index e3f0059..9e7f83e 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -105,14 +105,19 @@ mkosi summary mkosi -f box -- true mkosi box -- meson setup build integration-tests/standalone mkosi -f +if [[ "$(mkosi box -- meson test --help)" == *"--max-lines"* ]]; then + MAX_LINES=(--max-lines 300) +else + MAX_LINES=() +fi mkosi box -- \ meson test \ -C build \ --setup=integration \ --print-errorlogs \ --no-stdsplit \ - --max-lines 300 \ - --num-processes "$NPROC" && EC=0 || EC=$? + --num-processes "$NPROC" \ + "${MAX_LINES[@]}" && EC=0 || EC=$? [[ -d build/meson-logs ]] && find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \; [[ -d build/test/journal ]] && find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \; From bf8019c840e86edf4371b7b1d0ce9968bb99515f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 10 Dec 2025 22:55:22 +0100 Subject: [PATCH 486/494] Version 259~rc3 Various fixes for various issues reported with -rc2. --- ...vert-units-drop-runlevel-0-6-.target.patch | 4 +- ...cription-to-varlink-server-unify-err.patch | 53 ------------------- ...continue-without-resolve.hook-socket.patch | 22 ++++---- sources | 2 +- systemd.spec | 3 +- 5 files changed, 16 insertions(+), 68 deletions(-) delete mode 100644 0001-machined-add-description-to-varlink-server-unify-err.patch diff --git a/0001-Revert-units-drop-runlevel-0-6-.target.patch b/0001-Revert-units-drop-runlevel-0-6-.target.patch index 5a4dacd..faf8341 100644 --- a/0001-Revert-units-drop-runlevel-0-6-.target.patch +++ b/0001-Revert-units-drop-runlevel-0-6-.target.patch @@ -1,7 +1,7 @@ -From 5b18cc5d62e6225c373aa36f6ff9a8f3539387e0 Mon Sep 17 00:00:00 2001 +From 61750e265ce3f7783a8dba831e91140f84ad89f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 5 Nov 2025 17:52:16 +0100 -Subject: [PATCH] Revert "units: drop runlevel[0-6].target" +Subject: [PATCH 1/3] Revert "units: drop runlevel[0-6].target" This partially reverts commit e58ba80a40fb6e96543d56774a5bc5aa9cdadbf3. The unit are still needed for compat. diff --git a/0001-machined-add-description-to-varlink-server-unify-err.patch b/0001-machined-add-description-to-varlink-server-unify-err.patch deleted file mode 100644 index 27f0e38..0000000 --- a/0001-machined-add-description-to-varlink-server-unify-err.patch +++ /dev/null @@ -1,53 +0,0 @@ -From b984311d5c993d4d90c67b225b68b115301b565a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 26 Nov 2025 22:11:24 +0100 -Subject: [PATCH 1/2] machined: add description to varlink server, unify error - messages - -manager_varlink_init_resolve_hook and -manager_varlink_init_userdb are very similar, but one -didn't set a description and the other one had an error message -which didn't print the offending path. ---- - src/machine/machined-varlink.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c -index f4714c545d..cf87065443 100644 ---- a/src/machine/machined-varlink.c -+++ b/src/machine/machined-varlink.c -@@ -745,6 +745,8 @@ static int manager_varlink_init_userdb(Manager *m) { - if (r < 0) - return log_error_errno(r, "Failed to allocate varlink server object: %m"); - -+ (void) sd_varlink_server_set_description(s, "varlink-userdb"); -+ - r = sd_varlink_server_add_interface(s, &vl_interface_io_systemd_UserDatabase); - if (r < 0) - return log_error_errno(r, "Failed to add UserDatabase interface to varlink server: %m"); -@@ -757,9 +759,10 @@ static int manager_varlink_init_userdb(Manager *m) { - if (r < 0) - return log_error_errno(r, "Failed to register varlink methods: %m"); - -- r = sd_varlink_server_listen_address(s, "/run/systemd/userdb/io.systemd.Machine", 