commit 61a255dfc931256e24bbcf2e66cb8df89a71346b Author: CentOS Sources Date: Tue May 17 06:28:40 2022 -0400 import systemd-250-6.el9_0 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f414847 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/systemd-250.tar.gz diff --git a/.systemd.metadata b/.systemd.metadata new file mode 100644 index 0000000..7e5b661 --- /dev/null +++ b/.systemd.metadata @@ -0,0 +1 @@ +3b9db821b29a577d004c8823f4ff7a054c81a39c SOURCES/systemd-250.tar.gz diff --git a/SOURCES/0001-logind-set-RemoveIPC-to-false-by-default.patch b/SOURCES/0001-logind-set-RemoveIPC-to-false-by-default.patch new file mode 100644 index 0000000..b533028 --- /dev/null +++ b/SOURCES/0001-logind-set-RemoveIPC-to-false-by-default.patch @@ -0,0 +1,52 @@ +From 5a66d993a5be88524d9952193b053eac607a5c17 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 1 Aug 2018 10:58:28 +0200 +Subject: [PATCH] logind: set RemoveIPC to false by default + +RHEL-only + +Resolves: #1959836 +--- + man/logind.conf.xml | 2 +- + src/login/logind-core.c | 2 +- + src/login/logind.conf.in | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/man/logind.conf.xml b/man/logind.conf.xml +index 3045c1b9ba..96fa076239 100644 +--- a/man/logind.conf.xml ++++ b/man/logind.conf.xml +@@ -354,7 +354,7 @@ + user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the + last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as + well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users +- are excluded from the effect of this setting. Defaults to yes. ++ are excluded from the effect of this setting. Defaults to no. + + + +diff --git a/src/login/logind-core.c b/src/login/logind-core.c +index 254a1a69fb..616c08132a 100644 +--- a/src/login/logind-core.c ++++ b/src/login/logind-core.c +@@ -34,7 +34,7 @@ void manager_reset_config(Manager *m) { + + m->n_autovts = 6; + m->reserve_vt = 6; +- m->remove_ipc = true; ++ m->remove_ipc = false; + m->inhibit_delay_max = 5 * USEC_PER_SEC; + m->user_stop_delay = 10 * USEC_PER_SEC; + +diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in +index 2d084e134d..79d685b3de 100644 +--- a/src/login/logind.conf.in ++++ b/src/login/logind.conf.in +@@ -40,6 +40,6 @@ + #IdleActionSec=30min + #RuntimeDirectorySize=10% + #RuntimeDirectoryInodes=400k +-#RemoveIPC=yes ++#RemoveIPC=no + #InhibitorsMax=8192 + #SessionsMax=8192 diff --git a/SOURCES/0002-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch b/SOURCES/0002-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch new file mode 100644 index 0000000..929a63b --- /dev/null +++ b/SOURCES/0002-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch @@ -0,0 +1,43 @@ +From 92b6ae2097ae90355775217529d2fd55f7b84e31 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Thu, 5 Aug 2021 17:11:47 +0200 +Subject: [PATCH] tmpfiles: don't create resolv.conf -> stub-resolv.conf + symlink + +RHEL-only + +Resolves: #1989472 +--- + tmpfiles.d/meson.build | 1 - + tmpfiles.d/systemd-resolve.conf | 10 ---------- + 2 files changed, 11 deletions(-) + delete mode 100644 tmpfiles.d/systemd-resolve.conf + +diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build +index b8d3919025..6ae9e3e0b8 100644 +--- a/tmpfiles.d/meson.build ++++ b/tmpfiles.d/meson.build +@@ -7,7 +7,6 @@ files = [['README', ''], + ['journal-nocow.conf', ''], + ['systemd-nologin.conf', 'HAVE_PAM'], + ['systemd-nspawn.conf', 'ENABLE_MACHINED'], +- ['systemd-resolve.conf', 'ENABLE_RESOLVE'], + ['systemd-tmp.conf', ''], + ['portables.conf', 'ENABLE_PORTABLED'], + ['systemd-pstore.conf', 'ENABLE_PSTORE'], +diff --git a/tmpfiles.d/systemd-resolve.conf b/tmpfiles.d/systemd-resolve.conf +deleted file mode 100644 +index cb1c56d6a6..0000000000 +--- a/tmpfiles.d/systemd-resolve.conf ++++ /dev/null +@@ -1,10 +0,0 @@ +-# This file is part of systemd. +-# +-# systemd is free software; you can redistribute it and/or modify it +-# under the terms of the GNU Lesser General Public License as published by +-# the Free Software Foundation; either version 2.1 of the License, or +-# (at your option) any later version. +- +-# See tmpfiles.d(5) for details +- +-L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf diff --git a/SOURCES/0003-Copy-40-redhat.rules-from-RHEL-8.patch b/SOURCES/0003-Copy-40-redhat.rules-from-RHEL-8.patch new file mode 100644 index 0000000..9f6bf2c --- /dev/null +++ b/SOURCES/0003-Copy-40-redhat.rules-from-RHEL-8.patch @@ -0,0 +1,78 @@ +From 24f033a2a5c03848ae518278c8025e13130146af Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Fri, 2 Jul 2021 13:25:51 +0200 +Subject: [PATCH] Copy 40-redhat.rules from RHEL-8 + +RHEL-only + +Resolves: #1978639 +--- + rules.d/40-redhat.rules | 46 +++++++++++++++++++++++++++++++++++++++++ + rules.d/meson.build | 1 + + 2 files changed, 47 insertions(+) + create mode 100644 rules.d/40-redhat.rules + +diff --git a/rules.d/40-redhat.rules b/rules.d/40-redhat.rules +new file mode 100644 +index 0000000000..3c95cd2df0 +--- /dev/null ++++ b/rules.d/40-redhat.rules +@@ -0,0 +1,46 @@ ++# do not edit this file, it will be overwritten on update ++ ++# CPU hotadd request ++SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1" ++ ++# Memory hotadd request ++SUBSYSTEM!="memory", GOTO="memory_hotplug_end" ++ACTION!="add", GOTO="memory_hotplug_end" ++CONST{arch}=="s390*", GOTO="memory_hotplug_end" ++CONST{arch}=="ppc64*", GOTO="memory_hotplug_end" ++ ++ENV{.state}="online" ++CONST{virt}=="none", ENV{.state}="online_movable" ++ATTR{state}=="offline", ATTR{state}="$env{.state}" ++ ++LABEL="memory_hotplug_end" ++ ++# reload sysctl.conf / sysctl.conf.d settings when the bridge module is loaded ++ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge" ++ ++# load SCSI generic (sg) driver ++SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg" ++SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_target", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg" ++ ++# Rule for prandom character device node permissions ++KERNEL=="prandom", MODE="0644" ++ ++# Rules for creating the ID_PATH for SCSI devices based on the CCW bus ++# using the form: ccw--zfcp-: ++# ++ACTION=="remove", GOTO="zfcp_scsi_device_end" ++ ++# ++# Set environment variable "ID_ZFCP_BUS" to "1" if the devices ++# (both disk and partition) are SCSI devices based on FCP devices ++# ++KERNEL=="sd*", SUBSYSTEMS=="ccw", DRIVERS=="zfcp", ENV{.ID_ZFCP_BUS}="1" ++ ++# For SCSI disks ++KERNEL=="sd*[!0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="disk", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}" ++ ++ ++# For partitions on a SCSI disk ++KERNEL=="sd*[0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="partition", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}-part%n" ++ ++LABEL="zfcp_scsi_device_end" +diff --git a/rules.d/meson.build b/rules.d/meson.build +index 5cecddb34f..c5c3590b29 100644 +--- a/rules.d/meson.build ++++ b/rules.d/meson.build +@@ -5,6 +5,7 @@ install_data( + install_dir : udevrulesdir) + + rules = files(''' ++ 40-redhat.rules + 60-autosuspend.rules + 60-block.rules + 60-cdrom_id.rules diff --git a/SOURCES/0004-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch b/SOURCES/0004-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch new file mode 100644 index 0000000..504f7d3 --- /dev/null +++ b/SOURCES/0004-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch @@ -0,0 +1,45 @@ +From c9ca30a1debbdf24ab6fcbe1aa1ec7ac5f222cb4 Mon Sep 17 00:00:00 2001 +From: Jan Synacek +Date: Tue, 15 May 2018 09:24:20 +0200 +Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's will + +Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather +adds an After relationship. + +RHEL-only + +Resolves: #1959826 +--- + src/core/unit.c | 7 +------ + units/basic.target | 3 ++- + 2 files changed, 3 insertions(+), 7 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index b1f1f5c82c..3a8251e2b8 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -1280,12 +1280,7 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) { + } + + if (c->private_tmp) { +- +- /* FIXME: for now we make a special case for /tmp and add a weak dependency on +- * tmp.mount so /tmp being masked is supported. However there's no reason to treat +- * /tmp specifically and masking other mount units should be handled more +- * gracefully too, see PR#16894. */ +- r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, "tmp.mount", true, UNIT_DEPENDENCY_FILE); ++ r = unit_add_dependency_by_name(u, UNIT_AFTER, "tmp.mount", true, UNIT_DEPENDENCY_FILE); + if (r < 0) + return r; + +diff --git a/units/basic.target b/units/basic.target +index d8cdd5ac14..9eae0782a2 100644 +--- a/units/basic.target ++++ b/units/basic.target +@@ -19,4 +19,5 @@ After=sysinit.target sockets.target paths.target slices.target tmp.mount + # require /var and /var/tmp, but only add a Wants= type dependency on /tmp, as + # we support that unit being masked, and this should not be considered an error. + RequiresMountsFor=/var /var/tmp +-Wants=tmp.mount ++# RHEL-only: Disable /tmp on tmpfs. ++#Wants=tmp.mount diff --git a/SOURCES/0005-unit-don-t-add-Requires-for-tmp.mount.patch b/SOURCES/0005-unit-don-t-add-Requires-for-tmp.mount.patch new file mode 100644 index 0000000..5f61739 --- /dev/null +++ b/SOURCES/0005-unit-don-t-add-Requires-for-tmp.mount.patch @@ -0,0 +1,38 @@ +From ba6b7f1b4409b337b5b4ffc47259ad5c43c436c4 Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn +Date: Mon, 5 Sep 2016 12:47:09 +0200 +Subject: [PATCH] unit: don't add Requires for tmp.mount + +rhel-only +Resolves: #1619292 +--- + src/core/mount.c | 2 +- + src/core/unit.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/core/mount.c b/src/core/mount.c +index 0170406351..4d407ca4e5 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -335,7 +335,7 @@ static int mount_add_mount_dependencies(Mount *m) { + if (r < 0) + return r; + +- if (UNIT(m)->fragment_path) { ++ if (UNIT(m)->fragment_path && !streq(UNIT(m)->id, "tmp.mount")) { + /* If we have fragment configuration, then make this dependency required */ + r = unit_add_dependency(other, UNIT_REQUIRES, UNIT(m), true, UNIT_DEPENDENCY_PATH); + if (r < 0) +diff --git a/src/core/unit.c b/src/core/unit.c +index 3a8251e2b8..d2adb447b6 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -1520,7 +1520,7 @@ static int unit_add_mount_dependencies(Unit *u) { + if (r < 0) + return r; + +- if (m->fragment_path) { ++ if (m->fragment_path && !streq(m->id, "tmp.mount")) { + r = unit_add_dependency(u, UNIT_REQUIRES, m, true, di.origin_mask); + if (r < 0) + return r; diff --git a/SOURCES/0006-units-add-Install-section-to-tmp.mount.patch b/SOURCES/0006-units-add-Install-section-to-tmp.mount.patch new file mode 100644 index 0000000..1eb4e7e --- /dev/null +++ b/SOURCES/0006-units-add-Install-section-to-tmp.mount.patch @@ -0,0 +1,24 @@ +From 0e4d18011e394d83c5e6ce045c05b03619fe7145 Mon Sep 17 00:00:00 2001 +From: Jan Synacek +Date: Tue, 22 Jan 2019 10:28:42 +0100 +Subject: [PATCH] units: add [Install] section to tmp.mount + +RHEL-only + +Related: #1959826 +--- + units/tmp.mount | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/units/tmp.mount b/units/tmp.mount +index 4e1bb8de24..4874e8daff 100644 +--- a/units/tmp.mount ++++ b/units/tmp.mount +@@ -23,3 +23,7 @@ What=tmpfs + Where=/tmp + Type=tmpfs + Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=1m ++ ++# Make 'systemctl enable tmp.mount' work: ++[Install] ++WantedBy=local-fs.target diff --git a/SOURCES/0007-rc-local-order-after-network-online.target.patch b/SOURCES/0007-rc-local-order-after-network-online.target.patch new file mode 100644 index 0000000..d7c6ae9 --- /dev/null +++ b/SOURCES/0007-rc-local-order-after-network-online.target.patch @@ -0,0 +1,29 @@ +From 6dc2d5628fded20609561ca3c63517b3dc381042 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Thu, 11 Mar 2021 15:48:23 +0100 +Subject: [PATCH] rc-local: order after network-online.target + +I think this was the intent of commit 91b684c7300879a8d2006038f7d9185d92c3c3bf, +just network-online.target didn't exist back then. + +RHEL-only + +Resolves: #1954429 +--- + units/rc-local.service.in | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/units/rc-local.service.in b/units/rc-local.service.in +index 55e83dfe00..0eee722154 100644 +--- a/units/rc-local.service.in ++++ b/units/rc-local.service.in +@@ -13,7 +13,8 @@ + Description={{RC_LOCAL_PATH}} Compatibility + Documentation=man:systemd-rc-local-generator(8) + ConditionFileIsExecutable={{RC_LOCAL_PATH}} +-After=network.target ++After=network-online.target ++Wants=network-online.target + + [Service] + Type=forking diff --git a/SOURCES/0008-ci-drop-CIs-irrelevant-for-downstream.patch b/SOURCES/0008-ci-drop-CIs-irrelevant-for-downstream.patch new file mode 100644 index 0000000..7d41fd8 --- /dev/null +++ b/SOURCES/0008-ci-drop-CIs-irrelevant-for-downstream.patch @@ -0,0 +1,298 @@ +From b9c7cd794733257a17b2eb9eadc716007e509ca9 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Sun, 18 Apr 2021 20:46:06 +0200 +Subject: [PATCH] ci: drop CIs irrelevant for downstream + + * CIFuzz would need a separate project in oss-fuzz + * Coverity would also need a separate project + * the Labeler action is superfluous, since we already have a bot for + that + * mkosi testing on other distros is irrelevant for downstream RHEL + repo + +Resolves: #1960703 +rhel-only +--- + .github/labeler.yml | 40 ----------------- + .github/workflows/cifuzz.yml | 55 ----------------------- + .github/workflows/coverity.yml | 43 ------------------ + .github/workflows/labeler.yml | 23 ---------- + .github/workflows/mkosi.yml | 80 ---------------------------------- + 5 files changed, 241 deletions(-) + delete mode 100644 .github/labeler.yml + delete mode 100644 .github/workflows/cifuzz.yml + delete mode 100644 .github/workflows/coverity.yml + delete mode 100644 .github/workflows/labeler.yml + delete mode 100644 .github/workflows/mkosi.yml + +diff --git a/.github/labeler.yml b/.github/labeler.yml +deleted file mode 100644 +index 7d128f42d6..0000000000 +--- a/.github/labeler.yml ++++ /dev/null +@@ -1,40 +0,0 @@ +-# SPDX-License-Identifier: LGPL-2.1-or-later +- +-hwdb: +- - hwdb.d/**/* +-units: +- - units/**/* +-documentation: +- - NEWS +- - docs/* +-network: +- - src/libsystemd-network/**/* +- - src/network/**/* +-udev: +- - src/udev/**/* +- - src/libudev/* +-selinux: +- - '**/*selinux*' +-apparmor: +- - '**/*apparmor*' +-meson: +- - meson_option.txt +-mkosi: +- - .mkosi/* +- - mkosi.build +-busctl: +- - src/busctl/* +-systemctl: +- - src/systemctl/* +-journal: +- - src/journal/* +-journal-remote: +- - src/journal-remote/* +-portable: +- - src/portable/**/* +-resolve: +- - src/resolve/* +-timedate: +- - src/timedate/* +-timesync: +- - src/timesync/* +diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml +deleted file mode 100644 +index 11ea788a47..0000000000 +--- a/.github/workflows/cifuzz.yml ++++ /dev/null +@@ -1,55 +0,0 @@ +---- +-# vi: ts=2 sw=2 et: +-# SPDX-License-Identifier: LGPL-2.1-or-later +-# See: https://google.github.io/oss-fuzz/getting-started/continuous-integration/ +- +-name: CIFuzz +- +-permissions: +- contents: read +- +-on: +- pull_request: +- paths: +- - '**/meson.build' +- - '.github/workflows/**' +- - 'meson_options.txt' +- - 'src/**' +- - 'test/fuzz/**' +- - 'tools/oss-fuzz.sh' +- push: +- branches: +- - main +-jobs: +- Fuzzing: +- runs-on: ubuntu-latest +- if: github.repository == 'systemd/systemd' +- concurrency: +- group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }} +- cancel-in-progress: true +- strategy: +- fail-fast: false +- matrix: +- sanitizer: [address, undefined, memory] +- steps: +- - name: Build Fuzzers (${{ matrix.sanitizer }}) +- id: build +- uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master +- with: +- oss-fuzz-project-name: 'systemd' +- dry-run: false +- allowed-broken-targets-percentage: 0 +- sanitizer: ${{ matrix.sanitizer }} +- - name: Run Fuzzers (${{ matrix.sanitizer }}) +- uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master +- with: +- oss-fuzz-project-name: 'systemd' +- fuzz-seconds: 600 +- dry-run: false +- sanitizer: ${{ matrix.sanitizer }} +- - name: Upload Crash +- uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 +- if: failure() && steps.build.outcome == 'success' +- with: +- name: ${{ matrix.sanitizer }}-artifacts +- path: ./out/artifacts +diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml +deleted file mode 100644 +index a164d16fbf..0000000000 +--- a/.github/workflows/coverity.yml ++++ /dev/null +@@ -1,43 +0,0 @@ +---- +-# vi: ts=2 sw=2 et: +-# SPDX-License-Identifier: LGPL-2.1-or-later +-# +-name: Coverity +- +-on: +- schedule: +- # Run Coverity daily at midnight +- - cron: '0 0 * * *' +- +-permissions: +- contents: read +- +-jobs: +- build: +- runs-on: ubuntu-20.04 +- if: github.repository == 'systemd/systemd' +- env: +- COVERITY_SCAN_BRANCH_PATTERN: "${{ github.ref}}" +- COVERITY_SCAN_NOTIFICATION_EMAIL: "" +- COVERITY_SCAN_PROJECT_NAME: "${{ github.repository }}" +- # Set in repo settings -> secrets -> repository secrets +- COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}" +- CURRENT_REF: "${{ github.ref }}" +- steps: +- - name: Repository checkout +- uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 +- # https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable +- - name: Set the $COVERITY_SCAN_NOTIFICATION_EMAIL env variable +- run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> $GITHUB_ENV +- - name: Install Coverity tools +- run: tools/get-coverity.sh +- # Reuse the setup phase of the unit test script to avoid code duplication +- - name: Install build dependencies +- run: sudo -E .github/workflows/unit_tests.sh SETUP +- # Preconfigure with meson to prevent Coverity from capturing meson metadata +- - name: Preconfigure the build directory +- run: meson cov-build -Dman=false +- - name: Build +- run: tools/coverity.sh build +- - name: Upload the results +- run: tools/coverity.sh upload +diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml +deleted file mode 100644 +index 34d9d63d42..0000000000 +--- a/.github/workflows/labeler.yml ++++ /dev/null +@@ -1,23 +0,0 @@ +---- +-# vi: ts=2 sw=2 et: +-# SPDX-License-Identifier: LGPL-2.1-or-later +-# +-name: "Pull Request Labeler" +- +-on: +-- pull_request_target +- +-permissions: +- contents: read +- +-jobs: +- triage: +- runs-on: ubuntu-latest +- permissions: +- pull-requests: write +- steps: +- - uses: actions/labeler@69da01b8e0929f147b8943611bee75ee4175a49e +- with: +- repo-token: "${{ secrets.GITHUB_TOKEN }}" +- configuration-path: .github/labeler.yml +- sync-labels: "" # This is a workaround for issue 18671 +diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml +deleted file mode 100644 +index 8fd6c72e26..0000000000 +--- a/.github/workflows/mkosi.yml ++++ /dev/null +@@ -1,80 +0,0 @@ +---- +-# vi: ts=2 sw=2 et: +-# SPDX-License-Identifier: LGPL-2.1-or-later +-# Simple boot tests that build and boot the mkosi images generated by the mkosi config files in mkosi.default.d/. +-name: mkosi +- +-on: +- push: +- branches: +- - main +- - v[0-9]+-stable +- pull_request: +- branches: +- - main +- - v[0-9]+-stable +- +-permissions: +- contents: read +- +-env: +- # Enable debug logging in systemd, but keep udev's log level to info, +- # since it's _very_ verbose in the QEMU task +- KERNEL_CMDLINE: "systemd.unit=mkosi-check-and-shutdown.service !quiet systemd.log_level=debug systemd.log_target=console udev.log_level=info systemd.default_standard_output=journal+console" +- +-jobs: +- ci: +- runs-on: ubuntu-20.04 +- concurrency: +- group: ${{ github.workflow }}-${{ matrix.distro }}-${{ github.ref }} +- cancel-in-progress: true +- strategy: +- fail-fast: false +- matrix: +- distro: +- - arch +- - debian +- - ubuntu +- - fedora +- - opensuse +- +- steps: +- - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 +- - uses: systemd/mkosi@4d64fc8134f93d87ac584183e7762ac1d0efa0e5 +- +- - name: Install +- run: sudo apt-get update && sudo apt-get install --no-install-recommends python3-pexpect python3-jinja2 +- +- - name: Configure +- run: echo -e "[Distribution]\nDistribution=${{ matrix.distro }}\n" >mkosi.default +- +- # Ubuntu's systemd-nspawn doesn't support faccessat2() syscall, which is +- # required, since current Arch's glibc implements faccessat() via faccessat2(). +- - name: Update systemd-nspawn +- if: ${{ matrix.distro == 'arch' }} +- run: | +- echo "deb-src http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs) main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list +- sudo apt update +- sudo apt build-dep systemd +- meson build +- ninja -C build +- sudo ln -svf $PWD/build/systemd-nspawn `which systemd-nspawn` +- systemd-nspawn --version +- +- - name: Build ${{ matrix.distro }} +- run: ./.github/workflows/run_mkosi.sh --build-environment=CI_BUILD=1 --kernel-command-line "${{ env.KERNEL_CMDLINE }}" build +- +- - name: Show ${{ matrix.distro }} image summary +- run: ./.github/workflows/run_mkosi.sh summary +- +- - name: Boot ${{ matrix.distro }} systemd-nspawn +- run: ./.github/workflows/run_mkosi.sh boot ${{ env.KERNEL_CMDLINE }} +- +- - name: Check ${{ matrix.distro }} systemd-nspawn +- run: ./.github/workflows/run_mkosi.sh shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }" +- +- - name: Boot ${{ matrix.distro }} QEMU +- run: ./.github/workflows/run_mkosi.sh qemu +- +- - name: Check ${{ matrix.distro }} QEMU +- run: ./.github/workflows/run_mkosi.sh shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }" diff --git a/SOURCES/0009-ci-reconfigure-Packit-for-RHEL-9.patch b/SOURCES/0009-ci-reconfigure-Packit-for-RHEL-9.patch new file mode 100644 index 0000000..fbe6ca9 --- /dev/null +++ b/SOURCES/0009-ci-reconfigure-Packit-for-RHEL-9.patch @@ -0,0 +1,61 @@ +From d931821a263e34805f825cf12a0a0fcde9beda99 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Wed, 9 Jun 2021 15:23:59 +0200 +Subject: [PATCH] ci: reconfigure Packit for RHEL 9 + +Resolves: #1960703 +rhel-only +--- + .packit.yml | 28 ++++++++++++++++++---------- + 1 file changed, 18 insertions(+), 10 deletions(-) + +diff --git a/.packit.yml b/.packit.yml +index 962c77913e..3461bccbc5 100644 +--- a/.packit.yml ++++ b/.packit.yml +@@ -16,14 +16,12 @@ upstream_tag_template: "v{version}" + + actions: + post-upstream-clone: +- # Use the Fedora Rawhide specfile +- - "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1" ++ # Use the CentOS Stream specfile ++ - "git clone https://gitlab.com/redhat/centos-stream/rpms/systemd.git .packit_rpm --depth=1" + # Drop the "sources" file so rebase-helper doesn't think we're a dist-git + - "rm -fv .packit_rpm/sources" +- # Drop backported patches from the specfile, but keep the downstream-only ones +- # - Patch0000-0499: backported patches from upstream +- # - Patch0500-9999: downstream-only patches +- - "sed -ri '/^Patch0[0-4]?[0-9]{0,2}\\:.+\\.patch/d' .packit_rpm/systemd.spec" ++ # Drop all patches, since they're already included in the tarball ++ - "sed -ri '/^Patch[0-9]+:/d' .packit_rpm/systemd.spec" + # Build the RPM with --werror. Even though --werror doesn't work in all + # cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the + # RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]). +@@ -32,12 +30,22 @@ actions: + # [1] https://github.com/systemd/systemd/pull/18908#issuecomment-792250110 + - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec' + ++# Available targets can be listed via `copr-cli list-chroots` + jobs: ++# Build test + - job: copr_build + trigger: pull_request + metadata: + targets: +- - fedora-rawhide-aarch64 +- - fedora-rawhide-i386 +- - fedora-rawhide-ppc64le +- - fedora-rawhide-x86_64 ++ # FIXME: change to CentOS 9 once it's available ++ - fedora-34-x86_64 ++ - fedora-34-aarch64 ++ ++# TODO: can't use TFT yet due to https://pagure.io/fedora-ci/general/issue/184 ++# Run tests (via testing farm) ++#- job: tests ++# trigger: pull_request ++# metadata: ++# targets: ++# # FIXME: change to CentOS 9 once it's available ++# - fedora-34-x86_64 diff --git a/SOURCES/0010-ci-run-unit-tests-on-z-stream-branches-as-well.patch b/SOURCES/0010-ci-run-unit-tests-on-z-stream-branches-as-well.patch new file mode 100644 index 0000000..65ae57c --- /dev/null +++ b/SOURCES/0010-ci-run-unit-tests-on-z-stream-branches-as-well.patch @@ -0,0 +1,28 @@ +From 785b53d7b16c6c56638029e8b4f59c436f1394b8 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Thu, 15 Jul 2021 12:23:27 +0200 +Subject: [PATCH] ci: run unit tests on z-stream branches as well + +Resolves: #1960703 +rhel-only +--- + .github/workflows/unit_tests.yml | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml +index d4a4f3c723..2afde5d59d 100644 +--- a/.github/workflows/unit_tests.yml ++++ b/.github/workflows/unit_tests.yml +@@ -3,11 +3,7 @@ + # SPDX-License-Identifier: LGPL-2.1-or-later + # + name: Unit tests +-on: +- pull_request: +- branches: +- - main +- - v[0-9]+-stable ++on: [pull_request] + + permissions: + contents: read diff --git a/SOURCES/0011-random-util-increase-random-seed-size-to-1024.patch b/SOURCES/0011-random-util-increase-random-seed-size-to-1024.patch new file mode 100644 index 0000000..f026b4b --- /dev/null +++ b/SOURCES/0011-random-util-increase-random-seed-size-to-1024.patch @@ -0,0 +1,25 @@ +From c1555a7d38235cca32492c4606e30028dc008b35 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Thu, 15 Jul 2021 11:15:17 +0200 +Subject: [PATCH] random-util: increase random seed size to 1024 + +RHEL-only + +Resolves: #1982603 +--- + src/basic/random-util.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/random-util.h b/src/basic/random-util.h +index e6528ddc7f..fda78552f6 100644 +--- a/src/basic/random-util.h ++++ b/src/basic/random-util.h +@@ -34,7 +34,7 @@ static inline uint32_t random_u32(void) { + int rdrand(unsigned long *ret); + + /* Some limits on the pool sizes when we deal with the kernel random pool */ +-#define RANDOM_POOL_SIZE_MIN 512U ++#define RANDOM_POOL_SIZE_MIN 1024U + #define RANDOM_POOL_SIZE_MAX (10U*1024U*1024U) + + size_t random_pool_size(void); diff --git a/SOURCES/0012-journal-don-t-enable-systemd-journald-audit.socket-b.patch b/SOURCES/0012-journal-don-t-enable-systemd-journald-audit.socket-b.patch new file mode 100644 index 0000000..944281a --- /dev/null +++ b/SOURCES/0012-journal-don-t-enable-systemd-journald-audit.socket-b.patch @@ -0,0 +1,41 @@ +From f1d66259bcff8333d7dd495bbeef274206f7300d Mon Sep 17 00:00:00 2001 +From: Jan Synacek +Date: Thu, 2 May 2019 14:11:54 +0200 +Subject: [PATCH] journal: don't enable systemd-journald-audit.socket by + default + +RHEL-only + +Resolves: #1973856 +--- + units/meson.build | 3 +-- + units/systemd-journald.service.in | 2 +- + 2 files changed, 2 insertions(+), 3 deletions(-) + +diff --git a/units/meson.build b/units/meson.build +index a9bf28f6d9..69d53f4259 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -124,8 +124,7 @@ units = [ + 'sysinit.target.wants/'], + ['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'], + ['systemd-journal-remote.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'], +- ['systemd-journald-audit.socket', '', +- 'sockets.target.wants/'], ++ ['systemd-journald-audit.socket', ''], + ['systemd-journald-dev-log.socket', '', + 'sockets.target.wants/'], + ['systemd-journald.socket', '', +diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in +index cd17b6b4e7..d981273b07 100644 +--- a/units/systemd-journald.service.in ++++ b/units/systemd-journald.service.in +@@ -12,7 +12,7 @@ Description=Journal Service + Documentation=man:systemd-journald.service(8) man:journald.conf(5) + DefaultDependencies=no + Requires=systemd-journald.socket +-After=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket syslog.socket ++After=systemd-journald.socket systemd-journald-dev-log.socket syslog.socket + Before=sysinit.target + + [Service] diff --git a/SOURCES/0013-journald.conf-don-t-touch-current-audit-settings.patch b/SOURCES/0013-journald.conf-don-t-touch-current-audit-settings.patch new file mode 100644 index 0000000..6a49362 --- /dev/null +++ b/SOURCES/0013-journald.conf-don-t-touch-current-audit-settings.patch @@ -0,0 +1,22 @@ +From 56d9b62ce456e8c0e520bda3447db38864983173 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Thu, 5 Aug 2021 15:26:13 +0200 +Subject: [PATCH] journald.conf: don't touch current audit settings + +RHEL-only + +Related: #1973856 +--- + src/journal/journald.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/journal/journald.conf b/src/journal/journald.conf +index 5a60a9d39c..3544da2112 100644 +--- a/src/journal/journald.conf ++++ b/src/journal/journald.conf +@@ -44,4 +44,4 @@ + #MaxLevelWall=emerg + #LineMax=48K + #ReadKMsg=yes +-#Audit=yes ++Audit= diff --git a/SOURCES/0014-Revert-udev-remove-WAIT_FOR-key.patch b/SOURCES/0014-Revert-udev-remove-WAIT_FOR-key.patch new file mode 100644 index 0000000..a5acad5 --- /dev/null +++ b/SOURCES/0014-Revert-udev-remove-WAIT_FOR-key.patch @@ -0,0 +1,137 @@ +From 2843766767452a69dade1ef8ab2d1d3e5e68a1d3 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Tue, 10 Aug 2021 14:46:16 +0200 +Subject: [PATCH] Revert "udev: remove WAIT_FOR key" + +This reverts commit f2b8052fb648b788936dd3e85be6a9aca90fbb2f. + +RHEL-only + +Resolves: #1982666 +--- + man/udev.xml | 9 +++++++ + src/udev/udev-rules.c | 56 +++++++++++++++++++++++++++++++++++++++ + test/rule-syntax-check.py | 2 +- + 3 files changed, 66 insertions(+), 1 deletion(-) + +diff --git a/man/udev.xml b/man/udev.xml +index f6ea2abc12..ce96e201e4 100644 +--- a/man/udev.xml ++++ b/man/udev.xml +@@ -592,6 +592,15 @@ + + + ++ ++ WAIT_FOR ++ ++ Wait for a file to become available or until a timeout of ++ 10 seconds expires. The path is relative to the sysfs device; ++ if no path is specified, this waits for an attribute to appear. ++ ++ ++ + + OPTIONS + +diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c +index 1a384d6b38..243a792662 100644 +--- a/src/udev/udev-rules.c ++++ b/src/udev/udev-rules.c +@@ -79,6 +79,7 @@ typedef enum { + TK_M_TAG, /* strv, sd_device_get_tag_first(), sd_device_get_tag_next() */ + TK_M_SUBSYSTEM, /* string, sd_device_get_subsystem() */ + TK_M_DRIVER, /* string, sd_device_get_driver() */ ++ TK_M_WAITFOR, + TK_M_ATTR, /* string, takes filename through attribute, sd_device_get_sysattr_value(), udev_resolve_subsys_kernel(), etc. */ + TK_M_SYSCTL, /* string, takes kernel parameter through attribute */ + +@@ -416,6 +417,47 @@ static void rule_line_append_token(UdevRuleLine *rule_line, UdevRuleToken *token + rule_line->current_token = token; + } + ++#define WAIT_LOOP_PER_SECOND 50 ++static int wait_for_file(sd_device *dev, const char *file, int timeout) { ++ char filepath[UDEV_PATH_SIZE]; ++ char devicepath[UDEV_PATH_SIZE]; ++ struct stat stats; ++ int loop = timeout * WAIT_LOOP_PER_SECOND; ++ ++ /* a relative path is a device attribute */ ++ devicepath[0] = '\0'; ++ if (file[0] != '/') { ++ const char *val; ++ int r; ++ ++ r = sd_device_get_syspath(dev, &val); ++ if (r < 0) ++ return r; ++ strscpyl(devicepath, sizeof(devicepath), val, NULL); ++ strscpyl(filepath, sizeof(filepath), devicepath, "/", file, NULL); ++ file = filepath; ++ } ++ ++ while (--loop) { ++ const struct timespec duration = { 0, 1000 * 1000 * 1000 / WAIT_LOOP_PER_SECOND }; ++ ++ /* lookup file */ ++ if (stat(file, &stats) == 0) { ++ log_debug("file '%s' appeared after %i loops", file, (timeout * WAIT_LOOP_PER_SECOND) - loop-1); ++ return 0; ++ } ++ /* make sure, the device did not disappear in the meantime */ ++ if (devicepath[0] != '\0' && stat(devicepath, &stats) != 0) { ++ log_debug("device disappeared while waiting for '%s'", file); ++ return -2; ++ } ++ log_debug("wait for '%s' for %i mseconds", file, 1000 / WAIT_LOOP_PER_SECOND); ++ nanosleep(&duration, NULL); ++ } ++ log_debug("waiting for '%s' failed", file); ++ return -1; ++} ++ + static int rule_line_add_token(UdevRuleLine *rule_line, UdevRuleTokenType type, UdevRuleOperatorType op, char *value, void *data) { + UdevRuleToken *token; + UdevRuleMatchType match_type = _MATCH_TYPE_INVALID; +@@ -958,6 +1000,12 @@ static int parse_token(UdevRules *rules, const char *key, char *attr, UdevRuleOp + r = rule_line_add_token(rule_line, TK_A_RUN_BUILTIN, op, value, UDEV_BUILTIN_CMD_TO_PTR(cmd)); + } else + return log_token_invalid_attr(rules, key); ++ } else if (streq(key, "WAIT_FOR") || streq(key, "WAIT_FOR_SYSFS")) { ++ if (op == OP_REMOVE) ++ return log_token_invalid_op(rules, key); ++ ++ rule_line_add_token(rule_line, TK_M_WAITFOR, 0, value, NULL); ++ return 1; + } else if (streq(key, "GOTO")) { + if (attr) + return log_token_invalid_attr(rules, key); +@@ -1643,6 +1691,14 @@ static int udev_rule_apply_token_to_event( + + return token_match_string(token, val); + } ++ case TK_M_WAITFOR: { ++ char filename[UDEV_PATH_SIZE]; ++ int found; ++ ++ udev_event_apply_format(event, token->value, filename, sizeof(filename), false); ++ found = (wait_for_file(event->dev, filename, 10) == 0); ++ return found || (token->op == OP_NOMATCH); ++ } + case TK_M_ATTR: + case TK_M_PARENTS_ATTR: + return token_match_attr(token, dev, event); +diff --git a/test/rule-syntax-check.py b/test/rule-syntax-check.py +index 9a9e4d1658..0649bcf58e 100755 +--- a/test/rule-syntax-check.py ++++ b/test/rule-syntax-check.py +@@ -20,7 +20,7 @@ no_args_tests = re.compile(r'(ACTION|DEVPATH|KERNELS?|NAME|SYMLINK|SUBSYSTEMS?|D + # PROGRAM can also be specified as an assignment. + program_assign = re.compile(r'PROGRAM\s*=\s*' + quoted_string_re + '$') + args_tests = re.compile(r'(ATTRS?|ENV|CONST|TEST){([a-zA-Z0-9/_.*%-]+)}\s*(?:=|!)=\s*' + quoted_string_re + '$') +-no_args_assign = re.compile(r'(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|RUN|LABEL|GOTO|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*' + quoted_string_re + '$') ++no_args_assign = re.compile(r'(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|RUN|LABEL|GOTO|WAIT_FOR|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*' + quoted_string_re + '$') + args_assign = re.compile(r'(ATTR|ENV|IMPORT|RUN){([a-zA-Z0-9/_.*%-]+)}\s*(=|\+=)\s*' + quoted_string_re + '$') + # Find comma-separated groups, but allow commas that are inside quoted strings. + # Using quoted_string_re + '?' so that strings missing the last double quote diff --git a/SOURCES/0015-Really-don-t-enable-systemd-journald-audit.socket.patch b/SOURCES/0015-Really-don-t-enable-systemd-journald-audit.socket.patch new file mode 100644 index 0000000..30d9a20 --- /dev/null +++ b/SOURCES/0015-Really-don-t-enable-systemd-journald-audit.socket.patch @@ -0,0 +1,25 @@ +From 9a0acc0b292d283b4507c6b749396c019af7e4ab Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Wed, 25 Aug 2021 16:03:04 +0200 +Subject: [PATCH] Really don't enable systemd-journald-audit.socket + +RHEL-only + +Resolves: #1973856 +--- + units/systemd-journald.service.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in +index d981273b07..f190dff5fb 100644 +--- a/units/systemd-journald.service.in ++++ b/units/systemd-journald.service.in +@@ -33,7 +33,7 @@ RestrictRealtime=yes + RestrictSUIDSGID=yes + RuntimeDirectory=systemd/journal + RuntimeDirectoryPreserve=yes +-Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket ++Sockets=systemd-journald.socket systemd-journald-dev-log.socket + StandardOutput=null + SystemCallArchitectures=native + SystemCallErrorNumber=EPERM diff --git a/SOURCES/0016-rules-add-elevator-kernel-command-line-parameter.patch b/SOURCES/0016-rules-add-elevator-kernel-command-line-parameter.patch new file mode 100644 index 0000000..8338727 --- /dev/null +++ b/SOURCES/0016-rules-add-elevator-kernel-command-line-parameter.patch @@ -0,0 +1,56 @@ +From 1e423276a24d7c895d196f9f10bf8c0b9155c633 Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn +Date: Tue, 12 Feb 2019 16:58:16 +0100 +Subject: [PATCH] rules: add elevator= kernel command line parameter + +Kernel removed the elevator= option, so let's reintroduce +it for rhel8 via udev rule. + +RHEL-only + +Resolves: #2003002 +--- + rules.d/40-elevator.rules | 20 ++++++++++++++++++++ + rules.d/meson.build | 1 + + 2 files changed, 21 insertions(+) + create mode 100644 rules.d/40-elevator.rules + +diff --git a/rules.d/40-elevator.rules b/rules.d/40-elevator.rules +new file mode 100644 +index 0000000000..dbe8fc81a4 +--- /dev/null ++++ b/rules.d/40-elevator.rules +@@ -0,0 +1,20 @@ ++# We aren't adding devices skip the elevator check ++ACTION!="add", GOTO="sched_out" ++ ++SUBSYSTEM!="block", GOTO="sched_out" ++ENV{DEVTYPE}!="disk", GOTO="sched_out" ++ ++# Technically, dm-multipath can be configured to use an I/O scheduler. ++# However, there are races between the 'add' uevent and the linking in ++# of the queue/scheduler sysfs file. For now, just skip dm- devices. ++KERNEL=="dm-*|md*", GOTO="sched_out" ++ ++# Skip bio-based devices, which don't support an I/O scheduler. ++ATTR{queue/scheduler}=="none", GOTO="sched_out" ++ ++# If elevator= is specified on the kernel command line, change the ++# scheduler to the one specified. ++IMPORT{cmdline}="elevator" ++ENV{elevator}!