From 14ddea439d85bf5b61a9c049c68c10a5bb9837bf Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Mon, 13 Nov 2023 14:52:30 +0100 Subject: [PATCH] systemd-252-19 Resolves: RHEL-1086,RHEL-11040,RHEL-5070,RHEL-7026 --- 0370-ci-Extend-source-git-automation.patch | 223 +++++++++++ ...eme-let-s-also-include-rhel8-schemes.patch | 159 ++++++++ ...Add-table-and-JSON-output-implementa.patch | 368 ++++++++++++++++++ ...Update-man-systemd-analyze.xml-with-.patch | 69 ++++ ...lyze-Add-tab-complete-logic-for-plot.patch | 87 +++++ ...Add-json-table-and-no-legend-tests-f.patch | 34 ++ ...-git-automation-to-validate-reviews-.patch | 95 +++++ ...y-config-replaced-by-Pull-Request-Va.patch | 181 +++++++++ 0378-ci-enable-auto-merge-GH-Action.patch | 84 ++++ 0379-ci-add-missing-permissions.patch | 41 ++ 0380-ci-permissions-write-all.patch | 47 +++ ...clude-.in-files-from-ShellCheck-lint.patch | 33 ++ ...aise-RLIMIT_NOFILE-as-high-as-we-can.patch | 43 ++ systemd.spec | 30 +- 14 files changed, 1493 insertions(+), 1 deletion(-) create mode 100644 0370-ci-Extend-source-git-automation.patch create mode 100644 0371-netif-naming-scheme-let-s-also-include-rhel8-schemes.patch create mode 100644 0372-systemd-analyze-Add-table-and-JSON-output-implementa.patch create mode 100644 0373-systemd-analyze-Update-man-systemd-analyze.xml-with-.patch create mode 100644 0374-systemd-analyze-Add-tab-complete-logic-for-plot.patch create mode 100644 0375-systemd-analyze-Add-json-table-and-no-legend-tests-f.patch create mode 100644 0376-ci-enable-source-git-automation-to-validate-reviews-.patch create mode 100644 0377-ci-remove-Mergify-config-replaced-by-Pull-Request-Va.patch create mode 100644 0378-ci-enable-auto-merge-GH-Action.patch create mode 100644 0379-ci-add-missing-permissions.patch create mode 100644 0380-ci-permissions-write-all.patch create mode 100644 0381-ci-lint-exclude-.in-files-from-ShellCheck-lint.patch create mode 100644 0382-udev-raise-RLIMIT_NOFILE-as-high-as-we-can.patch diff --git a/0370-ci-Extend-source-git-automation.patch b/0370-ci-Extend-source-git-automation.patch new file mode 100644 index 0000000..f032219 --- /dev/null +++ b/0370-ci-Extend-source-git-automation.patch @@ -0,0 +1,223 @@ +From 55d337de1940076855c1687ffd588498d068724e Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Mon, 18 Sep 2023 13:51:43 +0200 +Subject: [PATCH] ci: Extend source-git-automation + +* on schedule and on demand workflows +* Added Tracker validation for Bugzilla and Jira + +rhel-only + +Resolves: RHEL-1086 +--- + .github/advanced-commit-linter.yml | 2 + + .github/tracker-validator.yml | 18 ++++ + .../source-git-automation-on-demand.yml | 100 ++++++++++++++++++ + .github/workflows/source-git-automation.yml | 29 ++++- + 4 files changed, 147 insertions(+), 2 deletions(-) + create mode 100644 .github/tracker-validator.yml + create mode 100644 .github/workflows/source-git-automation-on-demand.yml + +diff --git a/.github/advanced-commit-linter.yml b/.github/advanced-commit-linter.yml +index 0fb74a9dc8..86f0e911f2 100644 +--- a/.github/advanced-commit-linter.yml ++++ b/.github/advanced-commit-linter.yml +@@ -11,6 +11,7 @@ policy: + - 'Resolves: #?' + - 'Related: #?' + - 'Reverts: #?' ++ type: bugzilla + issue-format: + - '\d+$' + url: 'https://bugzilla.redhat.com/show_bug.cgi?id=' +@@ -18,6 +19,7 @@ policy: + - 'Resolves: ' + - 'Related: ' + - 'Reverts: ' ++ type: jira + issue-format: + - 'RHEL-\d+$' + url: 'https://issues.redhat.com/browse/' +diff --git a/.github/tracker-validator.yml b/.github/tracker-validator.yml +new file mode 100644 +index 0000000000..9e43e4e7d5 +--- /dev/null ++++ b/.github/tracker-validator.yml +@@ -0,0 +1,18 @@ ++labels: ++ missing-tracker: tracker/missing ++ invalid-product: tracker/invalid-product ++ invalid-component: tracker/invalid-component ++ unapproved: tracker/unapproved ++products: ++ - Red Hat Enterprise Linux 9 ++ - CentOS Stream 9 ++ - rhel-9.0.0 ++ - rhel-9.2.0 ++ - rhel-9.3.0 ++ - rhel-9.4.0 ++ - rhel-9.5.0 ++ - rhel-9.6.0 ++ - rhel-9.7.0 ++ - rhel-9.8.0 ++ - rhel-9.9.0 ++ - rhel-9.10.0 +diff --git a/.github/workflows/source-git-automation-on-demand.yml b/.github/workflows/source-git-automation-on-demand.yml +new file mode 100644 +index 0000000000..60d7bcf32d +--- /dev/null ++++ b/.github/workflows/source-git-automation-on-demand.yml +@@ -0,0 +1,100 @@ ++--- ++ ++name: Source git Automation Scheduled/On Demand ++on: ++ schedule: ++ # Workflow runs every 15 minutes ++ - cron: '*/15 * * * *' ++ workflow_dispatch: ++ inputs: ++ pr-number: ++ description: 'Pull Request number/s ; when not provided, the workflow will run for all open PRs' ++ required: true ++ default: '0' ++ ++permissions: ++ contents: read ++ ++jobs: ++ # Get all open PRs ++ gather-pull-requests: ++ if: github.repository == 'redhat-plumbers/systemd-rhel9' ++ runs-on: ubuntu-latest ++ ++ outputs: ++ pr-numbers: ${{ steps.get-pr-numbers.outputs.result }} ++ pr-numbers-manual: ${{ steps.parse-manual-input.outputs.result }} ++ ++ steps: ++ - id: get-pr-numbers ++ if: inputs.pr-number == '0' ++ name: Get all open PRs ++ uses: actions/github-script@v6 ++ with: ++ # !FIXME: this is not working if there is more than 100 PRs opened ++ script: | ++ const { data: pullRequests } = await github.rest.pulls.list({ ++ owner: context.repo.owner, ++ repo: context.repo.repo, ++ state: 'open', ++ per_page: 100 ++ }); ++ return pullRequests.map(pr => pr.number); ++ ++ - id: parse-manual-input ++ if: inputs.pr-number != '0' ++ name: Parse manual input ++ run: | ++ # shellcheck disable=SC2086 ++ echo "result="[ ${{ inputs.pr-number }} ]"" >> $GITHUB_OUTPUT ++ shell: bash ++ ++ validate-pr: ++ name: 'Validation of Pull Request #${{ matrix.pr-number }}' ++ needs: [ gather-pull-requests ] ++ runs-on: ubuntu-latest ++ ++ strategy: ++ fail-fast: false ++ matrix: ++ pr-number: ${{ inputs.pr-number == 0 && fromJSON(needs.gather-pull-requests.outputs.pr-numbers) || fromJSON(needs.gather-pull-requests.outputs.pr-numbers-manual) }} ++ ++ permissions: ++ statuses: write ++ checks: write ++ pull-requests: write ++ ++ steps: ++ - name: Repository checkout ++ uses: actions/checkout@v3 ++ ++ - id: metadata ++ name: Gather Pull Request Metadata ++ uses: redhat-plumbers-in-action/gather-pull-request-metadata@v1 ++ with: ++ pr-number: ${{ matrix.pr-number }} ++ ++ - id: commit-linter ++ name: Lint Commits ++ uses: redhat-plumbers-in-action/advanced-commit-linter@v2 ++ with: ++ pr-metadata: ${{ steps.metadata.outputs.metadata }} ++ token: ${{ secrets.GITHUB_TOKEN }} ++ ++ # Validates tracker, changes tracker status, updates PR title ++ - id: tracker-validator ++ name: Validate Tracker ++ uses: redhat-plumbers-in-action/tracker-validator@v1 ++ with: ++ pr-metadata: ${{ steps.metadata.outputs.metadata }} ++ component: systemd ++ tracker: ${{ fromJSON(steps.commit-linter.outputs.validated-pr-metadata).validation.tracker.id }} ++ tracker-type: ${{ fromJSON(steps.commit-linter.outputs.validated-pr-metadata).validation.tracker.type }} ++ bugzilla-instance: https://bugzilla.redhat.com ++ bugzilla-api-token: ${{ secrets.BUGZILLA_API_TOKEN }} ++ jira-instance: https://issues.redhat.com ++ jira-api-token: ${{ secrets.JIRA_API_TOKEN }} ++ token: ${{ secrets.GITHUB_TOKEN }} ++ ++ # TODO: merge PR if all checks passed ++ # TODO: add comment to Tracker that PR was merged ... +diff --git a/.github/workflows/source-git-automation.yml b/.github/workflows/source-git-automation.yml +index e653e28a7f..7fabb88a83 100644 +--- a/.github/workflows/source-git-automation.yml ++++ b/.github/workflows/source-git-automation.yml +@@ -12,7 +12,8 @@ jobs: + download-metadata: + if: > + github.event.workflow_run.event == 'pull_request' && +- github.event.workflow_run.conclusion == 'success' ++ github.event.workflow_run.conclusion == 'success' && ++ github.repository == 'redhat-plumbers/systemd-rhel9' + runs-on: ubuntu-latest + + outputs: +@@ -33,13 +34,37 @@ jobs: + validated-pr-metadata: ${{ steps.commit-linter.outputs.validated-pr-metadata }} + + permissions: ++ statuses: write + checks: write + pull-requests: write + + steps: + - id: commit-linter + name: Lint Commits +- uses: redhat-plumbers-in-action/advanced-commit-linter@v1 ++ uses: redhat-plumbers-in-action/advanced-commit-linter@v2 + with: + pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }} + token: ${{ secrets.GITHUB_TOKEN }} ++ ++ # Validates tracker, changes tracker status, updates PR title ++ tracker-validation: ++ needs: [ download-metadata, commit-linter ] ++ runs-on: ubuntu-latest ++ ++ permissions: ++ checks: write ++ pull-requests: write ++ ++ steps: ++ - name: Validate Tracker ++ uses: redhat-plumbers-in-action/tracker-validator@v1 ++ with: ++ pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }} ++ component: systemd ++ tracker: ${{ fromJSON(needs.commit-linter.outputs.validated-pr-metadata).validation.tracker.id }} ++ tracker-type: ${{ fromJSON(needs.commit-linter.outputs.validated-pr-metadata).validation.tracker.type }} ++ bugzilla-instance: https://bugzilla.redhat.com ++ bugzilla-api-token: ${{ secrets.BUGZILLA_API_TOKEN }} ++ jira-instance: https://issues.redhat.com ++ jira-api-token: ${{ secrets.JIRA_API_TOKEN }} ++ token: ${{ secrets.GITHUB_TOKEN }} diff --git a/0371-netif-naming-scheme-let-s-also-include-rhel8-schemes.patch b/0371-netif-naming-scheme-let-s-also-include-rhel8-schemes.patch new file mode 100644 index 0000000..b8e2501 --- /dev/null +++ b/0371-netif-naming-scheme-let-s-also-include-rhel8-schemes.patch @@ -0,0 +1,159 @@ +From dcc59dffa5116bf96618065cd60742cb660224b8 Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn +Date: Fri, 22 Sep 2023 13:28:02 +0200 +Subject: [PATCH] netif-naming-scheme: let's also include rhel8 schemes + +With this patch user in rhel9 can also pick a scheme from rhel8. +This could be useful on in-place upgrades. + +rhel-only +Resolves: RHEL-7026 +--- + man/systemd.net-naming-scheme.xml | 88 +++++++++++++++++++++++++++++++ + src/shared/netif-naming-scheme.c | 10 ++++ + src/shared/netif-naming-scheme.h | 12 +++++ + 3 files changed, 110 insertions(+) + +diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml +index ade4e27e31..c6ab86906a 100644 +--- a/man/systemd.net-naming-scheme.xml ++++ b/man/systemd.net-naming-scheme.xml +@@ -459,6 +459,94 @@ + + + ++ ++ rhel-8.0 ++ ++ Naming was changed for virtual network interfaces created with SR-IOV and NPAR and ++ for devices where the PCI network controller device does not have a slot number associated. ++ ++ SR-IOV virtual devices are named based on the name of the parent interface, with a suffix of ++ vport, where port is the ++ virtual device number. Previously those virtual devices were named as if completely independent. ++ ++ ++ The ninth and later NPAR virtual devices are named following the scheme used for the first ++ eight NPAR partitions. Previously those devices were not renamed and the kernel default ++ ("ethN") was used. ++ ++ Names are also generated for PCI devices where the PCI network controller device does not ++ have an associated slot number itself, but one of its parents does. Previously those devices were ++ not renamed and the kernel default was used. ++ ++ ++ ++ ++ rhel-8.1 ++ ++ Same as naming scheme rhel-8.0. ++ ++ ++ ++ rhel-8.2 ++ ++ Same as naming scheme rhel-8.0. ++ ++ ++ ++ rhel-8.3 ++ ++ Same as naming scheme rhel-8.0. ++ ++ ++ ++ rhel-8.4 ++ ++ If the PCI slot is assocated with PCI bridge and that has multiple child network ++ controllers then all of them might derive the same value of ID_NET_NAME_SLOT ++ property. That could cause naming conflict if the property is selected as a device name. Now, we detect the ++ situation, slot - bridge relation, and we don't produce the ID_NET_NAME_SLOT property to ++ avoid possible naming conflict. ++ ++ ++ ++ rhel-8.5 ++ ++ Same as naming scheme rhel-8.4. ++ ++ ++ ++ rhel-8.6 ++ ++ Same as naming scheme rhel-8.4. ++ ++ ++ ++ rhel-8.7 ++ ++ PCI hotplug slot names for the s390 PCI driver are a hexadecimal representation ++ of the function_id device attribute. This attribute is now used to build the ++ ID_NET_NAME_SLOT. Before that, all slot names were parsed as decimal ++ numbers, which could either result in an incorrect value of the ID_NET_NAME_SLOT ++ property or none at all. ++ ++ Some firmware and hypervisor implementations report unreasonable high numbers for the onboard ++ index. To prevent the generation of bogus onbard interface names, index numbers greater than 16381 ++ (2^14-1) were ignored. For s390 PCI devices index values up to 65535 (2^16-1) are valid. To account ++ for that, the limit is increased to now 65535. ++ ++ ++ ++ rhel-8.8 ++ ++ Same as naming scheme rhel-8.7. ++ ++ ++ ++ rhel-8.9 ++ ++ Same as naming scheme rhel-8.7. ++ ++ + + rhel-9.0 + +diff --git a/src/shared/netif-naming-scheme.c b/src/shared/netif-naming-scheme.c +index 0f50533279..9cfa5ca8e6 100644 +--- a/src/shared/netif-naming-scheme.c ++++ b/src/shared/netif-naming-scheme.c +@@ -25,6 +25,16 @@ static const NamingScheme naming_schemes[] = { + { "v250", NAMING_V250 }, + { "v251", NAMING_V251 }, + { "v252", NAMING_V252 }, ++ { "rhel-8.0", NAMING_RHEL_8_0 }, ++ { "rhel-8.1", NAMING_RHEL_8_1 }, ++ { "rhel-8.2", NAMING_RHEL_8_2 }, ++ { "rhel-8.3", NAMING_RHEL_8_3 }, ++ { "rhel-8.4", NAMING_RHEL_8_4 }, ++ { "rhel-8.5", NAMING_RHEL_8_5 }, ++ { "rhel-8.6", NAMING_RHEL_8_6 }, ++ { "rhel-8.7", NAMING_RHEL_8_7 }, ++ { "rhel-8.8", NAMING_RHEL_8_8 }, ++ { "rhel-8.9", NAMING_RHEL_8_9 }, + { "rhel-9.0", NAMING_RHEL_9_0 }, + { "rhel-9.1", NAMING_RHEL_9_1 }, + { "rhel-9.2", NAMING_RHEL_9_2 }, +diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h +index fb3c8eb9b3..ed45536f65 100644 +--- a/src/shared/netif-naming-scheme.h ++++ b/src/shared/netif-naming-scheme.h +@@ -52,6 +52,18 @@ typedef enum NamingSchemeFlags { + NAMING_V250 = NAMING_V249 | NAMING_XEN_VIF, + NAMING_V251 = NAMING_V250 | NAMING_BRIDGE_MULTIFUNCTION_SLOT, + NAMING_V252 = NAMING_V251 | NAMING_DEVICETREE_ALIASES, ++ ++ NAMING_RHEL_8_0 = NAMING_V239, ++ NAMING_RHEL_8_1 = NAMING_V239, ++ NAMING_RHEL_8_2 = NAMING_V239, ++ NAMING_RHEL_8_3 = NAMING_V239, ++ NAMING_RHEL_8_4 = NAMING_V239 | NAMING_BRIDGE_NO_SLOT, ++ NAMING_RHEL_8_5 = NAMING_RHEL_8_4, ++ NAMING_RHEL_8_6 = NAMING_RHEL_8_4, ++ NAMING_RHEL_8_7 = NAMING_RHEL_8_4 | NAMING_SLOT_FUNCTION_ID | NAMING_16BIT_INDEX, ++ NAMING_RHEL_8_8 = NAMING_RHEL_8_7, ++ NAMING_RHEL_8_9 = NAMING_RHEL_8_7, ++ + NAMING_RHEL_9_0 = NAMING_V250 | NAMING_BRIDGE_MULTIFUNCTION_SLOT, + NAMING_RHEL_9_1 = NAMING_RHEL_9_0, + NAMING_RHEL_9_2 = NAMING_RHEL_9_0, diff --git a/0372-systemd-analyze-Add-table-and-JSON-output-implementa.patch b/0372-systemd-analyze-Add-table-and-JSON-output-implementa.patch new file mode 100644 index 0000000..7a632af --- /dev/null +++ b/0372-systemd-analyze-Add-table-and-JSON-output-implementa.patch @@ -0,0 +1,368 @@ +From f898f9d1290a25d70f2be99f4cf142060ca7ae63 Mon Sep 17 00:00:00 2001 +From: Joshua Zivkovic +Date: Wed, 2 Nov 2022 08:55:50 +0000 +Subject: [PATCH] systemd-analyze: Add table and JSON output implementation to + plot + +(cherry picked from commit ff46b2f97c42d73401ca3ffaaef54a017dc23923) + +Resolves: RHEL-5070 +--- + src/analyze/analyze-plot.c | 168 ++++++++++++++++++++++++++----------- + src/analyze/analyze.c | 36 ++++++-- + src/analyze/analyze.h | 2 + + 3 files changed, 154 insertions(+), 52 deletions(-) + +diff --git a/src/analyze/analyze-plot.c b/src/analyze/analyze-plot.c +index 100bdc3787..24f4add099 100644 +--- a/src/analyze/analyze-plot.c ++++ b/src/analyze/analyze-plot.c +@@ -5,6 +5,7 @@ + #include "analyze-time-data.h" + #include "bus-error.h" + #include "bus-map-properties.h" ++#include "format-table.h" + #include "sort-util.h" + #include "version.h" + +@@ -37,7 +38,7 @@ typedef struct HostInfo { + char *architecture; + } HostInfo; + +-static HostInfo* free_host_info(HostInfo *hi) { ++static HostInfo *free_host_info(HostInfo *hi) { + if (!hi) + return NULL; + +@@ -87,7 +88,7 @@ static int acquire_host_info(sd_bus *bus, HostInfo **hi) { + } + + r = bus_map_all_properties( +- system_bus ?: bus, ++ system_bus ? : bus, + "org.freedesktop.hostname1", + "/org/freedesktop/hostname1", + hostname_map, +@@ -156,15 +157,14 @@ static void svg_graph_box(double height, double begin, double end) { + SCALE_Y * height); + } + } +- + static int plot_unit_times(UnitTimes *u, double width, int y) { + bool b; + + if (!u->name) + return 0; + +- svg_bar("activating", u->activating, u->activated, y); +- svg_bar("active", u->activated, u->deactivating, y); ++ svg_bar("activating", u->activating, u->activated, y); ++ svg_bar("active", u->activated, u->deactivating, y); + svg_bar("deactivating", u->deactivating, u->deactivated, y); + + /* place the text on the left if we have passed the half of the svg width */ +@@ -178,41 +178,27 @@ static int plot_unit_times(UnitTimes *u, double width, int y) { + return 1; + } + +-int verb_plot(int argc, char *argv[], void *userdata) { +- _cleanup_(free_host_infop) HostInfo *host = NULL; +- _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; +- _cleanup_(unit_times_free_arrayp) UnitTimes *times = NULL; +- _cleanup_free_ char *pretty_times = NULL; +- bool use_full_bus = arg_scope == LOOKUP_SCOPE_SYSTEM; +- BootTimes *boot; ++static void limit_times_to_boot(const BootTimes *boot, UnitTimes *u) { ++ if (u->deactivated > u->activating && u->deactivated <= boot->finish_time && u->activated == 0 ++ && u->deactivating == 0) ++ u->activated = u->deactivating = u->deactivated; ++ if (u->activated < u->activating || u->activated > boot->finish_time) ++ u->activated = boot->finish_time; ++ if (u->deactivating < u->activated || u->deactivating > boot->finish_time) ++ u->deactivating = boot->finish_time; ++ if (u->deactivated < u->deactivating || u->deactivated > boot->finish_time) ++ u->deactivated = boot->finish_time; ++} ++ ++static int produce_plot_as_svg( ++ UnitTimes *times, ++ const HostInfo *host, ++ const BootTimes *boot, ++ const char *pretty_times) { ++ int m = 1, y = 0; + UnitTimes *u; +- int n, m = 1, y = 0, r; + double width; + +- r = acquire_bus(&bus, &use_full_bus); +- if (r < 0) +- return bus_log_connect_error(r, arg_transport); +- +- n = acquire_boot_times(bus, &boot); +- if (n < 0) +- return n; +- +- n = pretty_boot_time(bus, &pretty_times); +- if (n < 0) +- return n; +- +- if (use_full_bus || arg_scope != LOOKUP_SCOPE_SYSTEM) { +- n = acquire_host_info(bus, &host); +- if (n < 0) +- return n; +- } +- +- n = acquire_time_data(bus, ×); +- if (n <= 0) +- return n; +- +- typesafe_qsort(times, n, compare_unit_start); +- + width = SCALE_X * (boot->firmware_time + boot->finish_time); + if (width < 800.0) + width = 800.0; +@@ -245,16 +231,8 @@ int verb_plot(int argc, char *argv[], void *userdata) { + if (text_width > text_start && text_width + text_start > width) + width = text_width + text_start; + +- if (u->deactivated > u->activating && +- u->deactivated <= boot->finish_time && +- u->activated == 0 && u->deactivating == 0) +- u->activated = u->deactivating = u->deactivated; +- if (u->activated < u->activating || u->activated > boot->finish_time) +- u->activated = boot->finish_time; +- if (u->deactivating < u->activated || u->deactivating > boot->finish_time) +- u->deactivating = boot->finish_time; +- if (u->deactivated < u->deactivating || u->deactivated > boot->finish_time) +- u->deactivated = boot->finish_time; ++ limit_times_to_boot(boot, u); ++ + m++; + } + +@@ -391,5 +369,101 @@ int verb_plot(int argc, char *argv[], void *userdata) { + + svg("\n"); + ++ return 0; ++} ++ ++static int show_table(Table *table, const char *word) { ++ int r; ++ ++ assert(table); ++ assert(word); ++ ++ if (table_get_rows(table) > 1) { ++ table_set_header(table, arg_legend); ++ ++ if (!FLAGS_SET(arg_json_format_flags, JSON_FORMAT_OFF)) ++ r = table_print_json(table, NULL, arg_json_format_flags | JSON_FORMAT_COLOR_AUTO); ++ else ++ r = table_print(table, NULL); ++ if (r < 0) ++ return table_log_print_error(r); ++ } ++ ++ if (arg_legend) { ++ if (table_get_rows(table) > 1) ++ printf("\n%zu %s listed.\n", table_get_rows(table) - 1, word); ++ else ++ printf("No %s.\n", word); ++ } ++ ++ return 0; ++} ++ ++static int produce_plot_as_text(UnitTimes *times, const BootTimes *boot) { ++ _cleanup_(table_unrefp) Table *table = NULL; ++ int r; ++ ++ table = table_new("name", "activated", "activating", "time", "deactivated", "deactivating"); ++ if (!table) ++ return log_oom(); ++ ++ for (; times->has_data; times++) { ++ limit_times_to_boot(boot, times); ++ ++ r = table_add_many( ++ table, ++ TABLE_STRING, times->name, ++ TABLE_TIMESPAN_MSEC, times->activated, ++ TABLE_TIMESPAN_MSEC, times->activating, ++ TABLE_TIMESPAN_MSEC, times->time, ++ TABLE_TIMESPAN_MSEC, times->deactivated, ++ TABLE_TIMESPAN_MSEC, times->deactivating); ++ if (r < 0) ++ return table_log_add_error(r); ++ } ++ ++ return show_table(table, "Units"); ++} ++ ++int verb_plot(int argc, char *argv[], void *userdata) { ++ _cleanup_(free_host_infop) HostInfo *host = NULL; ++ _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; ++ _cleanup_(unit_times_free_arrayp) UnitTimes *times = NULL; ++ _cleanup_free_ char *pretty_times = NULL; ++ bool use_full_bus = arg_scope == LOOKUP_SCOPE_SYSTEM; ++ BootTimes *boot; ++ int n, r; ++ ++ r = acquire_bus(&bus, &use_full_bus); ++ if (r < 0) ++ return bus_log_connect_error(r, arg_transport); ++ ++ n = acquire_boot_times(bus, &boot); ++ if (n < 0) ++ return n; ++ ++ n = pretty_boot_time(bus, &pretty_times); ++ if (n < 0) ++ return n; ++ ++ if (use_full_bus || arg_scope != LOOKUP_SCOPE_SYSTEM) { ++ n = acquire_host_info(bus, &host); ++ if (n < 0) ++ return n; ++ } ++ ++ n = acquire_time_data(bus, ×); ++ if (n <= 0) ++ return n; ++ ++ typesafe_qsort(times, n, compare_unit_start); ++ ++ if (!FLAGS_SET(arg_json_format_flags, JSON_FORMAT_OFF) || arg_table) ++ r = produce_plot_as_text(times, boot); ++ else ++ r = produce_plot_as_svg(times, host, boot, pretty_times); ++ if (r < 0) ++ return r; ++ + return EXIT_SUCCESS; + } +diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c +index 6e47357a11..825c19c6f4 100644 +--- a/src/analyze/analyze.c ++++ b/src/analyze/analyze.c +@@ -105,6 +105,8 @@ char *arg_unit = NULL; + JsonFormatFlags arg_json_format_flags = JSON_FORMAT_OFF; + bool arg_quiet = false; + char *arg_profile = NULL; ++bool arg_legend = true; ++bool arg_table = false; + + STATIC_DESTRUCTOR_REGISTER(arg_dot_from_patterns, strv_freep); + STATIC_DESTRUCTOR_REGISTER(arg_dot_to_patterns, strv_freep); +@@ -217,8 +219,10 @@ static int help(int argc, char *argv[], void *userdata) { + " --security-policy=PATH Use custom JSON security policy instead\n" + " of built-in one\n" + " --json=pretty|short|off Generate JSON output of the security\n" +- " analysis table\n" ++ " analysis table, or plot's raw time data\n" + " --no-pager Do not pipe output into a pager\n" ++ " --no-legend Disable column headers and hints in plot\n" ++ " with either --table or --json=\n" + " --system Operate on system systemd instance\n" + " --user Operate on user systemd instance\n" + " --global Operate on global user configuration\n" +@@ -238,6 +242,7 @@ static int help(int argc, char *argv[], void *userdata) { + " specified time\n" + " --profile=name|PATH Include the specified profile in the\n" + " security review of the unit(s)\n" ++ " --table Output plot's raw time data as a table\n" + " -h --help Show this help\n" + " --version Show package version\n" + " -q --quiet Do not emit hints\n" +@@ -280,6 +285,8 @@ static int parse_argv(int argc, char *argv[]) { + ARG_SECURITY_POLICY, + ARG_JSON, + ARG_PROFILE, ++ ARG_TABLE, ++ ARG_NO_LEGEND, + }; + + static const struct option options[] = { +@@ -310,6 +317,8 @@ static int parse_argv(int argc, char *argv[]) { + { "unit", required_argument, NULL, 'U' }, + { "json", required_argument, NULL, ARG_JSON }, + { "profile", required_argument, NULL, ARG_PROFILE }, ++ { "table", optional_argument, NULL, ARG_TABLE }, ++ { "no-legend", optional_argument, NULL, ARG_NO_LEGEND }, + {} + }; + +@@ -448,14 +457,12 @@ static int parse_argv(int argc, char *argv[]) { + r = safe_atou(optarg, &arg_iterations); + if (r < 0) + return log_error_errno(r, "Failed to parse iterations: %s", optarg); +- + break; + + case ARG_BASE_TIME: + r = parse_timestamp(optarg, &arg_base_time); + if (r < 0) + return log_error_errno(r, "Failed to parse --base-time= parameter: %s", optarg); +- + break; + + case ARG_PROFILE: +@@ -486,6 +493,15 @@ static int parse_argv(int argc, char *argv[]) { + free_and_replace(arg_unit, mangled); + break; + } ++ ++ case ARG_TABLE: ++ arg_table = true; ++ break; ++ ++ case ARG_NO_LEGEND: ++ arg_legend = false; ++ break; ++ + case '?': + return -EINVAL; + +@@ -497,9 +513,9 @@ static int parse_argv(int argc, char *argv[]) { + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Option --offline= is only supported for security right now."); + +- if (arg_json_format_flags != JSON_FORMAT_OFF && !STRPTR_IN_SET(argv[optind], "security", "inspect-elf")) ++ if (arg_json_format_flags != JSON_FORMAT_OFF && !STRPTR_IN_SET(argv[optind], "security", "inspect-elf", "plot")) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), +- "Option --json= is only supported for security and inspect-elf right now."); ++ "Option --json= is only supported for security, inspect-elf, and plot right now."); + + if (arg_threshold != 100 && !streq_ptr(argv[optind], "security")) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), +@@ -536,6 +552,16 @@ static int parse_argv(int argc, char *argv[]) { + if (streq_ptr(argv[optind], "condition") && arg_unit && optind < argc - 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "No conditions can be passed if --unit= is used."); + ++ if ((!arg_legend && !streq_ptr(argv[optind], "plot")) || ++ (streq_ptr(argv[optind], "plot") && !arg_legend && !arg_table && FLAGS_SET(arg_json_format_flags, JSON_FORMAT_OFF))) ++ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Option --no-legend is only supported for plot with either --table or --json=."); ++ ++ if (arg_table && !streq_ptr(argv[optind], "plot")) ++ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Option --table is only supported for plot right now."); ++ ++ if (arg_table && !FLAGS_SET(arg_json_format_flags, JSON_FORMAT_OFF)) ++ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "--table and --json= are mutually exclusive."); ++ + return 1; /* work to do */ + } + +diff --git a/src/analyze/analyze.h b/src/analyze/analyze.h +index da12058c43..e4af7b47e0 100644 +--- a/src/analyze/analyze.h ++++ b/src/analyze/analyze.h +@@ -36,6 +36,8 @@ extern char *arg_unit; + extern JsonFormatFlags arg_json_format_flags; + extern bool arg_quiet; + extern char *arg_profile; ++extern bool arg_legend; ++extern bool arg_table; + + int acquire_bus(sd_bus **bus, bool *use_full_bus); + diff --git a/0373-systemd-analyze-Update-man-systemd-analyze.xml-with-.patch b/0373-systemd-analyze-Update-man-systemd-analyze.xml-with-.patch new file mode 100644 index 0000000..2a57865 --- /dev/null +++ b/0373-systemd-analyze-Update-man-systemd-analyze.xml-with-.patch @@ -0,0 +1,69 @@ +From 09514fbcaf51f1c12b651420e24400ff7319c638 Mon Sep 17 00:00:00 2001 +From: joshuazivkovic +Date: Wed, 14 Dec 2022 12:31:22 +0000 +Subject: [PATCH] systemd-analyze: Update man/systemd-analyze.xml with Plot + JSON and table + +(cherry picked from commit dc57a3387bbe7770491f35e0d993f411237636b5) + +Resolves: RHEL-5070 +--- + man/systemd-analyze.xml | 31 ++++++++++++++++++++++++++++--- + 1 file changed, 28 insertions(+), 3 deletions(-) + +diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml +index 0d91cdd7d0..5ba0d40fa0 100644 +--- a/man/systemd-analyze.xml ++++ b/man/systemd-analyze.xml +@@ -274,8 +274,8 @@ Timestamp units-load-finish: Thu 2019-03-14 23:28:07 CET + + <command>systemd-analyze plot</command> + +- This command prints an SVG graphic detailing which system services have been started at what +- time, highlighting the time they spent on initialization. ++ This command prints either an SVG graphic, detailing which system services have been started at what ++ time, highlighting the time they spent on initialization, or the raw time data in JSON or table format. + + + <command>Plot a bootchart</command> +@@ -1204,7 +1204,17 @@ $ systemd-analyze verify /tmp/source:alias.service + corresponds to a higher security threat. The JSON version of the table is printed to standard + output. The MODE passed to the option can be one of three: + which is the default, and +- which respectively output a prettified or shorted JSON version of the security table. ++ which respectively output a prettified or shorted JSON version of the security table. ++ ++ With the plot command, genereate a JSON formatted output of the raw time data. ++ The format is a JSON array with objects containing the following fields: name ++ which is