rpms/systemd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

RHEL 9.0.0 Alpha bootstrap

Browse Source 
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/systemd#14b2fafb3688a4170a9c15235d1c3feb7ddeaf9d
This commit is contained in:
Troy Dawson 2020-10-15 10:17:11 -07:00
parent 0b404acbf0
commit 6c3148f502
31 changed files with 4399 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.gitignore vendored
View File

@ -0,0 +1,8 @@
*~
/systemd-*/
/.build-*.log
/x86_64/
/systemd-*src.rpm
/systemd-*.tar.xz
/systemd-*.tar.gz
/*.rpm

42
0001-Do-not-assert-in-test_add_acls_for_user.patch Normal file
View File

@ -0,0 +1,42 @@
From b177b0ef92d226a9f303aecbff0cf2e7293667b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 8 Aug 2020 09:21:37 +0200
Subject: [PATCH] Do not assert in test_add_acls_for_user()
This is failing on s390x with:
/* test_add_acls_for_user */
add_acls_for_user(3, 1000): Invalid argument
Assertion 'r >= 0' failed at src/test/test-acl-util.c:46, function test_add_acls_for_user(). Aborting.
---
src/test/test-acl-util.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/src/test/test-acl-util.c b/src/test/test-acl-util.c
index 9f0e594e67..a91d64ab0c 100644
--- a/src/test/test-acl-util.c
+++ b/src/test/test-acl-util.c
@@ -43,24 +43,20 @@ static void test_add_acls_for_user(void) {
r = add_acls_for_user(fd, uid);
log_info_errno(r, "add_acls_for_user(%d, "UID_FMT"): %m", fd, uid);
- assert_se(r >= 0);
cmd = strjoina("ls -l ", fn);
assert_se(system(cmd) == 0);
cmd = strjoina("getfacl -p ", fn);
- assert_se(system(cmd) == 0);
/* set the acls again */
r = add_acls_for_user(fd, uid);
- assert_se(r >= 0);
cmd = strjoina("ls -l ", fn);
assert_se(system(cmd) == 0);
cmd = strjoina("getfacl -p ", fn);
- assert_se(system(cmd) == 0);
unlink(fn);
}

34
0001-Document-some-reasonable-DNS-servers-in-the-example-.patch Normal file
View File

@ -0,0 +1,34 @@
From b6c05e03c2e6e98e2f0f129ff5256780bb65bdb2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 6 Oct 2020 13:59:25 +0200
Subject: [PATCH] Document some reasonable DNS servers in the example config
file
We have an option to set the fallback list, so we don't know what the contents
are. It may in fact be empty. Let's add some examples to make it easy for a user
stranded without any DNS to fill in something that would work. As a bonus, this
also gives names to the entries we provide by default.
(I added google and cloudflare because that's what we have currently, and quad9
because it seems to be a good privacy-concious and fast choice and was requested
in #12499. As a minimum, things we should include should be well-known global
services with a documented privacy policy and both IPv4 and IPv6 support and
decent response times.)
---
src/resolve/resolved.conf.in | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/resolve/resolved.conf.in b/src/resolve/resolved.conf.in
index 082ad71626..514021792f 100644
--- a/src/resolve/resolved.conf.in
+++ b/src/resolve/resolved.conf.in
@@ -12,6 +12,10 @@
# See resolved.conf(5) for details
[Resolve]
+# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
+# Cloudflare: 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001
+# Google: 8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844
+# Quad9: 9.9.9.9 2620:fe::fe
#DNS=
#FallbackDNS=@DNS_SERVERS@
#Domains=

30
0001-Revert-test-path-increase-timeout.patch Normal file
View File

@ -0,0 +1,30 @@
From a73d30081a13eaeffce87f997726a179ec44d817 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 31 Jul 2020 10:50:37 +0200
Subject: [PATCH 1/4] Revert "test-path: increase timeout"
This partially reverts commit 500727c220354b81b68ed6667d9a6f0fafe3ba19.
I was confused by the error message: the test says it timed out, but that's
because it's waiting for a failed unit to come back to life. There is no actual
timeout.
So let's keep the minor refactoring that was done, but revert to the old short
timeout.
---
src/test/test-path.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/test/test-path.c b/src/test/test-path.c
index 1075f31bc6..63b709c8da 100644
--- a/src/test/test-path.c
+++ b/src/test/test-path.c
@@ -82,7 +82,7 @@ static void check_states(Manager *m, Path *path, Service *service, PathState pat
assert_se(m);
assert_se(service);
- usec_t end = now(CLOCK_MONOTONIC) + 30 * USEC_PER_SEC;
+ usec_t end = now(CLOCK_MONOTONIC) + 2 * USEC_PER_SEC;
while (path->result != PATH_SUCCESS || service->result != SERVICE_SUCCESS ||
path->state != path_state || service->state != service_state) {

46
0001-test-acl-util-output-more-debug-info.patch Normal file
View File

@ -0,0 +1,46 @@
From 8cad57ed62a642515670ba79dddb30193456e803 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 7 Aug 2020 18:54:37 +0200
Subject: [PATCH] test-acl-util: output more debug info
For some reason this failed in koji build on s390x:
--- command ---
16:12:46 PATH='/builddir/build/BUILD/systemd-stable-246.1/s390x-redhat-linux-gnu:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin' SYSTEMD_LANGUAGE_FALLBACK_MAP='/builddir/build/BUILD/systemd-stable-246.1/src/locale/language-fallback-map' SYSTEMD_KBD_MODEL_MAP='/builddir/build/BUILD/systemd-stable-246.1/src/locale/kbd-model-map' /builddir/build/BUILD/systemd-stable-246.1/s390x-redhat-linux-gnu/test-acl-util
--- stdout ---
-rw-r-----. 1 mockbuild mock 0 Aug 7 16:12 /tmp/test-empty.7RzmEc
other::---
--- stderr ---
Assertion 'r >= 0' failed at src/test/test-acl-util.c:42, function test_add_acls_for_user(). Aborting.
---
src/test/test-acl-util.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/test/test-acl-util.c b/src/test/test-acl-util.c
index df879747f5..9f0e594e67 100644
--- a/src/test/test-acl-util.c
+++ b/src/test/test-acl-util.c
@@ -7,6 +7,7 @@
#include "acl-util.h"
#include "fd-util.h"
+#include "format-util.h"
#include "string-util.h"
#include "tmpfile-util.h"
#include "user-util.h"
@@ -18,6 +19,8 @@ static void test_add_acls_for_user(void) {
uid_t uid;
int r;
+ log_info("/* %s */", __func__);
+
fd = mkostemp_safe(fn);
assert_se(fd >= 0);
@@ -39,6 +42,7 @@ static void test_add_acls_for_user(void) {
uid = getuid();
r = add_acls_for_user(fd, uid);
+ log_info_errno(r, "add_acls_for_user(%d, "UID_FMT"): %m", fd, uid);
assert_se(r >= 0);
cmd = strjoina("ls -l ", fn);

