rpms/systemd
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Debrand for AlmaLinux

Browse Source
This commit is contained in:
Andrew Lukoshko 2025-02-11 11:19:34 +03:00 committed by eabdullin
commit 455d6e60dc
130 changed files with 3270 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
0111-fmf-Don-t-fail-if-we-can-t-put-selinux-in-permissive.patch Normal file
View File

@ -0,0 +1,28 @@
From ed729eca0cc82abce7966eba5ab786a7a3cbce4c Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 8 Jan 2025 10:25:05 +0100
Subject: [PATCH] fmf: Don't fail if we can't put selinux in permissive mode
The tests might be running unprivileged or in an environment without
selinux so let's not fail if we can't put it in permissive mode.
(cherry picked from commit 0250db0139b159cb9e6c1a87ad91ffdd03e80236)
---
test/fmf/integration-tests/test.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh
index 4984fb119b..fe139567bd 100755
--- a/test/fmf/integration-tests/test.sh
+++ b/test/fmf/integration-tests/test.sh
@@ -4,8 +4,8 @@
set -eux
set -o pipefail
-# Switch SELinux to permissive, since the tests don't set proper contexts
-setenforce 0
+# Switch SELinux to permissive if possible, since the tests don't set proper contexts
+setenforce 0 || true
# Allow running the integration tests downstream in dist-git with something like
# the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR:

27
0112-fmf-Fix-dist-git-example.patch Normal file
View File

@ -0,0 +1,27 @@
From 5761eb9b76b99196f6f862a7f8cf1d4029a1bddc Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 8 Jan 2025 10:25:50 +0100
Subject: [PATCH] fmf: Fix dist-git example
All that's needed is dist-git-source: true so remove the other settings
that aren't required.
(cherry picked from commit 0a85b3757968a2750286119760244e017c990263)
---
test/fmf/integration-tests/test.sh | 3 ---
1 file changed, 3 deletions(-)
diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh
index fe139567bd..73771d4237 100755
--- a/test/fmf/integration-tests/test.sh
+++ b/test/fmf/integration-tests/test.sh
@@ -13,9 +13,6 @@ setenforce 0 || true
# summary: systemd Fedora test suite
# discover:
# how: fmf
-# url: https://github.com/systemd/systemd
-# ref: main
-# path: test/fmf
# dist-git-source: true
# dist-git-install-builddeps: false
# prepare:

31
0113-fmf-Fix-glob.patch Normal file
View File

@ -0,0 +1,31 @@
From 45d45ebfac5eaad5bcd80400475d9e1e894d4a88 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 8 Jan 2025 10:38:21 +0100
Subject: [PATCH] fmf: Fix glob
Globs inside quotes aren't expanded and we need the glob to be more
specific to avoid matching multiple entries inside the tmt source
directory.
(cherry picked from commit fc1b08dee2ccf706580fa448e66831d1e853d054)
---
test/fmf/integration-tests/test.sh | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh
index 73771d4237..0a1595fa97 100755
--- a/test/fmf/integration-tests/test.sh
+++ b/test/fmf/integration-tests/test.sh
@@ -23,8 +23,11 @@ setenforce 0 || true
# execute:
# how: tmt
+shopt -s extglob
+
if [[ -n "${TMT_SOURCE_DIR:-}" ]]; then
- pushd "$TMT_SOURCE_DIR/*/"
+ # Match either directories ending with branch names (e.g. systemd-fmf) or releases (e.g systemd-257.1).
+ pushd "$TMT_SOURCE_DIR"/systemd-+([0-9a-z.~])/
elif [[ -n "${PACKIT_TARGET_URL:-}" ]]; then
# Prepare systemd source tree
git clone "$PACKIT_TARGET_URL" systemd --branch "$PACKIT_TARGET_BRANCH"

52
0114-fmf-Only-mess-with-etc-yum.repos.d-when-running-with.patch Normal file
View File

@ -0,0 +1,52 @@
From 3a93f4dc7d0d2ccb0d8339080b7638c3e8b999d7 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 8 Jan 2025 12:12:15 +0100
Subject: [PATCH] fmf: Only mess with /etc/yum.repos.d when running within
testing farm
If running tmt locally to debug the test script, make sure we don't
mess with /etc/yum.repos.d.
(cherry picked from commit 8e3347f3bd3d9a01b8f39b0858eab74084ecf20a)
---
test/fmf/integration-tests/test.sh | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh
index 0a1595fa97..347cd219a4 100755
--- a/test/fmf/integration-tests/test.sh
+++ b/test/fmf/integration-tests/test.sh
@@ -63,6 +63,11 @@ Release=${VERSION_ID:-rawhide}
[Build]
ToolsTreeDistribution=$ID
ToolsTreeRelease=${VERSION_ID:-rawhide}
+EOF
+
+if [[ -n "${TESTING_FARM_REQUEST_ID:-}" ]]; then
+ tee --append mkosi.local.conf <<EOF
+[Build]
ToolsTreeSandboxTrees=
/etc/yum.repos.d/:/etc/yum.repos.d/
/var/share/test-artifacts/:/var/share/test-artifacts/
@@ -72,14 +77,15 @@ SandboxTrees=
Environment=NO_BUILD=1
EOF
-cat /etc/dnf/dnf.conf
-cat /etc/yum.repos.d/*
+ cat /etc/dnf/dnf.conf
+ cat /etc/yum.repos.d/*
-# Ensure packages built for this test have highest priority
-echo -e "\npriority=1" >> /etc/yum.repos.d/copr_build*
+ # Ensure packages built for this test have highest priority
+ echo -e "\npriority=1" >> /etc/yum.repos.d/copr_build*
-# Disable mkosi's own repository logic
-touch /etc/yum.repos.d/mkosi.repo
+ # Disable mkosi's own repository logic
+ touch /etc/yum.repos.d/mkosi.repo
+fi
# TODO: drop once BTRFS regression is fixed in kernel 6.13
sed -i "s/Format=btrfs/Format=ext4/" mkosi.repart/10-root.conf

25
0115-fmf-Dump-CPU-and-memory-information.patch Normal file
View File

@ -0,0 +1,25 @@
From 963bfbbf696a811899545202f39d1fb3ae666d37 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 8 Jan 2025 16:41:46 +0100
Subject: [PATCH] fmf: Dump CPU and memory information
(cherry picked from commit 44368f84d7ddbec7a50648a65c27cb6a31090a29)
---
test/fmf/integration-tests/test.sh | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh
index 347cd219a4..4545090c3c 100755
--- a/test/fmf/integration-tests/test.sh
+++ b/test/fmf/integration-tests/test.sh
@@ -7,6 +7,10 @@ set -o pipefail
# Switch SELinux to permissive if possible, since the tests don't set proper contexts
setenforce 0 || true
+echo "CPU and Memory information:"
+lscpu
+lsmem
+
# Allow running the integration tests downstream in dist-git with something like
# the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR:
#

68
0116-TEST-06-SELINUX-Add-knob-to-allow-checking-for-AVCs.patch Normal file
View File

@ -0,0 +1,68 @@
From 27acc152033e3adbc744fbefa842edf28810b663 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 8 Jan 2025 13:31:11 +0100
Subject: [PATCH] TEST-06-SELINUX: Add knob to allow checking for AVCs
When running the integration tests downstream, it's useful to be
able to test that a new systemd version doesn't introduce any AVC
denials, so let's add a knob to make that possible.
(cherry picked from commit de19520ec979902fd457515d1a795210fdaedf93)
---
test/README.testsuite | 10 ++++++++++
test/fmf/integration-tests/test.sh | 7 +++++++
test/units/TEST-06-SELINUX.sh | 4 ++++
3 files changed, 21 insertions(+)
diff --git a/test/README.testsuite b/test/README.testsuite
index da2d17a6db..6b367aa673 100644
--- a/test/README.testsuite
+++ b/test/README.testsuite
@@ -151,6 +151,16 @@ that make use of `run_testcases`.
`TEST_SKIP_TESTCASE=testcase`: takes a space separated list of testcases to skip.
+### SELinux AVCs
+
+To have `TEST-06-SELINUX` check for SELinux denials, write the following to
+mkosi.local.conf:
+
+```conf
+[Runtime]
+KernelCommandLineExtra=systemd.setenv=TEST_SELINUX_CHECK_AVCS=1
+```
+
## Ubuntu CI
New PRs submitted to the project are run through regression tests, and one set
diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh
index 4545090c3c..fccfa15c72 100755
--- a/test/fmf/integration-tests/test.sh
+++ b/test/fmf/integration-tests/test.sh
@@ -69,6 +69,13 @@ ToolsTreeDistribution=$ID
ToolsTreeRelease=${VERSION_ID:-rawhide}
EOF
+if [[ -n "${TEST_SELINUX_CHECK_AVCS:-}" ]]; then
+ tee --append mkosi.local.conf <<EOF
+[Runtime]
+KernelCommandLineExtra=systemd.setenv=TEST_SELINUX_CHECK_AVCS=$TEST_SELINUX_CHECK_AVCS
+EOF
+fi
+
if [[ -n "${TESTING_FARM_REQUEST_ID:-}" ]]; then
tee --append mkosi.local.conf <<EOF
[Build]
diff --git a/test/units/TEST-06-SELINUX.sh b/test/units/TEST-06-SELINUX.sh
index 937a04005a..4ab9224a9e 100755
--- a/test/units/TEST-06-SELINUX.sh
+++ b/test/units/TEST-06-SELINUX.sh
@@ -46,4 +46,8 @@ NSPAWN_ARGS=(systemd-nspawn -q --volatile=yes --directory=/ --bind-ro=/etc --ina
[[ "$("${NSPAWN_ARGS[@]}" --selinux-apifs-context="$CONTEXT" stat --printf %C /run)" == "$CONTEXT" ]]
[[ "$("${NSPAWN_ARGS[@]}" --selinux-apifs-context="$CONTEXT" --tmpfs=/tmp stat --printf %C /tmp)" == "$CONTEXT" ]]
+if [[ -n "${TEST_SELINUX_CHECK_AVCS:-}" ]] && ((TEST_SELINUX_CHECK_AVCS)); then
+ (! journalctl -t audit -g AVC -o cat)
+fi
+
touch /testok

27
0117-fmf-Force-SELinux-relabel-when-running-within-testin.patch Normal file
View File

@ -0,0 +1,27 @@
From 93efcc17c66fcb80c1d81d262878e780bc8f4fbe Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 8 Jan 2025 16:03:06 +0100
Subject: [PATCH] fmf: Force SELinux relabel when running within testing farm
We expect to run as root within testing farm and to have permissions
to do selinux relabelling so let's enable it explicitly.
(cherry picked from commit e1c883bf32f3922bfc977701062e353c0a0a4ac5)
---
test/fmf/integration-tests/test.sh | 3 +++
1 file changed, 3 insertions(+)
diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh
index fccfa15c72..8cea79cf30 100755
--- a/test/fmf/integration-tests/test.sh
+++ b/test/fmf/integration-tests/test.sh
@@ -78,6 +78,9 @@ fi
if [[ -n "${TESTING_FARM_REQUEST_ID:-}" ]]; then
tee --append mkosi.local.conf <<EOF
+[Content]
+SELinuxRelabel=yes
+
[Build]
ToolsTreeSandboxTrees=
/etc/yum.repos.d/:/etc/yum.repos.d/

22
0118-test-Drop-set-x-from-integration-test-setup.sh.patch Normal file
View File

@ -0,0 +1,22 @@
From 16ae6d001d3875352bf2f219df4940c373dec42b Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 9 Jan 2025 11:27:51 +0100
Subject: [PATCH] test: Drop set -x from integration-test-setup.sh
(cherry picked from commit 90538ede55ac9d40dc513f64f052c687672cae89)
---
test/integration-test-setup.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/integration-test-setup.sh b/test/integration-test-setup.sh
index d7c384a97c..c67f938acf 100755
--- a/test/integration-test-setup.sh
+++ b/test/integration-test-setup.sh
@@ -1,6 +1,6 @@
#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later
-set -eux
+set -eu
set -o pipefail
case "$1" in

50
0119-test-Only-plug-in-integration-test-setup.sh-in-inter.patch Normal file
View File

@ -0,0 +1,50 @@
From a4ae723295fce23012996e6e2be2fca25a59383f Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 9 Jan 2025 11:28:15 +0100
Subject: [PATCH] test: Only plug in integration-test-setup.sh in interactive
mode
If we're not running interactively, there's no point in the features
from integration-test-setup.sh which are intended for interactive
development and debugging so lets skip adding it in that case.
(cherry picked from commit 794d456cf402a35290d6562c21f0ff846511026c)
---
test/integration-test-wrapper.py | 9 +++++++++
test/test.service.in | 2 --
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py
index ef6df8840f..5fa0325b88 100755
--- a/test/integration-test-wrapper.py
+++ b/test/integration-test-wrapper.py
@@ -459,6 +459,15 @@ def main() -> None:
"""
)
+ if sys.stderr.isatty():
+ dropin += textwrap.dedent(
+ """
+ [Service]
+ ExecStartPre=/usr/lib/systemd/tests/testdata/integration-test-setup.sh setup
+ ExecStopPost=/usr/lib/systemd/tests/testdata/integration-test-setup.sh finalize
+ """
+ )
+
cmd = [
args.mkosi,
'--directory', os.fspath(args.meson_source_dir),
diff --git a/test/test.service.in b/test/test.service.in
index 6400be0700..75f703698f 100644
--- a/test/test.service.in
+++ b/test/test.service.in
@@ -7,9 +7,7 @@ Before=getty-pre.target
[Service]
ExecStartPre=rm -f /failed /testok
-ExecStartPre=/usr/lib/systemd/tests/testdata/integration-test-setup.sh setup
ExecStart=@command@
-ExecStopPost=/usr/lib/systemd/tests/testdata/integration-test-setup.sh finalize
Type=oneshot
MemoryAccounting=@memory-accounting@
StateDirectory=%N

93
0120-mkosi-Re-enable-TEST-21-DFUZZER-when-running-with-sa.patch Normal file
View File

@ -0,0 +1,93 @@
From 13f4c782dd5bc2e6b7d852869b590122b7ad301c Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 7 Jan 2025 15:01:02 +0100
Subject: [PATCH] mkosi: Re-enable TEST-21-DFUZZER when running with sanitizers
Similar to how CentOS CI did it previously, let's only run
TEST-21-DFUZZER when built with sanitizers for maximum effect.
(cherry picked from commit 103e92810a4bd3f01d2a49d85ef9575d60a8d244)
---
.github/workflows/mkosi.yml | 8 ++++++++
test/TEST-21-DFUZZER/meson.build | 1 -
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index a043022ce0..592ed41051 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -61,6 +61,7 @@ jobs:
cflags: "-O2 -D_FORTIFY_SOURCE=3"
relabel: no
vm: 1
+ skip: TEST-21-DFUZZER
- distro: debian
release: testing
sanitizers: ""
@@ -68,6 +69,7 @@ jobs:
cflags: "-Og"
relabel: no
vm: 0
+ skip: TEST-21-DFUZZER
- distro: ubuntu
release: noble
sanitizers: ""
@@ -75,6 +77,7 @@ jobs:
cflags: "-Og"
relabel: no
vm: 0
+ skip: TEST-21-DFUZZER
- distro: fedora
release: "41"
sanitizers: ""
@@ -82,6 +85,7 @@ jobs:
cflags: "-Og"
relabel: yes
vm: 0
+ skip: TEST-21-DFUZZER
- distro: fedora
release: rawhide
sanitizers: address,undefined
@@ -96,6 +100,7 @@ jobs:
cflags: "-Og"
relabel: no
vm: 0
+ skip: TEST-21-DFUZZER
- distro: centos
release: "9"
sanitizers: ""
@@ -103,6 +108,7 @@ jobs:
cflags: "-Og"
relabel: yes
vm: 0
+ skip: TEST-21-DFUZZER
- distro: centos
release: "10"
sanitizers: ""
@@ -110,6 +116,7 @@ jobs:
cflags: "-Og"
relabel: yes
vm: 0
+ skip: TEST-21-DFUZZER
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
@@ -195,6 +202,7 @@ jobs:
mkosi sandbox \
env \
TEST_PREFER_QEMU=${{ matrix.vm }} \
+ TEST_SKIP=${{ matrix.skip }} \
meson test \
-C build \
--no-rebuild \
diff --git a/test/TEST-21-DFUZZER/meson.build b/test/TEST-21-DFUZZER/meson.build
index f57be63380..932f0c5f0e 100644
--- a/test/TEST-21-DFUZZER/meson.build
+++ b/test/TEST-21-DFUZZER/meson.build
@@ -6,6 +6,5 @@ integration_tests += [
'timeout' : 3600,
'priority' : 50,
'vm' : true,
- 'enabled' : false,
},
]

28
0121-fmf-Move-meson-logs-and-failed-test-journals-to-test.patch Normal file
View File

@ -0,0 +1,28 @@
From a8c7d1de26dcae24618b264afc30dce4ebd621fe Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 9 Jan 2025 15:13:18 +0100
Subject: [PATCH] fmf: Move meson logs and failed test journals to test
artifacts dir
(cherry picked from commit 0e444c948e7d8ddbdec83116b68af7d876e2d2f6)
---
test/fmf/integration-tests/test.sh | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh
index 8cea79cf30..762016f2a5 100755
--- a/test/fmf/integration-tests/test.sh
+++ b/test/fmf/integration-tests/test.sh
@@ -125,6 +125,11 @@ mkosi -f sandbox \
--suite integration-tests \
--print-errorlogs \
--no-stdsplit \
- --num-processes "$(($(nproc) - 1))"
+ --num-processes "$(($(nproc) - 1))" && EC=0 || EC=$?
+
+find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \;
+find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \;
popd
+
+exit "$EC"

23
0122-fmf-Log-clock-source.patch Normal file
View File

@ -0,0 +1,23 @@
From fc15f5990beffe8b2b93393685e5cc8e0cd21e45 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 9 Jan 2025 15:24:51 +0100
Subject: [PATCH] fmf: Log clock source
(cherry picked from commit 6e761c5a93278fc719a66f7c984af9608b836991)
---
test/fmf/integration-tests/test.sh | 2 ++
1 file changed, 2 insertions(+)
diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh
index 762016f2a5..d1e43b1d7d 100755
--- a/test/fmf/integration-tests/test.sh
+++ b/test/fmf/integration-tests/test.sh
@@ -11,6 +11,8 @@ echo "CPU and Memory information:"
lscpu
lsmem
+echo "Clock source: $(cat /sys/devices/system/clocksource/clocksource0/current_clocksource)"
+
# Allow running the integration tests downstream in dist-git with something like
# the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR:
#

8
0145-tree-wide-Fix-python-formatting.patch → 0123-tree-wide-Fix-python-formatting.patch
View File

