diff --git a/.editorconfig b/.editorconfig deleted file mode 100644 index 1b58baf..0000000 --- a/.editorconfig +++ /dev/null @@ -1,11 +0,0 @@ -root = true - -[*] -charset = utf-8 -indent_size = 4 -indent_style = space -insert_final_newline = true -trim_trailing_whitespace = true - -[*.{yml,yaml}] -indent_size = 2 diff --git a/.fmf/version b/.fmf/version deleted file mode 100644 index d00491f..0000000 --- a/.fmf/version +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/.gitignore b/.gitignore index ca73e11..6cf7897 100644 --- a/.gitignore +++ b/.gitignore @@ -7,7 +7,3 @@ /systemd-*.tar.xz /systemd-*.tar.gz /*.rpm -/mkosi.output/ -/mkosi.cache/ -/mkosi.builddir/ -/mkosi.local.conf diff --git a/.zuul.yaml b/.zuul.yaml index b2e0850..591bb8a 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -1,7 +1,5 @@ - project: vars: install_repo_exclude: - - systemd-standalone-repart - - systemd-standalone-shutdown - - systemd-standalone-sysusers - systemd-standalone-tmpfiles + - systemd-standalone-sysuser diff --git a/0001-Revert-units-drop-runlevel-0-6-.target.patch b/0001-Revert-units-drop-runlevel-0-6-.target.patch deleted file mode 100644 index faf8341..0000000 --- a/0001-Revert-units-drop-runlevel-0-6-.target.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 61750e265ce3f7783a8dba831e91140f84ad89f2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 5 Nov 2025 17:52:16 +0100 -Subject: [PATCH 1/3] Revert "units: drop runlevel[0-6].target" - -This partially reverts commit e58ba80a40fb6e96543d56774a5bc5aa9cdadbf3. -The unit are still needed for compat. ---- - units/meson.build | 27 ++++++++++++++++++++++----- - 1 file changed, 22 insertions(+), 5 deletions(-) - -diff --git a/units/meson.build b/units/meson.build -index 2e04c4aa2b..46eaac4073 100644 ---- a/units/meson.build -+++ b/units/meson.build -@@ -1,5 +1,7 @@ - # SPDX-License-Identifier: LGPL-2.1-or-later - -+with_runlevels = conf.get('HAVE_SYSV_COMPAT') == 1 -+ - units = [ - { 'file' : 'basic.target' }, - { 'file' : 'blockdev@.target' }, -@@ -49,7 +51,7 @@ units = [ - }, - { - 'file' : 'graphical.target', -- 'symlinks' : ['default.target'], -+ 'symlinks' : ['default.target'] + (with_runlevels ? ['runlevel5.target'] : []), - }, - { 'file' : 'halt.target' }, - { -@@ -142,7 +144,10 @@ units = [ - 'conditions' : ['ENABLE_MACHINED'], - }, - { 'file' : 'modprobe@.service' }, -- { 'file' : 'multi-user.target' }, -+ { -+ 'file' : 'multi-user.target', -+ 'symlinks' : with_runlevels ? ['runlevel2.target', 'runlevel3.target', 'runlevel4.target'] : [], -+ }, - { - 'file' : 'systemd-mute-console.socket', - 'symlinks' : ['sockets.target.wants/'] -@@ -155,7 +160,10 @@ units = [ - { 'file' : 'nss-lookup.target' }, - { 'file' : 'nss-user-lookup.target' }, - { 'file' : 'paths.target' }, -- { 'file' : 'poweroff.target' }, -+ { -+ 'file' : 'poweroff.target', -+ 'symlinks' : with_runlevels ? ['runlevel0.target'] : [], -+ }, - { 'file' : 'printer.target' }, - { - 'file' : 'proc-sys-fs-binfmt_misc.automount', -@@ -180,7 +188,7 @@ units = [ - }, - { - 'file' : 'reboot.target', -- 'symlinks' : ['ctrl-alt-del.target'], -+ 'symlinks' : ['ctrl-alt-del.target'] + (with_runlevels ? ['runlevel6.target'] : []), - }, - { - 'file' : 'remote-cryptsetup.target', -@@ -200,7 +208,10 @@ units = [ - 'symlinks' : ['initrd-root-device.target.wants/'], - }, - { 'file' : 'rescue.service.in' }, -- { 'file' : 'rescue.target' }, -+ { -+ 'file' : 'rescue.target', -+ 'symlinks' : with_runlevels ? ['runlevel1.target'] : [], -+ }, - { 'file' : 'rpcbind.target' }, - { 'file' : 'serial-getty@.service.in' }, - { 'file' : 'shutdown.target' }, -@@ -1001,4 +1012,10 @@ else - dbussessionservicedir / 'org.freedesktop.systemd1.service')) - endif - -+if conf.get('HAVE_SYSV_COMPAT') == 1 -+ foreach i : [1, 2, 3, 4, 5] -+ install_emptydir(systemunitdir / 'runlevel@0@.target.wants'.format(i)) -+ endforeach -+endif -+ - subdir('user') diff --git a/0002-machined-continue-without-resolve.hook-socket.patch b/0002-machined-continue-without-resolve.hook-socket.patch deleted file mode 100644 index 2903c5e..0000000 --- a/0002-machined-continue-without-resolve.hook-socket.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 8d6d86d1d7e45eeae921e88adde55d6524027c96 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 26 Nov 2025 22:29:53 +0100 -Subject: [PATCH 3/3] machined: continue without resolve.hook socket - ---- - src/machine/machined-varlink.c | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) - -diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c -index f83cbb8562..0b30cd0531 100644 ---- a/src/machine/machined-varlink.c -+++ b/src/machine/machined-varlink.c -@@ -894,9 +894,15 @@ static int manager_varlink_init_resolve_hook(Manager *m) { - - r = sd_varlink_server_listen_address(s, VARLINK_PATH_MACHINED_RESOLVE_HOOK, - 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); -- if (r < 0) -- return log_error_errno(r, "Failed to bind to varlink socket %s: %m", -- VARLINK_PATH_MACHINED_RESOLVE_HOOK); -+ if (r < 0) { -+ bool ignore = ERRNO_IS_NEG_PRIVILEGE(r); -+ log_full_errno(ignore ? LOG_WARNING : LOG_ERR, -+ r, -+ "Failed to bind to varlink socket %s%s: %m", -+ VARLINK_PATH_MACHINED_RESOLVE_HOOK, -+ ignore ? ", ignoring" : ""); -+ return ignore ? 0 : r; -+ } - - r = sd_varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL); - if (r < 0) diff --git a/0003-ukify-omit-.osrel-section-when-os-release-is-empty.patch b/0003-ukify-omit-.osrel-section-when-os-release-is-empty.patch deleted file mode 100644 index 5f4a1dd..0000000 --- a/0003-ukify-omit-.osrel-section-when-os-release-is-empty.patch +++ /dev/null @@ -1,112 +0,0 @@ -From 75890d949f92c412c0936b8536b2e0dc8f7dfb40 Mon Sep 17 00:00:00 2001 -From: Nick Rosbrook -Date: Fri, 19 Dec 2025 11:01:49 -0500 -Subject: [PATCH] ukify: omit .osrel section when --os-release= is empty - -The primary motivation for this is to allow users of ukify to build -UKI-like objects, without having them later be detected as a UKI by -tools like kernel-install and bootctl. - -The common code used by these tools to determine if a PE binary is a UKI -checks that both .osrel and .linux sections are present. Hence, adding -a mechansim to skip .osrel provides a way to avoid being labeled a UKI. ---- - man/ukify.xml | 5 ++++- - src/ukify/test/test_ukify.py | 15 +++++++++++---- - src/ukify/ukify.py | 10 +++++++++- - 3 files changed, 24 insertions(+), 6 deletions(-) - -diff --git a/man/ukify.xml b/man/ukify.xml -index 829761642d..7462c5c92f 100644 ---- a/man/ukify.xml -+++ b/man/ukify.xml -@@ -365,7 +365,10 @@ - The os-release description (the .osrel section). The argument - may be a literal string, or @ followed by a path name. If not specified, the - os-release5 file -- will be picked up from the host system. -+ will be picked up from the host system. If explicitly set to an empty string, the ".osrel" section -+ is omitted from the UKI (this is not recommended in most cases, and causes the resulting artifact -+ to not be recognized as a UKI by other tools like kernel-install -+ and bootctl). - - - -diff --git a/src/ukify/test/test_ukify.py b/src/ukify/test/test_ukify.py -index f75ef0c891..224a38569f 100755 ---- a/src/ukify/test/test_ukify.py -+++ b/src/ukify/test/test_ukify.py -@@ -641,7 +641,7 @@ def test_efi_signing_pesign(kernel_initrd, tmp_path): - - shutil.rmtree(tmp_path) - --def test_inspect(kernel_initrd, tmp_path, capsys): -+def test_inspect(kernel_initrd, tmp_path, capsys, osrel=True): - if kernel_initrd is None: - pytest.skip('linux+initrd not found') - if not shutil.which('sbsign'): -@@ -653,7 +653,7 @@ def test_inspect(kernel_initrd, tmp_path, capsys): - - output = f'{tmp_path}/signed2.efi' - uname_arg='1.2.3' -- osrel_arg='Linux' -+ osrel_arg='Linux' if osrel else '' - cmdline_arg='ARG1 ARG2 ARG3' - - args = [ -@@ -680,8 +680,12 @@ def test_inspect(kernel_initrd, tmp_path, capsys): - - text = capsys.readouterr().out - -- expected_osrel = f'.osrel:\n size: {len(osrel_arg)}' -- assert expected_osrel in text -+ if osrel: -+ expected_osrel = f'.osrel:\n size: {len(osrel_arg)}' -+ assert expected_osrel in text -+ else: -+ assert '.osrel:' not in text -+ - expected_cmdline = f'.cmdline:\n size: {len(cmdline_arg)}' - assert expected_cmdline in text - expected_uname = f'.uname:\n size: {len(uname_arg)}' -@@ -694,6 +698,9 @@ def test_inspect(kernel_initrd, tmp_path, capsys): - - shutil.rmtree(tmp_path) - -+def test_inspect_no_osrel(kernel_initrd, tmp_path, capsys): -+ test_inspect(kernel_initrd, tmp_path, capsys, osrel=False) -+ - @pytest.mark.skipif(not slow_tests, reason='slow') - def test_pcr_signing(kernel_initrd, tmp_path): - if kernel_initrd is None: -diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py -index c98f8e2a5d..b7542c7eca 100755 ---- a/src/ukify/ukify.py -+++ b/src/ukify/ukify.py -@@ -1477,6 +1477,9 @@ def make_uki(opts: UkifyConfig) -> None: - '.profile', - } - -+ if not opts.os_release: -+ to_import.remove('.osrel') -+ - for profile in opts.join_profiles: - pe = pefile.PE(profile, fast_load=True) - prev_len = len(uki.sections) -@@ -2412,7 +2415,12 @@ def finalize_options(opts: argparse.Namespace) -> None: - - opts.os_release = resolve_at_path(opts.os_release) - -- if not opts.os_release and opts.linux: -+ if opts.os_release == '': -+ # If --os-release= with an empty string was passed, treat that as -+ # explicitly disabling the .osrel section, and do not fallback to the -+ # system's os-release files. -+ pass -+ elif opts.os_release is None and opts.linux: - p = Path('/etc/os-release') - if not p.exists(): - p = Path('/usr/lib/os-release') --- -2.52.0 - diff --git a/0004-stub-Fix-NULL-pointer-deref-when-there-are-no-initrd.patch b/0004-stub-Fix-NULL-pointer-deref-when-there-are-no-initrd.patch deleted file mode 100644 index d6f362f..0000000 --- a/0004-stub-Fix-NULL-pointer-deref-when-there-are-no-initrd.patch +++ /dev/null @@ -1,51 +0,0 @@ -From e57e599e6b11039ab6484e5622b3deae20bfd678 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Mon, 12 Jan 2026 14:56:36 +0100 -Subject: [PATCH] stub: Fix NULL pointer deref when there are no initrds - -When n_all_initrds == 0, then all_initrds is unmodified from its initial -value of: - - _cleanup_free_ struct iovec *all_initrds = NULL; - -and in the else block of the "if (n_all_initrds > 1)" the NULL is -dereferenced: - - final_initrd = all_initrds[0]; - -Leading to the stub crashing due to a NULL pointer deref. - -Fix this by initializing final_initrd to all 0s and only -running the else block if (n_all_initrds == 1). ---- - src/boot/stub.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/boot/stub.c b/src/boot/stub.c -index 06ecbc7d18..65950262c6 100644 ---- a/src/boot/stub.c -+++ b/src/boot/stub.c -@@ -1302,9 +1302,9 @@ static EFI_STATUS run(EFI_HANDLE image) { - - /* Combine the initrds into one */ - _cleanup_pages_ Pages initrd_pages = {}; -- struct iovec final_initrd; -+ struct iovec final_initrd = {}; - if (n_all_initrds > 1) { -- /* There will always be a base initrd, if this counter is higher, we need to combine them */ -+ /* If there is more then 1 initrd we need to combine them */ - err = combine_initrds(all_initrds, n_all_initrds, &initrd_pages, &final_initrd.iov_len); - if (err != EFI_SUCCESS) - return err; -@@ -1313,7 +1313,7 @@ static EFI_STATUS run(EFI_HANDLE image) { - - /* Given these might be large let's free them explicitly before we pass control to Linux */ - initrds_free(&initrds); -- } else -+ } else if (n_all_initrds == 1) - final_initrd = all_initrds[0]; - - struct iovec kernel = IOVEC_MAKE( --- -2.52.0 - diff --git a/10-map-count.conf b/10-map-count.conf deleted file mode 100644 index 5cf5677..0000000 --- a/10-map-count.conf +++ /dev/null @@ -1,3 +0,0 @@ -# Increase the number of virtual memory areas that one process may request -# https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount -vm.max_map_count=1048576 diff --git a/10-oomd-per-slice-defaults.conf b/10-oomd-per-slice-defaults.conf index 63d8162..fbf6f00 100644 --- a/10-oomd-per-slice-defaults.conf +++ b/10-oomd-per-slice-defaults.conf @@ -1,3 +1,3 @@ [Slice] ManagedOOMMemoryPressure=kill -ManagedOOMMemoryPressureLimit=80% +ManagedOOMMemoryPressureLimit=50% diff --git a/10-timeout-abort.conf b/10-timeout-abort.conf deleted file mode 100644 index 4852648..0000000 --- a/10-timeout-abort.conf +++ /dev/null @@ -1,14 +0,0 @@ -# This file is part of the systemd package. -# See https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer. -# -# To facilitate debugging when a service fails to stop cleanly, -# TimeoutStopFailureMode=abort is set to "crash" services that fail to stop in -# the time allotted. This will cause the service to be terminated with SIGABRT -# and a coredump to be generated. -# -# To undo this configuration change, create a mask file: -# sudo mkdir -p /etc/systemd/system/service.d -# sudo ln -sv /dev/null /etc/systemd/system/service.d/10-timeout-abort.conf - -[Service] -TimeoutStopFailureMode=abort diff --git a/26494.patch b/26494.patch deleted file mode 100644 index 19bc67b..0000000 --- a/26494.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 6b25470ee28843a49c50442e9d8a98edc842ceca Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 20 Feb 2023 12:00:30 +0900 -Subject: [PATCH] core/manager: run generators directly when we are in initrd - -Some initrd system write files at ourside of /run, /etc, or other -allowed places. This is a kind of workaround, but in most cases, such -sandboxing is not necessary as the filesystem is on ramfs when we are in -initrd. - -Fixes #26488. ---- - src/core/manager.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/core/manager.c b/src/core/manager.c -index 7b394794b0d4..306477c6e6c2 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -3822,8 +3822,8 @@ static int manager_run_generators(Manager *m) { - /* If we are the system manager, we fork and invoke the generators in a sanitized mount namespace. If - * we are the user manager, let's just execute the generators directly. We might not have the - * necessary privileges, and the system manager has already mounted /tmp/ and everything else for us. -- */ -- if (MANAGER_IS_USER(m)) { -+ * If we are in initrd, let's also execute the generators directly, as we are in ramfs. */ -+ if (MANAGER_IS_USER(m) || in_initrd()) { - r = manager_execute_generators(m, paths, /* remount_ro= */ false); - goto finish; - } diff --git a/30846.patch b/30846.patch deleted file mode 100644 index 77da69f..0000000 --- a/30846.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 07bedc8f93277f705622625f440a1f56ccff1cd0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 9 Jan 2024 11:28:04 +0100 -Subject: [PATCH] journal: again create user journals for users with high uids - -This effectively reverts a change in 115d5145a257c1a27330acf9f063b5f4d910ca4d -'journald: move uid_for_system_journal() to uid-alloc-range.h', which slipped -in an additional check of uid_is_container(uid). The problem is that that change -is not backwards-compatible at all and very hard for users to handle. -There is no common agreement on mappings of high-range uids. Systemd declares -ownership of a large range for container uids in https://systemd.io/UIDS-GIDS/, -but this is only a recent change and various sites allocated those ranges -in a different way, in particular FreeIPA uses (used?) uids from this range -for human users. On big sites with lots of users changing uids is obviously a -hard problem. We generally assume that uids cannot be "freed" and/or changed -and/or reused safely, so we shouldn't demand the same from others. - -This is somewhat similar to the situation with SYSTEM_ALLOC_UID_MIN / -SYSTEM_UID_MAX, which we tried to define to a fixed value in our code, causing -huge problems for existing systems with were created with a different -definition and couldn't be easily updated. For that case, we added a -configuration time switch and we now parse /etc/login.defs to actually use the -value that is appropriate for the local system. - -Unfortunately, login.defs doesn't have a concept of container allocation ranges -(and we don't have code to parse and use those nonexistent names either), so we -can't tell users to adjust logind.defs to work around the changed definition. - -login.defs has SUB_UID_{MIN,MAX}, but those aren't really the same thing, -because they are used to define where the add allocations for subuids, which is -generally a much smaller range. Maybe we should talk with other folks about -the appropriate allocation ranges and define some new settings in login.defs. -But this would require discussion and coordination with other projects first. - -Actualy, it seems that this change was needed at all. The code in the container -does not log to the outside journal. It talks to its own journald, which does -journal splitting using its internal logic based on shifted uids. So let's -revert the change to fix user systems. - -Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843. ---- - src/basic/uid-classification.