78
0002-test-path-more-debugging-information.patch Normal file
View File

@ -0,0 +1,78 @@
From 4c38dcdc8d8f22dddc521faedad6a4f45fa81d63 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 14 Sep 2020 08:56:28 +0200
Subject: [PATCH 2/4] test-path: more debugging information
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Just to make it easier to grok what happens when test-path fails.
Change printf→log_info so that output is interleaved and not split in two
independent parts in log files.
---
src/test/test-path.c | 31 ++++++++++++++++++-------------
1 file changed, 18 insertions(+), 13 deletions(-)
diff --git a/src/test/test-path.c b/src/test/test-path.c
index 63b709c8da..84dcf5e37d 100644
--- a/src/test/test-path.c
+++ b/src/test/test-path.c
@@ -1,7 +1,6 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#include <stdbool.h>
-#include <stdio.h>
#include <sys/stat.h>
#include <sys/types.h>
@@ -78,32 +77,38 @@ static Service *service_for_path(Manager *m, Path *path, const char *service_nam
return SERVICE(service_unit);
}
-static void check_states(Manager *m, Path *path, Service *service, PathState path_state, ServiceState service_state) {
+static void _check_states(unsigned line,
+ Manager *m, Path *path, Service *service, PathState path_state, ServiceState service_state) {
assert_se(m);
assert_se(service);
usec_t end = now(CLOCK_MONOTONIC) + 2 * USEC_PER_SEC;
- while (path->result != PATH_SUCCESS || service->result != SERVICE_SUCCESS ||
- path->state != path_state || service->state != service_state) {
+ while (path->state != path_state || service->state != service_state ||
+ path->result != PATH_SUCCESS || service->result != SERVICE_SUCCESS) {
assert_se(sd_event_run(m->event, 100 * USEC_PER_MSEC) >= 0);
- printf("%s: state = %s; result = %s \n",
- UNIT(path)->id,
- path_state_to_string(path->state),
- path_result_to_string(path->result));
- printf("%s: state = %s; result = %s \n",
- UNIT(service)->id,
- service_state_to_string(service->state),
- service_result_to_string(service->result));
+ usec_t n = now(CLOCK_MONOTONIC);
+ log_info("line %d: %s: state = %s; result = %s (left: %" PRIi64 ")",
+ line,
+ UNIT(path)->id,
+ path_state_to_string(path->state),
+ path_result_to_string(path->result),
+ end - n);
+ log_info("line %d: %s: state = %s; result = %s",
+ line,
+ UNIT(service)->id,
+ service_state_to_string(service->state),
+ service_result_to_string(service->result));
- if (now(CLOCK_MONOTONIC) >= end) {
+ if (n >= end) {
log_error("Test timeout when testing %s", UNIT(path)->id);
exit(EXIT_FAILURE);
}
}
}
+#define check_states(...) _check_states(__LINE__, __VA_ARGS__)
static void test_path_exists(Manager *m) {
const char *test_path = "/tmp/test-path_exists";

245
0003-test-path-do-not-fail-the-test-if-we-fail-to-start-s.patch Normal file
View File