@ -1,4 +1,4 @@
From 879603eda7440bf84a4094863283d556c8562907 Mon Sep 17 00:00:00 2001
From f6343a52f9a8945a32e3c9ced07572e1a7747f23 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 9 Jan 2025 16:24:22 +0100
Subject: [PATCH] tree-wide: Fix python formatting
@ -7,8 +7,6 @@ The new release of ruff formats a few more things which causes linter
failures in CI so let's fix those formatting nits.
(cherry picked from commit 96403d5121d93dd47dbe9dab5b90ff973e664ac3)
Related: RHEL-57603
---
src/ukify/ukify.py | 6 +++---
test/integration-test-wrapper.py | 6 +++---
@ -46,7 +44,7 @@ index 3f36aa7af6..be4e30eb8e 100755
@contextlib.contextmanager
diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py
index ef6df8840f..eacfeffe9c 100755
index 5fa0325b88..d9d92fcba3 100755
--- a/test/integration-test-wrapper.py
+++ b/test/integration-test-wrapper.py
@@ -429,7 +429,7 @@ def main() -> None:
@ -67,7 +65,7 @@ index ef6df8840f..eacfeffe9c 100755
"""
)
@@ -559,7 +559,7 @@ def main() -> None:
@@ -568,7 +568,7 @@ def main() -> None:
ops += [f'journalctl --file {journal_file} --no-hostname -o short-monotonic -u {args.unit} -p info']

72
0124-test-Add-option-to-save-in-progress-test-journals-to.patch Normal file
View File

@ -0,0 +1,72 @@
From 7713732dfd1f59d55e1e7e02b48f224ea672eda9 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 10 Jan 2025 14:27:33 +0100
Subject: [PATCH] test: Add option to save in progress test journals to /tmp
The journal isn't the best at being fast, especially when writing
to disk and not to memory, which can cause integration tests to
grind to a halt on beefy systems due to all the systemd-journal-remote
instances not being able to write journal entries to disk fast enough.
Let's introduce an option to allow writing in progress test journals
to use /tmp which can be used on beefy systems with lots of memory to
speed things up.
(cherry picked from commit e49fdecd161b3d391e55311652fda3220d851fa1)
---
test/README.testsuite | 4 ++++
test/integration-test-wrapper.py | 12 +++++++++++-
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/test/README.testsuite b/test/README.testsuite
index 6b367aa673..e33c08f33a 100644
--- a/test/README.testsuite
+++ b/test/README.testsuite
@@ -151,6 +151,10 @@ that make use of `run_testcases`.
`TEST_SKIP_TESTCASE=testcase`: takes a space separated list of testcases to skip.
+`TEST_JOURNAL_USE_TMP=1`: Write test journal to `/tmp` while the test is in
+progress and only move the journal to its final location in the build directory
+(`$BUILD_DIR/test/journal`) when the test is finished.
+
### SELinux AVCs
To have `TEST-06-SELINUX` check for SELinux denials, write the following to
diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py
index d9d92fcba3..1c28cf3776 100755
--- a/test/integration-test-wrapper.py
+++ b/test/integration-test-wrapper.py
@@ -10,6 +10,7 @@ import json
import os
import re
import shlex
+import shutil
import subprocess
import sys
import tempfile
@@ -441,7 +442,11 @@ def main() -> None:
"""
)
- journal_file = (args.meson_build_dir / (f'test/journal/{name}.journal')).absolute()
+ if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1':
+ journal_file = Path(f'/tmp/systemd-integration-tests/journal/{name.journal}')
+ else:
+ journal_file = (args.meson_build_dir / f'test/journal/{name}.journal').absolute()
+
journal_file.unlink(missing_ok=True)
if not sys.stderr.isatty():
@@ -551,6 +556,11 @@ def main() -> None:
):
journal_file.unlink(missing_ok=True)
+ if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1':
+ dst = args.meson_build_dir / f'test/journal/{name}.journal'
+ dst.parent.mkdir(parents=True, exist_ok=True)
+ shutil.move(journal_file, dst)
+
if shell or (result.returncode in (args.exit_code, 77) and not coredumps and not sanitizer):
exit(0 if shell or result.returncode == args.exit_code else 77)

24
0125-test-Don-t-register-machines-with-machined-unless-we.patch Normal file
View File

@ -0,0 +1,24 @@
From 9f5b0ea9337597f051c26fcc7ad793c71241c6e0 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 10 Jan 2025 14:29:58 +0100
Subject: [PATCH] test: Don't register machines with machined unless we're in
interactive mode
(cherry picked from commit 84b30442d257102a9a39122f9a537fa48fb0bfda)
---
test/integration-test-wrapper.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py
index 1c28cf3776..94904cfbc4 100755
--- a/test/integration-test-wrapper.py
+++ b/test/integration-test-wrapper.py
@@ -516,7 +516,7 @@ def main() -> None:
]
),
'--credential', f"journal.storage={'persistent' if sys.stderr.isatty() else args.storage}",
- *(['--runtime-build-sources=no'] if not sys.stderr.isatty() else []),
+ *(['--runtime-build-sources=no', '--register=no'] if not sys.stderr.isatty() else []),
'vm' if args.vm or os.getuid() != 0 or os.getenv('TEST_PREFER_QEMU', '0') == '1' else 'boot',
] # fmt: skip

37
0126-test-Move-StateDirectory-directive-into-dropin.patch Normal file
View File

@ -0,0 +1,37 @@
From 34581e87d6f279057fa7ce371bb42381f477a72c Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 10 Jan 2025 14:51:24 +0100
Subject: [PATCH] test: Move StateDirectory= directive into dropin
The integration-test-setup calls require StateDirectory= but some
tests override the test unit used which then won't have StateDirectory=
so let's move StateDirectory= into the dropin as well to avoid this
issue.
(cherry picked from commit 1f17ec0ed419627a686ee6e719ac7f55cf082ada)
---
test/integration-test-wrapper.py | 1 +
test/test.service.in | 1 -
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py
index 94904cfbc4..610c34c903 100755
--- a/test/integration-test-wrapper.py
+++ b/test/integration-test-wrapper.py
@@ -470,6 +470,7 @@ def main() -> None:
[Service]
ExecStartPre=/usr/lib/systemd/tests/testdata/integration-test-setup.sh setup
ExecStopPost=/usr/lib/systemd/tests/testdata/integration-test-setup.sh finalize
+ StateDirectory=%N
"""
)
diff --git a/test/test.service.in b/test/test.service.in
index 75f703698f..790c513da4 100644
--- a/test/test.service.in
+++ b/test/test.service.in
@@ -10,4 +10,3 @@ ExecStartPre=rm -f /failed /testok
ExecStart=@command@
Type=oneshot
MemoryAccounting=@memory-accounting@
-StateDirectory=%N

25
0127-fmf-Bump-inotify-limits-to-avoid-systemd-nspawn-fail.patch Normal file
View File

@ -0,0 +1,25 @@
From f4ad1e0709755046adcc2fdbddcd406fcf6dd85b Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 10 Jan 2025 15:26:37 +0100
Subject: [PATCH] fmf: Bump inotify limits to avoid systemd-nspawn failures
(cherry picked from commit c32a8cdaa0f03ae29e9edade1213cc2001b28000)
---
test/fmf/integration-tests/test.sh | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh
index d1e43b1d7d..34bf1abfa8 100755
--- a/test/fmf/integration-tests/test.sh
+++ b/test/fmf/integration-tests/test.sh
@@ -13,6 +13,10 @@ lsmem
echo "Clock source: $(cat /sys/devices/system/clocksource/clocksource0/current_clocksource)"
+# Bump inotify limits so nspawn containers don't run out of inotify file descriptors.
+sysctl fs.inotify.max_user_watches=65536
+sysctl fs.inotify.max_user_instances=1024
+
# Allow running the integration tests downstream in dist-git with something like
# the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR:
#

42
0128-fmf-Use-different-heuristic-on-beefy-systems.patch Normal file
View File

@ -0,0 +1,42 @@
From 562bb35dc778ce362d02d27d1554ab872caf486d Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 10 Jan 2025 15:26:54 +0100
Subject: [PATCH] fmf: Use different heuristic on beefy systems
If we save journals in /tmp, we can run a larger number of tests in
parallel so let's make use of the larger number of CPUs if the tests
run on a beefy machine.
(cherry picked from commit 53546c71fe0a1b30ee296df84bb8c3577f5675a4)
---
test/fmf/integration-tests/test.sh | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh
index 34bf1abfa8..06a98bfd7a 100755
--- a/test/fmf/integration-tests/test.sh
+++ b/test/fmf/integration-tests/test.sh
@@ -116,6 +116,14 @@ if [[ ! -e /dev/kvm ]]; then
export TEST_NO_QEMU=1
fi
+NPROC="$(nproc)"
+if [[ "$NPROC" -ge 10 ]]; then
+ export TEST_JOURNAL_USE_TMP=1
+ NPROC="$((NPROC / 3))"
+else
+ NPROC="$((NPROC - 1))"
+fi
+
# Create missing mountpoint for mkosi sandbox.
mkdir -p /etc/pacman.d/gnupg
@@ -131,7 +139,7 @@ mkosi -f sandbox \
--suite integration-tests \
--print-errorlogs \
--no-stdsplit \
- --num-processes "$(($(nproc) - 1))" && EC=0 || EC=$?
+ --num-processes "$NPROC" && EC=0 || EC=$?
find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \;
find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \;

28
0129-fmf-Skip-TEST-21-DFUZZER.patch Normal file
View File

@ -0,0 +1,28 @@
From 8ba14c6907ce131023aac96a5656f378603d8d26 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 10 Jan 2025 15:29:28 +0100
Subject: [PATCH] fmf: Skip TEST-21-DFUZZER
Similar to Github Actions, since we don't build with sanitizers in
the packit job, let's skip TEST-21-DFUZZER.
(cherry picked from commit e0c2fd6a3345d26afdf4159406c38cd9101d2e0d)
---
test/fmf/integration-tests/test.sh | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh
index 06a98bfd7a..f82961f959 100755
--- a/test/fmf/integration-tests/test.sh
+++ b/test/fmf/integration-tests/test.sh
@@ -124,6 +124,10 @@ else
NPROC="$((NPROC - 1))"
fi
+# This test is only really useful if we're building with sanitizers and takes a long time, so let's skip it
+# for now.
+export TEST_SKIP="TEST-21-DFUZZER"
+
# Create missing mountpoint for mkosi sandbox.
mkdir -p /etc/pacman.d/gnupg

23
0130-test-Fix-bug-in-integration-test-wrapper.patch Normal file
View File

@ -0,0 +1,23 @@
From d6ebbd871e33954495644862f3067e71c0686fd9 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 13 Jan 2025 10:33:20 +0100
Subject: [PATCH] test: Fix bug in integration test wrapper
(cherry picked from commit 79ac78e3680a425d86c7a90e6846c630c9583b48)
---
test/integration-test-wrapper.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py
index 610c34c903..5321faef57 100755
--- a/test/integration-test-wrapper.py
+++ b/test/integration-test-wrapper.py
@@ -443,7 +443,7 @@ def main() -> None:
)
if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1':
- journal_file = Path(f'/tmp/systemd-integration-tests/journal/{name.journal}')
+ journal_file = Path(f'/tmp/systemd-integration-tests/journal/{name}.journal')
else:
journal_file = (args.meson_build_dir / f'test/journal/{name}.journal').absolute()

24
0131-test-Only-move-journal-file-if-we-didn-t-just-unlink.patch Normal file
View File

@ -0,0 +1,24 @@
From 3dbbf85013040972df4974b7a24b1b603fd5bdea Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 14 Jan 2025 09:52:40 +0100
Subject: [PATCH] test: Only move journal file if we didn't just unlink it
(cherry picked from commit 1d77ac19cfa1c9b194d7e9805430ab6fd38ba97e)
---
test/integration-test-wrapper.py | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py
index 5321faef57..a7bf5ea606 100755
--- a/test/integration-test-wrapper.py
+++ b/test/integration-test-wrapper.py
@@ -556,8 +556,7 @@ def main() -> None:
and not sanitizer
):
journal_file.unlink(missing_ok=True)
-
- if os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1':
+ elif os.getenv('TEST_JOURNAL_USE_TMP', '0') == '1':
dst = args.meson_build_dir / f'test/journal/{name}.journal'
dst.parent.mkdir(parents=True, exist_ok=True)
shutil.move(journal_file, dst)

27
0132-fmf-Only-move-logs-if-corresponding-directory-exists.patch Normal file
View File

@ -0,0 +1,27 @@
From 373313b00dcb75e9e8400a53d84d4ad32d88c5d6 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 14 Jan 2025 11:41:17 +0100
Subject: [PATCH] fmf: Only move logs if corresponding directory exists
Otherwise find fails with an error.
(cherry picked from commit 3c2fa8e0501f9f39b3b7ca0506a7d548a39af928)
---
test/fmf/integration-tests/test.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh
index f82961f959..aff79340f7 100755
--- a/test/fmf/integration-tests/test.sh
+++ b/test/fmf/integration-tests/test.sh
@@ -145,8 +145,8 @@ mkosi -f sandbox \
--no-stdsplit \
--num-processes "$NPROC" && EC=0 || EC=$?
-find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \;
-find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \;
+[[ -d build/meson-logs ]] && find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \;
+[[ -d build/test/journal ]] && find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \;
popd

25
0133-mkosi-Install-libxslt-on-CentOS-Fedora-instead-of-xs.patch Normal file
View File

@ -0,0 +1,25 @@
From b1fe0a92eb5b6945a3b65b955517e326b1ccf518 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 14 Jan 2025 13:53:26 +0100
Subject: [PATCH] mkosi: Install libxslt on CentOS/Fedora instead of xsltproc
Same package, but xsltproc is a very recently introduced Provides
for libxslt, and isn't available on CentOS Stream 9, so let's install
the package directly instead.
(cherry picked from commit 05932f4768bc329f933774eef9a2286f706d3673)
---
mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf
index 21d3741504..80874391e5 100644
--- a/mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf
+++ b/mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf
@@ -19,5 +19,5 @@ ToolsTreePackages=
python3-mypy
python3-pytest
shellcheck
- xsltproc
+ libxslt
docbook-style-xsl

63
0134-man-Clarify-systemd-notify-and-sd_notify-PID-documen.patch Normal file
View File

@ -0,0 +1,63 @@
From 9b186fc8bc039d76d4667f92437d9ff1464d76fe Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 14 Jan 2025 16:05:33 +0100
Subject: [PATCH] man: Clarify systemd-notify and sd_notify() PID documentation
Let's clarify more explicitly that privileged calls to
systemd-notify --pid= and sd_pid_notify() effectively override any
configured NotifyAccess=main|exec for a service.
(cherry picked from commit bbe9e03f8066d1001497494ee862cf45f986b854)
---
man/sd_notify.xml | 9 ++++++---
man/systemd-notify.xml | 15 +++++++++++----
2 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/man/sd_notify.xml b/man/sd_notify.xml
index 6aaaa64b3f..a465e02f52 100644
--- a/man/sd_notify.xml
+++ b/man/sd_notify.xml
@@ -140,9 +140,12 @@
<para><function>sd_pid_notify()</function> and <function>sd_pid_notifyf()</function> are similar to
<function>sd_notify()</function> and <function>sd_notifyf()</function> but take a process ID (PID) to use
as originating PID for the message as first argument. This is useful to send notification messages on
- behalf of other processes, provided the appropriate privileges are available. If the PID argument is
- specified as 0, the process ID of the calling process is used, in which case the calls are fully
- equivalent to <function>sd_notify()</function> and <function>sd_notifyf()</function>.</para>
+ behalf of other processes, provided the appropriate privileges are available. Effectively, this means
+ that a privileged invocation of <command>sd_pid_notify()</command> may circumvent
+ <varname>NotifyAccess=main</varname> or <varname>NotifyAccess=exec</varname> restrictions enforced for a
+ service. If the PID argument is specified as 0, the process ID of the calling process is used, in which
+ case the calls are fully equivalent to <function>sd_notify()</function> and
+ <function>sd_notifyf()</function>.</para>
<para><function>sd_pid_notify_with_fds()</function> is similar to <function>sd_pid_notify()</function>
but takes an additional array of file descriptors. These file descriptors are sent along the notification
diff --git a/man/systemd-notify.xml b/man/systemd-notify.xml
index 55bb8c59cf..9a66721a61 100644
--- a/man/systemd-notify.xml
+++ b/man/systemd-notify.xml
@@ -125,12 +125,19 @@
argument is specified as <literal>self</literal>, the PID of the <command>systemd-notify</command>
command itself is used, and if <literal>parent</literal> is specified the calling process' PID is
used — even if it is the service manager. <option>--pid=auto</option> is equivalent to <command>systemd-notify
- MAINPID=$PID</command>. For details about the semantics of this option see
+ --pid=$PID</command>. For details about the semantics of this option see
<citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para>
- <para>If this switch is used in an <command>systemd-notify</command> invocation from a process that
- shall become the new main process of a service — and which is not the process forked off by the
- service manager (or the current main process) —, then it is essential to set
+ <para><command>systemd-notify</command> will first attempt to invoke <function>sd_notify()</function>
+ pretending to have the PID specified with <option>--pid=</option>. This will only succeed when
+ invoked with sufficient privileges. On failure, it will then fall back to invoking it under its own
+ PID. Effectively, this means that a privileged invocation of <command>systemd-notify --pid=</command>
+ may circumvent <varname>NotifyAccess=main</varname> or <varname>NotifyAccess=exec</varname>
+ restrictions enforced for a service.</para>
+
+ <para>If this switch is used in an unprivileged <command>systemd-notify</command> invocation from a
+ process that shall become the new main process of a service — and which is not the process forked off
+ by the service manager (or the current main process) —, then it is essential to set
<varname>NotifyAccess=all</varname> in the service unit file, or otherwise the notification will be
ignored for security reasons. See
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>

37
0135-mkosi-Update-to-latest.patch Normal file
View File

@ -0,0 +1,37 @@
From e03b91918ce9d912b5216e74c02be659afb33d0e Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 15 Jan 2025 10:21:12 +0100
Subject: [PATCH] mkosi: Update to latest
(cherry picked from commit 82d6bcbdea7125d4e8d6acaa60e9847a7ce1464d)
---
.github/workflows/coverage.yml | 2 +-
.github/workflows/mkosi.yml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index e678283143..ac4cec40a6 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -16,7 +16,7 @@ jobs:
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- - uses: systemd/mkosi@7051715d8541d4d077a218f7445976225ec74d78
+ - uses: systemd/mkosi@c1ae257e270e768088eadf7b44fbbbb48c575709
# Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
# immediately, we remove the files in the background. However, we first move them to a different location
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index 592ed41051..4c176e971f 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -120,7 +120,7 @@ jobs:
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- - uses: systemd/mkosi@7051715d8541d4d077a218f7445976225ec74d78
+ - uses: systemd/mkosi@c1ae257e270e768088eadf7b44fbbbb48c575709
# Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
# immediately, we remove the files in the background. However, we first move them to a different location