="", ATTR{queue/scheduler}="$env{elevator}" ++ ++LABEL="sched_out" +\ No newline at end of file +diff --git a/rules.d/meson.build b/rules.d/meson.build +index c5c3590b29..7e0bd89200 100644 +--- a/rules.d/meson.build ++++ b/rules.d/meson.build +@@ -5,6 +5,7 @@ install_data( + install_dir : udevrulesdir) + + rules = files(''' ++ 40-elevator.rules + 40-redhat.rules + 60-autosuspend.rules + 60-block.rules diff --git a/SOURCES/0017-units-don-t-enable-tmp.mount-statically-in-local-fs..patch b/SOURCES/0017-units-don-t-enable-tmp.mount-statically-in-local-fs..patch new file mode 100644 index 0000000..53151bd --- /dev/null +++ b/SOURCES/0017-units-don-t-enable-tmp.mount-statically-in-local-fs..patch @@ -0,0 +1,26 @@ +From 41ccc595538752f04f88c80fe7a9e283d4ef12c4 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Wed, 22 Sep 2021 14:38:00 +0200 +Subject: [PATCH] units: don't enable tmp.mount statically in local-fs.target + +RHEL-only + +Related: #2000927 +--- + units/meson.build | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/units/meson.build b/units/meson.build +index 69d53f4259..9eb535858a 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -159,8 +159,7 @@ units = [ + ['time-set.target', ''], + ['time-sync.target', ''], + ['timers.target', ''], +- ['tmp.mount', '', +- 'local-fs.target.wants/'], ++ ['tmp.mount', ''], + ['umount.target', ''], + ['usb-gadget.target', ''], + ['user.slice', ''], diff --git a/SOURCES/0018-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch b/SOURCES/0018-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch new file mode 100644 index 0000000..ffec2d6 --- /dev/null +++ b/SOURCES/0018-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch @@ -0,0 +1,59 @@ +From 4ec48c87803916e90a8f30afae6c8bdee5bb9ba5 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 1 Aug 2018 13:19:39 +0200 +Subject: [PATCH] pid1: bump DefaultTasksMax to 80% of the kernel pid.max value + +This should be hopefully high enough even for the very big deployments. + +RHEL-only + +Resolves: #2003031 +--- + man/systemd-system.conf.xml | 4 ++-- + src/core/main.c | 2 +- + src/core/system.conf.in | 2 +- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml +index 3805a010e2..b8e2b65625 100644 +--- a/man/systemd-system.conf.xml ++++ b/man/systemd-system.conf.xml +@@ -404,10 +404,10 @@ + Configure the default value for the per-unit TasksMax= setting. See + systemd.resource-control5 + for details. This setting applies to all unit types that support resource control settings, with the exception +- of slice units. Defaults to 15% of the minimum of kernel.pid_max=, kernel.threads-max= ++ of slice units. Defaults to 80% of the minimum of kernel.pid_max=, kernel.threads-max= + and root cgroup pids.max. + Kernel has a default value for kernel.pid_max= and an algorithm of counting in case of more than 32 cores. +- For example with the default kernel.pid_max=, DefaultTasksMax= defaults to 4915, ++ For example with the default kernel.pid_max=, DefaultTasksMax= defaults to 26214, + but might be greater in other systems or smaller in OS containers. + + +diff --git a/src/core/main.c b/src/core/main.c +index 57aedb9b93..7ea848ebeb 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -98,7 +98,7 @@ + #include + #endif + +-#define DEFAULT_TASKS_MAX ((TasksMax) { 15U, 100U }) /* 15% */ ++#define DEFAULT_TASKS_MAX ((TasksMax) { 80U, 100U }) /* 80% */ + + static enum { + ACTION_RUN, +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index 96fb64d2c1..c0dc6a7e17 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -54,7 +54,7 @@ + #DefaultBlockIOAccounting=no + #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }} + #DefaultTasksAccounting=yes +-#DefaultTasksMax=15% ++#DefaultTasksMax=80% + #DefaultLimitCPU= + #DefaultLimitFSIZE= + #DefaultLimitDATA= diff --git a/SOURCES/0019-set-core-ulimit-to-0-like-on-RHEL-7.patch b/SOURCES/0019-set-core-ulimit-to-0-like-on-RHEL-7.patch new file mode 100644 index 0000000..4fff5b0 --- /dev/null +++ b/SOURCES/0019-set-core-ulimit-to-0-like-on-RHEL-7.patch @@ -0,0 +1,25 @@ +From 7344cdfb2792f67e50848f87eced21cded226d4a Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Mon, 25 Jan 2021 16:19:56 +0100 +Subject: [PATCH] set core ulimit to 0 like on RHEL-7 + +RHEL-only + +Resolves: #1998509 +--- + src/core/system.conf.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index c0dc6a7e17..5913b5b0e4 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -59,7 +59,7 @@ + #DefaultLimitFSIZE= + #DefaultLimitDATA= + #DefaultLimitSTACK= +-#DefaultLimitCORE= ++DefaultLimitCORE=0:infinity + #DefaultLimitRSS= + #DefaultLimitNOFILE=1024:{{HIGH_RLIMIT_NOFILE}} + #DefaultLimitAS= diff --git a/SOURCES/0020-ci-use-C9S-chroots-in-Packit.patch b/SOURCES/0020-ci-use-C9S-chroots-in-Packit.patch new file mode 100644 index 0000000..4651c6e --- /dev/null +++ b/SOURCES/0020-ci-use-C9S-chroots-in-Packit.patch @@ -0,0 +1,27 @@ +From 402595e7b0668b8fe44b5b00b1dd45ba9cc42b82 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Thu, 4 Nov 2021 12:31:32 +0100 +Subject: [PATCH] ci: use C9S chroots in Packit + +rhel-only +Related: #2017035 +--- + .packit.yml | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/.packit.yml b/.packit.yml +index 3461bccbc5..ce8782aae2 100644 +--- a/.packit.yml ++++ b/.packit.yml +@@ -37,9 +37,8 @@ jobs: + trigger: pull_request + metadata: + targets: +- # FIXME: change to CentOS 9 once it's available +- - fedora-34-x86_64 +- - fedora-34-aarch64 ++ - centos-stream-9-x86_64 ++ - centos-stream-9-aarch64 + + # TODO: can't use TFT yet due to https://pagure.io/fedora-ci/general/issue/184 + # Run tests (via testing farm) diff --git a/SOURCES/0021-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch b/SOURCES/0021-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch new file mode 100644 index 0000000..1e2a147 --- /dev/null +++ b/SOURCES/0021-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch @@ -0,0 +1,136 @@ +From 68199fe69a2c46e498bc7e9528d54922deecc553 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Mon, 14 Sep 2020 17:58:03 +0200 +Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id() + +https://bugzilla.redhat.com/show_bug.cgi?id=1803070 + +I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different +than the one we get from /proc/self/fdinfo/. This only matters when both statx and +name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo: + +(gdb) !uname -r +5.6.19-200.fc31.ppc64le + +(gdb) !cat /proc/self/mountinfo +697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota +698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota +699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota +700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <========================================================== +701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel +702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw +703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755 +704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel +705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666 +706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755 +722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel +725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel +614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate +615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 + +The test process does +name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then +openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then +read(open("/proc/self/fdinfo/4", ...)) which gives +"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n" + +and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo. + +We could either drop the fallback path (and fail name_to_handle_at() is not +avaliable) or ignore the error in the test. Not sure what is better. I think +this issue only occurs sometimes and with older kernels, so probably continuing +with the current flaky implementation is better than ripping out the fallback. + +Another strace: +writev(2, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603 +) = 28 +name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0 +writev(2, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697 +) = 20 +name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0 +writev(2, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605 +) = 30 +name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0 +writev(2, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703 +) = 23 +name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported) +openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4 +openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5 +fstat(5, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 +fstat(5, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 +read(5, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36 +read(5, "", 1024) = 0 +close(5) = 0 +close(4) = 0 +writev(2, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725 +) = 42 +writev(2, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc +) = 39 +writev(2, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting. +) = 109 +rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 +rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0 +getpid() = 20 +gettid() = 20 +tgkill(20, 20, SIGABRT) = 0 +rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 + +RHEL notes: af918c4 should mitigate this issue, but in some build +systems (Copr, brew, etc.) we don't have enough privileges to create a +new mount namespace + +Cherry-picked manually from https://github.com/systemd/systemd/pull/17050. + +rhel-only +Related: #2017035 +--- + src/test/test-mountpoint-util.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c +index d11edf502a..9515d8cf7b 100644 +--- a/src/test/test-mountpoint-util.c ++++ b/src/test/test-mountpoint-util.c +@@ -101,8 +101,12 @@ TEST(mnt_id) { + /* The ids don't match? If so, then there are two mounts on the same path, let's check if + * that's really the case */ + char *t = hashmap_get(h, INT_TO_PTR(mnt_id2)); +- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t); +- assert_se(path_equal(p, t)); ++ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t); ++ ++ if (!path_equal(p, t)) ++ /* Apparent kernel bug in /proc/self/fdinfo */ ++ log_warning("Bad mount id given for %s: %d, should be %d", ++ p, mnt_id2, mnt_id); + } + } + diff --git a/SOURCES/0022-Treat-EPERM-as-not-available-too.patch b/SOURCES/0022-Treat-EPERM-as-not-available-too.patch new file mode 100644 index 0000000..4d356d0 --- /dev/null +++ b/SOURCES/0022-Treat-EPERM-as-not-available-too.patch @@ -0,0 +1,30 @@ +From 3c54c67a7fc65dc5b49b2452739c19b94eeb98a9 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Tue, 21 Dec 2021 10:46:17 +0100 +Subject: [PATCH] Treat EPERM as "not available" too + +We need to do this because idmapped mounts habe been disabled in RHEL-9 +kernel: https://bugzilla.redhat.com/show_bug.cgi?id=2018141 . + +RHEL-only + +Fixes #55 + +Related: #2017035 +--- + src/nspawn/nspawn.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index 8f17ab8810..9225c8f162 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -3780,7 +3780,7 @@ static int outer_child( + arg_uid_shift != 0) { + + r = remount_idmap(directory, arg_uid_shift, arg_uid_range); +- if (r == -EINVAL || ERRNO_IS_NOT_SUPPORTED(r)) { ++ if (IN_SET(r, -EINVAL, -EPERM) || ERRNO_IS_NOT_SUPPORTED(r)) { + /* This might fail because the kernel or file system doesn't support idmapping. We + * can't really distinguish this nicely, nor do we have any guarantees about the + * error codes we see, could be EOPNOTSUPP or EINVAL. */ diff --git a/SOURCES/0023-test-copy-portable-profiles-into-the-image-if-they-d.patch b/SOURCES/0023-test-copy-portable-profiles-into-the-image-if-they-d.patch new file mode 100644 index 0000000..ea3e2fd --- /dev/null +++ b/SOURCES/0023-test-copy-portable-profiles-into-the-image-if-they-d.patch @@ -0,0 +1,39 @@ +From 324d99159e1e64d78a580073626f5b645f1c3639 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Mon, 31 Jan 2022 14:19:09 +0100 +Subject: [PATCH] test: copy portable profiles into the image if they don't + exist there + +If we're built with `-Dportable=false`, the portable profiles won't get +installed into the image. Since we need only the profile files and +nothing else, let's copy them into the image explicitly in such case. + +(cherry picked from commit 6f73ef8b30803ac1be1b2607aec1a89d778caa9a) + +Related: #2017035 +--- + test/test-functions | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/test/test-functions b/test/test-functions +index 218d0e6888..35d8f074a9 100644 +--- a/test/test-functions ++++ b/test/test-functions +@@ -1151,6 +1151,17 @@ install_systemd() { + mkdir -p "$initdir/etc/systemd/system/service.d/" + echo -e "[Service]\nProtectSystem=no\nProtectHome=no\n" >"$initdir/etc/systemd/system/service.d/gcov-override.conf" + fi ++ ++ # If we're built with -Dportabled=false, tests with systemd-analyze ++ # --profile will fail. Since we need just the profile (text) files, let's ++ # copy them into the image if they don't exist there. ++ local portable_dir="${initdir:?}${ROOTLIBDIR:?}/portable" ++ if [[ ! -d "$portable_dir/profile/strict" ]]; then ++ dinfo "Couldn't find portable profiles in the test image" ++ dinfo "Copying them directly from the source tree" ++ mkdir -p "$portable_dir" ++ cp -frv "${SOURCE_DIR:?}/src/portable/profile" "$portable_dir" ++ fi + } + + get_ldpath() { diff --git a/SOURCES/0024-test-introduce-get_cgroup_hierarchy-helper.patch b/SOURCES/0024-test-introduce-get_cgroup_hierarchy-helper.patch new file mode 100644 index 0000000..b9734d3 --- /dev/null +++ b/SOURCES/0024-test-introduce-get_cgroup_hierarchy-helper.patch @@ -0,0 +1,43 @@ +From 16908e1ec833d857cb418712c382c6f604426b36 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Tue, 1 Feb 2022 20:18:29 +0100 +Subject: [PATCH] test: introduce `get_cgroup_hierarchy() helper + +which returns the host's cgroup hierarchy (unified, hybrid, or legacy). + +(cherry picked from commit f723740871bd3eb89d16a526a1ff77c04bb3787a) + +Related: #2047768 +--- + test/test-functions | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/test/test-functions b/test/test-functions +index 35d8f074a9..4827b6bedf 100644 +--- a/test/test-functions ++++ b/test/test-functions +@@ -1996,6 +1996,24 @@ import_initdir() { + export initdir + } + ++get_cgroup_hierarchy() { ++ case "$(stat -c '%T' -f /sys/fs/cgroup)" in ++ cgroup2fs) ++ echo "unified" ++ ;; ++ tmpfs) ++ if [[ -d /sys/fs/cgroup/unified && "$(stat -c '%T' -f /sys/fs/cgroup/unified)" == cgroup2fs ]]; then ++ echo "hybrid" ++ else ++ echo "legacy" ++ fi ++ ;; ++ *) ++ dfatal "Failed to determine host's cgroup hierarchy" ++ exit 1 ++ esac ++} ++ + ## @brief Converts numeric logging level to the first letter of level name. + # + # @param lvl Numeric logging level in range from 1 to 6. diff --git a/SOURCES/0025-test-require-unified-cgroup-hierarchy-for-TEST-56.patch b/SOURCES/0025-test-require-unified-cgroup-hierarchy-for-TEST-56.patch new file mode 100644 index 0000000..1bf03cd --- /dev/null +++ b/SOURCES/0025-test-require-unified-cgroup-hierarchy-for-TEST-56.patch @@ -0,0 +1,30 @@ +From 523e72e97d7c945114b54b726eaab0d379fb35fb Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Tue, 1 Feb 2022 20:25:00 +0100 +Subject: [PATCH] test: require unified cgroup hierarchy for TEST-56 + +since cgroup empty notifications are unreliable in legacy cgroups. + +See: systemd/systemd#22320 +Complements: systemd/systemd#22344 +(cherry picked from commit e2620820188428de7086f5e8ac41305177f70954) + +Related: #2047768 +--- + test/TEST-56-EXIT-TYPE/test.sh | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/test/TEST-56-EXIT-TYPE/test.sh b/test/TEST-56-EXIT-TYPE/test.sh +index 0f84dca1ba..37475e817e 100755 +--- a/test/TEST-56-EXIT-TYPE/test.sh ++++ b/test/TEST-56-EXIT-TYPE/test.sh +@@ -6,4 +6,9 @@ TEST_DESCRIPTION="test ExitType=cgroup" + # shellcheck source=test/test-functions + . "${TEST_BASE_DIR:?}/test-functions" + ++if [[ "$(get_cgroup_hierarchy)" != unified ]]; then ++ echo "This test requires unified cgroup hierarchy, skipping..." ++ exit 0 ++fi ++ + do_test "$@" diff --git a/SOURCES/0026-tests-rework-test-macros-to-not-take-code-as-paramet.patch b/SOURCES/0026-tests-rework-test-macros-to-not-take-code-as-paramet.patch new file mode 100644 index 0000000..b04e74a --- /dev/null +++ b/SOURCES/0026-tests-rework-test-macros-to-not-take-code-as-paramet.patch @@ -0,0 +1,671 @@ +From 845417e653b42b8f3928c68955bd6416f2fa4509 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 1 Feb 2022 12:06:59 +0100 +Subject: [PATCH] tests: rework test macros to not take code as parameters + +C macros are nasty. We use them, but we try to be conservative with +them. In particular passing literal, complex code blocks as argument is +icky, because of "," handling of C, and also because it's quite a +challange for most code highlighters and similar. Hence, let's avoid +that. Using macros for genreating functions is OK but if so, the +parameters should be simple words, not full code blocks. + +hence, rework DEFINE_CUSTOM_TEST_MAIN() to take a function name instead +of code block as argument. + +As side-effect this also fixes a bunch of cases where we might end up +returning a negative value from main(). + +Some uses of DEFINE_CUSTOM_TEST_MAIN() inserted local variables into the +main() functions, these are replaced by static variables, and their +destructors by the static destructor logic. + +This doesn't fix any bugs or so, it's just supposed to make the code +easier to work with and improve it easthetically. + +Or in other words: let's use macros where it really makes sense, but +let's not go overboard with it. + +(And yes, FOREACH_DIRENT() is another one of those macros that take +code, and I dislike that too and regret I ever added that.) + +(cherry picked from commit 99839c7ebd4b83a5b0d5982d669cfe10d1252e1f) + +Related: #2017035 +--- + src/shared/tests.h | 25 +++++++++++++----- + src/test/test-barrier.c | 46 +++++++++++++++++---------------- + src/test/test-cgroup-setup.c | 15 ++++++----- + src/test/test-chown-rec.c | 15 ++++++----- + src/test/test-format-table.c | 14 +++++----- + src/test/test-fs-util.c | 7 ++++- + src/test/test-hashmap.c | 16 +++++++++--- + src/test/test-install-root.c | 14 +++++++--- + src/test/test-load-fragment.c | 21 ++++++++------- + src/test/test-mountpoint-util.c | 30 +++++++++++---------- + src/test/test-namespace.c | 15 ++++++----- + src/test/test-proc-cmdline.c | 15 ++++++----- + src/test/test-process-util.c | 7 ++++- + src/test/test-sd-hwdb.c | 21 ++++++++------- + src/test/test-serialize.c | 16 ++++++------ + src/test/test-sleep.c | 15 ++++++----- + src/test/test-stat-util.c | 7 ++++- + src/test/test-time-util.c | 6 +++-- + src/test/test-unit-file.c | 7 ++++- + src/test/test-unit-name.c | 21 ++++++++------- + src/test/test-unit-serialize.c | 21 ++++++++------- + src/test/test-utf8.c | 7 ++++- + 22 files changed, 215 insertions(+), 146 deletions(-) + +diff --git a/src/shared/tests.h b/src/shared/tests.h +index 3b93aab498..59448f38f6 100644 +--- a/src/shared/tests.h ++++ b/src/shared/tests.h +@@ -6,6 +6,7 @@ + #include "sd-daemon.h" + + #include "macro.h" ++#include "static-destruct.h" + #include "util.h" + + static inline bool manager_errno_skip_test(int r) { +@@ -109,15 +110,27 @@ static inline int run_test_table(void) { + return r; + } + ++static inline int test_nop(void) { ++ return EXIT_SUCCESS; ++} ++ + #define DEFINE_CUSTOM_TEST_MAIN(log_level, intro, outro) \ + int main(int argc, char *argv[]) { \ +- int _r = EXIT_SUCCESS; \ ++ int _r, _q; \ + test_setup_logging(log_level); \ + save_argc_argv(argc, argv); \ +- intro; \ +- _r = run_test_table(); \ +- outro; \ +- return _r; \ ++ _r = intro(); \ ++ if (_r == EXIT_SUCCESS) \ ++ _r = run_test_table(); \ ++ _q = outro(); \ ++ static_destruct(); \ ++ if (_r < 0) \ ++ return EXIT_FAILURE; \ ++ if (_r != EXIT_SUCCESS) \ ++ return _r; \ ++ if (_q < 0) \ ++ return EXIT_FAILURE; \ ++ return _q; \ + } + +-#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, , ) ++#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, test_nop, test_nop) +diff --git a/src/test/test-barrier.c b/src/test/test-barrier.c +index 8998282afb..b87538806a 100644 +--- a/src/test/test-barrier.c ++++ b/src/test/test-barrier.c +@@ -421,25 +421,27 @@ TEST_BARRIER(barrier_pending_exit, + }), + TEST_BARRIER_WAIT_SUCCESS(pid2)); + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_INFO, +- ({ +- if (!slow_tests_enabled()) +- return log_tests_skipped("slow tests are disabled"); +- +- /* +- * This test uses real-time alarms and sleeps to test for CPU races +- * explicitly. This is highly fragile if your system is under load. We +- * already increased the BASE_TIME value to make the tests more robust, +- * but that just makes the test take significantly longer. Given the recent +- * issues when running the test in a virtualized environments, limit it +- * to bare metal machines only, to minimize false-positives in CIs. +- */ +- int v = detect_virtualization(); +- if (IN_SET(v, -EPERM, -EACCES)) +- return log_tests_skipped("Cannot detect virtualization"); +- +- if (v != VIRTUALIZATION_NONE) +- return log_tests_skipped("This test requires a baremetal machine"); +- }), +- /* no outro */); ++ ++static int intro(void) { ++ if (!slow_tests_enabled()) ++ return log_tests_skipped("slow tests are disabled"); ++ ++ /* ++ * This test uses real-time alarms and sleeps to test for CPU races explicitly. This is highly ++ * fragile if your system is under load. We already increased the BASE_TIME value to make the tests ++ * more robust, but that just makes the test take significantly longer. Given the recent issues when ++ * running the test in a virtualized environments, limit it to bare metal machines only, to minimize ++ * false-positives in CIs. ++ */ ++ ++ int v = detect_virtualization(); ++ if (IN_SET(v, -EPERM, -EACCES)) ++ return log_tests_skipped("Cannot detect virtualization"); ++ ++ if (v != VIRTUALIZATION_NONE) ++ return log_tests_skipped("This test requires a baremetal machine"); ++ ++ return EXIT_SUCCESS; ++ } ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-cgroup-setup.c b/src/test/test-cgroup-setup.c +index 018992f96d..6f93647685 100644 +--- a/src/test/test-cgroup-setup.c ++++ b/src/test/test-cgroup-setup.c +@@ -64,10 +64,11 @@ TEST(is_wanted) { + test_is_wanted_print_one(false); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_DEBUG, +- ({ +- if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno)) +- return log_tests_skipped("can't read /proc/cmdline"); +- }), +- /* no outro */); ++static int intro(void) { ++ if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno)) ++ return log_tests_skipped("can't read /proc/cmdline"); ++ ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); +diff --git a/src/test/test-chown-rec.c b/src/test/test-chown-rec.c +index 53d44566d5..691cfe767f 100644 +--- a/src/test/test-chown-rec.c ++++ b/src/test/test-chown-rec.c +@@ -149,10 +149,11 @@ TEST(chown_recursive) { + assert_se(!has_xattr(p)); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_DEBUG, +- ({ +- if (geteuid() != 0) +- return log_tests_skipped("not running as root"); +- }), +- /* no outro */); ++static int intro(void) { ++ if (geteuid() != 0) ++ return log_tests_skipped("not running as root"); ++ ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); +diff --git a/src/test/test-format-table.c b/src/test/test-format-table.c +index a3b29ca337..7515a74c12 100644 +--- a/src/test/test-format-table.c ++++ b/src/test/test-format-table.c +@@ -529,10 +529,10 @@ TEST(table) { + "5min 5min \n")); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_INFO, +- ({ +- assert_se(setenv("SYSTEMD_COLORS", "0", 1) >= 0); +- assert_se(setenv("COLUMNS", "40", 1) >= 0); +- }), +- /* no outro */); ++static int intro(void) { ++ assert_se(setenv("SYSTEMD_COLORS", "0", 1) >= 0); ++ assert_se(setenv("COLUMNS", "40", 1) >= 0); ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c +index 0e0d91d04e..da5a16b4bc 100644 +--- a/src/test/test-fs-util.c ++++ b/src/test/test-fs-util.c +@@ -968,4 +968,9 @@ TEST(open_mkdir_at) { + assert_se(subsubdir_fd >= 0); + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, arg_test_dir = argv[1], /* no outro */); ++static int intro(void) { ++ arg_test_dir = saved_argv[1]; ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-hashmap.c b/src/test/test-hashmap.c +index cba0c33a8a..4dc155d818 100644 +--- a/src/test/test-hashmap.c ++++ b/src/test/test-hashmap.c +@@ -158,7 +158,15 @@ TEST(hashmap_put_strdup_null) { + /* This variable allows us to assert that the tests from different compilation units were actually run. */ + int n_extern_tests_run = 0; + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_INFO, +- assert_se(n_extern_tests_run == 0), +- assert_se(n_extern_tests_run == 2)); /* Ensure hashmap and ordered_hashmap were tested. */ ++static int intro(void) { ++ assert_se(n_extern_tests_run == 0); ++ return EXIT_SUCCESS; ++} ++ ++static int outro(void) { ++ /* Ensure hashmap and ordered_hashmap were tested. */ ++ assert_se(n_extern_tests_run == 2); ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, outro); +diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c +index ba715e6d7e..f540a832bd 100644 +--- a/src/test/test-install-root.c ++++ b/src/test/test-install-root.c +@@ -11,8 +11,11 @@ + #include "special.h" + #include "string-util.h" + #include "tests.h" ++#include "tmpfile-util.h" + +-static char root[] = "/tmp/rootXXXXXX"; ++static char *root = NULL; ++ ++STATIC_DESTRUCTOR_REGISTER(root, rm_rf_physical_and_freep); + + TEST(basic_mask_and_enable) { + const char *p; +@@ -1239,10 +1242,10 @@ TEST(verify_alias) { + verify_one(&di_inst_template, "goo.target.conf/plain.service", -EXDEV, NULL); + } + +-static void setup_root(void) { ++static int intro(void) { + const char *p; + +- assert_se(mkdtemp(root)); ++ assert_se(mkdtemp_malloc("/tmp/rootXXXXXX", &root) >= 0); + + p = strjoina(root, "/usr/lib/systemd/system/"); + assert_se(mkdir_p(p, 0755) >= 0); +@@ -1264,6 +1267,9 @@ static void setup_root(void) { + + p = strjoina(root, "/usr/lib/systemd/system/graphical.target"); + assert_se(write_string_file(p, "# pretty much empty", WRITE_STRING_FILE_CREATE) >= 0); ++ ++ return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, setup_root(), assert_se(rm_rf(root, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0)); ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-load-fragment.c b/src/test/test-load-fragment.c +index e878979a89..2e105df56a 100644 +--- a/src/test/test-load-fragment.c ++++ b/src/test/test-load-fragment.c +@@ -30,6 +30,10 @@ + /* Nontrivial value serves as a placeholder to check that parsing function (didn't) change it */ + #define CGROUP_LIMIT_DUMMY 3 + ++static char *runtime_dir = NULL; ++ ++STATIC_DESTRUCTOR_REGISTER(runtime_dir, rm_rf_physical_and_freep); ++ + TEST_RET(unit_file_get_set) { + int r; + Hashmap *h; +@@ -894,15 +898,12 @@ TEST(unit_is_recursive_template_dependency) { + assert_se(unit_is_likely_recursive_template_dependency(u, "foobar@foobar@123.mount", "foobar@%n.mount") == 0); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_INFO, ++static int intro(void) { ++ if (enter_cgroup_subroot(NULL) == -ENOMEDIUM) ++ return log_tests_skipped("cgroupfs not available"); + +- _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL; +- ({ +- if (enter_cgroup_subroot(NULL) == -ENOMEDIUM) +- return log_tests_skipped("cgroupfs not available"); +- +- assert_se(runtime_dir = setup_fake_runtime_dir()); +- }), ++ assert_se(runtime_dir = setup_fake_runtime_dir()); ++ return EXIT_SUCCESS; ++} + +- /* no outro */); ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c +index 9515d8cf7b..102d2850bf 100644 +--- a/src/test/test-mountpoint-util.c ++++ b/src/test/test-mountpoint-util.c +@@ -298,17 +298,19 @@ TEST(fd_is_mount_point) { + assert_se(IN_SET(fd_is_mount_point(fd, "root/", 0), -ENOENT, 0)); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_DEBUG, +- ({ +- /* let's move into our own mount namespace with all propagation from the host turned off, so +- * that /proc/self/mountinfo is static and constant for the whole time our test runs. */ +- if (unshare(CLONE_NEWNS) < 0) { +- if (!ERRNO_IS_PRIVILEGE(errno)) +- return log_error_errno(errno, "Failed to detach mount namespace: %m"); +- +- log_notice("Lacking privilege to create separate mount namespace, proceeding in originating mount namespace."); +- } else +- assert_se(mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL) >= 0); +- }), +- /* no outro */); ++static int intro(void) { ++ /* let's move into our own mount namespace with all propagation from the host turned off, so ++ * that /proc/self/mountinfo is static and constant for the whole time our test runs. */ ++ ++ if (unshare(CLONE_NEWNS) < 0) { ++ if (!ERRNO_IS_PRIVILEGE(errno)) ++ return log_error_errno(errno, "Failed to detach mount namespace: %m"); ++ ++ log_notice("Lacking privilege to create separate mount namespace, proceeding in originating mount namespace."); ++ } else ++ assert_se(mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL) >= 0); ++ ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); +diff --git a/src/test/test-namespace.c b/src/test/test-namespace.c +index 8df5533d6e..f9e34f3bfa 100644 +--- a/src/test/test-namespace.c ++++ b/src/test/test-namespace.c +@@ -220,10 +220,11 @@ TEST(protect_kernel_logs) { + assert_se(wait_for_terminate_and_check("ns-kernellogs", pid, WAIT_LOG) == EXIT_SUCCESS); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_INFO, +- ({ +- if (!have_namespaces()) +- return log_tests_skipped("Don't have namespace support"); +- }), +- /* no outro */); ++static int intro(void) { ++ if (!have_namespaces()) ++ return log_tests_skipped("Don't have namespace support"); ++ ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-proc-cmdline.c b/src/test/test-proc-cmdline.c +index 1c8c9b80b7..064b4d838f 100644 +--- a/src/test/test-proc-cmdline.c ++++ b/src/test/test-proc-cmdline.c +@@ -247,10 +247,11 @@ TEST(proc_cmdline_key_startswith) { + assert_se(!proc_cmdline_key_startswith("foo-bar", "foo_xx")); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_INFO, +- ({ +- if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno)) +- return log_tests_skipped("can't read /proc/cmdline"); +- }), +- /* no outro */); ++static int intro(void) { ++ if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno)) ++ return log_tests_skipped("can't read /proc/cmdline"); ++ ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c +index 06a640b1cc..8661934929 100644 +--- a/src/test/test-process-util.c ++++ b/src/test/test-process-util.c +@@ -895,4 +895,9 @@ TEST(set_oom_score_adjust) { + assert_se(b == a); + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, log_show_color(true), /* no outro */); ++static int intro(void) { ++ log_show_color(true); ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-sd-hwdb.c b/src/test/test-sd-hwdb.c +index 7961c17c4a..88992a6c2b 100644 +--- a/src/test/test-sd-hwdb.c ++++ b/src/test/test-sd-hwdb.c +@@ -52,12 +52,15 @@ TEST(basic_enumerate) { + assert_se(len1 == len2); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_DEBUG, +- ({ +- _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL; +- int r = sd_hwdb_new(&hwdb); +- if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r)) +- return log_tests_skipped_errno(r, "cannot open hwdb"); +- }), +- /* no outro */); ++static int intro(void) { ++ _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL; ++ int r; ++ ++ r = sd_hwdb_new(&hwdb); ++ if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r)) ++ return log_tests_skipped_errno(r, "cannot open hwdb"); ++ ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); +diff --git a/src/test/test-serialize.c b/src/test/test-serialize.c +index fb04b3e7fa..9aeb6c5920 100644 +--- a/src/test/test-serialize.c ++++ b/src/test/test-serialize.c +@@ -10,7 +10,7 @@ + #include "tests.h" + #include "tmpfile-util.h" + +-char long_string[LONG_LINE_MAX+1]; ++static char long_string[LONG_LINE_MAX+1]; + + TEST(serialize_item) { + _cleanup_(unlink_tempfilep) char fn[] = "/tmp/test-serialize.XXXXXX"; +@@ -189,10 +189,10 @@ TEST(serialize_environment) { + assert_se(strv_equal(env, env2)); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_INFO, +- ({ +- memset(long_string, 'x', sizeof(long_string)-1); +- char_array_0(long_string); +- }), +- /* no outro */); ++static int intro(void) { ++ memset(long_string, 'x', sizeof(long_string)-1); ++ char_array_0(long_string); ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-sleep.c b/src/test/test-sleep.c +index 183ad4f7b7..f56e7e0167 100644 +--- a/src/test/test-sleep.c ++++ b/src/test/test-sleep.c +@@ -118,10 +118,11 @@ TEST(sleep) { + log_info("Suspend-then-Hibernate configured and possible: %s", r >= 0 ? yes_no(r) : strerror_safe(r)); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_DEBUG, +- ({ +- if (getuid() != 0) +- log_warning("This program is unlikely to work for unprivileged users"); +- }), +- /* no outro */); ++static int intro(void) { ++ if (getuid() != 0) ++ log_warning("This program is unlikely to work for unprivileged users"); ++ ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); +diff --git a/src/test/test-stat-util.c b/src/test/test-stat-util.c +index 0f7b3ca3ce..2965ee679f 100644 +--- a/src/test/test-stat-util.c ++++ b/src/test/test-stat-util.c +@@ -236,4 +236,9 @@ TEST(dir_is_empty) { + assert_se(dir_is_empty_at(AT_FDCWD, empty_dir) > 0); + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, log_show_color(true), /* no outro */); ++static int intro(void) { ++ log_show_color(true); ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c +index 4d0131827e..f21d8b7794 100644 +--- a/src/test/test-time-util.c ++++ b/src/test/test-time-util.c +@@ -588,7 +588,7 @@ TEST(map_clock_usec) { + } + } + +-static void setup_test(void) { ++static int intro(void) { + log_info("realtime=" USEC_FMT "\n" + "monotonic=" USEC_FMT "\n" + "boottime=" USEC_FMT "\n", +@@ -603,6 +603,8 @@ static void setup_test(void) { + uintmax_t x = TIME_T_MAX; + x++; + assert_se((time_t) x < 0); ++ ++ return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, setup_test(), /* no outro */); ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c +index 0f8c25c218..6c9f245c7e 100644 +--- a/src/test/test-unit-file.c ++++ b/src/test/test-unit-file.c +@@ -102,4 +102,9 @@ TEST(runlevel_to_target) { + assert_se(streq_ptr(runlevel_to_target("rd.rescue"), SPECIAL_RESCUE_TARGET)); + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, log_show_color(true), /* no outro */); ++static int intro(void) { ++ log_show_color(true); ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); +diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c +index 6bde9e090d..1f65407e5f 100644 +--- a/src/test/test-unit-name.c ++++ b/src/test/test-unit-name.c +@@ -23,6 +23,10 @@ + #include "user-util.h" + #include "util.h" + ++static char *runtime_dir = NULL; ++ ++STATIC_DESTRUCTOR_REGISTER(runtime_dir, rm_rf_physical_and_freep); ++ + static void test_unit_name_is_valid_one(const char *name, UnitNameFlags flags, bool expected) { + log_info("%s ( %s%s%s ): %s", + name, +@@ -844,15 +848,12 @@ TEST(unit_name_prefix_equal) { + assert_se(!unit_name_prefix_equal("a", "a")); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_INFO, ++static int intro(void) { ++ if (enter_cgroup_subroot(NULL) == -ENOMEDIUM) ++ return log_tests_skipped("cgroupfs not available"); + +- _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL; +- ({ +- if (enter_cgroup_subroot(NULL) == -ENOMEDIUM) +- return log_tests_skipped("cgroupfs not available"); +- +- assert_se(runtime_dir = setup_fake_runtime_dir()); +- }), ++ assert_se(runtime_dir = setup_fake_runtime_dir()); ++ return EXIT_SUCCESS; ++} + +- /* no outro */); ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); +diff --git a/src/test/test-unit-serialize.c b/src/test/test-unit-serialize.c +index 899fdc000c..5d39176db2 100644 +--- a/src/test/test-unit-serialize.c ++++ b/src/test/test-unit-serialize.c +@@ -4,6 +4,10 @@ + #include "service.h" + #include "tests.h" + ++static char *runtime_dir = NULL; ++ ++STATIC_DESTRUCTOR_REGISTER(runtime_dir, rm_rf_physical_and_freep); ++ + #define EXEC_START_ABSOLUTE \ + "ExecStart 0 /bin/sh \"sh\" \"-e\" \"-x\" \"-c\" \"systemctl --state=failed --no-legend --no-pager >/failed ; systemctl daemon-reload ; echo OK >/testok\"" + #define EXEC_START_RELATIVE \ +@@ -48,15 +52,12 @@ TEST(deserialize_exec_command) { + test_deserialize_exec_command_one(m, "control-command", "ExecWhat 11 /a/b c d e", -EINVAL); + } + +-DEFINE_CUSTOM_TEST_MAIN( +- LOG_DEBUG, ++static int intro(void) { ++ if (enter_cgroup_subroot(NULL) == -ENOMEDIUM) ++ return log_tests_skipped("cgroupfs not available"); + +- _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL; +- ({ +- if (enter_cgroup_subroot(NULL) == -ENOMEDIUM) +- return log_tests_skipped("cgroupfs not available"); +- +- assert_se(runtime_dir = setup_fake_runtime_dir()); +- }), ++ assert_se(runtime_dir = setup_fake_runtime_dir()); ++ return EXIT_SUCCESS; ++} + +- /* no outro */); ++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); +diff --git a/src/test/test-utf8.c b/src/test/test-utf8.c +index a21fcd6fd2..1b31d1f852 100644 +--- a/src/test/test-utf8.c ++++ b/src/test/test-utf8.c +@@ -231,4 +231,9 @@ TEST(utf8_to_utf16) { + } + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, log_show_color(true), /* no outro */); ++static int intro(void) { ++ log_show_color(true); ++ return EXIT_SUCCESS; ++} ++ ++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); diff --git a/SOURCES/0027-test-allow-to-set-NULL-to-intro-or-outro.patch b/SOURCES/0027-test-allow-to-set-NULL-to-intro-or-outro.patch new file mode 100644 index 0000000..d57eb07 --- /dev/null +++ b/SOURCES/0027-test-allow-to-set-NULL-to-intro-or-outro.patch @@ -0,0 +1,300 @@ +From 