@ -0,0 +1,245 @@
From 67c6ff720796bc97f262ba93c6ea87da93b04a1a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 31 Jul 2020 10:36:57 +0200
Subject: [PATCH 3/4] test-path: do not fail the test if we fail to start some
service
The test was failing because it couldn't start the service:
path-modified.service: state = failed; result = exit-code
path-modified.path: state = waiting; result = success
path-modified.service: state = failed; result = exit-code
path-modified.path: state = waiting; result = success
path-modified.service: state = failed; result = exit-code
path-modified.path: state = waiting; result = success
path-modified.service: state = failed; result = exit-code
path-modified.path: state = waiting; result = success
path-modified.service: state = failed; result = exit-code
path-modified.path: state = waiting; result = success
path-modified.service: state = failed; result = exit-code
Failed to connect to system bus: No such file or directory
-.slice: Failed to enable/disable controllers on cgroup /system.slice/kojid.service, ignoring: Permission denied
path-modified.service: Failed to create cgroup /system.slice/kojid.service/path-modified.service: Permission denied
path-modified.service: Failed to attach to cgroup /system.slice/kojid.service/path-modified.service: No such file or directory
path-modified.service: Failed at step CGROUP spawning /bin/true: No such file or directory
path-modified.service: Main process exited, code=exited, status=219/CGROUP
path-modified.service: Failed with result 'exit-code'.
Test timeout when testing path-modified.path
In fact any of the services that we try to start may fail, especially
considering that we're doing some rogue cgroup operations. See
https://github.com/systemd/systemd/pull/16603#issuecomment-679133641.
---
src/test/test-path.c | 88 ++++++++++++++++++++++++++++++--------------
1 file changed, 61 insertions(+), 27 deletions(-)
diff --git a/src/test/test-path.c b/src/test/test-path.c
index 84dcf5e37d..d6c37b77e6 100644
--- a/src/test/test-path.c
+++ b/src/test/test-path.c
@@ -77,8 +77,8 @@ static Service *service_for_path(Manager *m, Path *path, const char *service_nam
return SERVICE(service_unit);
}
-static void _check_states(unsigned line,
- Manager *m, Path *path, Service *service, PathState path_state, ServiceState service_state) {
+static int _check_states(unsigned line,
+ Manager *m, Path *path, Service *service, PathState path_state, ServiceState service_state) {
assert_se(m);
assert_se(service);
@@ -102,11 +102,20 @@ static void _check_states(unsigned line,
service_state_to_string(service->state),
service_result_to_string(service->result));
+ if (service->state == SERVICE_FAILED)
+ return log_notice_errno(SYNTHETIC_ERRNO(ECANCELED),
+ "Failed to start service %s, aborting test: %s/%s",
+ UNIT(service)->id,
+ service_state_to_string(service->state),
+ service_result_to_string(service->result));
+
if (n >= end) {
log_error("Test timeout when testing %s", UNIT(path)->id);
exit(EXIT_FAILURE);
}
}
+
+ return 0;
}
#define check_states(...) _check_states(__LINE__, __VA_ARGS__)
@@ -124,18 +133,22 @@ static void test_path_exists(Manager *m) {
service = service_for_path(m, path, NULL);
assert_se(unit_start(unit) >= 0);
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
+ return;
assert_se(touch(test_path) >= 0);
- check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
+ if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
+ return;
/* Service restarts if file still exists */
assert_se(unit_stop(UNIT(service)) >= 0);
- check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
+ if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
+ return;
assert_se(rm_rf(test_path, REMOVE_ROOT|REMOVE_PHYSICAL) == 0);
assert_se(unit_stop(UNIT(service)) >= 0);
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
+ return;
assert_se(unit_stop(unit) >= 0);
}
@@ -154,18 +167,22 @@ static void test_path_existsglob(Manager *m) {
service = service_for_path(m, path, NULL);
assert_se(unit_start(unit) >= 0);
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
+ return;
assert_se(touch(test_path) >= 0);
- check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
+ if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
+ return;
/* Service restarts if file still exists */
assert_se(unit_stop(UNIT(service)) >= 0);
- check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
+ if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
+ return;
assert_se(rm_rf(test_path, REMOVE_ROOT|REMOVE_PHYSICAL) == 0);
assert_se(unit_stop(UNIT(service)) >= 0);
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
+ return;
assert_se(unit_stop(unit) >= 0);
}
@@ -185,23 +202,28 @@ static void test_path_changed(Manager *m) {
service = service_for_path(m, path, NULL);
assert_se(unit_start(unit) >= 0);
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
+ return;
assert_se(touch(test_path) >= 0);
- check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
+ if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
+ return;
/* Service does not restart if file still exists */
assert_se(unit_stop(UNIT(service)) >= 0);
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
+ return;
f = fopen(test_path, "w");
assert_se(f);
fclose(f);
- check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
+ if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
+ return;
assert_se(unit_stop(UNIT(service)) >= 0);
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
+ return;
(void) rm_rf(test_path, REMOVE_ROOT|REMOVE_PHYSICAL);
assert_se(unit_stop(unit) >= 0);
@@ -222,23 +244,28 @@ static void test_path_modified(Manager *m) {
service = service_for_path(m, path, NULL);
assert_se(unit_start(unit) >= 0);
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
+ return;
assert_se(touch(test_path) >= 0);
- check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
+ if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
+ return;
/* Service does not restart if file still exists */
assert_se(unit_stop(UNIT(service)) >= 0);
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
+ return;
f = fopen(test_path, "w");
assert_se(f);
fputs("test", f);
- check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
+ if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
+ return;
assert_se(unit_stop(UNIT(service)) >= 0);
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
+ return;
(void) rm_rf(test_path, REMOVE_ROOT|REMOVE_PHYSICAL);
assert_se(unit_stop(unit) >= 0);
@@ -258,14 +285,17 @@ static void test_path_unit(Manager *m) {
service = service_for_path(m, path, "path-mycustomunit.service");
assert_se(unit_start(unit) >= 0);
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
+ return;
assert_se(touch(test_path) >= 0);
- check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
+ if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
+ return;
assert_se(rm_rf(test_path, REMOVE_ROOT|REMOVE_PHYSICAL) == 0);
assert_se(unit_stop(UNIT(service)) >= 0);
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
+ return;
assert_se(unit_stop(unit) >= 0);
}
@@ -286,22 +316,26 @@ static void test_path_directorynotempty(Manager *m) {
assert_se(access(test_path, F_OK) < 0);
assert_se(unit_start(unit) >= 0);
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
+ return;
/* MakeDirectory default to no */
assert_se(access(test_path, F_OK) < 0);
assert_se(mkdir_p(test_path, 0755) >= 0);
assert_se(touch(strjoina(test_path, "test_file")) >= 0);
- check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
+ if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
+ return;
/* Service restarts if directory is still not empty */
assert_se(unit_stop(UNIT(service)) >= 0);
- check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
+ if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
+ return;
assert_se(rm_rf(test_path, REMOVE_ROOT|REMOVE_PHYSICAL) == 0);
assert_se(unit_stop(UNIT(service)) >= 0);
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
+ return;
assert_se(unit_stop(unit) >= 0);
}