118
0136-test-Drop-sandbox-from-integration-test-wrapper.patch Normal file
View File

@ -0,0 +1,118 @@
From da86f1201cd06aa999d6bf115500f364be3f87ed Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 15 Jan 2025 10:21:33 +0100
Subject: [PATCH] test: Drop sandbox() from integration test wrapper
With the latest changes, this is not required anymore as mkosi sandbox
will set up the proper $PATH to make sure the executables from the build
directory are used.
(cherry picked from commit ac75c5192797082c1965ab30be4711490f2937bc)
---
test/integration-test-wrapper.py | 30 +++++++++---------------------
1 file changed, 9 insertions(+), 21 deletions(-)
diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py
index a7bf5ea606..cc6e9656fd 100755
--- a/test/integration-test-wrapper.py
+++ b/test/integration-test-wrapper.py
@@ -37,15 +37,6 @@ ExecStart=false
"""
-def sandbox(args: argparse.Namespace) -> list[str]:
- return [
- args.mkosi,
- '--directory', os.fspath(args.meson_source_dir),
- '--extra-search-path', os.fspath(args.meson_build_dir),
- 'sandbox',
- ] # fmt: skip
-
-
@dataclasses.dataclass(frozen=True)
class Summary:
distribution: str
@@ -87,7 +78,7 @@ def process_coredumps(args: argparse.Namespace, journal_file: Path) -> bool:
exclude_regex = None
result = subprocess.run(
- sandbox(args) + [
+ [
'coredumpctl',
'--file', journal_file,
'--json=short',
@@ -110,7 +101,7 @@ def process_coredumps(args: argparse.Namespace, journal_file: Path) -> bool:
return False
subprocess.run(
- sandbox(args) + [
+ [
'coredumpctl',
'--file', journal_file,
'--no-pager',
@@ -152,7 +143,7 @@ def process_sanitizer_report(args: argparse.Namespace, journal_file: Path) -> bo
find_comm = re.compile(r'^\[[.0-9 ]+?\]\s(.*?:)\s')
with subprocess.Popen(
- sandbox(args) + [
+ [
'journalctl',
'--output', 'short-monotonic',
'--no-hostname',
@@ -246,7 +237,7 @@ def process_sanitizer_report(args: argparse.Namespace, journal_file: Path) -> bo
def process_coverage(args: argparse.Namespace, summary: Summary, name: str, journal_file: Path) -> None:
coverage = subprocess.run(
- sandbox(args) + [
+ [
'journalctl',
'--file', journal_file,
'--field=COVERAGE_TAR',
@@ -266,7 +257,7 @@ def process_coverage(args: argparse.Namespace, summary: Summary, name: str, jour
with tempfile.TemporaryDirectory(prefix='coverage-') as tmp:
subprocess.run(
- sandbox(args) + [
+ [
'tar',
'--extract',
'--file', '-',
@@ -288,7 +279,7 @@ def process_coverage(args: argparse.Namespace, summary: Summary, name: str, jour
p.rename(dst)
subprocess.run(
- sandbox(args) + [
+ [
'find',
tmp,
'-name', '*.gcda',
@@ -300,8 +291,7 @@ def process_coverage(args: argparse.Namespace, summary: Summary, name: str, jour
) # fmt: skip
subprocess.run(
- sandbox(args)
- + [
+ [
'rsync',
'--archive',
'--prune-empty-dirs',
@@ -315,8 +305,7 @@ def process_coverage(args: argparse.Namespace, summary: Summary, name: str, jour
)
subprocess.run(
- sandbox(args)
- + [
+ [
'lcov',
*(
[
@@ -340,8 +329,7 @@ def process_coverage(args: argparse.Namespace, summary: Summary, name: str, jour
) # fmt: skip
subprocess.run(
- sandbox(args)
- + [
+ [
'lcov',
'--ignore-errors', 'inconsistent,inconsistent,format,corrupt,empty',
'--add-tracefile', output if output.exists() else initial,