the unit name, activated which is the time after startup the ++ service was activated, activating which is how long after startup the service ++ was initially started, time which is how long the service took to activate ++ from when it was initially started, deactivated which is the time after startup ++ that the service was deactivated, deactivating whcih is the time after startup ++ that the service was initially told to deactivate. ++ + + + +@@ -1235,6 +1245,21 @@ $ systemd-analyze verify /tmp/source:alias.service + other paths. + + ++ ++ ++ ++ When used with the plot command, the raw time data is output in a table. ++ ++ ++ ++ ++ ++ ++ When used with the plot command in combination with either ++ or , no legends or hints are included in the output. ++ ++ ++ + + + diff --git a/0374-systemd-analyze-Add-tab-complete-logic-for-plot.patch b/0374-systemd-analyze-Add-tab-complete-logic-for-plot.patch new file mode 100644 index 0000000..51575cf --- /dev/null +++ b/0374-systemd-analyze-Add-tab-complete-logic-for-plot.patch @@ -0,0 +1,87 @@ +From a1bc66bfeac890107411686cb7567c9ffa926972 Mon Sep 17 00:00:00 2001 +From: joshuazivkovic +Date: Wed, 14 Dec 2022 12:31:59 +0000 +Subject: [PATCH] systemd-analyze: Add tab complete logic for plot + +(cherry picked from commit f21a6502d81ca5690467cb161dafd4b875e4430e) + +Resolves: RHEL-5070 +--- + shell-completion/bash/systemd-analyze | 8 +++++++- + shell-completion/zsh/_systemd-analyze | 14 ++++++++++++-- + 2 files changed, 19 insertions(+), 3 deletions(-) + +diff --git a/shell-completion/bash/systemd-analyze b/shell-completion/bash/systemd-analyze +index b1baec9978..5edba7bf58 100644 +--- a/shell-completion/bash/systemd-analyze ++++ b/shell-completion/bash/systemd-analyze +@@ -62,7 +62,7 @@ _systemd_analyze() { + ) + + local -A VERBS=( +- [STANDALONE]='time blame plot unit-paths exit-status calendar timestamp timespan' ++ [STANDALONE]='time blame unit-paths exit-status calendar timestamp timespan' + [CRITICAL_CHAIN]='critical-chain' + [DOT]='dot' + [DUMP]='dump' +@@ -72,6 +72,7 @@ _systemd_analyze() { + [SECURITY]='security' + [CONDITION]='condition' + [INSPECT_ELF]='inspect-elf' ++ [PLOT]='plot' + ) + + local CONFIGS='systemd/bootchart.conf systemd/coredump.conf systemd/journald.conf +@@ -195,6 +196,11 @@ _systemd_analyze() { + comps=$( compgen -A file -- "$cur" ) + compopt -o filenames + fi ++ ++ elif __contains_word "$verb" ${VERBS[PLOT]}; then ++ if [[ $cur = -* ]]; then ++ comps='--help --version --system --user --global --no-pager --json=off --json=pretty --json=short --table --no-legend' ++ fi + fi + + COMPREPLY=( $(compgen -W '$comps' -- "$cur") ) +diff --git a/shell-completion/zsh/_systemd-analyze b/shell-completion/zsh/_systemd-analyze +index e305995cef..2e046ea111 100644 +--- a/shell-completion/zsh/_systemd-analyze ++++ b/shell-completion/zsh/_systemd-analyze +@@ -40,6 +40,13 @@ + _describe -t groups 'file system groups' _groups || compadd "$@" + } + ++(( $+functions[_systemd-analyze_plot] )) || ++ _systemd-analyze_plot() { ++ local -a _options ++ _options=( '--json=off' '--json=pretty' '--json=short' '--table' '--no-legend' ) ++ _describe 'plot options' _options ++ } ++ + (( $+functions[_systemd-analyze_commands] )) || + _systemd-analyze_commands(){ + local -a _systemd_analyze_cmds +@@ -48,7 +55,8 @@ + 'time:Print time spent in the kernel before reaching userspace' + 'blame:Print list of running units ordered by time to init' + 'critical-chain:Print a tree of the time critical chain of units' +- 'plot:Output SVG graphic showing service initialization' ++ 'plot:Output SVG graphic showing service initialization, or raw time data in ++JSON or table format' + 'dot:Dump dependency graph (in dot(1) format)' + 'dump:Dump server status' + 'cat-config:Cat systemd config files' +@@ -97,9 +105,11 @@ _arguments \ + '--offline=[Perform a security review of the specified unit files]:BOOL:(yes no)' \ + '--threshold=[Set a value to compare the overall security exposure level with]: NUMBER' \ + '--security-policy=[Use customized requirements to compare unit files against]: PATH' \ +- '--json=[Generate a JSON output of the security analysis table]:MODE:(pretty short off)' \ ++ "--json=[Generate a JSON output of the security analysis table or plot's raw time data]:MODE:(pretty short off)" \ ++ "--table=[Generate a table of plot's raw time data]" \ + '--profile=[Include the specified profile in the security review of units]: PATH' \ + '--no-pager[Do not pipe output into a pager]' \ ++ "--no-legend[Do not show the headers and footers for plot's raw time data formats]" \ + '--man=[Do (not) check for existence of man pages]:BOOL:(yes no)' \ + '--generators=[Do (not) run unit generators]:BOOL:(yes no)' \ + '--order[When generating graph for dot, show only order]' \ diff --git a/0375-systemd-analyze-Add-json-table-and-no-legend-tests-f.patch b/0375-systemd-analyze-Add-json-table-and-no-legend-tests-f.patch new file mode 100644 index 0000000..9bd4da4 --- /dev/null +++ b/0375-systemd-analyze-Add-json-table-and-no-legend-tests-f.patch @@ -0,0 +1,34 @@ +From 503c6777cc0a05e4ba174ff674fdf9ce3ed87341 Mon Sep 17 00:00:00 2001 +From: joshuazivkovic +Date: Fri, 13 Jan 2023 09:17:27 +0000 +Subject: [PATCH] systemd-analyze: Add --json=, --table and -no-legend tests + for plot + +(cherry picked from commit a23be57de3a5c5afb9ca878775ae838c3341f90c) + +Resolves: RHEL-5070 +--- + test/units/testsuite-65.sh | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/test/units/testsuite-65.sh b/test/units/testsuite-65.sh +index ebe1f57b52..4093c5a2a7 100755 +--- a/test/units/testsuite-65.sh ++++ b/test/units/testsuite-65.sh +@@ -18,7 +18,16 @@ systemd-analyze || : + systemd-analyze time || : + systemd-analyze blame || : + systemd-analyze critical-chain || : ++# plot + systemd-analyze plot >/dev/null || : ++systemd-analyze plot --json=pretty >/dev/null || : ++systemd-analyze plot --json=short >/dev/null || : ++systemd-analyze plot --json=off >/dev/null || : ++systemd-analyze plot --json=pretty --no-legend >/dev/null || : ++systemd-analyze plot --json=short --no-legend >/dev/null || : ++systemd-analyze plot --json=off --no-legend >/dev/null || : ++systemd-analyze plot --table >/dev/null || : ++systemd-analyze plot --table --no-legend >/dev/null || : + # legacy/deprecated options (moved to systemctl, but still usable from analyze) + systemd-analyze log-level + systemd-analyze log-level "$(systemctl log-level)" diff --git a/0376-ci-enable-source-git-automation-to-validate-reviews-.patch b/0376-ci-enable-source-git-automation-to-validate-reviews-.patch new file mode 100644 index 0000000..23279b8 --- /dev/null +++ b/0376-ci-enable-source-git-automation-to-validate-reviews-.patch @@ -0,0 +1,95 @@ +From 16f06c8cfbdf660e1c4e2052b7dd121f3497ff0f Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Wed, 18 Oct 2023 15:24:23 +0200 +Subject: [PATCH] ci: enable source-git automation to validate reviews and ci + results + +rhel-only + +Related: RHEL-1086 +--- + .github/pull-request-validator.yml | 4 ++++ + .../source-git-automation-on-demand.yml | 14 ++++++++++---- + .github/workflows/source-git-automation.yml | 18 +++++++++++++++++- + 3 files changed, 31 insertions(+), 5 