94
0004-test-path-use-Type-exec.patch Normal file
View File

@ -0,0 +1,94 @@
From 1a83d7234e374e991235f4ef21c56998f93cb875 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 14 Sep 2020 08:58:54 +0200
Subject: [PATCH 4/4] test-path: use Type=exec
In general, Type=exec is superior to Type=simple. Let's not assume that
the service is started before it was really started.
---
test/test-path/path-changed.service | 2 +-
test/test-path/path-directorynotempty.service | 2 +-
test/test-path/path-exists.service | 2 +-
test/test-path/path-existsglob.service | 2 +-
test/test-path/path-makedirectory.service | 2 +-
test/test-path/path-modified.service | 2 +-
test/test-path/path-mycustomunit.service | 2 +-
7 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/test/test-path/path-changed.service b/test/test-path/path-changed.service
index fb465d76bb..b75552df4f 100644
--- a/test/test-path/path-changed.service
+++ b/test/test-path/path-changed.service
@@ -3,5 +3,5 @@ Description=Service Test for Path units
[Service]
ExecStart=/bin/true
-Type=simple
+Type=exec
RemainAfterExit=true
diff --git a/test/test-path/path-directorynotempty.service b/test/test-path/path-directorynotempty.service
index fb465d76bb..b75552df4f 100644
--- a/test/test-path/path-directorynotempty.service
+++ b/test/test-path/path-directorynotempty.service
@@ -3,5 +3,5 @@ Description=Service Test for Path units
[Service]
ExecStart=/bin/true
-Type=simple
+Type=exec
RemainAfterExit=true
diff --git a/test/test-path/path-exists.service b/test/test-path/path-exists.service
index fb465d76bb..b75552df4f 100644
--- a/test/test-path/path-exists.service
+++ b/test/test-path/path-exists.service
@@ -3,5 +3,5 @@ Description=Service Test for Path units
[Service]
ExecStart=/bin/true
-Type=simple
+Type=exec
RemainAfterExit=true
diff --git a/test/test-path/path-existsglob.service b/test/test-path/path-existsglob.service
index fb465d76bb..b75552df4f 100644
--- a/test/test-path/path-existsglob.service
+++ b/test/test-path/path-existsglob.service
@@ -3,5 +3,5 @@ Description=Service Test for Path units
[Service]
ExecStart=/bin/true
-Type=simple
+Type=exec
RemainAfterExit=true
diff --git a/test/test-path/path-makedirectory.service b/test/test-path/path-makedirectory.service
index fb465d76bb..b75552df4f 100644
--- a/test/test-path/path-makedirectory.service
+++ b/test/test-path/path-makedirectory.service
@@ -3,5 +3,5 @@ Description=Service Test for Path units
[Service]
ExecStart=/bin/true
-Type=simple
+Type=exec
RemainAfterExit=true
diff --git a/test/test-path/path-modified.service b/test/test-path/path-modified.service
index fb465d76bb..b75552df4f 100644
--- a/test/test-path/path-modified.service
+++ b/test/test-path/path-modified.service
@@ -3,5 +3,5 @@ Description=Service Test for Path units
[Service]
ExecStart=/bin/true
-Type=simple
+Type=exec
RemainAfterExit=true
diff --git a/test/test-path/path-mycustomunit.service b/test/test-path/path-mycustomunit.service
index bcdafe4f30..8fbc40d13f 100644
--- a/test/test-path/path-mycustomunit.service
+++ b/test/test-path/path-mycustomunit.service
@@ -3,5 +3,5 @@ Description=Service Test Path Unit
[Service]
ExecStart=/bin/true
-Type=simple
+Type=exec
RemainAfterExit=true

51
20-grubby.install Executable file
View File

@ -0,0 +1,51 @@
#!/bin/bash
if [[ ! -x /sbin/new-kernel-pkg ]]; then
exit 0
fi
COMMAND="$1"
KERNEL_VERSION="$2"
BOOT_DIR_ABS="$3"
KERNEL_IMAGE="$4"
KERNEL_DIR="${KERNEL_IMAGE%/*}"
[[ "$KERNEL_VERSION" == *\+* ]] && flavor=-"${KERNEL_VERSION##*+}"
case "$COMMAND" in
add)
if [[ "${KERNEL_DIR}" != "/boot" ]]; then
for i in \
"$KERNEL_IMAGE" \
"$KERNEL_DIR"/System.map \
"$KERNEL_DIR"/config \
"$KERNEL_DIR"/zImage.stub \
"$KERNEL_DIR"/dtb \
; do
[[ -e "$i" ]] || continue
cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}"
command -v restorecon &>/dev/null && \
restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}"
done
# hmac is .vmlinuz-<version>.hmac so needs a special treatment
i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac"
if [[ -e "$i" ]]; then
cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
command -v restorecon &>/dev/null && \
restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
fi
fi
/sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $?
/sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $?
/sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $?
;;
remove)
/sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $?
;;
*)
;;
esac
# skip other installation plugins, if we can't find a boot loader spec conforming setup
if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then
exit 77
fi

42
20-yama-ptrace.conf Normal file
View File

@ -0,0 +1,42 @@
# The ptrace system call is used for interprocess services,
# communication and introspection (like synchronisation, signaling,
# debugging, tracing and profiling) of processes.
#
# Usage of ptrace is restricted by normal user permissions. Normal
# unprivileged processes cannot use ptrace on processes that they
# cannot send signals to or processes that are running set-uid or
# set-gid. Nevertheless, processes running under the same uid will
# usually be able to ptrace one another.
#
# Fedora enables the Yama security mechanism which restricts ptrace
# even further. Sysctl setting kernel.yama.ptrace_scope can have one
# of the following values:
#
# 0 - Normal ptrace security permissions.
# 1 - Restricted ptrace. Only child processes plus normal permissions.
# 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE.
# 3 - No attach. No process may call ptrace at all. Irrevocable.
#
# For more information see Documentation/security/Yama.txt in the
# kernel sources.
#
# The default is 1., which allows tracing of child processes, but
# forbids tracing of arbitrary processes. This allows programs like
# gdb or strace to work when the most common way of having the
# debugger start the debuggee is used:
# gdb /path/to/program ...
# Attaching to already running programs is NOT allowed:
# gdb -p ...
# This default setting is suitable for the common case, because it
# reduces the risk that one hacked process can be used to attack other
# processes. (For example, a hacked firefox process in a user session
# will not be able to ptrace the keyring process and extract passwords
# stored only in memory.)
#
# Developers and administrators might want to disable those protections
# to be able to attach debuggers to existing processes. Use
# sysctl kernel.yama.ptrace_scope=0
# for change the setting temporarily, or copy this file to
# /etc/sysctl.d/20-yama-ptrace.conf to set it for future boots.
kernel.yama.ptrace_scope = 0

