Version 251.19

... (rhbz#2242219)

0002-test-mountpoint-util-support-running-on-a-mount-name.patch

@@ -1,64 +0,0 @@
-From b13268dc09eed68426c2e68a402c96b93f8b0fff Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Mon, 12 Sep 2022 04:57:17 +0900
-Subject: [PATCH] test-mountpoint-util: support running on a mount namespace
- with another mount on /proc
-
-Fixes #11505.
----
- src/test/test-mountpoint-util.c | 30 +++++++++++++++++++++---------
- 1 file changed, 21 insertions(+), 9 deletions(-)
-
-diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
-index 92eed0be62..391e1c97ba 100644
---- a/src/test/test-mountpoint-util.c
-+++ b/src/test/test-mountpoint-util.c
-@@ -83,24 +83,36 @@ TEST(mnt_id) {
- 
-         HASHMAP_FOREACH_KEY(p, k, h) {
-                 int mnt_id = PTR_TO_INT(k), mnt_id2;
-+                const char *q;
- 
-                 r = path_get_mnt_id(p, &mnt_id2);
-                 if (r < 0) {
--                        log_debug_errno(r, "Failed to get the mnt id of %s: %m\n", p);
-+                        log_debug_errno(r, "Failed to get the mnt id of %s: %m", p);
-                         continue;
-                 }
- 
-                 if (mnt_id == mnt_id2) {
--                        log_debug("mnt ids of %s is %i\n", p, mnt_id);
-+                        log_debug("mnt ids of %s is %i.", p, mnt_id);
-                         continue;
-                 } else
--                        log_debug("mnt ids of %s are %i, %i\n", p, mnt_id, mnt_id2);
--
--                /* The ids don't match? If so, then there are two mounts on the same path, let's check if
--                 * that's really the case */
--                char *t = hashmap_get(h, INT_TO_PTR(mnt_id2));
--                log_debug("the other path for mnt id %i is %s\n", mnt_id2, t);
--                assert_se(path_equal(p, t));
-+                        log_debug("mnt ids of %s are %i (from /proc/self/mountinfo), %i (from path_get_mnt_id()).", p, mnt_id, mnt_id2);
-+
-+                /* The ids don't match? This can easily happen e.g. running with "unshare --mount-proc".
-+                 * See #11505. */
-+                assert_se(q = hashmap_get(h, INT_TO_PTR(mnt_id2)));
-+
-+                assert_se((r = path_is_mount_point(p, NULL, 0)) >= 0);
-+                if (r == 0) {
-+                        /* If the path is not a mount point anymore, then it must be a sub directory of
-+                         * the path corresponds to mnt_id2. */
-+                        log_debug("The path %s for mnt id %i is not a mount point.", p, mnt_id2);
-+                        assert_se(!isempty(path_startswith(p, q)));
-+                } else {
-+                        /* If the path is still a mount point, then it must be equivalent to the path
-+                         * corresponds to mnt_id2 */
-+                        log_debug("There are multiple mounts on the same path %s.", p);
-+                        assert_se(path_equal(p, q));
-+                }
-         }
- }
- 
--- 
-2.37.2
-

sources

@@ -1 +1 @@
-SHA512 (systemd-251.5.tar.gz) = 2c645a694d45a2670920115529c5f34001153dafe26e5c4e65f8d1a37922a351569d056fc002f1af72dfc173988f93e11893460f64b497e3d5fc339083dcb2fa
+SHA512 (systemd-251.19.tar.gz) = a1bd8f449e2ec92e823eae81a002b2da7e008bdcaeeac2c9c381eee42d58990d277994062541c4ba7721bb581b5f2147c9b9af2af611edc2a0d578dc2d08eb4c

split-files.py

@@ -17,6 +17,7 @@ def files(root):
 
 o_libs = open('.file-list-libs', 'w')
 o_udev = open('.file-list-udev', 'w')
+o_boot = open('.file-list-boot', 'w')
 o_pam = open('.file-list-pam', 'w')
 o_rpm_macros = open('.file-list-rpm-macros', 'w')
 o_devel = open('.file-list-devel', 'w')
@@ -101,7 +102,6 @@ for file in files(buildroot):
                        hwdb|
                        bootctl|
                        boot-update|
-                       sd-boot|systemd-boot\.|loader.conf|
                        bless-boot|
                        boot-system-token|
                        kernel-install|
@@ -130,7 +130,6 @@ for file in files(buildroot):
                        integritytab|
                        remount-fs|
                        /boot$|
-                       /boot/efi|
                        /kernel/|
                        /kernel$|
                        /modprobe.d|
@@ -144,6 +143,11 @@ for file in files(buildroot):
                        # confused if those user-facing binaries are not available.
         o = o_udev
 