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/basic/uid-classification.c b/src/basic/uid-classification.c -index 203ce2c68a..2eb384395d 100644 ---- a/src/basic/uid-classification.c -+++ b/src/basic/uid-classification.c -@@ -129,5 +129,6 @@ bool uid_for_system_journal(uid_t uid) { - - /* Returns true if the specified UID shall get its data stored in the system journal. */ - -- return uid_is_system(uid) || uid_is_dynamic(uid) || uid_is_greeter(uid) || uid == UID_NOBODY || uid_is_container(uid) || uid_is_foreign(uid); -+ return uid_is_system(uid) || uid_is_dynamic(uid) || uid_is_greeter(uid) || uid == UID_NOBODY || uid_is_foreign(uid); -+ - } diff --git a/38769.patch b/38769.patch deleted file mode 100644 index 09a7423..0000000 --- a/38769.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 00d70f36a0866660693347009446b7f872a05bf4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= -Date: Sat, 30 Aug 2025 13:55:56 +0200 -Subject: [PATCH] core: create userdb root directory with correct label - -Set up the /run/systemd/userdb directory with the default SELinux context -on creation. - -With version 257.7-1 on Debian the directory was automatically created with the -correct label. Starting with version 258 (only tested with 258~rc3-1) it no -longer is. Regression introduced in 736349958efe34089131ca88950e2e5bb391d36a. - -[zjs: edited the patch to apply comments from review and update the description.] ---- - src/core/varlink.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/core/varlink.c b/src/core/varlink.c -index 99f12c59e5..71a8ffd0e5 100644 ---- a/src/core/varlink.c -+++ b/src/core/varlink.c -@@ -5,6 +5,7 @@ - #include "constants.h" - #include "errno-util.h" - #include "manager.h" -+#include "mkdir-label.h" - #include "path-util.h" - #include "pidref.h" - #include "string-util.h" -@@ -441,7 +442,11 @@ static int manager_varlink_init_system(Manager *m) { - if (!fresh && varlink_server_contains_socket(m->varlink_server, address)) - continue; - -- r = sd_varlink_server_listen_address(m->varlink_server, address, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755); -+ r = mkdir_parents_label(address, 0755); -+ if (r < 0) -+ log_warning_errno(r, "Failed to create parent directory of '%s', ignoring: %m", address); -+ -+ r = sd_varlink_server_listen_address(m->varlink_server, address, 0666); - if (r < 0) - return log_error_errno(r, "Failed to bind to varlink socket '%s': %m", address); - } diff --git a/60-block-scheduler.rules b/60-block-scheduler.rules deleted file mode 100644 index 850b645..0000000 --- a/60-block-scheduler.rules +++ /dev/null @@ -1,5 +0,0 @@ -# do not edit this file, it will be overwritten on update - -ACTION=="add", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", \ - KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \ - ATTR{queue/scheduler}="bfq" diff --git a/98-default-mac-none.link b/98-default-mac-none.link deleted file mode 100644 index 8440f98..0000000 --- a/98-default-mac-none.link +++ /dev/null @@ -1,20 +0,0 @@ -# SPDX-License-Identifier: MIT-0 -# -# This config file is installed as part of systemd. -# It may be freely copied and edited (following the MIT No Attribution license). -# -# To make local modifications, one of the following methods may be used: -# 1. add a drop-in file that extends this file by creating the -# /etc/systemd/network/98-default-mac-none.link.d/ directory and creating a -# new .conf file there. -# 2. copy this file into /etc/systemd/network or one of the other paths checked -# by systemd-udevd and edit it there. -# This file should not be edited in place, because it'll be overwritten on upgrades. - -[Match] -Kind=bridge bond team - -[Link] -NamePolicy=keep kernel database onboard slot path -AlternativeNamesPolicy=database onboard slot path -MACAddressPolicy=none diff --git a/README.build-in-place.md b/README.build-in-place.md index df108d1..057c103 100644 --- a/README.build-in-place.md +++ b/README.build-in-place.md @@ -7,7 +7,7 @@ and his [talk during ASG2019](https://www.youtube.com/watch?v=fVM1kJrymRM). git clone https://github.com/systemd/systemd fedpkg clone systemd fedora-systemd cd systemd -rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with upstream ../fedora-systemd/systemd.spec +rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with inplace ../systemd.spec sudo dnf upgrade --setopt install_weak_deps=False rpms/*/*.rpm ``` diff --git a/changelog b/changelog index 216ab62..d19adec 100644 --- a/changelog +++ b/changelog @@ -1,760 +1,3 @@ -* Sun Jan 12 2025 Zbigniew Jędrzejewski-Szmek - 257.2-6 -- Rebuilt for the bin-sbin merge (2nd attempt) - -* Fri Jan 10 2025 Zbigniew Jędrzejewski-Szmek - 257.2-4 -- Revert use of PrivateTmp=disconnected (rhbz#2334015, - https://github.com/coreos/fedora-coreos-tracker/issues/1857) - -* Wed Jan 08 2025 Zbigniew Jędrzejewski-Szmek - 257.2-1 -- Version 257.2 -- Fixes for assertion crashes and memory access issues in pid1 and systemd- - machined, and other fixes for systemd-repart, systemd-resolved, systemd- - stdio-bridge, systemctl, journalctl, sd-device, hibernation, and the - hardware database. - -* Tue Jan 07 2025 Yu Watanabe - 257.1-7 -- Replace 'udevadm hwdb' with systemd-hwdb - -* Tue Jan 07 2025 Zbigniew Jędrzejewski-Szmek - 257.1-6 -- Rename source .abignore file - -* Fri Dec 20 2024 Daan De Meyer - 257.1-2 -- Re-enable upstream behaviour of systemd-tmpfiles --purge - -* Fri Dec 20 2024 Zbigniew Jędrzejewski-Szmek - 257.1-1 -- Version 257.1 -- A bunch of post-release fixes, incl. for systemd-resolved, tpm2 support, - systemd-networkd, systemd-logind, journalct. -- Should fix rhbz#2325780. - -* Sun Dec 15 2024 Yu Watanabe - 257-3 -- Add patch for test-time-util - -* Sun Dec 15 2024 Yu Watanabe - 257-2 -- sysusers: support new ! line flag for creating fully locked accounts - -* Tue Dec 10 2024 Zbigniew Jędrzejewski-Szmek - 257-1 -- Version 257 -- A bunch of small fixes in various components: systemd itself, systemd- - cryptenroll, sd-varlink, sd-boot, documentation, tests -- Includes an update of the hardware database - -* Thu Dec 05 2024 Zbigniew Jędrzejewski-Szmek - 257~rc3-5 -- Enable slow tests during build - -* Tue Dec 03 2024 Zbigniew Jędrzejewski-Szmek - 257~rc3-3 -- Recommend qemu-kvm-core instead of qemu-kvm (rhbz#2329979) - -* Fri Nov 29 2024 Yu Watanabe - 257~rc3-2 -- Update tmpfiles --destroy-data patch - -* Wed Nov 27 2024 Zbigniew Jędrzejewski-Szmek - 257~rc3-1 -- Version 257~rc3 -- A bunch of small fixes here and there: virtualization detection, udev, - systemd-networked, pid1. -- Includes a hardware database update. - -* Tue Nov 26 2024 Zbigniew Jędrzejewski-Szmek - 257~rc2-4 -- Make systemd-network-generator co-owned by -udev and -networkd - (rhbz#2328723) - -* Tue Nov 19 2024 Zbigniew Jędrzejewski-Szmek - 257~rc2-3 -- Pull in qemu from systemd-container - -* Fri Nov 15 2024 Zbigniew Jędrzejewski-Szmek - 257~rc2-2 -- Change sysusers u! lines to u because we don't have support in rpm - -* Fri Nov 15 2024 Zbigniew Jędrzejewski-Szmek - 257~rc2-1 -- Version 257~rc2 -- Changes in systemd-measure, systemd-networkd, documentation, systemd- - sysupdated, systemd-sbsign, systemd-boot, systemd-stub, systemd-nspawn, - run0, ukify -- Hardware database update - -* Fri Nov 15 2024 Zbigniew Jędrzejewski-Szmek - 257~rc1-3 -- Disable freezing of user sessions (rhbz#2321268) - -* Thu Nov 07 2024 Zbigniew Jędrzejewski-Szmek - 257~rc1-1 -- Version 257~rc1 - -* Thu Nov 07 2024 Daan De Meyer - 256.7-7 -- Use %%posttrans instead of %%postun to restart services - -* Thu Nov 07 2024 Yaakov Selkowitz - 256.7-6 -- Disable OpenSSL v3 ENGINE on RHEL - -* Tue Nov 05 2024 Daan De Meyer - 256.7-4 -- Backport user manager reexec changes - -* Tue Nov 05 2024 David Tardon - 256.7-3 -- Use %%systemd_preun in systemd-resolved - -* Thu Oct 24 2024 Yu Watanabe - 256.7-2 -- test_sysusers_defined: support new ! line flag for creating fully locked - accounts - -* Fri Oct 11 2024 Zbigniew Jędrzejewski-Szmek - 256.7-1 -- Version 256.7 -- Various small fixes in many components -- Documentation updates - -* Tue Sep 24 2024 Zbigniew Jędrzejewski-Szmek - 256.6-3 -- Move yum/dnf protection removal config file under /usr - -* Thu Sep 12 2024 Matteo Croce - 256.6-1 -- Version 256.6 - -* Thu Aug 29 2024 Daan De Meyer - 256.5-6 -- Always build ukify package - -* Wed Aug 28 2024 Daan De Meyer - 256.5-5 -- Do not use patch to modify systemd-user pam config file - -* Tue Aug 27 2024 Daan De Meyer - 256.5-3 -- Only make python3-pillow Recommends on Fedora - -* Sat Aug 24 2024 Davide Cavalca - 256.5-2 -- Do not require grubby on CentOS Stream 9 - -* Tue Aug 20 2024 Zbigniew Jędrzejewski-Szmek - 256.5-1 -- Version 256.5 -- Includes the patches for the kernel change with kernel threads in leaf - cgroups (https://github.com/systemd/systemd/pull/33885) -- Various smaller fixes - -* Tue Aug 20 2024 Zbigniew Jędrzejewski-Szmek - 256.4-4 -- Disable integration of userdb in sshd - -* Mon Jul 29 2024 Daan De Meyer - 256.4-3 -- Backport patch to only read /proc/cmdline when not in container - -* Mon Jul 29 2024 Daan De Meyer - 256.4-2 -- Backport upstream patch to try more initrd variants in - 90-loaderentry.install - -* Thu Jul 25 2024 Zbigniew Jędrzejewski-Szmek - 256.4-1 -- Version 256.4 -- Hardware db update -- Minor fixes for systemd-udevd and varlink protocol - -* Tue Jul 23 2024 Daan De Meyer - 256.3-3 -- Update tmpfiles --destroy-data patch - -* Tue Jul 23 2024 Zbigniew Jędrzejewski-Szmek - 256.3-1 -- Version 256.3 -- A bunch of fixes for systemd (pid1) -- Various upgrades related to running tests in mkosi - -* Sat Jul 20 2024 Daan De Meyer - 256.2-17 -- Simplify BFQ scheduler enablement - -* Sat Jul 20 2024 Fedora Release Engineering - 256.2-16 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild - -* Wed Jul 17 2024 Zbigniew Jędrzejewski-Szmek - 256.2-9 -- Backport udma buffer access patch (rhbz#2298422) - -* Tue Jul 16 2024 Daan De Meyer - 256.2-8 -- Add support for building from a specific branch - -* Tue Jul 16 2024 Daan De Meyer - 256.2-7 -- Update PR patch metadata - -* Mon Jul 15 2024 Zbigniew Jędrzejewski-Szmek - 256.2-6 -- In standalone subpackages, suggest coreutils-single - -* Mon Jul 15 2024 Zbigniew Jędrzejewski-Szmek - 256.2-5 -- Drop versions from Conflicts for standalone packages - -* Sun Jul 14 2024 Zbigniew Jędrzejewski-Szmek - 256.2-4 -- Use a more precise Recommends for libkxbcommon - -* Thu Jul 11 2024 Daan De Meyer - 256.2-3 -- Drop machined revert - -* Tue Jul 09 2024 Zbigniew Jędrzejewski-Szmek - 256.2-2 -- Rebuilt for the bin-sbin merge - -* Mon Jul 08 2024 Zbigniew Jędrzejewski-Szmek - 256.2-1 -- Version 256.2 -- A bunch of various small fixes - -* Mon Jul 08 2024 Zbigniew Jędrzejewski-Szmek - 256.1-13 -- Link systemd-executor statically - -* Fri Jul 05 2024 Yaakov Selkowitz - 256.1-12 -- Update dracut workaround - -* Fri Jul 05 2024 Yaakov Selkowitz - 256.1-11 -- Fix ELN build - -* Fri Jul 05 2024 Daan De Meyer - 256.1-10 -- Only exclude dracut conflicts on non-fedora on upstream builds - -* Fri Jul 05 2024 Daan De Meyer - 256.1-9 -- Conditionalize dracut Conflicts more - -* Tue Jul 02 2024 Daan De Meyer - 256.1-8 -- Use vmlinux.h from kernel-devel - -* Tue Jul 02 2024 Zbigniew Jędrzejewski-Szmek - 256.1-7 -- Pull in openssl-devel-engine - -* Mon Jul 01 2024 Daan De Meyer - 256.1-6 -- Only add Requires on python3-zstd on Fedora - -* Mon Jul 01 2024 Daan De Meyer - 256.1-5 -- Drop BuildRequires on python3-zstd - -* Tue Jun 25 2024 Zbigniew Jędrzejewski-Szmek - 256.1-4 -- Revert "Remove tmpfiles snippet for /home and /srv" - -* Tue Jun 18 2024 Zbigniew Jędrzejewski-Szmek - 256.1-3 -- Remove tmpfiles snippet for /home and /srv - -* Tue Jun 18 2024 Zbigniew Jędrzejewski-Szmek - 256.1-2 -- Soft-disable tmpfiles --purge until a good use case comes up - -* Tue Jun 18 2024 Zbigniew Jędrzejewski-Szmek - 256.1-1 -- Version 256.1 - -* Sun Jun 16 2024 U2FsdGVkX1 - 256-2 -- disable auto-features when bootstrapping - -* Tue Jun 11 2024 Zbigniew Jędrzejewski-Szmek - 256-1 -- Version 256 -- Only minor changes since -rc4. -- Hardward db is updated. - -* Fri Jun 07 2024 Zbigniew Jędrzejewski-Szmek - 256~rc4-2 -- Restore patch to drop varlink method call - -* Thu Jun 06 2024 Zbigniew Jędrzejewski-Szmek - 256~rc4-1 -- Version 256~rc4 - -* Thu Jun 06 2024 Zbigniew Jędrzejewski-Szmek - 256~rc3-6 -- Drop sysusers.d/basic.conf -- We rely on setup to provide all necessary groups. - -* Sun Jun 02 2024 Adam Williamson - 256~rc3-4 -- Partially backport PR #33016 to fix crashes in KDE 6.3.0 - -* Wed May 29 2024 Zbigniew Jędrzejewski-Szmek - 256~rc3-2 -- Add patch to work-around libbpf bug (rhbz#2280935) - -* Thu May 23 2024 Zbigniew Jędrzejewski-Szmek - 256~rc3-1 -- Version 256~rc3 - -* Wed May 15 2024 Zbigniew Jędrzejewski-Szmek - 256~rc2-6 -- Version 256~rc2 -- Various small changes all over -- A fix for rhbz#2273069 - -* Mon May 13 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1^20240509git1781de1-4 -- Make %%release_override overridable from outside - -* Sat May 11 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1^20240509git1781de1-2 -- Temporarily drop call to varlink method to avoid SELinux denial - -* Thu May 09 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1^20240509git1781de1-1 -- Version 256-rc1^20240509git -- There were some fixes merged upstream, so let's try again before v256-rc2 - is released. - -* Thu May 02 2024 Jan Macku - 256~rc1-6 -- spec: `systemd-ukify` should depend on `systemd-boot` - -* Sat Apr 27 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1-4 -- Add additional daemon-reexec for upgrades from old systemd versions - -* Sat Apr 27 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1-3 -- Drop trigger scriptlets for upgrades from systemd < 247 - -* Sat Apr 27 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1-2 -- Add Recommends for dlopen libraries - -* Fri Apr 26 2024 Zbigniew Jędrzejewski-Szmek - 256~rc1-1 -- Version 256~rc1 -- See https://raw.githubusercontent.com/systemd/systemd/v256-rc1/NEWS. Too - many changes to list or discuss here. - -* Wed Apr 24 2024 Zbigniew Jędrzejewski-Szmek - 255.5-3 -- Reexec systemd in %%postun - (https://github.com/systemd/systemd/issues/5096) -- The workaround dbus issues in upgrades from systemd-239 is dropped - -* Wed Apr 24 2024 Zbigniew Jędrzejewski-Szmek - 255.5-2 -- Drop workaround to run generators without sandboxing (requirement on - dracut >= 60 is added) - -* Wed Apr 24 2024 Zbigniew Jędrzejewski-Szmek - 255.5-1 -- Version 255.5 -- Many different small fixes: systemd itself, systemd-networkd, systemd- - journal-remote, compilation fixes for newer kernels and clang, systemd- - homed, systemd-resolved, ukify, systemd-tmpfiles, various other. - -* Wed Apr 10 2024 Zbigniew Jędrzejewski-Szmek - 255.4-16 -- Prepare for bin-sbin merge - -* Wed Mar 27 2024 Zbigniew Jędrzejewski-Szmek - 255.4-13 -- spec: add %%bcond to build without documentation - -* Fri Mar 22 2024 Zbigniew Jędrzejewski-Szmek - 255.4-11 -- Revert "Adjust release tag for riscv64" - -* Fri Mar 22 2024 David Abdurachmanov - 255.4-10 -- Enable bootloader stack for riscv64 - -* Fri Mar 22 2024 Zbigniew Jędrzejewski-Szmek - 255.4-9 -- Adjust release tag for riscv64 - -* Wed Mar 20 2024 David Tardon - 255.4-5 -- Make Requires(*) on systemd versioned - -* Wed Mar 20 2024 Zbigniew Jędrzejewski-Szmek - 255.4-4 -- Add R:systemd-udev to systemd-networkd subpackage (rhbz#2173425) - -* Mon Mar 18 2024 Daan De Meyer - 255.4-3 -- Add psutil dependency to systemd-tests - -* Thu Mar 07 2024 Daan De Meyer - 255.4-2 -- Build in developer mode when building for upstream - -* Fri Mar 01 2024 Zbigniew Jędrzejewski-Szmek - 255.4-1 -- Version 255.4 - -* Wed