129
f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch Normal file
View File

@ -0,0 +1,129 @@
From f58b96d3e8d1cb0dd3666bc74fa673918b586612 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 14 Sep 2020 17:58:03 +0200
Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id()
https://bugzilla.redhat.com/show_bug.cgi?id=1803070
I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different
than the one we get from /proc/self/fdinfo/. This only matters when both statx and
name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo:
(gdb) !uname -r
5.6.19-200.fc31.ppc64le
(gdb) !cat /proc/self/mountinfo
697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <==========================================================
701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel
702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw
703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755
704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel
705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666
706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755
722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel
725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel
614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate
615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
The test process does
name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then
openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then
read(open("/proc/self/fdinfo/4", ...)) which gives
"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n"
and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo.
We could either drop the fallback path (and fail name_to_handle_at() is not
avaliable) or ignore the error in the test. Not sure what is better. I think
this issue only occurs sometimes and with older kernels, so probably continuing
with the current flaky implementation is better than ripping out the fallback.
Another strace:
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603
) = 28
name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697
) = 20
name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605
) = 30
name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703
) = 23
name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported)
openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4</proc/filesystems>
openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5</proc/20/fdinfo/4>
fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
read(5</proc/20/fdinfo/4>, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36
read(5</proc/20/fdinfo/4>, "", 1024) = 0
close(5</proc/20/fdinfo/4>) = 0
close(4</proc/filesystems>) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725
) = 42
writev(2</dev/pts/0>, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc
) = 39
writev(2</dev/pts/0>, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.
) = 109
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
getpid() = 20
gettid() = 20
tgkill(20, 20, SIGABRT) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=20, si_uid=0} ---
+++ killed by SIGABRT (core dumped) +++
---
src/test/test-mountpoint-util.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
index 30b00ae4d8b..ffe5144b04a 100644
--- a/src/test/test-mountpoint-util.c
+++ b/src/test/test-mountpoint-util.c
@@ -89,8 +89,12 @@ static void test_mnt_id(void) {
/* The ids don't match? If so, then there are two mounts on the same path, let's check if
* that's really the case */
char *t = hashmap_get(h, INT_TO_PTR(mnt_id2));
- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t);
- assert_se(path_equal(p, t));
+ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t);
+
+ if (!path_equal(p, t))
+ /* Apparent kernel bug in /proc/self/fdinfo */
+ log_warning("Bad mount id given for %s: %d, should be %d",
+ p, mnt_id2, mnt_id);
}
}

16
inittab Normal file
View File

@ -0,0 +1,16 @@
# inittab is no longer used.
#
# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.
#
# Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target
#
# systemd uses 'targets' instead of runlevels. By default, there are two main targets:
#
# multi-user.target: analogous to runlevel 3
# graphical.target: analogous to runlevel 5
#
# To view current default target, run:
# systemctl get-default
#
# To set a default target, run:
# systemctl set-default TARGET.target

3
libsystemd-shared.abignore Normal file
View File

@ -0,0 +1,3 @@
[suppress_file]
# This shared object is private to systemd
file_name_regexp=libsystemd-shared-.*.so

10
macros.sysusers Normal file
View File

@ -0,0 +1,10 @@
# RPM macros for packages creating system accounts
#
# Turn a sysusers.d file into macros specified by
# https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation
%sysusers_requires_compat Requires(pre): shadow-utils
%sysusers_create_compat() \
%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \
%{nil}

101
purge-nobody-user Executable file
View File

@ -0,0 +1,101 @@
#!/bin/bash -eu
if [ $UID -ne 0 ]; then
echo "WARNING: This script needs to run as root to be effective"
exit 1
fi
export SYSTEMD_NSS_BYPASS_SYNTHETIC=1
if [ "${1:-}" = "--ignore-journal" ]; then
shift
ignore_journal=1
else
ignore_journal=0
fi
echo "Checking processes..."
if ps h -u 99 | grep .; then
echo "ERROR: ps reports processes with UID 99!"
exit 2
fi
echo "... not found"
echo "Checking UTMP..."
if w -h 199 | grep . ; then
echo "ERROR: w reports UID 99 as active!"
exit 2
fi
if w -h nobody | grep . ; then
echo "ERROR: w reports user nobody as active!"
exit 2
fi
echo "... not found"
echo "Checking the journal..."
if [ "$ignore_journal" = 0 ] && journalctl -q -b -n10 _UID=99 | grep . ; then
echo "ERROR: journalctl reports messages from UID 99 in current boot!"
exit 2
fi
echo "... not found"
echo "Looking for files in /etc, /run, /tmp, and /var..."
if find /etc /run /tmp /var -uid 99 -print | grep -m 10 . ; then
echo "ERROR: found files belonging to UID 99"
exit 2
fi
echo "... not found"
echo "Checking if nobody is defined correctly..."
if getent passwd nobody |
grep '^nobody:[x*]:65534:65534:.*:/:/sbin/nologin';
then
echo "OK, nothing to do."
exit 0
else
echo "NOTICE: User nobody is not defined correctly"
fi
echo "Checking if nfsnobody or something else is using the uid..."
if getent passwd 65534 | grep . ; then
echo "NOTICE: will have to remove this user"
else
echo "... not found"
fi
if [ "${1:-}" = "-x" ]; then
if getent passwd nobody >/dev/null; then
# this will remove both the user and the group.
( set -x
userdel nobody
)
fi
if getent passwd 65534 >/dev/null; then
# Make sure the uid is unused. This should free gid too.
name="$(getent passwd 65534 | cut -d: -f1)"
( set -x
userdel "$name"
)
fi
if grep -qE '^(passwd|group):.*\bsss\b' /etc/nsswitch.conf; then
echo "Sleeping, so sss can catch up"
sleep 3
fi
if getent group 65534; then
# Make sure the gid is unused, even if uid wasn't.
name="$(getent group 65534 | cut -d: -f1)"
( set -x
groupdel "$name"
)
fi
# systemd-sysusers uses the same gid and uid
( set -x
systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin'
)
else
echo "Pass '-x' to perform changes"
fi