0be677fb6663ab6bfd02eae6ad32e7f031cfde0f Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 2 Feb 2022 11:06:41 +0900 +Subject: [PATCH] test: allow to set NULL to intro or outro + +Addresses https://github.com/systemd/systemd/pull/22338#discussion_r796741033. + +(cherry picked from commit e85fdacc8ad7d91f140a135aaa3fd5372d3fa47c) + +Related: #2017035 +--- + src/shared/tests.h | 45 +++++++++++++++++---------------- + src/test/test-barrier.c | 2 +- + src/test/test-cgroup-setup.c | 2 +- + src/test/test-chown-rec.c | 2 +- + src/test/test-format-table.c | 2 +- + src/test/test-fs-util.c | 2 +- + src/test/test-hashmap.c | 2 +- + src/test/test-install-root.c | 2 +- + src/test/test-load-fragment.c | 2 +- + src/test/test-mountpoint-util.c | 2 +- + src/test/test-namespace.c | 2 +- + src/test/test-proc-cmdline.c | 2 +- + src/test/test-process-util.c | 2 +- + src/test/test-sd-hwdb.c | 2 +- + src/test/test-serialize.c | 2 +- + src/test/test-sleep.c | 2 +- + src/test/test-stat-util.c | 2 +- + src/test/test-time-util.c | 2 +- + src/test/test-unit-file.c | 2 +- + src/test/test-unit-name.c | 2 +- + src/test/test-unit-serialize.c | 2 +- + src/test/test-utf8.c | 2 +- + 22 files changed, 44 insertions(+), 43 deletions(-) + +diff --git a/src/shared/tests.h b/src/shared/tests.h +index 59448f38f6..ef6acd368e 100644 +--- a/src/shared/tests.h ++++ b/src/shared/tests.h +@@ -110,27 +110,28 @@ static inline int run_test_table(void) { + return r; + } + +-static inline int test_nop(void) { +- return EXIT_SUCCESS; +-} +- +-#define DEFINE_CUSTOM_TEST_MAIN(log_level, intro, outro) \ +- int main(int argc, char *argv[]) { \ +- int _r, _q; \ +- test_setup_logging(log_level); \ +- save_argc_argv(argc, argv); \ +- _r = intro(); \ +- if (_r == EXIT_SUCCESS) \ +- _r = run_test_table(); \ +- _q = outro(); \ +- static_destruct(); \ +- if (_r < 0) \ +- return EXIT_FAILURE; \ +- if (_r != EXIT_SUCCESS) \ +- return _r; \ +- if (_q < 0) \ +- return EXIT_FAILURE; \ +- return _q; \ ++#define DEFINE_TEST_MAIN_FULL(log_level, intro, outro) \ ++ int main(int argc, char *argv[]) { \ ++ int (*_intro)(void) = intro; \ ++ int (*_outro)(void) = outro; \ ++ int _r, _q; \ ++ test_setup_logging(log_level); \ ++ save_argc_argv(argc, argv); \ ++ _r = _intro ? _intro() : EXIT_SUCCESS; \ ++ if (_r == EXIT_SUCCESS) \ ++ _r = run_test_table(); \ ++ _q = _outro ? _outro() : EXIT_SUCCESS; \ ++ static_destruct(); \ ++ if (_r < 0) \ ++ return EXIT_FAILURE; \ ++ if (_r != EXIT_SUCCESS) \ ++ return _r; \ ++ if (_q < 0) \ ++ return EXIT_FAILURE; \ ++ return _q; \ + } + +-#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, test_nop, test_nop) ++#define DEFINE_TEST_MAIN_WITH_INTRO(log_level, intro) \ ++ DEFINE_TEST_MAIN_FULL(log_level, intro, NULL) ++#define DEFINE_TEST_MAIN(log_level) \ ++ DEFINE_TEST_MAIN_FULL(log_level, NULL, NULL) +diff --git a/src/test/test-barrier.c b/src/test/test-barrier.c +index b87538806a..bbd7e2bddb 100644 +--- a/src/test/test-barrier.c ++++ b/src/test/test-barrier.c +@@ -444,4 +444,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-cgroup-setup.c b/src/test/test-cgroup-setup.c +index 6f93647685..c377ff0a00 100644 +--- a/src/test/test-cgroup-setup.c ++++ b/src/test/test-cgroup-setup.c +@@ -71,4 +71,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro); +diff --git a/src/test/test-chown-rec.c b/src/test/test-chown-rec.c +index 691cfe767f..97711f58b0 100644 +--- a/src/test/test-chown-rec.c ++++ b/src/test/test-chown-rec.c +@@ -156,4 +156,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro); +diff --git a/src/test/test-format-table.c b/src/test/test-format-table.c +index 7515a74c12..1b4963d928 100644 +--- a/src/test/test-format-table.c ++++ b/src/test/test-format-table.c +@@ -535,4 +535,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c +index da5a16b4bc..602ce75f98 100644 +--- a/src/test/test-fs-util.c ++++ b/src/test/test-fs-util.c +@@ -973,4 +973,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-hashmap.c b/src/test/test-hashmap.c +index 4dc155d818..dbf762cc0b 100644 +--- a/src/test/test-hashmap.c ++++ b/src/test/test-hashmap.c +@@ -169,4 +169,4 @@ static int outro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, outro); ++DEFINE_TEST_MAIN_FULL(LOG_INFO, intro, outro); +diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c +index f540a832bd..f718689c3a 100644 +--- a/src/test/test-install-root.c ++++ b/src/test/test-install-root.c +@@ -1272,4 +1272,4 @@ static int intro(void) { + } + + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-load-fragment.c b/src/test/test-load-fragment.c +index 2e105df56a..1bd68c7e0a 100644 +--- a/src/test/test-load-fragment.c ++++ b/src/test/test-load-fragment.c +@@ -906,4 +906,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c +index 102d2850bf..4d140c42b6 100644 +--- a/src/test/test-mountpoint-util.c ++++ b/src/test/test-mountpoint-util.c +@@ -313,4 +313,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro); +diff --git a/src/test/test-namespace.c b/src/test/test-namespace.c +index f9e34f3bfa..7a634adca9 100644 +--- a/src/test/test-namespace.c ++++ b/src/test/test-namespace.c +@@ -227,4 +227,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-proc-cmdline.c b/src/test/test-proc-cmdline.c +index 064b4d838f..1f43bb3eb0 100644 +--- a/src/test/test-proc-cmdline.c ++++ b/src/test/test-proc-cmdline.c +@@ -254,4 +254,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c +index 8661934929..7a8adad50c 100644 +--- a/src/test/test-process-util.c ++++ b/src/test/test-process-util.c +@@ -900,4 +900,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-sd-hwdb.c b/src/test/test-sd-hwdb.c +index 88992a6c2b..4251e2a809 100644 +--- a/src/test/test-sd-hwdb.c ++++ b/src/test/test-sd-hwdb.c +@@ -63,4 +63,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro); +diff --git a/src/test/test-serialize.c b/src/test/test-serialize.c +index 9aeb6c5920..bcf2e843b0 100644 +--- a/src/test/test-serialize.c ++++ b/src/test/test-serialize.c +@@ -195,4 +195,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-sleep.c b/src/test/test-sleep.c +index f56e7e0167..5aebcdd935 100644 +--- a/src/test/test-sleep.c ++++ b/src/test/test-sleep.c +@@ -125,4 +125,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro); +diff --git a/src/test/test-stat-util.c b/src/test/test-stat-util.c +index 2965ee679f..7f633ab259 100644 +--- a/src/test/test-stat-util.c ++++ b/src/test/test-stat-util.c +@@ -241,4 +241,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c +index f21d8b7794..554693834b 100644 +--- a/src/test/test-time-util.c ++++ b/src/test/test-time-util.c +@@ -607,4 +607,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c +index 6c9f245c7e..cc08a4ae4b 100644 +--- a/src/test/test-unit-file.c ++++ b/src/test/test-unit-file.c +@@ -107,4 +107,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro); +diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c +index 1f65407e5f..8cd0e0b4a1 100644 +--- a/src/test/test-unit-name.c ++++ b/src/test/test-unit-name.c +@@ -856,4 +856,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +diff --git a/src/test/test-unit-serialize.c b/src/test/test-unit-serialize.c +index 5d39176db2..3ef15f3b1e 100644 +--- a/src/test/test-unit-serialize.c ++++ b/src/test/test-unit-serialize.c +@@ -60,4 +60,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro); +diff --git a/src/test/test-utf8.c b/src/test/test-utf8.c +index 1b31d1f852..7337b81227 100644 +--- a/src/test/test-utf8.c ++++ b/src/test/test-utf8.c +@@ -236,4 +236,4 @@ static int intro(void) { + return EXIT_SUCCESS; + } + +-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop); ++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); diff --git a/SOURCES/0028-udev-net-setup-link-change-the-default-MACAddressPol.patch b/SOURCES/0028-udev-net-setup-link-change-the-default-MACAddressPol.patch new file mode 100644 index 0000000..e7f152a --- /dev/null +++ b/SOURCES/0028-udev-net-setup-link-change-the-default-MACAddressPol.patch @@ -0,0 +1,53 @@ +From f00cbfd1cf67f28a92863c74ef64a1aedfacabc6 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Tue, 21 Sep 2021 15:01:19 +0200 +Subject: [PATCH] udev/net-setup-link: change the default MACAddressPolicy to + "none" + +While stable MAC address for interface types that don't have the +address provided by HW could be useful it also breaks LACP based bonds. +Let's err on the side of caution and don't change the MAC address from +udev. + +RHEL-only + +Resolves: #2009237 +--- + man/systemd.link.xml | 2 +- + network/99-default.link | 2 +- + test/fuzz/fuzz-link-parser/99-default.link | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/man/systemd.link.xml b/man/systemd.link.xml +index 45cabbccf7..0033e4c28f 100644 +--- a/man/systemd.link.xml ++++ b/man/systemd.link.xml +@@ -961,7 +961,7 @@ + + [Link] + NamePolicy=kernel database onboard slot path +-MACAddressPolicy=persistent ++MACAddressPolicy=none + + + +diff --git a/network/99-default.link b/network/99-default.link +index bca660ac28..31aee37e75 100644 +--- a/network/99-default.link ++++ b/network/99-default.link +@@ -13,4 +13,4 @@ OriginalName=* + [Link] + NamePolicy=keep kernel database onboard slot path + AlternativeNamesPolicy=database onboard slot path +-MACAddressPolicy=persistent ++MACAddressPolicy=none +diff --git a/test/fuzz/fuzz-link-parser/99-default.link b/test/fuzz/fuzz-link-parser/99-default.link +index feb5b1fbb0..3d755898b4 100644 +--- a/test/fuzz/fuzz-link-parser/99-default.link ++++ b/test/fuzz/fuzz-link-parser/99-default.link +@@ -9,4 +9,4 @@ + + [Link] + NamePolicy=keep kernel database onboard slot path +-MACAddressPolicy=persistent ++MACAddressPolicy=none diff --git a/SOURCES/0029-man-mention-System-Administrator-s-Guide-in-systemct.patch b/SOURCES/0029-man-mention-System-Administrator-s-Guide-in-systemct.patch new file mode 100644 index 0000000..df32d47 --- /dev/null +++ b/SOURCES/0029-man-mention-System-Administrator-s-Guide-in-systemct.patch @@ -0,0 +1,35 @@ +From 17a3bad51a7efefd6dc63249c49ddaabda6cbd19 Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn +Date: Thu, 28 Aug 2014 15:12:10 +0200 +Subject: [PATCH] man: mention System Administrator's Guide in systemctl + manpage + +RHEL-only + +Resolves: #1982596 +--- + man/systemctl.xml | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/man/systemctl.xml b/man/systemctl.xml +index 1c14909523..3b3d709ab3 100644 +--- a/man/systemctl.xml ++++ b/man/systemctl.xml +@@ -2455,6 +2455,17 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err + + + ++ ++ Examples ++ ++ For examples how to use systemctl in comparsion ++ with old service and chkconfig command please see: ++ ++ Managing System Services ++ ++ ++ ++ + + See Also + diff --git a/SOURCES/0030-Net-naming-scheme-for-RHEL-9.0.patch b/SOURCES/0030-Net-naming-scheme-for-RHEL-9.0.patch new file mode 100644 index 0000000..793a4ee --- /dev/null +++ b/SOURCES/0030-Net-naming-scheme-for-RHEL-9.0.patch @@ -0,0 +1,56 @@ +From 464a8fc4e0b218793105431cc71bf98b0dc97fb5 Mon Sep 17 00:00:00 2001 +From: Jacek Migacz +Date: Thu, 3 Feb 2022 23:46:09 +0100 +Subject: [PATCH] Net naming scheme for RHEL-9.0 + +RHEL-only + +Resolves: #2052106 +--- + man/systemd.net-naming-scheme.xml | 7 +++++++ + src/shared/netif-naming-scheme.c | 1 + + src/shared/netif-naming-scheme.h | 1 + + 3 files changed, 9 insertions(+) + +diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml +index 41408411fc..942ef572ff 100644 +--- a/man/systemd.net-naming-scheme.xml ++++ b/man/systemd.net-naming-scheme.xml +@@ -403,6 +403,13 @@ + + + ++ ++ rhel-9.0 ++ ++ Same as naming scheme v250. ++ ++ ++ + + + Note that latest may be used to denote the latest scheme known (to this +diff --git a/src/shared/netif-naming-scheme.c b/src/shared/netif-naming-scheme.c +index 245466c4cb..44d011a9b7 100644 +--- a/src/shared/netif-naming-scheme.c ++++ b/src/shared/netif-naming-scheme.c +@@ -23,6 +23,7 @@ static const NamingScheme naming_schemes[] = { + { "v247", NAMING_V247 }, + { "v249", NAMING_V249 }, + { "v250", NAMING_V250 }, ++ { "rhel-9.0", NAMING_RHEL_9_0 }, + /* … add more schemes here, as the logic to name devices is updated … */ + + EXTRA_NET_NAMING_MAP +diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h +index 16b304ce10..f765db6ef2 100644 +--- a/src/shared/netif-naming-scheme.h ++++ b/src/shared/netif-naming-scheme.h +@@ -47,6 +47,7 @@ typedef enum NamingSchemeFlags { + NAMING_V247 = NAMING_V245 | NAMING_BRIDGE_NO_SLOT, + NAMING_V249 = NAMING_V247 | NAMING_SLOT_FUNCTION_ID | NAMING_16BIT_INDEX | NAMING_REPLACE_STRICTLY, + NAMING_V250 = NAMING_V249 | NAMING_XEN_VIF, ++ NAMING_RHEL_9_0 = NAMING_V250, + + EXTRA_NET_NAMING_SCHEMES + diff --git a/SOURCES/0031-core-decrease-log-level-of-messages-about-use-of-Kil.patch b/SOURCES/0031-core-decrease-log-level-of-messages-about-use-of-Kil.patch new file mode 100644 index 0000000..d536c44 --- /dev/null +++ b/SOURCES/0031-core-decrease-log-level-of-messages-about-use-of-Kil.patch @@ -0,0 +1,40 @@ +From 16c4a3c3a826d03f60db83c8d6d809d59e6f38ad Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Tue, 22 Feb 2022 13:24:11 +0100 +Subject: [PATCH] core: decrease log level of messages about use of + KillMode=none + +RHEL-only + +Resolves: #2013213 +--- + src/core/load-fragment.c | 2 +- + src/core/unit.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index 92a52819e2..ad5a0912fc 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -816,7 +816,7 @@ int config_parse_kill_mode( + } + + if (m == KILL_NONE) +- log_syntax(unit, LOG_WARNING, filename, line, 0, ++ log_syntax(unit, LOG_DEBUG, filename, line, 0, + "Unit configured to use KillMode=none. " + "This is unsafe, as it disables systemd's process lifecycle management for the service. " + "Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. " +diff --git a/src/core/unit.c b/src/core/unit.c +index d2adb447b6..9cbed08987 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -5458,7 +5458,7 @@ int unit_log_leftover_process_start(pid_t pid, int sig, void *userdata) { + + /* During start we print a warning */ + +- log_unit_warning(userdata, ++ log_unit_debug(userdata, + "Found left-over process " PID_FMT " (%s) in control group while starting unit. Ignoring.\n" + "This usually indicates unclean termination of a previous run, or service implementation deficiencies.", + pid, strna(comm)); diff --git a/SOURCES/0032-ci-replace-apt-key-with-signed-by.patch b/SOURCES/0032-ci-replace-apt-key-with-signed-by.patch new file mode 100644 index 0000000..8fc33a8 --- /dev/null +++ b/SOURCES/0032-ci-replace-apt-key-with-signed-by.patch @@ -0,0 +1,34 @@ +From be021c2328550a9d5b987cb206eda5df90b45acd Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin +Date: Sun, 26 Dec 2021 01:11:00 +0000 +Subject: [PATCH] ci: replace apt-key with signed-by + +to limit the scope of the key to apt.llvm.org only. + +This is mostly inspired by https://blog.cloudflare.com/dont-use-apt-key/ + +(cherry picked from commit bfa6bd1be098adc4710e1819b9cd34d65b3855da) + +Related: #2013213 +--- + .github/workflows/build_test.sh | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh +index 5b18784461..549e59b2c9 100755 +--- a/.github/workflows/build_test.sh ++++ b/.github/workflows/build_test.sh +@@ -80,9 +80,10 @@ if [[ "$COMPILER" == clang ]]; then + # llvm package if available in such cases to avoid that. + if ! apt show --quiet "llvm-$COMPILER_VERSION" &>/dev/null; then + # Latest LLVM stack deb packages provided by https://apt.llvm.org/ +- # Following snippet was borrowed from https://apt.llvm.org/llvm.sh +- wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - +- add-apt-repository -y "deb http://apt.llvm.org/$RELEASE/ llvm-toolchain-$RELEASE-$COMPILER_VERSION main" ++ # Following snippet was partly borrowed from https://apt.llvm.org/llvm.sh ++ wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --yes --dearmor --output /usr/share/keyrings/apt-llvm-org.gpg ++ printf "deb [signed-by=/usr/share/keyrings/apt-llvm-org.gpg] http://apt.llvm.org/%s/ llvm-toolchain-%s-%s main\n" \ ++ "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list + PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION") + fi + elif [[ "$COMPILER" == gcc ]]; then diff --git a/SOURCES/0033-ci-fix-clang-13-installation.patch b/SOURCES/0033-ci-fix-clang-13-installation.patch new file mode 100644 index 0000000..6540c05 --- /dev/null +++ b/SOURCES/0033-ci-fix-clang-13-installation.patch @@ -0,0 +1,54 @@ +From b9b1f92cdc74beb8487c87aa2b5c2806e100d1aa Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Tue, 22 Feb 2022 14:43:40 +0100 +Subject: [PATCH] ci: fix clang-13 installation + +For some reason Ubuntu Focal repositories now have `llvm-13` virtual +package which can't be installed, but successfully fools our check, +resulting in no clang/llvm being installed... + +``` +$ apt show llvm-13 +Package: llvm-13 +State: not a real package (virtual) +N: Can't select candidate version from package llvm-13 as it has no candidate +N: Can't select versions from package 'llvm-13' as it is purely virtual +N: No packages found + +$ apt install --dry-run llvm-13 +Reading package lists... Done +Building dependency tree +Reading state information... Done +Package llvm-13 is not available, but is referred to by another package. +This may mean that the package is missing, has been obsoleted, or +is only available from another source + +E: Package 'llvm-13' has no installation candidate +``` + +(cherry picked from commit b491d74064f9d5e17a71b38b014434237169a077) + +Related: #2013213 +--- + .github/workflows/build_test.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh +index 549e59b2c9..5a173a18d5 100755 +--- a/.github/workflows/build_test.sh ++++ b/.github/workflows/build_test.sh +@@ -78,12 +78,12 @@ if [[ "$COMPILER" == clang ]]; then + # ATTOW llvm-11 got into focal-updates, which conflicts with llvm-11 + # provided by the apt.llvm.org repositories. Let's use the system + # llvm package if available in such cases to avoid that. +- if ! apt show --quiet "llvm-$COMPILER_VERSION" &>/dev/null; then ++ if ! apt install --dry-run "llvm-$COMPILER_VERSION" >/dev/null; then + # Latest LLVM stack deb packages provided by https://apt.llvm.org/ + # Following snippet was partly borrowed from https://apt.llvm.org/llvm.sh + wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --yes --dearmor --output /usr/share/keyrings/apt-llvm-org.gpg + printf "deb [signed-by=/usr/share/keyrings/apt-llvm-org.gpg] http://apt.llvm.org/%s/ llvm-toolchain-%s-%s main\n" \ +- "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list ++ "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list + PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION") + fi + elif [[ "$COMPILER" == gcc ]]; then diff --git a/SOURCES/0034-Revert-kernel-install-also-remove-modules.builtin.al.patch b/SOURCES/0034-Revert-kernel-install-also-remove-modules.builtin.al.patch new file mode 100644 index 0000000..3d79797 --- /dev/null +++ b/SOURCES/0034-Revert-kernel-install-also-remove-modules.builtin.al.patch @@ -0,0 +1,29 @@ +From c8e786f039efec9e509b839ab8b82237d9344398 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Thu, 17 Mar 2022 12:35:35 +0100 +Subject: [PATCH] Revert "kernel-install: also remove + modules.builtin.alias.bin" + +This reverts commit fdcb1bf67371615f12c4b11283f2bd6a25bda019. + +Related: #2065061 + +[msekleta: this revert is done in order to make backporting easier, +patch will be reapplied later.] +--- + src/kernel-install/50-depmod.install | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/kernel-install/50-depmod.install b/src/kernel-install/50-depmod.install +index fd00c43632..2fd959865f 100644 +--- a/src/kernel-install/50-depmod.install ++++ b/src/kernel-install/50-depmod.install +@@ -36,7 +36,7 @@ case "$COMMAND" in + remove) + [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \ + echo "Removing /lib/modules/${KERNEL_VERSION}/modules.dep and associated files" +- exec rm -f /lib/modules/"${KERNEL_VERSION}"/modules.{alias{,.bin},builtin{,.alias}.bin,dep{,.bin},devname,softdep,symbols{,.bin}} ++ exec rm -f /lib/modules/"${KERNEL_VERSION}"/modules.{alias{,.bin},builtin.bin,dep{,.bin},devname,softdep,symbols{,.bin}} + ;; + *) + exit 0 diff --git a/SOURCES/0035-Revert-kernel-install-prefer-boot-over-boot-efi-for-.patch b/SOURCES/0035-Revert-kernel-install-prefer-boot-over-boot-efi-for-.patch new file mode 100644 index 0000000..8290d92 --- /dev/null +++ b/SOURCES/0035-Revert-kernel-install-prefer-boot-over-boot-efi-for-.patch @@ -0,0 +1,29 @@ +From 5c9bf430dfa9ad75fedf342a4a2be88fa31cd309 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Thu, 17 Mar 2022 12:37:57 +0100 +Subject: [PATCH] Revert "kernel-install: prefer /boot over /boot/efi for + $BOOT_ROOT" + +This reverts commit d0e98b7a1211412dccfcf4dcd2cc0772ac70b304. + +Related: #2065061 + +[msekleta: this revert is done in order to make backporting easier, +patch will be reapplied later.] +--- + src/kernel-install/kernel-install | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install +index d85852532b..b358b03b2f 100755 +--- a/src/kernel-install/kernel-install ++++ b/src/kernel-install/kernel-install +@@ -108,7 +108,7 @@ fi + [ -z "$MACHINE_ID" ] && MACHINE_ID="Default" + + [ -z "$BOOT_ROOT" ] && for suff in "$MACHINE_ID" "loader/entries"; do +- for pref in "/efi" "/boot" "/boot/efi" ; do ++ for pref in "/efi" "/boot/efi" "/boot"; do + if [ -d "$pref/$suff" ]; then + BOOT_ROOT="$pref" + break 2 diff --git a/SOURCES/0036-kernel-install-50-depmod-port-to-bin-sh.patch b/SOURCES/0036-kernel-install-50-depmod-port-to-bin-sh.patch new file mode 100644 index 0000000..abee01e --- /dev/null +++ b/SOURCES/0036-kernel-install-50-depmod-port-to-bin-sh.patch @@ -0,0 +1,60 @@ +From 323059e195652d602142dd9930983b438cd1c4d1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= +Date: Thu, 16 Dec 2021 14:35:17 +0100 +Subject: [PATCH] kernel-install: 50-depmod: port to /bin/sh + +(cherry picked from commit b3ceb3d9fff69b33b8665a0137f5177f72c45cc0) + +Related: #2065061 +--- + src/kernel-install/50-depmod.install | 28 +++++++++++++++------------- + 1 file changed, 15 insertions(+), 13 deletions(-) + +diff --git a/src/kernel-install/50-depmod.install b/src/kernel-install/50-depmod.install +index 2fd959865f..aa1f6b8e0e 100644 +--- a/src/kernel-install/50-depmod.install ++++ b/src/kernel-install/50-depmod.install +@@ -1,4 +1,4 @@ +-#!/usr/bin/env bash ++#!/bin/sh + # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- + # ex: ts=8 sw=4 sts=4 et filetype=sh + # SPDX-License-Identifier: LGPL-2.1-or-later +@@ -20,23 +20,25 @@ + + COMMAND="$1" + KERNEL_VERSION="$2" +-ENTRY_DIR_ABS="$3" +-KERNEL_IMAGE="$4" +-INITRD_OPTIONS_START="5" +- +-[[ $KERNEL_VERSION ]] || exit 1 + + case "$COMMAND" in + add) +- [[ -d "/lib/modules/${KERNEL_VERSION}/kernel" ]] || exit 0 +- [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \ +- echo "Running depmod -a ${KERNEL_VERSION}" +- exec depmod -a "${KERNEL_VERSION}" ++ [ -d "/lib/modules/$KERNEL_VERSION/kernel" ] || exit 0 ++ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "+depmod -a $KERNEL_VERSION" ++ exec depmod -a "$KERNEL_VERSION" + ;; + remove) +- [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \ +- echo "Removing /lib/modules/${KERNEL_VERSION}/modules.dep and associated files" +- exec rm -f /lib/modules/"${KERNEL_VERSION}"/modules.{alias{,.bin},builtin.bin,dep{,.bin},devname,softdep,symbols{,.bin}} ++ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "Removing /lib/modules/$KERNEL_VERSION/modules.dep and associated files" ++ exec rm -f \ ++ "/lib/modules/$KERNEL_VERSION/modules.alias" \ ++ "/lib/modules/$KERNEL_VERSION/modules.alias.bin" \ ++ "/lib/modules/$KERNEL_VERSION/modules.builtin.bin" \ ++ "/lib/modules/$KERNEL_VERSION/modules.dep" \ ++ "/lib/modules/$KERNEL_VERSION/modules.dep.bin" \ ++ "/lib/modules/$KERNEL_VERSION/modules.devname" \ ++ "/lib/modules/$KERNEL_VERSION/modules.softdep" \ ++ "/lib/modules/$KERNEL_VERSION/modules.symbols" \ ++ "/lib/modules/$KERNEL_VERSION/modules.symbols.bin" + ;; + *) + exit 0 diff --git a/SOURCES/0037-kernel-install-90-loaderentry-port-to-bin-sh.patch b/SOURCES/0037-kernel-install-90-loaderentry-port-to-bin-sh.patch new file mode 100644 index 0000000..25a4f98 --- /dev/null +++ b/SOURCES/0037-kernel-install-90-loaderentry-port-to-bin-sh.patch @@ -0,0 +1,181 @@ +From 96310f2157e896a82de6df260926ac1ec66f65ea Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= +Date: Thu, 16 Dec 2021 14:35:33 +0100 +Subject: [PATCH] kernel-install: 90-loaderentry: port to /bin/sh + +Also, forward the rm -f exit code on removal instead of swallowing it + +(cherry picked from commit 662f45e3ea9f6e933234b81bec532d584bda6ead) + +Related: #2065061 +--- + src/kernel-install/90-loaderentry.install | 110 +++++++++------------- + 1 file changed, 45 insertions(+), 65 deletions(-) + +diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install +index 044eced3f0..35324e69a9 100644 +--- a/src/kernel-install/90-loaderentry.install ++++ b/src/kernel-install/90-loaderentry.install +@@ -1,4 +1,4 @@ +-#!/usr/bin/env bash ++#!/bin/sh + # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- + # ex: ts=8 sw=4 sts=4 et filetype=sh + # SPDX-License-Identifier: LGPL-2.1-or-later +@@ -22,68 +22,53 @@ COMMAND="$1" + KERNEL_VERSION="$2" + ENTRY_DIR_ABS="$3" + KERNEL_IMAGE="$4" +-INITRD_OPTIONS_START="5" ++INITRD_OPTIONS_SHIFT=4 + +-if ! [[ $KERNEL_INSTALL_MACHINE_ID ]]; then +- exit 0 +-fi +- +-if [ "$KERNEL_INSTALL_LAYOUT" != "bls" ]; then +- exit 0 +-fi ++[ "$KERNEL_INSTALL_LAYOUT" = "bls" ] || exit 0 + + MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID" + BOOT_ROOT="$KERNEL_INSTALL_BOOT_ROOT" + + BOOT_MNT="$(stat -c %m "$BOOT_ROOT")" +-if [[ "$BOOT_MNT" == '/' ]]; then ++if [ "$BOOT_MNT" = '/' ]; then + ENTRY_DIR="$ENTRY_DIR_ABS" + else + ENTRY_DIR="${ENTRY_DIR_ABS#$BOOT_MNT}" + fi + +-if [[ $COMMAND == remove ]]; then +- rm -f "$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION.conf" +- rm -f "$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION+"*".conf" +- exit 0 +-fi +- +-if ! [[ $COMMAND == add ]]; then +- exit 1 +-fi +- +-if ! [[ $KERNEL_IMAGE ]]; then +- exit 1 +-fi ++case "$COMMAND" in ++ remove) ++ exec rm -f \ ++ "$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION.conf" \ ++ "$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION+"*".conf" ++ ;; ++ add) ++ ;; ++ *) ++ exit 1 ++ ;; ++esac + +-if [[ -f /etc/os-release ]]; then ++if [ -r /etc/os-release ]; then + . /etc/os-release +-elif [[ -f /usr/lib/os-release ]]; then ++elif [ -r /usr/lib/os-release ]; then + . /usr/lib/os-release + fi + +-if ! [[ $PRETTY_NAME ]]; then +- PRETTY_NAME="Linux $KERNEL_VERSION" +-fi ++[ -n "$PRETTY_NAME" ] || PRETTY_NAME="Linux $KERNEL_VERSION" + +-if [[ -f /etc/kernel/cmdline ]]; then +- read -r -d '' -a BOOT_OPTIONS < /etc/kernel/cmdline +-elif [[ -f /usr/lib/kernel/cmdline ]]; then +- read -r -d '' -a BOOT_OPTIONS < /usr/lib/kernel/cmdline ++if [ -r /etc/kernel/cmdline ]; then ++ BOOT_OPTIONS="$(tr -s "$IFS" ' ' &2 + exit 1 + fi +@@ -106,43 +91,38 @@ install -g root -o root -m 0644 "$KERNEL_IMAGE" "$ENTRY_DIR_ABS/linux" || { + exit 1 + } + +-INITRD_OPTIONS=( "${@:${INITRD_OPTIONS_START}}" ) +- +-for initrd in "${INITRD_OPTIONS[@]}"; do +- if [[ -f "${initrd}" ]]; then +- initrd_basename="$(basename ${initrd})" +- [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \ +- echo "Installing $ENTRY_DIR_ABS/${initrd_basename}" +- install -g root -o root -m 0644 "${initrd}" "$ENTRY_DIR_ABS/${initrd_basename}" || { +- echo "Could not copy '${initrd}' to '$ENTRY_DIR_ABS/${initrd_basename}'." >&2 +- exit 1 +- } +- fi +-done ++shift "$INITRD_OPTIONS_SHIFT" ++for initrd; do ++ [ -f "$initrd" ] || continue + +-# If no initrd option is supplied, fall back to "initrd" which is +-# the name used by dracut when generating it in its kernel-install hook +-[[ ${#INITRD_OPTIONS[@]} == 0 ]] && INITRD_OPTIONS=( initrd ) ++ initrd_basename="${initrd##*/}" ++ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "Installing $ENTRY_DIR_ABS/$initrd_basename" ++ install -g root -o root -m 0644 "$initrd" "$ENTRY_DIR_ABS/$initrd_basename" || { ++ echo "Could not copy '$initrd' to '$ENTRY_DIR_ABS/$initrd_basename'." >&2 ++ exit 1 ++ } ++done + + mkdir -p "${LOADER_ENTRY%/*}" || { + echo "Could not create loader entry directory '${LOADER_ENTRY%/*}'." >&2 + exit 1 + } + +-[ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \ +- echo "Creating $LOADER_ENTRY" ++# Try "initrd", generated by dracut in its kernel-install hook, if no initrds were supplied ++[ $# -eq 0 ] && set -- "initrd" ++ ++[ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "Creating $LOADER_ENTRY" + { + echo "title $PRETTY_NAME" + echo "version $KERNEL_VERSION" + echo "machine-id $MACHINE_ID" +- echo "options ${BOOT_OPTIONS[*]}" ++ echo "options $BOOT_OPTIONS" + echo "linux $ENTRY_DIR/linux" +- for initrd in "${INITRD_OPTIONS[@]}"; do +- [[ -f $ENTRY_DIR_ABS/$(basename ${initrd}) ]] && \ +- echo "initrd $ENTRY_DIR/$(basename ${initrd})" ++ for initrd; do ++ [ -f "$ENTRY_DIR_ABS/${initrd##*/}" ] && echo "initrd $ENTRY_DIR/${initrd##*/}" + done + : +-} > "$LOADER_ENTRY" || { ++} >"$LOADER_ENTRY" || { + echo "Could not create loader entry '$LOADER_ENTRY'." >&2 + exit 1 + } diff --git a/SOURCES/0038-kernel-install-fix-shellcheck.patch b/SOURCES/0038-kernel-install-fix-shellcheck.patch new file mode 100644 index 0000000..792d464 --- /dev/null +++ b/SOURCES/0038-kernel-install-fix-shellcheck.patch @@ -0,0 +1,82 @@ +From d778dd4a03f7bd45108fdebcc75dff5e886c30b2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= +Date: Thu, 16 Dec 2021 14:37:53 +0100 +Subject: [PATCH] kernel-install: fix shellcheck + +(cherry picked from commit 0bb1cb1fce5ebf307501dec1679e37f0c0157be9) + +Related: #2065061 +--- + src/kernel-install/kernel-install | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install +index b358b03b2f..f6da0cf7a8 100755 +--- a/src/kernel-install/kernel-install ++++ b/src/kernel-install/kernel-install +@@ -26,8 +26,8 @@ usage() + echo " $0 [OPTIONS...] add KERNEL-VERSION KERNEL-IMAGE [INITRD-FILE ...]" + echo " $0 [OPTIONS...] remove KERNEL-VERSION" + echo "Options:" +- echo " -h,--help Print this help" +- echo " -v,--verbose Increase verbosity" ++ echo " -h, --help Print this help" ++ echo " -v, --verbose Increase verbosity" + } + + dropindirs_sort() +@@ -58,15 +58,15 @@ dropindirs_sort() + + export LC_COLLATE=C + +-for i in "$@"; do +- if [ "$i" == "--help" -o "$i" == "-h" ]; then ++for i; do ++ if [ "$i" = "--help" ] || [ "$i" = "-h" ]; then + usage + exit 0 + fi + done + + KERNEL_INSTALL_VERBOSE=0 +-if [ "$1" == "--verbose" -o "$1" == "-v" ]; then ++if [ "$1" = "--verbose" ] || [ "$1" = "-v" ]; then + shift + KERNEL_INSTALL_VERBOSE=1 + fi +@@ -185,13 +185,13 @@ case $COMMAND in + for f in "${PLUGINS[@]}"; do + if [[ -x $f ]]; then + [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \ +- echo "+$f add $KERNEL_VERSION $ENTRY_DIR_ABS $KERNEL_IMAGE ${INITRD_OPTIONS[@]}" ++ echo "+$f add $KERNEL_VERSION $ENTRY_DIR_ABS $KERNEL_IMAGE ${INITRD_OPTIONS[*]}" + "$f" add "$KERNEL_VERSION" "$ENTRY_DIR_ABS" "$KERNEL_IMAGE" "${INITRD_OPTIONS[@]}" + x=$? +- if [[ $x == $SKIP_REMAINING ]]; then ++ if [ $x -eq "$SKIP_REMAINING" ]; then + break + fi +- ((ret+=$x)) ++ ((ret+=x)) + fi + done + ;; +@@ -203,10 +203,10 @@ case $COMMAND in + echo "+$f remove $KERNEL_VERSION $ENTRY_DIR_ABS" + "$f" remove "$KERNEL_VERSION" "$ENTRY_DIR_ABS" + x=$? +- if [[ $x == $SKIP_REMAINING ]]; then ++ if [ $x -eq "$SKIP_REMAINING" ]; then + break + fi +- ((ret+=$x)) ++ ((ret+=x)) + fi + done + +@@ -222,4 +222,4 @@ case $COMMAND in + ;; + esac + +-exit $ret ++exit "$ret" diff --git a/SOURCES/0039-kernel-install-port-to-bin-sh.patch b/SOURCES/0039-kernel-install-port-to-bin-sh.patch new file mode 100644 index 0000000..f2e4a9c --- /dev/null +++ b/SOURCES/0039-kernel-install-port-to-bin-sh.patch @@ -0,0 +1,205 @@ +From b60234140cbceaa579b889d03b863953ca53b3e1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= +Date: Thu, 16 Dec 2021 15:06:06 +0100 +Subject: [PATCH] kernel-install: port to /bin/sh + +(cherry picked from commit 76b1274a5cb54acaa4a0f0c2e570d751f9067c06) + +Related: #2065061 +--- + src/kernel-install/kernel-install | 109 ++++++++++++------------------ + 1 file changed, 43 insertions(+), 66 deletions(-) + +diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install +index f6da0cf7a8..2e8f382d5f 100755 +--- a/src/kernel-install/kernel-install ++++ b/src/kernel-install/kernel-install +@@ -1,4 +1,4 @@ +-#!/usr/bin/env bash ++#!