Feb 21 2024 Daan De Meyer - 255.3-13 -- Allow setting extra configure options using - %%meson_extra_configure_options - -* Wed Feb 21 2024 Daan De Meyer - 255.3-12 -- Apply pam patch when building for upstream - -* Wed Feb 21 2024 Daan De Meyer - 255.3-11 -- Use %%version_override/%%release_override to specify version/release by - users - -* Tue Feb 20 2024 Zbigniew Jędrzejewski-Szmek - 255.3-10 -- Let libkmod be a dlopen'ed dependency - -* Sat Feb 17 2024 Daan De Meyer - 255.3-9 -- Allow overriding the version and release using macros - -* Sat Feb 17 2024 Daan De Meyer - 255.3-8 -- Stop passing %%{release} to meson when building in upstream mode - -* Sat Feb 17 2024 Daan De Meyer - 255.3-7 -- Don't pass b_lto to meson - -* Thu Feb 15 2024 Daan De Meyer - 255.3-6 -- Update usage of meson-vcs-tag.sh to account for upstream changes - -* Sun Feb 11 2024 Daan De Meyer - 255.3-5 -- Replace inplace macro with upstream macro - -* Sun Feb 11 2024 Daan De Meyer - 255.3-4 -- Remove reconfiguration logic - -* Sun Feb 11 2024 Daan De Meyer - 255.3-3 -- Stop depending on filelists - -* Mon Jan 29 2024 Zbigniew Jędrzejewski-Szmek - 255.3-2 -- Conflicts/Provides with systemd-standalone-repart are moved udev - subpackage - -* Thu Jan 25 2024 Zbigniew Jędrzejewski-Szmek - 255.3-1 -- Version 255.3 -- A bunch of various fixes for memory and behaviour, in many different - components (bootctl, systemd, udev, systemd-networkd, systemd-homed, - systemd-logind, systemd-resolve, systemd-repart, systemd-analyze, - systemd-dissect, systemd-boot, pam modules, systemd-storagetm, systemd- - journal-remote, kernel-install) -- Improved detection of virtualization (Google Compute Engine, Apple Virt) -- Updates for shell completions and docs -- An update for hardware database - -* Tue Jan 23 2024 Zbigniew Jędrzejewski-Szmek - 255.2-3 -- Add temporary patch to adjust uid range classification (rhbz#2251843) - -* Tue Jan 09 2024 Zbigniew Jędrzejewski-Szmek - 255.2-1 -- Version 255.2 -- Fixes missing DNSSEC validity check in SOA DNS packets (CVE-2023-7008) -- systemd-resolved and systemd-networkd are restarted after an upgrade. - -* Tue Jan 09 2024 Zbigniew Jędrzejewski-Szmek - 255.1-2 -- Add missing %%postun scriptlets for systemd-{resolved,networkd} - (rhbz#2255718) - -* Sat Dec 16 2023 Zbigniew Jędrzejewski-Szmek - 255.1-1 -- Version 255.1 - -* Wed Dec 13 2023 Zbigniew Jędrzejewski-Szmek - 255-7 -- Do not remove modified config files - -* Fri Dec 08 2023 Zbigniew Jędrzejewski-Szmek - 255-4 -- Add /etc/ssh/sshd_config.d to the file list - -* Fri Dec 08 2023 Zbigniew Jędrzejewski-Szmek - 255-3 -- Move config files to /usr/lib/systemd (e.g. /etc/systemd/system.conf → - /usr/lib/systemd/systemd.conf). Both config file locations were already - supported, and the files installed in /etc/ were "empty" (i.e. they had - only comments and section headers). The move does not change the - configuration, but just makes /etc more empty by default. See - https://github.com/systemd/systemd/commit/6495361c7d for more discussion - and details. - -* Fri Dec 08 2023 Zbigniew Jędrzejewski-Szmek - 255-2 -- Move systemd-bsod is to udev subpackage - -* Wed Dec 06 2023 Zbigniew Jędrzejewski-Szmek - 255-1 -- Version 255 -- Just a few bugfixes since 255-rc4: seccomp filters, logging, - documentation, systemd-repart -- Includes a hardware database update. - -* Sat Dec 02 2023 Zbigniew Jędrzejewski-Szmek - 255~rc4-1 -- Version 255~rc4 - -* Fri Dec 01 2023 Adam Williamson - 255~rc3-4 -- Backport PRs #30170 and #30266 to fix BPF denials (RHBZ #2250930) - -* Wed Nov 29 2023 Adam Williamson - 255~rc3-3 -- Backport #30197 to fix vconsole startup (RHBZ #2251394) - -* Thu Nov 23 2023 Peter Robinson - 255~rc3-2 -- de-dupe LICENSE.LGPL2.1 in licenses - -* Wed Nov 22 2023 Zbigniew Jędrzejewski-Szmek - 255~rc3-1 -- Version 255~rc3 - -* Wed Nov 22 2023 Zbigniew Jędrzejewski-Szmek - 255~rc2-2 -- Add systemd-networkd-defaults subpackage - -* Wed Nov 15 2023 Zbigniew Jędrzejewski-Szmek - 255~rc2-1 -- Version 255~rc2 -- See See https://raw.githubusercontent.com/systemd/systemd/v255-rc2/NEWS - -* Wed Nov 08 2023 Zbigniew Jędrzejewski-Szmek -- Add Conflicts with older dracut which doesn't have required patches - -* Tue Nov 07 2023 Zbigniew Jędrzejewski-Szmek - 255~rc1-3 -- Also build systemd-vmspawn - -* Tue Nov 07 2023 Zbigniew Jędrzejewski-Szmek - 255~rc1-2 -- Move oomd to systemd-udev - -* Tue Nov 07 2023 Zbigniew Jędrzejewski-Szmek - 255~rc1-1 -- Version 255~rc1 -- See https://raw.githubusercontent.com/systemd/systemd/v255-rc1/NEWS -- All the files and services related to pcrs are moved to -udev subpackage. - This includes the new systemd-pcrlock binary. - -* Wed Sep 27 2023 Zbigniew Jędrzejewski-Szmek - 254.5-2 -- Pull in more patches for keyboard layout matching - -* Wed Sep 27 2023 Zbigniew Jędrzejewski-Szmek - 254.5-1 -- Version 254.5 -- Resolves rhbz#29216. - -* Wed Sep 27 2023 Zbigniew Jędrzejewski-Szmek - 254.2-14 -- Pull in patches to add PollLimit setting - -* Wed Sep 27 2023 Zbigniew Jędrzejewski-Szmek - 254.2-13 -- Change versioned Conflicts to rich Requires (rhbz#2240828) - -* Tue Sep 19 2023 Adam Williamson - 254.2-12 -- Backport PR #29215 to improve keyboard layout matching - -* Mon Sep 18 2023 Zbigniew Jędrzejewski-Szmek - 254.2-7 -- Fix creation of installkernel symlink - -* Fri Sep 15 2023 Zbigniew Jędrzejewski-Szmek - 254.2-6 -- Provide /usr/sbin/installkernel (rhbz#2239008). - -* Thu Sep 07 2023 Zbigniew Jędrzejewski-Szmek - 254.2-2 -- Make inter-subpackage dependencies archful - -* Thu Sep 07 2023 Zbigniew Jędrzejewski-Szmek - 254.2-1 -- Version 254.2 -- A bunch of fixes in various areas: manager, coredump, sysupdate, - hibernation, journal. -- Should fix rhbz#2234653. - -* Wed Sep 06 2023 Zbigniew Jędrzejewski-Szmek - 254.1-8 -- Actually reload user managers and backport unit reload macros - -* Sat Sep 02 2023 Daan De Meyer - 254.1-7 -- ukify: Drop obsolete dependency on objcopy - -* Sat Sep 02 2023 Daan De Meyer - 254.1-6 -- Add missing ukify dependency on python-cryptography - -* Sun Aug 20 2023 Yu Watanabe - 254.1-5 -- spec: also explicitly enable/disable ukify support - -* Sun Aug 13 2023 Yu Watanabe - 254.1-4 -- spec: explicitly enable/disable xen support - -* Wed Aug 09 2023 Zbigniew Jędrzejewski-Szmek - 254.1-1 -- Version 254.1 (rhbz#2228089, possibly partial fix for rhbz#2229524) - -* Wed Aug 09 2023 Zbigniew Jędrzejewski-Szmek - 254-5 -- Do daemon-reexec of user managers after package upgrade - -* Mon Aug 07 2023 Daan De Meyer - 254-4 -- Revert "Supress errors on selinux systems" - -* Thu Aug 03 2023 Daan De Meyer - 254-3 -- Add a custom %%clean implementation - -* Thu Aug 03 2023 Daan De Meyer - 254-2 -- Update libbpf soname - -* Fri Jul 28 2023 Zbigniew Jędrzejewski-Szmek - 254-1 -- Version 254 (just a bunch of bugfixes, mostly for unusual architectures, - since rc3) -- rhbz#2226908 -- See https://raw.githubusercontent.com/systemd/systemd/v254-rc1/NEWS for - the full changeset. - -* Mon Jul 24 2023 Zbigniew Jędrzejewski-Szmek - 254~rc3-1 -- Version 254~rc3 -- A bunch of fixes, e.g. rhbz#2223795. Also a bunch of reverts of commits - which were found to cause problems. - -* Sat Jul 22 2023 Fedora Release Engineering - 254~rc2-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Mon Jul 17 2023 Zbigniew Jędrzejewski-Szmek - 254~rc2-4 -- Fix scriptlets for various services and remote-cryptsetup.target - (rhbz#2217997) - -* Sun Jul 16 2023 Stewart Smith - 254~rc2-3 -- Convert existing bcond_with[out] to plain bcond - -* Sun Jul 16 2023 Stewart Smith - 254~rc2-2 -- Move gnutls, zlib, bzip2, lz4, xz, and zstd to bconds - -* Sat Jul 15 2023 Zbigniew Jędrzejewski-Szmek - 254~rc2-1 -- Version 254~rc2 -- Various bug fixes, in particular kernel-install should again work without - /proc. - -* Thu Jul 13 2023 Zbigniew Jędrzejewski-Szmek - 254~rc1-1 -- Version 254~rc1 -- Way too many changes to list. See - https://raw.githubusercontent.com/systemd/systemd/v254-rc1/NEWS -- Fix regression in socket activation of services (rhbz#2213660). - -* Mon Jun 26 2023 Yaakov Selkowitz - 253.5-7 -- Use rpm sysuser provide generation on RHEL >= 10 - -* Thu Jun 22 2023 Panu Matilainen - 253.5-6 -- Use rpm's sysuser provide generation on Fedora >= 39 - -* Wed Jun 21 2023 Anita Zhang - 253.5-5 -- fix typos in standalone package provides - -* Mon Jun 05 2023 Yaakov Selkowitz - 253.5-4 -- Avoid pillow and pyflakes in RHEL builds - -* Mon Jun 05 2023 Yaakov Selkowitz - 253.5-3 -- Avoid qrencode dependency in RHEL builds - -* Fri Jun 02 2023 Alessandro Astone - 253.5-2 -- Increase vm.max_map_count - -* Thu Jun 01 2023 Zbigniew Jędrzejewski-Szmek - 253.5-1 -- Version 253.5 - -* Thu May 11 2023 Zbigniew Jędrzejewski-Szmek - 253.4-1 -- Version 253.4 - -* Thu May 11 2023 Michael Catanzaro - 253.2-6 -- Raise ManagedOOMMemoryPressureLimit from 50%% to 80%% - -* Tue May 09 2023 Zbigniew Jędrzejewski-Szmek - 253.2-5 -- Add forgotten Provides and Conflicts for standalones - -* Wed Apr 26 2023 Zbigniew Jędrzejewski-Szmek - 253.2-4 -- sysusers.generate-pre.sh: properly escape quotes in description strings - (rhbz#2104141) - -* Wed Apr 26 2023 Zbigniew Jędrzejewski-Szmek - 253.2-3 -- sysusers.generate-pre.sh: fix indentation in generated scripts - -* Wed Mar 29 2023 Zbigniew Jędrzejewski-Szmek - 253.2-1 -- Version 253.2 - -* Wed Mar 29 2023 Zbigniew Jędrzejewski-Szmek - 253.1-7 -- oomd: stop monitoring user-*.slice slices (rhbz#2177722) - -* Thu Mar 09 2023 Zbigniew Jędrzejewski-Szmek - 253.1-6 -- Move /usr/lib/systemd/boot/ to systemd-boot-unsigned subpackage - -* Fri Mar 03 2023 Zbigniew Jędrzejewski-Szmek - 253.1-2 -- Fix build with gnu-efi-3.0.11-13 - -* Fri Mar 03 2023 Zbigniew Jędrzejewski-Szmek - 253.1-1 -- Version 253.1 -- Fixes rhbz#2148464 - -* Wed Mar 01 2023 Zbigniew Jędrzejewski-Szmek - 253-7 -- Move man pages for sd-boot into systemd-boot-unsigned - -* Wed Feb 22 2023 Zbigniew Jędrzejewski-Szmek - 253-6 -- Set TimeoutStopFailureMode=abort for services (see - https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer) - -* Tue Feb 21 2023 Dusty Mabe - 253-5 -- remove group write permission from 98-default-mac-none.link - -* Tue Feb 21 2023 Dusty Mabe - 253-4 -- fix comment instructions for 98-default-mac-none.link - -* Tue Feb 21 2023 Zbigniew Jędrzejewski-Szmek - 253-3 -- Backport patch for container compatibility (rhbz#2165004) - -* Tue Feb 21 2023 Zbigniew Jędrzejewski-Szmek - 253-2 -- Add workaround patch for dracut generator issue (rhbz#2164404) - -* Mon Feb 20 2023 Zbigniew Jędrzejewski-Szmek - 253-1 -- Version 253 (mostly some documentation fixes since -rc3). - -* Fri Feb 10 2023 Zbigniew Jędrzejewski-Szmek - 253~rc3-1 -- Version 253-rc3 -- A bunch of bugfixes for regressions, some documentation and bug fixes - too. -- Really fix rhbz#2165692 (previous build carried an unapplied patch). - -* Thu Feb 09 2023 Zbigniew Jędrzejewski-Szmek - 253~rc2-7 -- Revert patch switch causes problems for 'systemctl isolate' - (rhbz#2165692) - -* Wed Feb 08 2023 Zbigniew Jędrzejewski-Szmek - 253~rc2-6 -- Disable systemd-boot-update.service in presets - -* Wed Feb 08 2023 Zbigniew Jędrzejewski-Szmek - 253~rc2-4 -- Update License to SPDX - -* Mon Feb 06 2023 Thomas Haller - 253~rc2-3 -- add "98-default-mac-none.link" to keep default MAC address of - bridge/bond/team - -* Thu Feb 02 2023 Michael Catanzaro - 253~rc2-2 -- Shorten shutdown timeout to 45 s - -* Thu Feb 02 2023 Zbigniew Jędrzejewski-Szmek - 253~rc2-1 -- Version 253~rc2 -- Sysusers fixup (rhbz#2156900) + other small changes - -* Thu Feb 02 2023 Yaakov Selkowitz - 253~rc1-5 -- Build with xen only on Fedora - -* Thu Jan 26 2023 Zbigniew Jędrzejewski-Szmek - 253~rc1-3 -- Reenable systemd-journald-audit.socket after upgrades (rhbz#2164594) - -* Wed Jan 25 2023 Zbigniew Jędrzejewski-Szmek - 253~rc1-2 -- Add Requires on Python modules to systemd-ukify and Recommends for - libp11-kit - -* Tue Jan 24 2023 Zbigniew Jędrzejewski-Szmek - 253~rc1-1 -- Version 253~rc1 -- See https://raw.githubusercontent.com/systemd/systemd/v253-rc1/NEWS -- New subpackages: systemd-repart-standalone, systemd-shutdown-standalone, - and systemd-ukify. - -* Sun Jan 22 2023 Zbigniew Jędrzejewski-Szmek - 252.4-4 -- Backport patches to fix issues gcc-13 and -D_FORTIFY_SOURCE=3 - -* Sat Jan 21 2023 Fedora Release Engineering - 252.4-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - -* Thu Jan 05 2023 Daan De Meyer - 252.4-2 -- Add python3 to BuildRequires - -* Tue Dec 20 2022 Zbigniew Jędrzejewski-Szmek - 252.4-1 -- Version 252.4 -- Fixes a few different issues (systemd-timesyncd connectivity problems, - broken emoji output on the console, crashes in pid1 unit dependency - logic) -- CVE-2022-4415: systemd: coredump not respecting fs.suid_dumpable kernel - setting - -* Sat Dec 17 2022 Zbigniew Jędrzejewski-Szmek - 252.3-4 -- boot: add Provides:systemd-boot(isa) - -* Wed Dec 14 2022 Zbigniew Jędrzejewski-Szmek - 252.3-2 -- Use upstream pam systemd-auth file with a patch, add pam_keyinit - -* Thu Dec 08 2022 Zbigniew Jędrzejewski-Szmek - 252.3-1 -- Version 252.3 (rhbz#2136916, rhbz#2083900) - -* Fri Dec 02 2022 Zbigniew Jędrzejewski-Szmek - 252.2-2 -- Split out systemd-boot-unsigned package - -* Thu Nov 24 2022 Zbigniew Jędrzejewski-Szmek - 252.2-1 -- Version 252.2 -- Latest batch of bugfixes (rhbz#2137631) - -* Thu Nov 24 2022 Martin Osvald - 252.1-3 -- Support user:group notation by sysusers.generate-pre.sh script - -* Tue Nov 08 2022 Zbigniew Jędrzejewski-Szmek - 252.1-1 -- Version 252.1 (just some small fixes). - -* Mon Oct 31 2022 Zbigniew Jędrzejewski-Szmek - 252-1 -- Version 252 - -* Tue Oct 25 2022 Zbigniew Jędrzejewski-Szmek - 252~rc3-1 -- Version 252-rc3 (#2135778) - -* Tue Oct 18 2022 Zbigniew Jędrzejewski-Szmek - 252~rc2-28 -- Version 252-rc2 (#2134741, #2133792) - -* Fri Oct 14 2022 Zbigniew Jędrzejewski-Szmek - 252~rc1-31 -- Fix upgrade detection in %%posttrans scriptlet (rhbz#2115094) - -* Sun Oct 09 2022 Zbigniew Jędrzejewski-Szmek - 252~rc1-30 -- Fix indentation in %%sysusers_create_compat macro (rhbz#2132835) - -* Sun Oct 09 2022 Zbigniew Jędrzejewski-Szmek - 252~rc1-29 -- Correctly move systemd-measure to systemd-udev subpackage - -* Fri Oct 07 2022 Zbigniew Jędrzejewski-Szmek - 252~rc1-28 -- Version 252-rc1 (for details see - https://raw.githubusercontent.com/systemd/systemd/v252-rc1/NEWS) - -* Sat Oct 01 2022 Zbigniew Jędrzejewski-Szmek - 251.5-29 -- Fix permissions on %%ghost files (rhbz#2122889) - -* Sat Oct 01 2022 Zbigniew Jędrzejewski-Szmek - 251.5-28 -- Version 251.5 (rhbz#2129343, rhbz#2121106, rhbz#2130188) - -* Fri Sep 30 2022 Yu Watanabe - 251.4-41 -- Replace patch for test-mountpoint-util - -* Fri Sep 30 2022 Yu Watanabe - 251.4-40 -- patch: fix regression in bfq patch - -* Fri Sep 30 2022 Luca BRUNO - 251.4-39 -- sysusers/generate: bridge 'm' entries to usermod - -* Fri Sep 30 2022 Anita Zhang - 251.4-38 -- Update systemd-oomd defaults to friendlier values -- Remove swap policy. Default amount of swap (8GB?) is a lot lower than - what we use internally with the swap policy. Which frequently leads to - GNOME getting killed (e.g. - https://bugzilla.redhat.com/show_bug.cgi?id=1941170, and other BZs not - linked here). Internally we use 0.5x-1x size of physical memory for swap - via swapfiles (this will be documented in systemd upstream). In simple - cases of using more memory than is available (but without memory - pressure), the Kernel OOM killer can handle killing the offending - process. - -* Thu Sep 29 2022 Zbigniew Jędrzejewski-Szmek - 251.4-37 -- Make systemd-devel conditionally pull in systemd-rpm-macros - * Fri Aug 19 2022 Neal Gompa - 251.4-53 - Set compile-time fallback hostname to "localhost" https://fedoraproject.org/wiki/Changes/FallbackHostname diff --git a/libabigail.abignore b/libsystemd-shared.abignore similarity index 100% rename from libabigail.abignore rename to libsystemd-shared.abignore diff --git a/macros.sysusers b/macros.sysusers index 534b0e7..d8d8c1d 100644 --- a/macros.sysusers +++ b/macros.sysusers @@ -2,9 +2,9 @@ # # Turn a sysusers.d file into macros specified by # https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation -# -# After https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers, -# those macros are not needed anymore. -%sysusers_requires_compat %nil -%sysusers_create_compat() %nil +%sysusers_requires_compat Requires(pre): shadow-utils + +%sysusers_create_compat() \ +%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \ +%{nil} diff --git a/macros.sysusers.compat b/macros.sysusers.compat deleted file mode 100644 index d8d8c1d..0000000 --- a/macros.sysusers.compat +++ /dev/null @@ -1,10 +0,0 @@ -# RPM macros for packages creating system accounts -# -# Turn a sysusers.d file into macros specified by -# https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation - -%sysusers_requires_compat Requires(pre): shadow-utils - -%sysusers_create_compat() \ -%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \ -%{nil} diff --git a/plans/run-integration-tests.sh b/plans/run-integration-tests.sh deleted file mode 100755 index 6d2ee37..0000000 --- a/plans/run-integration-tests.sh +++ /dev/null @@ -1,127 +0,0 @@ -#!