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (systemd-246.6.tar.gz) = 1936b291d9831cf61f800fe718a4c2c2fe9b2a11fd817fe32bd48da2087a675dfc91013209a3478ea52e8ada593300ed906e248b8081dcf9141bf1cc17483ea9

145
split-files.py Normal file
View File

@ -0,0 +1,145 @@
import re, sys, os, collections
buildroot = sys.argv[1]
known_files = sys.stdin.read().splitlines()
known_files = {line.split()[-1]:line for line in known_files}
def files(root):
os.chdir(root)
todo = collections.deque(['.'])
while todo:
n = todo.pop()
files = os.scandir(n)
for file in files:
yield file
if file.is_dir() and not file.is_symlink():
todo.append(file)
o_libs = open('.file-list-libs', 'w')
o_udev = open('.file-list-udev', 'w')
o_pam = open('.file-list-pam', 'w')
o_rpm_macros = open('.file-list-rpm-macros', 'w')
o_devel = open('.file-list-devel', 'w')
o_container = open('.file-list-container', 'w')
o_networkd = open('.file-list-networkd', 'w')
o_remote = open('.file-list-remote', 'w')
o_tests = open('.file-list-tests', 'w')
o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w')
o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w')
o_rest = open('.file-list-rest', 'w')
for file in files(buildroot):
n = file.path[1:]
if re.match(r'''/usr/(share|include)$|
/usr/share/man(/man.|)$|
/usr/share/zsh(/site-functions|)$|
/usr/share/dbus-1$|
/usr/share/dbus-1/system.d$|
/usr/share/dbus-1/(system-|)services$|
/usr/share/polkit-1(/actions|/rules.d|)$|
/usr/share/pkgconfig$|
/usr/share/bash-completion(/completions|)$|
/usr(/lib|/lib64|/bin|/sbin|)$|
/usr/lib.*/(security|pkgconfig)$|
/usr/lib/rpm(/macros.d|)$|
/usr/lib/firewalld(/services|)$|
/usr/share/(locale|licenses|doc)| # no $
/etc(/pam\.d|/xdg|/X11|/X11/xinit|/X11.*\.d|)$|
/etc/(dnf|dnf/protected.d)$|
/usr/(src|lib/debug)| # no $
/run$|
/var(/cache|/log|/lib|/run|)$
''', n, re.X):
continue
if '/security/pam_' in n or '/man8/pam_' in n:
o = o_pam
elif '/rpm/' in n:
o = o_rpm_macros
elif '/usr/lib/systemd/tests' in n:
o = o_tests
elif re.search(r'/lib.*\.pc|/man3/|/usr/include|(?<!/libsystemd-shared-...).so$', n):
o = o_devel
elif re.search(r'''journal-(remote|gateway|upload)|
systemd-remote\.conf|
/usr/share/systemd/gatewayd|
/var/log/journal/remote
''', n, re.X):
o = o_remote
elif re.search(r'''mymachines|
machinectl|
systemd-nspawn|
import-pubring.gpg|
systemd-(machined|import|pull)|
/machine.slice|
/machines.target|
var-lib-machines.mount|
network/80-container|
network/80-vm|
org.freedesktop.(import|machine)1
''', n, re.X):
o = o_container
elif re.search(r'''/usr/lib/systemd/network/..-wifi|
networkd|
networkctl|
org.freedesktop.network1
''', n, re.X):
o = o_networkd
elif '.so.' in n:
o = o_libs
elif re.search(r'''udev(?!\.pc)|
hwdb|
bootctl|
sd-boot|systemd-boot\.|loader.conf|
bless-boot|
boot-system-token|
kernel-install|
vconsole|
backlight|
rfkill|
random-seed|
modules-load|
timesync|
cryptsetup|
kmod|
quota|
pstore|
sleep|suspend|hibernate|
systemd-tmpfiles-setup-dev|
network/99-default.link|
growfs|makefs|makeswap|mkswap|
fsck|
repart|
gpt-auto|
volatile-root|
verity-setup|
remount-fs|
/boot$|
/boot/efi|
/kernel/|
/kernel$|
/modprobe.d
''', n, re.X):
o = o_udev
elif n.endswith('.standalone'):
if 'tmpfiles' in n:
o = o_standalone_tmpfiles
elif 'sysusers' in n:
o = o_standalone_sysusers
else:
assert False, 'Found .standalone not belonging to known packages'
else:
o = o_rest
if n in known_files:
prefix = ' '.join(known_files[n].split()[:-1])
if prefix:
prefix += ' '
elif file.is_dir() and not file.is_symlink():
prefix = '%dir '
elif n.startswith('/etc'):
prefix = '%config(noreplace) '
else:
prefix = ''
suffix = '*' if '/man/' in n else ''
print(f'{prefix}{n}{suffix}', file=o)

10
sysctl.conf.README Normal file
View File

@ -0,0 +1,10 @@
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).

6
systemd-journal-gatewayd.xml Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>systemd-journal-gatewayd</short>
<description>Journal Gateway Service</description>
<port protocol="tcp" port="19531"/>
</service>

6
systemd-journal-remote.xml Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>systemd-journal-remote</short>
<description>Journal Remote Sink</description>
<port protocol="tcp" port="19532"/>
</service>

3
systemd-udev-trigger-no-reload.conf Normal file
View File

@ -0,0 +1,3 @@
[Unit]
# https://bugzilla.redhat.com/show_bug.cgi?id=1378974#c17
RefuseManualStop=true

10
systemd-user Normal file
View File

@ -0,0 +1,10 @@
# This file is part of systemd.
#
# Used by systemd --user instances.
account include system-auth
session required pam_selinux.so close
session required pam_selinux.so nottys open
session required pam_loginuid.so
session include system-auth

