diff --git a/0001-macro-Simply-case-macros-for-IN_SET.patch b/0001-macro-Simply-case-macros-for-IN_SET.patch new file mode 100644 index 0000000..7df76bd --- /dev/null +++ b/0001-macro-Simply-case-macros-for-IN_SET.patch @@ -0,0 +1,78 @@ +From 87bf366c97be1c811c4bfdf80b48d6c3e35da76a Mon Sep 17 00:00:00 2001 +From: Jan Janssen +Date: Tue, 25 Oct 2022 19:55:08 +0200 +Subject: [PATCH] macro: Simply case macros for IN_SET + +The CASE param would normally provide the operation for the compiler to +do in this macro magic. But in this case CASE_F_1 was hardcoding the +operation, making the parameter moot. +This just removes the somewhat pointless parameter instead of fixing +the one case. These macros are used for IN_SET case labels only and +not named generically anyways. + +(cherry picked from commit 790f4dda74d7ecdb4e57101a37cc9f2f9236bef6) + +Related #2138081 +--- + src/fundamental/macro-fundamental.h | 43 ++++++++++++++--------------- + 1 file changed, 21 insertions(+), 22 deletions(-) + +diff --git a/src/fundamental/macro-fundamental.h b/src/fundamental/macro-fundamental.h +index 2536c741c6..63f4c49e78 100644 +--- a/src/fundamental/macro-fundamental.h ++++ b/src/fundamental/macro-fundamental.h +@@ -251,33 +251,32 @@ + (UNIQ_T(X, xq) / UNIQ_T(Y, yq) + !!(UNIQ_T(X, xq) % UNIQ_T(Y, yq))); \ + }) + +-#define CASE_F(X) case X: +-#define CASE_F_1(CASE, X) CASE_F(X) +-#define CASE_F_2(CASE, X, ...) CASE(X) CASE_F_1(CASE, __VA_ARGS__) +-#define CASE_F_3(CASE, X, ...) CASE(X) CASE_F_2(CASE, __VA_ARGS__) +-#define CASE_F_4(CASE, X, ...) CASE(X) CASE_F_3(CASE, __VA_ARGS__) +-#define CASE_F_5(CASE, X, ...) CASE(X) CASE_F_4(CASE, __VA_ARGS__) +-#define CASE_F_6(CASE, X, ...) CASE(X) CASE_F_5(CASE, __VA_ARGS__) +-#define CASE_F_7(CASE, X, ...) CASE(X) CASE_F_6(CASE, __VA_ARGS__) +-#define CASE_F_8(CASE, X, ...) CASE(X) CASE_F_7(CASE, __VA_ARGS__) +-#define CASE_F_9(CASE, X, ...) CASE(X) CASE_F_8(CASE, __VA_ARGS__) +-#define CASE_F_10(CASE, X, ...) CASE(X) CASE_F_9(CASE, __VA_ARGS__) +-#define CASE_F_11(CASE, X, ...) CASE(X) CASE_F_10(CASE, __VA_ARGS__) +-#define CASE_F_12(CASE, X, ...) CASE(X) CASE_F_11(CASE, __VA_ARGS__) +-#define CASE_F_13(CASE, X, ...) CASE(X) CASE_F_12(CASE, __VA_ARGS__) +-#define CASE_F_14(CASE, X, ...) CASE(X) CASE_F_13(CASE, __VA_ARGS__) +-#define CASE_F_15(CASE, X, ...) CASE(X) CASE_F_14(CASE, __VA_ARGS__) +-#define CASE_F_16(CASE, X, ...) CASE(X) CASE_F_15(CASE, __VA_ARGS__) +-#define CASE_F_17(CASE, X, ...) CASE(X) CASE_F_16(CASE, __VA_ARGS__) +-#define CASE_F_18(CASE, X, ...) CASE(X) CASE_F_17(CASE, __VA_ARGS__) +-#define CASE_F_19(CASE, X, ...) CASE(X) CASE_F_18(CASE, __VA_ARGS__) +-#define CASE_F_20(CASE, X, ...) CASE(X) CASE_F_19(CASE, __VA_ARGS__) ++#define CASE_F_1(X) case X: ++#define CASE_F_2(X, ...) case X: CASE_F_1( __VA_ARGS__) ++#define CASE_F_3(X, ...) case X: CASE_F_2( __VA_ARGS__) ++#define CASE_F_4(X, ...) case X: CASE_F_3( __VA_ARGS__) ++#define CASE_F_5(X, ...) case X: CASE_F_4( __VA_ARGS__) ++#define CASE_F_6(X, ...) case X: CASE_F_5( __VA_ARGS__) ++#define CASE_F_7(X, ...) case X: CASE_F_6( __VA_ARGS__) ++#define CASE_F_8(X, ...) case X: CASE_F_7( __VA_ARGS__) ++#define CASE_F_9(X, ...) case