/bin/bash - -set -eux -set -o pipefail - -# Switch SELinux to permissive if possible, since the tests don't set proper contexts -setenforce 0 || true - -echo "CPU and Memory information:" -lscpu -lsmem - -echo "Clock source: $(cat /sys/devices/system/clocksource/clocksource0/current_clocksource)" - -# Bump inotify limits if we can so nspawn containers don't run out of inotify file descriptors. -sysctl fs.inotify.max_user_watches=65536 || true -sysctl fs.inotify.max_user_instances=1024 || true - -if [[ -n "${KOJI_TASK_ID:-}" ]]; then - koji download-task --noprogress --arch="noarch,$(rpm --eval '%{_arch}')" "$KOJI_TASK_ID" -elif [[ -n "${CBS_TASK_ID:-}" ]]; then - cbs download-task --noprogress --arch="noarch,$(rpm --eval '%{_arch}')" "$CBS_TASK_ID" -elif [[ -n "${PACKIT_SRPM_URL:-}" ]]; then - COPR_BUILD_ID="$(basename "$(dirname "$PACKIT_SRPM_URL")")" - COPR_CHROOT="$(basename "$(dirname "$(dirname "$PACKIT_BUILD_LOG_URL")")")" - copr download-build --rpms --chroot "$COPR_CHROOT" "$COPR_BUILD_ID" - mv "$COPR_CHROOT"/* . -else - echo "Not running within packit and no CBS/koji task ID provided" - exit 1 -fi - -PACKAGEDIR="$PWD" - -# This will match both the regular and the debuginfo rpm so make sure we select only the -# non-debuginfo rpm. -RPMS=(systemd-tests-*.rpm) -rpm2cpio "${RPMS[0]}" | cpio --make-directories --extract -pushd usr/lib/systemd/tests -mkosi_hash="$(grep "MinimumVersion=commit:" mkosi/mkosi.conf | sed "s|MinimumVersion=commit:||g")" - -# Now prepare mkosi at the same version required by the systemd repo. -git clone https://github.com/systemd/mkosi /var/tmp/systemd-integration-tests-mkosi -git -C /var/tmp/systemd-integration-tests-mkosi checkout "$mkosi_hash" - -export PATH="/var/tmp/systemd-integration-tests-mkosi/bin:$PATH" - -# shellcheck source=/dev/null -. /etc/os-release || . /usr/lib/os-release - -tee mkosi/mkosi.local.conf </dev/null; then + # this will remove both the user and the group. + ( set -x + userdel nobody + ) + fi + + if getent passwd 65534 >/dev/null; then + # Make sure the uid is unused. This should free gid too. + name="$(getent passwd 65534 | cut -d: -f1)" + ( set -x + userdel "$name" + ) + fi + + if grep -qE '^(passwd|group):.*\bsss\b' /etc/nsswitch.conf; then + echo "Sleeping, so sss can catch up" + sleep 3 + fi + + if getent group 65534; then + # Make sure the gid is unused, even if uid wasn't. + name="$(getent group 65534 | cut -d: -f1)" + ( set -x + groupdel "$name" + ) + fi + + # systemd-sysusers uses the same gid and uid + ( set -x + systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin' + ) +else + echo "Pass '-x' to perform changes" +fi diff --git a/rpminspect.yaml b/rpminspect.yaml index 6318820..174fbd2 100644 --- a/rpminspect.yaml +++ b/rpminspect.yaml @@ -1,24 +1,13 @@ # Disable badfuncs check that has tons of false positives. badfuncs: - allowed: - /usr/lib/systemd/tests/unit-tests/*: - - inet_addr - - inet_aton - /usr/bin/networkctl: - - inet_addr - - inet_aton + exclude_path: .* # don't report changed content of compiled files # that is expected with every update changedfiles: exclude_path: .* -# completely disable inspections: +# completely disabled inspections: inspections: # we know about our patches, no need to report anything patches: off - - # this inspection uses `udevadm` which comes from this package - # disable so we do not check udev rules with a possibly outdated version - # of the command - udevrules: off diff --git a/sources b/sources index af6ddf0..bc8d675 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-259.tar.gz) = ef46b13661df43e3cfbeee1bc22f0b1eb902e8ebe39c19868c465efd08b35a199c2a2cd9d8021a6bc4d692fa0c6e0eab3f13eecd6ce24dde81d3945464a25b50 +SHA512 (systemd-251.19.tar.gz) = a1bd8f449e2ec92e823eae81a002b2da7e008bdcaeeac2c9c381eee42d58990d277994062541c4ba7721bb581b5f2147c9b9af2af611edc2a0d578dc2d08eb4c diff --git a/split-files.py b/split-files.py index 38bde60..6406f4e 100644 --- a/split-files.py +++ b/split-files.py @@ -1,47 +1,8 @@ import re, sys, os, collections buildroot = sys.argv[1] -no_bootloader = '--no-bootloader' in sys.argv - -known_files = ''' -%ghost %config(noreplace) /etc/crypttab -%ghost %attr(0444,root,root) /etc/udev/hwdb.bin -/etc/inittab -# This directory is owned by openssh-server, but we don't want to introduce -# a dependency. So let's copy the config and co-own the directory. -%dir %attr(0700,root,root) /etc/ssh/sshd_config.d -%ghost %config(noreplace) /etc/vconsole.conf -%ghost %config(noreplace) /etc/X11/xorg.conf.d/00-keyboard.conf -%ghost %attr(0664,root,root) %verify(not group) /run/utmp -%ghost %attr(0664,root,root) %verify(not group) /var/log/wtmp -%ghost %attr(0660,root,root) %verify(not group) /var/log/btmp -%ghost %attr(0664,root,root) %verify(not md5 size mtime group) /var/log/lastlog -%ghost %config(noreplace) /etc/hostname -%ghost %config(noreplace) /etc/localtime -%ghost %config(noreplace) /etc/locale.conf -%ghost %attr(0444,root,root) %config(noreplace) /etc/machine-id -%ghost %config(noreplace) /etc/machine-info -%ghost %attr(0700,root,root) %dir /var/cache/private -%ghost %attr(0700,root,root) %dir /var/lib/private -%ghost %dir /var/lib/private/systemd -%ghost %dir /var/lib/private/systemd/journal-upload -%ghost /var/lib/private/systemd/journal-upload/state -%ghost %dir /var/lib/systemd/timesync -%ghost /var/lib/systemd/timesync/clock -%ghost %dir /var/lib/systemd/backlight -%ghost /var/lib/systemd/catalog/database -%ghost %dir /var/lib/systemd/coredump -%ghost /var/lib/systemd/journal-upload -%ghost %dir /var/lib/systemd/linger -%ghost %attr(0600,root,root) /var/lib/systemd/random-seed -%ghost %dir /var/lib/systemd/rfkill -%ghost %dir %verify(not mode group) /var/log/journal -%ghost %dir /var/log/journal/remote -%ghost %attr(0700,root,root) %dir /var/log/private -''' - -known_files = {line.split()[-1]:line for line in known_files.splitlines() - if line and not line.startswith('#')} +known_files = sys.stdin.read().splitlines() +known_files = {line.split()[-1]:line for line in known_files} def files(root): os.chdir(root) @@ -54,31 +15,21 @@ def files(root): if file.is_dir() and not file.is_symlink(): todo.append(file) -outputs = {suffix: open(f'.file-list-{suffix}', 'w') - for suffix in ( - 'shared', - 'libs', - 'udev', - 'ukify', - 'boot', - 'pam', - 'rpm-macros', - 'sysusers', - 'devel', - 'container', - 'networkd', - 'networkd-defaults', - 'oomd-defaults', - 'remote', - 'resolve', - 'tests', - 'standalone-repart', - 'standalone-tmpfiles', - 'standalone-sysusers', - 'standalone-shutdown', - 'main', - )} - +o_libs = open('.file-list-libs', 'w') +o_udev = open('.file-list-udev', 'w') +o_boot = open('.file-list-boot', 'w') +o_pam = open('.file-list-pam', 'w') +o_rpm_macros = open('.file-list-rpm-macros', 'w') +o_devel = open('.file-list-devel', 'w') +o_container = open('.file-list-container', 'w') +o_networkd = open('.file-list-networkd', 'w') +o_oomd_defaults = open('.file-list-oomd-defaults', 'w') +o_remote = open('.file-list-remote', 'w') +o_resolve = open('.file-list-resolve', 'w') +o_tests = open('.file-list-tests', 'w') +o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w') +o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w') +o_main = open('.file-list-main', 'w') for file in files(buildroot): n = file.path[1:] if re.match(r'''/usr/(share|include)$| @@ -102,84 +53,38 @@ for file in files(buildroot): /var(/cache|/log|/lib|/run|)$ ''', n, re.X): continue - - if n.endswith('.standalone'): - if 'repart' in n: - o = outputs['standalone-repart'] - elif 'tmpfiles' in n: - o = outputs['standalone-tmpfiles'] - elif 'sysusers' in n: - o = outputs['standalone-sysusers'] - elif 'shutdown' in n: - o = outputs['standalone-shutdown'] - else: - assert False, 'Found .standalone not belonging to known packages' - - elif '/security/pam_' in n or '/man8/pam_' in n: - o = outputs['pam'] + if '/security/pam_' in n or '/man8/pam_' in n: + o = o_pam elif '/rpm/' in n: - o = outputs['rpm-macros'] + o = o_rpm_macros elif '/usr/lib/systemd/tests' in n: - o = outputs['tests'] - elif 'ukify' in n and '/man/' not in n: - o = outputs['ukify'] - elif re.search(r'/libsystemd-core-.*\.so$', n): - o = outputs['main'] - elif re.search(r'/libsystemd-shared-.*\.so$', n): - o = outputs['shared'] + o = o_tests + elif re.search(r'/libsystemd-(shared|core)-.*\.so$', n): + o = o_main elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n): - o = outputs['udev'] - elif re.search(r'/lib.*\.pc$|/man3/|/usr/include|\.so$', n): - o = outputs['devel'] + o = o_udev + elif re.search(r'/lib.*\.pc|/man3/|/usr/include|\.so$', n): + o = o_devel elif re.search(r'''journal-(remote|gateway|upload)| systemd-remote\.conf| /usr/share/systemd/gatewayd| /var/log/journal/remote ''', n, re.X): - o = outputs['remote'] - - # Just the binary, the dir, and the man page. - elif re.search(r'''systemd-sysusers$| - sysusers\.d$| - man/.*sysusers\.d\.5| - man/.*systemd-sysusers\.8 - ''', n, re.X): - o = outputs['sysusers'] + o = o_remote elif re.search(r'''mymachines| machinectl| - mount.ddi| - importctl| - portablectl| systemd-nspawn| - systemd\.nspawn| - systemd-vmspawn| - systemd-dissect| - import-pubring| - systemd-machined| - systemd-import| - systemd-export| - systemd-pull| - systemd-mountfsd| - systemd-mountwork| - systemd-nsresource| + import-pubring.gpg| + systemd-(machined|import|pull)| /machine.slice| /machines.target| var-lib-machines.mount| org.freedesktop.(import|machine)1 ''', n, re.X): - o = outputs['container'] + o = o_container - # .network.example files go into systemd-networkd, and the matching files - # without .example go into systemd-networkd-defaults - elif (re.search(r'''/usr/lib/systemd/network/.*\.network$''', n) - and os.path.exists(f'./{n}.example')): - o = outputs['networkd-defaults'] - - # Files that are "consumed" by systemd-networkd go into the -networkd - # subpackage. As a special case, network-generator is co-owned also by - # the -udev subpackage because systemd-udevd reads .link files. - elif re.search(r'''/usr/lib/systemd/network/.*\.network| + elif re.search(r'''/usr/lib/systemd/network/80-| networkd| networkctl| org.freedesktop.network1| @@ -188,26 +93,18 @@ for file in files(buildroot): systemd\.network| systemd\.netdev ''', n, re.X): - o = outputs['networkd'] - elif 'network-generator' in n: - o = (outputs['networkd'], outputs['udev']) + o = o_networkd elif '.so.' in n: - o = outputs['libs'] - - elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X): - o = outputs['oomd-defaults'] + o = o_libs elif re.search(r'''udev(?!\.pc)| hwdb| - ac-power| bootctl| boot-update| bless-boot| boot-system-token| - bsod| kernel-install| - installkernel| vconsole| backlight| rfkill| @@ -222,7 +119,6 @@ for file in files(buildroot): pstore| sleep|suspend|hibernate| systemd-tmpfiles-setup-dev| - network/98-default-mac-none.link| network/99-default.link| growfs|makefs|makeswap|mkswap| fsck| @@ -233,10 +129,6 @@ for file in files(buildroot): integritysetup| integritytab| remount-fs| - /initrd| - systemd[.-]pcr| - /pcrlock\.d| - systemd-measure| /boot$| /kernel/| /kernel$| @@ -245,54 +137,51 @@ for file in files(buildroot): sysctl| coredump| homed|home1| - sysupdate|updatctl| - oomd| portabled|portable1 ''', n, re.X): # coredumpctl, homectl, portablectl are included in the main package because # they can be used to interact with remote daemons. Also, the user could be # confused if those user-facing binaries are not available. - o = outputs['udev'] + o = o_udev elif re.search(r'''/boot/efi| - /usr/lib/systemd/boot| sd-boot|systemd-boot\.|loader.conf ''', n, re.X): - o = outputs['boot'] + o = o_boot elif re.search(r'''resolved|resolve1| systemd-resolve| resolvconf| systemd\.(positive|negative) ''', n, re.X): # resolvectl and nss-resolve are in the main package. - o = outputs['resolve'] + o = o_resolve + + elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X): + o = o_oomd_defaults + + elif n.endswith('.standalone'): + if 'tmpfiles' in n: + o = o_standalone_tmpfiles + elif 'sysusers' in n: + o = o_standalone_sysusers + else: + assert False, 'Found .standalone not belonging to known packages' else: - o = outputs['main'] + o = o_main if n in known_files: - prefix = known_files[n].split()[:-1] - elif file.is_dir(follow_symlinks=False): - prefix = ['%dir'] + prefix = ' '.join(known_files[n].split()[:-1]) + if prefix: + prefix += ' ' + elif file.is_dir() and not file.is_symlink(): + prefix = '%dir ' elif 'README' in n: - prefix = ['%doc'] + prefix = '%doc ' elif n.startswith('/etc'): - prefix = ['%config(noreplace)'] - if not file.is_symlink() and file.stat().st_size == 0: - prefix += ['%ghost'] + prefix = '%config(noreplace) ' else: - prefix = [] - prefix = ' '.join(prefix + ['']) if prefix else '' + prefix = '' suffix = '*' if '/man/' in n else '' - if not isinstance(o, tuple): - o = (o,) - for file in o: - print(f'{prefix}{n}{suffix}', file=file) - -if [print(f'ERROR: no file names were written to {o.name}') - for name, o in outputs.items() - if (o.tell() == 0 and - not (no_bootloader and name == 'boot')) - ]: - sys.exit(1) + print(f'{prefix}{n}{suffix}', file=o) diff --git a/systemd-user b/systemd-user index 82dcd32..8ef2c18 100644 --- a/systemd-user +++ b/systemd-user @@ -1,14 +1,14 @@ +# This file is part of systemd. +# # Used by systemd --user instances. -account sufficient pam_systemd_home.so account sufficient pam_unix.so no_pass_expiry -account include system-auth +account include system-auth -session required pam_selinux.so close -session required pam_selinux.so nottys open -session required pam_loginuid.so -session optional pam_keyinit.so force revoke -session required pam_namespace.so --session optional pam_systemd_home.so -session optional pam_umask.so silent -session include system-auth +session required pam_selinux.so close +session required pam_selinux.so nottys open +session required pam_loginuid.so +session required pam_namespace.so +-session optional pam_systemd_home.so +session include system-auth diff --git a/systemd.spec b/systemd.spec index afd6432..9ce5b87 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,3 +1,6 @@ +#global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa +%{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} + # We ship a .pc file but don't want to have a dep on pkg-config. We # strip the automatically generated dep here and instead co-own the # directory. @@ -12,70 +15,23 @@ %global elf_suffix ()%{elf_bits} %endif -%bcond bzip2 1 -%bcond gnutls 1 -%bcond lz4 1 -%bcond xz 1 -%bcond zlib 1 -%bcond zstd 1 - # Bootstrap may be needed to break circular dependencies with cryptsetup, # e.g. when re-building cryptsetup on a json-c SONAME-bump. -%bcond bootstrap 0 -%bcond tests 1 -%bcond lto 1 -# Build docs on 64-bit architectures only -%bcond docs %[%{?