59
0137-ci-Stop-archiving-packages.patch Normal file
View File

@ -0,0 +1,59 @@
From c4195568cc5571f7130df4809de8784b34b3121c Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 15 Jan 2025 12:58:36 +0100
Subject: [PATCH] ci: Stop archiving packages
This takes up a lot of storage space and we're almost hitting the
limit so since nobody's actually using these and we just started
doing nightly builds in OBS, let's drop this and point people towards
OBS for nightly packages in the future.
(cherry picked from commit e9b9fc080f0616d08269c7e5946d2f389dff83ec)
---
.github/workflows/mkosi.yml | 12 ------------
docs/HACKING.md | 12 ------------
2 files changed, 24 deletions(-)
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index 4c176e971f..6f87b76a6c 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -221,15 +221,3 @@ jobs:
build/test/journal/*.journal
build/meson-logs/*
retention-days: 7
-
- - name: Archive packages
- uses: actions/upload-artifact@v4
- if: (success() || failure()) && (github.repository == 'systemd/systemd' || github.repository == 'systemd/systemd-stable')
- with:
- name: ci-mkosi-${{ github.run_id }}-${{ github.run_attempt }}-${{ matrix.distro }}-${{ matrix.release }}-packages
- path: |
- build/mkosi.output/*.rpm
- build/mkosi.output/*.deb
- build/mkosi.output/*.ddeb
- build/mkosi.output/*.pkg.tar
- retention-days: 4
diff --git a/docs/HACKING.md b/docs/HACKING.md
index b6aeff11c3..fb9eea47f0 100644
--- a/docs/HACKING.md
+++ b/docs/HACKING.md
@@ -147,18 +147,6 @@ dnf downgrade "systemd*" # Fedora/CentOS
# TODO: Other distributions
```
-Additionally, for each pull request, the built distribution packages are
-attached as CI artifacts to the pull request CI jobs, which means that users can
-download and install them to test out if a pull request fixes the issue that
-they reported. To download the packages from a pull request, click on the
-`Checks` tab. Then click on the `mkosi` workflow in the list of workflows on the
-left of the `Checks` page. Finally, scroll down to find the list of CI
-artifacts. In this list of artifacts you can find artifacts containing
-distribution packages. To install these, download the artifact which is a zip
-archive, extract the zip archive to access the individual packages, and install
-them with your package manager in the same way as described above for packages
-that were built locally.
-
## Templating engines in .in files
Some source files are generated during build. We use two templating engines:

28
0138-sbsign-Make-two-debug-logs-into-error-logs.patch Normal file
View File

@ -0,0 +1,28 @@
From 07bab464a54b4fc11e1f17860394e2f307a0f5ce Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 20 Jan 2025 09:01:37 +0100
Subject: [PATCH] sbsign: Make two debug logs into error logs
(cherry picked from commit 7180a3b38ca4c167ab2df12bec02058878f8142c)
---
src/sbsign/sbsign.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/sbsign/sbsign.c b/src/sbsign/sbsign.c
index d17fdfea5e..0448c92429 100644
--- a/src/sbsign/sbsign.c
+++ b/src/sbsign/sbsign.c
@@ -240,11 +240,11 @@ static int verb_sign(int argc, char *argv[], void *userdata) {
struct stat st;
if (fstat(srcfd, &st) < 0)
- return log_debug_errno(errno, "Failed to stat %s: %m", argv[1]);
+ return log_error_errno(errno, "Failed to stat %s: %m", argv[1]);
r = stat_verify_regular(&st);
if (r < 0)
- return log_debug_errno(r, "%s is not a regular file: %m", argv[1]);
+ return log_error_errno(r, "%s is not a regular file: %m", argv[1]);
_cleanup_(unlink_and_freep) char *tmp = NULL;
_cleanup_close_ int dstfd = open_tmpfile_linkable(arg_output, O_RDWR|O_CLOEXEC, &tmp);

25
0139-sbsign-Make-sure-output-file-mode-respects-umask.patch Normal file
View File

@ -0,0 +1,25 @@
From c32efe0007762cc6c751c15c5175a40b1e2b5075 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Sun, 19 Jan 2025 22:48:21 +0100
Subject: [PATCH] sbsign: Make sure output file mode respects umask
(cherry picked from commit 6f594acd632f61fde4b1c33bfcab3954ec304e8a)
---
src/sbsign/sbsign.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/sbsign/sbsign.c b/src/sbsign/sbsign.c
index 0448c92429..73087a59f7 100644
--- a/src/sbsign/sbsign.c
+++ b/src/sbsign/sbsign.c
@@ -251,6 +251,10 @@ static int verb_sign(int argc, char *argv[], void *userdata) {
if (dstfd < 0)
return log_error_errno(r, "Failed to open temporary file: %m");
+ r = fchmod_umask(dstfd, 0666);
+ if (r < 0)
+ log_debug_errno(r, "Failed to change temporary file mode: %m");
+
r = copy_bytes(srcfd, dstfd, UINT64_MAX, COPY_REFLINK);
if (r < 0)
return log_error_errno(r, "Failed to copy %s to %s: %m", argv[1], tmp);

27
0140-mkosi-Don-t-set-ToolsTreeRepositories-for-CentOS-Str.patch Normal file
View File

@ -0,0 +1,27 @@
From 053b8c9854d08e3866ecf15f72ee1f3681ea648a Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 17 Jan 2025 15:29:14 +0100
Subject: [PATCH] mkosi: Don't set ToolsTreeRepositories= for CentOS Stream
tools
mkosi does this itself so no need to do it in systemd.
(cherry picked from commit 8fa4a292a64c71a05869f495fab77f2d2bd08894)
---
mkosi.conf.d/05-tools/mkosi.conf.d/centos.conf | 7 -------
1 file changed, 7 deletions(-)
delete mode 100644 mkosi.conf.d/05-tools/mkosi.conf.d/centos.conf
diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/centos.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/centos.conf
deleted file mode 100644
index 737fec3a3d..0000000000
--- a/mkosi.conf.d/05-tools/mkosi.conf.d/centos.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-ToolsTreeDistribution=centos
-
-[Build]
-ToolsTreeRepositories=epel,epel-next

37
0141-mkosi-Update-to-latest.patch Normal file
View File

@ -0,0 +1,37 @@
From 343229e6a33f4334e1bc30a24137c5ae6c5e9aec Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 17 Jan 2025 15:12:46 +0100
Subject: [PATCH] mkosi: Update to latest
(cherry picked from commit 685666afd824a28c38ae7ee68c8891b03cb122de)
---
.github/workflows/coverage.yml | 2 +-
.github/workflows/mkosi.yml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index ac4cec40a6..2bb9be7d7a 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -16,7 +16,7 @@ jobs:
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- - uses: systemd/mkosi@c1ae257e270e768088eadf7b44fbbbb48c575709
+ - uses: systemd/mkosi@00db6f1a12fb04ed9f837b40ff34f82fab4d4a03
# Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
# immediately, we remove the files in the background. However, we first move them to a different location
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index 6f87b76a6c..e91f41db53 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -120,7 +120,7 @@ jobs:
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- - uses: systemd/mkosi@c1ae257e270e768088eadf7b44fbbbb48c575709
+ - uses: systemd/mkosi@00db6f1a12fb04ed9f837b40ff34f82fab4d4a03
# Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
# immediately, we remove the files in the background. However, we first move them to a different location

53
0142-mkosi-Use-a-bigger-variety-of-tools-tree-distributio.patch Normal file
View File

@ -0,0 +1,53 @@
From 89c95c3a2c1d7868d8f3424aaaeebd1db86df56b Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 17 Jan 2025 13:28:47 +0100
Subject: [PATCH] mkosi: Use a bigger variety of tools tree distributions
Let's add more coverage for building with tools trees by building
each image with a tools tree of the same distribution and release.
Because not every tools tree distribution has a newer meson yet, we
only use --max-lines= when meson actually knows the option.
(cherry picked from commit 7645139bd7c7ccd10849c43644286e4877719a45)
---
.github/workflows/mkosi.yml | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index e91f41db53..3a90bd6680 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -159,8 +159,8 @@ jobs:
[Build]
UseSubvolumes=yes
- ToolsTreeDistribution=fedora
- ToolsTreeRelease=rawhide
+ ToolsTreeDistribution=${{ matrix.distro }}
+ ToolsTreeRelease=${{ matrix.release }}
WorkspaceDirectory=$TMPDIR
PackageCacheDirectory=$TMPDIR/cache
@@ -198,6 +198,12 @@ jobs:
- name: Run integration tests
run: |
+ if [[ "$(mkosi sandbox meson test --help)" == *"--max-lines"* ]]; then
+ MAX_LINES=(--max-lines 300)
+ else
+ MAX_LINES=()
+ fi
+
sudo --preserve-env \
mkosi sandbox \
env \
@@ -210,7 +216,7 @@ jobs:
--print-errorlogs \
--no-stdsplit \
--num-processes "$(($(nproc) - 1))" \
- --max-lines 300
+ "${MAX_LINES[@]}"
- name: Archive failed test journals
uses: actions/upload-artifact@v4

89
0143-mkosi-lcov-and-shellcheck-are-not-in-EPEL-10.patch Normal file
View File

@ -0,0 +1,89 @@
From 7727a7896acca073ef5cd43b3818510ca1c645a7 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 17 Jan 2025 15:35:37 +0100
Subject: [PATCH] mkosi: lcov and shellcheck are not in EPEL 10
Let's drop these from CentOS Stream tools trees as they are not in
EPEL 10 yet.
(cherry picked from commit 7a75a6f70f037d3403c5f2c13ecc2b814fc26867)
---
mkosi.conf.d/05-tools/mkosi.conf | 1 -
mkosi.conf.d/05-tools/mkosi.conf.d/arch.conf | 1 +
mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf | 1 -
mkosi.conf.d/05-tools/mkosi.conf.d/debian-ubuntu.conf | 1 +
mkosi.conf.d/05-tools/mkosi.conf.d/fedora.conf | 2 ++
mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf | 1 +
6 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/mkosi.conf.d/05-tools/mkosi.conf b/mkosi.conf.d/05-tools/mkosi.conf
index 322851b627..6656cee287 100644
--- a/mkosi.conf.d/05-tools/mkosi.conf
+++ b/mkosi.conf.d/05-tools/mkosi.conf
@@ -5,7 +5,6 @@ ToolsTreePackages=
gcc
gdb
gperf
- lcov
llvm
meson
pkgconf
diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/arch.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/arch.conf
index c6ec83a6b0..fdb147a1c7 100644
--- a/mkosi.conf.d/05-tools/mkosi.conf.d/arch.conf
+++ b/mkosi.conf.d/05-tools/mkosi.conf.d/arch.conf
@@ -7,6 +7,7 @@ ToolsTreeDistribution=arch
ToolsTreePackages=
cryptsetup
github-cli
+ lcov
libcap
libmicrohttpd
libxslt
diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf
index 80874391e5..5dc5662115 100644
--- a/mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf
+++ b/mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf
@@ -18,6 +18,5 @@ ToolsTreePackages=
python3-lxml
python3-mypy
python3-pytest
- shellcheck
libxslt
docbook-style-xsl
diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/debian-ubuntu.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/debian-ubuntu.conf
index 106072f541..c060e57e82 100644
--- a/mkosi.conf.d/05-tools/mkosi.conf.d/debian-ubuntu.conf
+++ b/mkosi.conf.d/05-tools/mkosi.conf.d/debian-ubuntu.conf
@@ -7,6 +7,7 @@ ToolsTreeDistribution=|ubuntu
[Build]
ToolsTreePackages=
gh
+ lcov
libblkid-dev
libcap-dev
libcryptsetup-dev
diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/fedora.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/fedora.conf
index 777c13f45c..66592b86ad 100644
--- a/mkosi.conf.d/05-tools/mkosi.conf.d/fedora.conf
+++ b/mkosi.conf.d/05-tools/mkosi.conf.d/fedora.conf
@@ -5,5 +5,7 @@ ToolsTreeDistribution=fedora
[Build]
ToolsTreePackages=
+ lcov
gh
ruff
+ shellcheck
diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
index 8a659360fa..aeaa325d06 100644
--- a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
+++ b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
@@ -5,6 +5,7 @@ ToolsTreeDistribution=opensuse
[Build]
ToolsTreePackages=
+ lcov
libz1
gh
mypy

46
0144-mkosi-Don-t-set-O-orphan_file-in-centos-stream-9-too.patch Normal file
View File

@ -0,0 +1,46 @@
From 9e904dd55813ebd4e19c1e151a36baecfc5c063a Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 17 Jan 2025 16:39:09 +0100
Subject: [PATCH] mkosi: Don't set -O ^orphan_file in centos stream 9 tools
tree
(cherry picked from commit 26025dba3ec967e4897338c838d21d06240a99c0)
---
mkosi.conf.d/10-centos/mkosi.conf | 3 ---
.../10-centos/mkosi.conf.d/10-orphan-file.conf | 13 +++++++++++++
2 files changed, 13 insertions(+), 3 deletions(-)
create mode 100644 mkosi.conf.d/10-centos/mkosi.conf.d/10-orphan-file.conf
diff --git a/mkosi.conf.d/10-centos/mkosi.conf b/mkosi.conf.d/10-centos/mkosi.conf
index d2178315a2..33ba3b8334 100644
--- a/mkosi.conf.d/10-centos/mkosi.conf
+++ b/mkosi.conf.d/10-centos/mkosi.conf
@@ -12,9 +12,6 @@ Environment=
# fails to mount on duplicate filesystem UUIDs which happens when running tests in parallel so we use
# ext4 instead.
SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT=ext4
- # The kernel versions in CentOS Stream 9 doesn't support orphan_file, but later versions of
- # mkfs.ext4 enabled it by default, so we disable it explicitly.
- SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file"
[Content]
Packages=
diff --git a/mkosi.conf.d/10-centos/mkosi.conf.d/10-orphan-file.conf b/mkosi.conf.d/10-centos/mkosi.conf.d/10-orphan-file.conf
new file mode 100644
index 0000000000..075df65196
--- /dev/null
+++ b/mkosi.conf.d/10-centos/mkosi.conf.d/10-orphan-file.conf
@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+ToolsTreeDistribution=|!centos
+ToolsTreeRelease=|!9
+
+[Build]
+# The kernel versions in CentOS Stream 9 doesn't support orphan_file, but later versions of
+# mkfs.ext4 enabled it by default, so we disable it explicitly. Except that older versions
+# of mkfs.ext4 don't know about "orphan_file" so we skip it on some tools tree variants where
+# we know "orphan_file" is not supported.
+Environment=
+ SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file"

90
0145-mkosi-Run-more-commands-as-root.patch Normal file
View File

@ -0,0 +1,90 @@
From 181dface152b0596de35cd753f2f67420d52b5f1 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 20 Jan 2025 13:57:02 +0100
Subject: [PATCH] mkosi: Run more commands as root
zypper has some new rather questionable userspace level permission
checking that blows ups completely when operating as root on an
cache directory owned by a non-root user, so let's build the tools
tree and set up meson as root to avoid the issue.
(https://github.com/openSUSE/libzypp/issues/603)
Also drop a leftover debug message from coverage.yml while we're at
it.
(cherry picked from commit cb13d6b44f7952fdfd1fbab99293403a107c75c0)
---
.github/workflows/coverage.yml | 20 ++++++++++++--------
.github/workflows/mkosi.yml | 10 ++++++++--
2 files changed, 20 insertions(+), 10 deletions(-)
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 2bb9be7d7a..c98ec27385 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -74,21 +74,25 @@ jobs:
run: mkosi summary
- name: Build tools tree
- run: mkosi -f sandbox true
-
- - name: PATH
- run: echo "$PATH"
+ run: sudo --preserve-env mkosi -f sandbox true
- name: Configure meson
- run: mkosi sandbox meson setup --buildtype=debugoptimized -Dintegration-tests=true build
+ run: |
+ sudo --preserve-env --preserve-env=PATH \
+ mkosi sandbox \
+ meson setup \
+ --buildtype=debugoptimized \
+ -Dintegration-tests=true \
+ build
- name: Build image
run: sudo --preserve-env mkosi sandbox meson compile -C build mkosi
- name: Initial coverage report
run: |
- mkdir -p build/test/coverage
- mkosi sandbox \
+ sudo --preserve-env mkdir -p build/test/coverage
+ sudo --preserve-env \
+ mkosi sandbox \
lcov \
--directory build/mkosi.builddir/arch~rolling~x86-64 \
--capture \
@@ -132,7 +136,7 @@ jobs:
lcov_args+=(--add-tracefile "${file}")
done < <(find build/test/coverage -name "TEST-*.coverage-info")
- mkosi sandbox lcov --ignore-errors inconsistent,inconsistent "${lcov_args[@]}" --output-file build/test/coverage/everything.coverage-info
+ sudo --preserve-env mkosi sandbox lcov --ignore-errors inconsistent,inconsistent "${lcov_args[@]}" --output-file build/test/coverage/everything.coverage-info
- name: List coverage report
run: mkosi sandbox lcov --ignore-errors inconsistent,inconsistent --list build/test/coverage/everything.coverage-info
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index 3a90bd6680..47a43c689f 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -188,10 +188,16 @@ jobs:
run: mkosi summary
- name: Build tools tree
- run: mkosi -f sandbox true
+ run: sudo --preserve-env mkosi -f sandbox true
- name: Configure meson
- run: mkosi sandbox meson setup --buildtype=debugoptimized -Dintegration-tests=true build
+ run: |
+ sudo --preserve-env --preserve-env=PATH \
+ mkosi sandbox \
+ meson setup \
+ --buildtype=debugoptimized \
+ -Dintegration-tests=true \
+ build
- name: Build image
run: sudo --preserve-env mkosi sandbox meson compile -C build mkosi

75
0146-test-Look-for-qemu-in-usr-libexec-qemu-kvm-as-well.patch Normal file
View File

@ -0,0 +1,75 @@
From 8f2383951bb48cdfd7d97c2281dcfd0ba4bdcaeb Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 21 Jan 2025 12:29:56 +0100
Subject: [PATCH] test: Look for qemu in /usr/libexec/qemu-kvm as well
On CentOS Stream, the qemu binary is /usr/libexec/qemu-kvm so use
that if it's available.
(cherry picked from commit 34da8dd345935d461a62db5787cfbc35e8be2b4b)
---
test/TEST-64-UDEV-STORAGE/nvme_basic.configure | 3 ++-
test/TEST-64-UDEV-STORAGE/nvme_subsystem.configure | 3 ++-
.../virtio_scsi_identically_named_partitions.configure | 3 ++-
3 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/test/TEST-64-UDEV-STORAGE/nvme_basic.configure b/test/TEST-64-UDEV-STORAGE/nvme_basic.configure
index 948003e4de..ed8304d804 100755
--- a/test/TEST-64-UDEV-STORAGE/nvme_basic.configure
+++ b/test/TEST-64-UDEV-STORAGE/nvme_basic.configure
@@ -3,13 +3,14 @@
import json
import os
+import shutil
import subprocess
import sys
config = json.load(sys.stdin)
-qemu = f"qemu-system-{os.environ['QEMU_ARCHITECTURE']}"
+qemu = shutil.which("/usr/libexec/qemu-kvm") or f"qemu-system-{os.environ['QEMU_ARCHITECTURE']}"
result = subprocess.run([qemu, "-device", "help"], check=True, text=True, stdout=subprocess.PIPE)
if 'name "nvme"' not in result.stdout:
print("nvme device driver is not available, skipping test...", file=sys.stderr)
diff --git a/test/TEST-64-UDEV-STORAGE/nvme_subsystem.configure b/test/TEST-64-UDEV-STORAGE/nvme_subsystem.configure
index 029d4360ba..ed8b39ac5f 100755
--- a/test/TEST-64-UDEV-STORAGE/nvme_subsystem.configure
+++ b/test/TEST-64-UDEV-STORAGE/nvme_subsystem.configure
@@ -3,13 +3,14 @@
import json
import os
+import shutil
import subprocess
import sys
config = json.load(sys.stdin)
-qemu = f"qemu-system-{os.environ['QEMU_ARCHITECTURE']}"
+qemu = shutil.which("/usr/libexec/qemu-kvm") or f"qemu-system-{os.environ['QEMU_ARCHITECTURE']}"
result = subprocess.run([qemu, "-device", "help"], check=True, text=True, stdout=subprocess.PIPE)
if 'name "nvme"' not in result.stdout:
print("nvme device driver is not available, skipping test...", file=sys.stderr)
diff --git a/test/TEST-64-UDEV-STORAGE/virtio_scsi_identically_named_partitions.configure b/test/TEST-64-UDEV-STORAGE/virtio_scsi_identically_named_partitions.configure
index dce6b1503f..5ffade5800 100755
--- a/test/TEST-64-UDEV-STORAGE/virtio_scsi_identically_named_partitions.configure
+++ b/test/TEST-64-UDEV-STORAGE/virtio_scsi_identically_named_partitions.configure
@@ -3,13 +3,14 @@
import json
import os
+import shutil
import subprocess
import sys
config = json.load(sys.stdin)
-qemu = f"qemu-system-{os.environ['QEMU_ARCHITECTURE']}"
+qemu = shutil.which("/usr/libexec/qemu-kvm") or f"qemu-system-{os.environ['QEMU_ARCHITECTURE']}"
result = subprocess.run([qemu, "-device", "help"], check=True, text=True, stdout=subprocess.PIPE)
if 'name "virtio-scsi-pci"' not in result.stdout:
print("virtio-scsi-pci device driver is not available, skipping test...", file=sys.stderr)

30
0147-TEST-74-AUX-UTILS-Move-run0-pcrlock-test-to-TEST-70-.patch Normal file
View File

@ -0,0 +1,30 @@
From e6886a6822fbb7909e36369e56b7d56f8d2e83b9 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 21 Jan 2025 13:48:13 +0100
Subject: [PATCH] TEST-74-AUX-UTILS: Move run0 pcrlock test to TEST-70-TPM
On CentOS Stream 9/10 booting mkosi qemu with --firmware=linux doesn't
add the virtual TPM to the virtual machine which means TEST-74-AUX-UTILS.run.sh
fails because it requires a TPM.
Let's move the systemd-pcrlock logic that requires a TPM to
TEST-70-TPM.pcrlock to avoid the problem.
(cherry picked from commit c0165676e9b95996a402b26c45023d9358ba159d)
---
test/units/TEST-70-TPM2.pcrlock.sh | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/test/units/TEST-70-TPM2.pcrlock.sh b/test/units/TEST-70-TPM2.pcrlock.sh
index 19af3a774d..38274991db 100755
--- a/test/units/TEST-70-TPM2.pcrlock.sh
+++ b/test/units/TEST-70-TPM2.pcrlock.sh
@@ -205,3 +205,8 @@ varlinkctl call /run/systemd/io.systemd.PCRLock io.systemd.PCRLock.MakePolicy '{
varlinkctl call --collect --json=pretty /run/systemd/io.systemd.PCRLock io.systemd.PCRLock.ReadEventLog '{}'
rm "$img" /tmp/pcrlockpwd
+
+# For issue #35746
+for _ in {0..10}; do
+ run0 /usr/lib/systemd/systemd-pcrlock
+done

36
0148-test-Make-sure-we-run-lcov-from-the-meson-source-dir.patch Normal file
View File

@ -0,0 +1,36 @@
From 030cf80fe55443e12d8ae34f44c2faf5991acf04 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 22 Jan 2025 14:55:45 +0100
Subject: [PATCH] test: Make sure we run lcov from the meson source directory
In ac75c5192797082c1965ab30be4711490f2937bc, we accidentally changed
the working directory that the tools executed in the wrapper script
are invoked in. This broke our invocations of lcov. Let's explicitly
run those in the meson source directory again to fix the coverage
workflow.
(cherry picked from commit d3d501e94930c3865f13c881a23980941cce079f)
---
test/integration-test-wrapper.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py
index cc6e9656fd..79348bbf62 100755
--- a/test/integration-test-wrapper.py
+++ b/test/integration-test-wrapper.py
@@ -326,6 +326,7 @@ def process_coverage(args: argparse.Namespace, summary: Summary, name: str, jour
'--quiet',
],
check=True,
+ cwd=os.fspath(args.meson_source_dir),
) # fmt: skip
subprocess.run(
@@ -338,6 +339,7 @@ def process_coverage(args: argparse.Namespace, summary: Summary, name: str, jour
'--quiet',
],
check=True,
+ cwd=os.fspath(args.meson_source_dir),
) # fmt: skip
Path(f'{output}.new').unlink()

41
0149-mkosi-Run-two-more-mkosi-commands-with-sudo.patch Normal file
View File

@ -0,0 +1,41 @@
From 3534e70879ea52d43a4ef048c62d8e09812d4757 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 22 Jan 2025 22:24:36 +0100
Subject: [PATCH] mkosi: Run two more mkosi commands with sudo
Running some mkosi commands as root and other not can lead to cache
invalidations with the latest version, so make sure we run everything
as root after we've built the tools tree.
(cherry picked from commit 007d255d870bee37db03da1875c0387598bdedde)
---
.github/workflows/coverage.yml | 2 +-
.github/workflows/mkosi.yml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index c98ec27385..e337cc55d1 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -139,7 +139,7 @@ jobs:
sudo --preserve-env mkosi sandbox lcov --ignore-errors inconsistent,inconsistent "${lcov_args[@]}" --output-file build/test/coverage/everything.coverage-info
- name: List coverage report
- run: mkosi sandbox lcov --ignore-errors inconsistent,inconsistent --list build/test/coverage/everything.coverage-info
+ run: sudo mkosi sandbox lcov --ignore-errors inconsistent,inconsistent --list build/test/coverage/everything.coverage-info
- name: Coveralls
uses: coverallsapp/github-action@cfd0633edbd2411b532b808ba7a8b5e04f76d2c8
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index 47a43c689f..c589a0c1fa 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -204,7 +204,7 @@ jobs:
- name: Run integration tests
run: |
- if [[ "$(mkosi sandbox meson test --help)" == *"--max-lines"* ]]; then
+ if [[ "$(sudo mkosi sandbox meson test --help)" == *"--max-lines"* ]]; then
MAX_LINES=(--max-lines 300)
else
MAX_LINES=()

148
0150-mkosi-Update-to-latest.patch Normal file
View File

@ -0,0 +1,148 @@
From e71c0f76014147fbc7db58b3df260ffc455151a0 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 22 Jan 2025 15:58:13 +0100
Subject: [PATCH] mkosi: Update to latest
With the latest mkosi, mkosi takes care of making sure it is
available within mkosi sandbox so we get rid of all the --preserve-env=
options when we invoke mkosi sandbox with sudo as these are not
required anymore. It also doesn't matter anymore if mkosi is installed
in /usr on the host so we get rid of the documentation around that as
well.
(cherry picked from commit 94558e6fc70b53bfa36707afd7e90ff1737194cf)
---
.github/workflows/coverage.yml | 19 ++++++++-----------
.github/workflows/mkosi.yml | 12 +++++-------
docs/HACKING.md | 9 ++++-----
3 files changed, 17 insertions(+), 23 deletions(-)
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index e337cc55d1..034c228828 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -16,7 +16,7 @@ jobs:
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- - uses: systemd/mkosi@00db6f1a12fb04ed9f837b40ff34f82fab4d4a03
+ - uses: systemd/mkosi@0df7ef3f404b211fbc8d856214929de10311ee22
# Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
# immediately, we remove the files in the background. However, we first move them to a different location
@@ -74,25 +74,23 @@ jobs:
run: mkosi summary
- name: Build tools tree
- run: sudo --preserve-env mkosi -f sandbox true
+ run: sudo mkosi -f sandbox true
- name: Configure meson
run: |
- sudo --preserve-env --preserve-env=PATH \
- mkosi sandbox \
+ sudo mkosi sandbox \
meson setup \
--buildtype=debugoptimized \
-Dintegration-tests=true \
build
- name: Build image
- run: sudo --preserve-env mkosi sandbox meson compile -C build mkosi
+ run: sudo mkosi sandbox meson compile -C build mkosi
- name: Initial coverage report
run: |
- sudo --preserve-env mkdir -p build/test/coverage
- sudo --preserve-env \
- mkosi sandbox \
+ sudo mkdir -p build/test/coverage
+ sudo mkosi sandbox \
lcov \
--directory build/mkosi.builddir/arch~rolling~x86-64 \
--capture \
@@ -106,8 +104,7 @@ jobs:
- name: Run integration tests
run: |
- sudo --preserve-env \
- mkosi sandbox \
+ sudo mkosi sandbox \
meson test \
-C build \
--no-rebuild \
@@ -136,7 +133,7 @@ jobs:
lcov_args+=(--add-tracefile "${file}")
done < <(find build/test/coverage -name "TEST-*.coverage-info")
- sudo --preserve-env mkosi sandbox lcov --ignore-errors inconsistent,inconsistent "${lcov_args[@]}" --output-file build/test/coverage/everything.coverage-info
+ sudo mkosi sandbox lcov --ignore-errors inconsistent,inconsistent "${lcov_args[@]}" --output-file build/test/coverage/everything.coverage-info
- name: List coverage report
run: sudo mkosi sandbox lcov --ignore-errors inconsistent,inconsistent --list build/test/coverage/everything.coverage-info
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index c589a0c1fa..7a4c7b6d16 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -120,7 +120,7 @@ jobs:
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- - uses: systemd/mkosi@00db6f1a12fb04ed9f837b40ff34f82fab4d4a03
+ - uses: systemd/mkosi@0df7ef3f404b211fbc8d856214929de10311ee22
# Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
# immediately, we remove the files in the background. However, we first move them to a different location
@@ -188,19 +188,18 @@ jobs:
run: mkosi summary
- name: Build tools tree
- run: sudo --preserve-env mkosi -f sandbox true
+ run: sudo mkosi -f sandbox true
- name: Configure meson
run: |
- sudo --preserve-env --preserve-env=PATH \
- mkosi sandbox \
+ sudo mkosi sandbox \
meson setup \
--buildtype=debugoptimized \
-Dintegration-tests=true \
build
- name: Build image
- run: sudo --preserve-env mkosi sandbox meson compile -C build mkosi
+ run: sudo mkosi sandbox meson compile -C build mkosi
- name: Run integration tests
run: |
@@ -210,8 +209,7 @@ jobs:
MAX_LINES=()
fi
- sudo --preserve-env \
- mkosi sandbox \
+ sudo mkosi sandbox \
env \
TEST_PREFER_QEMU=${{ matrix.vm }} \
TEST_SKIP=${{ matrix.skip }} \
diff --git a/docs/HACKING.md b/docs/HACKING.md
index fb9eea47f0..b13280f28d 100644
--- a/docs/HACKING.md
+++ b/docs/HACKING.md
@@ -31,11 +31,10 @@ and allows building and booting an OS image with the latest systemd installed
for testing purposes.
First, install `mkosi` from the
-[GitHub repository](https://github.com/systemd/mkosi#running-mkosi-from-the-repository).
-Note that it's not possible to use your distribution's packaged version of mkosi
-as mkosi has to be installed outside of `/usr` for the following steps to work. When
-installing mkosi from the github repository, make sure to symlink it to `~/.local/bin`
-instead of `/usr/local/bin` if you want to add it to your `$PATH`.
+[GitHub repository](https://github.com/systemd/mkosi#running-mkosi-from-the-repository)
+or via your distribution's package manager. Note that systemd regularly adopts
+newer mkosi features that are not in an official release yet so there's a good
+chance that your distribution's packaged version of mkosi will be too old.
Then, you can build and run systemd executables as follows:

47
0151-mkosi-Add-back-preserve-env-when-running-integration.patch Normal file
View File

@ -0,0 +1,47 @@
From 286d0a946414723c335db88670d3b5104dfc805e Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 23 Jan 2025 10:35:06 +0100
Subject: [PATCH] mkosi: Add back --preserve-env when running integrationt
tests
The test wrapper script depends on various github actions environment
variables so let's make sure those are propagated.
(cherry picked from commit 6733b07d43f3524b66b5ab79a96cad192d2280fc)
---
.github/workflows/coverage.yml | 5 ++++-
.github/workflows/mkosi.yml | 5 ++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 034c228828..7fc7518dcc 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -104,7 +104,10 @@ jobs:
- name: Run integration tests
run: |
- sudo mkosi sandbox \
+ # --preserve-env makes sure all the github actions environment variables are propagated which are
+ # used in integration-test-wrapper.py to construct the `gh` command line to download the journals
+ # of failed tests.
+ sudo --preserve-env mkosi sandbox \
meson test \
-C build \
--no-rebuild \
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index 7a4c7b6d16..6f6df0ddf9 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -209,7 +209,10 @@ jobs:
MAX_LINES=()
fi
- sudo mkosi sandbox \
+ # --preserve-env makes sure all the github actions environment variables are propagated which are
+ # used in integration-test-wrapper.py to construct the `gh` command line to download the journals
+ # of failed tests.
+ sudo --preserve-env mkosi sandbox \
env \
TEST_PREFER_QEMU=${{ matrix.vm }} \
TEST_SKIP=${{ matrix.skip }} \

26
0152-mkosi-Drop-usage-of-_systemd_QUIET-in-arch-build-scr.patch Normal file
View File

@ -0,0 +1,26 @@
From d23f47d15d42252a84f010d53ffe1cd9b232cbca Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 24 Jan 2025 10:54:51 +0100
Subject: [PATCH] mkosi: Drop usage of _systemd_QUIET in arch build script
We dropped the variable in the packaging specs for Arch to keep the
integration points as minimal as possible so let's stop using it in
the build script as well.
(cherry picked from commit 8dab59e610720c022f962311069c95fd8569f82a)
---
mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot | 1 -
1 file changed, 1 deletion(-)
diff --git a/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot
index 202646f0ad..2a5b10251b 100755
--- a/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot
+++ b/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot
@@ -85,7 +85,6 @@ env --chdir="pkg/$PKG_SUBDIR" \
$( ((WITH_TESTS)) || echo --nocheck) \
--force \
_systemd_UPSTREAM=1 \
- _systemd_QUIET=$( ((MESON_VERBOSE)); echo $? ) \
BUILDDIR="$PWD/pkg/$PKG_SUBDIR" \
PKGDEST="$BUILDDIR" \
PKGEXT=".pkg.tar" \

41
0153-HACKING-Move-OBS-section-further-down.patch Normal file
View File

@ -0,0 +1,41 @@
From a9cbe3f23da52088fd60432d78cce1034b5a739b Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 24 Jan 2025 17:28:15 +0100
Subject: [PATCH] HACKING: Move OBS section further down
HACKING.md should first and foremost tell someone how to hack on
systemd, installing packages from OBS isn't the most likely section
a new contributor will be interested in, so let's move it further
down.
(cherry picked from commit 798b9fb7eb71ad127af49f5308f9e95de4e77fa8)
---
docs/HACKING.md | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/docs/HACKING.md b/docs/HACKING.md
index b13280f28d..afc4e49965 100644
--- a/docs/HACKING.md
+++ b/docs/HACKING.md
@@ -146,6 +146,21 @@ dnf downgrade "systemd*" # Fedora/CentOS
# TODO: Other distributions
```
+## Installing packages built from the main branch
+
+Packages for main distributions are built on the SUSE Open Build Service and
+repositories are published, so that they can be installed and upgraded easily.
+
+Instructions on how to add the repository for each supported distribution can
+[be found on OBS.](https://software.opensuse.org//download.html?project=system%3Asystemd&package=systemd)
+The `systemd-boot` file is signed for Secure Boot, the self-signed certificate
+can be downloaded for enrollment. For example, when using MOK Manager:
+
+```sh
+$ wget https://build.opensuse.org/projects/system:systemd/signing_keys/download?kind=ssl -O- | openssl x509 -inform pem -outform der -out obs.der
+$ run0 mokutil --import obs.der
+```
+
## Templating engines in .in files
Some source files are generated during build. We use two templating engines:

47
0154-docs-HACKING-use-run0-to-indicate-which-commands-req.patch Normal file
View File

@ -0,0 +1,47 @@
From 383e2e5a8b45bd7ee11bdfd26ddd44998da87fe3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 9 Dec 2024 20:24:34 +0100
Subject: [PATCH] docs/HACKING: use 'run0' to indicate which commands require
privileges
(cherry picked from commit 6ed73883c68304f6677ff342f457aad3c18ab6c6)
---
docs/HACKING.md | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/docs/HACKING.md b/docs/HACKING.md
index afc4e49965..15955f5b7a 100644
--- a/docs/HACKING.md
+++ b/docs/HACKING.md
@@ -49,7 +49,7 @@ To build and boot an OS image with the latest systemd installed:
```sh
$ mkosi -f genkey # Generate signing keys once.
$ mkosi -f sandbox meson compile -C build mkosi # (re-)build the OS image
-$ sudo mkosi boot # Boot the image with systemd-nspawn.
+$ run0 mkosi boot # Boot the image with systemd-nspawn.
$ mkosi vm # Boot the image with qemu.
```
@@ -132,17 +132,17 @@ To upgrade the systemd packages on the host system to the newer versions built
by mkosi, run the following:
```sh
-dnf upgrade build/mkosi.builddir/<distribution>~<release>~<architecture>/*.rpm # Fedora/CentOS
-apt-get install build/mkosi.builddir/<distribution>~<release>~<architecture>/*.deb # Debian/Ubuntu
-pacman --upgrade --needed --noconfirm build/mkosi.builddir/<distribution>~<release>~<architecture>/*.pkg.tar # Arch Linux
-zypper --non-interactive install --allow-unsigned-rpm build/mkosi.builddir/<distribution>~<release>~<architecture>/*.rpm # OpenSUSE
+run0 dnf upgrade build/mkosi.builddir/<distribution>~<release>~<architecture>/*.rpm # Fedora/CentOS
+run0 apt-get install build/mkosi.builddir/<distribution>~<release>~<architecture>/*.deb # Debian/Ubuntu
+run0 pacman --upgrade --needed --noconfirm build/mkosi.builddir/<distribution>~<release>~<architecture>/*.pkg.tar # Arch Linux
+run0 zypper --non-interactive install --allow-unsigned-rpm build/mkosi.builddir/<distribution>~<release>~<architecture>/*.rpm # OpenSUSE
```
To downgrade back to the old version shipped by the distribution, run the
following:
```sh
-dnf downgrade "systemd*" # Fedora/CentOS
+run0 dnf downgrade "systemd*" # Fedora/CentOS
# TODO: Other distributions
```

26
0155-HACKING-Drop-run0-from-mkosi-boot-invocation.patch Normal file
View File

@ -0,0 +1,26 @@
From 4d6c9f2278025f89dcd55861ba79a16f12af0010 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 24 Jan 2025 17:29:58 +0100
Subject: [PATCH] HACKING: Drop run0 from mkosi boot invocation
mkosi will itself use run0 or sudo when not running as root to invoke
systemd-nspawn, so no need to do it in HACKING.md.
(cherry picked from commit 1743f0370fd89d95a2fa89e8475f4b82a38f54c3)
---
docs/HACKING.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/HACKING.md b/docs/HACKING.md
index 15955f5b7a..e534a51335 100644
--- a/docs/HACKING.md
+++ b/docs/HACKING.md
@@ -49,7 +49,7 @@ To build and boot an OS image with the latest systemd installed:
```sh
$ mkosi -f genkey # Generate signing keys once.
$ mkosi -f sandbox meson compile -C build mkosi # (re-)build the OS image
-$ run0 mkosi boot # Boot the image with systemd-nspawn.
+$ mkosi boot # Boot the image with systemd-nspawn.
$ mkosi vm # Boot the image with qemu.
```

23
0156-boot-Improve-log-message.patch Normal file
View File

@ -0,0 +1,23 @@
From 05a135c36e164bbda708af99597742788ef4eeea Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Sat, 25 Jan 2025 20:42:54 +0100
Subject: [PATCH] boot: Improve log message
(cherry picked from commit ff83795469a20af02a9bf3285992128799b16302)
---
src/boot/boot.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/boot/boot.c b/src/boot/boot.c
index 4ef519d404..e0a30d0184 100644
--- a/src/boot/boot.c
+++ b/src/boot/boot.c
@@ -1396,7 +1396,7 @@ static EFI_STATUS boot_entry_bump_counters(BootEntry *entry) {
err = root->Open(root, &handle, old_path, EFI_FILE_MODE_READ|EFI_FILE_MODE_WRITE, 0ULL);
if (err != EFI_SUCCESS)
- return log_error_status(err, "Error opening boot entry: %m");
+ return log_error_status(err, "Error opening boot entry '%ls': %m", old_path);
err = get_file_info(handle, &file_info, &file_info_size);
if (err != EFI_SUCCESS)

51
0157-efivars-deal-with-uncommitted-efi-variables.patch Normal file
View File

@ -0,0 +1,51 @@
From 87df05b575bb42ce698ce0e44dcda23913a55e96 Mon Sep 17 00:00:00 2001
From: wrvsrx <wrvsrx@outlook.com>
Date: Sat, 7 Dec 2024 10:32:15 +0800
Subject: [PATCH] efivars: deal with uncommitted efi variables
Unfortunately kernel reports EOF if there's an inconsistency between efivarfs var list
and what's actually stored in firmware, c.f. #34304. A zero size env var is not allowed in
efi and hence the variable doesn't really exist in the backing store as long as it is zero
sized, and the kernel calls this "uncommitted". Hence we translate EOF back to ENOENT here,
as with kernel behavior before
https://github.com/torvalds/linux/commit/3fab70c165795431f00ddf9be8b84ddd07bd1f8f
If the kernel changes behaviour (to flush dentries on resume), we can drop
this at some point in the future. But note that the commit is 11
years old at this point so we'll need to deal with the current behaviour for
a long time.
Fix #34304.
(cherry picked from commit 6013dee98d6543ac290a2938c4ec8494e26531ab)
---
src/basic/efivars.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/src/basic/efivars.c b/src/basic/efivars.c
index 5e04c32212..1811f9e37e 100644
--- a/src/basic/efivars.c
+++ b/src/basic/efivars.c
@@ -96,6 +96,22 @@ int efi_get_variable(
(void) usleep_safe(EFI_RETRY_DELAY);
}
+ /* Unfortunately kernel reports EOF if there's an inconsistency between efivarfs var list
+ * and what's actually stored in firmware, c.f. #34304. A zero size env var is not allowed in
+ * efi and hence the variable doesn't really exist in the backing store as long as it is zero
+ * sized, and the kernel calls this "uncommitted". Hence we translate EOF back to ENOENT here,
+ * as with kernel behavior before
+ * https://github.com/torvalds/linux/commit/3fab70c165795431f00ddf9be8b84ddd07bd1f8f
+ *
+ * If the kernel changes behaviour (to flush dentries on resume), we can drop
+ * this at some point in the future. But note that the commit is 11
+ * years old at this point so we'll need to deal with the current behaviour for
+ * a long time.
+ */
+ if (n == 0)
+ return log_debug_errno(SYNTHETIC_ERRNO(ENOENT),
+ "EFI variable %s is uncommitted", p);
+
if (n != sizeof(a))
return log_debug_errno(SYNTHETIC_ERRNO(EIO),
"Read %zi bytes from EFI variable %s, expected %zu.", n, p, sizeof(a));

54
0158-core-device-do-not-drop-backslashes-in-SYSTEMD_WANTS.patch Normal file
View File

@ -0,0 +1,54 @@
From 0c1daafe41889f272c9e9d37f62614505a50f1d3 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 6 Jan 2025 17:26:52 +0900
Subject: [PATCH] core/device: do not drop backslashes in
SYSTEMD_WANTS=/SYSTEMD_USER_WANTS=
Let consider the following udev rules:
===
PROGRAM="/usr/bin/systemd-escape foo-bar-baz", ENV{SYSTEMD_WANTS}+="test1@$result.service"
PROGRAM="/usr/bin/systemd-escape aaa-bbb-ccc", ENV{SYSTEMD_WANTS}+="test2@$result.service"
===
Then, a device expectedly gains a property:
===
SYSTEMD_WANTS=test1@foo\x2dbar\x2dbaz.service test2@aaa\x2dbbb\x2dccc.service
===
After the event being processed by udevd, PID1 processes the device, the
property previously was parsed with extract_first_word(EXTRACT_UNQUOTE),
then the device unit gained the following dependencies:
===
Wants=test1@foox2dbarx2dbaz.service test2@aaax2dbbbx2dccc.service
===
So both '%i' and '%I' for the template services did not match with the original
data, and it was hard to use systemd-escape in PROGRAM= udev rule token.
This makes the property parsed with extract_first_word(EXTRACT_UNQUOTE|EXTRACT_RETAIN_ESCAPE),
hence the device unit now gains the following dependencies:
===
Wants=test1@foo\x2dbar\x2dbaz.service test2@aaa\x2dbbb\x2dccc.service
===
and '%I' for the template services match with the original data.
Fixes a bug caused by ceed8f0c8b9a46300eccd1afa2dd8d3c2cb6b47c (v233).
Fixes #16735.
Replaces #16737 and #35768.
(cherry picked from commit a467358b2a18b611e48e62ed89167a04e0f7634e)
---
src/core/device.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/device.c b/src/core/device.c
index a8921e91c3..196117daba 100644
--- a/src/core/device.c
+++ b/src/core/device.c
@@ -542,7 +542,7 @@ static int device_add_udev_wants(Unit *u, sd_device *dev) {
for (;;) {
_cleanup_free_ char *word = NULL, *k = NULL;
- r = extract_first_word(&wants, &word, NULL, EXTRACT_UNQUOTE);
+ r = extract_first_word(&wants, &word, NULL, EXTRACT_UNQUOTE | EXTRACT_RETAIN_ESCAPE);
if (r == 0)
break;
if (r == -ENOMEM)

138
0159-test-add-test-cases-for-parsing-SYSTEMD_WANTS-SYSTEM.patch Normal file
View File

@ -0,0 +1,138 @@
From 452482d95e814b96ad9c1b918110acefcc7d9357 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 6 Jan 2025 19:16:23 +0900
Subject: [PATCH] test: add test cases for parsing
SYSTEMD_WANTS=/SYSTEMD_USER_WANTS=
(cherry picked from commit 4c9da4dc91c6f875683a6c9fc00df19686f242cc)
---
src/test/test-extract-word.c | 43 ++++++++++++
.../TEST-17-UDEV.SYSTEMD_WANTS-escape.sh | 65 +++++++++++++++++++
2 files changed, 108 insertions(+)
create mode 100755 test/units/TEST-17-UDEV.SYSTEMD_WANTS-escape.sh
diff --git a/src/test/test-extract-word.c b/src/test/test-extract-word.c
index 1bc4088fb4..4c18a45231 100644
--- a/src/test/test-extract-word.c
+++ b/src/test/test-extract-word.c
@@ -547,6 +547,49 @@ TEST(extract_first_word) {
ASSERT_STREQ(t, "가너도루");
free(t);
assert_se(isempty(p));
+
+ /* For issue #16735. */
+ p = "test1@foo\\x2dbar\\x2dbaz.service test2@aaa\\x2dbbb\\x2dccc.service test3@escaped-path-like-data.service test4@/pure/path/like/data.service";
+ ASSERT_OK_POSITIVE(extract_first_word(&p, &t, NULL, EXTRACT_UNQUOTE));
+ ASSERT_STREQ(t, "test1@foox2dbarx2dbaz.service");
+ free(t);
+ ASSERT_OK_POSITIVE(extract_first_word(&p, &t, NULL, EXTRACT_UNQUOTE));
+ ASSERT_STREQ(t, "test2@aaax2dbbbx2dccc.service");
+ free(t);
+ ASSERT_OK_POSITIVE(extract_first_word(&p, &t, NULL, EXTRACT_UNQUOTE));
+ ASSERT_STREQ(t, "test3@escaped-path-like-data.service");
+ free(t);
+ ASSERT_OK_POSITIVE(extract_first_word(&p, &t, NULL, EXTRACT_UNQUOTE));
+ ASSERT_STREQ(t, "test4@/pure/path/like/data.service");
+ free(t);
+
+ p = "test1@foo\\x2dbar\\x2dbaz.service test2@aaa\\x2dbbb\\x2dccc.service test3@escaped-path-like-data.service test4@/pure/path/like/data.service";
+ ASSERT_OK_POSITIVE(extract_first_word(&p, &t, NULL, EXTRACT_UNQUOTE | EXTRACT_RETAIN_ESCAPE));
+ ASSERT_STREQ(t, "test1@foo\\x2dbar\\x2dbaz.service");
+ free(t);
+ ASSERT_OK_POSITIVE(extract_first_word(&p, &t, NULL, EXTRACT_UNQUOTE | EXTRACT_RETAIN_ESCAPE));
+ ASSERT_STREQ(t, "test2@aaa\\x2dbbb\\x2dccc.service");
+ free(t);
+ ASSERT_OK_POSITIVE(extract_first_word(&p, &t, NULL, EXTRACT_UNQUOTE | EXTRACT_RETAIN_ESCAPE));
+ ASSERT_STREQ(t, "test3@escaped-path-like-data.service");
+ free(t);
+ ASSERT_OK_POSITIVE(extract_first_word(&p, &t, NULL, EXTRACT_UNQUOTE | EXTRACT_RETAIN_ESCAPE));
+ ASSERT_STREQ(t, "test4@/pure/path/like/data.service");
+ free(t);
+
+ p = "test1@foo\\x2dbar\\x2dbaz.service test2@aaa\\x2dbbb\\x2dccc.service test3@escaped-path-like-data.service test4@/pure/path/like/data.service";
+ ASSERT_OK_POSITIVE(extract_first_word(&p, &t, NULL, EXTRACT_UNQUOTE | EXTRACT_CUNESCAPE));
+ ASSERT_STREQ(t, "test1@foo-bar-baz.service");
+ free(t);
+ ASSERT_OK_POSITIVE(extract_first_word(&p, &t, NULL, EXTRACT_UNQUOTE | EXTRACT_CUNESCAPE));
+ ASSERT_STREQ(t, "test2@aaa-bbb-ccc.service");
+ free(t);
+ ASSERT_OK_POSITIVE(extract_first_word(&p, &t, NULL, EXTRACT_UNQUOTE | EXTRACT_CUNESCAPE));
+ ASSERT_STREQ(t, "test3@escaped-path-like-data.service");
+ free(t);
+ ASSERT_OK_POSITIVE(extract_first_word(&p, &t, NULL, EXTRACT_UNQUOTE | EXTRACT_CUNESCAPE));
+ ASSERT_STREQ(t, "test4@/pure/path/like/data.service");
+ free(t);
}
TEST(extract_first_word_and_warn) {
diff --git a/test/units/TEST-17-UDEV.SYSTEMD_WANTS-escape.sh b/test/units/TEST-17-UDEV.SYSTEMD_WANTS-escape.sh
new file mode 100755
index 0000000000..709161aa64
--- /dev/null
+++ b/test/units/TEST-17-UDEV.SYSTEMD_WANTS-escape.sh
@@ -0,0 +1,65 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+# shellcheck disable=SC2317
+set -ex
+set -o pipefail
+
+# shellcheck source=test/units/util.sh
+. "$(dirname "$0")"/util.sh
+
+# This is a test case for #16735.
+
+IFNAME=test-netif-foo
+
+at_exit() {
+ set +e
+
+ rm -f /tmp/output-i /tmp/output-I
+
+ rm -rf /run/udev/rules.d/
+ udevadm control --reload
+
+ rm -f /run/systemd/system/test@.service
+ systemctl daemon-reload
+
+ ip link del "$IFNAME"
+}
+
+trap at_exit EXIT
+
+udevadm settle --timeout 30
+
+mkdir -p /run/systemd/system/
+cat >/run/systemd/system/test@.service <<EOF
+[Service]
+Type=oneshot
+ExecStart=bash -xec 'echo "i=%i" >/tmp/output-i; echo "I=/%I" >/tmp/output-I'
+RemainAfterExit=yes
+EOF
+
+systemctl daemon-reload
+
+mkdir -p /run/udev/rules.d/
+cat >/run/udev/rules.d/99-testsuite.rules <<EOF
+SUBSYSTEM=="net", KERNEL=="${IFNAME}", ACTION=="add", OPTIONS="log_level=debug", \
+ PROGRAM="/usr/bin/systemd-escape -p %S%p", ENV{SYSTEMD_WANTS}+="test@%c.service"
+EOF
+
+udevadm control --reload
+
+ip link add "$IFNAME" type dummy
+SYSPATH="/sys$(udevadm info --query=property --property DEVPATH --value "/sys/class/net/${IFNAME}")"
+ESCAPED=$(systemd-escape -p "${SYSPATH}")
+SHELL_ESCAPED=$(printf '%q' "${ESCAPED}")
+assert_eq "$(systemd-escape -u -p "${ESCAPED}")" "${SYSPATH}"
+
+udevadm wait --timeout 30 --settle "/sys/class/net/${IFNAME}"
+assert_eq "$(udevadm info --query=property --property SYSTEMD_WANTS --value "/sys/class/net/${IFNAME}")" "test@${ESCAPED}.service"
+# The value shown by systemctl is doubly escaped and quoted.
+assert_eq "$(systemctl show -p Wants --value "${ESCAPED}.device")" "\"test@${SHELL_ESCAPED}.service\""
+
+timeout 30 bash -c 'until [[ -s /tmp/output-i ]] && [[ -s /tmp/output-I ]]; do sleep .5; done'
+assert_eq "$(cat /tmp/output-i)" "i=${ESCAPED}"
+assert_eq "$(cat /tmp/output-I)" "I=${SYSPATH}"
+
+exit 0