/bin/sh + # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- + # ex: ts=8 sw=4 sts=4 et filetype=sh + # SPDX-License-Identifier: LGPL-2.1-or-later +@@ -18,7 +18,7 @@ + # You should have received a copy of the GNU Lesser General Public License + # along with systemd; If not, see . + +-SKIP_REMAINING=77 ++skip_remaining=77 + + usage() + { +@@ -32,24 +32,17 @@ usage() + + dropindirs_sort() + { +- local suffix=$1; shift +- local -a files +- local f d i +- +- readarray -t files <<<"$( +- for d in "$@"; do +- for i in "$d/"*"$suffix"; do +- if [[ -e "$i" ]]; then +- echo "${i##*/}" +- fi +- done +- done | sort -Vu +- )" +- +- for f in "${files[@]}"; do +- for d in "$@"; do +- if [[ -e "$d/$f" ]]; then +- echo "$d/$f" ++ suffix="$1" ++ shift ++ ++ for d; do ++ for i in "$d/"*"$suffix"; do ++ [ -e "$i" ] && echo "${i##*/}" ++ done ++ done | sort -Vu | while read -r f; do ++ for d; do ++ if [ -e "$d/$f" ]; then ++ [ -x "$d/$f" ] && echo "$d/$f" + continue 2 + fi + done +@@ -65,27 +58,25 @@ for i; do + fi + done + +-KERNEL_INSTALL_VERBOSE=0 ++export KERNEL_INSTALL_VERBOSE=0 + if [ "$1" = "--verbose" ] || [ "$1" = "-v" ]; then + shift + KERNEL_INSTALL_VERBOSE=1 + fi +-export KERNEL_INSTALL_VERBOSE + +-if [[ "${0##*/}" == 'installkernel' ]]; then +- COMMAND='add' +- # make install doesn't pass any parameter wrt initrd handling +- INITRD_OPTIONS=() ++if [ "${0##*/}" = "installkernel" ]; then ++ COMMAND=add ++ # make install doesn't pass any initrds + else + COMMAND="$1" +- shift +- INITRD_OPTIONS=( "${@:3}" ) ++ [ $# -ge 1 ] && shift + fi + + KERNEL_VERSION="$1" + KERNEL_IMAGE="$2" ++[ $# -ge 2 ] && shift 2 + +-if [[ ! $COMMAND ]] || [[ ! $KERNEL_VERSION ]]; then ++if [ -z "$COMMAND" ] || [ -z "$KERNEL_VERSION" ]; then + echo "Not enough arguments" >&2 + exit 1 + fi +@@ -99,12 +90,11 @@ fi + # Prefer to use an existing machine ID from /etc/machine-info or /etc/machine-id. If we're using the machine + # ID /etc/machine-id, try to persist it in /etc/machine-info. If no machine ID is found, try to generate + # a new machine ID in /etc/machine-info. If that fails, use "Default". +- +-[ -z "$MACHINE_ID" ] && [ -f /etc/machine-info ] && source /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID" +-[ -z "$MACHINE_ID" ] && [ -f /etc/machine-id ] && read -r MACHINE_ID >/etc/machine-info ++[ -z "$MACHINE_ID" ] && [ -r /etc/machine-info ] && . /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID" ++[ -z "$MACHINE_ID" ] && [ -r /etc/machine-id ] && read -r MACHINE_ID >/etc/machine-info + [ -z "$MACHINE_ID" ] && NEW_MACHINE_ID="$(systemd-id128 new)" && echo "KERNEL_INSTALL_MACHINE_ID=$NEW_MACHINE_ID" >>/etc/machine-info +-[ -z "$MACHINE_ID" ] && [ -f /etc/machine-info ] && source /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID" ++[ -z "$MACHINE_ID" ] && [ -r /etc/machine-info ] && . /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID" + [ -z "$MACHINE_ID" ] && MACHINE_ID="Default" + + [ -z "$BOOT_ROOT" ] && for suff in "$MACHINE_ID" "loader/entries"; do +@@ -125,11 +115,6 @@ done + [ -z "$BOOT_ROOT" ] && BOOT_ROOT="/boot" + + +-ENTRY_DIR_ABS="$BOOT_ROOT/$MACHINE_ID/$KERNEL_VERSION" +- +-export KERNEL_INSTALL_MACHINE_ID="$MACHINE_ID" +-export KERNEL_INSTALL_BOOT_ROOT="$BOOT_ROOT" +- + if [ -z "$layout" ]; then + # Administrative decision: if not present, some scripts generate into /boot. + if [ -d "$BOOT_ROOT/$MACHINE_ID" ]; then +@@ -152,21 +137,23 @@ MAKE_ENTRY_DIR_ABS=$? + + ret=0 + +-readarray -t PLUGINS <<<"$( ++PLUGINS="$( + dropindirs_sort ".install" \ + "/etc/kernel/install.d" \ + "/usr/lib/kernel/install.d" + )" ++IFS=" ++" + +-case $COMMAND in ++case "$COMMAND" in + add) +- if [[ ! "$KERNEL_IMAGE" ]]; then ++ if [ -z "$KERNEL_IMAGE" ]; then + echo "Command 'add' requires an argument" >&2 + exit 1 + fi + +- if [[ ! -f "$KERNEL_IMAGE" ]]; then +- echo "Kernel image argument ${KERNEL_IMAGE} not a file" >&2 ++ if ! [ -f "$KERNEL_IMAGE" ]; then ++ echo "Kernel image argument $KERNEL_IMAGE not a file" >&2 + exit 1 + fi + +@@ -182,32 +169,22 @@ case $COMMAND in + fi + fi + +- for f in "${PLUGINS[@]}"; do +- if [[ -x $f ]]; then +- [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \ +- echo "+$f add $KERNEL_VERSION $ENTRY_DIR_ABS $KERNEL_IMAGE ${INITRD_OPTIONS[*]}" +- "$f" add "$KERNEL_VERSION" "$ENTRY_DIR_ABS" "$KERNEL_IMAGE" "${INITRD_OPTIONS[@]}" +- x=$? +- if [ $x -eq "$SKIP_REMAINING" ]; then +- break +- fi +- ((ret+=x)) +- fi ++ for f in $PLUGINS; do ++ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "+$f add $KERNEL_VERSION $ENTRY_DIR_ABS $KERNEL_IMAGE $*" ++ "$f" add "$KERNEL_VERSION" "$ENTRY_DIR_ABS" "$KERNEL_IMAGE" "$@" ++ err=$? ++ [ $err -eq $skip_remaining ] && break ++ ret=$(( ret + err )) + done + ;; + + remove) +- for f in "${PLUGINS[@]}"; do +- if [[ -x $f ]]; then +- [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \ +- echo "+$f remove $KERNEL_VERSION $ENTRY_DIR_ABS" +- "$f" remove "$KERNEL_VERSION" "$ENTRY_DIR_ABS" +- x=$? +- if [ $x -eq "$SKIP_REMAINING" ]; then +- break +- fi +- ((ret+=x)) +- fi ++ for f in $PLUGINS; do ++ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "+$f remove $KERNEL_VERSION $ENTRY_DIR_ABS" ++ "$f" remove "$KERNEL_VERSION" "$ENTRY_DIR_ABS" ++ err=$? ++ [ $err -eq $skip_remaining ] && break ++ ret=$(( ret + err )) + done + + if [ "$MAKE_ENTRY_DIR_ABS" -eq 0 ]; then diff --git a/SOURCES/0040-kernel-install-90-loaderentry-error-out-on-nonexiste.patch b/SOURCES/0040-kernel-install-90-loaderentry-error-out-on-nonexiste.patch new file mode 100644 index 0000000..fcc8805 --- /dev/null +++ b/SOURCES/0040-kernel-install-90-loaderentry-error-out-on-nonexiste.patch @@ -0,0 +1,51 @@ +From 6b47726b54a3bf71e0f7ba35bbfe915c7a64a7d1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= +Date: Fri, 17 Dec 2021 19:51:12 +0100 +Subject: [PATCH] kernel-install: 90-loaderentry: error out on nonexistent + initrds instead of swallowing them quietly + +(cherry picked from commit 742561efbe938c45936f2e4f5d81b3ff6b352882) + +Related: #2065061 +--- + src/kernel-install/90-loaderentry.install | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install +index 35324e69a9..e588e72bf9 100644 +--- a/src/kernel-install/90-loaderentry.install ++++ b/src/kernel-install/90-loaderentry.install +@@ -93,7 +93,10 @@ install -g root -o root -m 0644 "$KERNEL_IMAGE" "$ENTRY_DIR_ABS/linux" || { + + shift "$INITRD_OPTIONS_SHIFT" + for initrd; do +- [ -f "$initrd" ] || continue ++ [ -f "$initrd" ] || { ++ echo "Initrd '$initrd' not a file." >&2 ++ exit 1 ++ } + + initrd_basename="${initrd##*/}" + [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "Installing $ENTRY_DIR_ABS/$initrd_basename" +@@ -108,9 +111,6 @@ mkdir -p "${LOADER_ENTRY%/*}" || { + exit 1 + } + +-# Try "initrd", generated by dracut in its kernel-install hook, if no initrds were supplied +-[ $# -eq 0 ] && set -- "initrd" +- + [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "Creating $LOADER_ENTRY" + { + echo "title $PRETTY_NAME" +@@ -119,8 +119,10 @@ mkdir -p "${LOADER_ENTRY%/*}" || { + echo "options $BOOT_OPTIONS" + echo "linux $ENTRY_DIR/linux" + for initrd; do +- [ -f "$ENTRY_DIR_ABS/${initrd##*/}" ] && echo "initrd $ENTRY_DIR/${initrd##*/}" ++ echo "initrd $ENTRY_DIR/${initrd##*/}" + done ++ # Try "initrd", generated by dracut in its kernel-install hook, if no initrds were supplied ++ [ $# -eq 0 ] && [ -f "$ENTRY_DIR_ABS/initrd" ] && echo "initrd $ENTRY_DIR/initrd" + : + } >"$LOADER_ENTRY" || { + echo "Could not create loader entry '$LOADER_ENTRY'." >&2 diff --git a/SOURCES/0041-kernel-install-don-t-pull-out-KERNEL_IMAGE.patch b/SOURCES/0041-kernel-install-don-t-pull-out-KERNEL_IMAGE.patch new file mode 100644 index 0000000..6407adb --- /dev/null +++ b/SOURCES/0041-kernel-install-don-t-pull-out-KERNEL_IMAGE.patch @@ -0,0 +1,68 @@ +From 92a81ce8d96ea924310262663d86d4ed9c727490 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= +Date: Mon, 20 Dec 2021 14:57:39 +0100 +Subject: [PATCH] kernel-install: don't pull out KERNEL_IMAGE + +It's part of the pack directly passed to scripts on add and ignored on +remove + +(cherry picked from commit af319a4b14bd05cd4c8460487f2c6d7a31b35640) + +Related: #2065061 +--- + src/kernel-install/kernel-install | 21 ++++++++++----------- + 1 file changed, 10 insertions(+), 11 deletions(-) + +diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install +index 2e8f382d5f..097d6557f2 100755 +--- a/src/kernel-install/kernel-install ++++ b/src/kernel-install/kernel-install +@@ -72,15 +72,14 @@ else + [ $# -ge 1 ] && shift + fi + +-KERNEL_VERSION="$1" +-KERNEL_IMAGE="$2" +-[ $# -ge 2 ] && shift 2 +- +-if [ -z "$COMMAND" ] || [ -z "$KERNEL_VERSION" ]; then ++if [ $# -lt 1 ]; then + echo "Not enough arguments" >&2 + exit 1 + fi + ++KERNEL_VERSION="$1" ++shift ++ + if [ -r "/etc/kernel/install.conf" ]; then + . /etc/kernel/install.conf + elif [ -r "/usr/lib/kernel/install.conf" ]; then +@@ -147,13 +146,13 @@ IFS=" + + case "$COMMAND" in + add) +- if [ -z "$KERNEL_IMAGE" ]; then +- echo "Command 'add' requires an argument" >&2 ++ if [ $# -lt 1 ]; then ++ echo "Command 'add' requires a kernel image" >&2 + exit 1 + fi + +- if ! [ -f "$KERNEL_IMAGE" ]; then +- echo "Kernel image argument $KERNEL_IMAGE not a file" >&2 ++ if ! [ -f "$1" ]; then ++ echo "Kernel image argument $1 not a file" >&2 + exit 1 + fi + +@@ -170,8 +169,8 @@ case "$COMMAND" in + fi + + for f in $PLUGINS; do +- [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "+$f add $KERNEL_VERSION $ENTRY_DIR_ABS $KERNEL_IMAGE $*" +- "$f" add "$KERNEL_VERSION" "$ENTRY_DIR_ABS" "$KERNEL_IMAGE" "$@" ++ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "+$f add $KERNEL_VERSION $ENTRY_DIR_ABS $*" ++ "$f" add "$KERNEL_VERSION" "$ENTRY_DIR_ABS" "$@" + err=$? + [ $err -eq $skip_remaining ] && break + ret=$(( ret + err )) diff --git a/SOURCES/0042-kernel-install-prefer-boot-over-boot-efi-for-BOOT_RO.patch b/SOURCES/0042-kernel-install-prefer-boot-over-boot-efi-for-BOOT_RO.patch new file mode 100644 index 0000000..8948786 --- /dev/null +++ b/SOURCES/0042-kernel-install-prefer-boot-over-boot-efi-for-BOOT_RO.patch @@ -0,0 +1,32 @@ +From 9e3e7a50f92ee2f315a22f412f33f60d1f100e5a Mon Sep 17 00:00:00 2001 +From: Adam Williamson +Date: Wed, 5 Jan 2022 14:07:14 -0800 +Subject: [PATCH] kernel-install: prefer /boot over /boot/efi for $BOOT_ROOT + +This restores the preference order from before 9e82a74. The code +previous to that change 'preferred' /boot over /boot/efi; that +commit changed it to check /boot/efi before checking /boot. +Changing this precedence could (and did, for me) have unexpected +effects - it seems safer to leave it how it was. + +Signed-off-by: Adam Williamson +(cherry picked from commit a5307e173bf86d695fe85b8e15e91126e8618a14) + +Related: #2065061 +--- + src/kernel-install/kernel-install | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install +index 097d6557f2..e56483ef96 100755 +--- a/src/kernel-install/kernel-install ++++ b/src/kernel-install/kernel-install +@@ -97,7 +97,7 @@ fi + [ -z "$MACHINE_ID" ] && MACHINE_ID="Default" + + [ -z "$BOOT_ROOT" ] && for suff in "$MACHINE_ID" "loader/entries"; do +- for pref in "/efi" "/boot/efi" "/boot"; do ++ for pref in "/efi" "/boot" "/boot/efi" ; do + if [ -d "$pref/$suff" ]; then + BOOT_ROOT="$pref" + break 2 diff --git a/SOURCES/0043-kernel-install-also-remove-modules.builtin.alias.bin.patch b/SOURCES/0043-kernel-install-also-remove-modules.builtin.alias.bin.patch new file mode 100644 index 0000000..eda48c4 --- /dev/null +++ b/SOURCES/0043-kernel-install-also-remove-modules.builtin.alias.bin.patch @@ -0,0 +1,26 @@ +From e84e60f9fac9d6bae3dd91698c556faf4dec2ca9 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sat, 15 Jan 2022 03:37:40 +0900 +Subject: [PATCH] kernel-install: also remove modules.builtin.alias.bin + +Fixes RHBZ#2016630. + +(cherry picked from commit 06006691b5c56b6123044179d934b3ed81c237ca) + +Related: #2065061 +--- + src/kernel-install/50-depmod.install | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/kernel-install/50-depmod.install b/src/kernel-install/50-depmod.install +index aa1f6b8e0e..be414f39d1 100644 +--- a/src/kernel-install/50-depmod.install ++++ b/src/kernel-install/50-depmod.install +@@ -33,6 +33,7 @@ case "$COMMAND" in + "/lib/modules/$KERNEL_VERSION/modules.alias" \ + "/lib/modules/$KERNEL_VERSION/modules.alias.bin" \ + "/lib/modules/$KERNEL_VERSION/modules.builtin.bin" \ ++ "/lib/modules/$KERNEL_VERSION/modules.builtin.alias.bin" \ + "/lib/modules/$KERNEL_VERSION/modules.dep" \ + "/lib/modules/$KERNEL_VERSION/modules.dep.bin" \ + "/lib/modules/$KERNEL_VERSION/modules.devname" \ diff --git a/SOURCES/0044-kernel-install-add-new-variable-KERNEL_INSTALL_INITR.patch b/SOURCES/0044-kernel-install-add-new-variable-KERNEL_INSTALL_INITR.patch new file mode 100644 index 0000000..ff22ad8 --- /dev/null +++ b/SOURCES/0044-kernel-install-add-new-variable-KERNEL_INSTALL_INITR.patch @@ -0,0 +1,77 @@ +From 57ff5d23530c509773d183dfbfe06e2cad2acb42 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 18 Jan 2022 17:40:13 +0100 +Subject: [PATCH] kernel-install: add new variable + $KERNEL_INSTALL_INITRD_GENERATOR + +The idea is that when not set, we do whatever we did in the past. But +with a new setting of initrd_generator=mkosi-initrd, mkosi-initrd will +generate an initrd. + +(cherry picked from commit 5c1b257faf87cb4f93aee8866f45a8cb98230af9) + +Related: #2065061 +--- + man/kernel-install.xml | 6 +++++- + src/kernel-install/install.conf | 1 + + src/kernel-install/kernel-install | 5 ++++- + 3 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/man/kernel-install.xml b/man/kernel-install.xml +index 83255bb932..bb76074d2e 100644 +--- a/man/kernel-install.xml ++++ b/man/kernel-install.xml +@@ -171,11 +171,15 @@ + KERNEL_INSTALL_BOOT_ROOT= is set for the plugins to the root directory (mount point, usually) of the hierarchy + where boot-loader entries, kernel images, and associated resources should be placed. Can be overridden by setting BOOT_ROOT=. + +- KERNEL_INSTALL_LAYOUT=bls|other|... specifies the installation layout. ++ KERNEL_INSTALL_LAYOUT=bls|other|... is set for the plugins to specify the installation layout. + Defaults to if $BOOT/MACHINE-ID exists, or otherwise. + Additional layout names may be defined by convention. If a plugin uses a special layout, + it's encouraged to declare its own layout name and configure layout= in install.conf upon initial installation. + ++ KERNEL_INSTALL_INITRD_GENERATOR=... is set for plugins to select the initrd generator. ++ This should be configured as initrd_generator= in install.conf. ++ ++ + + + bls +diff --git a/src/kernel-install/install.conf b/src/kernel-install/install.conf +index e4802e6fae..43b6e7d792 100644 +--- a/src/kernel-install/install.conf ++++ b/src/kernel-install/install.conf +@@ -8,3 +8,4 @@ + # See kernel-install(8) for details. + + #layout=bls|other|... ++#initrd_generator=dracut|... +diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install +index e56483ef96..fe457c1070 100755 +--- a/src/kernel-install/kernel-install ++++ b/src/kernel-install/kernel-install +@@ -80,6 +80,9 @@ fi + KERNEL_VERSION="$1" + shift + ++layout= ++initrd_generator= ++ + if [ -r "/etc/kernel/install.conf" ]; then + . /etc/kernel/install.conf + elif [ -r "/usr/lib/kernel/install.conf" ]; then +@@ -123,12 +126,12 @@ if [ -z "$layout" ]; then + fi + fi + +- + ENTRY_DIR_ABS="$BOOT_ROOT/$MACHINE_ID/$KERNEL_VERSION" + + export KERNEL_INSTALL_MACHINE_ID="$MACHINE_ID" + export KERNEL_INSTALL_BOOT_ROOT="$BOOT_ROOT" + export KERNEL_INSTALL_LAYOUT="$layout" ++export KERNEL_INSTALL_INITRD_GENERATOR="$initrd_generator" + + [ "$layout" = "bls" ] + MAKE_ENTRY_DIR_ABS=$? diff --git a/SOURCES/0045-kernel-install-k-i-already-creates-ENTRY_DIR_ABS-no-.patch b/SOURCES/0045-kernel-install-k-i-already-creates-ENTRY_DIR_ABS-no-.patch new file mode 100644 index 0000000..c0d6a41 --- /dev/null +++ b/SOURCES/0045-kernel-install-k-i-already-creates-ENTRY_DIR_ABS-no-.patch @@ -0,0 +1,32 @@ +From a9dadfb00f799b15af9e1f994b22d0b8165f78a5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 19 Jan 2022 12:10:37 +0100 +Subject: [PATCH] kernel-install: k-i already creates $ENTRY_DIR_ABS, no need + to do it again + +(cherry picked from commit a520d5dddb991cd713392d4de0e342e312547a2e) + +Related: #2065061 +--- + src/kernel-install/90-loaderentry.install | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install +index e588e72bf9..7b768457c1 100644 +--- a/src/kernel-install/90-loaderentry.install ++++ b/src/kernel-install/90-loaderentry.install +@@ -78,12 +78,8 @@ else + fi + + if ! [ -d "$ENTRY_DIR_ABS" ]; then +- if [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ]; then +- echo "+mkdir -v -p $ENTRY_DIR_ABS" +- mkdir -v -p "$ENTRY_DIR_ABS" +- else +- mkdir -p "$ENTRY_DIR_ABS" +- fi ++ echo "Error: entry directory '$ENTRY_DIR_ABS' does not exist" >&2 ++ exit 1 + fi + + install -g root -o root -m 0644 "$KERNEL_IMAGE" "$ENTRY_DIR_ABS/linux" || { diff --git a/SOURCES/0046-kernel-install-prefix-errors-with-Error-exit-immedia.patch b/SOURCES/0046-kernel-install-prefix-errors-with-Error-exit-immedia.patch new file mode 100644 index 0000000..554b3dd --- /dev/null +++ b/SOURCES/0046-kernel-install-prefix-errors-with-Error-exit-immedia.patch @@ -0,0 +1,118 @@ +From 007b832500a0a7438999a5dade3e3c49ba07099c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 19 Jan 2022 12:15:16 +0100 +Subject: [PATCH] kernel-install: prefix errors with "Error:", exit immediately +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +kernel-install would continue after errors… We don't want this, as it +makes the results totally unpredicatable. If we didn't install the kernel +or didn't do some important part of the setup, let's just return an error +and let the user deal with it. + +When looking at output, the error was often hard to distinguish, esp. +with -v. Add "Error:" everywhere to make the output easier to parse. + +(cherry picked from commit 680cec6b4ddb356d7dd087b197718712cb5c1662) + +Related: #2065061 +--- + src/kernel-install/90-loaderentry.install | 10 +++++----- + src/kernel-install/kernel-install | 12 ++++++------ + 2 files changed, 11 insertions(+), 11 deletions(-) + +diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install +index 7b768457c1..6a396910cb 100644 +--- a/src/kernel-install/90-loaderentry.install ++++ b/src/kernel-install/90-loaderentry.install +@@ -83,27 +83,27 @@ if ! [ -d "$ENTRY_DIR_ABS" ]; then + fi + + install -g root -o root -m 0644 "$KERNEL_IMAGE" "$ENTRY_DIR_ABS/linux" || { +- echo "Could not copy '$KERNEL_IMAGE' to '$ENTRY_DIR_ABS/linux'." >&2 ++ echo "Error: could not copy '$KERNEL_IMAGE' to '$ENTRY_DIR_ABS/linux'." >&2 + exit 1 + } + + shift "$INITRD_OPTIONS_SHIFT" + for initrd; do + [ -f "$initrd" ] || { +- echo "Initrd '$initrd' not a file." >&2 ++ echo "Error: initrd '$initrd' not a file." >&2 + exit 1 + } + + initrd_basename="${initrd##*/}" + [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "Installing $ENTRY_DIR_ABS/$initrd_basename" + install -g root -o root -m 0644 "$initrd" "$ENTRY_DIR_ABS/$initrd_basename" || { +- echo "Could not copy '$initrd' to '$ENTRY_DIR_ABS/$initrd_basename'." >&2 ++ echo "Error: could not copy '$initrd' to '$ENTRY_DIR_ABS/$initrd_basename'." >&2 + exit 1 + } + done + + mkdir -p "${LOADER_ENTRY%/*}" || { +- echo "Could not create loader entry directory '${LOADER_ENTRY%/*}'." >&2 ++ echo "Error: could not create loader entry directory '${LOADER_ENTRY%/*}'." >&2 + exit 1 + } + +@@ -121,7 +121,7 @@ mkdir -p "${LOADER_ENTRY%/*}" || { + [ $# -eq 0 ] && [ -f "$ENTRY_DIR_ABS/initrd" ] && echo "initrd $ENTRY_DIR/initrd" + : + } >"$LOADER_ENTRY" || { +- echo "Could not create loader entry '$LOADER_ENTRY'." >&2 ++ echo "Error: could not create loader entry '$LOADER_ENTRY'." >&2 + exit 1 + } + exit 0 +diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install +index fe457c1070..a73a205d79 100755 +--- a/src/kernel-install/kernel-install ++++ b/src/kernel-install/kernel-install +@@ -73,7 +73,7 @@ else + fi + + if [ $# -lt 1 ]; then +- echo "Not enough arguments" >&2 ++ echo "Error: not enough arguments" >&2 + exit 1 + fi + +@@ -150,12 +150,12 @@ IFS=" + case "$COMMAND" in + add) + if [ $# -lt 1 ]; then +- echo "Command 'add' requires a kernel image" >&2 ++ echo "Error: command 'add' requires a kernel image" >&2 + exit 1 + fi + + if ! [ -f "$1" ]; then +- echo "Kernel image argument $1 not a file" >&2 ++ echo "Error: kernel image argument $1 not a file" >&2 + exit 1 + fi + +@@ -165,9 +165,9 @@ case "$COMMAND" in + # to serve as the indication to use or to not use the BLS + if [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ]; then + echo "+mkdir -v -p $ENTRY_DIR_ABS" +- mkdir -v -p "$ENTRY_DIR_ABS" ++ mkdir -v -p "$ENTRY_DIR_ABS" || exit 1 + else +- mkdir -p "$ENTRY_DIR_ABS" ++ mkdir -p "$ENTRY_DIR_ABS" || exit 1 + fi + fi + +@@ -196,7 +196,7 @@ case "$COMMAND" in + ;; + + *) +- echo "Unknown command '$COMMAND'" >&2 ++ echo "Error: unknown command '$COMMAND'" >&2 + exit 1 + ;; + esac diff --git a/SOURCES/0047-kernel-install-add-KERNEL_INSTALL_STAGING_AREA-direc.patch b/SOURCES/0047-kernel-install-add-KERNEL_INSTALL_STAGING_AREA-direc.patch new file mode 100644 index 0000000..60544f3 --- /dev/null +++ b/SOURCES/0047-kernel-install-add-KERNEL_INSTALL_STAGING_AREA-direc.patch @@ -0,0 +1,108 @@ +From f91f3437fcf193f2c13657a20f93e91a2f9663cd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 19 Jan 2022 12:20:22 +0100 +Subject: [PATCH] kernel-install: add "$KERNEL_INSTALL_STAGING_AREA" directory + +The general approach of kernel-install was that each plugin would drop in some +files into the entry directory. But this doesn't scale well, because if we have +multiple initrd generators, or multiple initrds, each generator would need to +recreate the logic to put the generated files in the right place. + +Also, effective cleanup is impossible if anything goes wrong on the way, so we +could end up with unused files in $BOOT. + +So let's invert the process: plugins drop files into $KERNEL_INSTALL_STAGING_AREA, +and at the end 90-loaderentry.install DTRT with those files. + +This allow new plugins like 50-mkosi-initrd.install to be significantly simpler. + +(cherry picked from commit 367165a4069ac0c04882a05a8a80f6afb1e42760) + +Related: #2065061 +--- + man/kernel-install.xml | 4 ++++ + src/kernel-install/90-loaderentry.install | 13 ++++++++++--- + src/kernel-install/kernel-install | 10 ++++++++++ + 3 files changed, 24 insertions(+), 3 deletions(-) + +diff --git a/man/kernel-install.xml b/man/kernel-install.xml +index bb76074d2e..685617863e 100644 +--- a/man/kernel-install.xml ++++ b/man/kernel-install.xml +@@ -180,6 +180,10 @@ + This should be configured as initrd_generator= in install.conf. + + ++ KERNEL_INSTALL_STAGING_AREA=... is set for plugins to a path to a directory. ++ Plugins may drop files in that directory, and they will be installed as part of the loader entry, based ++ on the file name and extension. ++ + + + bls +diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install +index 6a396910cb..0888c260e2 100644 +--- a/src/kernel-install/90-loaderentry.install ++++ b/src/kernel-install/90-loaderentry.install +@@ -18,6 +18,8 @@ + # You should have received a copy of the GNU Lesser General Public License + # along with systemd; If not, see . + ++shopt -s nullglob ++ + COMMAND="$1" + KERNEL_VERSION="$2" + ENTRY_DIR_ABS="$3" +@@ -88,7 +90,8 @@ install -g root -o root -m 0644 "$KERNEL_IMAGE" "$ENTRY_DIR_ABS/linux" || { + } + + shift "$INITRD_OPTIONS_SHIFT" +-for initrd; do ++# All files listed as arguments, and staged files called "initrd*" are installed as initrds. ++for initrd in "$@" "${KERNEL_INSTALL_STAGING_AREA}"/initrd*; do + [ -f "$initrd" ] || { + echo "Error: initrd '$initrd' not a file." >&2 + exit 1 +@@ -114,11 +117,15 @@ mkdir -p "${LOADER_ENTRY%/*}" || { + echo "machine-id $MACHINE_ID" + echo "options $BOOT_OPTIONS" + echo "linux $ENTRY_DIR/linux" +- for initrd; do ++ ++ have_initrd= ++ for initrd in "${@}" "${KERNEL_INSTALL_STAGING_AREA}"/initrd*; do + echo "initrd $ENTRY_DIR/${initrd##*/}" ++ have_initrd=yes + done ++ + # Try "initrd", generated by dracut in its kernel-install hook, if no initrds were supplied +- [ $# -eq 0 ] && [ -f "$ENTRY_DIR_ABS/initrd" ] && echo "initrd $ENTRY_DIR/initrd" ++ [ -z "$have_initrd" ] && [ -f "$ENTRY_DIR_ABS/initrd" ] && echo "initrd $ENTRY_DIR/initrd" + : + } >"$LOADER_ENTRY" || { + echo "Error: could not create loader entry '$LOADER_ENTRY'." >&2 +diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install +index a73a205d79..8cfef3208d 100755 +--- a/src/kernel-install/kernel-install ++++ b/src/kernel-install/kernel-install +@@ -128,10 +128,20 @@ fi + + ENTRY_DIR_ABS="$BOOT_ROOT/$MACHINE_ID/$KERNEL_VERSION" + ++# Provide a directory where to store generated initrds ++cleanup() { ++ [ -n "$KERNEL_INSTALL_STAGING_AREA" ] && rm -rf "$KERNEL_INSTALL_STAGING_AREA" ++} ++ ++trap cleanup EXIT ++ ++KERNEL_INSTALL_STAGING_AREA="$(mktemp -d -t -p /tmp kernel-install.staging.XXXXXXX)" ++ + export KERNEL_INSTALL_MACHINE_ID="$MACHINE_ID" + export KERNEL_INSTALL_BOOT_ROOT="$BOOT_ROOT" + export KERNEL_INSTALL_LAYOUT="$layout" + export KERNEL_INSTALL_INITRD_GENERATOR="$initrd_generator" ++export KERNEL_INSTALL_STAGING_AREA + + [ "$layout" = "bls" ] + MAKE_ENTRY_DIR_ABS=$? diff --git a/SOURCES/0048-kernel-install-add-missing-log-line.patch b/SOURCES/0048-kernel-install-add-missing-log-line.patch new file mode 100644 index 0000000..75f1253 --- /dev/null +++ b/SOURCES/0048-kernel-install-add-missing-log-line.patch @@ -0,0 +1,25 @@ +From 356f770adca34191fd5d49b89c526b7375314a2c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 19 Jan 2022 14:03:24 +0100 +Subject: [PATCH] kernel-install: add missing log line + +(cherry picked from commit 29f604131b2c0b82dca7d6ffaa5e6bc6a253620d) + +Related: #2065061 +--- + src/kernel-install/90-loaderentry.install | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install +index 0888c260e2..3edefdefb4 100644 +--- a/src/kernel-install/90-loaderentry.install ++++ b/src/kernel-install/90-loaderentry.install +@@ -40,6 +40,8 @@ fi + + case "$COMMAND" in + remove) ++ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \ ++ echo "Removing $BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION*.conf" + exec rm -f \ + "$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION.conf" \ + "$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION+"*".conf" diff --git a/SOURCES/0049-kernel-install-don-t-try-to-persist-used-machine-ID-.patch b/SOURCES/0049-kernel-install-don-t-try-to-persist-used-machine-ID-.patch new file mode 100644 index 0000000..7af37bc --- /dev/null +++ b/SOURCES/0049-kernel-install-don-t-try-to-persist-used-machine-ID-.patch @@ -0,0 +1,83 @@ +From c5ec0be7b693e3ac05ea8438ca4ca2e9591db171 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 9 Feb 2022 13:59:36 +0100 +Subject: [PATCH] kernel-install: don't try to persist used machine ID locally + +This reworks the how machine ID used by the boot loader spec snippet +generation logic. Instead of persisting it automatically to /etc/ we'll +append it via systemd.machined_id= to the kernel command line, and thus +persist it in the generated boot loader spec snippets instead. This has +nice benefits: + + 1. We do not collide with read-only root + 2. The machine ID remains stable across factory reset, so that we can + safely recognize the path in $BOOT we drop our kernel images in + again, i.e. kernel updates will work correctly and safely across + kernel factory resets. + 3. Previously regular systems had different machine IDs while in + initrd and after booting into the host system. With this change + they will now have the same. + +This then drops implicit persisting of KERNEL_INSTALL_MACHINE_ID, as its +unnecessary then. The field is still honoured though, for compat +reasons. + +This also drops the "Default" fallback previously used, as it actually +is without effect, the randomized ID generation already took precedence +in all cases. This means $MACHNE_ID/KERNEL_INSTALL_MACHINE_ID are now +guaranteed to look like a proper machine ID, which is useful for us, +given you need it that way to be able to pass it to the +systemd.machine_id= kernel command line option. + +(cherry picked from commit 11ce3ea2f2219ab9c0700bcf7f8ed4312d80e937) + +Related: #2065061 +--- + src/kernel-install/90-loaderentry.install | 6 +++++- + src/kernel-install/kernel-install | 16 +++++++--------- + 2 files changed, 12 insertions(+), 10 deletions(-) + +diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install +index 3edefdefb4..046771169c 100644 +--- a/src/kernel-install/90-loaderentry.install ++++ b/src/kernel-install/90-loaderentry.install +@@ -68,7 +68,11 @@ elif [ -r /usr/lib/kernel/cmdline ]; then + else + BOOT_OPTIONS="$(tr -s "$IFS" '\n' >/etc/machine-info +-[ -z "$MACHINE_ID" ] && NEW_MACHINE_ID="$(systemd-id128 new)" && echo "KERNEL_INSTALL_MACHINE_ID=$NEW_MACHINE_ID" >>/etc/machine-info +-[ -z "$MACHINE_ID" ] && [ -r /etc/machine-info ] && . /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID" +-[ -z "$MACHINE_ID" ] && MACHINE_ID="Default" ++# If /etc/machine-id is initialized we'll use it, otherwise we'll use a freshly ++# generated one. If the user configured an explicit machine ID to use in ++# /etc/machine-info to use for our purpose, we'll use that instead (for ++# compatibility). ++[ -z "$MACHINE_ID" ] && [ -r /etc/machine-info ] && . /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID" ++[ -z "$MACHINE_ID" ] && [ -r /etc/machine-id ] && read -r MACHINE_ID +Date: Wed, 9 Feb 2022 14:29:19 +0100 +Subject: [PATCH] kernel-install: add a new $ENTRY_TOKEN variable for naming + boot entries +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This cleans up naming of boot loader spec boot entries a bit (i.e. the +naming of the .conf snippet files, and the directory in $BOOT where the +kernel images and initrds are placed), and isolates it from the actual machine +ID concept. + +Previously there was a sinlge concept for both things, because typically +the entries are just named after the machine ID. However one could also +use a different identifier, i.e. not a 128bit ID in which cases issues +pop up everywhere. For example, the "machine-id" field in the generated +snippets would not be a machine ID anymore, and the newly added +systemd.machine_id= kernel parameter would possibly get passed invalid +data. + +Hence clean this up: + +$MACHINE_ID → always a valid 128bit ID. + +$ENTRY_TOKEN → usually the $MACHINE_ID but can be any other string too. +This is used to name the directory to put kernels/initrds in. It's also +used for naming the *.conf snippets that implement the Boot Loader Type +1 spec. + +(cherry picked from commit 3907044ffa568aedf076d0f9807489ec78f87502) + +Related: #2065061 +--- + src/kernel-install/90-loaderentry.install | 11 ++++++----- + src/kernel-install/kernel-install | 21 +++++++++++++++++---- + 2 files changed, 23 insertions(+), 9 deletions(-) + +diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install +index 046771169c..46261a2c11 100644 +--- a/src/kernel-install/90-loaderentry.install ++++ b/src/kernel-install/90-loaderentry.install +@@ -29,6 +29,7 @@ INITRD_OPTIONS_SHIFT=4 + [ "$KERNEL_INSTALL_LAYOUT" = "bls" ] || exit 0 + + MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID" ++ENTRY_TOKEN="$KERNEL_INSTALL_ENTRY_TOKEN" + BOOT_ROOT="$KERNEL_INSTALL_BOOT_ROOT" + + BOOT_MNT="$(stat -c %m "$BOOT_ROOT")" +@@ -41,10 +42,10 @@ fi + case "$COMMAND" in + remove) + [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \ +- echo "Removing $BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION*.conf" ++ echo "Removing $BOOT_ROOT/loader/entries/$ENTRY_TOKEN-$KERNEL_VERSION*.conf" + exec rm -f \ +- "$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION.conf" \ +- "$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION+"*".conf" ++ "$BOOT_ROOT/loader/entries/$ENTRY_TOKEN-$KERNEL_VERSION.conf" \ ++ "$BOOT_ROOT/loader/entries/$ENTRY_TOKEN-$KERNEL_VERSION+"*".conf" + ;; + add) + ;; +@@ -80,9 +81,9 @@ if [ -r /etc/kernel/tries ]; then + echo "/etc/kernel/tries does not contain an integer." >&2 + exit 1 + fi +- LOADER_ENTRY="$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION+$TRIES.conf" ++ LOADER_ENTRY="$BOOT_ROOT/loader/entries/$ENTRY_TOKEN-$KERNEL_VERSION+$TRIES.conf" + else +- LOADER_ENTRY="$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION.conf" ++ LOADER_ENTRY="$BOOT_ROOT/loader/entries/$ENTRY_TOKEN-$KERNEL_VERSION.conf" + fi + + if ! [ -d "$ENTRY_DIR_ABS" ]; then +diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install +index e94aa79bc6..75a31c62d4 100755 +--- a/src/kernel-install/kernel-install ++++ b/src/kernel-install/kernel-install +@@ -97,7 +97,19 @@ fi + [ -z "$MACHINE_ID" ] && [ -r /etc/machine-id ] && read -r MACHINE_ID +Date: Wed, 9 Feb 2022 14:44:48 +0100 +Subject: [PATCH] kernel-install: only generate systemd.boot_id= in kernel + command line if used for naming the boot loader spec files/dirs + +Now that we can distinguish the naming of the boot loader spec +dirs/files and the machine ID let's tweak the logic for suffixing the +kernel cmdline with systemd.boot_id=: let's only do that when we +actually need the boot ID for naming these dirs/files. If we don't, +let's not bother. + +This should be beneficial for "golden" images that shall not carry any +machine IDs at all, i.e acquire their identity only once the final +userspace is actually reached. + +(cherry picked from commit 953b61004c37948dcd897265b56c1613bc73b9f9) + +Related: #2065061 +--- + src/kernel-install/90-loaderentry.install | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install +index 46261a2c11..c1d69aa824 100644 +--- a/src/kernel-install/90-loaderentry.install ++++ b/src/kernel-install/90-loaderentry.install +@@ -70,10 +70,15 @@ else + BOOT_OPTIONS="$(tr -s "$IFS" '\n' +Date: Thu, 10 Feb 2022 14:27:22 +0100 +Subject: [PATCH] kernel-install: search harder for kernel image/initrd drop-in + dir + +If not explicitly configured, let's search a bit harder for the +ENTRY_TOKEN, and let's try the machine ID, the IMAGE_ID and ID fields of +/etc/os-release and finally "Default", all below potential $XBOOTLDR. + +(cherry picked from commit 6637cf9db67237857279262d93ee0e39023c5b85) + +Related: #2065061 +--- + src/kernel-install/kernel-install | 27 ++++++++++++++++++++++++--- + 1 file changed, 24 insertions(+), 3 deletions(-) + +diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install +index 75a31c62d4..c42c40592a 100755 +--- a/src/kernel-install/kernel-install ++++ b/src/kernel-install/kernel-install +@@ -103,29 +103,50 @@ fi + # for naming the .conf boot loader spec entry. Typically this is just the + # machine ID, but it can be anything else, too, if we are told so. + [ -z "$ENTRY_TOKEN" ] && [ -r /etc/kernel/entry-token ] && read -r ENTRY_TOKEN +Date: Thu, 10 Feb 2022 14:37:37 +0100 +Subject: [PATCH] kernel-install: add new "inspect" verb, showing paths and + parameters we discovered + +(cherry picked from commit c73cf4184441d3cc37a5e2195938f07420ec38b7) + +Related: #2065061 +--- + src/kernel-install/kernel-install | 29 +++++++++++++++++++++++------ + 1 file changed, 23 insertions(+), 6 deletions(-) + +diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install +index c42c40592a..b8099bd12c 100755 +--- a/src/kernel-install/kernel-install ++++ b/src/kernel-install/kernel-install +@@ -25,6 +25,7 @@ usage() + echo "Usage:" + echo " $0 [OPTIONS...] add KERNEL-VERSION KERNEL-IMAGE [INITRD-FILE ...]" + echo " $0 [OPTIONS...] remove KERNEL-VERSION" ++ echo " $0 [OPTIONS...] inspect" + echo "Options:" + echo " -h, --help Print this help" + echo " -v, --verbose Increase verbosity" +@@ -72,13 +73,17 @@ else + [ $# -ge 1 ] && shift + fi + +-if [ $# -lt 1 ]; then +- echo "Error: not enough arguments" >&2 +- exit 1 +-fi ++if [ "$COMMAND" = "inspect" ]; then ++ KERNEL_VERSION="" ++else ++ if [ $# -lt 1 ]; then ++ echo "Error: not enough arguments" >&2 ++ exit 1 ++ fi + +-KERNEL_VERSION="$1" +-shift ++ KERNEL_VERSION="$1" ++ shift ++fi + + layout= + initrd_generator= +@@ -237,6 +242,18 @@ case "$COMMAND" in + fi + ;; + ++ inspect) ++ echo "KERNEL_INSTALL_MACHINE_ID: $KERNEL_INSTALL_MACHINE_ID" ++ echo "KERNEL_INSTALL_ENTRY_TOKEN: $KERNEL_INSTALL_ENTRY_TOKEN" ++ echo "KERNEL_INSTALL_BOOT_ROOT: $KERNEL_INSTALL_BOOT_ROOT" ++ echo "KERNEL_INSTALL_LAYOUT: $KERNEL_INSTALL_LAYOUT" ++ echo "KERNEL_INSTALL_INITRD_GENERATOR: $KERNEL_INSTALL_INITRD_GENERATOR" ++ echo "ENTRY_DIR_ABS: $KERNEL_INSTALL_BOOT_ROOT/$ENTRY_TOKEN/\$KERNEL_VERSION" ++ ++ # Assert that ENTRY_DIR_ABS actually matches what we are printing here ++ [ "${ENTRY_DIR_ABS%/*}" = "$KERNEL_INSTALL_BOOT_ROOT/$ENTRY_TOKEN" ] || { echo "Assertion didn't pass." >&2; exit 1; } ++ ++ ;; + *) + echo "Error: unknown command '$COMMAND'" >&2 + exit 1 diff --git a/SOURCES/0054-bus-Use-OrderedSet-for-introspection.patch b/SOURCES/0054-bus-Use-OrderedSet-for-introspection.patch new file mode 100644 index 0000000..682478f --- /dev/null +++ b/SOURCES/0054-bus-Use-OrderedSet-for-introspection.patch @@ -0,0 +1,276 @@ +From a62fe26e02c9852a59d84d3834fdbb39d7568f28 Mon Sep 17 00:00:00 2001 +From: Jan Janssen +Date: Wed, 19 Jan 2022 10:15:36 +0100 +Subject: [PATCH] bus: Use OrderedSet for introspection + +Otherwise, the generated xml files are not reproducible. + +(cherry picked from commit acac88340ace3cd631126eebb6d0390cd54e8231) + +Resolves: #2066325 +--- + src/libsystemd/sd-bus/bus-introspect.c | 4 +-- + src/libsystemd/sd-bus/bus-introspect.h | 4 +-- + src/libsystemd/sd-bus/bus-objects.c | 45 +++++++++++++------------- + src/shared/bus-object.c | 4 +-- + 4 files changed, 28 insertions(+), 29 deletions(-) + +diff --git a/src/libsystemd/sd-bus/bus-introspect.c b/src/libsystemd/sd-bus/bus-introspect.c +index b9ef6af631..eed0dae82f 100644 +--- a/src/libsystemd/sd-bus/bus-introspect.c ++++ b/src/libsystemd/sd-bus/bus-introspect.c +@@ -110,7 +110,7 @@ static int set_interface_name(struct introspect *intro, const char *interface_na + return free_and_strdup(&intro->interface_name, interface_name); + } + +-int introspect_write_child_nodes(struct introspect *i, Set *s, const char *prefix) { ++int introspect_write_child_nodes(struct introspect *i, OrderedSet *s, const char *prefix) { + char *node; + + assert(i); +@@ -118,7 +118,7 @@ int introspect_write_child_nodes(struct introspect *i, Set *s, const char *prefi + + assert_se(set_interface_name(i, NULL) >= 0); + +- while ((node = set_steal_first(s))) { ++ while ((node = ordered_set_steal_first(s))) { + const char *e; + + e = object_path_startswith(node, prefix); +diff --git a/src/libsystemd/sd-bus/bus-introspect.h b/src/libsystemd/sd-bus/bus-introspect.h +index 34f32a4cf9..19e3ef09e2 100644 +--- a/src/libsystemd/sd-bus/bus-introspect.h ++++ b/src/libsystemd/sd-bus/bus-introspect.h +@@ -5,7 +5,7 @@ + + #include "sd-bus.h" + +-#include "set.h" ++#include "ordered-set.h" + + struct introspect { + FILE *f; +@@ -17,7 +17,7 @@ struct introspect { + + int introspect_begin(struct introspect *i, bool trusted); + int introspect_write_default_interfaces(struct introspect *i, bool object_manager); +-int introspect_write_child_nodes(struct introspect *i, Set *s, const char *prefix); ++int introspect_write_child_nodes(struct introspect *i, OrderedSet *s, const char *prefix); + int introspect_write_interface( + struct introspect *i, + const char *interface_name, +diff --git a/src/libsystemd/sd-bus/bus-objects.c b/src/libsystemd/sd-bus/bus-objects.c +index bf69539062..40158a7326 100644 +--- a/src/libsystemd/sd-bus/bus-objects.c ++++ b/src/libsystemd/sd-bus/bus-objects.c +@@ -9,7 +9,6 @@ + #include "bus-slot.h" + #include "bus-type.h" + #include "missing_capability.h" +-#include "set.h" + #include "string-util.h" + #include "strv.h" + +@@ -99,7 +98,7 @@ static int add_enumerated_to_set( + sd_bus *bus, + const char *prefix, + struct node_enumerator *first, +- Set *s, ++ OrderedSet *s, + sd_bus_error *error) { + + struct node_enumerator *c; +@@ -146,7 +145,7 @@ static int add_enumerated_to_set( + continue; + } + +- r = set_consume(s, *k); ++ r = ordered_set_consume(s, *k); + if (r == -EEXIST) + r = 0; + } +@@ -171,7 +170,7 @@ static int add_subtree_to_set( + const char *prefix, + struct node *n, + unsigned flags, +- Set *s, ++ OrderedSet *s, + sd_bus_error *error) { + + struct node *i; +@@ -198,7 +197,7 @@ static int add_subtree_to_set( + if (!t) + return -ENOMEM; + +- r = set_consume(s, t); ++ r = ordered_set_consume(s, t); + if (r < 0 && r != -EEXIST) + return r; + +@@ -220,10 +219,10 @@ static int get_child_nodes( + const char *prefix, + struct node *n, + unsigned flags, +- Set **_s, ++ OrderedSet **_s, + sd_bus_error *error) { + +- Set *s = NULL; ++ OrderedSet *s = NULL; + int r; + + assert(bus); +@@ -231,13 +230,13 @@ static int get_child_nodes( + assert(n); + assert(_s); + +- s = set_new(&string_hash_ops); ++ s = ordered_set_new(&string_hash_ops); + if (!s) + return -ENOMEM; + + r = add_subtree_to_set(bus, prefix, n, flags, s, error); + if (r < 0) { +- set_free_free(s); ++ ordered_set_free_free(s); + return r; + } + +@@ -937,7 +936,7 @@ int introspect_path( + char **ret, + sd_bus_error *error) { + +- _cleanup_set_free_free_ Set *s = NULL; ++ _cleanup_ordered_set_free_ OrderedSet *s = NULL; + _cleanup_(introspect_free) struct introspect intro = {}; + struct node_vtable *c; + bool empty; +@@ -963,7 +962,7 @@ int introspect_path( + if (r < 0) + return r; + +- empty = set_isempty(s); ++ empty = ordered_set_isempty(s); + + LIST_FOREACH(vtables, c, n->vtables) { + if (require_fallback && !c->is_fallback) +@@ -1233,7 +1232,7 @@ static int process_get_managed_objects( + + _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; + _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; +- _cleanup_set_free_free_ Set *s = NULL; ++ _cleanup_ordered_set_free_free_ OrderedSet *s = NULL; + char *path; + int r; + +@@ -1263,7 +1262,7 @@ static int process_get_managed_objects( + if (r < 0) + return r; + +- SET_FOREACH(path, s) { ++ ORDERED_SET_FOREACH(path, s) { + r = object_manager_serialize_path_and_fallbacks(bus, reply, path, &error); + if (r < 0) + return bus_maybe_reply_error(m, r, &error); +@@ -2352,7 +2351,7 @@ _public_ int sd_bus_emit_properties_changed( + static int object_added_append_all_prefix( + sd_bus *bus, + sd_bus_message *m, +- Set *s, ++ OrderedSet *s, + const char *prefix, + const char *path, + bool require_fallback) { +@@ -2392,10 +2391,10 @@ static int object_added_append_all_prefix( + * skip