X: CASE_F_8( __VA_ARGS__) ++#define CASE_F_10(X, ...) case X: CASE_F_9( __VA_ARGS__) ++#define CASE_F_11(X, ...) case X: CASE_F_10( __VA_ARGS__) ++#define CASE_F_12(X, ...) case X: CASE_F_11( __VA_ARGS__) ++#define CASE_F_13(X, ...) case X: CASE_F_12( __VA_ARGS__) ++#define CASE_F_14(X, ...) case X: CASE_F_13( __VA_ARGS__) ++#define CASE_F_15(X, ...) case X: CASE_F_14( __VA_ARGS__) ++#define CASE_F_16(X, ...) case X: CASE_F_15( __VA_ARGS__) ++#define CASE_F_17(X, ...) case X: CASE_F_16( __VA_ARGS__) ++#define CASE_F_18(X, ...) case X: CASE_F_17( __VA_ARGS__) ++#define CASE_F_19(X, ...) case X: CASE_F_18( __VA_ARGS__) ++#define CASE_F_20(X, ...) case X: CASE_F_19( __VA_ARGS__) + + #define GET_CASE_F(_1,_2,_3,_4,_5,_6,_7,_8,_9,_10,_11,_12,_13,_14,_15,_16,_17,_18,_19,_20,NAME,...) NAME + #define FOR_EACH_MAKE_CASE(...) \ + GET_CASE_F(__VA_ARGS__,CASE_F_20,CASE_F_19,CASE_F_18,CASE_F_17,CASE_F_16,CASE_F_15,CASE_F_14,CASE_F_13,CASE_F_12,CASE_F_11, \ + CASE_F_10,CASE_F_9,CASE_F_8,CASE_F_7,CASE_F_6,CASE_F_5,CASE_F_4,CASE_F_3,CASE_F_2,CASE_F_1) \ +- (CASE_F,__VA_ARGS__) ++ (__VA_ARGS__) + + #define IN_SET(x, ...) \ + ({ \ diff --git a/0001-macro-fix-indentation.patch b/0002-macro-fix-indentation.patch similarity index 99% rename from 0001-macro-fix-indentation.patch rename to 0002-macro-fix-indentation.patch index 49c18bc..e58e576 100644 --- a/0001-macro-fix-indentation.patch +++ b/0002-macro-fix-indentation.patch @@ -23,6 +23,3 @@ index 63f4c49e78..faab16ab31 100644 default: \ break; \ } \ --- -2.38.1 - diff --git a/0002-test-add-a-couple-of-sanity-tests-for-journalctl.patch b/0003-test-add-a-couple-of-sanity-tests-for-journalctl.patch similarity index 99% rename from 0002-test-add-a-couple-of-sanity-tests-for-journalctl.patch rename to 0003-test-add-a-couple-of-sanity-tests-for-journalctl.patch index 777b6c5..8fd729b 100644 --- a/0002-test-add-a-couple-of-sanity-tests-for-journalctl.patch +++ b/0003-test-add-a-couple-of-sanity-tests-for-journalctl.patch @@ -59,6 +59,3 @@ index b5468cbea4..fdc3273fea 100755 # Add new tests before here, the journald restarts below # may make tests flappy. --- -2.38.1 - diff --git a/0003-man-fix-typo-found-by-Lintian.patch b/0004-man-fix-typo-found-by-Lintian.patch similarity index 99% rename from 0003-man-fix-typo-found-by-Lintian.patch rename to 0004-man-fix-typo-found-by-Lintian.patch index 4c0761e..ee1fc6a 100644 --- a/0003-man-fix-typo-found-by-Lintian.patch +++ b/0004-man-fix-typo-found-by-Lintian.patch @@ -23,6 +23,3 @@ index 3ee42cdb73..7f173aec61 100644 Supported secure boot variables are one database for authorized images, one key exchange key (KEK) and one platform key (PK). For more information, refer to the UEFI specification, --- -2.38.1 - diff --git a/0004-test-add-x-to-assert.sh.patch b/0005-test-add-x-to-assert.sh.patch similarity index 98% rename from 0004-test-add-x-to-assert.sh.patch rename to 0005-test-add-x-to-assert.sh.patch index 29e8ae8..05da9d6 100644 --- a/0004-test-add-x-to-assert.sh.patch +++ b/0005-test-add-x-to-assert.sh.patch @@ -17,6 +17,3 @@ Related #2138081 diff --git a/test/units/assert.sh b/test/units/assert.sh old mode 100644 new mode 100755 --- -2.38.1 - diff --git a/0005-parse_hwdb-allow-negative-value-for-EVDEV_ABS_-prope.patch b/0006-parse_hwdb-allow-negative-value-for-EVDEV_ABS_-prope.patch similarity index 98% rename from 0005-parse_hwdb-allow-negative-value-for-EVDEV_ABS_-prope.patch rename to 0006-parse_hwdb-allow-negative-value-for-EVDEV_ABS_-prope.patch index c428964..475f90b 100644 --- a/0005-parse_hwdb-allow-negative-value-for-EVDEV_ABS_-prope.patch +++ b/0006-parse_hwdb-allow-negative-value-for-EVDEV_ABS_-prope.patch @@ -23,6 +23,3 @@ index c0dde75650..5a1ae5a6a0 100755 ] grammar = Or(fixed_props + kbd_props + abs_props) + EOL --- -2.38.1 - diff --git a/0006-resolved-fix-typo-in-feature-level-table.patch b/0007-resolved-fix-typo-in-feature-level-table.patch similarity index 98% rename from 0006-resolved-fix-typo-in-feature-level-table.patch rename to 0007-resolved-fix-typo-in-feature-level-table.patch index f25e4ee..ecb09f5 100644 --- a/0006-resolved-fix-typo-in-feature-level-table.patch +++ b/0007-resolved-fix-typo-in-feature-level-table.patch @@ -22,6 +22,3 @@ index 9b74a8d6d8..04a4f53ed0 100644 + [DNS_SERVER_FEATURE_LEVEL_TLS_DO] = "TLS+EDNS0+DO", }; DEFINE_STRING_TABLE_LOOKUP(dns_server_feature_level, DnsServerFeatureLevel); --- -2.38.1 - diff --git a/0007-coverage-Mark-_coverage__exit-as-noreturn.patch b/0008-coverage-Mark-_coverage__exit-as-noreturn.patch similarity index 98% rename from 0007-coverage-Mark-_coverage__exit-as-noreturn.patch rename to 0008-coverage-Mark-_coverage__exit-as-noreturn.patch index d4726a3..cc41699 100644 --- a/0007-coverage-Mark-_coverage__exit-as-noreturn.patch +++ b/0008-coverage-Mark-_coverage__exit-as-noreturn.patch @@ -26,6 +26,3 @@ index 3ef02cf70e..640bddc485 100644 __gcov_dump(); _exit(status); } --- -2.38.1 - diff --git a/0008-namespace-Add-hidepid-subset-support-check.patch b/0009-namespace-Add-hidepid-subset-support-check.patch similarity index 99% rename from 0008-namespace-Add-hidepid-subset-support-check.patch rename to 0009-namespace-Add-hidepid-subset-support-check.patch index 9d02760..34a609c 100644 --- a/0008-namespace-Add-hidepid-subset-support-check.patch +++ b/0009-namespace-Add-hidepid-subset-support-check.patch @@ -152,6 +152,3 @@ index c3cced7410..852be3bdde 100644 } entry_path = mount_entry_path(m); --- -2.38.1 - diff --git a/0009-test-add-a-couple-of-sanity-tests-for-loginctl.patch b/0010-test-add-a-couple-of-sanity-tests-for-loginctl.patch similarity index 99% rename from 0009-test-add-a-couple-of-sanity-tests-for-loginctl.patch rename to 0010-test-add-a-couple-of-sanity-tests-for-loginctl.patch index 3d5fddf..16aa83d 100644 --- a/0009-test-add-a-couple-of-sanity-tests-for-loginctl.patch +++ b/0010-test-add-a-couple-of-sanity-tests-for-loginctl.patch @@ -73,6 +73,3 @@ index 4ef0f0c11c..85925f2471 100755 test_session test_lock_idle_action test_session_properties --- -2.38.1 - diff --git a/0010-test-rename-TEST-26-SETENV-to-TEST-26-SYSTEMCTL.patch b/0011-test-rename-TEST-26-SETENV-to-TEST-26-SYSTEMCTL.patch similarity index 99% rename from 0010-test-rename-TEST-26-SETENV-to-TEST-26-SYSTEMCTL.patch rename to 0011-test-rename-TEST-26-SETENV-to-TEST-26-SYSTEMCTL.patch index c67a807..db89638 100644 --- a/0010-test-rename-TEST-26-SETENV-to-TEST-26-SYSTEMCTL.patch +++ b/0011-test-rename-TEST-26-SETENV-to-TEST-26-SYSTEMCTL.patch @@ -46,6 +46,3 @@ index aa553b61a6..d8fdaffb06 100644 [Service] ExecStartPre=rm -f /failed /testok --- -2.38.1 - diff --git a/0011-test-add-a-couple-of-sanity-tests-for-systemctl.patch b/0012-test-add-a-couple-of-sanity-tests-for-systemctl.patch similarity index 99% rename from 0011-test-add-a-couple-of-sanity-tests-for-systemctl.patch rename to 0012-test-add-a-couple-of-sanity-tests-for-systemctl.patch index 4abf580..3d03956 100644 --- a/0011-test-add-a-couple-of-sanity-tests-for-systemctl.patch +++ b/0012-test-add-a-couple-of-sanity-tests-for-systemctl.patch @@ -249,6 +249,3 @@ index ad08415317..b83f85917b 100755 echo OK >/testok --- -2.38.1 - diff --git a/0012-docs-DPS-and-BLS-have-moved-to-uapi-group.org.patch b/0013-docs-DPS-and-BLS-have-moved-to-uapi-group.org.patch similarity index 99% rename from 0012-docs-DPS-and-BLS-have-moved-to-uapi-group.org.patch rename to 0013-docs-DPS-and-BLS-have-moved-to-uapi-group.org.patch index a00bb00..3572a6c 100644 --- a/0012-docs-DPS-and-BLS-have-moved-to-uapi-group.org.patch +++ b/0013-docs-DPS-and-BLS-have-moved-to-uapi-group.org.patch @@ -1190,6 +1190,3 @@ index efd20533a5..bc05b6cc5a 100644 -[`bootctl(1)`](https://www.freedesktop.org/software/systemd/man/bootctl.html)
-[`systemd-gpt-auto-generator(8)`](https://www.freedesktop.org/software/systemd/man/systemd-gpt-auto-generator.html) +[This content has moved to the UAPI group website](https://uapi-group.org/specifications/specs/discoverable_partitions_specification/) --- -2.38.1 - diff --git a/0013-core-fix-memleak-in-GetUnitFileLinks-method.patch b/0014-core-fix-memleak-in-GetUnitFileLinks-method.patch similarity index 99% rename from 0013-core-fix-memleak-in-GetUnitFileLinks-method.patch rename to 0014-core-fix-memleak-in-GetUnitFileLinks-method.patch index c2857ca..2e2aed4 100644 --- a/0013-core-fix-memleak-in-GetUnitFileLinks-method.patch +++ b/0014-core-fix-memleak-in-GetUnitFileLinks-method.patch @@ -47,6 +47,3 @@ index 919aa58cde..88f098ec86 100644 } static int method_get_job_waiting(sd_bus_message *message, void *userdata, sd_bus_error *error) { --- -2.38.1 - diff --git a/0014-man-use-the-correct-Markers-property-name-for-markin.patch b/0015-man-use-the-correct-Markers-property-name-for-markin.patch similarity index 99% rename from 0014-man-use-the-correct-Markers-property-name-for-markin.patch rename to 0015-man-use-the-correct-Markers-property-name-for-markin.patch index e939e7a..36a2571 100644 --- a/0014-man-use-the-correct-Markers-property-name-for-markin.patch +++ b/0015-man-use-the-correct-Markers-property-name-for-markin.patch @@ -40,6 +40,3 @@ index 4d4f6c3992..997925892d 100644 Unless is used, systemctl will wait for the queued jobs to finish. --- -2.38.1 - diff --git a/0015-test-further-extend-systemctl-s-sanity-coverage.patch b/0016-test-further-extend-systemctl-s-sanity-coverage.patch similarity index 99% rename from 0015-test-further-extend-systemctl-s-sanity-coverage.patch rename to 0016-test-further-extend-systemctl-s-sanity-coverage.patch index e131c22..e50d9b5 100644 --- a/0015-test-further-extend-systemctl-s-sanity-coverage.patch +++ b/0016-test-further-extend-systemctl-s-sanity-coverage.patch @@ -113,6 +113,3 @@ index b83f85917b..7c7a12b1ae 100755 # show/set-environment # Make sure PATH is set --- -2.38.1 - diff --git a/0016-test-add-a-sanity-coverage-for-systemd-analyze-verbs.patch b/0017-test-add-a-sanity-coverage-for-systemd-analyze-verbs.patch similarity index 99% rename from 0016-test-add-a-sanity-coverage-for-systemd-analyze-verbs.patch rename to 0017-test-add-a-sanity-coverage-for-systemd-analyze-verbs.patch index cb48303..e194f13 100644 --- a/0016-test-add-a-sanity-coverage-for-systemd-analyze-verbs.patch +++ b/0017-test-add-a-sanity-coverage-for-systemd-analyze-verbs.patch @@ -129,6 +129,3 @@ index 64ce629f3b..ece6b8734e 100755 mkdir -p /tmp/img/usr/lib/systemd/system/ mkdir -p /tmp/img/opt/ --- -2.38.1 - diff --git a/0017-udev-first-set-properties-based-on-usb-subsystem.patch b/0018-udev-first-set-properties-based-on-usb-subsystem.patch similarity index 99% rename from 0017-udev-first-set-properties-based-on-usb-subsystem.patch rename to 0018-udev-first-set-properties-based-on-usb-subsystem.patch index de2f7d2..8f9c37e 100644 --- a/0017-udev-first-set-properties-based-on-usb-subsystem.patch +++ b/0018-udev-first-set-properties-based-on-usb-subsystem.patch @@ -35,6 +35,3 @@ index f303e27fd5..c133f26109 100644 # /dev/serial/by-path/, /dev/serial/by-id/ for USB devices KERNEL!="ttyUSB[0-9]*|ttyACM[0-9]*", GOTO="serial_end" --- -2.38.1 - diff --git a/0018-udev-drop-redundant-call-of-usb_id-and-assignment-of.patch b/0019-udev-drop-redundant-call-of-usb_id-and-assignment-of.patch similarity index 99% rename from 0018-udev-drop-redundant-call-of-usb_id-and-assignment-of.patch rename to 0019-udev-drop-redundant-call-of-usb_id-and-assignment-of.patch index 91ce747..8cc2c38 100644 --- a/0018-udev-drop-redundant-call-of-usb_id-and-assignment-of.patch +++ b/0019-udev-drop-redundant-call-of-usb_id-and-assignment-of.patch @@ -28,6 +28,3 @@ index c133f26109..2c1488e930 100644 ENV{ID_USB_INTERFACE_NUM}=="", GOTO="serial_end" ENV{.ID_PORT}=="", SYMLINK+="serial/by-id/$env{ID_BUS}-$env{ID_SERIAL}-if$env{ID_USB_INTERFACE_NUM}" ENV{.ID_PORT}=="?*", SYMLINK+="serial/by-id/$env{ID_BUS}-$env{ID_SERIAL}-if$env{ID_USB_INTERFACE_NUM}-port$env{.ID_PORT}" --- -2.38.1 - diff --git a/0019-udev-add-safe-guard-for-setting-by-id-symlink.patch b/0020-udev-add-safe-guard-for-setting-by-id-symlink.patch similarity index 98% rename from 0019-udev-add-safe-guard-for-setting-by-id-symlink.patch rename to 0020-udev-add-safe-guard-for-setting-by-id-symlink.patch index 01aece5..975ad03 100644 --- a/0019-udev-add-safe-guard-for-setting-by-id-symlink.patch +++ b/0020-udev-add-safe-guard-for-setting-by-id-symlink.patch @@ -24,6 +24,3 @@ index 2c1488e930..a0e66323a9 100644 ENV{ID_SERIAL}=="", GOTO="serial_end" ENV{ID_USB_INTERFACE_NUM}=="", GOTO="serial_end" ENV{.ID_PORT}=="", SYMLINK+="serial/by-id/$env{ID_BUS}-$env{ID_SERIAL}-if$env{ID_USB_INTERFACE_NUM}" --- -2.38.1 - diff --git a/0020-test-cover-legacy-deprecated-systemd-analyze-verbs.patch b/0021-test-cover-legacy-deprecated-systemd-analyze-verbs.patch similarity index 99% rename