From e65d52fe6347c148903640c3a4caf7142e26202f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 16 Feb 2022 17:48:06 +0100 Subject: [PATCH 01/33] Drop scriptlet for handling nobody user upgrades from Fedora <28 For https://fedoraproject.org/wiki/Changes/RenameNobodyUser a scriptlet was introduced with prevents nss-systemd from synthesizing entries for nobody. Let's remove the scriptlet: very few people upgrade from such old systems, and even if they do, having a duplicate entry for nobody is annoying but hardly a big problem. (The other side of this, support in nss-systemd remains in place.) This allows deps on the tools used in the scriptlet to be dropped from -libs. While at it, also drop noop ldconfig scriptlets. (cherry picked from commit cac0b2a5a753de41dfc4a385def7bf9880c2c800) --- systemd.spec | 28 +++------------------------- 1 file changed, 3 insertions(+), 25 deletions(-) diff --git a/systemd.spec b/systemd.spec index 2a9cb00..4ede49e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -255,10 +255,6 @@ Obsoletes: systemd-compat-libs < 230 Obsoletes: nss-myhostname < 0.4 Provides: nss-myhostname = 0.4 Provides: nss-myhostname%{_isa} = 0.4 -Requires(post): coreutils -Requires(post): sed -Requires(post): grep -Requires(post): /usr/bin/getent %description libs Libraries for systemd and udev. @@ -826,27 +822,6 @@ fi # a different package version. systemctl --no-reload preset systemd-oomd.service &>/dev/null || : -%post libs -%{?ldconfig} - -# check if nobody or nfsnobody is defined -export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 -if getent passwd nfsnobody &>/dev/null; then - test -f /etc/systemd/dont-synthesize-nobody || { - echo 'Detected system with nfsnobody defined, creating /etc/systemd/dont-synthesize-nobody' - mkdir -p /etc/systemd || : - : >/etc/systemd/dont-synthesize-nobody || : - } -elif getent passwd nobody 2>/dev/null | grep -v 'nobody:[x*]:65534:65534:.*:/:/sbin/nologin' &>/dev/null; then - test -f /etc/systemd/dont-synthesize-nobody || { - echo 'Detected system with incompatible nobody defined, creating /etc/systemd/dont-synthesize-nobody' - mkdir -p /etc/systemd || : - : >/etc/systemd/dont-synthesize-nobody || : - } -fi - -%{?ldconfig:%postun libs -p %ldconfig} - %global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service %{?have_gnu_efi:systemd-boot-update.service} %post udev @@ -1031,6 +1006,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Wed Feb 16 2022 Zbigniew Jędrzejewski-Szmek - 250.3-3 +- Drop scriptlet for handling nobody user upgrades from Fedora <28 + * Thu Feb 10 2022 Zbigniew Jędrzejewski-Szmek - 250.3-3 - Add pam_namespace to systemd-user pam config (rhbz#2053098) From 7cb9d9ece0321abeb28fa1d0edcfac01fca8f820 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 16 Feb 2022 18:10:16 +0100 Subject: [PATCH 02/33] Specify owner of /var/log/journal as root in the rpm listing $ rpm -qlv systemd |grep -v 'root root' -rw-rw-r-- 1 root utmp 0 Jan 22 03:38 /run/utmp -rw-rw---- 1 root utmp 0 Jan 22 03:38 /var/log/btmp -rw-rw-r-- 1 root utmp 0 Jan 22 03:38 /var/log/lastlog -rw-rw-r-- 1 root utmp 0 Jan 22 03:38 /var/log/wtmp drwxr-sr-x 2 root systemd- 0 Jan 22 03:38 /var/log/journal During installation rpm would log an error that systemd-journal group is unknown. We create all our users by calling sysusers in the %post scriptlet, but that is too late. To avoid the warning we could either add a %pre scriptlet, but that'd require adding a dependency on shadow-utils for groupadd, since we can't use our own tools before we are installed. Let's instead create the directory owned by root.root, and change the group afterwards. The group ownership is for file ownership, and in the worst case (we don't assign the group or set mode +s), unprivileged users will not be able to read the logs. We also use 'utmp' group, but that is provided by setup.rpm and is not an issue. https://bugzilla.redhat.com/show_bug.cgi?id=2018913#c24 (cherry picked from commit 1ba983e0be490dbff1085e8f0c6fe2af1d4290e2) --- systemd.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 4ede49e..8fa4379 100644 --- a/systemd.spec +++ b/systemd.spec @@ -714,7 +714,7 @@ python3 %{SOURCE2} %buildroot < - 250.3-3 - Drop scriptlet for handling nobody user upgrades from Fedora <28 +- Specify owner of /var/log/journal as root in the rpm listing (#2018913) * Thu Feb 10 2022 Zbigniew Jędrzejewski-Szmek - 250.3-3 - Add pam_namespace to systemd-user pam config (rhbz#2053098) From f4416d730480c4598fd6e40f03da0c88ff319d72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 16 Feb 2022 18:29:25 +0100 Subject: [PATCH 03/33] Drop unused dependencies for scriptlets (cherry picked from commit e48b9066b787d4f1a8fb7816f8abd9bf79beca49) --- systemd.spec | 3 --- 1 file changed, 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index 8fa4379..d8609f0 100644 --- a/systemd.spec +++ b/systemd.spec @@ -173,12 +173,9 @@ BuildRequires: perl BuildRequires: perl(IPC::SysV) Requires(post): coreutils -Requires(post): sed -Requires(post): acl Requires(post): grep # systemd-machine-id-setup requires libssl Requires(post): openssl-libs -Requires(pre): coreutils Requires: dbus >= 1.9.18 Requires: %{name}-pam = %{version}-%{release} Requires: (%{name}-rpm-macros = %{version}-%{release} if rpm-build) From a262b349c7915461ce9eb95a2e4a0bb36b16cb35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 16 Feb 2022 22:07:07 +0100 Subject: [PATCH 04/33] Add patch for new kernel headers It's already included in systemd-stable, but v250.4 hasn't been tagged yet. (cherry picked from commit 4c2d7265ec2e92e4024bee0a961b33a8f52c2bab) --- ...3713455be38c0a587626439fd171f28c77fc.patch | 65 +++++++++++++++++++ systemd.spec | 2 +- 2 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 bbe53713455be38c0a587626439fd171f28c77fc.patch diff --git a/bbe53713455be38c0a587626439fd171f28c77fc.patch b/bbe53713455be38c0a587626439fd171f28c77fc.patch new file mode 100644 index 0000000..9f5bd29 --- /dev/null +++ b/bbe53713455be38c0a587626439fd171f28c77fc.patch @@ -0,0 +1,65 @@ +From bbe53713455be38c0a587626439fd171f28c77fc Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Sun, 30 Jan 2022 23:40:05 +0100 +Subject: [PATCH] basic: update CIFS magic + +Kernel commit dea2903719283c156b53741126228c4a1b40440f exposed (and +renamed) CIFS_MAGIC_NUMBER as CIFS_SUPER_MAGIC along with +SMB2_SUPER_MAGIC. + +This fixes the following build fail on current Fedora Rawhide: +``` +../src/basic/meson.build:389:8: ERROR: Problem encountered: found unknown filesystem(s) defined in kernel headers: + +Filesystem found in kernel header but not in filesystems-gperf.gperf: CIFS_SUPER_MAGIC +Filesystem found in kernel header but not in filesystems-gperf.gperf: SMB2_SUPER_MAGIC +``` +--- + src/basic/filesystems-gperf.gperf | 4 ++-- + src/basic/missing_magic.h | 11 ++++++++--- + 2 files changed, 10 insertions(+), 5 deletions(-) + +diff --git a/src/basic/filesystems-gperf.gperf b/src/basic/filesystems-gperf.gperf +index 08c8c445105a..e8c5357f9146 100644 +--- a/src/basic/filesystems-gperf.gperf ++++ b/src/basic/filesystems-gperf.gperf +@@ -40,7 +40,7 @@ ceph, {CEPH_SUPER_MAGIC} + cgroup2, {CGROUP2_SUPER_MAGIC} + # note that the cgroupfs magic got reassigned from cpuset + cgroup, {CGROUP_SUPER_MAGIC} +-cifs, {CIFS_MAGIC_NUMBER} ++cifs, {CIFS_SUPER_MAGIC, SMB2_SUPER_MAGIC} + coda, {CODA_SUPER_MAGIC} + configfs, {CONFIGFS_MAGIC} + cramfs, {CRAMFS_MAGIC} +@@ -109,7 +109,7 @@ selinuxfs, {SELINUX_MAGIC} + shiftfs, {SHIFTFS_MAGIC} + smackfs, {SMACK_MAGIC} + # smb3 is an alias for cifs +-smb3, {CIFS_MAGIC_NUMBER} ++smb3, {CIFS_SUPER_MAGIC} + # smbfs was removed from the kernel in 2010, the magic remains + smbfs, {SMB_SUPER_MAGIC} + sockfs, {SOCKFS_MAGIC} +diff --git a/src/basic/missing_magic.h b/src/basic/missing_magic.h +index 7d9320bb6dc9..c104fcfba315 100644 +--- a/src/basic/missing_magic.h ++++ b/src/basic/missing_magic.h +@@ -38,9 +38,14 @@ + #define XFS_SB_MAGIC 0x58465342 + #endif + +-/* Not exposed yet. Defined at fs/cifs/cifsglob.h */ +-#ifndef CIFS_MAGIC_NUMBER +-#define CIFS_MAGIC_NUMBER 0xFF534D42 ++/* dea2903719283c156b53741126228c4a1b40440f (5.17) */ ++#ifndef CIFS_SUPER_MAGIC ++#define CIFS_SUPER_MAGIC 0xFF534D42 ++#endif ++ ++/* dea2903719283c156b53741126228c4a1b40440f (5.17) */ ++#ifndef SMB2_SUPER_MAGIC ++#define SMB2_SUPER_MAGIC 0xFE534D42 + #endif + + /* 257f871993474e2bde6c497b54022c362cf398e1 (4.5) */ diff --git a/systemd.spec b/systemd.spec index d8609f0..53e858f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -91,7 +91,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Any patches which are "in preparation" upstream should be listed # here, rather than in the next