56
0160-process-util-do-not-unblock-unrelated-signals-while-.patch Normal file
View File

@ -0,0 +1,56 @@
From 29ac2b6515d2eecfaec95b98f0bf5ce8c2881669 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 9 Jan 2025 11:15:49 +0100
Subject: [PATCH] process-util: do not unblock unrelated signals while forking
This makes sure when we are blocking signals in preparation for fork()
we'll not temporarily unblock any signals previously set, by mistake.
It's safe for us to block more, but not to unblock signals already
blocked. Fix that.
Fixes: #35470
(cherry picked from commit 78933625084b11c495c073fc7c34067315a1da50)
---
src/basic/process-util.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/basic/process-util.c b/src/basic/process-util.c
index 3253a9c3fb..18fbadf175 100644
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@@ -1423,11 +1423,6 @@ int must_be_root(void) {
return log_error_errno(SYNTHETIC_ERRNO(EPERM), "Need to be root.");
}
-static void restore_sigsetp(sigset_t **ssp) {
- if (*ssp)
- (void) sigprocmask(SIG_SETMASK, *ssp, NULL);
-}
-
pid_t clone_with_nested_stack(int (*fn)(void *), int flags, void *userdata) {
size_t ps;
pid_t pid;
@@ -1467,6 +1462,11 @@ pid_t clone_with_nested_stack(int (*fn)(void *), int flags, void *userdata) {
return pid;
}
+static void restore_sigsetp(sigset_t **ssp) {
+ if (*ssp)
+ (void) sigprocmask(SIG_SETMASK, *ssp, NULL);
+}
+
static int fork_flags_to_signal(ForkFlags flags) {
return (flags & FORK_DEATHSIG_SIGTERM) ? SIGTERM :
(flags & FORK_DEATHSIG_SIGINT) ? SIGINT :
@@ -1519,8 +1519,8 @@ int safe_fork_full(
}
if (block_signals) {
- if (sigprocmask(SIG_SETMASK, &ss, &saved_ss) < 0)
- return log_full_errno(prio, errno, "Failed to set signal mask: %m");
+ if (sigprocmask(SIG_BLOCK, &ss, &saved_ss) < 0)
+ return log_full_errno(prio, errno, "Failed to block signal mask: %m");
saved_ssp = &saved_ss;
}

37
0161-stub-drop-PE-sections-parsing-cap.patch Normal file
View File

@ -0,0 +1,37 @@
From 95184817cb3ac3d3d2582496ccbfc3802cc0f245 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Fri, 10 Jan 2025 21:02:55 +0000
Subject: [PATCH] stub: drop PE sections parsing cap
This was added originally as it was thought that Windows applied
the same cap. Nowadays the specs do not mention it, and it is
believed Windows no longer applies it either, so drop it in order
to allow an arbitrary number of DTBs to be included
Fixes https://github.com/systemd/systemd/issues/35943
(cherry picked from commit 8c5b359579b0f1029edafb0bd96b5ebfb271db76)
---
src/boot/pe.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/boot/pe.c b/src/boot/pe.c
index 69b42faff5..f3217abd22 100644
--- a/src/boot/pe.c
+++ b/src/boot/pe.c
@@ -7,7 +7,6 @@
#define DOS_FILE_MAGIC "MZ"
#define PE_FILE_MAGIC "PE\0\0"
-#define MAX_SECTIONS 96
#if defined(__i386__)
# define TARGET_MACHINE_TYPE 0x014CU
@@ -132,7 +131,6 @@ static bool verify_pe(
(pe->FileHeader.Machine == TARGET_MACHINE_TYPE ||
(allow_compatibility && pe->FileHeader.Machine == TARGET_MACHINE_TYPE_COMPATIBILITY)) &&
pe->FileHeader.NumberOfSections > 0 &&
- pe->FileHeader.NumberOfSections <= MAX_SECTIONS &&
IN_SET(pe->OptionalHeader.Magic, OPTHDR32_MAGIC, OPTHDR64_MAGIC) &&
pe->FileHeader.SizeOfOptionalHeader < SIZE_MAX - (dos->ExeHeader + offsetof(PeFileHeader, OptionalHeader));
}

51
0162-bus-wait-for-jobs-fix-service-result-table.patch Normal file
View File

@ -0,0 +1,51 @@
From 13ce2fd65cc2c8b8f269b9e16c576b9b493754ba Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 14 Jan 2025 13:56:58 +0100
Subject: [PATCH] bus-wait-for-jobs: fix service result table
We were missing one service result (oom-kill), and the ratelimit one is
called differently. Correct that so that we generate proper log messages
for these cases.
(cherry picked from commit a7620f5dd16f0386b8ddeadfcd4e89da4050beef)
---
src/shared/bus-wait-for-jobs.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/src/shared/bus-wait-for-jobs.c b/src/shared/bus-wait-for-jobs.c
index e12189f298..f28b42b563 100644
--- a/src/shared/bus-wait-for-jobs.c
+++ b/src/shared/bus-wait-for-jobs.c
@@ -161,14 +161,15 @@ static void log_job_error_with_service_result(const char* service, const char *r
static const struct {
const char *result, *explanation;
} explanations[] = {
- { "resources", "of unavailable resources or another system error" },
- { "protocol", "the service did not take the steps required by its unit configuration" },
- { "timeout", "a timeout was exceeded" },
- { "exit-code", "the control process exited with error code" },
- { "signal", "a fatal signal was delivered to the control process" },
- { "core-dump", "a fatal signal was delivered causing the control process to dump core" },
- { "watchdog", "the service failed to send watchdog ping" },
- { "start-limit", "start of the service was attempted too often" },
+ { "resources", "of unavailable resources or another system error" },
+ { "protocol", "the service did not take the steps required by its unit configuration" },
+ { "timeout", "a timeout was exceeded" },
+ { "exit-code", "the control process exited with error code" },
+ { "signal", "a fatal signal was delivered to the control process" },
+ { "core-dump", "a fatal signal was delivered causing the control process to dump core" },
+ { "watchdog", "the service failed to send watchdog ping" },
+ { "start-limit-hit", "start of the service was attempted too often" },
+ { "oom-kill", "of an out-of-memory (OOM) siutation" },
};
_cleanup_free_ char *service_shell_quoted = NULL;
@@ -205,7 +206,7 @@ static void log_job_error_with_service_result(const char* service, const char *r
extra:
/* For some results maybe additional explanation is required */
- if (streq_ptr(result, "start-limit"))
+ if (streq_ptr(result, "start-limit-hit"))
log_info("To force a start use \"%1$s reset-failed %2$s\"\n"
"followed by \"%1$s start %2$s\" again.",
systemctl,

28
0163-man-also-fix-documentation-of-start-limit-hit.patch Normal file
View File

@ -0,0 +1,28 @@
From a3474965b68c1bc4b3e137eee03408f2a577b2a1 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 14 Jan 2025 14:04:52 +0100
Subject: [PATCH] man: also fix documentation of start-limit-hit
(cherry picked from commit 390dffb862af5791a33abef08011f87818249975)
---
man/org.freedesktop.systemd1.xml | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml
index 9cd6a69311..ec38613da0 100644
--- a/man/org.freedesktop.systemd1.xml
+++ b/man/org.freedesktop.systemd1.xml
@@ -4818,9 +4818,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
code. <literal>signal</literal> indicates that a service process exited with an uncaught
signal. <literal>core-dump</literal> indicates that a service process exited uncleanly and dumped
core. <literal>watchdog</literal> indicates that a service did not send out watchdog ping messages
- often enough. <literal>start-limit</literal> indicates that a service has been started too frequently
- in a specific time frame (as configured in <varname>StartLimitInterval</varname>,
- <varname>StartLimitBurst</varname>).</para>
+ often enough. <literal>start-limit-hit</literal> indicates that a service has been started too
+ frequently in a specific time frame (as configured in <varname>StartLimitInterval</varname>,
+ <varname>StartLimitBurst</varname>). <literal>oom-kill</literal> indicates that a service was
+ terminated due to an out-of-memory (OOM) situation.</para>
<para><varname>ControlGroup</varname> indicates the control group path the processes of this service
unit are placed in.</para>

36
0164-varlink-fix-error-name.patch Normal file
View File

@ -0,0 +1,36 @@
From d912615408d4fb351a6add62b40cfa511e2e760a Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 21 Jan 2025 18:34:21 +0100
Subject: [PATCH] varlink: fix error name
The documentation and code agree on the same name, since always, but
when I put together the IDL I made a mistake and insert a "Not" that
wasn't supposed to be there.
Let's correct that.
(cherry picked from commit bd9553d6775a954704f0e37bf3b54b98212f4b0f)
---
src/shared/varlink-io.systemd.UserDatabase.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/shared/varlink-io.systemd.UserDatabase.c b/src/shared/varlink-io.systemd.UserDatabase.c
index 3dc72c0257..a9484484e3 100644
--- a/src/shared/varlink-io.systemd.UserDatabase.c
+++ b/src/shared/varlink-io.systemd.UserDatabase.c
@@ -32,7 +32,7 @@ static SD_VARLINK_DEFINE_METHOD_FULL(
static SD_VARLINK_DEFINE_ERROR(NoRecordFound);
static SD_VARLINK_DEFINE_ERROR(BadService);
static SD_VARLINK_DEFINE_ERROR(ServiceNotAvailable);
-static SD_VARLINK_DEFINE_ERROR(ConflictingRecordNotFound);
+static SD_VARLINK_DEFINE_ERROR(ConflictingRecordFound);
static SD_VARLINK_DEFINE_ERROR(EnumerationNotSupported);
/* As per https://systemd.io/USER_GROUP_API/ */
@@ -45,5 +45,5 @@ SD_VARLINK_DEFINE_INTERFACE(
&vl_error_NoRecordFound,
&vl_error_BadService,
&vl_error_ServiceNotAvailable,
- &vl_error_ConflictingRecordNotFound,
+ &vl_error_ConflictingRecordFound,
&vl_error_EnumerationNotSupported);

34
0165-core-job-never-consider-reload-jobs-redundant.patch Normal file
View File

@ -0,0 +1,34 @@
From 1e7b1ce928f2fd62ac63299851124aaf977f48d4 Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Wed, 22 Jan 2025 19:36:27 +0100
Subject: [PATCH] core/job: never consider reload jobs redundant
Follow-up for 656bbffc6c45bdd8d5c28a96ca948ba16c546547
The commit reworked job merging logic so that reload jobs
won't get merged. However, they might get dropped from
transaction due to being deemed redundant, i.e. way before
it even hits job_install(). Let's make sure reload jobs
are always kept during transaction construction stage, too.
(cherry picked from commit 7b940d8de91aeba6fa171eb42b690fa95641f29e)
---
src/core/job.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/core/job.c b/src/core/job.c
index 8fbbe757fe..c6c736cc6f 100644
--- a/src/core/job.c
+++ b/src/core/job.c
@@ -448,9 +448,8 @@ bool job_type_is_redundant(JobType a, UnitActiveState b) {
return IN_SET(b, UNIT_ACTIVE, UNIT_RELOADING, UNIT_REFRESHING);
case JOB_RELOAD:
- return
- b == UNIT_RELOADING;
-
+ /* Reload jobs are never consider redundant/duplicate. Refer jobs_may_late_merge() for
+ * a detailed justification. */
case JOB_RESTART:
/* Restart jobs must always be kept.
*

30
0166-mount-util-make-path_get_mount_info_at-also-read-uta.patch Normal file
View File

@ -0,0 +1,30 @@
From 9f3fba48e44d7145f49da581faa8ca99d94d9b67 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 25 Jan 2025 02:35:21 +0900
Subject: [PATCH] mount-util: make path_get_mount_info_at() also read utab
As "_netdev" is only stored in utab.
Fixes a bug introduced by 5261c521e3a98932241f36e91cf6f7823c578aca.
Fixes #35949.
(cherry picked from commit 22f980dd0b04e65dbdc2fca9c653119459a2c52f)
---
src/shared/mount-util.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/shared/mount-util.c b/src/shared/mount-util.c
index 576f7e83aa..35b1049531 100644
--- a/src/shared/mount-util.c
+++ b/src/shared/mount-util.c
@@ -1824,7 +1824,9 @@ static int path_get_mount_info_at(
if (r < 0)
return log_debug_errno(r, "Failed to get mount ID: %m");
- r = libmount_parse("/proc/self/mountinfo", NULL, &table, &iter);
+ /* When getting options is requested, do not pass filename, otherwise utab will not read, and
+ * userspace options like "_netdev" will be lost. */
+ r = libmount_parse(ret_options ? NULL : "/proc/self/mountinfo", /* source = */ NULL, &table, &iter);
if (r < 0)
return log_debug_errno(r, "Failed to parse /proc/self/mountinfo: %m");

81
0167-machine-revert-type-change-of-leader-in-io.systemd.M.patch Normal file
View File

@ -0,0 +1,81 @@
From 53301422a29b5610655f9c1587456064af1a3e80 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 25 Jan 2025 04:05:51 +0900
Subject: [PATCH] machine: revert type change of "leader" in
io.systemd.Machine.Register method
The varlink method io.systemd.Machine.Register() is in v256, hence type
of "leader" cannot be changed.
Let's revert the change by 755cb018c9b3e93245afb86ec94223756ddd70e4, and
introduce another field "leaderProcessId", which takes detailed information
of the process.
Fixes a regression caused by 755cb018c9b3e93245afb86ec94223756ddd70e4.
Fixes #36155.
(cherry picked from commit 465865146657ad3b2a59f618e5e8a529b08561bd)
---
src/machine/machine-varlink.c | 5 +++++
src/shared/varlink-io.systemd.Machine.c | 25 ++++++++++++++-----------
2 files changed, 19 insertions(+), 11 deletions(-)
diff --git a/src/machine/machine-varlink.c b/src/machine/machine-varlink.c
index 8ad3c87469..0566cb8bba 100644
--- a/src/machine/machine-varlink.c
+++ b/src/machine/machine-varlink.c
@@ -57,6 +57,10 @@ static int machine_leader(const char *name, sd_json_variant *variant, sd_json_di
if (temp.pid == 1) /* refuse PID 1 */
return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid leader PID.", strna(name));
+ /* When both leader and leaderProcessId are specified, they must be consistent with each other. */
+ if (pidref_is_set(leader) && !pidref_equal(leader, &temp))
+ return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' conflicts with already dispatched leader PID.", strna(name));
+
pidref_done(leader);
*leader = TAKE_PIDREF(temp);
@@ -128,6 +132,7 @@ int vl_method_register(sd_varlink *link, sd_json_variant *parameters, sd_varlink
{ "service", SD_JSON_VARIANT_STRING, sd_json_dispatch_string, offsetof(Machine, service), 0 },
{ "class", SD_JSON_VARIANT_STRING, dispatch_machine_class, offsetof(Machine, class), SD_JSON_MANDATORY },
{ "leader", _SD_JSON_VARIANT_TYPE_INVALID, machine_leader, offsetof(Machine, leader), SD_JSON_STRICT },
+ { "leaderProcessId", SD_JSON_VARIANT_OBJECT, machine_leader, offsetof(Machine, leader), SD_JSON_STRICT },
{ "rootDirectory", SD_JSON_VARIANT_STRING, json_dispatch_path, offsetof(Machine, root_directory), 0 },
{ "ifIndices", SD_JSON_VARIANT_ARRAY, machine_ifindices, 0, 0 },
{ "vSockCid", _SD_JSON_VARIANT_TYPE_INVALID, machine_cid, offsetof(Machine, vsock_cid), 0 },
diff --git a/src/shared/varlink-io.systemd.Machine.c b/src/shared/varlink-io.systemd.Machine.c
index 83a20f4f0e..dff4df324e 100644
--- a/src/shared/varlink-io.systemd.Machine.c
+++ b/src/shared/varlink-io.systemd.Machine.c
@@ -30,18 +30,21 @@ static SD_VARLINK_DEFINE_STRUCT_TYPE(
static SD_VARLINK_DEFINE_METHOD(
Register,
- SD_VARLINK_DEFINE_INPUT(name, SD_VARLINK_STRING, 0),
- SD_VARLINK_DEFINE_INPUT(id, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
- SD_VARLINK_DEFINE_INPUT(service, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
- SD_VARLINK_DEFINE_INPUT(class, SD_VARLINK_STRING, 0),
- SD_VARLINK_DEFINE_INPUT_BY_TYPE(leader, ProcessId, SD_VARLINK_NULLABLE),
- SD_VARLINK_DEFINE_INPUT(rootDirectory, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
- SD_VARLINK_DEFINE_INPUT(ifIndices, SD_VARLINK_INT, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
- SD_VARLINK_DEFINE_INPUT(vSockCid, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
- SD_VARLINK_DEFINE_INPUT(sshAddress, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
- SD_VARLINK_DEFINE_INPUT(sshPrivateKeyPath, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
+ SD_VARLINK_DEFINE_INPUT(name, SD_VARLINK_STRING, 0),
+ SD_VARLINK_DEFINE_INPUT(id, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
+ SD_VARLINK_DEFINE_INPUT(service, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
+ SD_VARLINK_DEFINE_INPUT(class, SD_VARLINK_STRING, 0),
+ SD_VARLINK_FIELD_COMMENT("The leader PID as simple positive integer."),
+ SD_VARLINK_DEFINE_INPUT(leader, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
+ SD_VARLINK_FIELD_COMMENT("The leader PID as ProcessId structure. If both the leader and leaderProcessId parameters are specified they must reference the same process. Typically one would only specify one or the other however. It's generally recommended to specify leaderProcessId as it references a process in a robust way without risk of identifier recycling."),
+ SD_VARLINK_DEFINE_INPUT_BY_TYPE(leaderProcessId, ProcessId, SD_VARLINK_NULLABLE),
+ SD_VARLINK_DEFINE_INPUT(rootDirectory, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
+ SD_VARLINK_DEFINE_INPUT(ifIndices, SD_VARLINK_INT, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
+ SD_VARLINK_DEFINE_INPUT(vSockCid, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
+ SD_VARLINK_DEFINE_INPUT(sshAddress, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
+ SD_VARLINK_DEFINE_INPUT(sshPrivateKeyPath, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Controls whether to allocate a scope unit for the machine to register. If false, the client already took care of that and registered a service/scope specific to the machine."),
- SD_VARLINK_DEFINE_INPUT(allocateUnit, SD_VARLINK_BOOL, SD_VARLINK_NULLABLE),
+ SD_VARLINK_DEFINE_INPUT(allocateUnit, SD_VARLINK_BOOL, SD_VARLINK_NULLABLE),
VARLINK_DEFINE_POLKIT_INPUT);
static SD_VARLINK_DEFINE_METHOD(