+    elif re.search(r'''/boot/efi|
+                       sd-boot|systemd-boot\.|loader.conf
+    ''', n, re.X):
+        o = o_boot
+
     elif re.search(r'''resolved|resolve1|
                        systemd-resolve|
                        resolvconf|

systemd.spec

@@ -1,8 +1,6 @@
 #global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa
 %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})}
 
-%global stable 1
-
 # We ship a .pc file but don't want to have a dep on pkg-config. We
 # strip the automatically generated dep here and instead co-own the
 # directory.
@@ -28,17 +26,19 @@
 %bcond_with    inplace
 
 Name:           systemd
-Url:            https://www.freedesktop.org/wiki/Software/systemd
+Url:            https://systemd.io
 %if %{without inplace}
-Version:        251.5
+Version:        251.19
 %else
 # determine the build information from local checkout
 Version:        %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')
 %endif
-Release:        %autorelease -b 28
+Release:        %autorelease
+
+%global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?)
 
 # For a breakdown of the licensing, see README
-License:        LGPLv2+ and MIT and GPLv2+
+License:        LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later
 Summary:        System and Service Manager
 
 # download tarballs with "spectool -g systemd.spec"
@@ -89,8 +89,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[
 # than in the next section. Packit CI will drop any patches in this range before
 # applying upstream pull requests.
 
-# PR https://github.com/systemd/systemd/pull/24639
-Patch0002:      0002-test-mountpoint-util-support-running-on-a-mount-name.patch
 
 # Those are downstream-only patches, but we don't want them in packit builds:
 # https://bugzilla.redhat.com/show_bug.cgi?id=1738828
@@ -183,7 +181,7 @@ Requires:       %{name}-libs = %{version}-%{release}
 %{?fedora:Recommends:     %{name}-resolved = %{version}-%{release}}
 Recommends:     diffutils
 Requires:       (util-linux-core or util-linux)
-Recommends:     libxkbcommon%{?_isa}
+Recommends:     libxkbcommon%{_isa}
 Provides:       /bin/systemctl
 Provides:       /sbin/shutdown
 Provides:       syslog
@@ -206,6 +204,8 @@ Provides:       %{name}-tmpfiles = %{version}-%{release}
 Conflicts:      %{name}-standalone-sysusers < %{version}-%{release}^
 Provides:       %{name}-sysusers = %{version}-%{release}
 
+Requires:       (selinux-policy-any >= 37.18-1.fc37 if selinux-policy-any)
+
 # Recommends to replace normal Requires deps for stuff that is dlopen()ed
 Recommends:     libidn2.so.0%{?elf_suffix}
 Recommends:     libidn2.so.0(IDN2_0.0.0)%{?elf_bits}
@@ -238,12 +238,12 @@ utilities to control basic system configuration like the hostname, date, locale,
 maintain a list of logged-in users, system accounts, runtime directories and
 settings, and a logging daemons.
 %if 0%{?stable}
-This package was built from the %{version}-stable branch of systemd.
+This package was built from the %(c=%version; echo "v${c%.*}-stable") branch of systemd.
 %endif
 
 %package libs
 Summary:        systemd libraries
-License:        LGPLv2+ and MIT
+License:        LGPL-2.1-or-later AND MIT
 Obsoletes:      libudev < 183
 Obsoletes:      systemd < 185-4
 Conflicts:      systemd < 185-4
@@ -275,8 +275,8 @@ for information how to use those macros.
 
 %package devel
 Summary:        Development headers for systemd
-License:        LGPLv2+ and MIT
-Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
+License:        LGPL-2.1-or-later AND MIT
+Requires:       %{name}-libs%{_isa} = %{version}-%{release}
 Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build)
 Provides:       libudev-devel = %{version}
 Provides:       libudev-devel%{_isa} = %{version}
@@ -288,9 +288,9 @@ to libudev or libsystemd.
 