section. Packit CI will drop any # patches in this range before applying upstream pull requests. - +Patch: https://github.com/systemd/systemd/commit/bbe53713455be38c0a587626439fd171f28c77fc.patch # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From cf9a3be4665d6295b4769ad1d34e371d27fd8c70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 16 Feb 2022 22:42:05 +0100 Subject: [PATCH 05/33] Bump release --- systemd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 53e858f..7638c08 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 250.3 -Release: 3%{?dist} +Release: 4%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -1003,7 +1003,7 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog -* Wed Feb 16 2022 Zbigniew Jędrzejewski-Szmek - 250.3-3 +* Wed Feb 16 2022 Zbigniew Jędrzejewski-Szmek - 250.3-4 - Drop scriptlet for handling nobody user upgrades from Fedora <28 - Specify owner of /var/log/journal as root in the rpm listing (#2018913) From 890fc095b63042d89362f57c0d9840f4bb010185 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 23 Feb 2022 23:27:29 +0100 Subject: [PATCH 06/33] Move part of %post scriptlet for resolved to %posttrans (rhbz#2018913) --- systemd.spec | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/systemd.spec b/systemd.spec index 7638c08..9b146a0 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 250.3 -Release: 4%{?dist} +Release: 5%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -392,12 +392,11 @@ devices. %package resolved Summary: Network Name Resolution manager -Requires(post): %{name} -Requires(post): grep Requires: %{name}%{?_isa} = %{version}-%{release} Obsoletes: %{name} < 249~~ Requires: libidn2.so.0%{?elf_suffix} Requires: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} +Requires(posttrans): grep %description resolved systemd-resolved is a system service that provides network name resolution to @@ -921,6 +920,7 @@ fi %systemd_post systemd-resolved.service +%posttrans resolved # Create /etc/resolv.conf symlink. # We would also create it using tmpfiles, but let's do this here # too before NetworkManager gets a chance. (systemd-tmpfiles invocation above @@ -1003,6 +1003,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Wed Feb 23 2022 Zbigniew Jędrzejewski-Szmek - 250.3-5 +- Move part of %%post scriptlet for resolved to %%posttrans (#2018913) + * Wed Feb 16 2022 Zbigniew Jędrzejewski-Szmek - 250.3-4 - Drop scriptlet for handling nobody user upgrades from Fedora <28 - Specify owner of /var/log/journal as root in the rpm listing (#2018913) From 3cd1f84f9a56fc921f504359e3a200709d6340df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 23 Feb 2022 23:53:12 +0100 Subject: [PATCH 07/33] Specify owner of utmp/wtmp/btmp/lastlog as root in the rpm listing The analysis in 1ba983e0be490dbff1085e8f0c6fe2af1d4290e2 was wrong. Both systemd-journal and utmp need to be created. For some reason rpm reports only the first group which is not available. It was complaining about systemd-journal, and when that was "fixed", it started complaining about utmp. Let's apply the same logic here. Non-root users of files owned by utmp group should only matter after a reboot, and tmpfiles will adjust the ownership. Running transaction Running scriptlet: filesystem-3.16-2.fc36.x86_64 1/1 Preparing : 1/1 Installing : libgcc-12.0.1-0.8.fc37.x86_64 1/76 Running scriptlet: libgcc-12.0.1-0.8.fc37.x86_64 1/76 Installing : fedora-release-identity-basic-37-0.2.noarch 2/76 Installing : tzdata-2021e-4.fc36.noarch 3/76 Installing : pcre2-syntax-10.39-1.fc36.1.noarch 4/76 Installing : ncurses-base-6.2-9.20210508.fc36.noarch 5/76 Installing : fedora-gpg-keys-37-0.1.noarch 6/76 Installing : fedora-release-37-0.2.noarch 7/76 Installing : fedora-release-common-37-0.2.noarch 8/76 Installing : fedora-repos-rawhide-37-0.1.noarch 9/76 Installing : fedora-repos-37-0.1.noarch 10/76 Installing : setup-2.13.9.1-3.fc36.noarch 11/76 Running scriptlet: setup-2.13.9.1-3.fc36.noarch 11/76 Installing : filesystem-3.16-2.fc36.x86_64 12/76 Installing : basesystem-11-13.fc36.noarch 13/76 Installing : glibc-minimal-langpack-2.35-2.fc37.x86_64 14/76 Installing : glibc-common-2.35-2.fc37.x86_64 15/76 Running scriptlet: glibc-2.35-2.fc37.x86_64 16/76 Installing : glibc-2.35-2.fc37.x86_64 16/76 Running scriptlet: glibc-2.35-2.fc37.x86_64 16/76 Installing : ncurses-libs-6.2-9.20210508.fc36.x86_64 17/76 Installing : bash-5.1.16-2.fc36.x86_64 18/76 Running scriptlet: bash-5.1.16-2.fc36.x86_64 18/76 Installing : libuuid-2.38-0.2.fc36.x86_64 19/76 Installing : libcap-2.48-4.fc36.x86_64 20/76 Installing : libattr-2.5.1-4.fc36.x86_64 21/76 Installing : libacl-2.3.1-3.fc36.x86_64 22/76 Installing : libzstd-1.5.2-1.fc36.x86_64 23/76 Installing : xz-libs-5.2.5-8.fc36.x86_64 24/76 Installing : zlib-1.2.11-31.fc36.x86_64 25/76 Installing : bzip2-libs-1.0.8-11.fc36.x86_64 26/76 Installing : libcap-ng-0.8.2-9.fc36.x86_64 27/76 Installing : audit-libs-3.0.7-1.fc36.x86_64 28/76 Installing : libsepol-3.3-3.fc36.x86_64 29/76 Installing : libxcrypt-4.4.28-1.fc37.x86_64 30/76 Installing : lz4-libs-1.9.3-4.fc36.x86_64 31/76 Installing : pcre2-10.39-1.fc36.1.x86_64 32/76 Installing : libselinux-3.3-4.fc36.x86_64 33/76 Installing : libsemanage-3.3-3.fc37.x86_64 34/76 Installing : shadow-utils-2:4.11.1-2.fc37.x86_64 35/76 Installing : sed-4.8-10.fc36.x86_64 36/76 Installing : dbus-common-1:1.13.20-3.fc36.noarch 37/76 Running scriptlet: dbus-common-1:1.13.20-3.fc36.noarch 37/76 Installing : alternatives-1.19-2.fc36.x86_64 38/76 Installing : expat-2.4.6-1.fc37.x86_64 39/76 Installing : gmp-1:6.2.1-2.fc36.x86_64 40/76 Installing : json-c-0.15-3.fc36.x86_64 41/76 Installing : libargon2-20171227-8.fc36.x86_64 42/76 Installing : libeconf-0.4.0-3.fc36.x86_64 43/76 Installing : pam-libs-1.5.2-11.fc37.x86_64 44/76 Installing : libffi-3.4.2-8.fc36.x86_64 45/76 Installing : p11-kit-0.24.1-2.fc36.x86_64 46/76 Installing : libgpg-error-1.44-1.fc36.x86_64 47/76 Installing : libgcrypt-1.10.0-1.fc36.x86_64 48/76 Installing : systemd-libs-250.3-4.fc37.x86_64 49/76 Running scriptlet: dbus-broker-29-5.fc36.x86_64 50/76 useradd warning: dbus's uid 81 outside of the SYS_UID_MIN 201 and SYS_UID_MAX 999 range. Installing : dbus-broker-29-5.fc36.x86_64 50/76 Running scriptlet: dbus-broker-29-5.fc36.x86_64 50/76 Installing : dbus-1:1.13.20-3.fc36.x86_64 51/76 Installing : libseccomp-2.5.3-2.fc36.x86_64 52/76 Installing : libsmartcols-2.38-0.2.fc36.x86_64 53/76 Installing : libtasn1-4.18.0-2.fc36.x86_64 54/76 Installing : p11-kit-trust-0.24.1-2.fc36.x86_64 55/76 Running scriptlet: p11-kit-trust-0.24.1-2.fc36.x86_64 55/76 Installing : libunistring-1.0-1.fc36.x86_64 56/76 Installing : libidn2-2.3.2-4.fc36.x86_64 57/76 Installing : pcre-8.45-1.fc36.1.x86_64 58/76 Installing : grep-3.7-2.fc36.x86_64 59/76 Installing : crypto-policies-20220203-2.git112f859.fc36.noarch 60/76 Running scriptlet: crypto-policies-20220203-2.git112f859.fc36.noarch 60/76 Installing : coreutils-common-9.0-3.fc36.x86_64 61/76 Installing : openssl-libs-1:3.0.0-1.fc36.x86_64 62/76 Installing : coreutils-9.0-3.fc36.x86_64 63/76 Running scriptlet: ca-certificates-2021.2.52-3.fc36.noarch 64/76 Installing : ca-certificates-2021.2.52-3.fc36.noarch 64/76 Running scriptlet: ca-certificates-2021.2.52-3.fc36.noarch 64/76 Installing : libblkid-2.38-0.2.fc36.x86_64 65/76 Running scriptlet: libblkid-2.38-0.2.fc36.x86_64 65/76 Installing : libmount-2.38-0.2.fc36.x86_64 66/76 Installing : util-linux-core-2.38-0.2.fc36.x86_64 67/76 Running scriptlet: util-linux-core-2.38-0.2.fc36.x86_64 67/76 Installing : libfdisk-2.38-0.2.fc36.x86_64 68/76 Installing : kmod-libs-29-7.fc36.x86_64 69/76 Installing : cryptsetup-libs-2.4.3-2.fc36.x86_64 70/76 Installing : device-mapper-libs-1.02.175-7.fc36.x86_64 71/76 Installing : device-mapper-1.02.175-7.fc36.x86_64 72/76 Installing : systemd-pam-250.3-4.fc37.x86_64 73/76 Installing : systemd-resolved-250.3-4.fc37.x86_64 74/76 Running scriptlet: systemd-resolved-250.3-4.fc37.x86_64 74/76 Installing : systemd-networkd-250.3-4.fc37.x86_64 75/76 Running scriptlet: systemd-networkd-250.3-4.fc37.x86_64 75/76 Installing : systemd-250.3-4.fc37.x86_64 76/76 warning: group utmp does not exist - using root warning: group utmp does not exist - using root warning: group utmp does not exist - using root warning: group utmp does not exist - using root Running scriptlet: systemd-250.3-4.fc37.x86_64 76/76 Creating group 'utmp' with GID 22. Creating group 'input' with GID 104. Creating group 'kvm' with GID 36. Creating group 'render' with GID 105. Creating group 'sgx' with GID 106. Creating group 'systemd-journal' with GID 190. Creating group 'systemd-network' with GID 192. Creating user 