deletions(-) + create mode 100644 .github/pull-request-validator.yml + +diff --git a/.github/pull-request-validator.yml b/.github/pull-request-validator.yml +new file mode 100644 +index 0000000000..4bb5bbec12 +--- /dev/null ++++ b/.github/pull-request-validator.yml +@@ -0,0 +1,4 @@ ++labels: ++ missing-review: pr/needs-review ++ changes-requested: pr/changes-requested ++ missing-failing-ci: pr/needs-ci +diff --git a/.github/workflows/source-git-automation-on-demand.yml b/.github/workflows/source-git-automation-on-demand.yml +index 60d7bcf32d..2dd6af3113 100644 +--- a/.github/workflows/source-git-automation-on-demand.yml ++++ b/.github/workflows/source-git-automation-on-demand.yml +@@ -74,7 +74,8 @@ jobs: + with: + pr-number: ${{ matrix.pr-number }} + +- - id: commit-linter ++ - if: ${{ !cancelled() }} ++ id: commit-linter + name: Lint Commits + uses: redhat-plumbers-in-action/advanced-commit-linter@v2 + with: +@@ -82,7 +83,8 @@ jobs: + token: ${{ secrets.GITHUB_TOKEN }} + + # Validates tracker, changes tracker status, updates PR title +- - id: tracker-validator ++ - if: ${{ !cancelled() }} ++ id: tracker-validator + name: Validate Tracker + uses: redhat-plumbers-in-action/tracker-validator@v1 + with: +@@ -96,5 +98,9 @@ jobs: + jira-api-token: ${{ secrets.JIRA_API_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} + +- # TODO: merge PR if all checks passed +- # TODO: add comment to Tracker that PR was merged ... ++ - if: ${{ !cancelled() }} ++ name: Pull Request Validator ++ uses: redhat-plumbers-in-action/pull-request-validator@v1 ++ with: ++ pr-metadata: ${{ steps.metadata.outputs.metadata }} ++ token: ${{ secrets.GITHUB_TOKEN }} +diff --git a/.github/workflows/source-git-automation.yml b/.github/workflows/source-git-automation.yml +index 7fabb88a83..214e72de6f 100644 +--- a/.github/workflows/source-git-automation.yml ++++ b/.github/workflows/source-git-automation.yml +@@ -47,7 +47,8 @@ jobs: + token: ${{ secrets.GITHUB_TOKEN }} + + # Validates tracker, changes tracker status, updates PR title +- tracker-validation: ++ tracker-validator: ++ if: ${{ !cancelled() }} + needs: [ download-metadata, commit-linter ] + runs-on: ubuntu-latest + +@@ -68,3 +69,18 @@ jobs: + jira-instance: https://issues.redhat.com + jira-api-token: ${{ secrets.JIRA_API_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} ++ ++ pull-request-validator: ++ needs: [ download-metadata ] ++ runs-on: ubuntu-latest ++ ++ permissions: ++ checks: write ++ pull-requests: write ++ ++ steps: ++ - name: Pull Request Validator ++ uses: redhat-plumbers-in-action/pull-request-validator@v1 ++ with: ++ pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }} ++ token: ${{ secrets.GITHUB_TOKEN }} diff --git a/0377-ci-remove-Mergify-config-replaced-by-Pull-Request-Va.patch b/0377-ci-remove-Mergify-config-replaced-by-Pull-Request-Va.patch new file mode 100644 index 0000000..f5e40b8 --- /dev/null +++ b/0377-ci-remove-Mergify-config-replaced-by-Pull-Request-Va.patch @@ -0,0 +1,181 @@ +From c31597c9112c4676f918b14999506a586d6ef8f4 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Wed, 18 Oct 2023 15:47:54 +0200 +Subject: [PATCH] ci: remove Mergify config - replaced by Pull Request + Validator + +rhel-only + +Related: RHEL-1086 +--- + .mergify.yml | 161 --------------------------------------------------- + 1 file changed, 161 deletions(-) + delete mode 100644 .mergify.yml + +diff --git a/.mergify.yml b/.mergify.yml +deleted file mode 100644 +index e862808ca7..0000000000 +--- a/.mergify.yml ++++ /dev/null +@@ -1,161 +0,0 @@ +-# doc: https://docs.mergify.com +---- +- +-pull_request_rules: +- - name: Add `needs-ci` label on CI fail - v252 +- conditions: +- # Policy is relevant for rhel-9.2.0 branches and newer & main branch +- - base~=^main$|^rhel-9.([2-9]|\d{2,}).0$ +- - label!=ci-waived +- - or: +- # Build test +- # test build check only when the tests have been run ... +- - and: +- - files~=^(\S+\/meson\.build|\.github\/workflows\/\S+|meson_options\.txt|src\/\S+|test\/fuzz\/\S+) +- - or: +- - -check-success=build (gcc, 11, bfd, gcrypt) +- - -check-success=build (gcc, 12, gold, openssl) +- - -check-success=build (clang, 13, mold, gcrypt) +- - -check-success=build (clang, 14, lld, openssl) +- - -check-success=build (clang, 15, bfd, auto) +- # Unit tests +- - -check-success=build (GCC, auto) +- - -check-success=build (GCC_ASAN_UBSAN, auto) +- - -check-success=build (CLANG, auto) +- - -check-success=build (CLANG_RELEASE, auto) +- - -check-success=build (CLANG_ASAN_UBSAN, auto) +- - -check-success=build (CLANG_ASAN_UBSAN_NO_DEPS, auto) +- - -check-success=build (GCC, openssl) +- - -check-success=build (CLANG, gcrypt) +- # ClusterFuzzingLite +- - -check-success=PR (address) +- - -check-success=PR (undefined) +- - -check-success=PR (memory) +- # CentOS CI +- - -check-success=CentOS CI (CentOS Stream 9) +- - -check-success=CentOS CI (CentOS Stream 9 + sanitizers) +- # Packit +- - -check-success=rpm-build:centos-stream-9-aarch64 +- - -check-success=rpm-build:centos-stream-9-x86_64 +- # Other +- - -check-success=Lint Code Base +- - -check-success=Differential ShellCheck +- # CodeQL +- # test CodeQL check only when the CodeQL have been run ... +- - and: +- - files~=^(\S+\/meson\.build|\.github\/\S+\/codeql|src\/\S+|test\/\S+|tools\/\S+) +- - -check-success=CodeQL +- actions: +- label: +- add: +- - needs-ci +- +- - name: Add `needs-ci` label on CI fail - v250 +- conditions: +- # Policy is relevant branches before rhel-9.2.0 +- - base~=^rhel-9.0.0-beta$|^rhel-9.[0-1].0$ +- - label!=ci-waived +- - or: +- # Build test +- - -check-success=build (gcc, 10, bfd) +- - -check-success=build (gcc, 11, gold) +- - -check-success=build (clang, 11, bfd) +- - -check-success=build (clang, 12, gold) +- - -check-success=build (clang, 13, lld) +- # Unit tests +- - -check-success=build (GCC, auto) +- - -check-success=build (GCC_ASAN_UBSAN, auto) +- - -check-success=build (CLANG, auto) +- - -check-success=build (CLANG_ASAN_UBSAN, auto) +- - -check-success=build (GCC, openssl) +- - -check-success=build (CLANG, gcrypt) +- # CentOS CI +- - -check-success=CentOS CI (CentOS Stream 9) +- - -check-success=CentOS CI (CentOS Stream 9 + sanitizers) +- # Packit +- - -check-success=rpm-build:centos-stream-9-aarch64 +- - -check-success=rpm-build:centos-stream-9-x86_64 +- actions: +- label: +- add: +- - needs-ci +- +- - name: Remove `needs-ci` label on CI success - v252 +- conditions: +- # Policy is relevant for rhel-9.2.0 branches and newer & main branch +- - base~=^main$|^rhel-9.