it on any of its parents. The child vtables + * always fully override any conflicting vtables of + * any parent node. */ +- if (set_get(s, c->interface)) ++ if (ordered_set_get(s, c->interface)) + continue; + +- r = set_put(s, c->interface); ++ r = ordered_set_put(s, c->interface); + if (r < 0) + return r; + +@@ -2441,7 +2440,7 @@ static int object_added_append_all_prefix( + } + + static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *path) { +- _cleanup_set_free_ Set *s = NULL; ++ _cleanup_ordered_set_free_ OrderedSet *s = NULL; + _cleanup_free_ char *prefix = NULL; + size_t pl; + int r; +@@ -2465,7 +2464,7 @@ static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *p + * a parent that were overwritten by a child. + */ + +- s = set_new(&string_hash_ops); ++ s = ordered_set_new(&string_hash_ops); + if (!s) + return -ENOMEM; + +@@ -2572,7 +2571,7 @@ _public_ int sd_bus_emit_object_added(sd_bus *bus, const char *path) { + static int object_removed_append_all_prefix( + sd_bus *bus, + sd_bus_message *m, +- Set *s, ++ OrderedSet *s, + const char *prefix, + const char *path, + bool require_fallback) { +@@ -2605,7 +2604,7 @@ static int object_removed_append_all_prefix( + * skip it on any of its parents. The child vtables + * always fully override any conflicting vtables of + * any parent node. */ +- if (set_get(s, c->interface)) ++ if (ordered_set_get(s, c->interface)) + continue; + + r = node_vtable_get_userdata(bus, path, c, &u, &error); +@@ -2616,7 +2615,7 @@ static int object_removed_append_all_prefix( + if (r == 0) + continue; + +- r = set_put(s, c->interface); ++ r = ordered_set_put(s, c->interface); + if (r < 0) + return r; + +@@ -2631,7 +2630,7 @@ static int object_removed_append_all_prefix( + } + + static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char *path) { +- _cleanup_set_free_ Set *s = NULL; ++ _cleanup_ordered_set_free_ OrderedSet *s = NULL; + _cleanup_free_ char *prefix = NULL; + size_t pl; + int r; +@@ -2642,7 +2641,7 @@ static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char + + /* see sd_bus_emit_object_added() for details */ + +- s = set_new(&string_hash_ops); ++ s = ordered_set_new(&string_hash_ops); + if (!s) + return -ENOMEM; + +diff --git a/src/shared/bus-object.c b/src/shared/bus-object.c +index f2e53913fb..4ed5215e3d 100644 +--- a/src/shared/bus-object.c ++++ b/src/shared/bus-object.c +@@ -156,10 +156,10 @@ int bus_introspect_implementations( + if (impl != main_impl) + bus_introspect_implementation(&intro, impl); + +- _cleanup_set_free_ Set *nodes = NULL; ++ _cleanup_ordered_set_free_ OrderedSet *nodes = NULL; + + for (size_t i = 0; impl->children && impl->children[i]; i++) { +- r = set_put_strdup(&nodes, impl->children[i]->path); ++ r = ordered_set_put_strdup(&nodes, impl->children[i]->path); + if (r < 0) + return log_oom(); + } diff --git a/SOURCES/0055-udev-net_id-avoid-slot-based-names-only-for-single-f.patch b/SOURCES/0055-udev-net_id-avoid-slot-based-names-only-for-single-f.patch new file mode 100644 index 0000000..0dcfda4 --- /dev/null +++ b/SOURCES/0055-udev-net_id-avoid-slot-based-names-only-for-single-f.patch @@ -0,0 +1,109 @@ +From aacd9b79ecd97007bad3706234ccc1b2ae84ca11 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Wed, 23 Mar 2022 17:34:12 +0100 +Subject: [PATCH] udev/net_id: avoid slot based names only for single function + devices + +If we have two or more devices that share the same slot but they are +also multifunction then it is OK to use the slot information even if it +is the same for all of them. Name conflict will be avoided because we +will append function number and form names like, ens1f1, ens1f2... + +(cherry picked from commit 66425daf2c68793adf24a48a26d58add8662e83f) + +Resolves: #2070097 +--- + man/systemd.net-naming-scheme.xml | 7 ++++++- + src/shared/netif-naming-scheme.h | 31 ++++++++++++++++--------------- + src/udev/udev-builtin-net_id.c | 11 +++++++++-- + 3 files changed, 31 insertions(+), 18 deletions(-) + +diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml +index 942ef572ff..73d08b681d 100644 +--- a/man/systemd.net-naming-scheme.xml ++++ b/man/systemd.net-naming-scheme.xml +@@ -406,7 +406,12 @@ + + rhel-9.0 + +- Same as naming scheme v250. ++ Since version v247 we no longer set ++ ID_NET_NAME_SLOT if we detect that a PCI device associated with a slot is a PCI ++ bridge as that would create naming conflict when there are more child devices on that bridge. Now, ++ this is relaxed and we will use slot information to generate the name based on it but only if ++ the PCI device has multiple functions. This is safe because distinct function number is a part of ++ the device name for multifunction devices. + + + +diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h +index f765db6ef2..5c86cb4545 100644 +--- a/src/shared/netif-naming-scheme.h ++++ b/src/shared/netif-naming-scheme.h +@@ -22,20 +22,21 @@ + * OS versions, but not fully stabilize them. */ + typedef enum NamingSchemeFlags { + /* First, the individual features */ +- NAMING_SR_IOV_V = 1 << 0, /* Use "v" suffix for SR-IOV, see 609948c7043a */ +- NAMING_NPAR_ARI = 1 << 1, /* Use NPAR "ARI", see 6bc04997b6ea */ +- NAMING_INFINIBAND = 1 << 2, /* Use "ib" prefix for infiniband, see 938d30aa98df */ +- NAMING_ZERO_ACPI_INDEX = 1 << 3, /* Use zero acpi_index field, see d81186ef4f6a */ +- NAMING_ALLOW_RERENAMES = 1 << 4, /* Allow re-renaming of devices, see #9006 */ +- NAMING_STABLE_VIRTUAL_MACS = 1 << 5, /* Use device name to generate MAC, see 6d3646406560 */ +- NAMING_NETDEVSIM = 1 << 6, /* Generate names for netdevsim devices, see eaa9d507d855 */ +- NAMING_LABEL_NOPREFIX = 1 << 7, /* Don't prepend ID_NET_LABEL_ONBOARD with interface type prefix */ +- NAMING_NSPAWN_LONG_HASH = 1 << 8, /* Shorten nspawn interfaces by including 24bit hash, instead of simple truncation */ +- NAMING_BRIDGE_NO_SLOT = 1 << 9, /* Don't use PCI hotplug slot information if the corresponding device is a PCI bridge */ +- NAMING_SLOT_FUNCTION_ID = 1 << 10, /* Use function_id if present to identify PCI hotplug slots */ +- NAMING_16BIT_INDEX = 1 << 11, /* Allow full 16-bit for the onboard index */ +- NAMING_REPLACE_STRICTLY = 1 << 12, /* Use udev_replace_ifname() for NAME= rule */ +- NAMING_XEN_VIF = 1 << 13, /* GEnerate names for Xen netfront devices */ ++ NAMING_SR_IOV_V = 1 << 0, /* Use "v" suffix for SR-IOV, see 609948c7043a */ ++ NAMING_NPAR_ARI = 1 << 1, /* Use NPAR "ARI", see 6bc04997b6ea */ ++ NAMING_INFINIBAND = 1 << 2, /* Use "ib" prefix for infiniband, see 938d30aa98df */ ++ NAMING_ZERO_ACPI_INDEX = 1 << 3, /* Use zero acpi_index field, see d81186ef4f6a */ ++ NAMING_ALLOW_RERENAMES = 1 << 4, /* Allow re-renaming of devices, see #9006 */ ++ NAMING_STABLE_VIRTUAL_MACS = 1 << 5, /* Use device name to generate MAC, see 6d3646406560 */ ++ NAMING_NETDEVSIM = 1 << 6, /* Generate names for netdevsim devices, see eaa9d507d855 */ ++ NAMING_LABEL_NOPREFIX = 1 << 7, /* Don't prepend ID_NET_LABEL_ONBOARD with interface type prefix */ ++ NAMING_NSPAWN_LONG_HASH = 1 << 8, /* Shorten nspawn interfaces by including 24bit hash, instead of simple truncation */ ++ NAMING_BRIDGE_NO_SLOT = 1 << 9, /* Don't use PCI hotplug slot information if the corresponding device is a PCI bridge */ ++ NAMING_SLOT_FUNCTION_ID = 1 << 10, /* Use function_id if present to identify PCI hotplug slots */ ++ NAMING_16BIT_INDEX = 1 << 11, /* Allow full 16-bit for the onboard index */ ++ NAMING_REPLACE_STRICTLY = 1 << 12, /* Use udev_replace_ifname() for NAME= rule */ ++ NAMING_XEN_VIF = 1 << 13, /* Generate names for Xen netfront devices */ ++ NAMING_BRIDGE_MULTIFUNCTION_SLOT = 1 << 14, /* Use PCI hotplug slot information associated with bridge, but only if PCI device is multifunction */ + + /* And now the masks that combine the features above */ + NAMING_V238 = 0, +@@ -47,7 +48,7 @@ typedef enum NamingSchemeFlags { + NAMING_V247 = NAMING_V245 | NAMING_BRIDGE_NO_SLOT, + NAMING_V249 = NAMING_V247 | NAMING_SLOT_FUNCTION_ID | NAMING_16BIT_INDEX | NAMING_REPLACE_STRICTLY, + NAMING_V250 = NAMING_V249 | NAMING_XEN_VIF, +- NAMING_RHEL_9_0 = NAMING_V250, ++ NAMING_RHEL_9_0 = NAMING_V250 | NAMING_BRIDGE_MULTIFUNCTION_SLOT, + + EXTRA_NET_NAMING_SCHEMES + +diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c +index 65e003eb15..673ed7a7ca 100644 +--- a/src/udev/udev-builtin-net_id.c ++++ b/src/udev/udev-builtin-net_id.c +@@ -451,8 +451,15 @@ static int dev_pci_slot(sd_device *dev, const LinkInfo *info, NetNames *names) { + * devices that will try to claim the same index and that would create name + * collision. */ + if (naming_scheme_has(NAMING_BRIDGE_NO_SLOT) && is_pci_bridge(hotplug_slot_dev)) { +- log_device_debug(dev, "Not using slot information because the PCI device is a bridge."); +- return 0; ++ if (naming_scheme_has(NAMING_BRIDGE_MULTIFUNCTION_SLOT) && !is_pci_multifunction(names->pcidev)) { ++ log_device_debug(dev, "Not using slot information because the PCI device associated with the hotplug slot is a bridge and the PCI device has single function."); ++ return 0; ++ } ++ ++ if (!naming_scheme_has(NAMING_BRIDGE_MULTIFUNCTION_SLOT)) { ++ log_device_debug(dev, "Not using slot information because the PCI device is a bridge."); ++ return 0; ++ } + } + + break; diff --git a/SOURCES/10-oomd-defaults.conf b/SOURCES/10-oomd-defaults.conf new file mode 100644 index 0000000..0254657 --- /dev/null +++ b/SOURCES/10-oomd-defaults.conf @@ -0,0 +1,2 @@ +[OOM] +DefaultMemoryPressureDurationSec=20s diff --git a/SOURCES/10-oomd-root-slice-defaults.conf b/SOURCES/10-oomd-root-slice-defaults.conf new file mode 100644 index 0000000..49958e8 --- /dev/null +++ b/SOURCES/10-oomd-root-slice-defaults.conf @@ -0,0 +1,2 @@ +[Slice] +ManagedOOMSwap=kill diff --git a/SOURCES/10-oomd-user-service-defaults.conf b/SOURCES/10-oomd-user-service-defaults.conf new file mode 100644 index 0000000..94d5c87 --- /dev/null +++ b/SOURCES/10-oomd-user-service-defaults.conf @@ -0,0 +1,3 @@ +[Service] +ManagedOOMMemoryPressure=kill +ManagedOOMMemoryPressureLimit=50% diff --git a/SOURCES/20-grubby.install b/SOURCES/20-grubby.install new file mode 100755 index 0000000..e059125 --- /dev/null +++ b/SOURCES/20-grubby.install @@ -0,0 +1,51 @@ +#!/bin/bash + +if [[ ! -x /sbin/new-kernel-pkg ]]; then + exit 0 +fi + +COMMAND="$1" +KERNEL_VERSION="$2" +BOOT_DIR_ABS="$3" +KERNEL_IMAGE="$4" + +KERNEL_DIR="${KERNEL_IMAGE%/*}" +[[ "$KERNEL_VERSION" == *\+* ]] && flavor=-"${KERNEL_VERSION##*+}" +case "$COMMAND" in + add) + if [[ "${KERNEL_DIR}" != "/boot" ]]; then + for i in \ + "$KERNEL_IMAGE" \ + "$KERNEL_DIR"/System.map \ + "$KERNEL_DIR"/config \ + "$KERNEL_DIR"/zImage.stub \ + "$KERNEL_DIR"/dtb \ + ; do + [[ -e "$i" ]] || continue + cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}" + command -v restorecon &>/dev/null && \ + restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}" + done + # hmac is .vmlinuz-.hmac so needs a special treatment + i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac" + if [[ -e "$i" ]]; then + cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" + command -v restorecon &>/dev/null && \ + restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" + fi + fi + /sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $? + /sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $? + /sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $? + ;; + remove) + /sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $? + ;; + *) + ;; +esac + +# skip other installation plugins, if we can't find a boot loader spec conforming setup +if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then + exit 77 +fi diff --git a/SOURCES/20-yama-ptrace.conf b/SOURCES/20-yama-ptrace.conf new file mode 100644 index 0000000..4fbaf97 --- /dev/null +++ b/SOURCES/20-yama-ptrace.conf @@ -0,0 +1,42 @@ +# The ptrace system call is used for interprocess services, +# communication and introspection (like synchronisation, signaling, +# debugging, tracing and profiling) of processes. +# +# Usage of ptrace is restricted by normal user permissions. Normal +# unprivileged processes cannot use ptrace on processes that they +# cannot send signals to or processes that are running set-uid or +# set-gid. Nevertheless, processes running under the same uid will +# usually be able to ptrace one another. +# +# Fedora enables the Yama security mechanism which restricts ptrace +# even further. Sysctl setting kernel.yama.ptrace_scope can have one +# of the following values: +# +# 0 - Normal ptrace security permissions. +# 1 - Restricted ptrace. Only child processes plus normal permissions. +# 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE. +# 3 - No attach. No process may call ptrace at all. Irrevocable. +# +# For more information see Documentation/security/Yama.txt in the +# kernel sources. +# +# The default is 1., which allows tracing of child processes, but +# forbids tracing of arbitrary processes. This allows programs like +# gdb or strace to work when the most common way of having the +# debugger start the debuggee is used: +# gdb /path/to/program ... +# Attaching to already running programs is NOT allowed: +# gdb -p ... +# This default setting is suitable for the common case, because it +# reduces the risk that one hacked process can be used to attack other +# processes. (For example, a hacked firefox process in a user session +# will not be able to ptrace the keyring process and extract passwords +# stored only in memory.) +# +# Developers and administrators might want to disable those protections +# to be able to attach debuggers to existing processes. Use +# sysctl kernel.yama.ptrace_scope=0 +# for change the setting temporarily, or copy this file to +# /etc/sysctl.d/20-yama-ptrace.conf to set it for future boots. + +kernel.yama.ptrace_scope = 0 diff --git a/SOURCES/inittab b/SOURCES/inittab new file mode 100644 index 0000000..3f5e83c --- /dev/null +++ b/SOURCES/inittab @@ -0,0 +1,16 @@ +# inittab is no longer used. +# +# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM. +# +# Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target +# +# systemd uses 'targets' instead of runlevels. By default, there are two main targets: +# +# multi-user.target: analogous to runlevel 3 +# graphical.target: analogous to runlevel 5 +# +# To view current default target, run: +# systemctl get-default +# +# To set a default target, run: +# systemctl set-default TARGET.target diff --git a/SOURCES/libsystemd-shared.abignore b/SOURCES/libsystemd-shared.abignore new file mode 100644 index 0000000..e412d8b --- /dev/null +++ b/SOURCES/libsystemd-shared.abignore @@ -0,0 +1,3 @@ +[suppress_file] +# This shared object is private to systemd +file_name_regexp=libsystemd-shared-.*.so diff --git a/SOURCES/macros.sysusers b/SOURCES/macros.sysusers new file mode 100644 index 0000000..d8d8c1d --- /dev/null +++ b/SOURCES/macros.sysusers @@ -0,0 +1,10 @@ +# RPM macros for packages creating system accounts +# +# Turn a sysusers.d file into macros specified by +# https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation + +%sysusers_requires_compat Requires(pre): shadow-utils + +%sysusers_create_compat() \ +%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \ +%{nil} diff --git a/SOURCES/purge-nobody-user b/SOURCES/purge-nobody-user new file mode 100755 index 0000000..66404fe --- /dev/null +++ b/SOURCES/purge-nobody-user @@ -0,0 +1,101 @@ +#!/bin/bash -eu + +if [ $UID -ne 0 ]; then + echo "WARNING: This script needs to run as root to be effective" + exit 1 +fi + +export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 + +if [ "${1:-}" = "--ignore-journal" ]; then + shift + ignore_journal=1 +else + ignore_journal=0 +fi + +echo "Checking processes..." +if ps h -u 99 | grep .; then + echo "ERROR: ps reports processes with UID 99!" + exit 2 +fi +echo "... not found" + +echo "Checking UTMP..." +if w -h 199 | grep . ; then + echo "ERROR: w reports UID 99 as active!" + exit 2 +fi +if w -h nobody | grep . ; then + echo "ERROR: w reports user nobody as active!" + exit 2 +fi +echo "... not found" + +echo "Checking the journal..." +if [ "$ignore_journal" = 0 ] && journalctl -q -b -n10 _UID=99 | grep . ; then + echo "ERROR: journalctl reports messages from UID 99 in current boot!" + exit 2 +fi +echo "... not found" + +echo "Looking for files in /etc, /run, /tmp, and /var..." +if find /etc /run /tmp /var -uid 99 -print | grep -m 10 . ; then + echo "ERROR: found files belonging to UID 99" + exit 2 +fi +echo "... not found" + +echo "Checking if nobody is defined correctly..." +if getent passwd nobody | + grep '^nobody:[x*]:65534:65534:.*:/:/sbin/nologin'; +then + echo "OK, nothing to do." + exit 0 +else + echo "NOTICE: User nobody is not defined correctly" +fi + +echo "Checking if nfsnobody or something else is using the uid..." +if getent passwd 65534 | grep . ; then + echo "NOTICE: will have to remove this user" +else + echo "... not found" +fi + +if [ "${1:-}" = "-x" ]; then + if getent passwd nobody >/dev/null; then + # this will remove both the user and the group. + ( set -x + userdel nobody + ) + fi + + if getent passwd 65534 >/dev/null; then + # Make sure the uid is unused. This should free gid too. + name="$(getent passwd 65534 | cut -d: -f1)" + ( set -x + userdel "$name" + ) + fi + + if grep -qE '^(passwd|group):.*\bsss\b' /etc/nsswitch.conf; then + echo "Sleeping, so sss can catch up" + sleep 3 + fi + + if getent group 65534; then + # Make sure the gid is unused, even if uid wasn't. + name="$(getent group 65534 | cut -d: -f1)" + ( set -x + groupdel "$name" + ) + fi + + # systemd-sysusers uses the same gid and uid + ( set -x + systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin' + ) +else + echo "Pass '-x' to perform changes" +fi diff --git a/SOURCES/rc.local b/SOURCES/rc.local new file mode 100644 index 0000000..4666070 --- /dev/null +++ b/SOURCES/rc.local @@ -0,0 +1,14 @@ +#!/bin/bash +# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES +# +# It is highly advisable to create own systemd services or udev rules +# to run scripts during boot instead of using this file. +# +# In contrast to previous versions due to parallel execution during boot +# this script will NOT be run after all other services. +# +# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure +# that this script will be executed during boot. + +touch /var/lock/subsys/local + diff --git a/SOURCES/split-files.py b/SOURCES/split-files.py new file mode 100644 index 0000000..7622210 --- /dev/null +++ b/SOURCES/split-files.py @@ -0,0 +1,163 @@ +import re, sys, os, collections + +buildroot = sys.argv[1] +known_files = sys.stdin.read().splitlines() +known_files = {line.split()[-1]:line for line in known_files} + +def files(root): + os.chdir(root) + todo = collections.deque(['.']) + while todo: + n = todo.pop() + files = os.scandir(n) + for file in files: + yield file + if file.is_dir() and not file.is_symlink(): + todo.append(file) + +o_libs = open('.file-list-libs', 'w') +o_udev = open('.file-list-udev', 'w') +o_pam = open('.file-list-pam', 'w') +o_rpm_macros = open('.file-list-rpm-macros', 'w') +o_devel = open('.file-list-devel', 'w') +o_container = open('.file-list-container', 'w') +o_networkd = open('.file-list-networkd', 'w') +o_resolved = open('.file-list-resolved', 'w') +o_oomd = open('.file-list-oomd', 'w') +o_remote = open('.file-list-remote', 'w') +o_tests = open('.file-list-tests', 'w') +o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w') +o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w') +o_rest = open('.file-list-rest', 'w') +for file in files(buildroot): + n = file.path[1:] + if re.match(r'''/usr/(share|include)$| + /usr/share/man(/man.|)$| + /usr/share/zsh(/site-functions|)$| + /usr/share/dbus-1$| + /usr/share/dbus-1/system.d$| + /usr/share/dbus-1/(system-|)services$| + /usr/share/polkit-1(/actions|/rules.d|)$| + /usr/share/pkgconfig$| + /usr/share/bash-completion(/completions|)$| + /usr(/lib|/lib64|/bin|/sbin|)$| + /usr/lib.*/(security|pkgconfig)$| + /usr/lib/rpm(/macros.d|)$| + /usr/lib/firewalld(/services|)$| + /usr/share/(locale|licenses|doc)| # no $ + /etc(/pam\.d|/xdg|/X11|/X11/xinit|/X11.*\.d|)$| + /etc/(dnf|dnf/protected.d)$| + /usr/(src|lib/debug)| # no $ + /run$| + /var(/cache|/log|/lib|/run|)$ + ''', n, re.X): + continue + if '/security/pam_' in n or '/man8/pam_' in n: + o = o_pam + elif '/rpm/' in n: + o = o_rpm_macros + elif '/usr/lib/systemd/tests' in n: + o = o_tests + elif re.search(r'/lib.*\.pc|/man3/|/usr/include|(? + + systemd-journal-gatewayd + Journal Gateway Service + + diff --git a/SOURCES/systemd-journal-remote.xml b/SOURCES/systemd-journal-remote.xml new file mode 100644 index 0000000..e115a12 --- /dev/null +++ b/SOURCES/systemd-journal-remote.xml @@ -0,0 +1,6 @@ + + + systemd-journal-remote + Journal Remote Sink + + diff --git a/SOURCES/systemd-udev-trigger-no-reload.conf b/SOURCES/systemd-udev-trigger-no-reload.conf new file mode 100644 index 0000000..c879427 --- /dev/null +++ b/SOURCES/systemd-udev-trigger-no-reload.conf @@ -0,0 +1,3 @@ +[Unit] +# https://bugzilla.redhat.com/show_bug.cgi?id=1378974#c17 +RefuseManualStop=true diff --git a/SOURCES/systemd-user b/SOURCES/systemd-user new file mode 100644 index 0000000..2725df9 --- /dev/null +++ b/SOURCES/systemd-user @@ -0,0 +1,10 @@ +# This file is part of systemd. +# +# Used by systemd --user instances. + +account include system-auth + +session required pam_selinux.so close +session required pam_selinux.so nottys open +session required pam_loginuid.so +session include system-auth diff --git a/SOURCES/sysusers.attr b/SOURCES/sysusers.attr new file mode 100644 index 0000000..367c137 --- /dev/null +++ b/SOURCES/sysusers.attr @@ -0,0 +1,2 @@ +%__sysusers_provides %{_rpmconfigdir}/sysusers.prov +%__sysusers_path ^%{_sysusersdir}/.*\\.conf$ diff --git a/SOURCES/sysusers.generate-pre.sh b/SOURCES/sysusers.generate-pre.sh new file mode 100755 index 0000000..6c481c3 --- /dev/null +++ b/SOURCES/sysusers.generate-pre.sh @@ -0,0 +1,79 @@ +#!/bin/bash + +# This script turns sysuser.d files into scriptlets mandated by Fedora +# packaging guidelines. The general idea is to define users using the +# declarative syntax but to turn this into traditional scriptlets. + +user() { + user="$1" + uid="$2" + desc="$3" + group="$4" + home="$5" + shell="$6" + +[ "$desc" = '-' ] && desc= +[ "$home" = '-' -o "$home" = '' ] && home=/ +[ "$shell" = '-' -o "$shell" = '' ] && shell=/sbin/nologin + +if [ "$uid" = '-' -o "$uid" = '' ]; then + cat </dev/null || \\ + useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' +EOF +else + cat </dev/null ; then + if ! getent passwd '$uid' >/dev/null ; then + useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' + else + useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' + fi +fi + +EOF +fi +} + +group() { + group="$1" + gid="$2" +if [ "$gid" = '-' ]; then + cat </dev/null || groupadd -r '$group' +EOF +else + cat </dev/null || groupadd -f -g '$gid' -r '$group' +EOF +fi +} + +parse() { + while read line || [ "$line" ]; do + [ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue + line="${line## *}" + [ -z "$line" ] && continue + eval arr=( $line ) + case "${arr[0]}" in + ('u') + group "${arr[1]}" "${arr[2]}" + user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}" + # TODO: user:group support + ;; + ('g') + group "${arr[1]}" "${arr[2]}" + ;; + ('m') + group "${arr[2]}" "-" + user "${arr[1]}" "-" "" "${arr[2]}" + ;; + esac + done +} + +for fn in "$@"; do + [ -e "$fn" ] || continue + echo "# generated from $(basename $fn)" + parse < "$fn" +done diff --git a/SOURCES/sysusers.prov b/SOURCES/sysusers.prov new file mode 100755 index 0000000..a6eda5d --- /dev/null +++ b/SOURCES/sysusers.prov @@ -0,0 +1,28 @@ +#!/bin/bash + +parse() { + while read line; do + [ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue + line="${line## *}" + [ -z "$line" ] && continue + set -- $line + case "$1" in + ('u') + echo "user($2)" + echo "group($2)" + # TODO: user:group support + ;; + ('g') + echo "group($2)" + ;; + ('m') + echo "user($2)" + echo "group($3)" + ;; + esac + done +} + +while read fn; do + parse < "$fn" +done diff --git a/SOURCES/triggers.systemd b/SOURCES/triggers.systemd new file mode 100644 index 0000000..6c57d71 --- /dev/null +++ b/SOURCES/triggers.systemd @@ -0,0 +1,89 @@ +# -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# Copyright 2018 Neal Gompa + +# The contents of this are an example to be copied into systemd.spec. +# +# Minimum rpm version supported: 4.14.0 + +%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system +# This script will run after any package is initially installed or +# upgraded. We care about the case where a package is initially +# installed, because other cases are covered by the *un scriptlets, +# so sometimes we will reload needlessly. +if test -d "/run/systemd/system"; then + %{_bindir}/systemctl daemon-reload || : + %{_bindir}/systemctl reload-or-restart --marked || : +fi + +%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system +# On removal, we need to run daemon-reload after any units have been +# removed. +# On upgrade, we need to run daemon-reload after any new unit files +# have been installed, but before %postun scripts in packages get +# executed. +if test -d "/run/systemd/system"; then + %{_bindir}/systemctl daemon-reload || : +fi + +%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system +# We restart remaining services that should be restarted here. +if test -d "/run/systemd/system"; then + %{_bindir}/systemctl reload-or-restart --marked || : +fi + +%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d +# This script will process files installed in /usr/lib/sysusers.d to create +# specified users automatically. The priority is set such that it +# will run before the tmpfiles file trigger. +if test -d "/run/systemd/system"; then + %{_bindir}/systemd-sysusers || : +fi + +%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d +# This script will automatically invoke hwdb update if files have been +# installed or updated in /usr/lib/udev/hwdb.d. +if test -d "/run/systemd/system"; then + %{_bindir}/systemd-hwdb update || : +fi + +%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog +# This script will automatically invoke journal catalog update if files +# have been installed or updated in /usr/lib/systemd/catalog. +if test -d "/run/systemd/system"; then + %{_bindir}/journalctl --update-catalog || : +fi + +%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d +# This script will automatically apply binfmt rules if files have been +# installed or updated in /usr/lib/binfmt.d. +if test -d "/run/systemd/system"; then + # systemd-binfmt might fail if binfmt_misc kernel module is not loaded + # during install + /usr/lib/systemd/systemd-binfmt || : +fi + +%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d +# This script will process files installed in /usr/lib/tmpfiles.d to create +# tmpfiles automatically. The priority is set such that it will run +# after the sysusers file trigger, but before any other triggers. +if test -d "/run/systemd/system"; then + %{_bindir}/systemd-tmpfiles --create || : +fi + +%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d +# This script will automatically update udev with new rules if files +# have been installed or updated in /usr/lib/udev/rules.d. +if test -e /run/udev/control; then + %{_bindir}/udevadm control --reload || : +fi + +%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d +# This script will automatically apply sysctl rules if files have been +# installed or updated in /usr/lib/sysctl.d. +if test -d "/run/systemd/system"; then + /usr/lib/systemd/systemd-sysctl || : +fi diff --git a/SOURCES/yum-protect-systemd.conf b/SOURCES/yum-protect-systemd.conf new file mode 100644 index 0000000..39426d7 --- /dev/null +++ b/SOURCES/yum-protect-systemd.conf @@ -0,0 +1,2 @@ +systemd +systemd-udev diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec new file mode 100644 index 0000000..38ab79d --- /dev/null +++ b/SPECS/systemd.spec @@ -0,0 +1,3236 @@ +#global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa +%{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} + +#global stable 1 + +# We ship a .pc file but don't want to have a dep on pkg-config. We +# strip the automatically generated dep here and instead co-own the +# directory. +%global __requires_exclude pkg-config + +%global pkgdir %{_prefix}/lib/systemd +%global system_unit_dir %{pkgdir}/system +%global user_unit_dir %{pkgdir}/user + +# Bootstrap may be needed to break intercircular dependencies with +# cryptsetup, e.g. when re-building cryptsetup on a json-c SONAME-bump. +%bcond_with bootstrap +%bcond_without tests +%bcond_without lto + +Name: systemd +Url: https://www.freedesktop.org/wiki/Software/systemd +Version: 250 +Release: 6%{?dist} +# For a breakdown of the licensing, see README +License: LGPLv2+ and MIT and GPLv2+ +Summary: System and Service Manager + +# download tarballs with "spectool -g systemd.spec" +%if %{defined commit} +Source0: https://github.com/systemd/systemd%{?stable:-stable}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz +%else +%if 0%{?stable} +Source0: https://github.com/systemd/systemd-stable/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz +%else +Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz +%endif +%endif +# This file must be available before %%prep. +# It is generated during systemd build and can be found in build/src/core/. +Source1: triggers.systemd +Source2: split-files.py +Source3: purge-nobody-user + +# Prevent accidental removal of the systemd package +Source4: yum-protect-systemd.conf + +Source5: inittab +Source6: sysctl.conf.README +Source7: systemd-journal-remote.xml +Source8: systemd-journal-gatewayd.xml +Source9: 20-yama-ptrace.conf +Source10: systemd-udev-trigger-no-reload.conf +Source11: 20-grubby.install +Source12: systemd-user +Source13: libsystemd-shared.abignore + +Source14: 10-oomd-defaults.conf +Source15: 10-oomd-root-slice-defaults.conf +Source16: 10-oomd-user-service-defaults.conf + +Source21: macros.sysusers +Source22: sysusers.attr +Source23: sysusers.prov +Source24: sysusers.generate-pre.sh +Source25: rc.local + +%if 0 +GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable +i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip +GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch +%endif + +# Backports of patches from upstream (0000–0499) +# +# Any patches which are "in preparation" upstream should be listed +# here, rather than in the next section. Packit CI will drop any +# patches in this range before applying upstream pull requests. + +# RHEL-specific +Patch0001: 0001-logind-set-RemoveIPC-to-false-by-default.patch +Patch0002: 0002-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch +Patch0003: 0003-Copy-40-redhat.rules-from-RHEL-8.patch +Patch0004: 0004-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch +Patch0005: 0005-unit-don-t-add-Requires-for-tmp.mount.patch +Patch0006: 0006-units-add-Install-section-to-tmp.mount.patch +Patch0007: 0007-rc-local-order-after-network-online.target.patch +Patch0008: 0008-ci-drop-CIs-irrelevant-for-downstream.patch +Patch0009: 0009-ci-reconfigure-Packit-for-RHEL-9.patch +Patch0010: 0010-ci-run-unit-tests-on-z-stream-branches-as-well.patch +Patch0011: 0011-random-util-increase-random-seed-size-to-1024.patch +Patch0012: 0012-journal-don-t-enable-systemd-journald-audit.socket-b.patch +Patch0013: 0013-journald.conf-don-t-touch-current-audit-settings.patch +Patch0014: 0014-Revert-udev-remove-WAIT_FOR-key.patch +Patch0015: 0015-Really-don-t-enable-systemd-journald-audit.socket.patch +Patch0016: 0016-rules-add-elevator-kernel-command-line-parameter.patch +Patch0017: 0017-units-don-t-enable-tmp.mount-statically-in-local-fs..patch +Patch0018: 0018-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch +Patch0019: 0019-set-core-ulimit-to-0-like-on-RHEL-7.patch +Patch0020: 0020-ci-use-C9S-chroots-in-Packit.patch +Patch0021: 0021-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch +Patch0022: 0022-Treat-EPERM-as-not-available-too.patch +Patch0023: 0023-test-copy-portable-profiles-into-the-image-if-they-d.patch +Patch0024: 0024-test-introduce-get_cgroup_hierarchy-helper.patch +Patch0025: 0025-test-require-unified-cgroup-hierarchy-for-TEST-56.patch +Patch0026: 0026-tests-rework-test-macros-to-not-take-code-as-paramet.patch +Patch0027: 0027-test-allow-to-set-NULL-to-intro-or-outro.patch +Patch0028: 0028-udev-net-setup-link-change-the-default-MACAddressPol.patch +Patch0029: 0029-man-mention-System-Administrator-s-Guide-in-systemct.patch +Patch0030: 0030-Net-naming-scheme-for-RHEL-9.0.patch +Patch0031: 0031-core-decrease-log-level-of-messages-about-use-of-Kil.patch +Patch0032: 0032-ci-replace-apt-key-with-signed-by.patch +Patch0033: 0033-ci-fix-clang-13-installation.patch +Patch0034: 0034-Revert-kernel-install-also-remove-modules.builtin.al.patch +Patch0035: 0035-Revert-kernel-install-prefer-boot-over-boot-efi-for-.patch +Patch0036: 0036-kernel-install-50-depmod-port-to-bin-sh.patch +Patch0037: 0037-kernel-install-90-loaderentry-port-to-bin-sh.patch +Patch0038: 0038-kernel-install-fix-shellcheck.patch +Patch0039: 0039-kernel-install-port-to-bin-sh.patch +Patch0040: 0040-kernel-install-90-loaderentry-error-out-on-nonexiste.patch +Patch0041: 0041-kernel-install-don-t-pull-out-KERNEL_IMAGE.patch +Patch0042: 0042-kernel-install-prefer-boot-over-boot-efi-for-BOOT_RO.patch +Patch0043: 0043-kernel-install-also-remove-modules.builtin.alias.bin.patch +Patch0044: 0044-kernel-install-add-new-variable-KERNEL_INSTALL_INITR.patch +Patch0045: 0045-kernel-install-k-i-already-creates-ENTRY_DIR_ABS-no-.patch +Patch0046: 0046-kernel-install-prefix-errors-with-Error-exit-immedia.patch +Patch0047: 0047-kernel-install-add-KERNEL_INSTALL_STAGING_AREA-direc.patch +Patch0048: 0048-kernel-install-add-missing-log-line.patch +Patch0049: 0049-kernel-install-don-t-try-to-persist-used-machine-ID-.patch +Patch0050: 0050-kernel-install-add-a-new-ENTRY_TOKEN-variable-for-na.patch +Patch0051: 0051-kernel-install-only-generate-systemd.boot_id-in-kern.patch +Patch0052: 0052-kernel-install-search-harder-for-kernel-image-initrd.patch +Patch0053: 0053-kernel-install-add-new-inspect-verb-showing-paths-an.patch +Patch0054: 0054-bus-Use-OrderedSet-for-introspection.patch +Patch0055: 0055-udev-net_id-avoid-slot-based-names-only-for-single-f.patch + +# Downstream-only patches (9000–9999) + +BuildRequires: gcc +BuildRequires: gcc-c++ +BuildRequires: coreutils +BuildRequires: libcap-devel +BuildRequires: libmount-devel +BuildRequires: libfdisk-devel +BuildRequires: pam-devel +BuildRequires: libselinux-devel +BuildRequires: audit-libs-devel +%if %{without bootstrap} +BuildRequires: cryptsetup-devel +%endif +BuildRequires: dbus-devel +# /usr/bin/getfacl is needed by test-acl-util +BuildRequires: acl +BuildRequires: libacl-devel +BuildRequires: gobject-introspection-devel +BuildRequires: libblkid-devel +BuildRequires: xz-devel +BuildRequires: xz +BuildRequires: lz4-devel +BuildRequires: lz4 +BuildRequires: bzip2-devel +BuildRequires: libzstd-devel +BuildRequires: libidn2-devel +BuildRequires: libcurl-devel +BuildRequires: kmod-devel +BuildRequires: elfutils-devel +BuildRequires: openssl-devel +BuildRequires: libgcrypt-devel +BuildRequires: libgpg-error-devel +BuildRequires: gnutls-devel +BuildRequires: libmicrohttpd-devel +BuildRequires: libxkbcommon-devel +BuildRequires: libxslt +BuildRequires: docbook-style-xsl +BuildRequires: pkgconfig +BuildRequires: gperf +BuildRequires: gawk +BuildRequires: tree +BuildRequires: hostname +BuildRequires: python3dist(lxml) +BuildRequires: python3dist(jinja2) +BuildRequires: firewalld-filesystem +BuildRequires: libseccomp-devel +BuildRequires: meson >= 0.43 +BuildRequires: gettext +# We use RUNNING_ON_VALGRIND in tests, so the headers need to be available +BuildRequires: valgrind-devel +BuildRequires: pkgconfig(bash-completion) +BuildRequires: pkgconfig(tss2-esys) +BuildRequires: pkgconfig(tss2-rc) +BuildRequires: pkgconfig(tss2-mu) +BuildRequires: perl +BuildRequires: perl(IPC::SysV) + +Requires(post): coreutils +Requires(post): sed +Requires(post): acl +Requires(post): grep +# systemd-machine-id-setup requires libssl +Requires(post): openssl-libs +Requires(pre): coreutils +Requires(pre): /usr/bin/getent +Requires(pre): /usr/sbin/groupadd +Requires: dbus >= 1.9.18 +Requires: %{name}-pam = %{version}-%{release} +Requires: %{name}-rpm-macros = %{version}-%{release} +Requires: %{name}-libs = %{version}-%{release} +Requires: util-linux +Provides: /bin/systemctl +Provides: /sbin/shutdown +Provides: syslog +Provides: systemd-units = %{version}-%{release} +Obsoletes: system-setup-keyboard < 0.9 +Provides: system-setup-keyboard = 0.9 +# systemd-sysv-convert was removed in f20: https://fedorahosted.org/fpc/ticket/308 +Obsoletes: systemd-sysv < 206 +# self-obsoletes so that dnf will install new subpackages on upgrade (#1260394) +Obsoletes: %{name} < 246.6-2 +Provides: systemd-sysv = 206 +Conflicts: initscripts < 9.56.1 +%if 0%{?fedora} +Conflicts: fedora-release < 23-0.12 +%endif +Obsoletes: timedatex < 0.6-3 +Provides: timedatex = 0.6-3 +Conflicts: %{name}-standalone-tmpfiles < %{version}-%{release}^ +Obsoletes: %{name}-standalone-tmpfiles < %{version}-%{release}^ +Conflicts: %{name}-standalone-sysusers < %{version}-%{release}^ +Obsoletes: %{name}-standalone-sysusers < %{version}-%{release}^ + +# Requires deps for stuff that is dlopen()ed +Requires: pcre2%{?