'systemd-network' (systemd Network Management) with UID 192 and GID 192. Creating group 'systemd-oom' with GID 999. Creating user 'systemd-oom' (systemd Userspace OOM Killer) with UID 999 and GID 999. Creating group 'systemd-resolve' with GID 193. Creating user 'systemd-resolve' (systemd Resolver) with UID 193 and GID 193. Running scriptlet: filesystem-3.16-2.fc36.x86_64 76/76 Running scriptlet: ca-certificates-2021.2.52-3.fc36.noarch 76/76 Running scriptlet: systemd-resolved-250.3-4.fc37.x86_64 76/76 '/etc/resolv.conf' -> '../run/systemd/resolve/stub-resolv.conf' Running scriptlet: systemd-250.3-4.fc37.x86_64 76/76 --- systemd.spec | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index 9b146a0..a7d4bec 100644 --- a/systemd.spec +++ b/systemd.spec @@ -687,10 +687,10 @@ python3 %{SOURCE2} %buildroot < - 250.3-5 - Move part of %%post scriptlet for resolved to %%posttrans (#2018913) +- Specify owner of utmp/wtmp/btmp/lastlog as root in the rpm listing * Wed Feb 16 2022 Zbigniew Jędrzejewski-Szmek - 250.3-4 - Drop scriptlet for handling nobody user upgrades from Fedora <28 From a31629ed62c4e46a23986205a1a3366701ea2909 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 24 Feb 2022 20:25:55 +0100 Subject: [PATCH 08/33] Avoid trying to create the symlink if there's a dangling symlink already 'test -e' says 'no' for dangling symlinks. Let's also ignore the error if this fails. We shouldn't fail the transaction. --- systemd.spec | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/systemd.spec b/systemd.spec index a7d4bec..efc8b06 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 250.3 -Release: 5%{?dist} +Release: 6%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -940,11 +940,11 @@ if systemctl -q is-enabled systemd-resolved.service &>/dev/null && ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null | grep -iqE '^DNSStubListener\s*=\s*(no?|false|0|off)\s*$'; then - if ! test -e /etc/resolv.conf; then - ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf + if ! test -e /etc/resolv.conf && ! test -L /etc/resolv.conf; then + ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || : elif test -d /run/systemd/system/ && ! mountpoint /etc/resolv.conf &>/dev/null; then - ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf + ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || : fi fi @@ -1003,6 +1003,10 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Thu Feb 24 2022 Zbigniew Jędrzejewski-Szmek - 250.3-6 +- Avoid trying to create the symlink if there's a dangling symlink already in + place (#2058388) + * Wed Feb 23 2022 Zbigniew Jędrzejewski-Szmek - 250.3-5 - Move part of %%post scriptlet for resolved to %%posttrans (#2018913) - Specify owner of utmp/wtmp/btmp/lastlog as root in the rpm listing From 750b1da141db741916ea1e036fa62da1297f0609 Mon Sep 17 00:00:00 2001 From: Michael Catanzaro Date: Mon, 14 Mar 2022 09:48:35 -0500 Subject: [PATCH 09/33] Disable default DNS over TLS (#1889901) --- systemd.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index efc8b06..61c52f3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 250.3 -Release: 6%{?dist} +Release: 7%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -518,7 +518,7 @@ CONFIGURE_OPTS=( -Dversion-tag=v%{version}-%{release} -Dfallback-hostname=%[0%{?fedora}?"fedora":"localhost"] -Ddefault-dnssec=no - -Ddefault-dns-over-tls=opportunistic + -Ddefault-dns-over-tls=no # https://bugzilla.redhat.com/show_bug.cgi?id=1867830 -Ddefault-mdns=no -Ddefault-llmnr=resolve @@ -1003,6 +1003,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Mon Mar 14 2022 Michael Catanzaro - 250.3-7 +- Disable default DNS over TLS (#1889901) + * Thu Feb 24 2022 Zbigniew Jędrzejewski-Szmek - 250.3-6 - Avoid trying to create the symlink if there's a dangling symlink already in place (#2058388) From 5c19e29a84a0d73745536f668178bb18190444f2 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Tue, 30 Nov 2021 21:00:44 +0100 Subject: [PATCH 10/33] Move systemd-cryptenroll to systemd-udev --- split-files.py | 1 + 1 file changed, 1 insertion(+) diff --git a/split-files.py b/split-files.py index 9614c07..d202c59 100644 --- a/split-files.py +++ b/split-files.py @@ -101,6 +101,7 @@ for file in files(buildroot): modules-load| timesync| crypttab| + cryptenroll| cryptsetup| libcryptsetup-token-systemd| kmod| From ddc8f7548302a8760cad0ee489e2f08f666e7bf8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 17 Mar 2022 21:37:30 +0100 Subject: [PATCH 11/33] Really move libcryptsetup plugins to -udev --- split-files.py | 14 ++++++++++---- systemd.spec | 5 ++++- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/split-files.py b/split-files.py index d202c59..a660db8 100644 --- a/split-files.py +++ b/split-files.py @@ -28,7 +28,7 @@ o_resolve = open('.file-list-resolve', 'w') o_tests = open('.file-list-tests', 'w') o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w') o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w') -o_rest = open('.file-list-rest', 'w') +o_main = open('.file-list-main', 'w') for file in files(buildroot): n = file.path[1:] if re.match(r'''/usr/(share|include)$| @@ -58,7 +58,11 @@ for file in files(buildroot): o = o_rpm_macros elif '/usr/lib/systemd/tests' in n: o = o_tests - elif re.search(r'/lib.*\.pc|/man3/|/usr/include|(? - 250.3-7 +- Move libcryptsetup plugins to -udev (#2031873) + * Mon Mar 14 2022 Michael Catanzaro - 250.3-7 - Disable default DNS over TLS (#1889901) From cf2f43fd0466e81909391a11aadcb163263ca35d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 17 Mar 2022 21:41:47 +0100 Subject: [PATCH 12/33] Fix bug number --- systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index e9525a2..b68ab4c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1004,7 +1004,7 @@ fi %changelog * Thu Mar 17 2022 Zbigniew Jędrzejewski-Szmek - 250.3-7 -- Move libcryptsetup plugins to -udev (#2031873) +- Move libcryptsetup plugins to -udev (#2064804) * Mon Mar 14 2022 Michael Catanzaro - 250.3-7 - Disable default DNS over TLS (#1889901) From 24e81e56a2afd30f93a7563a6155370d362a0bd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 18 Mar 2022 13:35:22 +0100 Subject: [PATCH 13/33] Fix the wrong file assignment done in previous version --- split-files.py | 4 ++-- systemd.spec | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/split-files.py b/split-files.py index a660db8..e28ec10 100644 --- a/split-files.py +++ b/split-files.py @@ -58,9 +58,9 @@ for file in files(buildroot): o = o_rpm_macros elif '/usr/lib/systemd/tests' in n: o = o_tests - elif re.match(r'/libsystemd-shared-*.so$', n): + elif re.search(r'/libsystemd-shared-*.so$', n): o = o_main - elif re.match(r'/libcryptsetup-token-systemd-.*\.so$', n): + elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n): o = o_udev elif re.search(r'/lib.*\.pc|/man3/|/usr/include|\.so$', n): o = o_devel diff --git a/systemd.spec b/systemd.spec index b68ab4c..447a925 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 250.3 -Release: 7%{?dist} +Release: 8%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -1003,6 +1003,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Fri Mar 18 2022 Zbigniew Jędrzejewski-Szmek - 250.3-8 +- Fix the wrong file assignment done in previous version + * Thu Mar 17 2022 Zbigniew Jędrzejewski-Szmek - 250.3-7 - Move libcryptsetup plugins to -udev (#2064804) From 62cd72228a36a0c65714cd7d15abcf5693a5f019 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 18 Mar 2022 13:39:32 +0100 Subject: [PATCH 14/33] Fix regexp syntax --- split-files.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/split-files.py b/split-files.py index e28ec10..9b6e9f7 100644 --- a/split-files.py +++ b/split-files.py @@ -58,7 +58,7 @@ for file in files(buildroot): o = o_rpm_macros elif '/usr/lib/systemd/tests' in n: o = o_tests - elif re.search(r'/libsystemd-shared-*.so$', n): + elif re.search(r'/libsystemd-shared-.