 %package udev
 Summary: Rule-based device node and kernel event manager
-License:        LGPLv2+
+License:        LGPL-2.1-or-later
 
-Requires:       systemd%{?_isa} = %{version}-%{release}
+Requires:       systemd%{_isa} = %{version}-%{release}
 Requires(post):   systemd
 Requires(preun):  systemd
 Requires(postun): systemd
@@ -328,6 +328,11 @@ Requires:       kbd
 Provides:       u2f-hidraw-policy = 1.0.2-40
 Obsoletes:      u2f-hidraw-policy < 1.0.2-40
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=2176263
+%if 0%{?have_gnu_efi}
+Requires:       systemd-boot-unsigned%{_isa} = %version-%release
+%endif
+
 %description udev
 This package contains systemd-udev and the rules and hardware database needed to
 manage device nodes. This package is necessary on physical machines and in
@@ -338,10 +343,32 @@ This package also provides systemd-timesyncd, a network time protocol daemon.
 It also contains tools to manage encrypted home areas and secrets bound to the
 machine, and to create or grow partitions and make file systems automatically.
 
+%if 0%{?have_gnu_efi}
+%package boot-unsigned
+Summary: UEFI boot manager (unsigned version)
+
+Provides: systemd-boot-unsigned-%{efi_arch} = %version-%release
+Provides: systemd-boot = %version-%release
+Provides: systemd-boot%{_isa} = %version-%release
+# A provides with just the version, no release or dist, used to build systemd-boot
+Provides: version(systemd-boot-unsigned) = %version
+Provides: version(systemd-boot-unsigned)%{_isa} = %version
+
+%description boot-unsigned
+systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a
+graphical menu to select the entry to boot and an editor for the kernel command
+line. systemd-boot supports systems with UEFI firmware only.
+
+This package contains an unsigned version.
+
+This package also contains the systemd-stub (short: sd-stub) which is used to
+build Unified Kernel Images (UKIs).
+%endif
+
 %package container
 # Name is the same as in Debian
 Summary: Tools for containers and VMs
-Requires:       %{name}%{?_isa} = %{version}-%{release}
+Requires:       %{name}%{_isa} = %{version}-%{release}
 Requires(post):   systemd
 Requires(preun):  systemd
 Requires(postun): systemd
@@ -349,7 +376,7 @@ Requires(postun): systemd
 Obsoletes:      %{name} < 229-5
 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040)
 Suggests:       libcurl-minimal
-License:        LGPLv2+
+License:        LGPL-2.1-or-later
 
 %description container
 Systemd tools to spawn and manage containers and virtual machines.
@@ -360,8 +387,8 @@ systemd-importd.
 %package journal-remote
 # Name is the same as in Debian
 Summary:        Tools to send journal events over the network
-Requires:       %{name}%{?_isa} = %{version}-%{release}
-License:        LGPLv2+
+Requires:       %{name}%{_isa} = %{version}-%{release}
+License:        LGPL-2.1-or-later
 Requires:       firewalld-filesystem
 Provides:       %{name}-journal-gateway = %{version}-%{release}
 Provides:       %{name}-journal-gateway%{_isa} = %{version}-%{release}
@@ -378,8 +405,8 @@ systemd-journal-upload.
 
 %package networkd
 Summary:        System daemon that manages network configurations
-Requires:       %{name}%{?_isa} = %{version}-%{release}
-License:        LGPLv2+
+Requires:       %{name}%{_isa} = %{version}-%{release}
+License:        LGPL-2.1-or-later
 # https://src.fedoraproject.org/rpms/systemd/pull-request/34
 Obsoletes:      systemd < 246.6-2
 
@@ -390,7 +417,7 @@ devices.
 
 %package resolved
 Summary:        Network Name Resolution manager
-Requires:       %{name}%{?_isa} = %{version}-%{release}
+Requires:       %{name}%{_isa} = %{version}-%{release}
 Obsoletes:      %{name} < 249~~
 Requires:       libidn2.so.0%{?elf_suffix}
 Requires:       libidn2.so.0(IDN2_0.0.0)%{?elf_bits}
@@ -404,7 +431,7 @@ resolver, as well as an LLMNR and MulticastDNS resolver and responder.
 %package oomd-defaults
 Summary:        Configuration files for systemd-oomd
 Requires:       %{name} = %{version}-%{release}
-License:        LGPLv2+
+License:        LGPL-2.1-or-later
 BuildArch:      noarch
 
 %description oomd-defaults
@@ -413,32 +440,32 @@ a userspace out-of-memory (OOM) killer.
 