_isa} + +%description +systemd is a system and service manager that runs as PID 1 and starts +the rest of the system. It provides aggressive parallelization +capabilities, uses socket and D-Bus activation for starting services, +offers on-demand starting of daemons, keeps track of processes using +Linux control groups, maintains mount and automount points, and +implements an elaborate transactional dependency-based service control +logic. systemd supports SysV and LSB init scripts and works as a +replacement for sysvinit. Other parts of this package are a logging daemon, +utilities to control basic system configuration like the hostname, +date, locale, maintain a list of logged-in users, system accounts, +runtime directories and settings, and daemons to manage simple network +configuration, network time synchronization, log forwarding, and name +resolution. +%if 0%{?stable} +This package was built from the %{version}-stable branch of systemd. +%endif + +%package libs +Summary: systemd libraries +License: LGPLv2+ and MIT +Obsoletes: libudev < 183 +Obsoletes: systemd < 185-4 +Conflicts: systemd < 185-4 +Obsoletes: systemd-compat-libs < 230 +Obsoletes: nss-myhostname < 0.4 +Provides: nss-myhostname = 0.4 +Provides: nss-myhostname%{_isa} = 0.4 +Requires(post): coreutils +Requires(post): sed +Requires(post): grep +Requires(post): /usr/bin/getent + +%description libs +Libraries for systemd and udev. + +%package pam +Summary: systemd PAM module +Requires: %{name} = %{version}-%{release} + +%description pam +Systemd PAM module registers the session with systemd-logind. + +%package rpm-macros +Summary: Macros that define paths and scriptlets related to systemd +BuildArch: noarch + +%description rpm-macros +Just the definitions of rpm macros. + +See +https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_systemd +for information how to use those macros. + +%package devel +Summary: Development headers for systemd +License: LGPLv2+ and MIT +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Provides: libudev-devel = %{version} +Provides: libudev-devel%{_isa} = %{version} +Obsoletes: libudev-devel < 183 +# Fake dependency to make sure systemd-pam is pulled into multilib (#1414153) +Requires: %{name}-pam = %{version}-%{release} + +%description devel +Development headers and auxiliary files for developing applications linking +to libudev or libsystemd. + +%package udev +Summary: Rule-based device node and kernel event manager +License: LGPLv2+ + +Requires: systemd%{?_isa} = %{version}-%{release} +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +Requires(post): grep +Requires: kmod >= 18-4 +# https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1 +Obsoletes: systemd < 245.6-1 +Provides: udev = %{version} +Provides: udev%{_isa} = %{version} +Obsoletes: udev < 183 + +# https://bugzilla.redhat.com/show_bug.cgi?id=1377733#c9 +Suggests: systemd-bootchart +# https://bugzilla.redhat.com/show_bug.cgi?id=1408878 +Requires: kbd + +# Requires deps for stuff that is dlopen()ed +Requires: cryptsetup-libs%{?_isa} +# https://bugzilla.redhat.com/show_bug.cgi?id=2017541 +Requires: tpm2-tss%{?_isa} + +# https://bugzilla.redhat.com/show_bug.cgi?id=1753381 +Provides: u2f-hidraw-policy = 1.0.2-40 +Obsoletes: u2f-hidraw-policy < 1.0.2-40 + +%description udev +This package contains systemd-udev and the rules and hardware database +needed to manage device nodes. This package is necessary on physical +machines and in virtual machines, but not in containers. + +%package container +# Name is the same as in Debian +Summary: Tools for containers and VMs +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +# obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) +Obsoletes: %{name} < 229-5 +License: LGPLv2+ + +%description container +Systemd tools to spawn and manage containers and virtual machines. + +This package contains systemd-nspawn, machinectl, systemd-machined, +and systemd-importd. + +%package journal-remote +# Name is the same as in Debian +Summary: Tools to send journal events over the network +Requires: %{name}%{?_isa} = %{version}-%{release} +License: LGPLv2+ +Requires(pre): /usr/bin/getent +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +Requires: firewalld-filesystem +Provides: %{name}-journal-gateway = %{version}-%{release} +Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} +Obsoletes: %{name}-journal-gateway < 227-7 + +%description journal-remote +Programs to forward journal entries over the network, using encrypted HTTP, +and to write journal files from serialized journal contents. + +This package contains systemd-journal-gatewayd, +systemd-journal-remote, and systemd-journal-upload. + +%package resolved +Summary: System daemon that provides network name resolution to local applications +Requires: %{name}%{?_isa} = %{version}-%{release} +License: LGPLv2+ + +%description resolved +systemd-resolved is a system service that provides network name +resolution to local applications. It implements a caching and +validating DNS/DNSSEC stub resolver, as well as an LLMNR and +MulticastDNS resolver and responder. + +%package oomd +Summary: A userspace out-of-memory (OOM) killer +Requires: %{name}%{?_isa} = %{version}-%{release} +License: LGPLv2+ +Provides: %{name}-oomd-defaults = %{version}-%{release} + +%description oomd +systemd-oomd is a system service that uses cgroups-v2 and pressure stall +information (PSI) to monitor and take action on processes before an OOM +occurs in kernel space. + +%package standalone-tmpfiles +Summary: Standalone tmpfiles binary for use in non-systemd systems +RemovePathPostfixes: .standalone + +%description standalone-tmpfiles +Standalone tmpfiles binary with no dependencies on the systemd-shared library +or other libraries from systemd-libs. This package conflicts with the main +systemd package and is meant for use in non-systemd systems. + +%package standalone-sysusers +Summary: Standalone sysusers binary for use in non-systemd systems +RemovePathPostfixes: .standalone + +%description standalone-sysusers +Standalone sysusers binary with no dependencies on the systemd-shared library +or other libraries from systemd-libs. This package conflicts with the main +systemd package and is meant for use in non-systemd systems. + +%prep +%autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1 + +%build +%define ntpvendor %(source /etc/os-release; echo ${ID}) +%{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} + +CONFIGURE_OPTS=( + -Dmode=release + -Dsysvinit-path=/etc/rc.d/init.d + -Drc-local=/etc/rc.d/rc.local + -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' + -Ddns-servers= + -Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin + -Dservice-watchdog=3min + -Ddev-kvm-mode=0666 + -Dkmod=true + -Dxkbcommon=true + -Dblkid=true + -Dfdisk=true + -Dseccomp=true + -Dima=true + -Dselinux=true + -Dapparmor=false + -Dpolkit=true + -Dxz=true + -Dzlib=true + -Dbzip2=true + -Dlz4=true + -Dzstd=true + -Dpam=true + -Dacl=true + -Dsmack=true + -Dopenssl=true + -Dcryptolib=openssl + -Dp11kit=true + -Dgcrypt=true + -Daudit=true + -Delfutils=true +%if %{without bootstrap} + -Dlibcryptsetup=true +%else + -Dlibcryptsetup=false +%endif + -Delfutils=true + -Dpwquality=false + -Dqrencode=false + -Dgnutls=true + -Dmicrohttpd=true + -Dlibidn2=true + -Dlibiptc=false + -Dlibcurl=true + -Dlibfido2=false + -Dgnu-efi=false + -Dtpm=true + -Dtpm2=true + -Dhwdb=true + -Dsysusers=true + -Dstandalone-binaries=true + -Ddefault-kill-user-processes=false + -Dtests=unsafe + -Dinstall-tests=false + -Dtty-gid=5 + -Dusers-gid=100 + -Dnobody-user=nobody + -Dnobody-group=nobody + -Dcompat-mutable-uid-boundaries=true + -Dsplit-usr=false + -Dsplit-bin=true +%if %{with lto} + -Db_lto=true +%else + -Db_lto=false +%endif + -Db_ndebug=false + -Dman=true + -Dversion-tag=%{version}-%{release} +%if 0%{?fedora} + -Dfallback-hostname=fedora +%else + -Dfallback-hostname=localhost +%endif + -Ddefault-dnssec=no + # https://bugzilla.redhat.com/show_bug.cgi?id=1867830 + -Ddefault-mdns=no + -Ddefault-llmnr=resolve + -Doomd=true + -Dtimesyncd=false + -Dhomed=false + -Duserdb=false + -Dportabled=false + -Dnetworkd=false + -Dsupport-url=https://access.redhat.com/support +) + +%if %{without lto} +%global _lto_cflags %nil +%endif + +%meson "${CONFIGURE_OPTS[@]}" + +new_triggers=%{_vpath_builddir}/src/rpm/triggers.systemd.sh +if ! diff -u %{SOURCE1} ${new_triggers}; then + echo -e "\n\n\nWARNING: triggers.systemd in Source1 is different!" + echo -e " cp $PWD/${new_triggers} %{SOURCE1}\n\n\n" + sleep 5 +fi + +%meson_build + +%install +%meson_install + +# udev links +mkdir -p %{buildroot}/%{_sbindir} +ln -sf ../bin/udevadm %{buildroot}%{_sbindir}/udevadm + +# Compatiblity and documentation files +touch %{buildroot}/etc/crypttab +chmod 600 %{buildroot}/etc/crypttab + +# /etc/initab +install -Dm0644 -t %{buildroot}/etc/ %{SOURCE5} + +# /etc/sysctl.conf compat +install -Dm0644 %{SOURCE6} %{buildroot}/etc/sysctl.conf +ln -s ../sysctl.conf %{buildroot}/etc/sysctl.d/99-sysctl.conf + +# Make sure these directories are properly owned +mkdir -p %{buildroot}%{system_unit_dir}/basic.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/default.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/dbus.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/syslog.target.wants +mkdir -p %{buildroot}/run +mkdir -p %{buildroot}%{_localstatedir}/log +touch %{buildroot}%{_localstatedir}/log/lastlog +chmod 0664 %{buildroot}%{_localstatedir}/log/lastlog +touch %{buildroot}/run/utmp +touch %{buildroot}%{_localstatedir}/log/{w,b}tmp + +# Make sure the user generators dir exists too +mkdir -p %{buildroot}%{pkgdir}/system-generators +mkdir -p %{buildroot}%{pkgdir}/user-generators + +# Create new-style configuration files so that we can ghost-own them +touch %{buildroot}%{_sysconfdir}/hostname +touch %{buildroot}%{_sysconfdir}/vconsole.conf +touch %{buildroot}%{_sysconfdir}/locale.conf +touch %{buildroot}%{_sysconfdir}/machine-id +touch %{buildroot}%{_sysconfdir}/machine-info +touch %{buildroot}%{_sysconfdir}/localtime +mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d +touch %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/00-keyboard.conf + +# Make sure the shutdown/sleep drop-in dirs exist +mkdir -p %{buildroot}%{pkgdir}/system-shutdown/ +mkdir -p %{buildroot}%{pkgdir}/system-sleep/ + +# Make sure directories in /var exist +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/coredump +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/catalog +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/backlight +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/rfkill +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/linger +mkdir -p %{buildroot}%{_localstatedir}/lib/private +mkdir -p %{buildroot}%{_localstatedir}/log/private +mkdir -p %{buildroot}%{_localstatedir}/cache/private +mkdir -p %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload +ln -s ../private/systemd/journal-upload %{buildroot}%{_localstatedir}/lib/systemd/journal-upload +mkdir -p %{buildroot}%{_localstatedir}/log/journal +touch %{buildroot}%{_localstatedir}/lib/systemd/catalog/database +touch %{buildroot}%{_sysconfdir}/udev/hwdb.bin +touch %{buildroot}%{_localstatedir}/lib/systemd/random-seed +touch %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload/state + +# Install rc.local +mkdir -p %{buildroot}%{_sysconfdir}/rc.d/ +install -m 0644 %{SOURCE25} %{buildroot}%{_sysconfdir}/rc.d/rc.local +ln -s rc.d/rc.local %{buildroot}%{_sysconfdir}/rc.local + +# Install yum protection fragment +install -Dm0644 %{SOURCE4} %{buildroot}/etc/dnf/protected.d/systemd.conf + +install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE7} %{SOURCE8} + +# Restore systemd-user pam config from before "removal of Fedora-specific bits" +install -Dm0644 -t %{buildroot}/etc/pam.d/ %{SOURCE12} + +# Install additional docs +# https://bugzilla.redhat.com/show_bug.cgi?id=1234951 +install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE9} + +# https://bugzilla.redhat.com/show_bug.cgi?id=1378974 +install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE10} + +# A temporary work-around for https://bugzilla.redhat.com/show_bug.cgi?id=1663040 +mkdir -p %{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/ +cat >%{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/disable-privatedevices.conf </dev/null || groupadd -r -g 11 cdrom &>/dev/null || : +getent group utmp &>/dev/null || groupadd -r -g 22 utmp &>/dev/null || : +getent group tape &>/dev/null || groupadd -r -g 33 tape &>/dev/null || : +getent group dialout &>/dev/null || groupadd -r -g 18 dialout &>/dev/null || : +getent group input &>/dev/null || groupadd -r input &>/dev/null || : +getent group kvm &>/dev/null || groupadd -r -g 36 kvm &>/dev/null || : +getent group render &>/dev/null || groupadd -r render &>/dev/null || : +getent group systemd-journal &>/dev/null || groupadd -r -g 190 systemd-journal 2>&1 || : + +getent group systemd-coredump &>/dev/null || groupadd -r systemd-coredump 2>&1 || : +getent passwd systemd-coredump &>/dev/null || useradd -r -l -g systemd-coredump -d / -s /sbin/nologin -c "systemd Core Dumper" systemd-coredump &>/dev/null || : + + +%post +systemd-machine-id-setup &>/dev/null || : + +systemctl daemon-reexec &>/dev/null || { + # systemd v239 had bug #9553 in D-Bus authentication of the private socket, + # which was later fixed in v240 by #9625. + # + # The end result is that a `systemctl daemon-reexec` call as root will fail + # when upgrading from systemd v239, which means the system will not start + # running the new version of systemd after this post install script runs. + # + # To work around this issue, let's fall back to using a `kill -TERM 1` to + # re-execute the daemon when the `systemctl daemon-reexec` call fails. + # + # In order to prevent issues when the reason why the daemon-reexec failed is + # not the aforementioned bug, let's only use this fallback when: + # - we're upgrading this RPM package; and + # - we confirm that systemd is running as PID1 on this system. + if [ $1 -gt 1 ] && [ -d /run/systemd/system ] ; then + kill -TERM 1 &>/dev/null || : + fi +} + +if [ $1 -eq 1 ]; then + [ -w %{_localstatedir} ] && journalctl --update-catalog || : + systemd-tmpfiles --create &>/dev/null || : +fi + +# Make sure new journal files will be owned by the "systemd-journal" group +machine_id=$(cat /etc/machine-id 2>/dev/null) +chgrp systemd-journal /{run,var}/log/journal/{,${machine_id}} &>/dev/null || : +chmod g+s /{run,var}/log/journal/{,${machine_id}} &>/dev/null || : + +# Apply ACL to the journal directory +setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/ &>/dev/null || : + +[ $1 -eq 1 ] || exit 0 + +# We reset the enablement of all services upon initial installation +# https://bugzilla.redhat.com/show_bug.cgi?id=1118740#c23 +# This will fix up enablement of any preset services that got installed +# before systemd due to rpm ordering problems: +# https://bugzilla.redhat.com/show_bug.cgi?id=1647172. +# We also do this for user units, see +# https://fedoraproject.org/wiki/Changes/Systemd_presets_for_user_units. +systemctl preset-all &>/dev/null || : +systemctl --global preset-all &>/dev/null || : + +%postun +if [ $1 -eq 1 ]; then + [ -w %{_localstatedir} ] && journalctl --update-catalog || : + systemd-tmpfiles --create &>/dev/null || : +fi + +%systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service + +%post libs +%{?ldconfig} + +function mod_nss() { + if [ -f "$1" ] ; then + # Add nss-systemd to passwd and group + grep -E -q '^(passwd|group):.* systemd' "$1" || + sed -i.bak -r -e ' + s/^(passwd|group):(.*)/\1:\2 systemd/ + ' "$1" &>/dev/null || : + fi +} + +FILE="$(readlink /etc/nsswitch.conf || echo /etc/nsswitch.conf)" +if [ "$FILE" = "/etc/authselect/nsswitch.conf" ] && authselect check &>/dev/null; then + mod_nss "/etc/authselect/user-nsswitch.conf" + authselect apply-changes &> /dev/null || : +else + mod_nss "$FILE" + # also apply the same changes to user-nsswitch.conf to affect + # possible future authselect configuration + mod_nss "/etc/authselect/user-nsswitch.conf" +fi + +# check if nobody or nfsnobody is defined +export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 +if getent passwd nfsnobody &>/dev/null; then + test -f /etc/systemd/dont-synthesize-nobody || { + echo 'Detected system with nfsnobody defined, creating /etc/systemd/dont-synthesize-nobody' + mkdir -p /etc/systemd || : + : >/etc/systemd/dont-synthesize-nobody || : + } +elif getent passwd nobody 2>/dev/null | grep -v 'nobody:[x*]:65534:65534:.*:/:/sbin/nologin' &>/dev/null; then + test -f /etc/systemd/dont-synthesize-nobody || { + echo 'Detected system with incompatible nobody defined, creating /etc/systemd/dont-synthesize-nobody' + mkdir -p /etc/systemd || : + : >/etc/systemd/dont-synthesize-nobody || : + } +fi + +%{?ldconfig:%postun libs -p %ldconfig} + +%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket + +%post udev +# Move old stuff around in /var/lib +mv %{_localstatedir}/lib/random-seed %{_localstatedir}/lib/systemd/random-seed &>/dev/null +mv %{_localstatedir}/lib/backlight %{_localstatedir}/lib/systemd/backlight &>/dev/null + +udevadm hwdb --update &>/dev/null + +%systemd_post %udev_services + +# Try to save the random seed, but don't complain if /dev/urandom is unavailable +/usr/lib/systemd/systemd-random-seed save 2>&1 | \ + grep -v 'Failed to open /dev/urandom' || : + +# Replace obsolete keymaps +# https://bugzilla.redhat.com/show_bug.cgi?id=1151958 +grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null && + sed -i.rpm.bak -r 's/^KEYMAP="?fi-latin[19]"?/KEYMAP="fi"/' /etc/vconsole.conf || : + +%preun udev +%systemd_preun %udev_services + +%postun udev +# Restart some services. +# Others are either oneshot services, or sockets, and restarting them causes issues (#1378974) +%systemd_postun_with_restart systemd-udevd.service + +%pre journal-remote +getent group systemd-journal-remote &>/dev/null || groupadd -r systemd-journal-remote 2>&1 || : +getent passwd systemd-journal-remote &>/dev/null || useradd -r -l -g systemd-journal-remote -d %{_localstatedir}/log/journal/remote -s /sbin/nologin -c "Journal Remote" systemd-journal-remote &>/dev/null || : + +%post journal-remote +%systemd_post systemd-journal-gatewayd.socket systemd-journal-gatewayd.service systemd-journal-remote.socket systemd-journal-remote.service systemd-journal-upload.service +%firewalld_reload + +%preun journal-remote +%systemd_preun systemd-journal-gatewayd.socket systemd-journal-gatewayd.service systemd-journal-remote.socket systemd-journal-remote.service systemd-journal-upload.service +if [ $1 -eq 1 ] ; then + if [ -f %{_localstatedir}/lib/systemd/journal-upload/state -a ! -L %{_localstatedir}/lib/systemd/journal-upload ] ; then + mkdir -p %{_localstatedir}/lib/private/systemd/journal-upload + mv %{_localstatedir}/lib/systemd/journal-upload/state %{_localstatedir}/lib/private/systemd/journal-upload/. + rmdir %{_localstatedir}/lib/systemd/journal-upload || : + fi +fi + +%postun journal-remote +%systemd_postun_with_restart systemd-journal-gatewayd.service systemd-journal-remote.service systemd-journal-upload.service +%firewalld_reload + +%pre resolved +getent group systemd-resolve &>/dev/null || groupadd -r -g 193 systemd-resolve 2>&1 || : +getent passwd systemd-resolve &>/dev/null || useradd -r -u 193 -l -g systemd-resolve -d / -s /sbin/nologin -c "systemd Resolver" systemd-resolve &>/dev/null || : + +%preun resolved +%systemd_preun systemd-resolved.service + +%post resolved +%systemd_post systemd-resolved.service + +%postun resolved +%systemd_postun_with_restart systemd-resolved.service + +%pre oomd +getent group systemd-oom &>/dev/null || groupadd -r systemd-oom 2>&1 || : +getent passwd systemd-oom &>/dev/null || useradd -r -l -g systemd-oom -d / -s /sbin/nologin -c "systemd Userspace OOM Killer" systemd-oom &>/dev/null || : + +%preun oomd +%systemd_preun systemd-oomd.service + +%post oomd +%systemd_post systemd-oomd.service + +%postun oomd +%systemd_postun_with_restart systemd-oomd.service + +%global _docdir_fmt %{name} + +%files -f %{name}.lang -f .file-list-rest +%doc %{_pkgdocdir} +%exclude %{_pkgdocdir}/LICENSE.* +%license LICENSE.GPL2 LICENSE.LGPL2.1 +%ghost %dir %attr(0755,-,-) /etc/systemd/system/basic.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/bluetooth.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/default.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/getty.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/graphical.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/local-fs.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/machines.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/multi-user.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/network-online.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/printer.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/remote-fs.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/sockets.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/sysinit.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/system-update.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/timers.target.wants +%ghost %dir %attr(0755,-,-) /var/lib/rpm-state/systemd + +%files libs -f .file-list-libs +%license LICENSE.LGPL2.1 + +%files pam -f .file-list-pam + +%files rpm-macros -f .file-list-rpm-macros + +%files devel -f .file-list-devel + +%files udev -f .file-list-udev + +%files container -f .file-list-container + +%files journal-remote -f .file-list-remote + +%files resolved -f .file-list-resolved + +%files oomd -f .file-list-oomd + +%files standalone-tmpfiles -f .file-list-standalone-tmpfiles + +%files standalone-sysusers -f .file-list-standalone-sysusers + +%changelog +* Thu Apr 07 2022 systemd maintenance team - 250-6 +- udev/net_id: avoid slot based names only for single function devices (#2070097) + +* Fri Mar 25 2022 systemd maintenance team - 250-5 +- Revert "kernel-install: also remove modules.builtin.alias.bin" (#2065061) +- Revert "kernel-install: prefer /boot over /boot/efi for $BOOT_ROOT" (#2065061) +- kernel-install: 50-depmod: port to /bin/sh (#2065061) +- kernel-install: 90-loaderentry: port to /bin/sh (#2065061) +- kernel-install: fix shellcheck (#2065061) +- kernel-install: port to /bin/sh (#2065061) +- kernel-install: 90-loaderentry: error out on nonexistent initrds instead of swallowing them quietly (#2065061) +- kernel-install: don't pull out KERNEL_IMAGE (#2065061) +- kernel-install: prefer /boot over /boot/efi for $BOOT_ROOT (#2065061) +- kernel-install: also remove modules.builtin.alias.bin (#2065061) +- kernel-install: add new variable $KERNEL_INSTALL_INITRD_GENERATOR (#2065061) +- kernel-install: k-i already creates $ENTRY_DIR_ABS, no need to do it again (#2065061) +- kernel-install: prefix errors with "Error:", exit immediately (#2065061) +- kernel-install: add "$KERNEL_INSTALL_STAGING_AREA" directory (#2065061) +- kernel-install: add missing log line (#2065061) +- kernel-install: don't try to persist used machine ID locally (#2065061) +- kernel-install: add a new $ENTRY_TOKEN variable for naming boot entries (#2065061) +- kernel-install: only generate systemd.boot_id= in kernel command line if used for naming the boot loader spec files/dirs (#2065061) +- kernel-install: search harder for kernel image/initrd drop-in dir (#2065061) +- kernel-install: add new "inspect" verb, showing paths and parameters we discovered (#2065061) +- bus: Use OrderedSet for introspection (#2066325) + +* Wed Feb 23 2022 systemd maintenance team - 250-4 +- udev/net-setup-link: change the default MACAddressPolicy to "none" (#2009237) +- man: mention System Administrator's Guide in systemctl manpage (#1982596) +- Net naming scheme for RHEL-9.0 (#2052106) +- core: decrease log level of messages about use of KillMode=none (#2013213) +- ci: replace apt-key with signed-by (#2013213) +- ci: fix clang-13 installation (#2013213) + +* Tue Feb 08 2022 systemd maintenance team - 250-3 +- Treat EPERM as "not available" too (#2017035) +- test: copy portable profiles into the image if they don't exist there (#2017035) +- test: introduce `get_cgroup_hierarchy() helper (#2047768) +- test: require unified cgroup hierarchy for TEST-56 (#2047768) +- tests: rework test macros to not take code as parameters (#2017035) +- test: allow to set NULL to intro or outro (#2017035) + +* Tue Feb 01 2022 Michal Sekletar - 250-2 +- spec: make sure version string starts with version number (#2049054) + +* Mon Jan 31 2022 Jan Macku - 250-1 +- Rebase to v250 (#2047768) + +* Thu Nov 18 2021 systemd maintenance team - 249-9 +- test: don't install test-network-generator-conversion.sh w/o networkd (#2017035) +- meson.build: change operator combining bools from + to and (#2017035) +- openssl-util: use EVP API to get RSA bits (#2016042) +- procfs-util: fix confusion wrt. quantity limit and maximum value (#2017035) +- test-process-util: also add EROFS to the list of "good" errors (#2017035) +- ci: use C9S chroots in Packit (#2017035) +- test-mountpointutil-util: do not assert in test_mnt_id() (#2017035) +- core/mount: add implicit unit dependencies even if when mount unit is generated from /proc/self/mountinfo (#2019468) +- Drop Patch9001 - https://github.com/systemd/systemd/pull/17050 - Replaced by Patch0046 + +* Tue Oct 12 2021 systemd maintenance team - 249-8 +- Really don't enable systemd-journald-audit.socket (#1973856) +- rules: add elevator= kernel command line parameter (#2003002) +- boot: don't build bootctl when -Dgnu-efi=false is set (#2003130) +- unit: install the systemd-bless-boot.service only if we have gnu-efi (#2003130) +- units: don't enable tmp.mount statically in local-fs.target (#2000927) +- pid1: bump DefaultTasksMax to 80% of the kernel pid.max value (#2003031) +- sd-device: introduce device_has_devlink() (#2005024) +- udev-node: split out permission handling from udev_node_add() (#2005024) +- udev-node: stack directory must exist when adding device node symlink (#2005024) +- udev-node: save information about device node and priority in symlink (#2005024) +- udev-node: always update timestamp of stack directory (#2005024) +- udev-node: assume no new claim to a symlink if /run/udev/links is not updated (#2005024) +- udev-node: always atomically create symlink to device node (#2005024) +- udev-node: check stack directory change even if devlink is removed (#2005024) +- udev-node: shorten code a bit and update log message (#2005024) +- udev-node: add random delay on conflict in updating device node symlink (#2005024) +- udev-node: drop redundant trial of devlink creation (#2005024) +- udev-node: simplify the example of race (#2005024) +- udev-node: do not ignore unexpected errors on removing symlink in stack directory (#2005024) +- basic/time-util: introduce FORMAT_TIMESPAN (#2005024) +- udev/net-setup-link: change the default MACAddressPolicy to "none" (#2009237) +- set core ulimit to 0 like on RHEL-7 (#1998509) + +* Fri Aug 20 2021 systemd maintenance team - 249-4 +- Revert "udev: remove WAIT_FOR key" (#1982666) + +* Tue Aug 10 2021 Mohan Boddu +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Aug 06 2021 systemd maintenance team - 249-2 +- basic/unit-name: do not use strdupa() on a path (#1984299) +- basic/unit-name: adjust comments (#1984299) +- tmpfiles: don't create resolv.conf -> stub-resolv.conf symlink (#1989472) +- Copy 40-redhat.rules from RHEL-8 (#1978639) +- Avoid /tmp being mounted as tmpfs without the user's will (#1959826) +- unit: don't add Requires for tmp.mount (#1619292) +- units: add [Install] section to tmp.mount (#1959826) +- rc-local: order after network-online.target (#1954429) +- ci: drop CIs irrelevant for downstream (#1960703) +- ci: reconfigure Packit for RHEL 9 (#1960703) +- ci: run unit tests on z-stream branches as well (#1960703) +- Check return value of pam_get_item/pam_get_data functions (#1973210) +- random-util: increase random seed size to 1024 (#1982603) +- journal: don't enable systemd-journald-audit.socket by default (#1973856) +- journald.conf: don't touch current audit settings (#1973856) + +* Mon Jul 12 2021 - 249-1 +- Rebase to v249 (#1981276) + +* Thu Jun 17 2021 systemd maintenance team - 248-7 +- core: allow omitting second part of LoadCredentials= argument (#1949568) + +* Tue Jun 15 2021 Mohan Boddu - 248-6 +- Rebuilt for RHEL 9 BETA for openssl 3.0 (#1971065) + +* Mon May 17 2021 systemd maintenance team - 248-5 +- Revert "rfkill: fix the format string to prevent compilation error" (#1931710) +- Revert "rfkill: don't compare values of different signedness" (#1931710) +- rfkill: add some casts to silence -Werror=sign-compare (#1931710) + +* Fri May 14 2021 systemd maintenance team - 248-4 +- logind: set RemoveIPC to false by default (#1959836) + +* Fri May 14 2021 systemd maintenance team - 248-3 +- rfkill: don't compare values of different signedness (#1931710) +- rfkill: fix the format string to prevent compilation error (#1931710) + +* Fri Apr 16 2021 Mohan Boddu +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Wed Mar 31 2021 Zbigniew Jędrzejewski-Szmek - 248-1 +- Latest upstream release, see + https://github.com/systemd/systemd/blob/v248/NEWS. +- The changes since -rc4 are rather small, various fixes all over the place. + A fix to how systemd-oomd selects a candidate to kill, and more debug logging + to make this more transparent. + +* Tue Mar 30 2021 Anita Zhang - 248~rc4-6 +- Increase oomd user memory pressure limit to 50% (#1941170) + +* Fri Mar 26 2021 Zbigniew Jędrzejewski-Szmek - 248~rc4-5 +- Do not preset systemd-networkd.service and systemd-networkd-wait-online.service + on upgrades from before systemd-networkd was split out (#1943263) +- In nsswitch.conf, move nss-myhostname to the front, before nss-mdns4 (#1943199) + +* Wed Mar 24 2021 Zbigniew Jędrzejewski-Szmek - 248~rc4-4 +- Revert patch that seems to cause problems with dns resolution + (see comments on https://bodhi.fedoraproject.org/updates/FEDORA-2021-1c1a870ceb) + +* Mon Mar 22 2021 Zbigniew Jędrzejewski-Szmek - 248~rc4-3 +- Fix hang when processing timers during DST switch in Europe/Dublin timezone (#1941335) +- Fix returning combined IPv4/IPv6 responses from systemd-resolved cache (#1940715) + (But note that the disablement of caching added previously is + retained until we can do more testing.) +- Minor fix to interface naming by udev +- Fix for systemd-repart --size + +* Fri Mar 19 2021 Adam Williamson - 248~rc4-2 +- Disable resolved cache via config snippet (#1940715) + +* Thu Mar 18 2021 Yu Watanabe - 248~rc4-1 +- Latest upstream prelease, see + https://github.com/systemd/systemd/blob/v248-rc4/NEWS. +- A bunch of documentation updates, correctness fixes, and systemd-networkd + features. +- Resolves #1933137, #1935084, #1933873, #1931181, #1933335, #1935062, #1927148. + +* Tue Mar 16 2021 Adam Williamson - 248~rc2-8 +- Drop the resolved cache disablement config snippet + +* Tue Mar 16 2021 Adam Williamson - 248~rc2-7 +- Backport PR #19009 to fix CNAME redirect resolving some more (#1933433) + +* Fri Mar 12 2021 Adam Williamson - 248~rc2-6 +- Disable resolved cache via config snippet (#1933433) + +* Thu Mar 11 2021 Zbigniew Jędrzejewski-Szmek - 248~rc2-5 +- Fix crash in pid1 during daemon-reexec (#1931034) + +* Fri Mar 05 2021 Adam Williamson - 248~rc2-3 +- Fix stub resolver CNAME chain resolving (#1933433) + +* Mon Mar 01 2021 Josh Boyer - 248~rc2-2 +- Don't set the fallback hostname to Fedora on non-Fedora OSes + +* Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek - 248~rc2-1 +- Latest upstream prelease, just a bunch of small fixes. +- Fixes #1931957. + +* Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek - 248~rc1-2 +- Rebuild with the newest scriptlets + +* Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek - 248~rc1-1 +- Latest upstream prerelease, see + https://github.com/systemd/systemd/blob/v248-rc1/NEWS. +- Fixes #1614751 by only restarting services at the end of transcation. + Various packages need to be rebuilt to have the updated macros. +- Fixes #1879028, though probably not completely. +- Fixes #1925805, #1928235. + +* Wed Feb 17 2021 Michel Alexandre Salim - 247.3-3 +- Increase oomd user memory pressure limit to 10% (#1929856) + +* Fri Feb 5 2021 Anita Zhang - 247.3-2 +- Changes for https://fedoraproject.org/wiki/Changes/EnableSystemdOomd. +- Backports consist primarily of PR #18361, #18444, and #18401 (plus some + additional ones to handle merge conflicts). +- Create systemd-oomd-defaults subpackage to install unit drop-ins that will + configure systemd-oomd to monitor and act. + +* Tue Feb 2 2021 Zbigniew Jędrzejewski-Szmek - 247.3-1 +- Minor stable release +- Fixes #1895937, #1813219, #1903106. + +* Wed Jan 27 2021 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jan 13 2021 Zbigniew Jędrzejewski-Szmek - 247.2-2 +- Fix bfq patch again (#1813219) + +* Wed Dec 23 2020 Jonathan Underwood - 247.2-2 +- Add patch to enable crypttab to support disabling of luks read and + write workqueues (corresponding to + https://github.com/systemd/systemd/pull/18062/). + +* Wed Dec 16 2020 Zbigniew Jędrzejewski-Szmek - 247.2-1 +- Minor stable release +- Fixes #1908071. + +* Tue Dec 8 2020 Zbigniew Jędrzejewski-Szmek - 247.1-3 +- Rebuild with fallback hostname change reverted. + +* Fri Dec 04 2020 Bastien Nocera - 247.1-2 +- Unset fallback-hostname as plenty of applications expected localhost + to mean "default hostname" without ever standardising it (#1892235) + +* Tue Dec 1 2020 Zbigniew Jędrzejewski-Szmek - 247.1-1 +- Latest stable release +- Fixes #1902819. +- Files to configure networking with systemd-networkd in a VM or container are + moved to systemd-networkd subpackage. (They were previously in the -container + subpackage, which is for container/VM management.) + +* Thu Nov 26 2020 Zbigniew Jędrzejewski-Szmek - 247-1 +- Update to the latest version +- #1900878 should be fixed + +* Tue Oct 20 2020 Zbigniew Jędrzejewski-Szmek - 247~rc2 +- New upstream pre-release. See + https://github.com/systemd/systemd/blob/v247-rc1/NEWS. + Many smaller and bigger improvements and features are introduced. + (#1885101, #1890632, #1879216) + + A backwards-incompatible change affects PCI network devices which + are connected through a bridge which is itself associated with a + slot. When more than one device was associated with the same slot, + one of the devices would pseudo-randomly get named after the slot. + That name is now not generated at all. This changed behaviour is + causes the net naming scheme to be changed to "v247". To restore + previous behaviour, specify net.naming-scheme=v245. + + systemd-oomd is built, but should not be considered "production + ready" at this point. Testing and bug reports are welcome. + +* Wed Sep 30 2020 Dusty Mabe - 246.6-3 +- Try to make files in subpackages (especially the networkd subpackage) + more appropriate. + +* Thu Sep 24 2020 Filipe Brandenburger - 246.6-2 +- Build a package with standalone binaries for non-systemd systems. + For now, only systemd-sysusers is included. + +* Thu Sep 24 2020 Christian Glombek - 246.6-2 +- Split out networkd sub-package and add to main package as recommended dependency + +* Sun Sep 20 2020 Zbigniew Jędrzejewski-Szmek - 246.6-1 +- Update to latest stable release (various minor fixes: manager, + networking, bootct, kernel-install, systemd-dissect, systemd-homed, + fstab-generator, documentation) (#1876905) +- Do not fail in test because of kernel bug (#1803070) + +* Sun Sep 13 2020 Zbigniew Jędrzejewski-Szmek - 246.5-1 +- Update to latest stable release (a bunch of small network-related + fixes in systemd-networkd and socket handling, documentation updates, + a bunch of fixes for error handling). +- Also remove existing file when creating /etc/resolv.conf symlink + upon installation (#1873856 again) + +* Wed Sep 2 2020 Zbigniew Jędrzejewski-Szmek - 246.4-1 +- Update to latest stable version: a rework of how the unit cache mtime works + (hopefully #1872068, #1871327, #1867930), plus various fixes to + systemd-resolved, systemd-dissect, systemd-analyze, systemd-ask-password-agent, + systemd-networkd, systemd-homed, systemd-machine-id-setup, presets for + instantiated units, documentation and shell completions. +- Create /etc/resolv.conf symlink upon installation (#1873856) +- Move nss-mdns before nss-resolve in /etc/nsswitch.conf and disable + mdns by default in systemd-resolved (#1867830) + +* Wed Aug 26 2020 Zbigniew Jędrzejewski-Szmek - 246.3-1 +- Update to bugfix version (some networkd fixes, minor documentation + fixes, relax handling of various error conditions, other fixlets for + bugs without bugzilla numbers). + +* Mon Aug 17 2020 Zbigniew Jędrzejewski-Szmek - 246.2-1 +- A few minor bugfixes +- Adjust seccomp filter for kernel 5.8 and glibc 2.32 (#1869030) +- Create /etc/resolv.conf symlink on upgrade (#1867865) + +* Fri Aug 7 2020 Zbigniew Jędrzejewski-Szmek - 246.1-1 +- A few minor bugfixes +- Remove /etc/resolv.conf on upgrades (if managed by NetworkManager), so + that systemd-resolved can take over the management of the symlink. + +* Thu Jul 30 2020 Zbigniew Jędrzejewski-Szmek - 246-1 +- Update to released version. Only some minor bugfixes since the pre-release. + +* Sun Jul 26 2020 Zbigniew Jędrzejewski-Szmek - 246~rc2-2 +- Make /tmp be 50% of RAM again (#1856514) +- Re-run 'systemctl preset systemd-resolved' on upgrades. + /etc/resolv.conf is not modified, by a hint is emitted if it is + managed by NetworkManager. + +* Fri Jul 24 2020 