*\.so$', n): o = o_main elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n): o = o_udev From 54f0a8df78770bcfff58ae82f3f1dcb8c20efbf6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 20 May 2022 16:22:42 +0200 Subject: [PATCH 15/33] Version 250.5 --- ...3713455be38c0a587626439fd171f28c77fc.patch | 65 ------------------- sources | 2 +- systemd.spec | 9 ++- 3 files changed, 7 insertions(+), 69 deletions(-) delete mode 100644 bbe53713455be38c0a587626439fd171f28c77fc.patch diff --git a/bbe53713455be38c0a587626439fd171f28c77fc.patch b/bbe53713455be38c0a587626439fd171f28c77fc.patch deleted file mode 100644 index 9f5bd29..0000000 --- a/bbe53713455be38c0a587626439fd171f28c77fc.patch +++ /dev/null @@ -1,65 +0,0 @@ -From bbe53713455be38c0a587626439fd171f28c77fc Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Sun, 30 Jan 2022 23:40:05 +0100 -Subject: [PATCH] basic: update CIFS magic - -Kernel commit dea2903719283c156b53741126228c4a1b40440f exposed (and -renamed) CIFS_MAGIC_NUMBER as CIFS_SUPER_MAGIC along with -SMB2_SUPER_MAGIC. - -This fixes the following build fail on current Fedora Rawhide: -``` -../src/basic/meson.build:389:8: ERROR: Problem encountered: found unknown filesystem(s) defined in kernel headers: - -Filesystem found in kernel header but not in filesystems-gperf.gperf: CIFS_SUPER_MAGIC -Filesystem found in kernel header but not in filesystems-gperf.gperf: SMB2_SUPER_MAGIC -``` ---- - src/basic/filesystems-gperf.gperf | 4 ++-- - src/basic/missing_magic.h | 11 ++++++++--- - 2 files changed, 10 insertions(+), 5 deletions(-) - -diff --git a/src/basic/filesystems-gperf.gperf b/src/basic/filesystems-gperf.gperf -index 08c8c445105a..e8c5357f9146 100644 ---- a/src/basic/filesystems-gperf.gperf -+++ b/src/basic/filesystems-gperf.gperf -@@ -40,7 +40,7 @@ ceph, {CEPH_SUPER_MAGIC} - cgroup2, {CGROUP2_SUPER_MAGIC} - # note that the cgroupfs magic got reassigned from cpuset - cgroup, {CGROUP_SUPER_MAGIC} --cifs, {CIFS_MAGIC_NUMBER} -+cifs, {CIFS_SUPER_MAGIC, SMB2_SUPER_MAGIC} - coda, {CODA_SUPER_MAGIC} - configfs, {CONFIGFS_MAGIC} - cramfs, {CRAMFS_MAGIC} -@@ -109,7 +109,7 @@ selinuxfs, {SELINUX_MAGIC} - shiftfs, {SHIFTFS_MAGIC} - smackfs, {SMACK_MAGIC} - # smb3 is an alias for cifs --smb3, {CIFS_MAGIC_NUMBER} -+smb3, {CIFS_SUPER_MAGIC} - # smbfs was removed from the kernel in 2010, the magic remains - smbfs, {SMB_SUPER_MAGIC} - sockfs, {SOCKFS_MAGIC} -diff --git a/src/basic/missing_magic.h b/src/basic/missing_magic.h -index 7d9320bb6dc9..c104fcfba315 100644 ---- a/src/basic/missing_magic.h -+++ b/src/basic/missing_magic.h -@@ -38,9 +38,14 @@ - #define XFS_SB_MAGIC 0x58465342 - #endif - --/* Not exposed yet. Defined at fs/cifs/cifsglob.h */ --#ifndef CIFS_MAGIC_NUMBER --#define CIFS_MAGIC_NUMBER 0xFF534D42 -+/* dea2903719283c156b53741126228c4a1b40440f (5.17) */ -+#ifndef CIFS_SUPER_MAGIC -+#define CIFS_SUPER_MAGIC 0xFF534D42 -+#endif -+ -+/* dea2903719283c156b53741126228c4a1b40440f (5.17) */ -+#ifndef SMB2_SUPER_MAGIC -+#define SMB2_SUPER_MAGIC 0xFE534D42 - #endif - - /* 257f871993474e2bde6c497b54022c362cf398e1 (4.5) */ diff --git a/sources b/sources index a1317df..054e855 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-250.3.tar.gz) = 81847fb088ff271138b1ea318995a2ca2ee5d4c5d839c9dd81f0210d366198049199d59c49b25ef8783df2c6b8dd9fcdf2d916777788b1a6d42deec9da8e9da5 +SHA512 (systemd-250.5.tar.gz) = ad864b67bd5e2f5fd5705b636467827e4735142cefba150d24bb8e51ac0263650b2b0e53d4426eb509d1db59b83dc3b4c4bf157cc355fc2b7524db6bc4a9b5cd diff --git a/systemd.spec b/systemd.spec index 447a925..f88679b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,8 +30,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 250.3 -Release: 8%{?dist} +Version: 250.5 +Release: 1%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -91,7 +91,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Any patches which are "in preparation" upstream should be listed # here, rather than in the next section. Packit CI will drop any # patches in this range before applying upstream pull requests. -Patch: https://github.com/systemd/systemd/commit/bbe53713455be38c0a587626439fd171f28c77fc.patch + # Downstream-only patches (5000–9999) # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -1003,6 +1003,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Fri May 20 2022 Zbigniew Jędrzejewski-Szmek - 250.5-1 +- Latest upstream bugfix release (one was skipped because we were in freeze) + * Fri Mar 18 2022 Zbigniew Jędrzejewski-Szmek - 250.3-8 - Fix the wrong file assignment done in previous version From 34346c36622b6e21ad9b8056ff67f1850add1fab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 6 May 2022 20:48:00 +0200 Subject: [PATCH 16/33] Remove bfq patch in packit builds (cherry picked from commit 95c9cf61afdfe69e4b95009cf1024b8697179115) --- systemd.spec | 12 ++++++------ use-bfq-scheduler.patch | 23 +++++++++++------------ 2 files changed, 17 insertions(+), 18 deletions(-) diff --git a/systemd.spec b/systemd.spec index f88679b..6146378 100644 --- a/systemd.spec +++ b/systemd.spec @@ -88,15 +88,15 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Backports of patches from upstream (0000–0499) # -# Any patches which are "in preparation" upstream should be listed -# here, rather than in the next section. Packit CI will drop any -# patches in this range before applying upstream pull requests. +# Any patches which are "in preparation" upstream should be listed here, rather +# than in the next section. Packit CI will drop any patches in this range before +# applying upstream pull requests. - -# Downstream-only patches (5000–9999) +# This is a downstream-only patch, but we don't want it in packit builds. # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 -Patch0500: use-bfq-scheduler.patch +Patch0499: use-bfq-scheduler.patch +# Other downstream-only patches (5000–9999) # https://github.com/systemd/systemd/pull/17050 Patch0501: https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch diff --git a/use-bfq-scheduler.patch b/use-bfq-scheduler.patch index d0e6762..c1a44e9 100644 --- a/use-bfq-scheduler.patch +++ b/use-bfq-scheduler.patch @@ -1,4 +1,4 @@ -From 223ea50950f97ed4e67311dfcffed7ffc27a7cd3 Mon Sep 17 00:00:00 2001 +From b506a814bdd5d86461d9e4087f99a05753b238e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 14 Aug 2019 15:57:42 +0200 Subject: [PATCH] udev: use bfq as the default scheduler @@ -20,22 +20,21 @@ new file mode 100644 index 0000000000..480b941761 --- /dev/null +++ b/rules.d/60-block-scheduler.rules -@@ -0,0 +1,6 @@ +@@ -0,0 +1,5 @@ +# do not edit this file, it will be overwritten on update + +ACTION=="add", SUBSYSTEM=="block", \ + KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \ -+ ENV{DEVTYPE}=="disk", \ + ATTR{queue/scheduler}="bfq" diff --git a/rules.d/meson.build b/rules.d/meson.build -index ca4445d774..38d6aa6970 100644 +index e6533e001a..bfa26904d0 100644 --- a/rules.d/meson.build +++ b/rules.d/meson.build -@@ -3,6 +3,7 @@ - rules = files(''' - 60-autosuspend.rules - 60-block.rules -+ 60-block-scheduler.rules - 60-cdrom_id.rules - 60-drm.rules - 60-evdev.rules +@@ -7,6 +7,7 @@ install_data( + rules = files( + '60-autosuspend.rules', + '60-block.rules', ++ '60-block-scheduler.rules', + '60-cdrom_id.rules', + '60-drm.rules', + '60-evdev.rules', From 322bdbdf07612481a16c20a0711ed7a6193f2d3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 16 May 2022 20:23:07 +0200 Subject: [PATCH 17/33] Run sysusers and friends also if systemd is not running MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I tested this with 'sudo dnf --installroot=…', with both systemd+system-udev installed in one transaction, and in two separate transactions. Users are created as expected in both cases. (cherry picked from commit 3a876074d2ab615187c2d1d8a874d221859983f3) --- systemd.spec | 2 ++ triggers.systemd | 12 +++--------- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/systemd.spec b/systemd.spec index 6146378..4c11b1b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1005,6 +1005,8 @@ fi %changelog * Fri May 20 2022 Zbigniew Jędrzejewski-Szmek - 250.5-1 - Latest upstream bugfix release (one was skipped because we were in freeze) +- Run sysusers and hwdb and catalog updates also if systemd is not running + (#2085481) * Fri Mar 18 2022 Zbigniew Jędrzejewski-Szmek - 250.3-8 - Fix the wrong file assignment done in previous version diff --git a/triggers.systemd b/triggers.systemd index 5929035..719789b 100644 --- a/triggers.systemd +++ b/triggers.systemd @@ -55,23 +55,17 @@ fi # This script will process files installed in /usr/lib/sysusers.d to create # specified users automatically. The priority is set such that it # will run before the tmpfiles file trigger. -if test -d "/run/systemd/system"; then - systemd-sysusers || : -fi +systemd-sysusers || : %transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d # This script will automatically invoke hwdb update if files have been # installed or updated in /usr/lib/udev/hwdb.d. -if test -d "/run/systemd/system"; then - systemd-hwdb update || : -fi +systemd-hwdb update || : %transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog # This script will automatically invoke journal catalog update if files # have been installed or updated in /usr/lib/systemd/catalog. -if test -d "/run/systemd/system"; then - journalctl --update-catalog || : -fi +journalctl --update-catalog || : %transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d # This script