50
systemd.rpmlintrc Normal file
View File

@ -0,0 +1,50 @@
# Just kill all warnings about README being wrong in every possible way
addFilter(r'README')
addFilter(r'missing-call-to-(chdir-with-chroot|setgroups-before-setuid)')
addFilter(r'executable-marked-as-config-file /etc/X11/xinit/xinitrc.d/50-systemd-user.sh')
addFilter(r'non-readable /etc/crypttab')
addFilter(r'non-conffile-in-etc /etc/inittab')
addFilter(r'systemd-unit-in-etc /etc/systemd/.*\.wants')
addFilter(r'dangling-relative-symlink /usr/lib/environment.d/99-environment.conf ../../../etc/environment')
addFilter(r'devel-file-in-non-devel-package /usr/share/pkgconfig/(systemd|udev).pc')
addFilter(r'non-standard-dir-perm /var/cache/private 700')
addFilter(r'non-root-group-log-file /var/log/btmp utmp')
addFilter(r'non-standard-dir-perm /var/log/private 700')
addFilter(r'non-root-group-log-file /var/log/wtmp utmp')
addFilter(r'dangerous-command-in-')
addFilter(r'summary-not-capitalized C systemd')
addFilter(r'obsolete-not-provided')
addFilter(r'postin-without-ldconfig')
addFilter(r'systemd-rpm-macros.noarch: W: only-non-binary-in-usr-lib')
addFilter(r'systemd-rpm-macros.noarch: W: no-documentation')
addFilter(r'systemd-tests\..*: W: no-documentation')
addFilter(r'systemd-tests.*: E: zero-length /usr/lib/systemd/tests/testdata/test-umount/empty.mountinfo')
addFilter(r'hardcoded-library-path in.*(firewalld|install.d|lib/systemd)')
# everybody does it this way: systemd, syslog-ng, rsyslog
addFilter(r'unversioned-explicit-provides syslog')
# systemd-machine-id-setup requires libssl
addFilter(r'explicit-lib-dependency openssl-libs')
addFilter(r'systemd.src:.*strange-permission')

2927
systemd.spec Normal file
View File

File diff suppressed because it is too large Load Diff

2
sysusers.attr Normal file
View File

@ -0,0 +1,2 @@
%__sysusers_provides %{_rpmconfigdir}/sysusers.prov
%__sysusers_path ^%{_sysusersdir}/.*\\.conf$

79
sysusers.generate-pre.sh Executable file
View File

@ -0,0 +1,79 @@
#!/bin/bash
# This script turns sysuser.d files into scriptlets mandated by Fedora
# packaging guidelines. The general idea is to define users using the
# declarative syntax but to turn this into traditional scriptlets.
user() {
user="$1"
uid="$2"
desc="$3"
group="$4"
home="$5"
shell="$6"
[ "$desc" = '-' ] && desc=
[ "$home" = '-' -o "$home" = '' ] && home=/
[ "$shell" = '-' -o "$shell" = '' ] && shell=/sbin/nologin
if [ "$uid" = '-' -o "$uid" = '' ]; then
cat <<EOF
getent passwd '$user' >/dev/null || \\
useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user'
EOF
else
cat <<EOF
if ! getent passwd '$user' >/dev/null ; then
if ! getent passwd '$uid' >/dev/null ; then
useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user'
else
useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user'
fi
fi
EOF
fi
}
group() {
group="$1"
gid="$2"
if [ "$gid" = '-' ]; then
cat <<EOF
getent group '$group' >/dev/null || groupadd -r '$group'
EOF
else
cat <<EOF
getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group'
EOF
fi
}
parse() {
while read line || [ "$line" ]; do
[ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue
line="${line## *}"
[ -z "$line" ] && continue
eval arr=( $line )
case "${arr[0]}" in
('u')
group "${arr[1]}" "${arr[2]}"
user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}"
# TODO: user:group support
;;
('g')
group "${arr[1]}" "${arr[2]}"
;;
('m')
group "${arr[2]}" "-"
user "${arr[1]}" "-" "" "${arr[2]}"
;;
esac
done
}
for fn in "$@"; do
[ -e "$fn" ] || continue
echo "# generated from $(basename $fn)"
parse < "$fn"
done

28
sysusers.prov Executable file
View File

@ -0,0 +1,28 @@
#!/bin/bash
parse() {
while read line; do
[ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue
line="${line## *}"
[ -z "$line" ] && continue
set -- $line
case "$1" in
('u')
echo "user($2)"
echo "group($2)"
# TODO: user:group support
;;
('g')
echo "group($2)"
;;
('m')
echo "user($2)"
echo "group($3)"
;;
esac
done
}
while read fn; do
parse < "$fn"
done

50
tests/tests-reboot.yml Normal file
View File

@ -0,0 +1,50 @@
---
- hosts: localhost
vars:
- artifacts: "{{ lookup('env', 'TEST_ARTIFACTS')|default('./artifacts', true) }}"
tags:
- classic
tasks:
# switch SELinux to permissive mode
- name: Get default kernel
command: "grubby --default-kernel"
register: default_kernel
- debug: msg="{{ default_kernel.stdout }}"
- name: Set permissive mode
command: "grubby --args=enforcing=0 --update-kernel {{ default_kernel.stdout }}"
- name: reboot
block:
- name: restart host
shell: sleep 2 && shutdown -r now "Ansible updates triggered"
async: 1
poll: 0
ignore_errors: true
- name: wait for host to come back
wait_for_connection:
delay: 10
timeout: 300
- name: Re-create /tmp/artifacts
command: mkdir /tmp/artifacts
- name: Gather SELinux denials since boot
shell: |
result=pass
dmesg | grep -i -e type=1300 -e type=1400 > /tmp/avc.log && result=fail
ausearch -m avc -m selinux_err -m user_avc -ts boot &>> /tmp/avc.log
grep -q '<no matches>' /tmp/avc.log || result=fail
echo -e "\nresults:\n- test: reboot and collect AVC\n result: $result\n logs:\n - avc.log\n\n" > /tmp/results.yml
( [ $result = "pass" ] && echo PASS test-reboot || echo FAIL test-reboot ) > /tmp/test.log
always:
- name: Pull out the artifacts
fetch:
dest: "{{ artifacts }}/"
src: "{{ item }}"
flat: yes
with_items:
- /tmp/test.log
- /tmp/avc.log
- /tmp/results.yml