137
0168-resolved-do-not-disable-mdns-llmnr-globally-if-it-s-.patch Normal file
View File

@ -0,0 +1,137 @@
From 7addd42c2e01a6b94c9c9dccece74387c9f18344 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 25 Jan 2025 04:48:00 +0900
Subject: [PATCH] resolved: do not disable mdns/llmnr globally if it's enabled
on any link
Fixes a regression caused by 2976730a4d34749bfb7a88da341464f1834ab1c6.
Fixes #36078.
Fixes #36126.
Co-authored-by: Luca Boccassi <luca.boccassi@gmail.com>
(cherry picked from commit 962b757d9b62e42df2513577d717d730b619c80c)
---
src/resolve/resolved-link.c | 7 ++-----
src/resolve/resolved-llmnr.c | 13 +++++++++++++
src/resolve/resolved-llmnr.h | 1 +
src/resolve/resolved-manager.c | 6 ++++++
src/resolve/resolved-mdns.c | 13 +++++++++++++
src/resolve/resolved-mdns.h | 1 +
6 files changed, 36 insertions(+), 5 deletions(-)
diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c
index 067a0813ec..928137b967 100644
--- a/src/resolve/resolved-link.c
+++ b/src/resolve/resolved-link.c
@@ -651,16 +651,13 @@ int link_update(Link *l) {
r = manager_llmnr_start(l->manager);
if (r < 0)
return r;
- } else
- manager_llmnr_stop(l->manager);
-
+ }
if (link_get_mdns_support(l) != RESOLVE_SUPPORT_NO) {
r = manager_mdns_start(l->manager);
if (r < 0)
return r;
- } else
- manager_mdns_stop(l->manager);
+ }
link_allocate_scopes(l);
link_add_rrs(l, false);
diff --git a/src/resolve/resolved-llmnr.c b/src/resolve/resolved-llmnr.c
index 9469bdac86..abb9c46960 100644
--- a/src/resolve/resolved-llmnr.c
+++ b/src/resolve/resolved-llmnr.c
@@ -25,6 +25,19 @@ void manager_llmnr_stop(Manager *m) {
m->llmnr_ipv6_tcp_fd = safe_close(m->llmnr_ipv6_tcp_fd);
}
+void manager_llmnr_maybe_stop(Manager *m) {
+ assert(m);
+
+ /* This stops LLMNR only when no interface enables LLMNR. */
+
+ Link *l;
+ HASHMAP_FOREACH(l, m->links)
+ if (link_get_llmnr_support(l) != RESOLVE_SUPPORT_NO)
+ return;
+
+ manager_llmnr_stop(m);
+}
+
int manager_llmnr_start(Manager *m) {
int r;
diff --git a/src/resolve/resolved-llmnr.h b/src/resolve/resolved-llmnr.h
index 4cdd2606e6..358201b5df 100644
--- a/src/resolve/resolved-llmnr.h
+++ b/src/resolve/resolved-llmnr.h
@@ -11,4 +11,5 @@ int manager_llmnr_ipv4_tcp_fd(Manager *m);
int manager_llmnr_ipv6_tcp_fd(Manager *m);
void manager_llmnr_stop(Manager *m);
+void manager_llmnr_maybe_stop(Manager *m);
int manager_llmnr_start(Manager *m);
diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
index dbaad81734..5ec946717f 100644
--- a/src/resolve/resolved-manager.c
+++ b/src/resolve/resolved-manager.c
@@ -105,6 +105,9 @@ static int manager_process_link(sd_netlink *rtnl, sd_netlink_message *mm, void *
break;
}
+ /* Now check all the links, and if mDNS/llmr are disabled everywhere, stop them globally too. */
+ manager_llmnr_maybe_stop(m);
+ manager_mdns_maybe_stop(m);
return 0;
fail:
@@ -287,6 +290,9 @@ static int on_network_event(sd_event_source *s, int fd, uint32_t revents, void *
(void) manager_write_resolv_conf(m);
(void) manager_send_changed(m, "DNS");
+ /* Now check all the links, and if mDNS/llmr are disabled everywhere, stop them globally too. */
+ manager_llmnr_maybe_stop(m);
+ manager_mdns_maybe_stop(m);
return 0;
}
diff --git a/src/resolve/resolved-mdns.c b/src/resolve/resolved-mdns.c
index 7e9bb693af..4e6aade726 100644
--- a/src/resolve/resolved-mdns.c
+++ b/src/resolve/resolved-mdns.c
@@ -22,6 +22,19 @@ void manager_mdns_stop(Manager *m) {
m->mdns_ipv6_fd = safe_close(m->mdns_ipv6_fd);
}
+void manager_mdns_maybe_stop(Manager *m) {
+ assert(m);
+
+ /* This stops mDNS only when no interface enables mDNS. */
+
+ Link *l;
+ HASHMAP_FOREACH(l, m->links)
+ if (link_get_mdns_support(l) != RESOLVE_SUPPORT_NO)
+ return;
+
+ manager_mdns_stop(m);
+}
+
int manager_mdns_start(Manager *m) {
int r;
diff --git a/src/resolve/resolved-mdns.h b/src/resolve/resolved-mdns.h
index 38ef1808df..c52bce1069 100644
--- a/src/resolve/resolved-mdns.h
+++ b/src/resolve/resolved-mdns.h
@@ -10,4 +10,5 @@ int manager_mdns_ipv4_fd(Manager *m);
int manager_mdns_ipv6_fd(Manager *m);
void manager_mdns_stop(Manager *m);
+void manager_mdns_maybe_stop(Manager *m);
int manager_mdns_start(Manager *m);

52
0169-resolved-stop-mdns-llmnr-if-no-interface-request-it-.patch Normal file
View File

@ -0,0 +1,52 @@
From f74784cde741c73d6b2416830610c01ddbaaea0f Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 25 Jan 2025 04:48:00 +0900
Subject: [PATCH] resolved: stop mdns/llmnr if no interface request it after
bus method
(cherry picked from commit 269da24c5a3713bea1f1650334e23ce09f6136b2)
---
src/resolve/resolved-link-bus.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/resolve/resolved-link-bus.c b/src/resolve/resolved-link-bus.c
index 5e9e5bf17a..1c26dcbc66 100644
--- a/src/resolve/resolved-link-bus.c
+++ b/src/resolve/resolved-link-bus.c
@@ -14,6 +14,8 @@
#include "resolve-util.h"
#include "resolved-bus.h"
#include "resolved-link-bus.h"
+#include "resolved-llmnr.h"
+#include "resolved-mdns.h"
#include "resolved-resolv-conf.h"
#include "socket-netlink.h"
#include "stdio-util.h"
@@ -517,6 +519,8 @@ int bus_link_method_set_llmnr(sd_bus_message *message, void *userdata, sd_bus_er
(void) link_save_user(l);
+ manager_llmnr_maybe_stop(l->manager);
+
log_link_info(l, "Bus client set LLMNR setting: %s", resolve_support_to_string(mode));
}
@@ -567,6 +571,8 @@ int bus_link_method_set_mdns(sd_bus_message *message, void *userdata, sd_bus_err
(void) link_save_user(l);
+ manager_mdns_maybe_stop(l->manager);
+
log_link_info(l, "Bus client set MulticastDNS setting: %s", resolve_support_to_string(mode));
}
@@ -769,6 +775,9 @@ int bus_link_method_revert(sd_bus_message *message, void *userdata, sd_bus_error
(void) manager_write_resolv_conf(l->manager);
(void) manager_send_changed(l->manager, "DNS");
+ manager_llmnr_maybe_stop(l->manager);
+ manager_mdns_maybe_stop(l->manager);
+
return sd_bus_reply_method_return(message, NULL);
}

28
0170-man-fix-reference-to-non-existing-ukify-parameter.patch Normal file
View File

@ -0,0 +1,28 @@
From ab003df561f93b2d765e2e060a76187967c0ff57 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Fri, 24 Jan 2025 23:37:33 +0000
Subject: [PATCH] man: fix reference to non-existing ukify parameter
The --extend parameter was removed by https://github.com/systemd/systemd/pull/34608
and a --join-profile was added instead, fix leftover reference in manpage
Follow-up for 3891d57c4f768cb648e1a85483216eadae0b101e
(cherry picked from commit fd39606c258789d63a345feb6b492f6d2944d9a6)
---
man/ukify.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/man/ukify.xml b/man/ukify.xml
index c3b8d920d1..fc68d83772 100644
--- a/man/ukify.xml
+++ b/man/ukify.xml
@@ -453,7 +453,7 @@
<listitem><para>A path to a UKI profile to place in an <literal>.profile</literal> section. This
option is useful for creating multi-profile UKIs, and is typically used in combination with
- <option>--extend=</option>, to extend the specified UKI with an additional profile.</para>
+ <option>--join-profile=</option>, to extend the specified UKI with an additional profile.</para>
<xi:include href="version-info.xml" xpointer="v257"/></listitem>
</varlistentry>

23
0171-ukify-add-loongarch64-to-efi-arch.patch Normal file
View File

@ -0,0 +1,23 @@
From 44ae7b818567bd8c3f89f557a590453b7170c955 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Sat, 25 Jan 2025 01:19:53 +0000
Subject: [PATCH] ukify: add loongarch64 to --efi-arch
(cherry picked from commit abe0033556e2416a04bb23dc6d739c6d4dd37001)
---
src/ukify/ukify.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py
index be4e30eb8e..bfd00096db 100755
--- a/src/ukify/ukify.py
+++ b/src/ukify/ukify.py
@@ -1772,7 +1772,7 @@ CONFIG_ITEMS = [
ConfigItem(
'--efi-arch',
metavar='ARCH',
- choices=('ia32', 'x64', 'arm', 'aa64', 'riscv64'),
+ choices=('ia32', 'x64', 'arm', 'aa64', 'riscv64', 'loongarch32', 'loongarch64'),
help='target EFI architecture',
config_key='UKI/EFIArch',
),

25
0172-ukify-add-riscv32-to-efi-arch.patch Normal file
View File

@ -0,0 +1,25 @@
From 48537b312fa5dd6d2466d3cf3eeac2785d9ad650 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Sat, 25 Jan 2025 01:25:28 +0000
Subject: [PATCH] ukify: add riscv32 to --efi-arch
It is supported in the arch mapping at the top and in elf2efi, so add it here too
(cherry picked from commit d1429288ae4cf611ac3df6f604ddb4d6af480cf8)
---
src/ukify/ukify.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py
index bfd00096db..4919076098 100755
--- a/src/ukify/ukify.py
+++ b/src/ukify/ukify.py
@@ -1772,7 +1772,7 @@ CONFIG_ITEMS = [
ConfigItem(
'--efi-arch',
metavar='ARCH',
- choices=('ia32', 'x64', 'arm', 'aa64', 'riscv64', 'loongarch32', 'loongarch64'),
+ choices=('ia32', 'x64', 'arm', 'aa64', 'riscv32', 'riscv64', 'loongarch32', 'loongarch64'),
help='target EFI architecture',
config_key='UKI/EFIArch',
),

23
0173-tools-add-loongarch64-to-debug-sd-boot-script.patch Normal file
View File

@ -0,0 +1,23 @@
From d215c939f22834e54ece6ea6b27bf51a0f3932e1 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Sat, 25 Jan 2025 01:20:47 +0000
Subject: [PATCH] tools: add loongarch64 to debug-sd-boot script
(cherry picked from commit 829f57003d50634f28349f1ec6460421532ef318)
---
tools/debug-sd-boot.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/debug-sd-boot.sh b/tools/debug-sd-boot.sh
index 0420dbdab7..357b8a6feb 100755
--- a/tools/debug-sd-boot.sh
+++ b/tools/debug-sd-boot.sh
@@ -45,7 +45,7 @@ case "${BASH_REMATCH[1]}" in
ia32) arch="i386";;
x64) arch="i386:x86-64";;
aa64) arch="aarch64";;
- arm|riscv64) arch="${BASH_REMATCH[1]}";;
+ arm|riscv64|loongarch64) arch="${BASH_REMATCH[1]}";;
*)
echo "Unknown EFI arch '${BASH_REMATCH[1]}'."
exit 1

38
0174-systemctl-fix-memleak.patch Normal file
View File

@ -0,0 +1,38 @@
From 0240c4ac435ed8db413d83474dd8524e655dfb94 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 27 Jan 2025 04:17:27 +0900
Subject: [PATCH] systemctl: fix memleak
Fixes a bug introduced by adb6cd9be2b7e9e614d2b5835c7b70cf8eacc852.
Fixes #36178.
(cherry picked from commit 08570f284140752b9f0aad4dbcdff32c090a3661)
---
src/systemctl/systemctl-is-system-running.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/systemctl/systemctl-is-system-running.c b/src/systemctl/systemctl-is-system-running.c
index 59be6a7a7e..8d5303c2d8 100644
--- a/src/systemctl/systemctl-is-system-running.c
+++ b/src/systemctl/systemctl-is-system-running.c
@@ -66,6 +66,10 @@ int verb_is_system_running(int argc, char *argv[], void *userdata) {
}
if (arg_wait && STR_IN_SET(state, "initializing", "starting")) {
+ /* The signal handler will allocate memory and assign to 'state', hence need to free previous
+ * one before entering the event loop. */
+ state = mfree(state);
+
r = sd_event_loop(event);
if (r < 0) {
log_warning_errno(r, "Failed to get property from event loop: %m");
@@ -73,6 +77,8 @@ int verb_is_system_running(int argc, char *argv[], void *userdata) {
puts("unknown");
return EXIT_FAILURE;
}
+
+ assert(state);
}
if (!arg_quiet)

39
0175-random-util-fix-compilation-error.patch Normal file
View File

@ -0,0 +1,39 @@
From 8f2f04b7d4ce80d9908f93e9cb458c9e92b19108 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 16 Jan 2025 01:29:04 +0900
Subject: [PATCH] random-util: fix compilation error
Fixes the following error:
```
../src/basic/random-util.c: In function "fallback_random_bytes":
../src/basic/random-util.c:45:26: error: initializer-string for array of "char" is too long [-Werror=unterminated-string-initialization]
45 | .label = "systemd fallback random bytes v1",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
```
(cherry picked from commit e722fe74ca5e00d3c8a5f85342b75c40ace051f9)
---
src/basic/random-util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/basic/random-util.c b/src/basic/random-util.c
index 4069b290d5..7602d8c576 100644
--- a/src/basic/random-util.c
+++ b/src/basic/random-util.c
@@ -45,7 +45,6 @@ static void fallback_random_bytes(void *p, size_t n) {
uint8_t auxval[16];
} state = {
/* Arbitrary domain separation to prevent other usage of AT_RANDOM from clashing. */
- .label = "systemd fallback random bytes v1",
.call_id = fallback_counter++,
.stamp_mono = now(CLOCK_MONOTONIC),
.stamp_real = now(CLOCK_REALTIME),
@@ -53,6 +52,7 @@ static void fallback_random_bytes(void *p, size_t n) {
.tid = gettid(),
};
+ memcpy(state.label, "systemd fallback random bytes v1", sizeof(state.label));
#if HAVE_SYS_AUXV_H
memcpy(state.auxval, ULONG_TO_PTR(getauxval(AT_RANDOM)), sizeof(state.auxval));
#endif

37
0176-mkosi-Update-to-latest.patch Normal file
View File

@ -0,0 +1,37 @@
From 0f380605eb6f292c21af10f6688170a3508682f5 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 27 Jan 2025 11:26:13 +0100
Subject: [PATCH] mkosi: Update to latest
(cherry picked from commit b10a0a4ad69541a2cbae9df643c67c3292930a25)
---
.github/workflows/coverage.yml | 2 +-
.github/workflows/mkosi.yml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 7fc7518dcc..78e6e05b2c 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -16,7 +16,7 @@ jobs:
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- - uses: systemd/mkosi@0df7ef3f404b211fbc8d856214929de10311ee22
+ - uses: systemd/mkosi@0de0aa905625317ff10cc4b44ec9379a7aa65aa6
# Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
# immediately, we remove the files in the background. However, we first move them to a different location
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index 6f6df0ddf9..d662d65dad 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -120,7 +120,7 @@ jobs:
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- - uses: systemd/mkosi@0df7ef3f404b211fbc8d856214929de10311ee22
+ - uses: systemd/mkosi@0de0aa905625317ff10cc4b44ec9379a7aa65aa6
# Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
# immediately, we remove the files in the background. However, we first move them to a different location

25
0177-mkosi-Bump-minimum-version-to-25.patch Normal file
View File

@ -0,0 +1,25 @@
From dc979fd773a9c8a35845a319477cba23d56ec06e Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 27 Jan 2025 11:26:29 +0100
Subject: [PATCH] mkosi: Bump minimum version to 25
Let's require everyone to be on the now officially released mkosi 25.
(cherry picked from commit e9fb163857223da6ea020b0bfd12581e9ea707ae)
---
mkosi.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mkosi.conf b/mkosi.conf
index 559901dfff..63d36710ac 100644
--- a/mkosi.conf
+++ b/mkosi.conf
@@ -1,7 +1,7 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Config]
-MinimumVersion=25~devel
+MinimumVersion=25
Dependencies=
exitrd
initrd