will automatically apply binfmt rules if files have been From cfee8d47db8323402e223e583531ddd24603b475 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 10 Feb 2022 17:52:26 +0100 Subject: [PATCH 18/33] Add Conflicts for older systemd and systemd-udev versions (cherry picked from commit 23ee798cbd923f9e44444460c5994aa73f027082) --- systemd.spec | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/systemd.spec b/systemd.spec index 4c11b1b..2c85fad 100644 --- a/systemd.spec +++ b/systemd.spec @@ -195,6 +195,8 @@ Provides: system-setup-keyboard = 0.9 Obsoletes: systemd-sysv < 206 # self-obsoletes so that dnf will install new subpackages on upgrade (#1260394) Obsoletes: %{name} < 249~~ +# https://bugzilla.redhat.com/show_bug.cgi?id=2051019 +Conflicts: %{name}-udev < %{version}-%{release} Provides: systemd-sysv = 206 Conflicts: initscripts < 9.56.1 %if 0%{?fedora} @@ -303,6 +305,8 @@ Obsoletes: systemd < 245.6-1 Provides: udev = %{version} Provides: udev%{_isa} = %{version} Obsoletes: udev < 183 +# https://bugzilla.redhat.com/show_bug.cgi?id=2051019 +Conflicts: %{name} < %{version}-%{release} # Recommends to replace normal Requires deps for stuff that is dlopen()ed # used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home @@ -1003,6 +1007,10 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Wed May 25 2022 Zbigniew Jędrzejewski-Szmek - 250.5-1 +- Add Conflicts for older systemd and systemd-udev versions to fix issue with + files being moved between subpackages (rhbz#2051019) + * Fri May 20 2022 Zbigniew Jędrzejewski-Szmek - 250.5-1 - Latest upstream bugfix release (one was skipped because we were in freeze) - Run sysusers and hwdb and catalog updates also if systemd is not running From 1ff9b90627172168a59ff6f570b55e45584d3720 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 25 May 2022 14:18:17 +0200 Subject: [PATCH 19/33] Supress errors from useradd/groupadd (cherry picked from commit a65bd010dd1dbcc68b24d87a0b20a58897161bae) --- systemd.spec | 1 + sysusers.generate-pre.sh | 14 +++++++------- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/systemd.spec b/systemd.spec index 2c85fad..e060403 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1010,6 +1010,7 @@ fi * Wed May 25 2022 Zbigniew Jędrzejewski-Szmek - 250.5-1 - Add Conflicts for older systemd and systemd-udev versions to fix issue with files being moved between subpackages (rhbz#2051019) +- Supress errors from useradd/groupadd (#2090129) * Fri May 20 2022 Zbigniew Jędrzejewski-Szmek - 250.5-1 - Latest upstream bugfix release (one was skipped because we were in freeze) diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh index fd9938d..95a0938 100755 --- a/sysusers.generate-pre.sh +++ b/sysusers.generate-pre.sh @@ -19,15 +19,15 @@ user() { if [ "$uid" = '-' ] || [ "$uid" = '' ]; then cat </dev/null || \\ - useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' + useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || : EOF else cat </dev/null ; then - if ! getent passwd '$uid' >/dev/null ; then - useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' +if ! getent passwd '$user' >/dev/null; then + if ! getent passwd '$uid' >/dev/null; then + useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' || : else - useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' + useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' || : fi fi @@ -40,11 +40,11 @@ group() { gid="$2" if [ "$gid" = '-' ]; then cat <<-EOF - getent group '$group' >/dev/null || groupadd -r '$group' + getent group '$group' >/dev/null || groupadd -r '$group' || : EOF else cat <<-EOF - getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' + getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' || : EOF fi } From 92e01919e51ceead4e37a70c16e3d66a79d52344 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 25 May 2022 17:48:20 +0200 Subject: [PATCH 20/33] Version 250.6 --- sources | 2 +- systemd.spec | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/sources b/sources index 054e855..cd2c53c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-250.5.tar.gz) = ad864b67bd5e2f5fd5705b636467827e4735142cefba150d24bb8e51ac0263650b2b0e53d4426eb509d1db59b83dc3b4c4bf157cc355fc2b7524db6bc4a9b5cd +SHA512 (systemd-250.6.tar.gz) = b625d5fb419370d238cf72f2e59c8fa6782972d94746835bde3a64a7746edd1d5fad901bbb01311f858b7dbdff6d759518b615708bb835a81964c16878d5644e diff --git a/systemd.spec b/systemd.spec index e060403..d2f7c26 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 250.5 +Version: 250.6 Release: 1%{?dist} %else # determine the build information from local checkout @@ -1007,7 +1007,10 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog -* Wed May 25 2022 Zbigniew Jędrzejewski-Szmek - 250.5-1 +* Wed May 25 2022 Zbigniew Jędrzejewski-Szmek - 250.6-1 +- Latest upstream bugfix release (a bunch of memory accesses and leaks + fixed based on fuzzer reports, documentation clarifications, + #2038634, #2086166, #2084955, #2071034) - Add Conflicts for older systemd and systemd-udev versions to fix issue with files being moved between subpackages (rhbz#2051019) - Supress errors from useradd/groupadd (#2090129) From a5272297b3371001261d2aa3758096011660f738 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 2 Jun 2022 20:52:27 +0200 Subject: [PATCH 21/33] Version 250.7 --- sources | 2 +- systemd.spec | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/sources b/sources index cd2c53c..8b282c4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-250.6.tar.gz) = b625d5fb419370d238cf72f2e59c8fa6782972d94746835bde3a64a7746edd1d5fad901bbb01311f858b7dbdff6d759518b615708bb835a81964c16878d5644e +SHA512 (systemd-250.7.tar.gz) = 99bc6f0c9757b280cb694f3fb4d6fe04d5ce55583eb2bae5ddeb324bb5ee9930c1720fcc27293d90cddba188473653ec541a471ae8115710a5850c26d0ba215d diff --git a/systemd.spec b/systemd.spec index d2f7c26..27cc483 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 250.6 +Version: 250.7 Release: 1%{?dist} %else # determine the build information from local checkout @@ -1007,6 +1007,10 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Thu Jun 2 2022 Zbigniew Jędrzejewski-Szmek - 250.7-1 +- A bunch of man page fixes, a few memory-access correctness fixes, + suppress messages about bpf setup in the user manager (#2084955) + * Wed May 25 2022 Zbigniew Jędrzejewski-Szmek - 250.6-1 - Latest upstream bugfix release (a bunch of memory accesses and leaks fixed based on fuzzer reports, documentation clarifications, From 975156465036eb9a722055e518b2448c09079e01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 3 Jun 2022 09:37:30 +0200 Subject: [PATCH 22/33] Add patch to fix build on i686 --- 0001-sha256-fix-compilation-on-efi-ia32.patch | 38 +++++++++++++++++++ systemd.spec | 1 + 2 files changed, 39 insertions(+) create mode 100644 0001-sha256-fix-compilation-on-efi-ia32.patch diff --git a/0001-sha256-fix-compilation-on-efi-ia32.patch b/0001-sha256-fix-compilation-on-efi-ia32.patch new file mode 100644 index 0000000..cc23995 --- /dev/null +++ b/0001-sha256-fix-compilation-on-efi-ia32.patch @@ -0,0 +1,38 @@ +From 3185ae7c812af8ff6cabbd680b694d8a51f0c09f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 3 Jun 2022 09:32:02 +0200 +Subject: [PATCH] sha256: fix compilation on efi-ia32 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +/usr/bin/gcc -c ../src/fundamental/sha256.c -o src/boot/efi/sha256.c.o -Wno-format-signedness -Wno-missing-field-initializers -Wno-unused-parameter -Wdate-time -Wendif-labels -Werror=format=2 -Werror=implicit-function-declaration -Werror=incompatible-pointer-types -Werror=int-conversion -Werror=overflow -Werror=override-init -Werror=return-type -Werror=shift-count-overflow -Werror=shift-overflow=2 -Werror=undef -Wfloat-equal -Wimplicit-fallthrough=5 -Winit-self -Wlogical-op -Wmissing-include-dirs -Wmissing-noreturn -Wnested-externs -Wold-style-definition -Wpointer-arith -Wredundant-decls -Wshadow -Wstrict-aliasing=2 -Wstrict-prototypes -Wsuggest-attribute=noreturn -Wunused-function -Wwrite-strings -Wno-unused-result -fno-stack-protector -fno-strict-aliasing -fpic -fwide-exec-charset=UCS2 -Wall -Wextra -Wsign-compare -nostdlib -std=gnu99 -ffreestanding -fshort-wchar -fvisibility=hidden -isystem /usr/include/efi -isystem /usr/include/efi/ia32 -I /builddir/build/BUILD/systemd-stable-250.7/src/fundamental -DSD_BOOT -DGNU_EFI_USE_MS_ABI -include src/boot/efi/efi_config.h -include version.h -mno-sse -mno-mmx -flto -O2 -flto=auto +../src/fundamental/sha256.c: In function ‘sha256_finish_ctx’: +../src/fundamental/sha256.c:61:25: error: ‘false’ undeclared (first use in this function) + 61 | # define UNALIGNED_P(p) false + | ^~~~~ +../src/fundamental/sha256.c:136:21: note: in expansion of macro ‘UNALIGNED_P’ + 136 | if (UNALIGNED_P(resbuf)) + | ^~~~~~~~~~~ +../src/fundamental/sha256.c:32:1: note: ‘false’ is defined in header ‘’; did you forget to ‘#include ’? + 31 | #include "sha256.h" + +++ |+#include + 32 | +... +--- + src/fundamental/sha256.