Zbigniew Jędrzejewski-Szmek - 246~rc2-1 +- New pre-release with incremental fixes + (#1856037, #1858845, #1856122, #1857783) +- Enable systemd-resolved (with DNSSEC disabled by default, and LLMNR + and mDNS support in resolve-only mode by default). + See https://fedoraproject.org/wiki/Changes/systemd-resolved. + +* Thu Jul 9 2020 Zbigniew Jędrzejewski-Szmek - 246~rc1-1 +- New upstream release, see + https://raw.githubusercontent.com/systemd/systemd/v246-rc1/NEWS. + + This release includes many new unit settings, related inter alia to + cgroupsv2 freezer support and cpu affinity, encryption and verification. + systemd-networkd has a ton of new functionality and many other tools gained + smaller enhancements. systemd-homed gained FIDO2 support. + + Documentation has been significantly improved: sd-bus and sd-hwdb + libraries are now fully documented; man pages have been added for + the D-BUS APIs of systemd daemons and various new interfaces. + + Closes #1392925, #1790972, #1197886, #1525593. + +* Wed Jun 24 2020 Bastien Nocera - 245.6-3 +- Set fallback-hostname to fedora so that unset hostnames are still + recognisable (#1392925) + +* Tue Jun 2 2020 Zbigniew Jędrzejewski-Szmek - 245.6-2 +- Add self-obsoletes to fix upgrades from F31 + +* Sun May 31 2020 Zbigniew Jędrzejewski-Szmek - 245.6-1 +- Update to latest stable version (some documentation updates, minor + memory correctness issues) (#1815605, #1827467, #1842067) + +* Tue Apr 21 2020 Björn Esser - 245.5-2 +- Add explicit BuildRequires: acl +- Bootstrapping for json-c SONAME bump + +* Fri Apr 17 2020 Zbigniew Jędrzejewski-Szmek - 245.5-1 +- Update to latest stable version (#1819313, #1815412, #1800875) + +* Thu Apr 16 2020 Björn Esser - 245.4-2 +- Add bootstrap option to break circular deps on cryptsetup + +* Wed Apr 1 2020 Zbigniew Jędrzejewski-Szmek - 245.4-1 +- Update to latest stable version (#1814454) + +* Thu Mar 26 2020 Zbigniew Jędrzejewski-Szmek - 245.3-1 +- Update to latest stable version (no issue that got reported in bugzilla) + +* Wed Mar 18 2020 Zbigniew Jędrzejewski-Szmek - 245.2-1 +- Update to latest stable version (a few bug fixes for random things) (#1798776) + +* Fri Mar 6 2020 Zbigniew Jędrzejewski-Szmek - 245-1 +- Update to latest version (#1807485) + +* Wed Feb 26 2020 Zbigniew Jędrzejewski-Szmek - 245~rc2-1 +- Modify the downstream udev rule to use bfq to only apply to disks (#1803500) +- "Upgrade" dependency on kbd package from Recommends to Requires (#1408878) +- Move systemd-bless-boot.service and systemd-boot-system-token.service to + systemd-udev subpackage (#1807462) +- Move a bunch of other services to systemd-udev: + systemd-pstore.service, all fsck-related functionality, + systemd-volatile-root.service, systemd-verity-setup.service, and a few + other related files. +- Fix daemon-reload rule to not kill non-systemd pid1 (#1803240) +- Fix namespace-related failure when starting systemd-homed (#1807465) and + group lookup failure in nss_systemd (#1809147) +- Drop autogenerated BOOT_IMAGE= parameter from stored kernel command lines + (#1716164) +- Don't require /proc to be mounted for systemd-sysusers to work (#1807768) + +* Fri Feb 21 2020 Filipe Brandenburger - 245~rc1-4 +- Update daemon-reexec fallback to check whether the system is booted with + systemd as PID 1 and check whether we're upgrading before using kill -TERM + on PID 1 (#1803240) + +* Tue Feb 18 2020 Adam Williamson - 245~rc1-3 +- Revert 097537f0 to fix plymouth etc. running when they shouldn't (#1803293) + +* Fri Feb 7 2020 Zbigniew Jędrzejewski-Szmek - 245~rc1-2 +- Add default 'disable *' preset for user units (#1792474, #1468501), + see https://fedoraproject.org/wiki/Changes/Systemd_presets_for_user_units. +- Add macro to generate "compat" scriptlets based off sysusers.d format + and autogenerate user() and group() virtual provides (#1792462), + see https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format. +- Revert patch to udev rules causing regression with usb hubs (#1800820). + +* Wed Feb 5 2020 Zbigniew Jędrzejewski-Szmek - 245~rc1-1 +- New upstream release, see + https://raw.githubusercontent.com/systemd/systemd/v245-rc1/NEWS. + + This release includes completely new functionality: systemd-repart, + systemd-homed, user reconds in json, and multi-instantiable + journald, and a partial rework of internal communcation to use + varlink, and bunch of more incremental changes. + + The "predictable" interface name naming scheme is changed, + net.naming-scheme= can be used to undo the change. The change applies + to container interface names on the host. + +- Fixes #1774242, #1787089, #1798414/CVE-2020-1712. + +* Fri Jan 31 2020 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Sat Dec 21 2019 - 244.1-2 +- Disable service watchdogs (for systemd units) + +* Sun Dec 15 2019 - 244.1-1 +- Update to latest stable batch (systemd-networkd fixups, better + support for seccomp on s390x, minor cleanups to documentation). +- Drop patch to revert addition of NoNewPrivileges to systemd units + +* Fri Nov 29 2019 Zbigniew Jędrzejewski-Szmek - 244-1 +- Update to latest version. Just minor bugs fixed since the pre-release. + +* Fri Nov 22 2019 Zbigniew Jędrzejewski-Szmek - 244~rc1-1 +- Update to latest pre-release version, + see https://github.com/systemd/systemd/blob/master/NEWS#L3. + Biggest items: cgroups v2 cpuset controller, fido_id builtin in udev, + systemd-networkd does not create a default route for link local addressing, + systemd-networkd supports dynamic reconfiguration and a bunch of new settings. + Network files support matching on WLAN SSID and BSSID. +- Better error messages when preset/enable/disable are used with a glob (#1763488) +- u2f-hidraw-policy package is obsoleted (#1753381) + +* Tue Nov 19 2019 Zbigniew Jędrzejewski-Szmek - 243.4 +- Latest bugfix release. Systemd-stable snapshots will now be numbered. +- Fix broken PrivateDevices filter on big-endian, s390x in particular (#1769148) +- systemd-modules-load.service should only warn, not fail, on error (#1254340) +- Fix incorrect certificate validation with DNS over TLS (#1771725, #1771726, + CVE-2018-21029) +- Fix regression with crypttab keys with colons +- Various memleaks and minor memory access issues, warning adjustments + +* Fri Oct 18 2019 Adam Williamson - 243-4.gitef67743 +- Backport PR #13792 to fix nomodeset+BIOS CanGraphical bug (#1728240) + +* Thu Oct 10 2019 Zbigniew Jędrzejewski-Szmek - 243-3.gitef67743 +- Various minor documentation and error message cleanups +- Do not use cgroup v1 hierarchy in nspawn on groups v2 (#1756143) + +* Sat Sep 21 2019 Zbigniew Jędrzejewski-Szmek - 243-2.gitfab6f01 +- Backport a bunch of patches (memory access issues, improvements to error + reporting and handling in networkd, some misleading man page contents #1751363) +- Fix permissions on static nodes (#1740664) +- Make systemd-networks follow the RFC for DHPCv6 and radv timeouts +- Fix one crash in systemd-resolved (#1703598) +- Make journal catalog creation reproducible (avoid unordered hashmap use) +- Mark the accelerometer in HP laptops as part of the laptop base +- Fix relabeling of directories with relabel-extra.d/ +- Fix potential stuck noop jobs in pid1 +- Obsolete timedatex package (#1735584) + +* Tue Sep 3 2019 Zbigniew Jędrzejewski-Szmek - 243-1 +- Update to latest release +- Emission of Session property-changed notifications from logind is fixed + (this was breaking the switching of sessions to and from gnome). +- Security issue: unprivileged users were allowed to change DNS + servers configured in systemd-resolved. Now proper polkit authorization + is required. + +* Mon Aug 26 2019 Adam Williamson - 243~rc2-2 +- Backport PR #13406 to solve PATH ordering issue (#1744059) + +* Thu Aug 22 2019 Zbigniew Jędrzejewski-Szmek - 243~rc2-1 +- Update to latest pre-release. Fixes #1740113, #1717712. +- The default scheduler for disks is set to BFQ (1738828) +- The default cgroup hierarchy is set to unified (cgroups v2) (#1732114). + Use systemd.unified-cgroup-hierarchy=0 on the kernel command line to revert. + See https://fedoraproject.org/wiki/Changes/CGroupsV2. + +* Wed Aug 07 2019 Adam Williamson - 243~rc1-2 +- Backport PR #1737362 so we own /etc/systemd/system again (#1737362) + +* Tue Jul 30 2019 Zbigniew Jędrzejewski-Szmek - 243~rc1-1 +- Update to latest version (#1715699, #1696373, #1711065, #1718192) + +* Sat Jul 27 2019 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sat Jul 20 2019 Zbigniew Jędrzejewski-Szmek - 242-6.git9d34e79 +- Ignore bad rdrand output on AMD CPUs (#1729268) +- A bunch of backported patches from upstream: documentation, memory + access fixups, command output tweaks (#1708996) + +* Tue Jun 25 2019 Björn Esser - 242-5.git7a6d834 +- Rebuilt (libqrencode.so.4) + +* Tue Jun 25 2019 Miro Hrončok - 242-4.git7a6d834 +- Rebuilt for iptables update (libip4tc.so.2) + +* Fri Apr 26 2019 Zbigniew Jędrzejewski-Szmek - 242-3.git7a6d834 +- Add symbol to mark vtable format changes (anything using sd_add_object_vtable + or sd_add_fallback_vtable needs to be rebuilt) +- Fix wireguard ListenPort handling in systemd-networkd +- Fix hang in flush_accept (#1702358) +- Fix handling of RUN keys in udevd +- Some documentation and shell completion updates and minor fixes + +* Tue Apr 16 2019 Adam Williamson - 242-2 +- Rebuild with Meson fix for #1699099 + +* Thu Apr 11 2019 Zbigniew Jędrzejewski-Szmek - 242-1 +- Update to latest release +- Make scriptlet failure non-fatal + +* Tue Apr 9 2019 Zbigniew Jędrzejewski-Szmek - 242~rc4-1 +- Update to latest prerelease + +* Thu Apr 4 2019 Zbigniew Jędrzejewski-Szmek - 242~rc3-1 +- Update to latest prerelease + +* Wed Apr 3 2019 Zbigniew Jędrzejewski-Szmek - 242~rc2-1 +- Update to the latest prerelease. +- The bug reported on latest update that systemd-resolved and systemd-networkd are + re-enabled after upgrade is fixed. + +* Fri Mar 29 2019 Zbigniew Jędrzejewski-Szmek - 241-4.gitcbf14c9 +- Backport various patches from the v241..v242 range: + kernel-install will not create the boot loader entry automatically (#1648907), + various bash completion improvements (#1183769), + memory leaks and such (#1685286). + +* Thu Mar 14 2019 Zbigniew Jędrzejewski-Szmek - 241-3.gitc1f8ff8 +- Declare hyperv and framebuffer devices master-of-seat again (#1683197) + +* Wed Feb 20 2019 Zbigniew Jędrzejewski-Szmek - 241-2.gita09c170 +- Prevent buffer overread in systemd-udevd +- Properly validate dbus paths received over dbus (#1678394, CVE-2019-6454) + +* Sat Feb 9 2019 Zbigniew Jędrzejewski-Szmek - 241~rc2-2 +- Turn LTO back on + +* Tue Feb 5 2019 Zbigniew Jędrzejewski-Szmek - 241~rc2-1 +- Update to latest release -rc2 + +* Sun Feb 03 2019 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Sun Jan 27 2019 Yu Watanabe - 241~rc1-2 +- Backport a patch for kernel-install + +* Sat Jan 26 2019 Zbigniew Jędrzejewski-Szmek - 241~rc1-1 +- Update to latest release -rc1 + +* Tue Jan 15 2019 Zbigniew Jędrzejewski-Szmek - 240-6.gitf02b547 +- Add a work-around for #1663040 + +* Mon Jan 14 2019 Björn Esser +- Rebuilt for libcrypt.so.2 (#1666033) + +* Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek - 240-4.gitf02b547 +- Add a work-around for selinux issue on live images (#1663040) + +* Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek - 240-3.gitf02b547 +- systemd-journald and systemd-journal-remote reject entries which + contain too many fields (CVE-2018-16865, #1664973) and set limits on the + process' command line length (CVE-2018-16864, #1664972) +- $DBUS_SESSION_BUS_ADDRESS is again exported by pam_systemd (#1662857) +- A fix for systemd-udevd crash (#1662303) + +* Sat Dec 22 2018 Zbigniew Jędrzejewski-Szmek - 240-2 +- Add two more patches that revert recent udev changes + +* Fri Dec 21 2018 Zbigniew Jędrzejewski-Szmek - 240-1 +- Update to latest release + See https://github.com/systemd/systemd/blob/master/NEWS for the list of changes. + +* Mon Dec 17 2018 Zbigniew Jędrzejewski-Szmek - 239-10.git9f3aed1 +- Hibernation checks for resume= are rescinded (#1645870) +- Various patches: + - memory issues in logind, networkd, journald (#1653068), sd-device, etc. + - Adaptations for newer meson, lz4, kernel + - Fixes for misleading bugs in documentation +- net.ipv4.conf.all.rp_filter is changed from 1 to 2 + +* Thu Nov 29 2018 Zbigniew Jędrzejewski-Szmek +- Adjust scriptlets to modify /etc/authselect/user-nsswitch.conf + (see https://github.com/pbrezina/authselect/issues/77) +- Drop old scriptlets for nsswitch.conf modifications for nss-mymachines and nss-resolve + +* Sun Nov 18 2018 Alejandro Domínguez Muñoz +- Remove link creation for rsyslog.service + +* Thu Nov 8 2018 Adam Williamson - 239-9.git9f3aed1 +- Go back to using systemctl preset-all in %%post (#1647172, #1118740) + +* Mon Nov 5 2018 Adam Williamson - 239-8.git9f3aed1 +- Requires(post) openssl-libs to fix live image build machine-id issue + See: https://pagure.io/dusty/failed-composes/issue/960 + +* Mon Nov 5 2018 Yu Watanabe +- Set proper attributes to private directories + +* Fri Nov 2 2018 Zbigniew Jędrzejewski-Szmek - 239-7.git9f3aed1 +- Split out the rpm macros into systemd-rpm-macros subpackage (#1645298) + +* Sun Oct 28 2018 Zbigniew Jędrzejewski-Szmek - 239-6.git9f3aed1 +- Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1639076) +- Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1639071) +- Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1639067) +- The DHCP server is started only when link is UP +- DHCPv6 prefix delegation is improved +- Downgrade logging of various messages and add loging in other places +- Many many fixes in error handling and minor memory leaks and such +- Fix typos and omissions in documentation +- Typo in %%_environmnentdir rpm macro is fixed (with backwards compatiblity preserved) +- Matching by MACAddress= in systemd-networkd is fixed +- Creation of user runtime directories is improved, and the user + manager is only stopped after 10 s after the user logs out (#1642460 and other bugs) +- systemd units systemd-timesyncd, systemd-resolved, systemd-networkd are switched back to use DynamicUser=0 +- Aliases are now resolved when loading modules from pid1. This is a (redundant) fix for a brief kernel regression. +- "systemctl --wait start" exits immediately if no valid units are named +- zram devices are not considered as candidates for hibernation +- ECN is not requested for both in- and out-going connections (the sysctl overide for net.ipv4.tcp_ecn is removed) +- Various smaller improvements to unit ordering and dependencies +- generators are now called with the manager's environment +- Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential local DOS avenues +- The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an issue where + the unit file would sometimes be loaded from such a symlink, leading to non-deterministic unit contents. +- Filtering of kernel threads is improved. This fixes an issues with newer kernels where hybrid kernel/user + threads are used by bpfilter. +- "noresume" can be used on the kernel command line to force normal boot even if a hibernation images is present +- Hibernation is not advertised if resume= is not present on the kernenl command line +- Hibernation/Suspend/... modes can be disabled using AllowSuspend=, + AllowHibernation=, AllowSuspendThenHibernate=, AllowHybridSleep= +- LOGO= and DOCUMENTATION_URL= are documented for the os-release file +- The hashmap mempool is now only used internally in systemd, and is disabled for external users of the systemd libraries +- Additional state is serialized/deserialized when logind is restarted, fixing the handling of user objects +- Catalog entries for the journal are improved (#1639482) +- If suspend fails, the post-suspend hooks are still called. +- Various build issues on less-common architectures are fixed + +* Wed Oct 3 2018 Jan Synáček - 239-5 +- Fix meson using -Ddebug, which results in FTBFS +- Fix line_begins() to accept word matching full string (#1631840) + +* Mon Sep 10 2018 Zbigniew Jędrzejewski-Szmek - 239-4 +- Move /etc/yum/protected.d/systemd.conf to /etc/dnf/ (#1626969) + +* Wed Jul 18 2018 Terje Rosten - 239-3 +- Ignore return value from systemd-binfmt in scriptlet (#1565425) + +* Sun Jul 15 2018 Filipe Brandenburger +- Override systemd-user PAM config in install and not prep + +* Sat Jul 14 2018 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Mon Jun 25 2018 Zbigniew Jędrzejewski-Szmek +- Rebuild for Python 3.7 again + +* Fri Jun 22 2018 Zbigniew Jędrzejewski-Szmek - 239-1 +- Update to latest version, mostly bug fixes and new functionality, + very little breaking changes. See + https://github.com/systemd/systemd/blob/v239/NEWS for details. + +* Tue Jun 19 2018 Miro Hrončok +- Rebuilt for Python 3.7 + +* Fri May 11 2018 Zbigniew Jędrzejewski-Szmek - 238-8.git0e0aa59 +- Backport a number of patches (documentation, hwdb updates) +- Fixes for tmpfiles 'e' entries +- systemd-networkd crashes +- XEN virtualization detection on hyper-v +- Avoid relabelling /sys/fs/cgroup if not needed (#1576240) + +* Wed Apr 18 2018 Zbigniew Jędrzejewski-Szmek - 238-7.fc28.1 +- Allow fake Delegate= setting on slices (#1568594) + +* Wed Mar 28 2018 Zbigniew Jędrzejewski-Szmek - 238-7 +- Move udev transfiletriggers to the right package, fix quoting + +* Tue Mar 27 2018 Colin Walters - 238-6 +- Use shell for triggers; see https://github.com/systemd/systemd/pull/8550 + This fixes compatibility with rpm-ostree. + +* Tue Mar 20 2018 Zbigniew Jędrzejewski-Szmek - 238-5 +- Backport patch to revert inadvertent change of "predictable" interface name (#1558027) + +* Fri Mar 16 2018 Zbigniew Jędrzejewski-Szmek - 238-4 +- Do not close dbus connection during dbus reload call (#1554578) + +* Wed Mar 7 2018 Zbigniew Jędrzejewski-Szmek - 238-3 +- Revert the patches for GRUB BootLoaderSpec support +- Add patch for /etc/machine-id creation (#1552843) + +* Tue Mar 6 2018 Yu Watanabe - 238-2 +- Fix transfiletrigger script (#1551793) + +* Mon Mar 5 2018 Zbigniew Jędrzejewski-Szmek - 238-1 +- Update to latest version +- This fixes a hard-to-trigger potential vulnerability (CVE-2018-6954) +- New transfiletriggers are installed for udev hwdb and rules, the journal + catalog, sysctl.d, binfmt.d, sysusers.d, tmpfiles.d. + +* Tue Feb 27 2018 Javier Martinez Canillas - 237-7.git84c8da5 +- Add patch to install kernel images for GRUB BootLoaderSpec support + +* Sat Feb 24 2018 Zbigniew Jędrzejewski-Szmek - 237-6.git84c8da5 +- Create /etc/systemd in %%post libs if necessary (#1548607) + +* Fri Feb 23 2018 Adam Williamson - 237-5.git84c8da5 +- Use : not touch to create file in -libs %%post + +* Thu Feb 22 2018 Patrick Uiterwijk - 237-4.git84c8da5 +- Add coreutils dep for systemd-libs %%post +- Add patch to typecast USB IDs to avoid compile failure + +* Wed Feb 21 2018 Zbigniew Jędrzejewski-Szmek - 237-3.git84c8da5 +- Update some patches for test skipping that were updated upstream + before merging +- Add /usr/lib/systemd/purge-nobody-user — a script to check if nobody is defined + correctly and possibly replace existing mappings + +* Tue Feb 20 2018 Zbigniew Jędrzejewski-Szmek - 237-2.gitdff4849 +- Backport a bunch of patches, most notably for the journal and various + memory issues. Some minor build fixes. +- Switch to new ldconfig macros that do nothing in F28+ +- /etc/systemd/dont-synthesize-nobody is created in %%post if nfsnobody + or nobody users are defined (#1537262) + +* Fri Feb 9 2018 Zbigniew Jędrzejeweski-Szmek - 237-1.git78bd769 +- Update to first stable snapshot (various minor memory leaks and misaccesses, + some documentation bugs, build fixes). + +* Sun Jan 28 2018 Zbigniew Jędrzejewski-Szmek - 237-1 +- Update to latest version + +* Sun Jan 21 2018 Björn Esser - 236-4.git3e14c4c +- Add patch to include if needed + +* Sat Jan 20 2018 Björn Esser - 236-3.git3e14c4c +- Rebuilt for switch to libxcrypt + +* Thu Jan 11 2018 Zbigniew Jędrzejewski-Szmek - 236-2.git23e14c4 +- Backport a bunch of bugfixes from upstream (#1531502, #1531381, #1526621 + various memory corruptions in systemd-networkd) +- /dev/kvm is marked as a static node which fixes permissions on s390x + and ppc64 (#1532382) + +* Fri Dec 15 2017 Zbigniew Jędrzejewski-Szmek - 236-1 +- Update to latest version + +* Mon Dec 11 2017 Zbigniew Jędrzejewski-Szmek - 235-5.git4a0e928 +- Update to latest git snapshot, do not build for realz +- Switch to libidn2 again (#1449145) + +* Tue Nov 07 2017 Zbigniew Jędrzejewski-Szmek - 235-4 +- Rebuild for cryptsetup-2.0.0-0.2.fc28 + +* Wed Oct 25 2017 Zbigniew Jędrzejewski-Szmek - 235-3 +- Backport a bunch of patches, including LP#172535 + +* Wed Oct 18 2017 Zbigniew Jędrzejewski-Szmek - 235-2 +- Patches for cryptsetup _netdev + +* Fri Oct 6 2017 Zbigniew Jędrzejewski-Szmek - 235-1 +- Update to latest version + +* Tue Sep 26 2017 Nathaniel McCallum - 234-8 +- Backport /etc/crypttab _netdev feature from upstream + +* Thu Sep 21 2017 Michal Sekletar - 234-7 +- Make sure to remove all device units sharing the same sysfs path (#1475570) + +* Mon Sep 18 2017 Zbigniew Jędrzejewski-Szmek - 234-6 +- Bump xslt recursion limit for libxslt-1.30 + +* Mon Jul 31 2017 Zbigniew Jędrzejewski-Szmek - 234-5 +- Backport more patches (#1476005, hopefully #1462378) + +* Thu Jul 27 2017 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon Jul 17 2017 Zbigniew Jędrzejewski-Szmek - 234-3 +- Fix x-systemd.timeout=0 in /etc/fstab (#1462378) +- Minor patches (memleaks, --help fixes, seccomp on arm64) + +* Thu Jul 13 2017 Zbigniew Jędrzejewski-Szmek - 234-2 +- Create kvm group (#1431876) + +* Thu Jul 13 2017 Zbigniew Jędrzejewski-Szmek - 234-1 +- Latest release + +* Sat Jul 1 2017 Zbigniew Jędrzejewski-Szmek - 233-7.git74d8f1c +- Update to snapshot +- Build with meson again + +* Tue Jun 27 2017 Zbigniew Jędrzejewski-Szmek - 233-6 +- Fix an out-of-bounds write in systemd-resolved (CVE-2017-9445) + +* Fri Jun 16 2017 Zbigniew Jędrzejewski-Szmek - 233-5.gitec36d05 +- Update to snapshot version, build with meson + +* Thu Jun 15 2017 Zbigniew Jędrzejewski-Szmek - 233-4 +- Backport a bunch of small fixes (memleaks, wrong format strings, + man page clarifications, shell completion) +- Fix systemd-resolved crash on crafted DNS packet (CVE-2017-9217, #1455493) +- Fix systemd-vconsole-setup.service error on systems with no VGA console (#1272686) +- Drop soft-static uid for systemd-journal-gateway +- Use ID from /etc/os-release as ntpvendor + +* Thu Mar 16 2017 Michal Sekletar - 233-3 +- Backport bugfixes from upstream +- Don't return error when machinectl couldn't figure out container IP addresses (#1419501) + +* Thu Mar 2 2017 Zbigniew Jędrzejewski-Szmek - 233-2 +- Fix installation conflict with polkit + +* Thu Mar 2 2017 Zbigniew Jędrzejewski-Szmek - 233-1 +- New upstream release (#1416201, #1405439, #1420753, many others) +- New systemd-tests subpackage with "installed tests" + +* Thu Feb 16 2017 Zbigniew Jędrzejewski-Szmek - 232-15 +- Add %%ghost %%dir entries for .wants dirs of our targets (#1422894) + +* Tue Feb 14 2017 Zbigniew Jędrzejewski-Szmek - 232-14 +- Ignore the hwdb parser test + +* Tue Feb 14 2017 Jan Synáček - 232-14 +- machinectl fails when virtual machine is running (#1419501) + +* Sat Feb 11 2017 Fedora Release Engineering - 232-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Jan 31 2017 Zbigniew Jędrzejewski-Szmek - 232-12 +- Backport patch for initrd-switch-root.service getting killed (#1414904) +- Fix sd-journal-gatewayd -D, --trust, and COREDUMP_CONTAINER_CMDLINE + extraction by sd-coredump. + +* Sun Jan 29 2017 zbyszek - 232-11 +- Backport a number of patches (#1411299, #1413075, #1415745, + ##1415358, #1416588, #1408884) +- Fix various memleaks and unitialized variable access +- Shell completion enhancements +- Enable TPM logging by default (#1411156) +- Update hwdb (#1270124) + +* Thu Jan 19 2017 Adam Williamson - 232-10 +- Backport fix for boot failure in initrd-switch-root (#1414904) + +* Wed Jan 18 2017 Zbigniew Jędrzejewski-Szmek - 232-9 +- Add fake dependency on systemd-pam to systemd-devel to ensure systemd-pam + is available as multilib (#1414153) + +* Tue Jan 17 2017 Zbigniew Jędrzejewski-Szmek - 232-8 +- Fix buildsystem to check for lz4 correctly (#1404406) + +* Wed Jan 11 2017 Zbigniew Jędrzejewski-Szmek - 232-7 +- Various small tweaks to scriplets + +* Sat Jan 07 2017 Kevin Fenzi - 232-6 +- Fix scriptlets to never fail in libs post + +* Fri Jan 06 2017 Kevin Fenzi - 232-5 +- Add patch from Michal Schmidt to avoid process substitution (#1392236) + +* Sun Nov 6 2016 Zbigniew Jędrzejewski-Szmek - 232-4 +- Rebuild (#1392236) + +* Fri Nov 4 2016 Zbigniew Jędrzejewski-Szmek - 232-3 +- Make /etc/dbus-1/system.d directory non-%%ghost + +* Fri Nov 4 2016 Zbigniew Jędrzejewski-Szmek - 232-2 +- Fix kernel-install (#1391829) +- Restore previous systemd-user PAM config (#1391836) +- Move journal-upload.conf.5 from systemd main to journal-remote subpackage (#1391833) +- Fix permissions on /var/lib/systemd/journal-upload (#1262665) + +* Thu Nov 3 2016 Zbigniew Jędrzejewski-Szmek - 232-1 +- Update to latest version (#998615, #1181922, #1374371, #1390704, #1384150, #1287161) +- Add %%{_isa} to Provides on arch-full packages (#1387912) +- Create systemd-coredump user in %%pre (#1309574) +- Replace grubby patch with a short-circuiting install.d "plugin" +- Enable nss-systemd in the passwd, group lines in nsswith.conf +- Add [!UNAVAIL=return] fallback after nss-resolve in hosts line in nsswith.conf +- Move systemd-nspawn man pages to the right subpackage (#1391703) + +* Tue Oct 18 2016 Jan Synáček - 231-11 +- SPC - Cannot restart host operating from container (#1384523) + +* Sun Oct 9 2016 Zbigniew Jędrzejewski-Szmek - 231-10 +- Do not recreate /var/log/journal on upgrades (#1383066) +- Move nss-myhostname provides to systemd-libs (#1383271) + +* Fri Oct 7 2016 Zbigniew Jędrzejewski-Szmek - 231-9 +- Fix systemctl set-default (#1374371) +- Prevent systemd-udev-trigger.service from restarting (follow-up for #1378974) + +* Tue Oct 4 2016 Zbigniew Jędrzejewski-Szmek - 231-8 +- Apply fix for #1378974 + +* Mon Oct 3 2016 Zbigniew Jędrzejewski-Szmek - 231-7 +- Apply patches properly + +* Thu Sep 29 2016 Zbigniew Jędrzejewski-Szmek - 231-6 +- Better fix for (#1380286) + +* Thu Sep 29 2016 Zbigniew Jędrzejewski-Szmek - 231-5 +- Denial-of-service bug against pid1 (#1380286) + +* Thu Aug 25 2016 Zbigniew Jędrzejewski-Szmek - 231-4 +- Fix preset-all (#1363858) +- Fix issue with daemon-reload messing up graphics (#1367766) +- A few other bugfixes + +* Wed Aug 03 2016 Adam Williamson - 231-3 +- Revert preset-all change, it broke stuff (#1363858) + +* Wed Jul 27 2016 Zbigniew Jędrzejewski-Szmek - 231-2 +- Call preset-all on initial installation (#1118740) +- Fix botched Recommends for libxkbcommon + +* Tue Jul 26 2016 Zbigniew Jędrzejewski-Szmek - 231-1 +- Update to latest version + +* Wed Jun 8 2016 Zbigniew Jędrzejewski-Szmek - 230-3 +- Update to latest git snapshot (fixes for systemctl set-default, + polkit lingering policy, reversal of the framebuffer rules, + unaligned access fixes, fix for StartupBlockIOWeight-over-dbus). + Those changes are interspersed with other changes and new features + (mostly in lldp, networkd, and nspawn). Some of those new features + might not work, but I think that existing functionality should not + be broken, so it seems worthwile to update to the snapshot. + +* Sat May 21 2016 Zbigniew Jędrzejewski-Szmek - 230-2 +- Remove systemd-compat-libs on upgrade + +* Sat May 21 2016 Zbigniew Jędrzejewski-Szmek - 230-1 +- New version +- Drop compat-libs +- Require libxkbcommon explictly, since the automatic dependency will + not be generated anymore + +* Tue Apr 26 2016 Zbigniew Jędrzejewski-Szmek - 229-15 +- Remove duplicated entries in -container %%files (#1330395) + +* Fri Apr 22 2016 Zbigniew Jędrzejewski-Szmek - 229-14 +- Move installation of udev services to udev subpackage (#1329023) + +* Mon Apr 18 2016 Zbigniew Jędrzejewski-Szmek - 229-13 +- Split out systemd-pam subpackage (#1327402) + +* Mon Apr 18 2016 Harald Hoyer - 229-12 +- move more binaries and services from the main package to subpackages + +* Mon Apr 18 2016 Harald Hoyer - 229-11 +- move more binaries and services from the main package to subpackages + +* Mon Apr 18 2016 Harald Hoyer - 229-10 +- move device dependant stuff to the udev subpackage + +* Tue Mar 22 2016 Zbigniew Jędrzejewski-Szmek - 229-9 +- Add myhostname to /etc/nsswitch.conf (#1318303) + +* Mon Mar 21 2016 Harald Hoyer - 229-8 +- fixed kernel-install for copying files for grubby +Resolves: rhbz#1299019 + +* Thu Mar 17 2016 Zbigniew Jędrzejewski-Szmek - 229-7 +- Moar patches (#1316964, #1317928) +- Move vconsole-setup and tmpfiles-setup-dev bits to systemd-udev +- Protect systemd-udev from deinstallation + +* Fri Mar 11 2016 Zbigniew Jędrzejewski-Szmek - 229-6 +- Create /etc/resolv.conf symlink from systemd-resolved (#1313085) + +* Fri Mar 4 2016 Zbigniew Jędrzejewski-Szmek - 229-5 +- Split out systemd-container subpackage (#1163412) +- Split out system-udev subpackage +- Add various bugfix patches, incl. a tentative fix for #1308771 + +* Tue Mar 1 2016 Peter Robinson 229-4 +- Power64 and s390(x) now have libseccomp support +- aarch64 has gnu-efi + +* Tue Feb 23 2016 Jan Synáček - 229-3 +- Fix build failures on ppc64 (#1310800) + +* Tue Feb 16 2016 Dennis Gilmore - 229-2 +- revert: fixed kernel-install for copying files for grubby +Resolves: rhbz#1299019 +- this causes the dtb files to not get installed at all and the fdtdir +- line in extlinux.conf to not get updated correctly + +* Thu Feb 11 2016 Michal Sekletar - 229-1 +- New upstream release + +* Thu Feb 11 2016 Harald Hoyer - 228-10.gite35a787 +- fixed kernel-install for copying files for grubby +Resolves: rhbz#1299019 + +* Fri Feb 05 2016 Fedora Release Engineering - 228-9.gite35a787 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jan 27 2016 Peter Robinson 228-8.gite35a787 +- Rebuild for binutils on aarch64 fix + +* Fri Jan 08 2016 Dan Horák - 228-7.gite35a787 +- apply the conflict with fedora-release only in Fedora + +* Thu Dec 10 2015 Jan Synáček - 228-6.gite35a787 +- Fix rawhide build failures on ppc64 (#1286249) + +* Sun Nov 29 2015 Zbigniew Jędrzejewski-Szmek - 228-6.gite35a787 +- Create /etc/systemd/network (#1286397) + +* Thu Nov 26 2015 Zbigniew Jędrzejewski-Szmek - 228-5.gite35a787 +- Do not install nss modules by default + +* Tue Nov 24 2015 Zbigniew Jędrzejewski-Szmek - 228-4.gite35a787 +- Update to latest upstream git: there is a bunch of fixes + (nss-mymachines overflow bug, networkd fixes, more completions are + properly installed), mixed with some new resolved features. +- Rework file triggers so that they always run before daemons are restarted + +* Thu Nov 19 2015 Zbigniew Jędrzejewski-Szmek - 228-3 +- Enable rpm file triggers for daemon-reload + +* Thu Nov 19 2015 Zbigniew Jędrzejewski-Szmek - 228-2 +- Fix version number in obsoleted package name (#1283452) + +* Wed Nov 18 2015 Kay Sievers - 228-1 +- New upstream release + +* Thu Nov 12 2015 Zbigniew Jędrzejewski-Szmek - 227-7 +- Rename journal-gateway subpackage to journal-remote +- Ignore the access mode on /var/log/journal (#1048424) +- Do not assume fstab is present (#1281606) + +* Wed Nov 11 2015 Fedora Release Engineering - 227-6 +- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 + +* Tue Nov 10 2015 Lukáš Nykrýn - 227-5 +- Rebuild for libmicrohttpd soname bump + +* Fri Nov 06 2015 Robert Kuska - 227-4 +- Rebuilt for Python3.5 rebuild + +* Wed Nov 4 2015 Zbigniew Jędrzejewski-Szmek - 227-3 +- Fix syntax in kernel-install (#1277264) + +* Tue Nov 03 2015 Michal Schmidt - 227-2 +- Rebuild for libmicrohttpd soname bump. + +* Wed Oct 7 2015 Kay Sievers - 227-1 +- New upstream release + +* Fri Sep 18 2015 Jan Synáček - 226-3 +- user systemd-journal-upload should be in systemd-journal group (#1262743) + +* Fri Sep 18 2015 Kay Sievers - 226-2 +- Add selinux to system-user PAM config + +* Tue Sep 8 2015 Kay Sievers - 226-1 +- New upstream release + +* Thu Aug 27 2015 Kay Sievers - 225-1 +- New upstream release + +* Fri Jul 31 2015 Kay Sievers - 224-1 +- New upstream release + +* Wed Jul 29 2015 Kay Sievers - 223-2 +- update to git snapshot + +* Wed Jul 29 2015 Kay Sievers - 223-1 +- New upstream release + +* Thu Jul 9 2015 Zbigniew Jędrzejewski-Szmek - 222-2 +- Remove python subpackages (python-systemd in now standalone) + +* Tue Jul 7 2015 Kay Sievers - 222-1 +- New upstream release + +* Mon Jul 6 2015 Kay Sievers - 221-5.git619b80a +- update to git snapshot + +* Mon Jul 6 2015 Zbigniew Jędrzejewski-Szmek - 221-4.git604f02a +- Add example file with yama config (#1234951) + +* Sun Jul 5 2015 Kay Sievers - 221-3.git604f02a +- update to git snapshot + +* Mon Jun 22 2015 Kay Sievers - 221-2 +- build systemd-boot EFI tools + +* Fri Jun 19 2015 Lennart Poettering - 221-1 +- New upstream release +- Undoes botched translation check, should be reinstated later? + +* Fri Jun 19 2015 Fedora Release Engineering - 220-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Thu Jun 11 2015 Peter Robinson 220-9 +- The gold linker is now fixed on aarch64 + +* Tue Jun 9 2015 Zbigniew Jędrzejewski-Szmek - 220-8 +- Remove gudev which is now provided as separate package (libgudev) +- Fix for spurious selinux denials (#1224211) +- Udev change events (#1225905) +- Patches for some potential crashes +- ProtectSystem=yes does not touch /home +- Man page fixes, hwdb updates, shell completion updates +- Restored persistent device symlinks for bcache, xen block devices +- Tag all DRM cards as master-of-seat + +* Tue Jun 09 2015 Harald Hoyer 220-7 +- fix udev block device watch + +* Tue Jun 09 2015 Harald Hoyer 220-6 +- add support for network disk encryption + +* Sun Jun 7 2015 Peter Robinson 220-5 +- Disable gold on aarch64 until it's fixed (tracked in rhbz #1225156) + +* Sat May 30 2015 Zbigniew Jędrzejewski-Szmek - 220-4 +- systemd-devel should require systemd-libs, not the main package (#1226301) +- Check for botched translations (#1226566) +- Make /etc/udev/hwdb.d part of the rpm (#1226379) + +* Thu May 28 2015 Richard W.M. Jones - 220-3 +- Add patch to fix udev --daemon not cleaning child processes + (upstream commit 86c3bece38bcf5). + +* Wed May 27 2015 Richard W.M. Jones - 220-2 +- Add patch to fix udev --daemon crash (upstream commit 040e689654ef08). + +* Thu May 21 2015 Lennart Poettering - 220-1 +- New upstream release +- Drop /etc/mtab hack, as that's apparently fixed in mock now (#1116158) +- Remove ghosting for /etc/systemd/system/runlevel*.target, these + targets are not configurable anymore in systemd upstream +- Drop work-around for #1002806, since this is solved upstream now + +* Wed May 20 2015 Dennis Gilmore - 219-15 +- fix up the conflicts version for fedora-release + +* Wed May 20 2015 Zbigniew Jędrzejewski-Szmek - 219-14 +- Remove presets (#1221340) +- Fix (potential) crash and memory leak in timedated, locking failure + in systemd-nspawn, crash in resolved. +- journalctl --list-boots should be faster +- zsh completions are improved +- various ommissions in docs are corrected (#1147651) +- VARIANT and VARIANT_ID fields in os-release are documented +- systemd-fsck-root.service is generated in the initramfs (#1201979, #1107818) +- systemd-tmpfiles should behave better on read-only file systems (#1207083) + +* Wed Apr 29 2015 Zbigniew Jędrzejewski-Szmek - 219-13 +- Patches for some outstanding annoyances +- Small keyboard hwdb updates + +* Wed Apr 8 2015 Zbigniew Jędrzejewski-Szmek - 219-12 +- Tighten requirements between subpackages (#1207381). + +* Sun Mar 22 2015 Zbigniew Jędrzejewski-Szmek - 219-11 +- Move all parts systemd-journal-{remote,upload} to + systemd-journal-gatewayd subpackage (#1193143). +- Create /var/lib/systemd/journal-upload directory (#1193145). +- Cut out lots of stupid messages at debug level which were obscuring more + important stuff. +- Apply "tentative" state for devices only when they are added, not removed. +- Ignore invalid swap pri= settings (#1204336) +- Fix SELinux check for timedated operations to enable/disable ntp (#1014315) +- Fix comparing of filesystem paths (#1184016) + +* Sat Mar 14 2015 Zbigniew Jędrzejewski-Szmek - 219-10 +- Fixes for bugs 1186018, 1195294, 1185604, 1196452. +- Hardware database update. +- Documentation fixes. +- A fix for journalctl performance regression. +- Fix detection of inability to open files in journalctl. +- Detect SuperH architecture properly. +- The first of duplicate lines in tmpfiles wins again. +- Do vconsole setup after loading vconsole driver, not fbcon. +- Fix problem where some units were restarted during systemd reexec. +- Fix race in udevadm settle tripping up NetworkManager. +- Downgrade various log messages. +- Fix issue where journal-remote would process some messages with a delay. +- GPT /srv partition autodiscovery is fixed. +- Reconfigure old Finnish keymaps in post (#1151958) + +* Tue Mar 10 2015 Jan Synáček - 219-9 +- Buttons on Lenovo X6* tablets broken (#1198939) + +* Tue Mar 3 2015 Zbigniew Jędrzejewski-Szmek - 219-8 +- Reworked device handling (#1195761) +- ACL handling fixes (with a script in %%post) +- Various log messages downgraded (#1184712) +- Allow PIE on s390 again (#1197721) + +* Wed Feb 25 2015 Michal Schmidt - 219-7 +- arm: reenable lto. gcc-5.0.0-0.16 fixed the crash (#1193212) + +* Tue Feb 24 2015 Colin Walters - 219-6 +- Revert patch that breaks Atomic/OSTree (#1195761) + +* Fri Feb 20 2015 Michal Schmidt - 219-5 +- Undo the resolv.conf