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); -+ const char *path = "/run/systemd/userdb/io.systemd.Machine"; -+ r = sd_varlink_server_listen_address(s, path, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); - if (r < 0) -- return log_error_errno(r, "Failed to bind to varlink socket '/run/systemd/userdb/io.systemd.Machine': %m"); -+ return log_error_errno(r, "Failed to bind to varlink socket %s: %m", path); - - r = sd_varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); - if (r < 0) -@@ -889,9 +892,10 @@ static int manager_varlink_init_resolve_hook(Manager *m) { - if (r < 0) - return log_error_errno(r, "Failed to bind on resolve hook disconnection events: %m"); - -- r = sd_varlink_server_listen_address(s, "/run/systemd/resolve.hook/io.systemd.Machine", 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); -+ const char *path = "/run/systemd/resolve.hook/io.systemd.Machine"; -+ r = sd_varlink_server_listen_address(s, path, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); - if (r < 0) -- return log_error_errno(r, "Failed to bind to varlink socket: %m"); -+ return log_error_errno(r, "Failed to bind to varlink socket %s: %m", path); - - r = sd_varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); - if (r < 0) diff --git a/0002-machined-continue-without-resolve.hook-socket.patch b/0002-machined-continue-without-resolve.hook-socket.patch index f1c12e0..2903c5e 100644 --- a/0002-machined-continue-without-resolve.hook-socket.patch +++ b/0002-machined-continue-without-resolve.hook-socket.patch @@ -1,28 +1,30 @@ -From 74f2ac66b118a7f5d0fb0d9b4444f951466cd30d Mon Sep 17 00:00:00 2001 +From 8d6d86d1d7e45eeae921e88adde55d6524027c96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 26 Nov 2025 22:29:53 +0100 -Subject: [PATCH 2/2] machined: continue without resolve.hook socket +Subject: [PATCH 3/3] machined: continue without resolve.hook socket --- - src/machine/machined-varlink.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) + src/machine/machined-varlink.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c -index cf87065443..bae0577122 100644 +index f83cbb8562..0b30cd0531 100644 --- a/src/machine/machined-varlink.c +++ b/src/machine/machined-varlink.c -@@ -894,8 +894,14 @@ static int manager_varlink_init_resolve_hook(Manager *m) { +@@ -894,9 +894,15 @@ static int manager_varlink_init_resolve_hook(Manager *m) { - const char *path = "/run/systemd/resolve.hook/io.systemd.Machine"; - r = sd_varlink_server_listen_address(s, path, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); + r = sd_varlink_server_listen_address(s, VARLINK_PATH_MACHINED_RESOLVE_HOOK, + 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); - if (r < 0) -- return log_error_errno(r, "Failed to bind to varlink socket %s: %m", path); +- return log_error_errno(r, "Failed to bind to varlink socket %s: %m", +- VARLINK_PATH_MACHINED_RESOLVE_HOOK); + if (r < 0) { + bool ignore = ERRNO_IS_NEG_PRIVILEGE(r); + log_full_errno(ignore ? LOG_WARNING : LOG_ERR, + r, + "Failed to bind to varlink socket %s%s: %m", -+ path, ignore ? ", ignoring" : ""); ++ VARLINK_PATH_MACHINED_RESOLVE_HOOK, ++ ignore ? ", ignoring" : ""); + return ignore ? 