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/fundamental/sha256.c b/src/fundamental/sha256.c +index 67d83b5f1c..f089594796 100644 +--- a/src/fundamental/sha256.c ++++ b/src/fundamental/sha256.c +@@ -60,7 +60,7 @@ + # define UNALIGNED_P(p) (((size_t) p) % sizeof(uint32_t) != 0) + # endif + #else +-# define UNALIGNED_P(p) false ++# define UNALIGNED_P(p) sd_false + #endif + + /* This array contains the bytes used to pad the buffer to the next diff --git a/systemd.spec b/systemd.spec index 27cc483..16b14ec 100644 --- a/systemd.spec +++ b/systemd.spec @@ -91,6 +91,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Any patches which are "in preparation" upstream should be listed here, rather # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. +Patch0000: 0001-sha256-fix-compilation-on-efi-ia32.patch # This is a downstream-only patch, but we don't want it in packit builds. # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From d5adfef1adf4b1e5e5660ab6ee5dc99ea72f9986 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 3 Jul 2022 21:31:32 +0200 Subject: [PATCH 23/33] Drop Obsoletes for systemd-standalone-{tmpfiles,sysusers} It turns out that with the Obsoletes, dnf will just install the normal systemd package if systemd-standalone-* is requested. The commit message for b36512ad8f06270739f85371d03f61bbf8e6fe2a which added this says I tested with local package builds (where it works), but not when going through the full repo with all packages. I'm adding the Provides instead, so that it's possible to request on or the other more easily. --- systemd.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 16b14ec..d8fae7f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -206,9 +206,9 @@ Conflicts: fedora-release < 23-0.12 Obsoletes: timedatex < 0.6-3 Provides: timedatex = 0.6-3 Conflicts: %{name}-standalone-tmpfiles < %{version}-%{release}^ -Obsoletes: %{name}-standalone-tmpfiles < %{version}-%{release}^ +Provides: %{name}-tmpfiles = %{version}-%{release} Conflicts: %{name}-standalone-sysusers < %{version}-%{release}^ -Obsoletes: %{name}-standalone-sysusers < %{version}-%{release}^ +Provides: %{name}-sysusers = %{version}-%{release} # Recommends to replace normal Requires deps for stuff that is dlopen()ed Recommends: libidn2.so.0%{?elf_suffix} @@ -429,6 +429,7 @@ useful to test systemd internals. %package standalone-tmpfiles Summary: Standalone tmpfiles binary for use in non-systemd systems +Provides: %{name}-tmpfiles = %{version}-%{release} RemovePathPostfixes: .standalone %description standalone-tmpfiles @@ -438,6 +439,7 @@ package and is meant for use in non-systemd systems. %package standalone-sysusers Summary: Standalone sysusers binary for use in non-systemd systems +Provides: %{name}-sysusers = %{version}-%{release} RemovePathPostfixes: .standalone %description standalone-sysusers From 5d156ae24ab4dab2a62b468d070146ededd61feb Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 6 Jul 2022 20:50:31 +0200 Subject: [PATCH 24/33] Move networkd man pages to networkd package --- split-files.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/split-files.py b/split-files.py index 9b6e9f7..ea5ee74 100644 --- a/split-files.py +++ b/split-files.py @@ -86,7 +86,9 @@ for file in files(buildroot): elif re.search(r'''/usr/lib/systemd/network/80-| networkd| networkctl| - org.freedesktop.network1 + org.freedesktop.network1| + systemd\.network| + systemd\.netdev ''', n, re.X): o = o_networkd From e518927ce69ea960a5d9c909995e1fa7d9f23423 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 14 Jul 2022 15:10:16 +0200 Subject: [PATCH 25/33] Version 250.8 --- 0001-sha256-fix-compilation-on-efi-ia32.patch | 38 ------------------- sources | 2 +- systemd.spec | 8 +++- 3 files changed, 7 insertions(+), 41 deletions(-) delete mode 100644 0001-sha256-fix-compilation-on-efi-ia32.patch diff --git a/0001-sha256-fix-compilation-on-efi-ia32.patch b/0001-sha256-fix-compilation-on-efi-ia32.patch deleted file mode 100644 index cc23995..0000000 --- a/0001-sha256-fix-compilation-on-efi-ia32.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 3185ae7c812af8ff6cabbd680b694d8a51f0c09f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 3 Jun 2022 09:32:02 +0200 -Subject: [PATCH] sha256: fix compilation on efi-ia32 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -/usr/bin/gcc -c ../src/fundamental/sha256.c -o src/boot/efi/sha256.c.o -Wno-format-signedness -Wno-missing-field-initializers -Wno-unused-parameter -Wdate-time -Wendif-labels -Werror=format=2 -Werror=implicit-function-declaration -Werror=incompatible-pointer-types -Werror=int-conversion -Werror=overflow -Werror=override-init -Werror=return-type -Werror=shift-count-overflow -Werror=shift-overflow=2 -Werror=undef -Wfloat-equal -Wimplicit-fallthrough=5 -Winit-self -Wlogical-op -Wmissing-include-dirs -Wmissing-noreturn -Wnested-externs -Wold-style-definition -Wpointer-arith -Wredundant-decls -Wshadow -Wstrict-aliasing=2 -Wstrict-prototypes -Wsuggest-attribute=noreturn -Wunused-function -Wwrite-strings -Wno-unused-result -fno-stack-protector -fno-strict-aliasing -fpic -fwide-exec-charset=UCS2 -Wall -Wextra -Wsign-compare -nostdlib -std=gnu99 -ffreestanding -fshort-wchar -fvisibility=hidden -isystem /usr/include/efi -isystem /usr/include/efi/ia32 -I /builddir/build/BUILD/systemd-stable-250.7/src/fundamental -DSD_BOOT -DGNU_EFI_USE_MS_ABI -include src/boot/efi/efi_config.h -include version.h -mno-sse -mno-mmx -flto -O2 -flto=auto -../src/fundamental/sha256.c: In function ‘sha256_finish_ctx’: -../src/fundamental/sha256.c:61:25: error: ‘false’ undeclared (first use in this function) - 61 | # define UNALIGNED_P(p) false - | ^~~~~ -../src/fundamental/sha256.c:136:21: note: in expansion of macro ‘UNALIGNED_P’ - 136 | if (UNALIGNED_P(resbuf)) - | ^~~~~~~~~~~ -../src/fundamental/sha256.c:32:1: note: ‘false’ is defined in header ‘’; did you forget to ‘#include ’? - 31 | #include "sha256.h" - +++ |+#include - 32 | -... ---- - src/fundamental/sha256.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/fundamental/sha256.c b/src/fundamental/sha256.c -index 67d83b5f1c..f089594796 100644 ---- a/src/fundamental/sha256.c -+++ b/src/fundamental/sha256.c -@@ -60,7 +60,7 @@ - # define UNALIGNED_P(p) (((size_t) p) % sizeof(uint32_t) != 0) - # endif - #else --# define UNALIGNED_P(p) false -+# define UNALIGNED_P(p) sd_false - #endif - - /* This array contains the bytes used to pad the buffer to the next diff --git a/sources b/sources index 8b282c4..90ddb01 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-250.7.tar.gz) = 99bc6f0c9757b280cb694f3fb4d6fe04d5ce55583eb2bae5ddeb324bb5ee9930c1720fcc27293d90cddba188473653ec541a471ae8115710a5850c26d0ba215d +SHA512 (systemd-250.8.tar.gz) = 653f527f10779a31213da06f7587a3617bd4b823bd3e5a43d626c5a4a7301e4a0fb42cf1fd056d28af6d87e52f258da59d5f0d4a2d98076905f9d3fcda6d18fd diff --git a/systemd.spec b/systemd.spec index d8fae7f..62fac05 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 250.7 +Version: 250.8 Release: 1%{?dist} %else # determine the build information from local checkout @@ -91,7 +91,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Any patches which are "in preparation" upstream should be listed here, rather # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. -Patch0000: 0001-sha256-fix-compilation-on-efi-ia32.patch + # This is a downstream-only patch, but we don't want it in packit builds. # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -1010,6 +1010,10 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Thu Jul 14 2022 Zbigniew Jędrzejewski-Szmek - 250.8-1 +- Latest upstream bugfix version +- Expose /usr/share/user-tmpfiles.d via pkgconfig (#2098553) + * Thu Jun 2 2022 Zbigniew Jędrzejewski-Szmek - 250.7-1 - A bunch of man page fixes, a few memory-access correctness fixes, suppress messages about bpf setup in the user manager (#2084955) From 8b7a753a0a2576b780fcab8ca8dc56341841ffc4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 20 Dec 2022 19:32:04 +0100 Subject: [PATCH 26/33] Version 250.9 - Latest bugfix release with a bunch of fixes (homed, networkd, manager, resolved, documentation): rhbz#2133792, rhbz#2135778, rhbz#2152685, and also #2031810, #2121106. - CVE-2022-4415: systemd: coredump not respecting fs.suid_dumpable kernel setting --- ...ape-invalid-json-data-before-logging.patch | 76 +++++++++++++++++++ sources | 2 +- systemd.spec | 4 +- 3 files changed, 79 insertions(+), 3 deletions(-) create mode 100644 0001-coredump-cescape-invalid-json-data-before-logging.patch diff --git a/0001-coredump-cescape-invalid-json-data-before-logging.patch b/0001-coredump-cescape-invalid-json-data-before-logging.patch new file mode 100644 index 0000000..5071639 --- /dev/null +++ b/0001-coredump-cescape-invalid-json-data-before-logging.patch @@ -0,0 +1,76 @@ +From c5d344ea8b2e8dc6951360a29c5e920199c81c65 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 13 Dec 2022 11:15:17 +0100 +Subject: [PATCH] coredump: cescape invalid json data before logging + +In both cases, the json string is short, so we can print it, which is useful +for diagnosing invalid data in packages. But we need escape non-printable +characters. + +https://bugzilla.redhat.com/show_bug.cgi?id=2152685 + +I went over the rest of the codebase, and it seems that other calls to +json_parse() don't have this problem. + +(cherry picked from commit c5966ab5bf43b4fb45998760beaffa6c7f9e8a9e) +(cherry picked from commit 57ab4e2d47dd7c03113b66b78175242a597bd0dc) +(cherry picked from commit 6208326afb592e901d5fc8cf1b09fb764e1fdb6b) +--- + src/coredump/coredumpctl.c | 8 +++++--- + src/shared/elf-util.c | 7 +++++-- + 2 files changed, 10 insertions(+), 5 deletions(-) + +diff --git a/src/coredump/coredumpctl.c b/src/coredump/coredumpctl.c +index 2904de3728..efdca36f43 100644 +--- a/src/coredump/coredumpctl.c ++++ b/src/coredump/coredumpctl.c +@@ -15,6 +15,7 @@ + #include "bus-util.h" + #include "compress.h" + #include "def.h" ++#include "escape.h" + #include "fd-util.h" + #include "format-table.h" + #include "fs-util.h" +@@ -733,9 +734,10 @@ static int print_info(FILE *file, sd_journal *j, bool need_space) { + _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; + + r = json_parse(pkgmeta_json, 0, &v, NULL, NULL); +- if (r < 0) +- log_warning_errno(r, "json_parse on %s failed, ignoring: %m", pkgmeta_json); +- else { ++ if (r < 0) { ++ _cleanup_free_ char *esc = cescape(pkgmeta_json); ++ log_warning_errno(r, "json_parse on \"%s\" failed, ignoring: %m", strnull(esc)); ++ } else { + const char *module_name; + JsonVariant *module_json; + +diff --git a/src/shared/elf-util.c b/src/shared/elf-util.c +index 644fbae9ce..f9d0e5bc60 100644 +--- a/src/shared/elf-util.c ++++ b/src/shared/elf-util.c +@@ -15,6 +15,7 @@ + #include "dlfcn-util.h" + #include "elf-util.h" + #include "errno-util.h" ++#include "escape.h" + #include "fileio.h" + #include "fd-util.h" + #include "format-util.h" +@@ -328,8 +329,10 @@ static int parse_package_metadata(const char *name, JsonVariant *id_json, Elf *e + _cleanup_(json_variant_unrefp) JsonVariant *v = NULL, *w = NULL; + + r = json_parse(payload, 0, &v, NULL, NULL); +- if (r < 0) +- return log_error_errno(r, "json_parse on %s failed: %m", payload); ++ if (r < 0) { ++ _cleanup_free_ char *esc = cescape(payload); ++ return log_error_errno(r, "json_parse on \"%s\" failed: %m", strnull(esc)); ++ } + + /* First pretty-print to the buffer, so that the metadata goes as + * plaintext in the journal. */ +-- +2.38.1 + diff --git a/sources b/sources index 90ddb01..bbff73a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-250.8.tar.gz) = 653f527f10779a31213da06f7587a3617bd4b823bd3e5a43d626c5a4a7301e4a0fb42cf1fd056d28af6d87e52f258da59d5f0d4a2d98076905f9d3fcda6d18fd +SHA512 (systemd-250.9.tar.gz) = d3f044ec538b7e6b1ada39e21d239b376b468f0be40039be658aafcc7d9a0227381ab9541d1d994dd6e17530e3dcbf0aba722f68bbf609aa1953b9664cf6dd8e diff --git a/systemd.spec b/systemd.spec index 62fac05..410c40b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 250.8 +Version: 250.9 Release: 1%{?dist} %else # determine the build information from local checkout @@ -91,7 +91,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Any patches which are "in preparation" upstream should be listed here, rather # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. - +Patch0001: 0001-coredump-cescape-invalid-json-data-before-logging.patch # This is a downstream-only patch, but we don't want it in packit builds. # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From aa4c1caf966de7358cac7275c7f118d7e5df5b63 Mon Sep 17 00:00:00 2001 From: Nicolas Chauvet Date: Fri, 18 Nov 2022 19:45:03 +0100 Subject: [PATCH 27/33] Fixup patch for scheduler Signed-off-by: Nicolas Chauvet --- use-bfq-scheduler.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/use-bfq-scheduler.patch b/use-bfq-scheduler.patch index c1a44e9..3a12b92 100644 --- a/use-bfq-scheduler.patch +++ b/use-bfq-scheduler.patch @@ -23,7 +23,7 @@ index 0000000000..480b941761 @@ -0,0 +1,5 @@ +# do not edit this file, it will be overwritten on update + -+ACTION=="add", SUBSYSTEM=="block", \ ++ACTION=="add", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", \ + KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \ + ATTR{queue/scheduler}="bfq" diff --git a/rules.d/meson.build b/rules.d/meson.build From a69e3c53bff61c4e82101e3ad7bd40cd2993e846 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 29 Jan 2023 16:42:05 +0100 Subject: [PATCH 28/33] Add forgotten changelog entry F36 is not using rpmautospec :( --- systemd.spec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/systemd.spec b/systemd.spec index 410c40b..312afb3 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1010,6 +1010,13 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Tue Dec 20 2022 Zbigniew Jedrzejewski-Szmek - 250.9-1 +- Latest bugfix release with a bunch of fixes (homed, networkd, manager, + resolved, documentation): rhbz#2133792, rhbz#2135778, rhbz#2152685, + and also #2031810, #2121106. +- CVE-2022-4415: systemd: coredump not respecting fs.suid_dumpable kernel + setting + * Thu Jul 14 2022 Zbigniew Jędrzejewski-Szmek - 250.8-1 - Latest upstream bugfix version - Expose /usr/share/user-tmpfiles.d via pkgconfig (#2098553) From 5be6189564aed0067bfa363c9b3ca4e44d80a745 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 12 Apr 2022 09:50:37 +0200 Subject: [PATCH 29/33] Do not touch /etc/resolv.conf on upgrades (cherry-picked from 4047e4fb7bb76f2578989e98de276e9ceb4e94b9) --- systemd.spec | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index 312afb3..bc08dd4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 250.9 -Release: 1%{?dist} +Release: 2%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -917,7 +917,8 @@ if [ $1 -eq 0 ] ; then fi %post resolved -[ $1 -gt 1 ] && exit 0 +[ $1 -eq 1 ] || exit 0 +# Initial installation # Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263 if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then @@ -928,6 +929,9 @@ fi %systemd_post systemd-resolved.service %posttrans resolved +[ $1 -eq 1 ] || exit 0 +# Initial installation + # Create /etc/resolv.conf symlink. # We would also create it using tmpfiles, but let's do this here # too before NetworkManager gets a chance. (systemd-tmpfiles invocation above @@ -1010,6 +1014,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Sun Jan 29 2023 Zbigniew Jedrzejewski-Szmek - 250.9-2 +- Do not touch /etc/resolv.conf on upgrades (#2074122) + * Tue Dec 20 2022 Zbigniew Jedrzejewski-Szmek - 250.9-1 - Latest bugfix release with a bunch of fixes (homed, networkd, manager, resolved, documentation): rhbz#2133792, rhbz#2135778, rhbz#2152685, From 08af0db2a35f6339fa8e8ecda537b3452bb408b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 14 Oct 2022 16:18:53 +0200 Subject: [PATCH 30/33] Fix upgrade detection in %posttrans scriptlet (rhbz#2115094) 4047e4fb7bb76f2578989e98de276e9ceb4e94b9 got things very wrong. The trick with "[ $1 -eq 1 ]" doesn't work for transaction triggers because the argument is not provided by rpm. We need to use a state file to propagate the information from %post to %posttrans. (cherry picked from commit bab6dfc23a915a4daee2dc6b215df8171a66f2a5) --- systemd.spec | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/systemd.spec b/systemd.spec index bc08dd4..9f4972c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -920,6 +920,8 @@ fi [ $1 -eq 1 ] || exit 0 # Initial installation +touch %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation + # Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263 if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd." @@ -929,14 +931,17 @@ fi %systemd_post systemd-resolved.service %posttrans resolved -[ $1 -eq 1 ] || exit 0 +[ -e %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation ] || exit 0 +rm %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation # Initial installation # Create /etc/resolv.conf symlink. -# We would also create it using tmpfiles, but let's do this here -# too before