workaround, Aim for a proper fix in Rawhide. + +* Fri Feb 20 2015 Michal Schmidt - 219-4 +- Revive fedora-disable-resolv.conf-symlink.patch to unbreak composes. + +* Wed Feb 18 2015 Michal Schmidt - 219-3 +- arm: disabling gold did not help; disable lto instead (#1193212) + +* Tue Feb 17 2015 Peter Jones - 219-2 +- Update 90-default.present for dbxtool. + +* Mon Feb 16 2015 Lennart Poettering - 219-1 +- New upstream release +- This removes the sysctl/bridge hack, a different solution needs to be found for this (see #634736) +- This removes the /etc/resolv.conf hack, anaconda needs to fix their handling of /etc/resolv.conf as symlink +- This enables "%%check" +- disable gold on arm, as that is broken (see #1193212) + +* Mon Feb 16 2015 Peter Robinson 218-6 +- aarch64 now has seccomp support + +* Thu Feb 05 2015 Michal Schmidt - 218-5 +- Don't overwrite systemd.macros with unrelated Source file. + +* Thu Feb 5 2015 Jan Synáček - 218-4 +- Add a touchpad hwdb (#1189319) + +* Thu Jan 15 2015 Zbigniew Jędrzejewski-Szmek - 218-4 +- Enable xkbcommon dependency to allow checking of keymaps +- Fix permissions of /var/log/journal (#1048424) +- Enable timedatex in presets (#1187072) +- Disable rpcbind in presets (#1099595) + +* Wed Jan 7 2015 Jan Synáček - 218-3 +- RFE: journal: automatically rotate the file if it is unlinked (#1171719) + +* Mon Jan 05 2015 Zbigniew Jędrzejewski-Szmek - 218-3 +- Add firewall description files (#1176626) + +* Thu Dec 18 2014 Jan Synáček - 218-2 +- systemd-nspawn doesn't work on s390/s390x (#1175394) + +* Wed Dec 10 2014 Lennart Poettering - 218-1 +- New upstream release +- Enable "nss-mymachines" in /etc/nsswitch.conf + +* Thu Nov 06 2014 Zbigniew Jędrzejewski-Szmek - 217-4 +- Change libgudev1 to only require systemd-libs (#727499), there's + no need to require full systemd stack. +- Fixes for bugs #1159448, #1152220, #1158035. +- Bash completions updates to allow propose more units for start/restart, + and completions for set-default,get-default. +- Again allow systemctl enable of instances. +- Hardware database update and fixes. +- Udev crash on invalid options and kernel commandline timeout parsing are fixed. +- Add "embedded" chassis type. +- Sync before 'reboot -f'. +- Fix restarting of timer units. + +* Wed Nov 05 2014 Michal Schmidt - 217-3 +- Fix hanging journal flush (#1159641) + +* Fri Oct 31 2014 Michal Schmidt - 217-2 +- Fix ordering cycles involving systemd-journal-flush.service and + remote-fs.target (#1159117) + +* Tue Oct 28 2014 Lennart Poettering - 217-1 +- New upstream release + +* Fri Oct 17 2014 Zbigniew Jędrzejewski-Szmek - 216-12 +- Drop PackageKit.service from presets (#1154126) + +* Mon Oct 13 2014 Zbigniew Jędrzejewski-Szmek - 216-11 +- Conflict with old versions of initscripts (#1152183) +- Remove obsolete Finnish keymap (#1151958) + +* Fri Oct 10 2014 Zbigniew Jędrzejewski-Szmek - 216-10 +- Fix a problem with voluntary daemon exits and some other bugs + (#1150477, #1095962, #1150289) + +* Fri Oct 03 2014 Zbigniew Jędrzejewski-Szmek - 216-9 +- Update to latest git, but without the readahead removal patch + (#1114786, #634736) + +* Wed Oct 01 2014 Kay Sievers - 216-8 +- revert "don't reset selinux context during CHANGE events" + +* Wed Oct 01 2014 Lukáš Nykrýn - 216-7 +- add temporary workaround for #1147910 +- don't reset selinux context during CHANGE events + +* Wed Sep 10 2014 Michal Schmidt - 216-6 +- Update timesyncd with patches to avoid hitting NTP pool too often. + +* Tue Sep 09 2014 Michal Schmidt - 216-5 +- Use common CONFIGURE_OPTS for build2 and build3. +- Configure timesyncd with NTP servers from Fedora/RHEL vendor zone. + +* Wed Sep 03 2014 Zbigniew Jędrzejewski-Szmek - 216-4 +- Move config files for sd-j-remote/upload to sd-journal-gateway subpackage (#1136580) + +* Thu Aug 28 2014 Peter Robinson 216-3 +- Drop no LTO build option for aarch64/s390 now it's fixed in binutils (RHBZ 1091611) + +* Thu Aug 21 2014 Zbigniew Jędrzejewski-Szmek - 216-2 +- Re-add patch to disable resolve.conf symlink (#1043119) + +* Wed Aug 20 2014 Lennart Poettering - 216-1 +- New upstream release + +* Mon Aug 18 2014 Fedora Release Engineering - 215-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Wed Aug 13 2014 Dan Horák 215-11 +- disable LTO also on s390(x) + +* Sat Aug 09 2014 Harald Hoyer 215-10 +- fixed PPC64LE + +* Wed Aug 6 2014 Tom Callaway - 215-9 +- fix license handling + +* Wed Jul 30 2014 Zbigniew Jędrzejewski-Szmek - 215-8 +- Create systemd-journal-remote and systemd-journal-upload users (#1118907) + +* Thu Jul 24 2014 Zbigniew Jędrzejewski-Szmek - 215-7 +- Split out systemd-compat-libs subpackage + +* Tue Jul 22 2014 Kalev Lember - 215-6 +- Rebuilt for gobject-introspection 1.41.4 + +* Mon Jul 21 2014 Zbigniew Jędrzejewski-Szmek - 215-5 +- Fix SELinux context of /etc/passwd-, /etc/group-, /etc/.updated (#1121806) +- Add missing BR so gnutls and elfutils are used + +* Sat Jul 19 2014 Zbigniew Jędrzejewski-Szmek - 215-4 +- Various man page updates +- Static device node logic is conditionalized on CAP_SYS_MODULES instead of CAP_MKNOD + for better behaviour in containers +- Some small networkd link handling fixes +- vconsole-setup runs setfont before loadkeys (https://bugs.freedesktop.org/show_bug.cgi?id=80685) +- New systemd-escape tool +- XZ compression settings are tweaked to greatly improve journald performance +- "watch" is accepted as chassis type +- Various sysusers fixes, most importantly correct selinux labels +- systemd-timesyncd bug fix (https://bugs.freedesktop.org/show_bug.cgi?id=80932) +- Shell completion improvements +- New udev tag ID_SOFTWARE_RADIO can be used to instruct logind to allow user access +- XEN and s390 virtualization is properly detected + +* Mon Jul 07 2014 Colin Walters - 215-3 +- Add patch to disable resolve.conf symlink (#1043119) + +* Sun Jul 06 2014 Zbigniew Jędrzejewski-Szmek - 215-2 +- Move systemd-journal-remote to systemd-journal-gateway package (#1114688) +- Disable /etc/mtab handling temporarily (#1116158) + +* Thu Jul 03 2014 Lennart Poettering - 215-1 +- New upstream release +- Enable coredump logic (which abrt would normally override) + +* Sun Jun 29 2014 Peter Robinson 214-5 +- On aarch64 disable LTO as it still has issues on that arch + +* Thu Jun 26 2014 Zbigniew Jędrzejewski-Szmek - 214-4 +- Bugfixes (#996133, #1112908) + +* Mon Jun 23 2014 Zbigniew Jędrzejewski-Szmek - 214-3 +- Actually create input group (#1054549) + +* Sun Jun 22 2014 Zbigniew Jędrzejewski-Szmek - 214-2 +- Do not restart systemd-logind on upgrades (#1110697) +- Add some patches (#1081429, #1054549, #1108568, #928962) + +* Wed Jun 11 2014 Lennart Poettering - 214-1 +- New upstream release +- Get rid of "floppy" group, since udev uses "disk" now +- Reenable LTO + +* Sun Jun 08 2014 Fedora Release Engineering - 213-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed May 28 2014 Kay Sievers - 213-3 +- fix systemd-timesync user creation + +* Wed May 28 2014 Michal Sekletar - 213-2 +- Create temporary files after installation (#1101983) +- Add sysstat-collect.timer, sysstat-summary.timer to preset policy (#1101621) + +* Wed May 28 2014 Kay Sievers - 213-1 +- New upstream release + +* Tue May 27 2014 Kalev Lember - 212-6 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 + +* Fri May 23 2014 Adam Williamson - 212-5 +- revert change from 212-4, causes boot fail on single CPU boxes (RHBZ 1095891) + +* Wed May 07 2014 Kay Sievers - 212-4 +- add netns udev workaround + +* Wed May 07 2014 Michal Sekletar - 212-3 +- enable uuidd.socket by default (#1095353) + +* Sat Apr 26 2014 Peter Robinson 212-2 +- Disable building with -flto for the moment due to gcc 4.9 issues (RHBZ 1091611) + +* Tue Mar 25 2014 Lennart Poettering - 212-1 +- New upstream release + +* Mon Mar 17 2014 Peter Robinson 211-2 +- Explicitly define which upstream platforms support libseccomp + +* Tue Mar 11 2014 Lennart Poettering - 211-1 +- New upstream release + +* Mon Mar 10 2014 Zbigniew Jędrzejewski-Szmek - 210-8 +- Fix logind unpriviledged reboot issue and a few other minor fixes +- Limit generator execution time +- Recognize buttonless joystick types + +* Fri Mar 07 2014 Karsten Hopp 210-7 +- ppc64le needs link warnings disabled, too + +* Fri Mar 07 2014 Karsten Hopp 210-6 +- move ifarch ppc64le to correct place (libseccomp req) + +* Fri Mar 07 2014 Zbigniew Jędrzejewski-Szmek - 210-5 +- Bugfixes: #1047568, #1047039, #1071128, #1073402 +- Bash completions for more systemd tools +- Bluetooth database update +- Manpage fixes + +* Thu Mar 06 2014 Zbigniew Jędrzejewski-Szmek - 210-4 +- Apply work-around for ppc64le too (#1073647). + +* Sat Mar 01 2014 Zbigniew Jędrzejewski-Szmek - 210-3 +- Backport a few patches, add completion for systemd-nspawn. + +* Fri Feb 28 2014 Zbigniew Jędrzejewski-Szmek - 210-3 +- Apply work-arounds for ppc/ppc64 for bugs 1071278 and 1071284 + +* Mon Feb 24 2014 Lennart Poettering - 210-2 +- Check more services against preset list and enable by default + +* Mon Feb 24 2014 Lennart Poettering - 210-1 +- new upstream release + +* Sun Feb 23 2014 Zbigniew Jędrzejewski-Szmek - 209-2.gitf01de96 +- Enable dnssec-triggerd.service by default (#1060754) + +* Sun Feb 23 2014 Kay Sievers - 209-2.gitf01de96 +- git snapshot to sort out ARM build issues + +* Thu Feb 20 2014 Lennart Poettering - 209-1 +- new upstream release + +* Tue Feb 18 2014 Zbigniew Jędrzejewski-Szmek - 208-15 +- Make gpsd lazily activated (#1066421) + +* Mon Feb 17 2014 Zbigniew Jędrzejewski-Szmek - 208-14 +- Back out patch which causes user manager to be destroyed when unneeded + and spams logs (#1053315) + +* Sun Feb 16 2014 Zbigniew Jędrzejewski-Szmek - 208-13 +- A different fix for #1023820 taken from Mageia +- Backported fix for #997031 +- Hardward database updates, man pages improvements, a few small memory + leaks, utf-8 correctness and completion fixes +- Support for key-slot option in crypttab + +* Sat Jan 25 2014 Ville Skyttä - 208-12 +- Own the %%{_prefix}/lib/kernel(/*) and %%{_datadir}/zsh(/*) dirs. + +* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-11 +- Backport a few fixes, relevant documentation updates, and HWDB changes + (#1051797, #1051768, #1047335, #1047304, #1047186, #1045849, #1043304, + #1043212, #1039351, #1031325, #1023820, #1017509, #953077) +- Flip journalctl to --full by default (#984758) + +* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-9 +- Apply two patches for #1026860 + +* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-8 +- Bump release to stay ahead of f20 + +* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek - 208-7 +- Backport patches (#1023041, #1036845, #1006386?) +- HWDB update +- Some small new features: nspawn --drop-capability=, running PID 1 under + valgrind, "yearly" and "annually" in calendar specifications +- Some small documentation and logging updates + +* Tue Nov 19 2013 Zbigniew Jędrzejewski-Szmek - 208-6 +- Bump release to stay ahead of f20 + +* Tue Nov 19 2013 Zbigniew Jędrzejewski-Szmek - 208-5 +- Use unit name in PrivateTmp= directories (#957439) +- Update manual pages, completion scripts, and hardware database +- Configurable Timeouts/Restarts default values +- Support printing of timestamps on the console +- Fix some corner cases in detecting when writing to the console is safe +- Python API: convert keyword values to string, fix sd_is_booted() wrapper +- Do not tread missing /sbin/fsck.btrfs as an error (#1015467) +- Allow masking of fsck units +- Advertise hibernation to swap files +- Fix SO_REUSEPORT settings +- Prefer converted xkb keymaps to legacy keymaps (#981805, #1026872) +- Make use of newer kmod +- Assorted bugfixes: #1017161, #967521, #988883, #1027478, #821723, #1014303 + +* Tue Oct 22 2013 Zbigniew Jędrzejewski-Szmek - 208-4 +- Add temporary fix for #1002806 + +* Mon Oct 21 2013 Zbigniew Jędrzejewski-Szmek - 208-3 +- Backport a bunch of fixes and hwdb updates + +* Wed Oct 2 2013 Lennart Poettering - 208-2 +- Move old random seed and backlight files into the right place + +* Wed Oct 2 2013 Lennart Poettering - 208-1 +- New upstream release + +* Thu Sep 26 2013 Zbigniew Jędrzejewski-Szmek 207-5 +- Do not create /var/var/... dirs + +* Wed Sep 18 2013 Zbigniew Jędrzejewski-Szmek 207-4 +- Fix policykit authentication +- Resolves: rhbz#1006680 + +* Tue Sep 17 2013 Harald Hoyer 207-3 +- fixed login +- Resolves: rhbz#1005233 + +* Mon Sep 16 2013 Harald Hoyer 207-2 +- add some upstream fixes for 207 +- fixed swap activation +- Resolves: rhbz#1008604 + +* Fri Sep 13 2013 Lennart Poettering - 207-1 +- New upstream release + +* Fri Sep 06 2013 Harald Hoyer 206-11 +- support "debug" kernel command line parameter +- journald: fix fd leak in journal_file_empty +- journald: fix vacuuming of archived journals +- libudev: enumerate - do not try to match against an empty subsystem +- cgtop: fixup the online help +- libudev: fix memleak when enumerating childs + +* Wed Sep 04 2013 Harald Hoyer 206-10 +- Do not require grubby, lorax now takes care of grubby +- cherry-picked a lot of patches from upstream + +* Tue Aug 27 2013 Dennis Gilmore - 206-9 +- Require grubby, Fedora installs require grubby, +- kernel-install took over from new-kernel-pkg +- without the Requires we are unable to compose Fedora +- everyone else says that since kernel-install took over +- it is responsible for ensuring that grubby is in place +- this is really what we want for Fedora + +* Tue Aug 27 2013 Kay Sievers - 206-8 +- Revert "Require grubby its needed by kernel-install" + +* Mon Aug 26 2013 Dennis Gilmore 206-7 +- Require grubby its needed by kernel-install + +* Thu Aug 22 2013 Harald Hoyer 206-6 +- kernel-install now understands kernel flavors like PAE + +* Tue Aug 20 2013 Rex Dieter - 206-5 +- add sddm.service to preset file (#998978) + +* Fri Aug 16 2013 Zbigniew Jędrzejewski-Szmek - 206-4 +- Filter out provides for private python modules. +- Add requires on kmod >= 14 (#990994). + +* Sun Aug 11 2013 Zbigniew Jedrzejewski-Szmek - 206-3 +- New systemd-python3 package (#976427). +- Add ownership of a few directories that we create (#894202). + +* Sun Aug 04 2013 Fedora Release Engineering - 206-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Tue Jul 23 2013 Kay Sievers - 206-1 +- New upstream release + Resolves (#984152) + +* Wed Jul 3 2013 Lennart Poettering - 205-1 +- New upstream release + +* Wed Jun 26 2013 Michal Schmidt 204-10 +- Split systemd-journal-gateway subpackage (#908081). + +* Mon Jun 24 2013 Michal Schmidt 204-9 +- Rename nm_dispatcher to NetworkManager-dispatcher in default preset (#977433) + +* Fri Jun 14 2013 Harald Hoyer 204-8 +- fix, which helps to sucessfully browse journals with + duplicated seqnums + +* Fri Jun 14 2013 Harald Hoyer 204-7 +- fix duplicate message ID bug +Resolves: rhbz#974132 + +* Thu Jun 06 2013 Harald Hoyer 204-6 +- introduce 99-default-disable.preset + +* Thu Jun 6 2013 Lennart Poettering - 204-5 +- Rename 90-display-manager.preset to 85-display-manager.preset so that it actually takes precedence over 90-default.preset's "disable *" line (#903690) + +* Tue May 28 2013 Harald Hoyer 204-4 +- Fix kernel-install (#965897) + +* Wed May 22 2013 Kay Sievers - 204-3 +- Fix kernel-install (#965897) + +* Thu May 9 2013 Lennart Poettering - 204-2 +- New upstream release +- disable isdn by default (#959793) + +* Tue May 07 2013 Harald Hoyer 203-2 +- forward port kernel-install-grubby.patch + +* Tue May 7 2013 Lennart Poettering - 203-1 +- New upstream release + +* Wed Apr 24 2013 Harald Hoyer 202-3 +- fix ENOENT for getaddrinfo +- Resolves: rhbz#954012 rhbz#956035 +- crypt-setup-generator: correctly check return of strdup +- logind-dbus: initialize result variable +- prevent library underlinking + +* Fri Apr 19 2013 Harald Hoyer 202-2 +- nspawn create empty /etc/resolv.conf if necessary +- python wrapper: add sd_journal_add_conjunction() +- fix s390 booting +- Resolves: rhbz#953217 + +* Thu Apr 18 2013 Lennart Poettering - 202-1 +- New upstream release + +* Tue Apr 09 2013 Michal Schmidt - 201-2 +- Automatically discover whether to run autoreconf and add autotools and git + BuildRequires based on the presence of patches to be applied. +- Use find -delete. + +* Mon Apr 8 2013 Lennart Poettering - 201-1 +- New upstream release + +* Mon Apr 8 2013 Lennart Poettering - 200-4 +- Update preset file + +* Fri Mar 29 2013 Lennart Poettering - 200-3 +- Remove NetworkManager-wait-online.service from presets file again, it should default to off + +* Fri Mar 29 2013 Lennart Poettering - 200-2 +- New upstream release + +* Tue Mar 26 2013 Lennart Poettering - 199-2 +- Add NetworkManager-wait-online.service to the presets file + +* Tue Mar 26 2013 Lennart Poettering - 199-1 +- New upstream release + +* Mon Mar 18 2013 Michal Schmidt 198-7 +- Drop /usr/s?bin/ prefixes. + +* Fri Mar 15 2013 Harald Hoyer 198-6 +- run autogen to pickup all changes + +* Fri Mar 15 2013 Harald Hoyer 198-5 +- do not mount anything, when not running as pid 1 +- add initrd.target for systemd in the initrd + +* Wed Mar 13 2013 Harald Hoyer 198-4 +- fix switch-root and local-fs.target problem +- patch kernel-install to use grubby, if available + +* Fri Mar 08 2013 Harald Hoyer 198-3 +- add Conflict with dracut < 026 because of the new switch-root isolate + +* Thu Mar 7 2013 Lennart Poettering - 198-2 +- Create required users + +* Thu Mar 7 2013 Lennart Poettering - 198-1 +- New release +- Enable journal persistancy by default + +* Sun Feb 10 2013 Peter Robinson 197-3 +- Bump for ARM + +* Fri Jan 18 2013 Michal Schmidt - 197-2 +- Added qemu-guest-agent.service to presets (Lennart, #885406). +- Add missing pygobject3-base to systemd-analyze deps (Lennart). +- Do not require hwdata, it is all in the hwdb now (Kay). +- Drop dependency on dbus-python. + +* Tue Jan 8 2013 Lennart Poettering - 197-1 +- New upstream release + +* Mon Dec 10 2012 Michal Schmidt - 196-4 +- Enable rngd.service by default (#857765). + +* Mon Dec 10 2012 Michal Schmidt - 196-3 +- Disable hardening on s390(x) because PIE is broken there and produces + text relocations with __thread (#868839). + +* Wed Dec 05 2012 Michal Schmidt - 196-2 +- added spice-vdagentd.service to presets (Lennart, #876237) +- BR cryptsetup-devel instead of the legacy cryptsetup-luks-devel provide name + (requested by Milan Brož). +- verbose make to see the actual build flags + +* Wed Nov 21 2012 Lennart Poettering - 196-1 +- New upstream release + +* Tue Nov 20 2012 Lennart Poettering - 195-8 +- https://bugzilla.redhat.com/show_bug.cgi?id=873459 +- https://bugzilla.redhat.com/show_bug.cgi?id=878093 + +* Thu Nov 15 2012 Michal Schmidt - 195-7 +- Revert udev killing cgroup patch for F18 Beta. +- https://bugzilla.redhat.com/show_bug.cgi?id=873576 + +* Fri Nov 09 2012 Michal Schmidt - 195-6 +- Fix cyclical dep between systemd and systemd-libs. +- Avoid broken build of test-journal-syslog. +- https://bugzilla.redhat.com/show_bug.cgi?id=873387 +- https://bugzilla.redhat.com/show_bug.cgi?id=872638 + +* Thu Oct 25 2012 Kay Sievers - 195-5 +- require 'sed', limit HOSTNAME= match + +* Wed Oct 24 2012 Michal Schmidt - 195-4 +- add dmraid-activation.service to the default preset +- add yum protected.d fragment +- https://bugzilla.redhat.com/show_bug.cgi?id=869619 +- https://bugzilla.redhat.com/show_bug.cgi?id=869717 + +* Wed Oct 24 2012 Kay Sievers - 195-3 +- Migrate /etc/sysconfig/ i18n, keyboard, network files/variables to + systemd native files + +* Tue Oct 23 2012 Lennart Poettering - 195-2 +- Provide syslog because the journal is fine as a syslog implementation + +* Tue Oct 23 2012 Lennart Poettering - 195-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=831665 +- https://bugzilla.redhat.com/show_bug.cgi?id=847720 +- https://bugzilla.redhat.com/show_bug.cgi?id=858693 +- https://bugzilla.redhat.com/show_bug.cgi?id=863481 +- https://bugzilla.redhat.com/show_bug.cgi?id=864629 +- https://bugzilla.redhat.com/show_bug.cgi?id=864672 +- https://bugzilla.redhat.com/show_bug.cgi?id=864674 +- https://bugzilla.redhat.com/show_bug.cgi?id=865128 +- https://bugzilla.redhat.com/show_bug.cgi?id=866346 +- https://bugzilla.redhat.com/show_bug.cgi?id=867407 +- https://bugzilla.redhat.com/show_bug.cgi?id=868603 + +* Wed Oct 10 2012 Michal Schmidt - 194-2 +- Add scriptlets for migration away from systemd-timedated-ntp.target + +* Wed Oct 3 2012 Lennart Poettering - 194-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=859614 +- https://bugzilla.redhat.com/show_bug.cgi?id=859655 + +* Fri Sep 28 2012 Lennart Poettering - 193-1 +- New upstream release + +* Tue Sep 25 2012 Lennart Poettering - 192-1 +- New upstream release + +* Fri Sep 21 2012 Lennart Poettering - 191-2 +- Fix journal mmap header prototype definition to fix compilation on 32bit + +* Fri Sep 21 2012 Lennart Poettering - 191-1 +- New upstream release +- Enable all display managers by default, as discussed with Adam Williamson + +* Thu Sep 20 2012 Lennart Poettering - 190-1 +- New upstream release +- Take possession of /etc/localtime, and remove /etc/sysconfig/clock +- https://bugzilla.redhat.com/show_bug.cgi?id=858780 +- https://bugzilla.redhat.com/show_bug.cgi?id=858787 +- https://bugzilla.redhat.com/show_bug.cgi?id=858771 +- https://bugzilla.redhat.com/show_bug.cgi?id=858754 +- https://bugzilla.redhat.com/show_bug.cgi?id=858746 +- https://bugzilla.redhat.com/show_bug.cgi?id=858266 +- https://bugzilla.redhat.com/show_bug.cgi?id=858224 +- https://bugzilla.redhat.com/show_bug.cgi?id=857670 +- https://bugzilla.redhat.com/show_bug.cgi?id=856975 +- https://bugzilla.redhat.com/show_bug.cgi?id=855863 +- https://bugzilla.redhat.com/show_bug.cgi?id=851970 +- https://bugzilla.redhat.com/show_bug.cgi?id=851275 +- https://bugzilla.redhat.com/show_bug.cgi?id=851131 +- https://bugzilla.redhat.com/show_bug.cgi?id=847472 +- https://bugzilla.redhat.com/show_bug.cgi?id=847207 +- https://bugzilla.redhat.com/show_bug.cgi?id=846483 +- https://bugzilla.redhat.com/show_bug.cgi?id=846085 +- https://bugzilla.redhat.com/show_bug.cgi?id=845973 +- https://bugzilla.redhat.com/show_bug.cgi?id=845194 +- https://bugzilla.redhat.com/show_bug.cgi?id=845028 +- https://bugzilla.redhat.com/show_bug.cgi?id=844630 +- https://bugzilla.redhat.com/show_bug.cgi?id=839736 +- https://bugzilla.redhat.com/show_bug.cgi?id=835848 +- https://bugzilla.redhat.com/show_bug.cgi?id=831740 +- https://bugzilla.redhat.com/show_bug.cgi?id=823485 +- https://bugzilla.redhat.com/show_bug.cgi?id=821813 +- https://bugzilla.redhat.com/show_bug.cgi?id=807886 +- https://bugzilla.redhat.com/show_bug.cgi?id=802198 +- https://bugzilla.redhat.com/show_bug.cgi?id=767795 +- https://bugzilla.redhat.com/show_bug.cgi?id=767561 +- https://bugzilla.redhat.com/show_bug.cgi?id=752774 +- https://bugzilla.redhat.com/show_bug.cgi?id=732874 +- https://bugzilla.redhat.com/show_bug.cgi?id=858735 + +* Thu Sep 13 2012 Lennart Poettering - 189-4 +- Don't pull in pkg-config as dep +- https://bugzilla.redhat.com/show_bug.cgi?id=852828 + +* Wed Sep 12 2012 Lennart Poettering - 189-3 +- Update preset policy +- Rename preset policy file from 99-default.preset to 90-default.preset so that people can order their own stuff after the Fedora default policy if they wish + +* Thu Aug 23 2012 Lennart Poettering - 189-2 +- Update preset policy +- https://bugzilla.redhat.com/show_bug.cgi?id=850814 + +* Thu Aug 23 2012 Lennart Poettering - 189-1 +- New upstream release + +* Thu Aug 16 2012 Ray Strode 188-4 +- more scriptlet fixes + (move dm migration logic to %%posttrans so the service + files it's looking for are available at the time + the logic is run) + +* Sat Aug 11 2012 Lennart Poettering - 188-3 +- Remount file systems MS_PRIVATE before switching roots +- https://bugzilla.redhat.com/show_bug.cgi?id=847418 + +* Wed Aug 08 2012 Rex Dieter - 188-2 +- fix scriptlets + +* Wed Aug 8 2012 Lennart Poettering - 188-1 +- New upstream release +- Enable gdm and avahi by default via the preset file +- Convert /etc/sysconfig/desktop to display-manager.service symlink +- Enable hardened build + +* Mon Jul 30 2012 Kay Sievers - 187-3 +- Obsolete: system-setup-keyboard + +* Wed Jul 25 2012 Kalev Lember - 187-2 +- Run ldconfig for the new -libs subpackage + +* Thu Jul 19 2012 Lennart Poettering - 187-1 +- New upstream release + +* Mon Jul 09 2012 Harald Hoyer 186-2 +- fixed dracut conflict version + +* Tue Jul 3 2012 Lennart Poettering - 186-1 +- New upstream release + +* Fri Jun 22 2012 Nils Philippsen - 185-7.gite7aee75 +- add obsoletes/conflicts so multilib systemd -> systemd-libs updates work + +* Thu Jun 14 2012 Michal Schmidt - 185-6.gite7aee75 +- Update to current git + +* Wed Jun 06 2012 Kay Sievers - 185-5.gita2368a3 +- disable plymouth in configure, to drop the .wants/ symlinks + +* Wed Jun 06 2012 Michal Schmidt - 185-4.gita2368a3 +- Update to current git snapshot + - Add systemd-readahead-analyze + - Drop upstream patch +- Split systemd-libs +- Drop duplicate doc files +- Fixed License headers of subpackages + +* Wed Jun 06 2012 Ray Strode - 185-3 +- Drop plymouth files +- Conflict with old plymouth + +* Tue Jun 05 2012 Kay Sievers - 185-2 +- selinux udev labeling fix +- conflict with older dracut versions for new udev file names + +* Mon Jun 04 2012 Kay Sievers - 185-1 +- New upstream release + - udev selinux labeling fixes + - new man pages + - systemctl help + +* Thu May 31 2012 Lennart Poettering - 184-1 +- New upstream release + +* Thu May 24 2012 Kay Sievers - 183-1 +- New upstream release including udev merge. + +* Wed Mar 28 2012 Michal Schmidt - 44-4 +- Add triggers from Bill Nottingham to correct the damage done by + the obsoleted systemd-units's preun scriptlet (#807457). + +* Mon Mar 26 2012 Dennis Gilmore - 44-3 +- apply patch from upstream so we can build systemd on arm and ppc +- and likely the rest of the secondary arches + +* Tue Mar 20 2012 Michal Schmidt - 44-2 +- Don't build the gtk parts anymore. They're moving into systemd-ui. +- Remove a dead patch file. + +* Fri Mar 16 2012 Lennart Poettering - 44-1 +- New upstream release +- Closes #798760, #784921, #783134, #768523, #781735 + +* Mon Feb 27 2012 Dennis Gilmore - 43-2 +- don't conflict with fedora-release systemd never actually provided +- /etc/os-release so there is no actual conflict + +* Wed Feb 15 2012 Lennart Poettering - 43-1 +- New upstream release +- Closes #789758, #790260, #790522 + +* Sat Feb 11 2012 Lennart Poettering - 42-1 +- New upstream release +- Save a bit of entropy during system installation (#789407) +- Don't own /etc/os-release anymore, leave that to fedora-release + +* Thu Feb 9 2012 Adam Williamson - 41-2 +- rebuild for fixed binutils + +* Thu Feb 9 2012 Lennart Poettering - 41-1 +- New upstream release + +* Tue Feb 7 2012 Lennart Poettering - 40-1 +- New upstream release + +* Thu Jan 26 2012 Kay Sievers - 39-3 +- provide /sbin/shutdown + +* Wed Jan 25 2012 Harald Hoyer 39-2 +- increment release + +* Wed Jan 25 2012 Kay Sievers - 39-1.1 +- install everything in /usr + https://fedoraproject.org/wiki/Features/UsrMove + +* Wed Jan 25 2012 Lennart Poettering - 39-1 +- New upstream release + +* Sun Jan 22 2012 Michal Schmidt - 38-6.git9fa2f41 +- Update to a current git snapshot. +- Resolves: #781657 + +* Sun Jan 22 2012 Michal Schmidt - 38-5 +- Build against libgee06. Reenable gtk tools. +- Delete unused patches. +- Add easy building of git snapshots. +- Remove legacy spec file elements. +- Don't mention implicit BuildRequires. +- Configure with --disable-static. +- Merge -units into the main package. +- Move section 3 manpages to -devel. +- Fix unowned directory. +- Run ldconfig in scriptlets. +- Split systemd-analyze to a subpackage. + +* Sat Jan 21 2012 Dan Horák - 38-4 +- fix build on big-endians + +* Wed Jan 11 2012 Lennart Poettering - 38-3 +- Disable building of gtk tools for now + +* Wed Jan 11 2012 Lennart Poettering - 38-2 +- Fix a few (build) dependencies + +* Wed Jan 11 2012 Lennart Poettering - 38-1 +- New upstream release + +* Tue Nov 15 2011 Michal Schmidt - 37-4 +- Run authconfig if /etc/pam.d/system-auth is not a symlink. +- Resolves: #753160 + +* Wed Nov 02 2011 Michal Schmidt - 37-3 +- Fix remote-fs-pre.target and its ordering. +- Resolves: #749940 + +* Wed Oct 19 2011 Michal Schmidt - 37-2 +- A couple of fixes from upstream: +- Fix a regression in bash-completion reported in Bodhi. +- Fix a crash in isolating. +- Resolves: #717325 + +* Tue Oct 11 2011 Lennart Poettering - 37-1 +- New upstream release +- Resolves: #744726, #718464, #713567, #713707, #736756 + +* Thu Sep 29 2011 Michal Schmidt - 36-5 +- Undo the workaround. Kay says it does not belong in systemd. +- Unresolves: #741655 + +* Thu Sep 29 2011 Michal Schmidt - 36-4 +- Workaround for the crypto-on-lvm-on-crypto disk layout +- Resolves: #741655 + +* Sun Sep 25 2011 Michal Schmidt - 36-3 +- Revert an upstream patch that caused ordering cycles +- Resolves: #741078 + +* Fri Sep 23 2011 Lennart Poettering - 36-2 +- Add /etc/timezone to ghosted files + +* Fri Sep 23 2011 Lennart Poettering - 36-1 +- New upstream release +- Resolves: #735013, #736360, #737047, #737509, #710487, #713384 + +* Thu Sep 1 2011 Lennart Poettering - 35-1 +- New upstream release +- Update post scripts +- Resolves: #726683, #713384, #698198, #722803, #727315, #729997, #733706, #734611 + +* Thu Aug 25 2011 Lennart Poettering - 34-1 +- New upstream release + +* Fri Aug 19 2011 Harald Hoyer 33-2 +- fix ABRT on service file reloading +- Resolves: rhbz#732020 + +* Wed Aug 3 2011 Lennart Poettering - 33-1 +- New upstream release + +* Fri Jul 29 2011 Lennart Poettering - 32-1 +- New upstream release + +* Wed Jul 27 2011 Lennart Poettering - 31-2 +- Fix access mode of modprobe file, restart logind after upgrade + +* Wed Jul 27 2011 Lennart Poettering - 31-1 +- New upstream release + +* Wed Jul 13 2011 Lennart Poettering - 30-1 +- New upstream release + +* Thu Jun 16 2011 Lennart Poettering - 29-1 +- New upstream release + +* Mon Jun 13 2011 Michal Schmidt - 28-4 +- Apply patches from current upstream. +- Fixes memory size detection on 32-bit with >4GB RAM (BZ712341) + +* Wed Jun 08 2011 Michal Schmidt - 28-3 +- Apply patches from current upstream +- https://bugzilla.redhat.com/show_bug.cgi?id=709909 +- https://bugzilla.redhat.com/show_bug.cgi?id=710839 +- https://bugzilla.redhat.com/show_bug.cgi?id=711015 + +* Sat May 28 2011 Lennart Poettering - 28-2 +- Pull in nss-myhostname + +* Thu May 26 2011 Lennart Poettering - 28-1 +- New upstream release + +* Wed May 25 2011 Lennart Poettering - 26-2 +- Bugfix release +- https://bugzilla.redhat.com/show_bug.cgi?id=707507 +- https://bugzilla.redhat.com/show_bug.cgi?id=707483 +- https://bugzilla.redhat.com/show_bug.cgi?id=705427 +- https://bugzilla.redhat.com/show_bug.cgi?id=707577 + +* Sat Apr 30 2011 Lennart Poettering - 26-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=699394 +- https://bugzilla.redhat.com/show_bug.cgi?id=698198 +- https://bugzilla.redhat.com/show_bug.cgi?id=698674 +- https://bugzilla.redhat.com/show_bug.cgi?id=699114 +- https://bugzilla.redhat.com/show_bug.cgi?id=699128 + +* Thu Apr 21 2011 Lennart Poettering - 25-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=694788 +- https://bugzilla.redhat.com/show_bug.cgi?id=694321 +- https://bugzilla.redhat.com/show_bug.cgi?id=690253 +- https://bugzilla.redhat.com/show_bug.cgi?id=688661 +- https://bugzilla.redhat.com/show_bug.cgi?id=682662 +- https://bugzilla.redhat.com/show_bug.cgi?id=678555 +- https://bugzilla.redhat.com/show_bug.cgi?id=628004 + +* Wed Apr 6 2011 Lennart Poettering - 24-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=694079 +- https://bugzilla.redhat.com/show_bug.cgi?id=693289 +- https://bugzilla.redhat.com/show_bug.cgi?id=693274 +- https://bugzilla.redhat.com/show_bug.cgi?id=693161 + +* Tue Apr 5 2011 Lennart Poettering - 23-1 +- New upstream release +- Include systemd-sysv-convert + +* Fri Apr 1 2011 Lennart Poettering - 22-1 +- New upstream release + +* Wed Mar 30 2011 Lennart Poettering - 21-2 +- The quota services are now pulled in by mount points, hence no need to enable them explicitly + +* Tue Mar 29 2011 Lennart Poettering - 21-1 +- New upstream release + +* Mon Mar 28 2011 Matthias Clasen - 20-2 +- Apply upstream patch to not send untranslated messages to plymouth + +* Tue Mar 8 2011 Lennart Poettering - 20-1 +- New upstream release + +* Tue Mar 1 2011 Lennart Poettering - 19-1 +- New upstream release + +* Wed Feb 16 2011 Lennart Poettering - 18-1 +- New upstream release + +* Mon Feb 14 2011 Bill Nottingham - 17-6 +- bump upstart obsoletes (#676815) + +* Wed Feb 9 2011 Tom Callaway - 17-5 +- add macros.systemd file for %%{_unitdir} + +* Wed Feb 09 2011 Fedora Release Engineering - 17-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Feb 9 2011 Lennart Poettering - 17-3 +- Fix popen() of systemctl, #674916 + +* Mon Feb 7 2011 Bill Nottingham - 17-2 +- add epoch to readahead obsolete + +* Sat Jan 22 2011 Lennart Poettering - 17-1 +- New upstream release + +* Tue Jan 18 2011 Lennart Poettering - 16-2 +- Drop console.conf again, since it is not shipped in pamtmp.conf + +* Sat Jan 8 2011 Lennart Poettering - 16-1 +- New upstream release + +* Thu Nov 25 2010 Lennart Poettering - 15-1 +- New upstream release + +* Thu Nov 25 2010 Lennart Poettering - 14-1 +- Upstream update +- Enable hwclock-load by default +- Obsolete readahead +- Enable /var/run and /var/lock on tmpfs + +* Fri Nov 19 2010 Lennart Poettering - 13-1 +- new upstream release + +* Wed Nov 17 2010 Bill Nottingham 12-3 +- Fix clash + +* Wed Nov 17 2010 Lennart Poettering - 12-2 +- Don't clash with initscripts for now, so that we don't break the builders + +* Wed Nov 17 2010 Lennart Poettering - 12-1 +- New upstream release + +* Fri Nov 12 2010 Matthias Clasen - 11-2 +- Rebuild with newer vala, libnotify + +* Thu Oct 7 2010 Lennart Poettering - 11-1 +- New upstream release + +* Wed Sep 29 2010 Jesse Keating - 10-6 +- Rebuilt for gcc bug 634757 + +* Thu Sep 23 2010 Bill Nottingham - 10-5 +- merge -sysvinit into main package + +* Mon Sep 20 2010 Bill Nottingham - 10-4 +- obsolete upstart-sysvinit too + +* Fri Sep 17 2010 Bill Nottingham - 10-3 +- Drop upstart requires + +* Tue Sep 14 2010 Lennart Poettering - 10-2 +- Enable audit +- https://bugzilla.redhat.com/show_bug.cgi?id=633771 + +* Tue Sep 14 2010 Lennart Poettering - 10-1 +- New upstream release +- https://bugzilla.redhat.com/show_bug.cgi?id=630401 +- https://bugzilla.redhat.com/show_bug.cgi?id=630225 +- https://bugzilla.redhat.com/show_bug.cgi?id=626966 +- https://bugzilla.redhat.com/show_bug.cgi?id=623456 + +* Fri Sep 3 2010 Bill Nottingham - 9-3 +- move fedora-specific units to initscripts; require newer version thereof + +* Fri Sep 3 2010 Lennart Poettering - 9-2 +- Add missing tarball + +* Fri Sep 3 2010 Lennart Poettering - 9-1 +- New upstream version +- Closes 501720, 614619, 621290, 626443, 626477, 627014, 627785, 628913 + +* Fri Aug 27 2010 Lennart Poettering - 8-3 +- Reexecute after installation, take ownership of /var/run/user +- https://bugzilla.redhat.com/show_bug.cgi?id=627457 +- https://bugzilla.redhat.com/show_bug.cgi?id=627634 + +* Thu Aug 26 2010 Lennart Poettering - 8-2 +- Properly create default.target link + +* Wed Aug 25 2010 Lennart Poettering - 8-1 +- New upstream release + +* Thu Aug 12 2010 Lennart Poettering - 7-3 +- Fix https://bugzilla.redhat.com/show_bug.cgi?id=623561 + +* Thu Aug 12 2010 Lennart Poettering - 7-2 +- Fix https://bugzilla.redhat.com/show_bug.cgi?id=623430 + +* Tue Aug 10 2010 Lennart Poettering - 7-1 +- New upstream release + +* Fri Aug 6 2010 Lennart Poettering - 6-2 +- properly hide output on package installation +- pull in coreutils during package installtion + +* Fri Aug 6 2010 Lennart Poettering - 6-1 +- New upstream release +- Fixes #621200 + +* Wed Aug 4 2010 Lennart Poettering - 5-2 +- Add tarball + +* Wed Aug 4 2010 Lennart Poettering - 5-1 +- Prepare release 5 + +* Tue Jul 27 2010 Bill Nottingham - 4-4 +- Add 'sysvinit-userspace' provide to -sysvinit package to fix upgrade/install (#618537) + +* Sat Jul 24 2010 Lennart Poettering - 4-3 +- Add libselinux to build dependencies + +* Sat Jul 24 2010 Lennart Poettering - 4-2 +- Use the right tarball + +* Sat Jul 24 2010 Lennart Poettering - 4-1 +- New upstream release, and make default + +* Tue Jul 13 2010 Lennart Poettering - 3-3 +- Used wrong tarball + +* Tue Jul 13 2010 Lennart Poettering - 3-2 +- Own /cgroup jointly with libcgroup, since we don't dpend on it anymore + +* Tue Jul 13 2010 Lennart Poettering - 3-1 +- New upstream release + +* Fri Jul 9 2010 Lennart Poettering - 2-0 +- New upstream release + +* Wed Jul 7 2010 Lennart Poettering - 1-0 +- First upstream release + +* Tue Jun 29 2010 Lennart Poettering - 0-0.7.20100629git4176e5 +- New snapshot +- Split off -units package where other packages can depend on without pulling in the whole of systemd + +* Tue Jun 22 2010 Lennart Poettering - 0-0.6.20100622gita3723b +- Add missing libtool dependency. + +* Tue Jun 22 2010 Lennart Poettering - 0-0.5.20100622gita3723b +- Update snapshot + +* Mon Jun 14 2010 Rahul Sundaram - 0-0.4.20100614git393024 +- Pull the latest snapshot that fixes a segfault. Resolves rhbz#603231 + +* Fri Jun 11 2010 Rahul Sundaram - 0-0.3.20100610git2f198e +- More minor fixes as per review + +* Thu Jun 10 2010 Rahul Sundaram - 0-0.2.20100610git2f198e +- Spec improvements from David Hollis + +* Wed Jun 09 2010 Rahul Sundaram - 0-0.1.20090609git2f198e +- Address review comments + +* Tue Jun 01 2010 Rahul Sundaram - 0-0.0.git2010-06-02 +- Initial spec (adopted from Kay Sievers)