__isa_bits} >= 64] +%bcond_with bootstrap +%bcond_without tests +%bcond_without lto -# Build from git main -%bcond upstream 0 - -# Build with OBS-specific quirks -%bcond obs 0 - -# When bootstrap, libcryptsetup is disabled -# but auto-features causes many options to be turned on -# that depend on libcryptsetup (e.g. libcryptsetup-plugins, homed) -%if %{with bootstrap} -%global __meson_auto_features disabled -# If we're building for upstream, don't unconditionally enable all -# new features as new features might be introduced for which we're -# missing build dependencies. -%elif %{with upstream} -%global __meson_auto_features auto -%endif - -# Override %%autorelease. This is ugly, but rpmautospec doesn't implement -# autorelease correctly if the macro is conditionalized in the Release field. -%{?release_override:%global autorelease %{release_override}%{?dist}} - -# In OBS, noarch packages are shared between all architectures and -# independent architectures can be rebuilt automatically without all -# the other architectures getting rebuilt. This can result in the noarch -# packages being newer than the archful packages for some architectures, -# which means our current strict deps from the noarch packages on the -# archful packages can't be satisfied. -# -# To address this problem, let's relax the dependencies from the noarch -# packages on the archful packages for OBS builds. Let's only do this for -# OBS builds because this isn't an issue on Fedora as it's impossible to -# build a package for only some of the architectures. -%if %{with obs} -%define noarch_requires_version %{version} -%else -%define noarch_requires_version %{version}-%{release} -%endif +# Support for quick builds with rpmbuild --build-in-place. +# See README.build-in-place. +%bcond_with inplace Name: systemd Url: https://systemd.io -# Allow users to specify the version and release when building the rpm by -# setting the %%version_override and %%release_override macros. -# But don't do that on OBS, otherwise the version subst fails, and will be -# like 257-123-gabcd257.1 instead of 257-123-gabcd -%if %{without obs} -Version: %{?version_override}%{!?version_override:259} +%if %{without inplace} +Version: 251.19 %else -Version: %{?version_override}%{!?version_override:%(cat meson.version)} +# determine the build information from local checkout +Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') %endif Release: %autorelease @@ -86,219 +42,146 @@ License: LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later Summary: System and Service Manager # download tarballs with "spectool -g systemd.spec" -# packit will always rewrite the first Source0 it finds, ignoring any conditionals so list -# the fallback source that's used if neither %%branch, %%commit or %%obs are defined first. -%if %{undefined branch} && %{undefined commit} && %{without obs} +%if %{defined commit} +Source0: https://github.com/systemd/systemd%{?stable:-stable}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz +%else +%if 0%{?stable} +Source0: https://github.com/systemd/systemd-stable/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz +%else Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz -%elif %{defined branch} -Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz -%elif %{defined commit} -Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{commit}.tar.gz -%elif %{with obs} -Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version}.tar.xz +%endif %endif # This file must be available before %%prep. -# It is generated during systemd build and can be found at build/src/rpm/triggers.systemd.sh. +# It is generated during systemd build and can be found in build/src/core/. Source1: triggers.systemd Source2: split-files.py -Source4: test_sysusers_defined.py +Source3: purge-nobody-user -Source6: inittab -Source7: sysctl.conf.README -Source8: systemd-journal-remote.xml -Source9: systemd-journal-gatewayd.xml -Source10: 20-yama-ptrace.conf -Source11: systemd-udev-trigger-no-reload.conf -# https://fedoraproject.org/wiki/How_to_filter_libabigail_reports -Source13: libabigail.abignore +# Prevent accidental removal of the systemd package +Source4: yum-protect-systemd.conf + +Source5: inittab +Source6: sysctl.conf.README +Source7: systemd-journal-remote.xml +Source8: systemd-journal-gatewayd.xml +Source9: 20-yama-ptrace.conf +Source10: systemd-udev-trigger-no-reload.conf +Source12: systemd-user +Source13: libsystemd-shared.abignore Source14: 10-oomd-defaults.conf Source15: 10-oomd-per-slice-defaults.conf -Source16: 10-timeout-abort.conf -Source17: 10-map-count.conf -Source18: 60-block-scheduler.rules -Source20: macros.sysusers.compat Source21: macros.sysusers Source22: sysusers.attr Source23: sysusers.prov Source24: sysusers.generate-pre.sh -Source25: 98-default-mac-none.link - -Source26: systemd-user - -%if 0%{?fedora} < 40 && 0%{?rhel} < 10 -# Work-around for dracut issue: run generators directly when we are in initrd -# https://bugzilla.redhat.com/show_bug.cgi?id=2164404 -# Drop when dracut-060 is available. -Patch: https://github.com/systemd/systemd/pull/26494.patch +%if 0 +GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable +i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip +GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py >hwdb.patch %endif -%if %{without upstream} -# Those are downstream-only patches, but we don't want them in packit builds. +# Backports of patches from upstream (0000–0499) +# +# Any patches which are "in preparation" upstream should be listed here, rather +# than in the next section. Packit CI will drop any patches in this range before +# applying upstream pull requests. -# Create user journals for users with high UIDs -# https://bugzilla.redhat.com/show_bug.cgi?id=2251843 -Patch: 30846.patch -# Again create runlevelX.target. Dropping those files breaks upgrades. -# https://bugzilla.redhat.com/show_bug.cgi?id=2411195 -Patch: 0001-Revert-units-drop-runlevel-0-6-.target.patch +# Those are downstream-only patches, but we don't want them in packit builds: +# https://bugzilla.redhat.com/show_bug.cgi?id=1738828 +Patch0490: use-bfq-scheduler.patch -# userdb: create userdb root directory with correct label -# We can drop this after SELinux policy is updated to handle the transition. -Patch: 38769.patch - -# Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2415701 -Patch: 0002-machined-continue-without-resolve.hook-socket.patch - -# 2 patches for https://fedoraproject.org/wiki/Changes/Automatic_DTB_selection_for_aarch64_EFI_systems -# Upstream commit: https://github.com/systemd/systemd/commit/75890d949f92c412c0936b8536b2e0dc8f7dfb40 -Patch: 0003-ukify-omit-.osrel-section-when-os-release-is-empty.patch -# Upstream PR: https://github.com/systemd/systemd/pull/40329 -Patch: 0004-stub-Fix-NULL-pointer-deref-when-there-are-no-initrd.patch -%endif - -%ifarch %{ix86} x86_64 aarch64 riscv64 -%global want_bootloader 1 +%ifarch %{ix86} x86_64 aarch64 +%global have_gnu_efi 1 %endif BuildRequires: gcc BuildRequires: gcc-c++ BuildRequires: clang BuildRequires: coreutils -BuildRequires: rpmdevtools +BuildRequires: libcap-devel BuildRequires: libmount-devel BuildRequires: libfdisk-devel BuildRequires: libpwquality-devel -BuildRequires: libxcrypt-devel BuildRequires: pam-devel BuildRequires: libselinux-devel BuildRequires: audit-libs-devel %if %{without bootstrap} BuildRequires: cryptsetup-devel -# Require (previous version) of our macros package. -# We use the %%systemd_{post,preun,…} macros for various services. -BuildRequires: systemd-rpm-macros %endif BuildRequires: dbus-devel -BuildRequires: util-linux +BuildRequires: /usr/sbin/sfdisk # /usr/bin/getfacl is needed by test-acl-util -BuildRequires: acl +BuildRequires: /usr/bin/getfacl BuildRequires: libacl-devel BuildRequires: gobject-introspection-devel BuildRequires: libblkid-devel -%if %{with xz} BuildRequires: xz-devel BuildRequires: xz -%endif -%if %{with lz4} BuildRequires: lz4-devel BuildRequires: lz4 -%endif -%if %{with bzip2} BuildRequires: bzip2-devel -%endif -%if %{with zstd} BuildRequires: libzstd-devel -%endif BuildRequires: libidn2-devel BuildRequires: libcurl-devel BuildRequires: kmod-devel BuildRequires: elfutils-devel BuildRequires: openssl-devel -%if 0%{?fedora} >= 41 -BuildRequires: openssl-devel-engine -%endif -%if %{with gnutls} BuildRequires: gnutls-devel -%endif -%if 0%{?fedora} BuildRequires: qrencode-devel -%endif BuildRequires: libmicrohttpd-devel BuildRequires: libxkbcommon-devel BuildRequires: iptables-devel -BuildRequires: pkgconfig(bash-completion) -BuildRequires: pkgconfig(libarchive) BuildRequires: pkgconfig(libfido2) BuildRequires: pkgconfig(tss2-esys) BuildRequires: pkgconfig(tss2-rc) BuildRequires: pkgconfig(tss2-mu) BuildRequires: pkgconfig(libbpf) BuildRequires: systemtap-sdt-devel -%if %{with docs} BuildRequires: libxslt BuildRequires: docbook-style-xsl -%endif BuildRequires: pkgconfig BuildRequires: gperf BuildRequires: gawk BuildRequires: tree BuildRequires: hostname -BuildRequires: python3 -BuildRequires: python3-devel -BuildRequires: python3dist(jinja2) BuildRequires: python3dist(lxml) -BuildRequires: python3dist(pefile) -%if 0%{?fedora} -BuildRequires: python3dist(pillow) -%endif -BuildRequires: python3dist(pytest) -%if 0%{?want_bootloader} -BuildRequires: python3dist(pyelftools) -%endif -# gzip and lzma are provided by the stdlib +BuildRequires: python3dist(jinja2) BuildRequires: firewalld-filesystem +%if 0%{?have_gnu_efi} +BuildRequires: gnu-efi gnu-efi-devel +%endif BuildRequires: libseccomp-devel BuildRequires: meson >= 0.43 BuildRequires: gettext # We use RUNNING_ON_VALGRIND in tests, so the headers need to be available -%ifarch %{valgrind_arches} BuildRequires: valgrind-devel -%endif -%if %{defined rhel} && 0%{?rhel} < 10 -BuildRequires: rsync -%endif +BuildRequires: pkgconfig(bash-completion) +BuildRequires: perl +BuildRequires: perl(IPC::SysV) %ifnarch %ix86 # bpftool is not built for i368 BuildRequires: bpftool -BuildRequires: kernel-devel %global have_bpf 1 %endif -%if 0%{?fedora} -%ifarch x86_64 aarch64 -%global have_xen 1 -# That package is only built for those two architectures -BuildRequires: xen-devel -%endif -%endif - -%if %{with obs} -BuildRequires: pesign-obs-integration -%endif - Requires(post): coreutils Requires(post): grep # systemd-machine-id-setup requires libssl Requires(post): openssl-libs -Recommends: dbus >= 1.9.18 -Recommends: systemd-pam%{_isa} = %{version}-%{release} -Requires(meta): (systemd-rpm-macros = %{version}-%{release} if rpm-build) -Requires: systemd-libs%{_isa} = %{version}-%{release} -%{?fedora:Recommends: systemd-networkd = %{version}-%{release}} -%{?fedora:Recommends: systemd-resolved = %{version}-%{release}} -Requires: systemd-shared%{_isa} = %{version}-%{release} -Requires: /usr/bin/systemd-sysusers -# The standalone version doesn't Provide the _isa suffix, -# so this biases towards the common version. -Recommends: systemd-sysusers%{_isa} = %{version}-%{release} +Requires: dbus >= 1.9.18 +Requires: %{name}-pam = %{version}-%{release} +Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) +Requires: %{name}-libs = %{version}-%{release} +%{?fedora:Recommends: %{name}-networkd = %{version}-%{release}} +%{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} Recommends: diffutils Requires: (util-linux-core or util-linux) -Requires: (libbpf >= 2:1.4.7 if libbpf) +Recommends: libxkbcommon%{_isa} Provides: /bin/systemctl Provides: /sbin/shutdown Provides: syslog @@ -307,61 +190,31 @@ Obsoletes: system-setup-keyboard < 0.9 Provides: system-setup-keyboard = 0.9 # systemd-sysv-convert was removed in f20: https://fedorahosted.org/fpc/ticket/308 Obsoletes: systemd-sysv < 206 +# self-obsoletes so that dnf will install new subpackages on upgrade (#1260394) +Obsoletes: %{name} < 249~~ Provides: systemd-sysv = 206 Conflicts: initscripts < 9.56.1 %if 0%{?fedora} Conflicts: fedora-release < 23-0.12 %endif -%if 0%{?fedora} >= 41 -BuildRequires: setup >= 2.15.0-3 -BuildRequires: python3 -Conflicts: setup < 2.15.0-3 -Conflicts: selinux-policy-any < 41.3 -%endif +Obsoletes: timedatex < 0.6-3 +Provides: timedatex = 0.6-3 +Conflicts: %{name}-standalone-tmpfiles < %{version}-%{release}^ +Provides: %{name}-tmpfiles = %{version}-%{release} +Conflicts: %{name}-standalone-sysusers < %{version}-%{release}^ +Provides: %{name}-sysusers = %{version}-%{release} -%if 0%{?fedora} >= 41 || 0%{?rhel} >= 10 -# Make sure that dracut supports systemd-executor and the renames done for v255, -# and dlopen libraries and read-only fs in initrd. -Conflicts: dracut < 060-2 -%elif 0%{?fedora} || %{without upstream} -# Make sure that dracut supports systemd-executor and the renames done for v255. -Conflicts: dracut < 059-16 -%endif - -Conflicts: systemd-standalone-tmpfiles -Provides: systemd-tmpfiles = %{version}-%{release} -Conflicts: systemd-standalone-shutdown -Provides: systemd-shutdown = %{version}-%{release} - -%if "%{_sbindir}" == "%{_bindir}" -# Compat symlinks for Requires in other packages. -# We rely on filesystem to create the symlinks for us. -Requires: filesystem(unmerged-sbin-symlinks) -Provides: /usr/sbin/halt -Provides: /usr/sbin/init -Provides: /usr/sbin/poweroff -Provides: /usr/sbin/reboot -Provides: /usr/sbin/shutdown -%endif - -# libmount is always required, even in containers, so make it a hard dependency. -Requires: libmount.so.1%{?elf_suffix} -Requires: libmount.so.1(MOUNT_2.26)%{?elf_bits} -# Various systemd services have syscall filters so make libseccomp a hard dependency. -Requires: libseccomp.so.2%{?elf_suffix} +Requires: (selinux-policy-any >= 37.18-1.fc37 if selinux-policy-any) # Recommends to replace normal Requires deps for stuff that is dlopen()ed -Recommends: libxkbcommon.so.0%{?elf_suffix} Recommends: libidn2.so.0%{?elf_suffix} Recommends: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} Recommends: libpcre2-8.so.0%{?elf_suffix} Recommends: libpwquality.so.1%{?elf_suffix} Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits} -%if 0%{?fedora} Recommends: libqrencode.so.4%{?elf_suffix} -%endif -Recommends: libbpf.so.1%{?elf_suffix} -Recommends: libbpf.so.1(LIBBPF_0.4.0)%{?elf_bits} +Recommends: libbpf.so.0%{?elf_suffix} +Recommends: libbpf.so.0(LIBBPF_0.4.0)%{?elf_bits} # used by systemd-coredump and systemd-analyze Recommends: libdw.so.1%{?elf_suffix} @@ -373,17 +226,6 @@ Recommends: libelf.so.1(ELFUTILS_1.7)%{?elf_bits} Recommends: libcryptsetup.so.12%{?elf_suffix} Recommends: libcryptsetup.so.12(CRYPTSETUP_2.4)%{?elf_bits} -# Libkmod is used to load modules. -Recommends: libkmod.so.2%{?elf_suffix} -# kmod_list_next, kmod_load_resources, kmod_module_get_initstate, -# kmod_module_get_module, kmod_module_get_name, kmod_module_new_from_lookup, -# kmod_module_probe_insert_module, kmod_module_unref, kmod_module_unref_list, -# kmod_new, kmod_set_log_fn, kmod_unref, kmod_validate_resources -# are part of LIBKMOD_5. -Recommends: libkmod.so.2(LIBKMOD_5)%{?elf_bits} - -Recommends: libarchive.so.13%{?elf_suffix} - %description systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket @@ -402,28 +244,20 @@ This package was built from the %(c=%version; echo "v${c%.