NetworkManager gets a chance. (systemd-tmpfiles invocation above -# does not do this, because it's marked with ! and we don't specify --boot.) -# https://bugzilla.redhat.com/show_bug.cgi?id=1873856 +# (https://bugzilla.redhat.com/show_bug.cgi?id=1873856) +# +# We would also create it using tmpfiles, but let's do this here too +# before NetworkManager gets a chance. (systemd-tmpfiles invocation +# above does not do this, because the line is marked with ! and +# tmpfiles is invoked without --boot in the scriptlet.) # # *Create* the symlink if nothing is present yet. # (https://bugzilla.redhat.com/show_bug.cgi?id=2032085) From 5788784598e9d6b3f6535d3027c269537af6384e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 1 Feb 2023 18:02:55 +0100 Subject: [PATCH 31/33] Version 250.10 --- ...ape-invalid-json-data-before-logging.patch | 76 ------------------- sources | 2 +- systemd.spec | 13 +++- 3 files changed, 10 insertions(+), 81 deletions(-) delete mode 100644 0001-coredump-cescape-invalid-json-data-before-logging.patch diff --git a/0001-coredump-cescape-invalid-json-data-before-logging.patch b/0001-coredump-cescape-invalid-json-data-before-logging.patch deleted file mode 100644 index 5071639..0000000 --- a/0001-coredump-cescape-invalid-json-data-before-logging.patch +++ /dev/null @@ -1,76 +0,0 @@ -From c5d344ea8b2e8dc6951360a29c5e920199c81c65 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 13 Dec 2022 11:15:17 +0100 -Subject: [PATCH] coredump: cescape invalid json data before logging - -In both cases, the json string is short, so we can print it, which is useful -for diagnosing invalid data in packages. But we need escape non-printable -characters. - -https://bugzilla.redhat.com/show_bug.cgi?id=2152685 - -I went over the rest of the codebase, and it seems that other calls to -json_parse() don't have this problem. - -(cherry picked from commit c5966ab5bf43b4fb45998760beaffa6c7f9e8a9e) -(cherry picked from commit 57ab4e2d47dd7c03113b66b78175242a597bd0dc) -(cherry picked from commit 6208326afb592e901d5fc8cf1b09fb764e1fdb6b) ---- - src/coredump/coredumpctl.c | 8 +++++--- - src/shared/elf-util.c | 7 +++++-- - 2 files changed, 10 insertions(+), 5 deletions(-) - -diff --git a/src/coredump/coredumpctl.c b/src/coredump/coredumpctl.c -index 2904de3728..efdca36f43 100644 ---- a/src/coredump/coredumpctl.c -+++ b/src/coredump/coredumpctl.c -@@ -15,6 +15,7 @@ - #include "bus-util.h" - #include "compress.h" - #include "def.h" -+#include "escape.h" - #include "fd-util.h" - #include "format-table.h" - #include "fs-util.h" -@@ -733,9 +734,10 @@ static int print_info(FILE *file, sd_journal *j, bool need_space) { - _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; - - r = json_parse(pkgmeta_json, 0, &v, NULL, NULL); -- if (r < 0) -- log_warning_errno(r, "json_parse on %s failed, ignoring: %m", pkgmeta_json); -- else { -+ if (r < 0) { -+ _cleanup_free_ char *esc = cescape(pkgmeta_json); -+ log_warning_errno(r, "json_parse on \"%s\" failed, ignoring: %m", strnull(esc)); -+ } else { - const char *module_name; - JsonVariant *module_json; - -diff --git a/src/shared/elf-util.c b/src/shared/elf-util.c -index 644fbae9ce..f9d0e5bc60 100644 ---- a/src/shared/elf-util.c -+++ b/src/shared/elf-util.c -@@ -15,6 +15,7 @@ - #include "dlfcn-util.h" - #include "elf-util.h" - #include "errno-util.h" -+#include "escape.h" - #include "fileio.h" - #include "fd-util.h" - #include "format-util.h" -@@ -328,8 +329,10 @@ static int parse_package_metadata(const char *name, JsonVariant *id_json, Elf *e - _cleanup_(json_variant_unrefp) JsonVariant *v = NULL, *w = NULL; - - r = json_parse(payload, 0, &v, NULL, NULL); -- if (r < 0) -- return log_error_errno(r, "json_parse on %s failed: %m", payload); -+ if (r < 0) { -+ _cleanup_free_ char *esc = cescape(payload); -+ return log_error_errno(r, "json_parse on \"%s\" failed: %m", strnull(esc)); -+ } - - /* First pretty-print to the buffer, so that the metadata goes as - * plaintext in the journal. */ --- -2.38.1 - diff --git a/sources b/sources index bbff73a..c502200 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-250.9.tar.gz) = d3f044ec538b7e6b1ada39e21d239b376b468f0be40039be658aafcc7d9a0227381ab9541d1d994dd6e17530e3dcbf0aba722f68bbf609aa1953b9664cf6dd8e +SHA512 (systemd-250.10.tar.gz) = 1453be225411af46670852d6f7fb64e6b8b85a1bc521fafbc0134f2107145997fb241a88e1018a029b73bcd74bb79ebe67b71507f8d90c3921bc39fd486f1799 diff --git a/systemd.spec b/systemd.spec index 9f4972c..9af8bb5 100644 --- a/systemd.spec +++ b/systemd.spec @@ -30,8 +30,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 250.9 -Release: 2%{?dist} +Version: 250.10 +Release: 1%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -91,7 +91,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Any patches which are "in preparation" upstream should be listed here, rather # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. -Patch0001: 0001-coredump-cescape-invalid-json-data-before-logging.patch + # This is a downstream-only patch, but we don't want it in packit builds. # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 @@ -1019,7 +1019,12 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog -* Sun Jan 29 2023 Zbigniew Jedrzejewski-Szmek - 250.9-2 +* Wed Feb 1 2023 Zbigniew Jedrzejewski-Szmek - 250.10-1 +- Various small fixes (compilation fixes with new kernel headers, gcc, + -D_FORTIFY_SOURCE=3, allow swap endianness change, fixes to output and logs, + various fixlets in systemd-resolved, other small issues). + +* Sun Jan 29 2023 Zbigniew Jedrzejewski-Szmek - 250.10-1 - Do not touch /etc/resolv.conf on upgrades (#2074122) * Tue Dec 20 2022 Zbigniew Jedrzejewski-Szmek - 250.9-1 From f377b012f246a3d0e79a186959b9731f4c26d40a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 2 Feb 2023 13:08:13 +0100 Subject: [PATCH 32/33] Revert patch that causes selinux avcs --- ...ow-systemd-userdbd-to-change-process.patch | 28 +++++++++++++++++++ systemd.spec | 1 + 2 files changed, 29 insertions(+) create mode 100644 0001-Revert-units-allow-systemd-userdbd-to-change-process.patch diff --git a/0001-Revert-units-allow-systemd-userdbd-to-change-process.patch b/0001-Revert-units-allow-systemd-userdbd-to-change-process.patch new file mode 100644 index 0000000..8d1db4a --- /dev/null +++ b/0001-Revert-units-allow-systemd-userdbd-to-change-process.patch @@ -0,0 +1,28 @@ +From cc89389775b230e51d6e7a7e3e65f8a1928dbf2b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 2 Feb 2023 13:03:32 +0100 +Subject: [PATCH] Revert "units: allow systemd-userdbd to change process name" + +This reverts commit 9357d2342981a8b4fcfa2d170b7749c27d364fdd. + +https://bugzilla.redhat.com/show_bug.cgi?id=2166509 +--- + units/systemd-userdbd.service.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/units/systemd-userdbd.service.in b/units/systemd-userdbd.service.in +index b57661100c..84dea04f55 100644 +--- a/units/systemd-userdbd.service.in ++++ b/units/systemd-userdbd.service.in +@@ -16,7 +16,7 @@ Before=sysinit.target + DefaultDependencies=no + + [Service] +-CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_RESOURCE ++CapabilityBoundingSet=CAP_DAC_READ_SEARCH + ExecStart={{ROOTLIBEXECDIR}}/systemd-userdbd + IPAddressDeny=any + LimitNOFILE={{HIGH_RLIMIT_NOFILE}} +-- +2.39.1 + diff --git a/systemd.spec b/systemd.spec index 9af8bb5..80d6316 100644 --- a/systemd.spec +++ b/systemd.spec @@ -92,6 +92,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # than in the next section. Packit CI will drop any patches in this range before # applying upstream pull requests. +Patch0001: 0001-Revert-units-allow-systemd-userdbd-to-change-process.patch # This is a downstream-only patch, but we don't want it in packit builds. # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 From 53cd77523ed684f5e9da89cb4bc6c3a9a98996c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 2 Feb 2023 13:09:43 +0100 Subject: [PATCH 33/33] Revert one patch that is causing selinux troubles --- systemd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index 80d6316..a1ef68b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -31,7 +31,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} Version: 250.10 -Release: 1%{?dist} +Release: 2%{?dist} %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -1020,6 +1020,9 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Thu Feb 2 2023 Zbigniew Jedrzejewski-Szmek - 250.10-2 +- Revert one patch that is causing selinux troubles (#2166509 reported in F37) + * Wed Feb 1 2023 Zbigniew Jedrzejewski-Szmek - 250.10-1 - Various small fixes (compilation fixes with new kernel headers, gcc, -D_FORTIFY_SOURCE=3, allow swap endianness change, fixes to output and logs,