22
0178-mkosi-Add-VCS_TAG-to-PassEnvironment.patch Normal file
View File

@ -0,0 +1,22 @@
From cb7cce72becdca8af6fff18b959c2ddf79e76337 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 27 Jan 2025 11:27:49 +0100
Subject: [PATCH] mkosi: Add VCS_TAG to PassEnvironment=
(cherry picked from commit 28f96afbbbc023ff9397ff8767d1faa1512abbc1)
---
mkosi.conf | 1 +
1 file changed, 1 insertion(+)
diff --git a/mkosi.conf b/mkosi.conf
index 63d36710ac..e4c866c9ba 100644
--- a/mkosi.conf
+++ b/mkosi.conf
@@ -23,6 +23,7 @@ PassEnvironment=
WITH_DEBUG
ASAN_OPTIONS
COVERAGE
+ VCS_TAG
[Output]
RepartDirectories=mkosi.repart

2
0111-ci-update-workflows-to-run-on-source-git-setup.patch → 0179-ci-update-workflows-to-run-on-source-git-setup.patch
View File

@ -1,4 +1,4 @@
From 5f07273cdf4b31f252ec05bf2eccd8c52f90bca0 Mon Sep 17 00:00:00 2001
From b82f93524a0585aad5f1f3851d600baafd05d9bd Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Thu, 16 May 2024 14:24:38 +0200
Subject: [PATCH] ci: update workflows to run on source-git setup

2
0112-ci-setup-source-git-automation.patch → 0180-ci-setup-source-git-automation.patch
View File

@ -1,4 +1,4 @@
From 3d94dd75b923d0bf1b0665baa292de6b4555aae9 Mon Sep 17 00:00:00 2001
From 91d616a5adec2c3b581c2bff5b712a248dfa4d5b Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Thu, 16 May 2024 14:36:04 +0200
Subject: [PATCH] ci: setup source-git automation

2
0113-ci-reconfigure-Packit-for-RHEL-10.patch → 0181-ci-reconfigure-Packit-for-RHEL-10.patch
View File

@ -1,4 +1,4 @@
From d38b8b1f9484a2d9fdecd5f50b3b60425cb1943c Mon Sep 17 00:00:00 2001
From 6ada64df202cacd1582d57cf49ef6eb61b58ae59 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Fri, 17 May 2024 13:55:40 +0200
Subject: [PATCH] ci: reconfigure Packit for RHEL 10

2
0114-journal-again-create-user-journals-for-users-with-hi.patch → 0182-journal-again-create-user-journals-for-users-with-hi.patch
View File

@ -1,4 +1,4 @@
From 6a3b583ca4b498e6d136a126ed69fc037538d0be Mon Sep 17 00:00:00 2001
From efe89a7b4ac6612f5aa63394c7b4f3a42337810d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 9 Jan 2024 11:28:04 +0100
Subject: [PATCH] journal: again create user journals for users with high uids

2
0115-tmpfiles-make-purge-hard-to-mis-use.patch → 0183-tmpfiles-make-purge-hard-to-mis-use.patch
View File

@ -1,4 +1,4 @@
From 15fbdad66bb68f17fc7b25a0ceaaf8fb62913a72 Mon Sep 17 00:00:00 2001
From 5f84511aa19d116dd15176e82eee540082a4f14b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 18 Jun 2024 20:32:10 +0200
Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use

2
0116-fedora-use-system-auth-in-pam-systemd-user.patch → 0184-fedora-use-system-auth-in-pam-systemd-user.patch
View File

@ -1,4 +1,4 @@
From f9d710d4e1b0039a4d1a12acbd4836153f9f819d Mon Sep 17 00:00:00 2001
From fabf518d7779bbe5ac3cd2e76ee41e1a6c9924ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 14 Dec 2022 22:24:53 +0100
Subject: [PATCH] fedora: use system-auth in pam systemd-user

2
0117-net-naming-scheme-start-rhel10-naming-and-include-rh.patch → 0185-net-naming-scheme-start-rhel10-naming-and-include-rh.patch
View File

@ -1,4 +1,4 @@
From f25ba3a80bd4893154a0d9d761bf2425ed73e5e6 Mon Sep 17 00:00:00 2001
From 57e99d4d70dec39ca6f4e23f6b91ea7f8611c607 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Tue, 25 Jun 2024 14:00:45 +0200
Subject: [PATCH] net-naming-scheme: start rhel10 naming and include rhel8 and

2
0118-rules-copy-40-redhat.rules-from-RHEL-9.patch → 0186-rules-copy-40-redhat.rules-from-RHEL-9.patch
View File

@ -1,4 +1,4 @@
From 681ceb94f6b351c8479ee068383f6aaa2248f63d Mon Sep 17 00:00:00 2001
From 61399301022529a55899540ce8156f3ad95a5814 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Wed, 12 Jun 2024 14:23:30 +0200
Subject: [PATCH] rules: copy 40-redhat.rules from RHEL 9

2
0119-logind-set-RemoveIPC-to-false-by-default.patch → 0187-logind-set-RemoveIPC-to-false-by-default.patch
View File

@ -1,4 +1,4 @@
From ba26df987134fd5c38ba61f74aa02fa810dba0b1 Mon Sep 17 00:00:00 2001
From d8c76b55ee32e918edf89d210b429a85ea8a7bc0 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 1 Aug 2018 10:58:28 +0200
Subject: [PATCH] logind: set RemoveIPC to false by default

2
0120-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch → 0188-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch
View File

@ -1,4 +1,4 @@
From b3cb1c3f1f020475656bf50f18c4de8260f56777 Mon Sep 17 00:00:00 2001
From b9e26760474f3c2636ba24a9f043350bddadb77c Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Thu, 5 Aug 2021 17:11:47 +0200
Subject: [PATCH] tmpfiles: don't create resolv.conf -> stub-resolv.conf

2
0121-rc-local-order-after-network-online.target.patch → 0189-rc-local-order-after-network-online.target.patch
View File

@ -1,4 +1,4 @@
From 5af11076817e70fe25dc3c467a5706a9cf865b05 Mon Sep 17 00:00:00 2001
From 242f581b5a314d0a7c0f696bf8a5662445bc4b60 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 11 Mar 2021 15:48:23 +0100
Subject: [PATCH] rc-local: order after network-online.target

2
0122-random-util-increase-random-seed-size-to-1024.patch → 0190-random-util-increase-random-seed-size-to-1024.patch
View File

@ -1,4 +1,4 @@
From 3a8330c2c2ede435f4f2dad03b939969f63565c0 Mon Sep 17 00:00:00 2001
From 687f41dad8b31e64083acda537f0f66917a1d0be Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 15 Jul 2021 11:15:17 +0200
Subject: [PATCH] random-util: increase random seed size to 1024

2
0123-journal-don-t-enable-systemd-journald-audit.socket-b.patch → 0191-journal-don-t-enable-systemd-journald-audit.socket-b.patch
View File

@ -1,4 +1,4 @@
From 7286e81cbc1ba8283b81c8c1e604b24347ae6b3a Mon Sep 17 00:00:00 2001
From bed45e995d7d9337bb42b7bbde4558eaefef1020 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Thu, 2 May 2019 14:11:54 +0200
Subject: [PATCH] journal: don't enable systemd-journald-audit.socket by

2
0124-journald.conf-don-t-touch-current-audit-settings.patch → 0192-journald.conf-don-t-touch-current-audit-settings.patch
View File

@ -1,4 +1,4 @@
From 216a27427829c5a74798b0dd79f321b3b8b06d93 Mon Sep 17 00:00:00 2001
From 2d2c8eea4b7276bf203e28a7a49dfa5c0591e700 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 5 Aug 2021 15:26:13 +0200
Subject: [PATCH] journald.conf: don't touch current audit settings

2
0125-rules-add-elevator-kernel-command-line-parameter.patch → 0193-rules-add-elevator-kernel-command-line-parameter.patch
View File

@ -1,4 +1,4 @@
From 37d6f0680f53cdb27878fd5a816fc7047335998c Mon Sep 17 00:00:00 2001
From be1d466127e5f44dc7d887276824e41e2d7eccdb Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Tue, 12 Feb 2019 16:58:16 +0100
Subject: [PATCH] rules: add elevator= kernel command line parameter

2
0126-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch → 0194-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
View File

@ -1,4 +1,4 @@
From c9679716cd09f98be12784c7aecaf1ab2e92f0e9 Mon Sep 17 00:00:00 2001
From 4c20d1244f0618bfe10f5ce33ed902ced7817cde Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 1 Aug 2018 13:19:39 +0200
Subject: [PATCH] pid1: bump DefaultTasksMax to 80% of the kernel pid.max value

2
0127-udev-net-setup-link-change-the-default-MACAddressPol.patch → 0195-udev-net-setup-link-change-the-default-MACAddressPol.patch
View File

@ -1,4 +1,4 @@
From b9870ba2ba624c3519b98d7c8f04fc5e06eb8d45 Mon Sep 17 00:00:00 2001
From cbfc25c7f95e6f3303f7db4f0e308c08c3aedaa6 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Tue, 21 Sep 2021 15:01:19 +0200
Subject: [PATCH] udev/net-setup-link: change the default MACAddressPolicy to

2
0128-core-decrease-log-level-of-messages-about-use-of-Kil.patch → 0196-core-decrease-log-level-of-messages-about-use-of-Kil.patch
View File

@ -1,4 +1,4 @@
From 614ad5860a7c76748ff7ccbbceae31b81c728c4a Mon Sep 17 00:00:00 2001
From e196e930009c71346ad12198c2e390dd31f53fb3 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Tue, 22 Feb 2022 13:24:11 +0100
Subject: [PATCH] core: decrease log level of messages about use of

4
0129-taint-remove-unmerged-bin.patch → 0197-taint-remove-unmerged-bin.patch
View File

@ -1,4 +1,4 @@
From 26a2ea7c26c82d1afc0c601ac9319eb6b0735d57 Mon Sep 17 00:00:00 2001
From df682910d69aaa16e8503be3a8429f0852a1365f Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Mon, 8 Jul 2024 14:44:45 +0200
Subject: [PATCH] taint: remove unmerged-bin
@ -40,7 +40,7 @@ index f8a525f030..a7102439a2 100644
• „cgroupsv1” — system używa przestarzałej hierarchii cgroup v1,
• „local-hwclock” — lokalny zegar sprzętowy (RTC) jest skonfigurowany
diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml
index 9cd6a69311..caa7a687cd 100644
index ec38613da0..0c7c52d563 100644
--- a/man/org.freedesktop.systemd1.xml
+++ b/man/org.freedesktop.systemd1.xml
@@ -1676,15 +1676,6 @@ node /org/freedesktop/systemd1 {

2
0130-presets-remove-resolved.patch → 0198-presets-remove-resolved.patch
View File

@ -1,4 +1,4 @@
From e369893cf89ea214641894a0ef36399e4aba771d Mon Sep 17 00:00:00 2001
From f3187aa4ad73668673354eb032cc2f5ec009759b Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Mon, 8 Jul 2024 13:13:10 +0200
Subject: [PATCH] presets: remove resolved

16
0131-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch → 0199-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch
View File

@ -1,4 +1,4 @@
From ce7432871f2a0fef665ae95b563b92715d6a6066 Mon Sep 17 00:00:00 2001
From a17c2d35d3a1ea0cab512496c0e52c6360e250c7 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Tue, 16 Jul 2024 10:08:06 +0200
Subject: [PATCH] ci: run mkosi test only for Fedora and CentOS Stream
@ -7,11 +7,11 @@ rhel-only: ci
Related: RHEL-40924
---
.github/workflows/mkosi.yml | 32 ++------------------------------
1 file changed, 2 insertions(+), 30 deletions(-)
.github/workflows/mkosi.yml | 36 ++----------------------------------
1 file changed, 2 insertions(+), 34 deletions(-)
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index a043022ce0..fa1c7cf118 100644
index d662d65dad..77ccf03717 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -8,7 +8,7 @@ on:
@ -32,7 +32,7 @@ index a043022ce0..fa1c7cf118 100644
paths:
- "**"
- "!README*"
@@ -54,27 +54,6 @@ jobs:
@@ -54,30 +54,6 @@ jobs:
fail-fast: false
matrix:
include:
@ -43,6 +43,7 @@ index a043022ce0..fa1c7cf118 100644
- cflags: "-O2 -D_FORTIFY_SOURCE=3"
- relabel: no
- vm: 1
- skip: TEST-21-DFUZZER
- - distro: debian
- release: testing
- sanitizers: ""
@ -50,6 +51,7 @@ index a043022ce0..fa1c7cf118 100644
- cflags: "-Og"
- relabel: no
- vm: 0
- skip: TEST-21-DFUZZER
- - distro: ubuntu
- release: noble
- sanitizers: ""
@ -57,10 +59,11 @@ index a043022ce0..fa1c7cf118 100644
- cflags: "-Og"
- relabel: no
- vm: 0
- skip: TEST-21-DFUZZER
- distro: fedora
release: "41"
sanitizers: ""
@@ -89,13 +68,6 @@ jobs:
@@ -93,14 +69,6 @@ jobs:
cflags: "-Og"
relabel: yes
vm: 0
@ -71,6 +74,7 @@ index a043022ce0..fa1c7cf118 100644
- cflags: "-Og"
- relabel: no
- vm: 0
- skip: TEST-21-DFUZZER
- distro: centos
release: "9"
sanitizers: ""

2
0132-taint-remove-unused-variable-usr_sbin.patch → 0200-taint-remove-unused-variable-usr_sbin.patch
View File

@ -1,4 +1,4 @@
From 6f7aba66f47ad4537d5c5ddefc1c35332fb00f56 Mon Sep 17 00:00:00 2001
From d0c96c4ed72e6808b0827baa3b97f350b94d7f76 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Tue, 16 Jul 2024 10:09:23 +0200
Subject: [PATCH] taint: remove unused variable `usr_sbin`

2
0133-packit-drop-the-libarchive-workaround.patch → 0201-packit-drop-the-libarchive-workaround.patch
View File

@ -1,4 +1,4 @@
From 46360e32b6cb31acf26760778a0590bb06a4c2f0 Mon Sep 17 00:00:00 2001
From cffc9fc64f28f68a560c1ad1bf609ad3cff441f3 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 17 Jul 2024 12:19:03 +0200
Subject: [PATCH] packit: drop the libarchive workaround

2
0134-coredump-by-default-process-and-store-core-files-up-.patch → 0202-coredump-by-default-process-and-store-core-files-up-.patch
View File

@ -1,4 +1,4 @@
From 324b1d13153c2a0e6db4043a29b7233ad1bf782e Mon Sep 17 00:00:00 2001
From 875e960dd9e6e710b2c70a641bacb6c92d26cc0b Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 5 Apr 2024 15:56:58 +0200
Subject: [PATCH] coredump: by default process and store core files up to 1GiB

2
0135-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch → 0203-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
View File

@ -1,4 +1,4 @@
From cbb117130198501b8fd10c42b18b5afca8fda0f1 Mon Sep 17 00:00:00 2001
From 8b9406b86c43ce92400f5a1972574cc0a5131cd4 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Tue, 15 May 2018 09:24:20 +0200
Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's will

2
0136-unit-don-t-add-Requires-for-tmp.mount.patch → 0204-unit-don-t-add-Requires-for-tmp.mount.patch
View File

@ -1,4 +1,4 @@
From 092547697b7e256ef7c91b2687920a01f8a0a6a4 Mon Sep 17 00:00:00 2001
From 53f681397b4b9380566dcffc41bcd634cfd5fd45 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Mon, 5 Sep 2016 12:47:09 +0200
Subject: [PATCH] unit: don't add Requires for tmp.mount

2
0137-units-add-Install-section-to-tmp.mount.patch → 0205-units-add-Install-section-to-tmp.mount.patch
View File

@ -1,4 +1,4 @@
From 62753331bf0a5cd57b4146794504dee40f61c389 Mon Sep 17 00:00:00 2001
From 51548a3822da1b508b6fc4fcb3fd529adbf50257 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Tue, 22 Jan 2019 10:28:42 +0100
Subject: [PATCH] units: add [Install] section to tmp.mount

2
0138-units-don-t-enable-tmp.mount-statically-in-local-fs..patch → 0206-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
View File

@ -1,4 +1,4 @@
From de9836fa622be725de079b68966ae392283ab050 Mon Sep 17 00:00:00 2001
From 191a786cf10a6138caa00ae4c798ea312642ecc5 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 22 Sep 2021 14:38:00 +0200
Subject: [PATCH] units: don't enable tmp.mount statically in local-fs.target

2
0139-netif-naming-scheme-add-rhel-9.5-scheme.patch → 0207-netif-naming-scheme-add-rhel-9.5-scheme.patch
View File

@ -1,4 +1,4 @@
From 5aaa5d1ee78bacae69e12a056db178bdceec11e8 Mon Sep 17 00:00:00 2001
From f4d7fcc1e02a925d0e3a8993e8372ab6c74a5746 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Thu, 8 Aug 2024 13:12:58 +0200
Subject: [PATCH] netif-naming-scheme: add rhel-9.5 scheme

2
0140-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch → 0208-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch
View File

@ -1,4 +1,4 @@
From d2afe66feccb3abe53f4a745784481a28838a8b8 Mon Sep 17 00:00:00 2001
From ebe05ca738647e5d69035a3426fddb5b2ba7eb76 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Thu, 22 Aug 2024 13:42:11 +0200
Subject: [PATCH] netif-naming-scheme: rename rhel-10.0 to rhel-10.0.beta

2
0141-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch → 0209-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch
View File

@ -1,4 +1,4 @@
From 8ae633adfe6370fa4a1d737167f339d5b8424cdd Mon Sep 17 00:00:00 2001
From ead3dbf4ad38bb7756bbde055060f9a8ec3a10b0 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Thu, 22 Aug 2024 13:47:56 +0200
Subject: [PATCH] net-naming-scheme: disable NAMING_FIRMWARE_NODE_SUN

2
0142-netif-naming-scheme-introduce-rhel-10.0-scheme.patch → 0210-netif-naming-scheme-introduce-rhel-10.0-scheme.patch
View File

@ -1,4 +1,4 @@
From fadb75463f626c2a623538d3048ba7b3cc8e1f3f Mon Sep 17 00:00:00 2001
From d1c50dd03a0bb3b744a81bd716d48356a801f950 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Mon, 16 Dec 2024 15:08:50 +0100
Subject: [PATCH] netif-naming-scheme: introduce rhel-10.0 scheme

Some files were not shown because too many files have changed in this diff Show More