*}-stable") branch of %package libs Summary: systemd libraries License: LGPL-2.1-or-later AND MIT +Obsoletes: libudev < 183 +Obsoletes: systemd < 185-4 +Conflicts: systemd < 185-4 +Obsoletes: systemd-compat-libs < 230 +Obsoletes: nss-myhostname < 0.4 Provides: nss-myhostname = 0.4 Provides: nss-myhostname%{_isa} = 0.4 -Conflicts: systemd-shared < %{version}-%{release} %description libs Libraries for systemd and udev. -%package shared -Summary: Internal systemd shared library -License: LGPL-2.1-or-later AND MIT -# in 257.3-6 /usr/lib64/systemd/libsystemd-shared-257.2-14.fc42.so -# was moved from package systemd to systemd-shared. -# Add a conflit to allow downgrades across this change. -Conflicts: systemd < 257.3-6 -Conflicts: systemd-libs < %{version}-%{release} - -%description shared -Internal libraries used by various systemd binaries. - %package pam Summary: systemd PAM module -Requires: systemd = %{version}-%{release} +Requires: %{name} = %{version}-%{release} %description pam Systemd PAM module registers the session with systemd-logind. @@ -439,24 +273,14 @@ See https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_systemd for information how to use those macros. -%package sysusers -Summary: systemd-sysusers program -Requires: systemd-shared%{_isa} = %{version}-%{release} -Conflicts: systemd-standalone-sysusers -# in 257.3-6 /usr/bin/systemd-sysusers was moved from package systemd -# to systemd-sysusers. Add a conflit to allow downgrades across this change. -Conflicts: systemd < 257.3-6 - -%description sysusers -This package contains the systemd-sysusers program. - %package devel Summary: Development headers for systemd License: LGPL-2.1-or-later AND MIT -Requires: systemd-libs%{_isa} = %{version}-%{release} -Requires(meta): (systemd-rpm-macros = %{version}-%{release} if rpm-build) +Requires: %{name}-libs%{_isa} = %{version}-%{release} +Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) Provides: libudev-devel = %{version} Provides: libudev-devel%{_isa} = %{version} +Obsoletes: libudev-devel < 183 %description devel Development headers and auxiliary files for developing applications linking @@ -467,35 +291,16 @@ Summary: Rule-based device node and kernel event manager License: LGPL-2.1-or-later Requires: systemd%{_isa} = %{version}-%{release} -Requires(post): systemd%{_isa} = %{version}-%{release} -Requires(preun): systemd%{_isa} = %{version}-%{release} -Requires(postun): systemd%{_isa} = %{version}-%{release} +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd Requires(post): grep Requires: kmod >= 18-4 +# https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1 +Obsoletes: systemd < 245.6-1 Provides: udev = %{version} Provides: udev%{_isa} = %{version} -%if 0%{?fedora} || 0%{?rhel} >= 10 -Requires: (grubby > 8.40-72 if grubby) -%endif -%if 0%{?fedora} -Requires: (sdubby > 1.0-3 if sdubby) -%endif -# A backport of systemd-timesyncd is shipped as a separate package in EPEL so -# let's make sure we properly handle that. -%if 0%{?rhel} -Conflicts: systemd-timesyncd < %{version}-%{release} -Obsoletes: systemd-timesyncd < %{version}-%{release} -Provides: systemd-timesyncd = %{version}-%{release} -%endif -Conflicts: systemd-networkd < %{version}-%{release} - -# Libkmod is used to load modules. Assume that if we need udevd, we certainly -# want to load modules, so make this into a hard dependency here. -Requires: libkmod.so.2%{?elf_suffix} -Requires: libkmod.so.2(LIBKMOD_5)%{?elf_bits} -# udev uses libblkid in various builtins so make it a hard dependency. -Requires: libblkid.so.1%{?elf_suffix} -Requires: libblkid.so.1(BLKID_2.30)%{?elf_bits} +Obsoletes: udev < 183 # Recommends to replace normal Requires deps for stuff that is dlopen()ed # used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home @@ -508,9 +313,8 @@ Recommends: libdw.so.1(ELFUTILS_0.186)%{?elf_bits} Recommends: libelf.so.1%{?elf_suffix} Recommends: libelf.so.1(ELFUTILS_1.7)%{?elf_bits} -# used by home, cryptsetup, cryptenroll, logind +# used by home, cryptsetup, cryptenroll Recommends: libfido2.so.1%{?elf_suffix} -Recommends: libp11-kit.so.0%{?elf_suffix} Recommends: libtss2-esys.so.0%{?elf_suffix} Recommends: libtss2-mu.so.0%{?elf_suffix} Recommends: libtss2-rc.so.0%{?elf_suffix} @@ -524,18 +328,9 @@ Requires: kbd Provides: u2f-hidraw-policy = 1.0.2-40 Obsoletes: u2f-hidraw-policy < 1.0.2-40 -Conflicts: systemd-standalone-repart -Provides: systemd-repart = %{version}-%{release} - -# Newer versions of those are required to support X11 keycode remapping -Conflicts: xorg-x11-drv-evdev < 2.11.0 -Conflicts: xorg-x11-drv-libinput < 1.5.0 - -%if "%{_sbindir}" == "%{_bindir}" -# Compat symlinks for Requires in other packages. -# We rely on filesystem to create the symlinks for us. -Requires: filesystem(unmerged-sbin-symlinks) -Provides: /usr/sbin/udevadm +# https://bugzilla.redhat.com/show_bug.cgi?id=2176263 +%if 0%{?have_gnu_efi} +Requires: systemd-boot-unsigned%{_isa} = %version-%release %endif %description udev @@ -548,39 +343,7 @@ This package also provides systemd-timesyncd, a network time protocol daemon. It also contains tools to manage encrypted home areas and secrets bound to the machine, and to create or grow partitions and make file systems automatically. -%package ukify -Summary: Tool to build Unified Kernel Images -Requires: systemd = %{noarch_requires_version} - -Requires: (systemd-boot if %{shrink:( - filesystem(x86-32) or - filesystem(x86-64) or - filesystem(aarch64) or - filesystem(riscv64) -)}) -Requires: python3dist(pefile) -Requires: python3dist(zstandard) -Requires: python3dist(cryptography) -%if 0%{?fedora} -Recommends: python3dist(pillow) -%endif - -# for tests -%ifarch riscv64 -# 2.42 received support for riscv64 + efi targets -%global binutils_version_req >= 2.42 -%endif -BuildRequires: binutils %{?binutils_version_req} - -BuildArch: noarch - -%description ukify -This package provides ukify, a script that combines a kernel image, an initrd, -with a command line, and possibly PCR measurements and other metadata, into a -Unified Kernel Image (UKI). - -%if 0%{?want_bootloader} -%if %{without obs} +%if 0%{?have_gnu_efi} %package boot-unsigned Summary: UEFI boot manager (unsigned version) @@ -596,41 +359,21 @@ systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a graphical menu to select the entry to boot and an editor for the kernel command line. systemd-boot supports systems with UEFI firmware only. -This package contains the unsigned version. Install systemd-boot instead to get -the version that works with Secure Boot. -%else -%package boot -Summary: UEFI boot manager (signed version) +This package contains an unsigned version. -Provides: systemd-boot-signed-%{efi_arch} = %version-%release -Provides: systemd-boot = %version-%release -Provides: systemd-boot%{_isa} = %version-%release -# A provides with just the version, no release or dist, used to build systemd-boot -Provides: version(systemd-boot-signed) = %version -Provides: version(systemd-boot-signed)%{_isa} = %version - -%description boot -systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a -graphical menu to select the entry to boot and an editor for the kernel command -line. systemd-boot supports systems with UEFI firmware only. - -This package contains the signed version. -%endif +This package also contains the systemd-stub (short: sd-stub) which is used to +build Unified Kernel Images (UKIs). %endif %package container # Name is the same as in Debian Summary: Tools for containers and VMs -Requires: systemd%{_isa} = %{version}-%{release} -Requires(post): systemd%{_isa} = %{version}-%{release} -Requires(preun): systemd%{_isa} = %{version}-%{release} -Requires(postun): systemd%{_isa} = %{version}-%{release} -# For systemd-vmspawn which uses qemu: -Recommends: qemu-kvm-core -%if 0%{?fedora} -Recommends: qemu-device-display-virtio-gpu -Recommends: qemu-device-display-virtio-vga -%endif +Requires: %{name}%{_isa} = %{version}-%{release} +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +# obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) +Obsoletes: %{name} < 229-5 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) Suggests: libcurl-minimal License: LGPL-2.1-or-later @@ -638,17 +381,18 @@ License: LGPL-2.1-or-later %description container Systemd tools to spawn and manage containers and virtual machines. -This package contains systemd-nspawn, systemd-vmspawn, machinectl, -systemd-machined, and systemd-importd. +This package contains systemd-nspawn, machinectl, systemd-machined, and +systemd-importd. %package journal-remote # Name is the same as in Debian Summary: Tools to send journal events over the network -Requires: systemd%{_isa} = %{version}-%{release} +Requires: %{name}%{_isa} = %{version}-%{release} License: LGPL-2.1-or-later Requires: firewalld-filesystem -Provides: systemd-journal-gateway = %{version}-%{release} -Provides: systemd-journal-gateway%{_isa} = %{version}-%{release} +Provides: %{name}-journal-gateway = %{version}-%{release} +Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} +Obsoletes: %{name}-journal-gateway < 227-7 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) Suggests: libcurl-minimal @@ -661,30 +405,20 @@ systemd-journal-upload. %package networkd Summary: System daemon that manages network configurations -Requires: systemd%{_isa} = %{version}-%{release} -%{?fedora:Recommends: systemd-udev = %{version}-%{release}} -Conflicts: systemd-udev < %{version}-%{release} +Requires: %{name}%{_isa} = %{version}-%{release} License: LGPL-2.1-or-later +# https://src.fedoraproject.org/rpms/systemd/pull-request/34 +Obsoletes: systemd < 246.6-2 %description networkd systemd-networkd is a system service that manages networks. It detects and configures network devices as they appear, as well as creating virtual network devices. -%package networkd-defaults -Summary: Configure network interfaces with networkd by default -Requires: systemd-networkd = %{noarch_requires_version} -License: MIT-0 -BuildArch: noarch - -%description networkd-defaults -This package contains a set of config files for systemd-networkd that cause it -to configure network interfaces by default. Note that systemd-networkd needs to -enabled for this to have any effect. - %package resolved Summary: Network Name Resolution manager -Requires: systemd%{_isa} = %{version}-%{release} +Requires: %{name}%{_isa} = %{version}-%{release} +Obsoletes: %{name} < 249~~ Requires: libidn2.so.0%{?elf_suffix} Requires: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} Requires(posttrans): grep @@ -696,7 +430,7 @@ resolver, as well as an LLMNR and MulticastDNS resolver and responder. %package oomd-defaults Summary: Configuration files for systemd-oomd -Requires: systemd-udev = %{noarch_requires_version} +Requires: %{name} = %{version}-%{release} License: LGPL-2.1-or-later BuildArch: noarch @@ -706,177 +440,115 @@ a userspace out-of-memory (OOM) killer. %package tests Summary: Internal unit tests for systemd -Requires: systemd%{_isa} = %{version}-%{release} -# This dependency is provided transitively. Also add it explicitly to -# appease rpminspect, https://github.com/rpminspect/rpminspect/issues/1231: -Requires: systemd-libs%{_isa} = %{version}-%{release} -Requires: python3dist(psutil) - +Requires: %{name}%{_isa} = %{version}-%{release} License: LGPL-2.1-or-later %description tests -Systemd unit tests used to test the internal implementation after a build. -Different binaries test different parts of the codebase. - -%package standalone-repart -Summary: Standalone systemd-repart binary for use on systems without systemd -Provides: systemd-repart = %{version}-%{release} -Conflicts: systemd-udev -Suggests: coreutils-single -RemovePathPostfixes: .standalone - -%description standalone-repart -Standalone systemd-repart binary with no dependencies on the systemd-shared -library or other libraries from systemd-libs. This package conflicts with the -main systemd package and is meant for use on systems without systemd. +"Installed tests" that are usually run as part of the build system. They can be +useful to test systemd internals. %package standalone-tmpfiles Summary: Standalone systemd-tmpfiles binary for use on systems without systemd -Provides: systemd-tmpfiles = %{version}-%{release} -Conflicts: systemd -Suggests: coreutils-single +Provides: %{name}-tmpfiles = %{version}-%{release} RemovePathPostfixes: .standalone %description standalone-tmpfiles -Standalone systemd-tmpfiles binary with no dependencies on the systemd-shared -library or other libraries from systemd-libs. This package conflicts with the -main systemd package and is meant for use on systems without systemd. +Standalone systemd-tmpfiles binary with no dependencies on the systemd-shared library or +other libraries from systemd-libs. This package conflicts with the main systemd +package and is meant for use on systems without systemd. %package standalone-sysusers Summary: Standalone systemd-sysusers binary for use on systems without systemd -Provides: systemd-sysusers = %{version}-%{release} -Suggests: coreutils-single +Provides: %{name}-sysusers = %{version}-%{release} RemovePathPostfixes: .standalone %description standalone-sysusers -Standalone systemd-sysusers binary with no dependencies on the systemd-shared -library or other libraries from systemd-libs. This package conflicts with the -main systemd package and is meant for use on systems without systemd. - -%package standalone-shutdown -Summary: Standalone systemd-shutdown binary for use in exitrds -Provides: systemd-shutdown = %{version}-%{release} -Conflicts: systemd -Suggests: coreutils-single -RemovePathPostfixes: .standalone - -%description standalone-shutdown -Standalone systemd-shutdown binary with no dependencies on the systemd-shared -library or other libraries from systemd-libs. This package conflicts with the -main systemd package and is meant for use in exitrds. +Standalone systemd-sysusers binary with no dependencies on the systemd-shared library or +other libraries from systemd-libs. This package conflicts with the main systemd +package and is meant for use on systems without systemd. %prep -%if %{with obs} -# Recipe files in the OBS build are in a distro-specific dir, as they conflict (e.g. with SUSE ones) -mv %{_sourcedir}/%{name}.fedora/* %{_sourcedir} -%endif +%autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1 -# Automatically figure out the name of the top-level directory. -# TODO: Use %%autosetup -C once we can depend on rpm >= 4.20. -%if %{undefined _build_in_place} -%autosetup -n %(tar -tf %{SOURCE0} 2>/dev/null | head -n1) -p1 -%endif - -# Disable user lockdown until rpm implements it natively. -# https://github.com/rpm-software-management/rpm/issues/3450 -sed -r -i 's/^u!/u/' sysusers.d/*.conf* +test -f src/login/systemd-user.in +# Restore systemd-user pam config from before "removal of Fedora-specific bits". +# We'll systemd process it and install in the right place. +cp %{SOURCE12} src/login/systemd-user.in +# We want to update sd-boot from packaging scriptlets after package update. +# Let's disable the service. +sed -r -i '/^enable systemd-boot-update.service/d' presets/90-systemd.preset %build %global ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} -VMLINUX_H_PATH='' - -%if 0%{?have_bpf} - -%global find_vmlinux_h %{expand: -import functools, glob, subprocess -def cmp(a, b): - c = subprocess.call(["rpmdev-vercmp", a, b], stdout=subprocess.DEVNULL) - return {0:0, 11:+1, 12:-1}[c] -choices = list(glob.glob("/usr/src/kernels/*/vmlinux.h")) -assert choices -print(max(choices, key=functools.cmp_to_key(cmp))) -} - -# The build fails on ppc64le with -# "GCC error "Must specify a BPF target arch via __TARGET_ARCH_xxx". -# TODO: Remove this when libbpf checks for __powerpc64__ macro. -%ifnarch ppc64le -VMLINUX_H_PATH=$(%python3 -c '%find_vmlinux_h') -%endif -%endif - CONFIGURE_OPTS=( -Dmode=release - -Dslow-tests=true -Dsysvinit-path=/etc/rc.d/init.d -Drc-local=/etc/rc.d/rc.local -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' -Ddns-servers= + -Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin -Dservice-watchdog= -Ddev-kvm-mode=0666 - -Dkmod=enabled - -Dxkbcommon=enabled - -Dblkid=enabled - -Dfdisk=enabled - -Dseccomp=enabled + -Dkmod=true + -Dxkbcommon=true + -Dblkid=true + -Dfdisk=true + -Dseccomp=true -Dima=true - -Dselinux=enabled - -Dbpf-framework=%[0%{?have_bpf}?"enabled":"disabled"] - -Dvmlinux-h=%[0%{?have_bpf}?"auto":"disabled"] - -Dvmlinux-h-path="$VMLINUX_H_PATH" - -Dapparmor=disabled - -Dpolkit=enabled - -Dxz=%[%{with xz}?"enabled":"disabled"] - -Dzlib=%[%{with zlib}?"enabled":"disabled"] - -Dbzip2=%[%{with bzip2}?"enabled":"disabled"] - -Dlz4=%[%{with lz4}?"enabled":"disabled"] - -Dzstd=%[%{with zstd}?"enabled":"disabled"] - -Dpam=enabled - -Dacl=enabled + -Dselinux=true + -Dbpf-framework=%[0%{?have_bpf}?"true":"false"] + -Dapparmor=false + -Dpolkit=true + -Dxz=true + -Dzlib=true + -Dbzip2=true + -Dlz4=true + -Dzstd=true + -Dpam=true + -Dacl=true -Dsmack=true - -Dopenssl=enabled - -Dp11kit=enabled - -Dgcrypt=disabled - -Daudit=enabled - -Delfutils=enabled - -Dlibcryptsetup=%[%{with bootstrap}?"disabled":"enabled"] - -Delfutils=enabled - -Drepart=enabled - -Dpwquality=enabled - -Dqrencode=%[%{defined rhel}?"disabled":"enabled"] - -Dgnutls=%[%{with gnutls}?"enabled":"disabled"] - -Dmicrohttpd=enabled - -Dvmspawn=enabled - -Dlibidn2=enabled - -Dlibiptc=disabled - -Dlibcurl=enabled - -Dlibfido2=enabled - -Dxenctrl=%[0%{?have_xen}?"enabled":"disabled"] + -Dopenssl=true + -Dcryptolib=openssl + -Dp11kit=true + -Dgcrypt=false + -Daudit=true + -Delfutils=true + -Dlibcryptsetup=%[%{with bootstrap}?"false":"true"] + -Delfutils=true + -Dpwquality=true + -Dqrencode=true + -Dgnutls=true + -Dmicrohttpd=true + -Dlibidn2=true + -Dlibiptc=false + -Dlibcurl=true + -Dlibfido2=true -Defi=true - -Dsysupdate=enabled - -Dsysupdated=enabled + -Dgnu-efi=%[%{?have_gnu_efi}?"true":"false"] -Dtpm=true - -Dtpm2=enabled + -Dtpm2=true -Dhwdb=true -Dsysusers=true -Dstandalone-binaries=true -Ddefault-kill-user-processes=false -Dfirst-boot-full-preset=true - -Ddefault-network=true -Dtests=unsafe -Dinstall-tests=true + -Dtty-gid=5 + -Dusers-gid=100 -Dnobody-user=nobody -Dnobody-group=nobody -Dcompat-mutable-uid-boundaries=true + -Dsplit-usr=false -Dsplit-bin=true + -Db_lto=%[%{with lto}?"true":"false"] -Db_ndebug=false - -Dman=%[%{with docs}?"enabled":"disabled"] - -Dversion-tag=%{version}%[%{without upstream}?"