0 : r; + } diff --git a/sources b/sources index d50c204..6c92dff 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-259-rc2.tar.gz) = 667fe1deff5020f751f3721472f2b3a1dfc32e3d10a78b5efd1673b7a42b3d445ab504687e6cd2f42dc5cbfc5c42ba3a435939ec5957c9e73833486112f9bd91 +SHA512 (systemd-259-rc3.tar.gz) = 31f979204e0db13233b766bf0956fb02f8f1165c00eb6721d833a28e59eaa3929c624542a61313cd254bcaefc206cbf562f252f8c94a78c332333852fbbbbb2b diff --git a/systemd.spec b/systemd.spec index 0949cb1..ab31da9 100644 --- a/systemd.spec +++ b/systemd.spec @@ -73,7 +73,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:259~rc2} +Version: %{?version_override}%{!?version_override:259~rc3} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif @@ -151,7 +151,6 @@ Patch: 0001-Revert-units-drop-runlevel-0-6-.target.patch Patch: https://github.com/systemd/systemd/pull/38769.patch # Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2415701 -Patch: 0001-machined-add-description-to-varlink-server-unify-err.patch Patch: 0002-machined-continue-without-resolve.hook-socket.patch %endif From 4f5b5a961543cc907a48f24cc6647fa100679139 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 18 Dec 2025 10:34:39 +0100 Subject: [PATCH 487/494] Version 259 - Some bugfixes since -rc3, in particular in the area of image creation and loading of libraries --- sources | 2 +- systemd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 6c92dff..af6ddf0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-259-rc3.tar.gz) = 31f979204e0db13233b766bf0956fb02f8f1165c00eb6721d833a28e59eaa3929c624542a61313cd254bcaefc206cbf562f252f8c94a78c332333852fbbbbb2b +SHA512 (systemd-259.tar.gz) = ef46b13661df43e3cfbeee1bc22f0b1eb902e8ebe39c19868c465efd08b35a199c2a2cd9d8021a6bc4d692fa0c6e0eab3f13eecd6ce24dde81d3945464a25b50 diff --git a/systemd.spec b/systemd.spec index ab31da9..0cc5357 100644 --- a/systemd.spec +++ b/systemd.spec @@ -73,7 +73,7 @@ Url: https://systemd.io # But don't do that on OBS, otherwise the version subst fails, and will be # like 257-123-gabcd257.1 instead of 257-123-gabcd %if %{without obs} -Version: %{?version_override}%{!?version_override:259~rc3} +Version: %{?version_override}%{!?version_override:259} %else Version: %{?version_override}%{!?version_override:%(cat meson.version)} %endif From 0c8ea706f96b053bcf38856d3c517e78805f1519 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 1 Dec 2025 13:26:24 +0100 Subject: [PATCH 488/494] Fix links to patches These patches were modified downstream yet the links were never updated [skip changelog] --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 0cc5357..f20339f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -140,7 +140,7 @@ Patch: https://github.com/systemd/systemd/pull/26494.patch # Create user journals for users with high UIDs # https://bugzilla.redhat.com/show_bug.cgi?id=2251843 -Patch: https://github.com/systemd/systemd/pull/30846.patch +Patch: 30846.patch # Again create runlevelX.target. Dropping those files breaks upgrades. # https://bugzilla.redhat.com/show_bug.cgi?id=2411195 @@ -148,7 +148,7 @@ Patch: 0001-Revert-units-drop-runlevel-0-6-.target.patch # userdb: create userdb root directory with correct label # We can drop this after SELinux policy is updated to handle the transition. -Patch: https://github.com/systemd/systemd/pull/38769.patch +Patch: 38769.patch # Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2415701 Patch: 0002-machined-continue-without-resolve.hook-socket.patch From 56377438ba63df532f6e77874b942dc641544ed0 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 19 Dec 2025 00:10:52 +0000 Subject: [PATCH 489/494] Disable sysinit-path for upstream builds [skip changelog] --- systemd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd.spec b/systemd.spec index f20339f..d3117a1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -805,7 +805,9 @@ VMLINUX_H_PATH=$(%python3 -c '%find_vmlinux_h') CONFIGURE_OPTS=( -Dmode=release -Dslow-tests=true +%if %{without upstream} -Dsysvinit-path=/etc/rc.d/init.d +%endif -Drc-local=/etc/rc.d/rc.local -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' -Ddns-servers= From cac8dde28a1298bbc2bee40e9ab3b9308392f691 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 19 Dec 2025 11:40:52 +0100 Subject: [PATCH 490/494] test: Allow passing in extra tests to skip via TEST_SKIP [skip changelog] --- plans/run-integration-tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh index 9e7f83e..6d2ee37 100755 --- a/plans/run-integration-tests.sh +++ b/plans/run-integration-tests.sh @@ -98,7 +98,7 @@ fi # This test is only really useful if we're building with sanitizers and takes a long time, so let's skip it # for now. -export TEST_SKIP="TEST-21-DFUZZER" +export TEST_SKIP="TEST-21-DFUZZER ${TEST_SKIP:-}" mkosi genkey mkosi summary From c0520291971673fd0c64ff3cbaf2ac344db2a3c8 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 19 Dec 2025 16:17:01 +0100 Subject: [PATCH 491/494] Drop libcap-devel BuildRequires Not required anymore since v259. --- systemd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index d3117a1..d4088d9 100644 --- a/systemd.spec +++ b/systemd.spec @@ -163,7 +163,6 @@ BuildRequires: gcc-c++ BuildRequires: clang BuildRequires: coreutils BuildRequires: rpmdevtools -BuildRequires: libcap-devel BuildRequires: libmount-devel BuildRequires: libfdisk-devel BuildRequires: libpwquality-devel From 67538c79f250eecbd904aa87e72a44cb3b5ef6f4 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 19 Dec 2025 16:17:26 +0100 Subject: [PATCH 492/494] Make dbus and systemd-pam recommended dependencies Neither dbus nor pam are required in the initrd so let's make both recommended dependencies instead of required dependencies so that we can build initrds without either of them getting pulled in. --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index d4088d9..9122e0f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -279,8 +279,8 @@ Requires(post): coreutils Requires(post): grep # systemd-machine-id-setup requires libssl Requires(post): openssl-libs -Requires: dbus >= 1.9.18 -Requires: systemd-pam%{_isa} = %{version}-%{release} +Recommends: dbus >= 1.9.18 +Recommends: systemd-pam%{_isa} = %{version}-%{release} Requires(meta): (systemd-rpm-macros = %{version}-%{release} if rpm-build) Requires: systemd-libs%{_isa} = %{version}-%{release} %{?fedora:Recommends: systemd-networkd = %{version}-%{release}} From 399885597ce9f7cc63673c3369086021f0b01176 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 20 Dec 2025 18:35:48 +0100 Subject: [PATCH 493/494] Revert "Disable sysinit-path for upstream builds" This reverts commit 56377438ba63df532f6e77874b942dc641544ed0. Dropping of the option currently doesn't disable anything, it just moves the file. I don't think we gain anything by moving the file and actually this causes problems [1], so let's just return to status quo ante. [1] file /etc/init.d conflicts between attempted installs of systemd-259.999+69+g6ceb76bfc-2548.1.x86_64 and chkconfig-1.33-3.fc44.x86_64 [skip changelog] --- systemd.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 9122e0f..af79bf0 100644 --- a/systemd.spec +++ b/systemd.spec @@ -804,9 +804,7 @@ VMLINUX_H_PATH=$(%python3 -c '%find_vmlinux_h') CONFIGURE_OPTS=( -Dmode=release -Dslow-tests=true -%if %{without upstream} -Dsysvinit-path=/etc/rc.d/init.d -%endif -Drc-local=/etc/rc.d/rc.local -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' -Ddns-servers= From f353d244fd5a7bb972ab1bb0884a5e8ccc8b4faf Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Mon, 12 Jan 2026 16:22:10 +0100 Subject: [PATCH 494/494] Add 2 patches for automatic aarch64 DTB selection change --- ...rel-section-when-os-release-is-empty.patch | 112 ++++++++++++++++++ ...inter-deref-when-there-are-no-initrd.patch | 51 ++++++++ systemd.spec | 6 + 3 files changed, 169 insertions(+) create mode 100644 0003-ukify-omit-.osrel-section-when-os-release-is-empty.patch create mode 100644 0004-stub-Fix-NULL-pointer-deref-when-there-are-no-initrd.patch diff --git a/0003-ukify-omit-.osrel-section-when-os-release-is-empty.patch b/0003-ukify-omit-.osrel-section-when-os-release-is-empty.patch new file mode 100644 index 0000000..5f4a1dd --- /dev/null +++ b/0003-ukify-omit-.osrel-section-when-os-release-is-empty.patch @@ -0,0 +1,112 @@ +From 75890d949f92c412c0936b8536b2e0dc8f7dfb40 Mon Sep 17 00:00:00 2001 +From: Nick Rosbrook +Date: Fri, 19 Dec 2025 11:01:49 -0500 +Subject: [PATCH] ukify: omit .osrel section when --os-release= is empty + +The primary motivation for this is to allow users of ukify to build +UKI-like objects, without having them later be detected as a UKI by +tools like kernel-install and bootctl. + +The common code used by these tools to determine if a PE binary is a UKI +checks that both .osrel and .linux sections are present. Hence, adding +a mechansim to skip .osrel provides a way to avoid being labeled a UKI. +--- + man/ukify.xml | 5 ++++- + src/ukify/test/test_ukify.py | 15 +++++++++++---- + src/ukify/ukify.py | 10 +++++++++- + 3 files changed, 24 insertions(+), 6 deletions(-) + +diff --git a/man/ukify.xml b/man/ukify.xml +index 829761642d..7462c5c92f 100644 +--- a/man/ukify.xml ++++ b/man/ukify.xml +@@ -365,7 +365,10 @@ + The os-release description (the .osrel section). The argument + may be a literal string, or @ followed by a path name. If not specified, the + os-release5 file +- will be picked up from the host system. ++ will be picked up from the host system. If explicitly set to an empty string, the ".osrel" section ++ is omitted from the UKI (this is not recommended in most cases, and causes the resulting artifact ++ to not be recognized as a UKI by other tools like kernel-install ++ and bootctl). + + + +diff --git a/src/ukify/test/test_ukify.py b/src/ukify/test/test_ukify.py +index f75ef0c891..224a38569f 100755 +--- a/src/ukify/test/test_ukify.py ++++ b/src/ukify/test/test_ukify.py +@@ -641,7 +641,7 @@ def test_efi_signing_pesign(kernel_initrd, tmp_path): + + shutil.rmtree(tmp_path) + +-def test_inspect(kernel_initrd, tmp_path, capsys): ++def test_inspect(kernel_initrd, tmp_path, capsys, osrel=True): + if kernel_initrd is None: + pytest.skip('linux+initrd not found') + if not shutil.which('sbsign'): +@@ -653,7 +653,7 @@ def test_inspect(kernel_initrd, tmp_path, capsys): + + output = f'{tmp_path}/signed2.efi' + uname_arg='1.2.3' +- osrel_arg='Linux' ++ osrel_arg='Linux' if osrel else '' + cmdline_arg='ARG1 ARG2 ARG3' + + args = [ +@@ -680,8 +680,12 @@ def test_inspect(kernel_initrd, tmp_path, capsys): + + text = capsys.readouterr().out + +- expected_osrel = f'.osrel:\n size: {len(osrel_arg)}' +- assert expected_osrel in text ++ if osrel: ++ expected_osrel = f'.osrel:\n size: {len(osrel_arg)}' ++ assert expected_osrel in text ++ else: ++ assert '.osrel:' not in text ++ + expected_cmdline = f'.cmdline:\n size: {len(cmdline_arg)}' + assert expected_cmdline in text + expected_uname = f'.uname:\n size: {len(uname_arg)}' +@@ -694,6 +698,9 @@ def test_inspect(kernel_initrd, tmp_path, capsys): + + shutil.rmtree(tmp_path) + ++def test_inspect_no_osrel(kernel_initrd, tmp_path, capsys): ++ test_inspect(kernel_initrd, tmp_path, capsys, osrel=False) ++ + @pytest.mark.skipif(not slow_tests, reason='slow') + def test_pcr_signing(kernel_initrd, tmp_path): + if kernel_initrd is None: +diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py +index c98f8e2a5d..b7542c7eca 100755 +--- a/src/ukify/ukify.py ++++ b/src/ukify/ukify.py +@@ -1477,6 +1477,9 @@ def make_uki(opts: UkifyConfig) -> None: + '.profile', + } + ++ if not opts.os_release: ++ to_import.remove('.osrel') ++ + for profile in opts.join_profiles: + pe = pefile.PE(profile, fast_load=True) + prev_len = len(uki.sections) +@@ -2412,7 +2415,12 @@ def finalize_options(opts: argparse.Namespace) -> None: + + opts.os_release = resolve_at_path(opts.os_release) + +- if not opts.os_release and opts.linux: ++ if opts.os_release == '': ++ # If --os-release= with an empty string was passed, treat that as ++ # explicitly disabling the .osrel section, and do not fallback to the ++ # system's os-release files. ++ pass ++ elif opts.os_release is None and opts.linux: + p = Path('/etc/os-release') + if not p.exists(): + p = Path('/usr/lib/os-release') +-- +2.52.0 + diff --git a/0004-stub-Fix-NULL-pointer-deref-when-there-are-no-initrd.patch b/0004-stub-Fix-NULL-pointer-deref-when-there-are-no-initrd.patch new file mode 100644 index 0000000..d6f362f --- /dev/null +++ b/0004-stub-Fix-NULL-pointer-deref-when-there-are-no-initrd.patch @@ -0,0 +1,51 @@ +From e57e599e6b11039ab6484e5622b3deae20bfd678 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Mon, 12 Jan 2026 14:56:36 +0100 +Subject: [PATCH] stub: Fix NULL pointer deref when there are no initrds + +When n_all_initrds == 0, then all_initrds is unmodified from its initial +value of: + + _cleanup_free_ struct iovec *all_initrds = NULL; + +and in the else block of the "if (n_all_initrds > 1)" the NULL is +dereferenced: + + final_initrd = all_initrds[0]; + +Leading to the stub crashing due to a NULL pointer deref. + +Fix this by initializing final_initrd to all 0s and only +running the else block if (n_all_initrds == 1). +--- + src/boot/stub.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/boot/stub.c b/src/boot/stub.c +index 06ecbc7d18..65950262c6 100644 +--- a/src/boot/stub.c ++++ b/src/boot/stub.c +@@ -1302,9 +1302,9 @@ static EFI_STATUS run(EFI_HANDLE image) { + + /* Combine the initrds into one */ + _cleanup_pages_ Pages initrd_pages = {}; +- struct iovec final_initrd; ++ struct iovec final_initrd = {}; + if (n_all_initrds > 1) { +- /* There will always be a base initrd, if this counter is higher, we need to combine them */ ++ /* If there is more then 1 initrd we need to combine them */ + err = combine_initrds(all_initrds, n_all_initrds, &initrd_pages, &final_initrd.iov_len); + if (err != EFI_SUCCESS) + return err; +@@ -1313,7 +1313,7 @@ static EFI_STATUS run(EFI_HANDLE image) { + + /* Given these might be large let's free them explicitly before we pass control to Linux */ + initrds_free(&initrds); +- } else ++ } else if (n_all_initrds == 1) + final_initrd = all_initrds[0]; + + struct iovec kernel = IOVEC_MAKE( +-- +2.52.0 + diff --git a/systemd.spec b/systemd.spec index af79bf0..afd6432 100644 --- a/systemd.spec +++ b/systemd.spec @@ -152,6 +152,12 @@ Patch: 38769.patch # Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2415701 Patch: 0002-machined-continue-without-resolve.hook-socket.patch + +# 2 patches for https://fedoraproject.org/wiki/Changes/Automatic_DTB_selection_for_aarch64_EFI_systems +# Upstream commit: https://github.com/systemd/systemd/commit/75890d949f92c412c0936b8536b2e0dc8f7dfb40 +Patch: 0003-ukify-omit-.osrel-section-when-os-release-is-empty.patch +# Upstream PR: https://github.com/systemd/systemd/pull/40329 +Patch: 0004-stub-Fix-NULL-pointer-deref-when-there-are-no-initrd.patch %endif %ifarch %{ix86} x86_64 aarch64 riscv64