 %package tests
 Summary:       Internal unit tests for systemd
-Requires:      %{name}%{?_isa} = %{version}-%{release}
-License:       LGPLv2+
+Requires:      %{name}%{_isa} = %{version}-%{release}
+License:       LGPL-2.1-or-later
 
 %description tests
 "Installed tests" that are usually run as part of the build system. They can be
 useful to test systemd internals.
 
 %package standalone-tmpfiles
-Summary:       Standalone tmpfiles binary for use in non-systemd systems
+Summary:       Standalone systemd-tmpfiles binary for use on systems without systemd
 Provides:      %{name}-tmpfiles = %{version}-%{release}
 RemovePathPostfixes: .standalone
 
 %description standalone-tmpfiles
-Standalone tmpfiles binary with no dependencies on the systemd-shared library or
+Standalone systemd-tmpfiles binary with no dependencies on the systemd-shared library or
 other libraries from systemd-libs. This package conflicts with the main systemd
-package and is meant for use in non-systemd systems.
+package and is meant for use on systems without systemd.
 
 %package standalone-sysusers
-Summary:       Standalone sysusers binary for use in non-systemd systems
+Summary:       Standalone systemd-sysusers binary for use on systems without systemd
 Provides:      %{name}-sysusers = %{version}-%{release}
 RemovePathPostfixes: .standalone
 
 %description standalone-sysusers
-Standalone sysusers binary with no dependencies on the systemd-shared library or
+Standalone systemd-sysusers binary with no dependencies on the systemd-shared library or
 other libraries from systemd-libs. This package conflicts with the main systemd
-package and is meant for use in non-systemd systems.
+package and is meant for use on systems without systemd.
 
 %prep
 %autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1
@@ -447,6 +474,9 @@ test -f src/login/systemd-user.in
 # Restore systemd-user pam config from before "removal of Fedora-specific bits".
 # We'll systemd process it and install in the right place.
 cp %{SOURCE12} src/login/systemd-user.in
+# We want to update sd-boot from packaging scriptlets after package update.
+# Let's disable the service.
+sed -r -i '/^enable systemd-boot-update.service/d' presets/90-systemd.preset
 
 %build
 %global ntpvendor %(source /etc/os-release; echo ${ID})
@@ -659,7 +689,6 @@ install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3}
 
 # systemd-oomd default configuration
 install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14}
-install -Dm0644 -t %{buildroot}%{system_unit_dir}/user-.slice.d/ %{SOURCE15}
 install -Dm0644 -t %{buildroot}%{system_unit_dir}/system.slice.d/ %{SOURCE15}
 install -Dm0644 -t %{buildroot}%{user_unit_dir}/slice.d/ %{SOURCE15}
 
@@ -908,6 +937,8 @@ fi
 [ $1 -eq 1 ] || exit 0
 # Initial installation
 
+touch %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation
+
 # Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263
 if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then
     echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd."
@@ -917,14 +948,17 @@ fi
 %systemd_post systemd-resolved.service
 
 %posttrans resolved
-[ $1 -eq 1 ] || exit 0
+[ -e %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation ] || exit 0
+rm %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation
 # Initial installation
 
 # Create /etc/resolv.conf symlink.
-# We would also create it using tmpfiles, but let's do this here
-# too before NetworkManager gets a chance. (systemd-tmpfiles invocation above
-# does not do this, because it's marked with ! and we don't specify --boot.)
-# https://bugzilla.redhat.com/show_bug.cgi?id=1873856
+# (https://bugzilla.redhat.com/show_bug.cgi?id=1873856)
+#
+# We would also create it using tmpfiles, but let's do this here too
+# before NetworkManager gets a chance. (systemd-tmpfiles invocation
+# above does not do this, because the line is marked with ! and
+# tmpfiles is invoked without --boot in the scriptlet.)
 #
 # *Create* the symlink if nothing is present yet.
 # (https://bugzilla.redhat.com/show_bug.cgi?id=2032085)
@@ -986,6 +1020,10 @@ fi
 
 %files udev -f .file-list-udev
 
+%if 0%{?have_gnu_efi}
+%files boot-unsigned -f .file-list-boot
+%endif
+
 %files container -f .file-list-container
 %ghost %dir %attr(0700,-,-) /var/lib/machines
 

sysusers.generate-pre.sh

@@ -1,92 +1,96 @@
 #!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: true; tab-width: 4; -*-
 
 # This script turns sysuser.d files into scriptlets mandated by Fedora
 # packaging guidelines. The general idea is to define users using the
 # declarative syntax but to turn this into traditional scriptlets.
 