-%{release}":""] + -Dman=true + -Dversion-tag=%{version}-%{release} # https://bugzilla.redhat.com/show_bug.cgi?id=1906010 - -Dshared-lib-tag=%{version_no_tilde}%[%{without upstream}?"-%{release}":""] - -Dlink-executor-shared=false + -Dshared-lib-tag=%{version_no_tilde}-%{release} -Dfallback-hostname="localhost" -Ddefault-dnssec=no -Ddefault-dns-over-tls=no @@ -885,122 +557,69 @@ CONFIGURE_OPTS=( -Ddefault-llmnr=resolve # https://bugzilla.redhat.com/show_bug.cgi?id=2028169 -Dstatus-unit-format-default=combined -%if 0%{?fedora} - # https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer - -Ddefault-timeout-sec=45 - -Ddefault-user-timeout-sec=45 -%endif - -Dconfigfiledir=/usr/lib -Doomd=true - -Dadm-gid=4 - -Dtty-gid=5 - -Ddisk-gid=6 - -Dlp-gid=7 - -Dkmem-gid=9 - -Dwheel-gid=10 + -Daudio-gid=63 -Dcdrom-gid=11 -Ddialout-gid=18 - -Dutmp-gid=22 - -Dtape-gid=33 - -Dkvm-gid=36 - -Dvideo-gid=39 - -Daudio-gid=63 - -Dusers-gid=100 + -Ddisk-gid=6 -Dinput-gid=104 + -Dkmem-gid=9 + -Dkvm-gid=36 + -Dlp-gid=7 -Drender-gid=105 -Dsgx-gid=106 + -Dtape-gid=33 + -Dtty-gid=5 + -Dusers-gid=100 + -Dutmp-gid=22 + -Dvideo-gid=39 + -Dwheel-gid=10 -Dsystemd-journal-gid=190 -Dsystemd-network-uid=192 -Dsystemd-resolve-uid=193 # -Dsystemd-timesync-uid=, not set yet - - # Make sure we use the original paths to maintain compatibility - # with unmerged systems - -Dquotaon-path=/usr/sbin/quotaon - -Dquotacheck-path=/usr/sbin/quotacheck - -Dkmod-path=/usr/bin/kmod - -Dkexec-path=/usr/sbin/kexec - -Dsulogin-path=/usr/sbin/sulogin - -Dmount-path=/usr/bin/mount - -Dumount-path=/usr/bin/umount - -Dloadkeys-path=/usr/bin/loadkeys - -Dsetfont-path=/usr/bin/setfont - -Dnologin-path=/usr/sbin/nologin - - # For now, let's build the bootloader in the same places where we - # built with gnu-efi. Later on, we might want to extend coverage, but - # considering that that support is untested, let's not do this now. - -Dbootloader=%[%{?want_bootloader}?"enabled":"disabled"] - -Dukify=enabled -%if 0%{?want_bootloader} && %{with obs} - -Dsbat-distro-url=https://github.com/systemd/systemd - -Dsbat-distro=upstream - -Dsbat-distro-summary='Upstream build from git' -%endif ) %if %{without lto} %global _lto_cflags %nil %endif -{ %meson "${CONFIGURE_OPTS[@]}" %{?meson_extra_configure_options} ; } +# Do configuration. If doing an inplace build, try to do +# reconfiguration to pick up new options. +%if %{with inplace} + command -v ccache 2>/dev/null && { CC="${CC:-ccache %__cc}"; CXX="${CXX:-ccache %__cxx}"; } + + [ -e %{_vpath_builddir}/build.ninja ] && + %__meson configure %{_vpath_builddir} "${CONFIGURE_OPTS[@]}" || +%endif +{ %meson "${CONFIGURE_OPTS[@]}"; } %meson_build -# If dynamic spec generation is available, directly pick up the triggers -# from the build directory for upstream builds. -%if %{with upstream} && (0%{?fedora} >= 41 || 0%{?rhel} >= 11) -# Include the triggers -cp %{_vpath_builddir}/src/rpm/triggers.systemd.sh %{specpartsdir}/triggers.specpart -%else new_triggers=%{_vpath_builddir}/src/rpm/triggers.systemd.sh if ! diff -u %{SOURCE1} ${new_triggers}; then echo -e "\n\n\nWARNING: triggers.systemd in Source1 is different!" echo -e " cp $PWD/${new_triggers} %{SOURCE1}\n\n\n" sleep 5 fi -%endif - -sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user %install %meson_install # udev links -%if "%{_sbindir}" != "%{_bindir}" mkdir -p %{buildroot}/%{_sbindir} ln -sf ../bin/udevadm %{buildroot}%{_sbindir}/udevadm -%endif # Compatiblity and documentation files touch %{buildroot}/etc/crypttab chmod 600 %{buildroot}/etc/crypttab -# Config files that were moved under /usr. -# We need to %ghost them so that they are not removed on upgrades. -touch %{buildroot}/etc/systemd/coredump.conf \ - %{buildroot}/etc/systemd/homed.conf \ - %{buildroot}/etc/systemd/journald.conf \ - %{buildroot}/etc/systemd/journal-remote.conf \ - %{buildroot}/etc/systemd/journal-upload.conf \ - %{buildroot}/etc/systemd/logind.conf \ - %{buildroot}/etc/systemd/networkd.conf \ - %{buildroot}/etc/systemd/oomd.conf \ - %{buildroot}/etc/systemd/pstore.conf \ - %{buildroot}/etc/systemd/resolved.conf \ - %{buildroot}/etc/systemd/sleep.conf \ - %{buildroot}/etc/systemd/system.conf \ - %{buildroot}/etc/systemd/timesyncd.conf \ - %{buildroot}/etc/systemd/user.conf \ - %{buildroot}/etc/udev/udev.conf \ - %{buildroot}/etc/udev/iocost.conf - # /etc/initab -install -Dm0644 -t %{buildroot}/etc/ %{SOURCE6} +install -Dm0644 -t %{buildroot}/etc/ %{SOURCE5} # /etc/sysctl.conf compat -install -Dm0644 %{SOURCE7} %{buildroot}/etc/sysctl.conf +install -Dm0644 %{SOURCE6} %{buildroot}/etc/sysctl.conf ln -s ../sysctl.conf %{buildroot}/etc/sysctl.d/99-sysctl.conf # Make sure these directories are properly owned @@ -1028,7 +647,6 @@ touch %{buildroot}%{_sysconfdir}/machine-info touch %{buildroot}%{_sysconfdir}/localtime mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d touch %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/00-keyboard.conf -install -d -m 0700 %{buildroot}%{_sysconfdir}/userdb # Make sure the shutdown/sleep drop-in dirs exist mkdir -p %{buildroot}%{pkgdir}/system-shutdown/ @@ -1053,144 +671,124 @@ touch %{buildroot}%{_localstatedir}/lib/systemd/random-seed touch %{buildroot}%{_localstatedir}/lib/systemd/timesync/clock touch %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload/state -# Install yum protection config. Old location in /etc. -mkdir -p %{buildroot}/etc/dnf/protected.d/ -cat >%{buildroot}/etc/dnf/protected.d/systemd.conf <%{buildroot}/usr/share/dnf5/libdnf.conf.d/protect-systemd.conf <= 42 -install -m 0644 -D %{SOURCE21} %{buildroot}%{_rpmconfigdir}/macros.d/macros.sysusers -%else -install -m 0644 -D %{SOURCE20} %{buildroot}%{_rpmconfigdir}/macros.d/macros.sysusers -# Use rpm's own sysusers provides where available -%if ! (0%{?fedora} >= 39 || 0%{?rhel} >= 10) +install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/macros.d/ %{SOURCE21} install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/fileattrs/ %{SOURCE22} install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE23} -%endif install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24} -%endif - -# https://bugzilla.redhat.com/show_bug.cgi?id=2107754 -install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25} - -%if 0%{?fedora} || 0%{?rhel} >= 10 -ln -s --relative %{buildroot}%{_bindir}/kernel-install %{buildroot}%{_sbindir}/installkernel -%endif - -%if "%{_sbindir}" == "%{_bindir}" -# Systemd has the split-sbin option which is also used to select the directory -# for alias symlinks. We need to keep split-sbin=true for now, to support -# unmerged systems. Move the symlinks here instead. -mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ -%endif - -%if 0%{?fedora} >= 41 -%if %{without upstream} -# This requires https://pagure.io/setup/pull-request/50 -# and https://src.fedoraproject.org/rpms/setup/pull-request/10. -# We skip this on upstream builds so that new users and groups -# can be added without breaking the build. -%if 0%{?fedora} >= 43 -IGNORED=empower \ - %{python3} %{SOURCE4} /usr/lib/sysusers.d/setup.conf %{buildroot}/usr/lib/sysusers.d/basic.conf -%else -%{python3} %{SOURCE4} /usr/lib/sysusers.d/20-setup-{users,groups}.conf %{buildroot}/usr/lib/sysusers.d/basic.conf -%endif -%endif -sed -n -r -i '1,7p; /can .do.|empower/p' %{buildroot}/usr/lib/sysusers.d/basic.conf -%endif - -# Disable sshd_config.d/20-systemd-userdb.conf for now. -# This option may override an existing AuthorizedKeysCommand setting -# (or be ineffective, depending on the order of configuration). -# See https://github.com/systemd/systemd/issues/33648. -rm %{buildroot}/etc/ssh/sshd_config.d/20-systemd-userdb.conf -mv %{buildroot}/usr/lib/tmpfiles.d/20-systemd-userdb.conf{,.example} - -install -m 0644 -t %{buildroot}%{_prefix}/lib/pam.d/ %{SOURCE26} %find_lang %{name} -# Split files in build root into rpms -python3 %{SOURCE2} %buildroot %{!?want_bootloader:--no-bootloader} - -# Stage sd-boot binaries for signing -%if %{with obs} && 0%{?want_bootloader} -BRP_PESIGN_FILES=/usr/lib/systemd/boot/efi/systemd-boot%{efi_arch}.efi BRP_PESIGN_PACKAGES=systemd-boot /usr/lib/rpm/brp-suse.d/brp-99-pesign -%endif +# Split files in build root into rpms. See split-files.py for the +# rules towards the end, anything which is an exception needs a line +# here. +python3 %{SOURCE2} %buildroot </dev/null || : +# FIXME: move to %postun. We want to restart systemd *after* removing +# files from the old rpm. Right now we may still have bits the old +# setup if the files are not present in the new version. But before +# implement restarting of *other* services after the transaction, moving +# this would make things worse, increasing the number of warnings we get +# about needed daemon-reload. + +oomd_state=$(systemctl is-active systemd-oomd 2>/dev/null || :) + +# Work-around for #1931034. Remove after F34 is released. +if [ "$oomd_state" == "active" ]; then + systemctl stop -q systemd-oomd 2>/dev/null || : +fi + +systemctl daemon-reexec &>/dev/null || { + # systemd v239 had bug #9553 in D-Bus authentication of the private socket, + # which was later fixed in v240 by #9625. + # + # The end result is that a `systemctl daemon-reexec` call as root will fail + # when upgrading from systemd v239, which means the system will not start + # running the new version of systemd after this post install script runs. + # + # To work around this issue, let's fall back to using a `kill -TERM 1` to + # re-execute the daemon when the `systemctl daemon-reexec` call fails. + # + # In order to prevent issues when the reason why the daemon-reexec failed is + # not the aforementioned bug, let's only use this fallback when: + # - we're upgrading this RPM package; and + # - we confirm that systemd is running as PID1 on this system. + if [ $1 -gt 1 ] && [ -d /run/systemd/system ] ; then + kill -TERM 1 &>/dev/null || : + fi +} + +if [ "$oomd_state" == "active" ]; then + systemctl start -q systemd-oomd 2>/dev/null || : +fi + [ $1 -eq 1 ] || exit 0 # create /var/log/journal only on initial installation, @@ -1211,137 +809,40 @@ systemd-tmpfiles --create &>/dev/null || : systemctl preset-all &>/dev/null || : systemctl --global preset-all &>/dev/null || : -%posttrans -if [ $1 -ge 2 ]; then - [ -w %{_localstatedir} ] && journalctl --update-catalog || : - - systemctl daemon-reexec || : - - systemd-tmpfiles --create &>/dev/null || : +%postun +if [ $1 -eq 1 ]; then + [ -w %{_localstatedir} ] && journalctl --update-catalog || : + systemd-tmpfiles --create &>/dev/null || : fi -%systemd_posttrans_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service +%systemd_postun_with_restart systemd-timedated.service systemd-portabled.service systemd-homed.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-oomd.service # FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558) +# FIXME: user@*.service needs to be restarted, but using systemctl --user daemon-reexec -# This is the expanded form of %%systemd_user_daemon_reexec. We -# can't use the macro because we define it ourselves. -if [ $1 -ge 2 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then - # Package upgrade, not uninstall - /usr/lib/systemd/systemd-update-helper user-reexec || : +%triggerun resolved -- systemd < 246.1-1 +# This is for upgrades from previous versions before systemd-resolved became the default. +systemctl --no-reload preset systemd-resolved.service &>/dev/null || : + +if systemctl -q is-enabled systemd-resolved.service &>/dev/null; then + systemctl -q is-enabled NetworkManager.service 2>/dev/null && \ + ! test -L /etc/resolv.conf 2>/dev/null && \ + ! mountpoint /etc/resolv.conf &>/dev/null && \ + grep -q 'Generated by NetworkManager' /etc/resolv.conf 2>/dev/null && \ + echo -e '/etc/resolv.conf was generated by NetworkManager.\nRemoving it to let systemd-resolved manage this file.' && \ + mv -v /etc/resolv.conf /etc/resolv.conf.orig-with-nm && \ + ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf 2>/dev/null || : + + systemctl start systemd-resolved.service &>/dev/null || : fi -%triggerun -- systemd < 256 -# This is for upgrades from previous versions before systemd restart was moved to %%postun -systemctl daemon-reexec || : - -%triggerpostun -- systemd < 253~rc1-2 -# This is for upgrades from previous versions where systemd-journald-audit.socket -# had a static enablement symlink. +%triggerpostun -- systemd < 247.3-2 +# This is for upgrades from previous versions before oomd-defaults is available. # We use %%triggerpostun here because rpm doesn't allow a second %%triggerun with # a different package version. -systemctl --no-reload preset systemd-journald-audit.socket &>/dev/null || : +systemctl --no-reload preset systemd-oomd.service &>/dev/null || : -%global udev_services %{shrink: - cryptsetup-pre.target - cryptsetup.target - hibernate.target - hybrid-sleep.target - initrd-cleanup.service - initrd-fs.target - initrd-parse-etc.service - initrd-root-device.target - initrd-root-fs.target - initrd-switch-root.service - initrd-switch-root.target - initrd-udevadm-cleanup-db.service - initrd-usr-fs.target - initrd.target - integritysetup-pre.target - integritysetup.target - kmod-static-nodes.service - proc-sys-fs-binfmt_misc.automount - proc-sys-fs-binfmt_misc.mount - quotaon-root.service - quotaon@.service - remote-cryptsetup.target - remote-veritysetup.target - sleep.target - suspend-then-hibernate.target - suspend.target - system-systemd\\x2dcryptsetup.slice - system-systemd\\x2dveritysetup.slice - systemd-backlight@.service - systemd-binfmt.service - systemd-bless-boot.service - systemd-bsod.service - systemd-coredump.socket - systemd-coredump@.service - systemd-fsck-root.service - systemd-fsck@.service - systemd-growfs-root.service - systemd-growfs@.service - systemd-hibernate-clear.service - systemd-hibernate-resume.service - systemd-hibernate.service - systemd-homed-activate.service - systemd-homed-firstboot.service - systemd-homed.service - systemd-hwdb-update.service - systemd-hybrid-sleep.service - systemd-modules-load.service - systemd-network-generator.service - systemd-oomd.service - systemd-oomd.socket - systemd-pcrextend.socket - systemd-pcrextend@.service - systemd-pcrfs-root.service - systemd-pcrfs@.service - systemd-pcrlock-file-system.service - systemd-pcrlock-firmware-code.service - systemd-pcrlock-firmware-config.service - systemd-pcrlock-machine-id.service - systemd-pcrlock-make-policy.service - systemd-pcrlock-secureboot-authority.service - systemd-pcrlock-secureboot-policy.service - systemd-pcrlock.socket - systemd-pcrlock@.service - systemd-pcrmachine.service - systemd-pcrphase-initrd.service - systemd-pcrphase-sysinit.service - systemd-pcrphase.service - systemd-portabled.service - systemd-pstore.service - systemd-quotacheck-root.service - systemd-quotacheck@.service - systemd-random-seed.service - systemd-remount-fs.service - systemd-repart.service - systemd-rfkill.service - systemd-rfkill.socket - systemd-suspend-then-hibernate.service - systemd-suspend.service - systemd-sysctl.service - systemd-timesyncd.service - systemd-tmpfiles-setup-dev-early.service - systemd-tmpfiles-setup-dev.service - systemd-udev-load-credentials.service - systemd-udev-settle.service - systemd-udev-trigger.service - systemd-udevd-control.socket - systemd-udevd-kernel.socket - systemd-udevd.service - systemd-vconsole-setup.service - systemd-volatile-root.service - veritysetup-pre.target - veritysetup.target - %{?want_bootloader: - systemd-boot-random-seed.service - systemd-boot-update.service - systemd-bootctl.socket - systemd-bootctl@.service - } - } +%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service %{?have_gnu_efi:systemd-boot-update.service} %post udev # Move old stuff around in /var/lib @@ -1351,12 +852,12 @@ if [ -L %{_localstatedir}/lib/systemd/timesync ]; then rm %{_localstatedir}/lib/systemd/timesync mv %{_localstatedir}/lib/private/systemd/timesync %{_localstatedir}/lib/systemd/timesync fi -if [ -f %{_localstatedir}/lib/systemd/clock ]; then +if [ -f %{_localstatedir}/lib/systemd/clock ] ; then mkdir -p %{_localstatedir}/lib/systemd/timesync mv %{_localstatedir}/lib/systemd/clock %{_localstatedir}/lib/systemd/timesync/. fi -systemd-hwdb