([2-9]|\d{2,}).0$ +- - or: +- - label=ci-waived +- - and: +- # Build test +- # test build check only when specific files are changed ... +- - or: +- - -files~=^(\S+\/meson\.build|\.github\/workflows\/\S+|meson_options\.txt|src\/\S+|test\/fuzz\/\S+) +- - and: +- - check-success=build (gcc, 11, bfd, gcrypt) +- - check-success=build (gcc, 12, gold, openssl) +- - check-success=build (clang, 13, mold, gcrypt) +- - check-success=build (clang, 14, lld, openssl) +- - check-success=build (clang, 15, bfd, auto) +- # Unit tests +- - check-success=build (GCC, auto) +- - check-success=build (GCC_ASAN_UBSAN, auto) +- - check-success=build (CLANG, auto) +- - check-success=build (CLANG_RELEASE, auto) +- - check-success=build (CLANG_ASAN_UBSAN, auto) +- - check-success=build (CLANG_ASAN_UBSAN_NO_DEPS, auto) +- - check-success=build (GCC, openssl) +- - check-success=build (CLANG, gcrypt) +- # ClusterFuzzingLite +- - check-success=PR (address) +- - check-success=PR (undefined) +- - check-success=PR (memory) +- # CentOS CI +- - check-success=CentOS CI (CentOS Stream 9) +- - check-success=CentOS CI (CentOS Stream 9 + sanitizers) +- # CodeQL +- # test CodeQL check only when specific files are changed ... +- - or: +- - -files~=^(\S+\/meson\.build|\.github\/\S+\/codeql|src\/\S+|test\/\S+|tools\/\S+) +- - check-success=CodeQL +- # Packit +- - check-success=rpm-build:centos-stream-9-aarch64 +- - check-success=rpm-build:centos-stream-9-x86_64 +- # Other +- - check-success=Lint Code Base +- - check-success=Differential ShellCheck +- actions: +- label: +- remove: +- - needs-ci +- +- - name: Remove `needs-ci` label on CI success - v250 +- conditions: +- # Policy is relevant branches before rhel-9.2.0 +- - base~=^rhel-9.0.0-beta$|^rhel-9.[0-1].0$ +- - or: +- - label=ci-waived +- - and: +- # Build test +- - check-success=build (gcc, 10, bfd) +- - check-success=build (gcc, 11, gold) +- - check-success=build (clang, 11, bfd) +- - check-success=build (clang, 12, gold) +- - check-success=build (clang, 13, lld) +- # Unit tests +- - check-success=build (GCC, auto) +- - check-success=build (GCC_ASAN_UBSAN, auto) +- - check-success=build (CLANG, auto) +- - check-success=build (CLANG_ASAN_UBSAN, auto) +- - check-success=build (GCC, openssl) +- - check-success=build (CLANG, gcrypt) +- # CentOS CI +- - check-success=CentOS CI (CentOS Stream 9) +- - check-success=CentOS CI (CentOS Stream 9 + sanitizers) +- # Packit +- - check-success=rpm-build:centos-stream-9-aarch64 +- - check-success=rpm-build:centos-stream-9-x86_64 +- actions: +- label: +- remove: +- - needs-ci diff --git a/0378-ci-enable-auto-merge-GH-Action.patch b/0378-ci-enable-auto-merge-GH-Action.patch new file mode 100644 index 0000000..ca7b6ab --- /dev/null +++ b/0378-ci-enable-auto-merge-GH-Action.patch @@ -0,0 +1,84 @@ +From 34adeef90a0a8cc1210742e5623968cbb39222eb Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Fri, 3 Nov 2023 12:32:18 +0100 +Subject: [PATCH] ci: enable auto-merge GH Action + +rhel-only + +Related: RHEL-1086 +--- + .github/auto-merge.yml | 4 ++++ + .../source-git-automation-on-demand.yml | 14 ++++++++++++ + .github/workflows/source-git-automation.yml | 22 +++++++++++++++++++ + 3 files changed, 40 insertions(+) + create mode 100644 .github/auto-merge.yml + +diff --git a/.github/auto-merge.yml b/.github/auto-merge.yml +new file mode 100644 +index 0000000000..35c2539295 +--- /dev/null ++++ b/.github/auto-merge.yml +@@ -0,0 +1,4 @@ ++labels: ++ dont-merge: dont-merge ++ manual-merge: pr/needs-manual-merge ++target-branch': ['main'] +diff --git a/.github/workflows/source-git-automation-on-demand.yml b/.github/workflows/source-git-automation-on-demand.yml +index 2dd6af3113..2c506f2b3e 100644 +--- a/.github/workflows/source-git-automation-on-demand.yml ++++ b/.github/workflows/source-git-automation-on-demand.yml +@@ -60,6 +60,7 @@ jobs: + pr-number: ${{ inputs.pr-number == 0 && fromJSON(needs.gather-pull-requests.outputs.pr-numbers) || fromJSON(needs.gather-pull-requests.outputs.pr-numbers-manual) }} + + permissions: ++ contents: write + statuses: write + checks: write + pull-requests: write +@@ -104,3 +105,16 @@ jobs: + with: + pr-metadata: ${{ steps.metadata.outputs.metadata }} + token: ${{ secrets.GITHUB_TOKEN }} ++ ++ - id: auto-merge ++ name: Auto Merge ++ uses: redhat-plumbers-in-action/auto-merge@v1 ++ with: ++ pr-metadata: ${{ steps.metadata.outputs.metadata }} ++ tracker: ${{ fromJSON(steps.commit-linter.outputs.validated-pr-metadata).validation.tracker.id }} ++ tracker-type: ${{ fromJSON(steps.commit-linter.outputs.validated-pr-metadata).validation.tracker.type }} ++ bugzilla-instance: https://bugzilla.redhat.com ++ bugzilla-api-token: ${{ secrets.BUGZILLA_API_TOKEN }} ++ jira-instance: https://issues.redhat.com ++ jira-api-token: ${{ secrets.JIRA_API_TOKEN }} ++ token: ${{ secrets.GITHUB_TOKEN }} +diff --git a/.github/workflows/source-git-automation.yml b/.github/workflows/source-git-automation.yml +index 214e72de6f..17135b590f 100644 +--- a/.github/workflows/source-git-automation.yml ++++ b/.github/workflows/source-git-automation.yml +@@ -84,3 +84,25 @@ jobs: + with: + pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }} + token: ${{ secrets.GITHUB_TOKEN }} ++ ++ auto-merge: ++ needs: [ download-metadata, commit-linter, tracker-validator, pull-request-validator ] ++ runs-on: ubuntu-latest ++ ++ permissions: ++ contents: write ++ checks: write ++ pull-requests: write ++ ++ steps: ++ - name: Auto Merge ++ uses: redhat-plumbers-in-action/auto-merge@v1 ++ with: ++ pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }} ++ tracker: ${{ fromJSON(needs.commit-linter.outputs.validated-pr-metadata).validation.tracker.id }} ++ tracker-type: ${{ fromJSON(needs.commit-linter.outputs.validated-pr-metadata).validation.tracker.type }} ++ bugzilla-instance: https://bugzilla.redhat.com ++ bugzilla-api-token: ${{ secrets.BUGZILLA_API_TOKEN }} ++ jira-instance: https://issues.redhat.com ++ jira-api-token: ${{ secrets.JIRA_API_TOKEN }} ++ token: ${{ secrets.GITHUB_TOKEN }} diff --git a/0379-ci-add-missing-permissions.patch b/0379-ci-add-missing-permissions.patch new file mode 100644 index 0000000..db67a24 --- /dev/null +++ b/0379-ci-add-missing-permissions.patch @@ -0,0 +1,41 @@ +From 715b05f97cde12424bb6d425264569f7f921dc72 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Tue, 7 Nov 2023 13:33:40 +0100 +Subject: [PATCH] ci: add missing permissions + +issues: write is required for the pull request merging according to: + +https://github.com/cli/cli/discussions/6379#discussioncomment-3806051 + +rhel-only + +Related: RHEL-1086 +--- + .github/workflows/source-git-automation-on-demand.yml | 1 + + .github/workflows/source-git-automation.yml | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/.github/workflows/source-git-automation-on-demand.yml b/.github/workflows/source-git-automation-on-demand.yml +index 2c506f2b3e..bf2ea2260c 100644 +--- a/.github/workflows/source-git-automation-on-demand.yml ++++ b/.github/workflows/source-git-automation-on-demand.yml +@@ -63,6 +63,7 @@ jobs: + contents: write + statuses: write + checks: write ++ issues: write + pull-requests: write + + steps: +diff --git a/.github/workflows/source-git-automation.yml b/.github/workflows/source-git-automation.yml +index 17135b590f..d71664efa0 100644 +--- a/.github/workflows/source-git-automation.yml ++++ b/.github/workflows/source-git-automation.yml +@@ -92,6 +92,7 @@ jobs: + permissions: + contents: write + checks: write ++ issues: write + pull-requests: write + + steps: diff --git a/0380-ci-permissions-write-all.patch b/0380-ci-permissions-write-all.patch new file mode 100644 index 0000000..1ebd8a7 --- /dev/null +++ b/0380-ci-permissions-write-all.patch @@ -0,0 +1,47 @@ +From 3d7593697ac29c7308ef72453a621a1d24662415 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Tue, 7 Nov 2023 14:25:02 +0100 +Subject: [PATCH] ci: `permissions: write-all` + +rhel-only + +Related: RHEL-1086 +--- + .github/workflows/source-git-automation-on-demand.yml | 11 +++++------ + .github/workflows/source-git-automation.yml | 1 - + 2 files changed, 5 insertions(+), 7 deletions(-) + +diff --git a/.github/workflows/source-git-automation-on-demand.yml b/.github/workflows/source-git-automation-on-demand.yml +index bf2ea2260c..3f3da959c4 100644 +--- a/.github/workflows/source-git-automation-on-demand.yml ++++ b/.github/workflows/source-git-automation-on-demand.yml +@@ -59,12 +59,11 @@ jobs: + matrix: + pr-number: ${{ inputs.pr-number == 0 && fromJSON(needs.gather-pull-requests.outputs.pr-numbers) || fromJSON(needs.gather-pull-requests.outputs.pr-numbers-manual) }} + +- permissions: +- contents: write +- statuses: write +- checks: write +- issues: write +- pull-requests: write ++ permissions: write-all ++ # contents: write ++ # statuses: write ++ # checks: write ++ # pull-requests: write + + steps: + - name: Repository checkout +diff --git a/.github/workflows/source-git-automation.yml b/.github/workflows/source-git-automation.yml +index d71664efa0..17135b590f 100644 +--- a/.github/workflows/source-git-automation.yml ++++ b/.github/workflows/source-git-automation.yml +@@ -92,7 +92,6 @@ jobs: + permissions: + contents: write + checks: write +- issues: write + pull-requests: write + + steps: diff --git a/0381-ci-lint-exclude-.in-files-from-ShellCheck-lint.patch b/0381-ci-lint-exclude-.in-files-from-ShellCheck-lint.patch new file mode 100644 index 0000000..2eb8f5c --- /dev/null +++ b/0381-ci-lint-exclude-.in-files-from-ShellCheck-lint.patch @@ -0,0 +1,33 @@ +From 594d2eb17d4548313eddf4e13ac8c734b268ae93 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Mon, 7 Aug 2023 15:11:00 +0200 +Subject: [PATCH] ci(lint): exclude `.in` files from ShellCheck lint + +Exclude all `.in` files because they may contain unsupported syntax, and +they have to be preprocessed first. For example: + +```sh +Error: SHELLCHECK_WARNING: +./src/rpm/systemd-update-helper.in:130:37: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it. +``` + +Related to: https://github.com/systemd/systemd/pull/28521 + +(cherry picked from commit 97eb82682126e7f3ee956a025078ea2b801955cb) + +Related: RHEL-1086 +--- + .github/workflows/differential-shellcheck.yml | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml +index 3662126304..0d3eee48e2 100644 +--- a/.github/workflows/differential-shellcheck.yml ++++ b/.github/workflows/differential-shellcheck.yml +@@ -32,4 +32,6 @@ jobs: + - name: Differential ShellCheck + uses: redhat-plumbers-in-action/differential-shellcheck@v4 + with: ++ # exclude all `.in` files because they may contain unsupported syntax, and they have to be preprocessed first ++ exclude-path: '**/*.in' + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/0382-udev-raise-RLIMIT_NOFILE-as-high-as-we-can.patch b/0382-udev-raise-RLIMIT_NOFILE-as-high-as-we-can.patch new file mode 100644 index 0000000..46b993f --- /dev/null +++ b/0382-udev-raise-RLIMIT_NOFILE-as-high-as-we-can.patch @@ -0,0 +1,43 @@ +From 5221edaee281175e3a8ba3e676ba5622085eb1ef Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 26 Sep 2023 09:52:05 +0200 +Subject: [PATCH] udev: raise RLIMIT_NOFILE as high as we can + +We might need a lot of fds on large systems, hence raise RLIMIT_NOFILE +to what the service manager allows us, which is quite a lot these days. + +udev already sets FORK_RLIMIT_NOFILE_SAFE when forking of chilren, thus +ensuring that forked off processes get their RLIMIT_NOFILE soft limit +reset to 1K for compat with crappy old select(). + +Replaces: #29298 +Fixes: #28583 +(cherry picked from commit 1617424ce76d797d081dd6cb1082b954c4d2bf38) + +Resolves: RHEL-11040 +--- + src/udev/udevd.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/udev/udevd.c b/src/udev/udevd.c +index e3a2742733..ccc3c0eece 100644 +--- a/src/udev/udevd.c ++++ b/src/udev/udevd.c +@@ -55,6 +55,7 @@ + #include "pretty-print.h" + #include "proc-cmdline.h" + #include "process-util.h" ++#include "rlimit-util.h" + #include "selinux-util.h" + #include "signal-util.h" + #include "socket-util.h" +@@ -2040,6 +2041,9 @@ int run_udevd(int argc, char *argv[]) { + if (r < 0) + return r; + ++ /* Make sure we can have plenty fds (for example for pidfds) */ ++ (void) rlimit_nofile_bump(-1); ++ + r = RET_NERRNO(mkdir("/run/udev", 0755)); + if (r < 0 && r != -EEXIST) + return log_error_errno(r, "Failed to create /run/udev: %m"); diff --git a/systemd.spec b/systemd.spec index 778682a..301a82c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -21,7 +21,7 @@ Name: systemd Url: https://systemd.io Version: 252 -Release: 18%{?dist} +Release: 19%{?dist} # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: System and Service Manager @@ -447,6 +447,19 @@ Patch0366: 0366-dissect-image-add-probe_sector_size-helper-for-detec.patch Patch0367: 0367-loop-util-always-tell-kernel-explicitly-about-loopba.patch Patch0368: 0368-Revert-Treat-EPERM-as-not-available-too.patch Patch0369: 0369-Revert-test-accept-EPERM-for-unavailable-idmapped-mo.patch +Patch0370: 0370-ci-Extend-source-git-automation.patch +Patch0371: 0371-netif-naming-scheme-let-s-also-include-rhel8-schemes.patch +Patch0372: 0372-systemd-analyze-Add-table-and-JSON-output-implementa.patch +Patch0373: 0373-systemd-analyze-Update-man-systemd-analyze.xml-with-.patch +Patch0374: 0374-systemd-analyze-Add-tab-complete-logic-for-plot.patch +Patch0375: 0375-systemd-analyze-Add-json-table-and-no-legend-tests-f.patch +Patch0376: 0376-ci-enable-source-git-automation-to-validate-reviews-.patch +Patch0377: 0377-ci-remove-Mergify-config-replaced-by-Pull-Request-Va.patch +Patch0378: 0378-ci-enable-auto-merge-GH-Action.patch +Patch0379: 0379-ci-add-missing-permissions.patch +Patch0380: 0380-ci-permissions-write-all.patch +Patch0381: 0381-ci-lint-exclude-.in-files-from-ShellCheck-lint.patch +Patch0382: 0382-udev-raise-RLIMIT_NOFILE-as-high-as-we-can.patch # Downstream-only patches (9000–9999) @@ -1268,6 +1281,21 @@ getent passwd systemd-oom &>/dev/null || useradd -r -l -g systemd-oom -d / -s /s %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Mon Nov 13 2023 systemd maintenance team - 252-19 +- ci: Extend source-git-automation (RHEL-1086) +- netif-naming-scheme: let's also include rhel8 schemes (RHEL-7026) +- systemd-analyze: Add table and JSON output implementation to plot (RHEL-5070) +- systemd-analyze: Update man/systemd-analyze.xml with Plot JSON and table (RHEL-5070) +- systemd-analyze: Add tab complete logic for plot (RHEL-5070) +- systemd-analyze: Add --json=, --table and -no-legend tests for plot (RHEL-5070) +- ci: enable source-git automation to validate reviews and ci results (RHEL-1086) +- ci: remove Mergify config - replaced by Pull Request Validator (RHEL-1086) +- ci: enable auto-merge GH Action (RHEL-1086) +- ci: add missing permissions (RHEL-1086) +- ci: `permissions: write-all` (RHEL-1086) +- ci(lint): exclude `.in` files from ShellCheck lint (RHEL-1086) +- udev: raise RLIMIT_NOFILE as high as we can (RHEL-11040) + * Tue Aug 22 2023 systemd maintenance team - 252-18 - doc: add downstream CONTRIBUTING document (#2170883) - doc: improve CONTRIBUTING document (#2170883)