 user() {
-    user="$1"
-    uid="$2"
-    desc="$3"
-    group="$4"
-    home="$5"
-    shell="$6"
+	user="$1"
+	uid="$2"
+	desc="$3"
+	group="$4"
+	home="$5"
+	shell="$6"
 
-    [ "$desc" = '-' ] && desc=
-    { [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/
-    { [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/usr/sbin/nologin
+	[ "$desc" = '-' ] && desc=
+	{ [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/
+	{ [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/usr/sbin/nologin
 
-    if [ "$uid" = '-' ] || [ "$uid" = '' ]; then
-        cat <<EOF
-getent passwd '$user' >/dev/null || \\
-    useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || :
-EOF
-    else
-        cat <<EOF
-if ! getent passwd '$user' >/dev/null; then
-    if ! getent passwd '$uid' >/dev/null; then
-        useradd -r -u '$uid' -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || :
-    else
-        useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || :
-    fi
-fi
+	if [ "$uid" = '-' ] || [ "$uid" = '' ]; then
+		cat <<-EOF
+		getent passwd '$user' >/dev/null || \\
+			useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || :
+		EOF
+	else
+		cat <<-EOF
+		if ! getent passwd '$user' >/dev/null; then
+			if ! getent passwd '$uid' >/dev/null; then
+			useradd -r -u '$uid' -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || :
+			else
+			useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || :
+			fi
+		fi
 
-EOF
-    fi
+		EOF
+	fi
 }
 
 group() {
-    group="$1"
-    gid="$2"
+	group="$1"
+	gid="$2"
 
-    if [ "$gid" = '-' ]; then
-        cat <<-EOF
-	getent group '$group' >/dev/null || groupadd -r '$group' || :
-	EOF
-    else
-        cat <<-EOF
-	getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' || :
-	EOF
-    fi
+	if [ "$gid" = '-' ]; then
+		cat <<-EOF
+		getent group '$group' >/dev/null || groupadd -r '$group' || :
+		EOF
+	else
+		cat <<-EOF
+		getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' || :
+		EOF
+	fi
 }
 
 usermod() {
-    user="$1"
-    group="$2"
+	user="$1"
+	group="$2"
 
-    cat <<-EOF
-if getent group '$group' >/dev/null; then
-    usermod -a -G '$group' '$user' || :
-fi
-    EOF
+	cat <<-EOF
+	if getent group '$group' >/dev/null; then
+		usermod -a -G '$group' '$user' || :
+	fi
+	EOF
 }
 
 parse() {
-    while read -r line || [ -n "$line" ] ; do
-        { [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue
-        line="${line## *}"
-        [ -z "$line" ] && continue
-        eval "arr=( $line )"
-        case "${arr[0]}" in
-            ('u')
-                group "${arr[1]}" "${arr[2]}"
-                user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}"
-                # TODO: user:group support
-                ;;
-            ('g')
-                group "${arr[1]}" "${arr[2]}"
-                ;;
-            ('m')
-                group "${arr[2]}" "-"
-                user "${arr[1]}" "-" "" "${arr[1]}" "" ""
-                usermod "${arr[1]}" "${arr[2]}"
-                ;;
-        esac
-    done
+	while read -r line || [ -n "$line" ] ; do
+		{ [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue
+		line="${line## *}"
+		[ -z "$line" ] && continue
+		eval "arr=( $line )"
+		case "${arr[0]}" in
+			('u')
+				if [[ "${arr[2]}" == *":"* ]]; then
+					user "${arr[1]}" "${arr[2]%:*}" "${arr[3]}" "${arr[2]#*:}" "${arr[4]}" "${arr[5]}"
+				else
+					group "${arr[1]}" "${arr[2]}"
+					user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}"
+				fi
+				;;
+			('g')
+				group "${arr[1]}" "${arr[2]}"
+				;;
+			('m')
+				group "${arr[2]}" "-"
+				user "${arr[1]}" "-" "" "${arr[1]}" "" ""
+				usermod "${arr[1]}" "${arr[2]}"
+				;;
+		esac
+	done
 }
 
 for fn in "$@"; do
-    [ -e "$fn" ] || continue
-    echo "# generated from $(basename "$fn")"
-    parse <"$fn"
+	[ -e "$fn" ] || continue
+	echo "# generated from $(basename "$fn")"
+	parse <"$fn"
 done