update &>/dev/null +udevadm hwdb --update &>/dev/null %systemd_post %udev_services @@ -1372,10 +873,11 @@ grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null && %preun udev %systemd_preun %udev_services -%posttrans udev +%postun udev # Restart some services. # Others are either oneshot services, or sockets, and restarting them causes issues (#1378974) -%systemd_posttrans_with_restart systemd-udevd.service systemd-timesyncd.service systemd-homed.service systemd-oomd.service systemd-portabled.service +%systemd_postun_with_restart systemd-udevd.service systemd-timesyncd.service + %global journal_remote_units_restart systemd-journal-gatewayd.service systemd-journal-remote.service systemd-journal-upload.service %global journal_remote_units_norestart systemd-journal-gatewayd.socket systemd-journal-remote.socket @@ -1393,19 +895,10 @@ if [ $1 -eq 1 ] ; then fi fi -%posttrans journal-remote -%systemd_posttrans_with_restart %journal_remote_units_restart +%postun journal-remote +%systemd_postun_with_restart %journal_remote_units_restart %firewalld_reload -%global networkd_services %{shrink: - systemd-networkd.service - systemd-networkd.socket - systemd-networkd-varlink.socket - systemd-networkd-wait-online.service - systemd-network-generator.service - systemd-networkd-persistent-storage.service - } - %post networkd # systemd-networkd was split out in systemd-246.6-2. # Ideally, we would have a trigger scriptlet to record enablement @@ -1419,14 +912,26 @@ fi if [ $1 -eq 1 ] && ls /usr/lib/systemd/libsystemd-shared-24[0-6].so &>/dev/null; then echo "Skipping presets for systemd-networkd.service, seems we are upgrading from old systemd." else - %systemd_post %networkd_services + %systemd_post systemd-networkd.service systemd-networkd-wait-online.service fi %preun networkd -%systemd_preun %networkd_services +%systemd_preun systemd-networkd.service systemd-networkd-wait-online.service -%posttrans networkd -%systemd_posttrans_with_restart systemd-networkd.service +%preun resolved +if [ $1 -eq 0 ] ; then + systemctl disable --quiet \ + systemd-resolved.service \ + >/dev/null || : + if [ -L /etc/resolv.conf ] && \ + realpath /etc/resolv.conf | grep ^/run/systemd/resolve/; then + rm -f /etc/resolv.conf # no longer useful + # if network manager is enabled, move to it instead + [ -f /run/NetworkManager/resolv.conf ] && \ + systemctl -q is-enabled NetworkManager.service &>/dev/null && \ + ln -fsv ../run/NetworkManager/resolv.conf /etc/resolv.conf + fi +fi %post resolved [ $1 -eq 1 ] || exit 0 @@ -1442,21 +947,7 @@ fi %systemd_post systemd-resolved.service -%preun resolved -%systemd_preun systemd-resolved.service -if [ $1 -eq 0 ] ; then - if [ -L /etc/resolv.conf ] && \ - realpath /etc/resolv.conf | grep ^/run/systemd/resolve/; then - rm -f /etc/resolv.conf # no longer useful - # if network manager is enabled, move to it instead - [ -f /run/NetworkManager/resolv.conf ] && \ - systemctl -q is-enabled NetworkManager.service &>/dev/null && \ - ln -fsv ../run/NetworkManager/resolv.conf /etc/resolv.conf - fi -fi - %posttrans resolved -%systemd_posttrans_with_restart systemd-resolved.service [ -e %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation ] || exit 0 rm %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation # Initial installation @@ -1496,7 +987,7 @@ fi %doc %{_pkgdocdir} %exclude %{_pkgdocdir}/LICENSE* # Only the licenses texts for the licenses in License line are included. -%license LICENSE.GPL2 +%license LICENSE.GPL2 LICENSE.LGPL2.1 %license LICENSES/MIT.txt %ghost %dir %attr(0755,-,-) /etc/systemd/system/basic.target.wants %ghost %dir %attr(0755,-,-) /etc/systemd/system/bluetooth.target.wants @@ -1519,29 +1010,18 @@ fi %files libs -f .file-list-libs %license LICENSE.LGPL2.1 -%files shared -f .file-list-shared -%license LICENSE.LGPL2.1 -%license LICENSES/MIT.txt - %files pam -f .file-list-pam %files rpm-macros -f .file-list-rpm-macros -%files sysusers -f .file-list-sysusers - %files resolved -f .file-list-resolve %files devel -f .file-list-devel %files udev -f .file-list-udev -%files ukify -f .file-list-ukify -%if 0%{?want_bootloader} -%if %{without obs} +%if 0%{?have_gnu_efi} %files boot-unsigned -f .file-list-boot -%else -%files boot -f .file-list-boot -%endif %endif %files container -f .file-list-container @@ -1551,31 +1031,13 @@ fi %files networkd -f .file-list-networkd -%files networkd-defaults -f .file-list-networkd-defaults - %files oomd-defaults -f .file-list-oomd-defaults %files tests -f .file-list-tests -%files standalone-repart -f .file-list-standalone-repart - %files standalone-tmpfiles -f .file-list-standalone-tmpfiles %files standalone-sysusers -f .file-list-standalone-sysusers -%files standalone-shutdown -f .file-list-standalone-shutdown - -%clean -rm -rf \ - $RPM_BUILD_ROOT \ - 10-timeout-abort.conf.user \ - .file-list-* \ - %{name}.lang \ - debugfiles.list \ - debuglinks.list \ - debugsourcefiles.list \ - debugsources.list \ - elfbins.list - %changelog %autochangelog diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh index 944abff..a077bb7 100755 --- a/sysusers.generate-pre.sh +++ b/sysusers.generate-pre.sh @@ -20,16 +20,16 @@ user() { if [ "$uid" = '-' ] || [ "$uid" = '' ]; then cat <<-EOF getent passwd '$user' >/dev/null || \\ - useradd -r -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || : + useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : EOF else cat <<-EOF - if ! getent passwd ${user@Q} >/dev/null; then - if ! getent passwd ${uid@Q} >/dev/null; then - useradd -r -u ${uid@Q} -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || : - else - useradd -r -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || : - fi + if ! getent passwd '$user' >/dev/null; then + if ! getent passwd '$uid' >/dev/null; then + useradd -r -u '$uid' -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : + else + useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : + fi fi EOF @@ -42,11 +42,11 @@ group() { if [ "$gid" = '-' ]; then cat <<-EOF - getent group ${group@Q} >/dev/null || groupadd -r ${group@Q} || : + getent group '$group' >/dev/null || groupadd -r '$group' || : EOF else cat <<-EOF - getent group ${group@Q} >/dev/null || groupadd -f -g ${gid@Q} -r ${group@Q} || : + getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' || : EOF fi } @@ -56,8 +56,8 @@ usermod() { group="$2" cat <<-EOF - if getent group ${group@Q} >/dev/null; then - usermod -a -G ${group@Q} '$user' || : + if getent group '$group' >/dev/null; then + usermod -a -G '$group' '$user' || : fi EOF } @@ -69,7 +69,7 @@ parse() { [ -z "$line" ] && continue eval "arr=( $line )" case "${arr[0]}" in - ('u'|'u!') + ('u') if [[ "${arr[2]}" == *":"* ]]; then user "${arr[1]}" "${arr[2]%:*}" "${arr[3]}" "${arr[2]#*:}" "${arr[4]}" "${arr[5]}" else diff --git a/sysusers.prov b/sysusers.prov index 7b3d704..f12e929 100755 --- a/sysusers.prov +++ b/sysusers.prov @@ -42,7 +42,7 @@ parse() { [ -z "$line" ] && continue set -- $line case "$1" in - ('u'|'u!') + ('u') process_u "$2" "$3" ;; ('g') diff --git a/test_sysusers_defined.py b/test_sysusers_defined.py deleted file mode 100755 index 3c1e04f..0000000 --- a/test_sysusers_defined.py +++ /dev/null @@ -1,39 +0,0 @@ -#!/usr/bin/python - -import os -import sys - -def parse_sysusers_file(filename): - users, groups = set(), set() - - for line in open(filename): - line = line.strip() - if not line or line.startswith('#'): - continue - words = line.split() - match words[0]: - case 'u'|'u!': - users.add(words[1]) - case 'g': - groups.add(words[1]) - case 'm'|'r': - continue - case _: - assert False - return users, groups - -setup_users, setup_groups = set(), set() - -for arg in sys.argv[1:-1]: - users, groups = parse_sysusers_file(arg) - setup_users |= users - setup_groups |= groups - -basic_users, basic_groups = parse_sysusers_file(sys.argv[-1]) - -ignored = set(os.getenv('IGNORED', '').split()) - -if d := basic_users - setup_users - ignored: - exit(f'We have new users: {d}') -if d := basic_groups - setup_groups - ignored: - exit(f'We have new groups: {d}') diff --git a/tests/tests-reboot.yml b/tests/tests-reboot.yml new file mode 100644 index 0000000..94ea8a5 --- /dev/null +++ b/tests/tests-reboot.yml @@ -0,0 +1,50 @@ +--- +- hosts: localhost + vars: + - artifacts: "{{ lookup('env', 'TEST_ARTIFACTS')|default('./artifacts', true) }}" + tags: + - classic + tasks: + # switch SELinux to permissive mode + - name: Get default kernel + command: "grubby --default-kernel" + register: default_kernel + - debug: msg="{{ default_kernel.stdout }}" + - name: Set permissive mode + command: "grubby --args=enforcing=0 --update-kernel {{ default_kernel.stdout }}" + + - name: reboot + block: + - name: restart host + shell: sleep 2 && shutdown -r now "Ansible updates triggered" + async: 1 + poll: 0 + ignore_errors: true + + - name: wait for host to come back + wait_for_connection: + delay: 10 + timeout: 300 + + - name: Re-create /tmp/artifacts + command: mkdir /tmp/artifacts + + - name: Gather SELinux denials since boot + shell: | + result=pass + dmesg | grep -i -e type=1300 -e type=1400 > /tmp/avc.log && result=fail + ausearch -m avc -m selinux_err -m user_avc -ts boot &>> /tmp/avc.log + grep -q '' /tmp/avc.log || result=fail + echo -e "\nresults:\n- test: reboot and collect AVC\n result: $result\n logs:\n - avc.log\n\n" > /tmp/results.yml + ( [ $result = "pass" ] && echo PASS test-reboot || echo FAIL test-reboot ) > /tmp/test.log + + always: + - name: Pull out the artifacts + fetch: + dest: "{{ artifacts }}/" + src: "{{ item }}" + flat: yes + with_items: + - /tmp/test.log + - /tmp/avc.log + - /tmp/results.yml diff --git a/triggers.systemd b/triggers.systemd index 28ddc1f..719789b 100644 --- a/triggers.systemd +++ b/triggers.systemd @@ -9,17 +9,21 @@ # # Minimum rpm version supported: 4.14.0 -%transfiletriggerin -P 900900 -- /usr/lib/systemd/system/ /etc/systemd/system/ +%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system # This script will run after any package is initially installed or # upgraded. We care about the case where a package is initially # installed, because other cases are covered by the *un scriptlets, # so sometimes we will reload needlessly. /usr/lib/systemd/systemd-update-helper system-reload-restart || : -%transfiletriggerin -P 900899 -- /usr/lib/systemd/user/ /etc/systemd/user/ -/usr/lib/systemd/systemd-update-helper user-reload-restart || : +%transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user +if selinuxenabled &>/dev/null; then + /usr/lib/systemd/systemd-update-helper user-reload-restart 2>/dev/null || : +else + /usr/lib/systemd/systemd-update-helper user-reload-restart || : +fi -%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system/ /etc/systemd/system/ +%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system # On removal, we need to run daemon-reload after any units have been # removed. # On upgrade, we need to run daemon-reload after any new unit files @@ -27,35 +31,43 @@ # executed. /usr/lib/systemd/systemd-update-helper system-reload || : -%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user/ /etc/systemd/user/ +%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user # Execute daemon-reload in user managers. -/usr/lib/systemd/systemd-update-helper user-reload || : +if selinuxenabled &>/dev/null; then + /usr/lib/systemd/systemd-update-helper user-reload 2>/dev/null || : +else + /usr/lib/systemd/systemd-update-helper user-reload || : +fi -%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system/ /etc/systemd/system/ +%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system # We restart remaining system services that should be restarted here. /usr/lib/systemd/systemd-update-helper system-restart || : -%transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user/ /etc/systemd/user/ +%transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user /etc/systemd/user # We restart remaining user services that should be restarted here. -/usr/lib/systemd/systemd-update-helper user-restart || : +if selinuxenabled &>/dev/null; then + /usr/lib/systemd/systemd-update-helper user-restart 2>/dev/null || : +else + /usr/lib/systemd/systemd-update-helper user-restart || : +fi -%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d/ +%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d # This script will process files installed in /usr/lib/sysusers.d to create # specified users automatically. The priority is set such that it # will run before the tmpfiles file trigger. systemd-sysusers || : -%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d/ +%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d # This script will automatically invoke hwdb update if files have been # installed or updated in /usr/lib/udev/hwdb.d. systemd-hwdb update || : -%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog/ +%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog # This script will automatically invoke journal catalog update if files # have been installed or updated in /usr/lib/systemd/catalog. journalctl --update-catalog || : -%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d/ +%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d # This script will automatically apply binfmt rules if files have been # installed or updated in /usr/lib/binfmt.d. if test -d "/run/systemd/system"; then @@ -64,7 +76,7 @@ if test -d "/run/systemd/system"; then /usr/lib/systemd/systemd-binfmt || : fi -%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d/ +%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d # This script will process files installed in /usr/lib/tmpfiles.d to create # tmpfiles automatically. The priority is set such that it will run # after the sysusers file trigger, but before any other triggers. @@ -72,12 +84,14 @@ if test -d "/run/systemd/system"; then systemd-tmpfiles --create || : fi -%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d/ +%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d # This script will automatically update udev with new rules if files # have been installed or updated in /usr/lib/udev/rules.d. -/usr/lib/systemd/systemd-update-helper mark-reload-system-units systemd-udevd.service || : +if test -e /run/udev/control; then + udevadm control --reload || : +fi -%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d/ +%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d # This script will automatically apply sysctl rules if files have been # installed or updated in /usr/lib/sysctl.d. if test -d "/run/systemd/system"; then diff --git a/use-bfq-scheduler.patch b/use-bfq-scheduler.patch new file mode 100644 index 0000000..59e642a --- /dev/null +++ b/use-bfq-scheduler.patch @@ -0,0 +1,43 @@ +From 1990fb757f6d275d807fcb48ad09f5fc7c947bc6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 14 Aug 2019 15:57:42 +0200 +Subject: [PATCH] udev: use bfq as the default scheduler + +As requested in https://bugzilla.redhat.com/show_bug.cgi?id=1738828. +Test results are that bfq seems to behave better and more consistently on +typical hardware. The kernel does not have a configuration option to set +the default scheduler, and it currently needs to be set by userspace. + +See the bug for more discussion and links. +--- + rules.d/60-block-scheduler.rules | 5 +++++ + rules.d/meson.build | 1 + + 2 files changed, 6 insertions(+) + create mode 100644 rules.d/60-block-scheduler.rules + +diff --git a/rules.d/60-block-scheduler.rules b/rules.d/60-block-scheduler.rules +new file mode 100644 +index 0000000000..850b64540e +--- /dev/null ++++ b/rules.d/60-block-scheduler.rules +@@ -0,0 +1,5 @@ ++# do not edit this file, it will be overwritten on update ++ ++ACTION=="add", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", \ ++ KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \ ++ ATTR{queue/scheduler}="bfq" +diff --git a/rules.d/meson.build b/rules.d/meson.build +index 8d2878a36d..a3b395c9ce 100644 +--- a/rules.d/meson.build ++++ b/rules.d/meson.build +@@ -8,6 +8,7 @@ rules = [ + [files('60-autosuspend.rules', + '60-block.rules', + '60-cdrom_id.rules', ++ '60-block-scheduler.rules', + '60-drm.rules', + '60-evdev.rules', + '60-fido-id.rules', +-- +2.37.2 + diff --git a/yum-protect-systemd.conf b/yum-protect-systemd.conf new file mode 100644 index 0000000..39426d7 --- /dev/null +++ b/yum-protect-systemd.conf @@ -0,0 +1,2 @@ +systemd +systemd-udev