111
triggers.systemd Normal file
View File

@ -0,0 +1,111 @@
# -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */
# SPDX-License-Identifier: LGPL-2.1+
#
# This file is part of systemd.
#
# Copyright 2015 Zbigniew Jędrzejewski-Szmek
# Copyright 2018 Neal Gompa
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# systemd is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with systemd; If not, see <http://www.gnu.org/licenses/>.
# The contents of this are an example to be copied into systemd.spec.
#
# Minimum rpm version supported: 4.13.0
%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system
# This script will run after any package is initially installed or
# upgraded. We care about the case where a package is initially
# installed, because other cases are covered by the *un scriptlets,
# so sometimes we will reload needlessly.
if test -d /run/systemd/system; then
%{_bindir}/systemctl daemon-reload
fi
%transfiletriggerun -- /usr/lib/systemd/system /etc/systemd/system
# On removal, we need to run daemon-reload after any units have been
# removed. %transfiletriggerpostun would be ideal, but it does not get
# executed for some reason.
# On upgrade, we need to run daemon-reload after any new unit files
# have been installed, but before %postun scripts in packages get
# executed. %transfiletriggerun gets the right list of files
# but it is invoked too early (before changes happen).
# %filetriggerpostun happens at the right time, but it fires for
# every package.
# To execute the reload at the right time, we create a state
# file in %transfiletriggerun and execute the daemon-reload in
# the first %filetriggerpostun.
if test -d "/run/systemd/system"; then
mkdir -p "%{_localstatedir}/lib/rpm-state/systemd"
touch "%{_localstatedir}/lib/rpm-state/systemd/needs-reload"
fi
%filetriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system
if test -f "%{_localstatedir}/lib/rpm-state/systemd/needs-reload"; then
rm -rf "%{_localstatedir}/lib/rpm-state/systemd"
%{_bindir}/systemctl daemon-reload
fi
%transfiletriggerin -P 100700 -- /usr/lib/sysusers.d
# This script will process files installed in /usr/lib/sysusers.d to create
# specified users automatically. The priority is set such that it
# will run before the tmpfiles file trigger.
if test -d /run/systemd/system; then
%{_bindir}/systemd-sysusers || :
fi
%transfiletriggerin -P 100500 -- /usr/lib/tmpfiles.d
# This script will process files installed in /usr/lib/tmpfiles.d to create
# tmpfiles automatically. The priority is set such that it will run
# after the sysusers file trigger, but before any other triggers.
if test -d /run/systemd/system; then
%{_bindir}/systemd-tmpfiles --create || :
fi
%transfiletriggerin udev -- /usr/lib/udev/hwdb.d
# This script will automatically invoke hwdb update if files have been
# installed or updated in /usr/lib/udev/hwdb.d.
if test -d /run/systemd/system; then
%{_bindir}/systemd-hwdb update || :
fi
%transfiletriggerin -- /usr/lib/systemd/catalog
# This script will automatically invoke journal catalog update if files
# have been installed or updated in /usr/lib/systemd/catalog.
if test -d /run/systemd/system; then
%{_bindir}/journalctl --update-catalog || :
fi
%transfiletriggerin udev -- /usr/lib/udev/rules.d
# This script will automatically update udev with new rules if files
# have been installed or updated in /usr/lib/udev/rules.d.
if test -e /run/udev/control; then
%{_bindir}/udevadm control --reload || :
fi
%transfiletriggerin -- /usr/lib/sysctl.d
# This script will automatically apply sysctl rules if files have been
# installed or updated in /usr/lib/sysctl.d.
if test -d /run/systemd/system; then
/usr/lib/systemd/systemd-sysctl || :
fi
%transfiletriggerin -- /usr/lib/binfmt.d
# This script will automatically apply binfmt rules if files have been
# installed or updated in /usr/lib/binfmt.d.
if test -d /run/systemd/system; then
# systemd-binfmt might fail if binfmt_misc kernel module is not loaded
# during install
/usr/lib/systemd/systemd-binfmt || :
fi

40
use-bfq-scheduler.patch Normal file
View File

@ -0,0 +1,40 @@
From 223ea50950f97ed4e67311dfcffed7ffc27a7cd3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 14 Aug 2019 15:57:42 +0200
Subject: [PATCH] udev: use bfq as the default scheduler
As requested in https://bugzilla.redhat.com/show_bug.cgi?id=1738828.
Test results are that bfq seems to behave better and more consistently on
typical hardware. The kernel does not have a configuration option to set
the default scheduler, and it currently needs to be set by userspace.
See the bug for more discussion and links.
---
rules.d/60-block-scheduler.rules | 5 +++++
rules.d/meson.build | 1 +
2 files changed, 6 insertions(+)
create mode 100644 rules.d/60-block-scheduler.rules
diff --git a/rules.d/60-block-scheduler.rules b/rules.d/60-block-scheduler.rules
new file mode 100644
index 0000000000..480b941761
--- /dev/null
+++ b/rules.d/60-block-scheduler.rules
@@ -0,0 +1,5 @@
+# do not edit this file, it will be overwritten on update
+
+ACTION=="add", SUBSYSTEM=="block", \
+ KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \
+ ATTR{queue/scheduler}="bfq"
diff --git a/rules.d/meson.build b/rules.d/meson.build
index ca4445d774..38d6aa6970 100644
--- a/rules.d/meson.build
+++ b/rules.d/meson.build
@@ -3,6 +3,7 @@
rules = files('''
60-autosuspend.rules
60-block.rules
+ 60-block-scheduler.rules
60-cdrom_id.rules
60-drm.rules
60-evdev.rules

2
yum-protect-systemd.conf Normal file
View File

@ -0,0 +1,2 @@
systemd
systemd-udev