from 0020-test-cover-legacy-deprecated-systemd-analyze-verbs.patch rename to 0021-test-cover-legacy-deprecated-systemd-analyze-verbs.patch index d5ca319..af66167 100644 --- a/0020-test-cover-legacy-deprecated-systemd-analyze-verbs.patch +++ b/0021-test-cover-legacy-deprecated-systemd-analyze-verbs.patch @@ -43,6 +43,3 @@ index ece6b8734e..89406a108e 100755 # dot systemd-analyze dot >/dev/null systemd-analyze dot systemd-journald.service >/dev/null --- -2.38.1 - diff --git a/0021-test-cover-a-couple-of-previously-missed-analyze-cod.patch b/0022-test-cover-a-couple-of-previously-missed-analyze-cod.patch similarity index 99% rename from 0021-test-cover-a-couple-of-previously-missed-analyze-cod.patch rename to 0022-test-cover-a-couple-of-previously-missed-analyze-cod.patch index 17b155c..f5a3f00 100644 --- a/0021-test-cover-a-couple-of-previously-missed-analyze-cod.patch +++ b/0022-test-cover-a-couple-of-previously-missed-analyze-cod.patch @@ -54,6 +54,3 @@ index 89406a108e..1f34308b44 100755 (! systemd-analyze timespan "") # cat-config systemd-analyze cat-config systemd/system.conf >/dev/null --- -2.38.1 - diff --git a/0022-test-introduce-sanity-coverage-for-auxiliary-utils.patch b/0023-test-introduce-sanity-coverage-for-auxiliary-utils.patch similarity index 99% rename from 0022-test-introduce-sanity-coverage-for-auxiliary-utils.patch rename to 0023-test-introduce-sanity-coverage-for-auxiliary-utils.patch index 3d90f1d..a5816ba 100644 --- a/0022-test-introduce-sanity-coverage-for-auxiliary-utils.patch +++ b/0023-test-introduce-sanity-coverage-for-auxiliary-utils.patch @@ -369,6 +369,3 @@ index 0000000000..13c767e490 + +touch /testok +rm /failed --- -2.38.1 - diff --git a/0023-firstboot-fix-segfault-when-locale-messages-is-passe.patch b/0024-firstboot-fix-segfault-when-locale-messages-is-passe.patch similarity index 99% rename from 0023-firstboot-fix-segfault-when-locale-messages-is-passe.patch rename to 0024-firstboot-fix-segfault-when-locale-messages-is-passe.patch index e1d37c1..3e841db 100644 --- a/0023-firstboot-fix-segfault-when-locale-messages-is-passe.patch +++ b/0024-firstboot-fix-segfault-when-locale-messages-is-passe.patch @@ -54,6 +54,3 @@ index 065ee896cd..63db78b52d 100644 locales[i++] = strjoina("LC_MESSAGES=", arg_locale_messages); if (i == 0) --- -2.38.1 - diff --git a/0024-tests-make-test-execute-pass-on-openSUSE.patch b/0025-tests-make-test-execute-pass-on-openSUSE.patch similarity index 99% rename from 0024-tests-make-test-execute-pass-on-openSUSE.patch rename to 0025-tests-make-test-execute-pass-on-openSUSE.patch index 2dbf06d..1d42aaa 100644 --- a/0024-tests-make-test-execute-pass-on-openSUSE.patch +++ b/0025-tests-make-test-execute-pass-on-openSUSE.patch @@ -74,6 +74,3 @@ index f35ff84765..3efbbfb0f9 100644 User=1 -SupplementaryGroups=1 2 3 +SupplementaryGroups=1 2 --- -2.38.1 - diff --git a/0025-tests-minor-simplification-in-test-execute.patch b/0026-tests-minor-simplification-in-test-execute.patch similarity index 99% rename from 0025-tests-minor-simplification-in-test-execute.patch rename to 0026-tests-minor-simplification-in-test-execute.patch index 0d843f3..9c97139 100644 --- a/0025-tests-minor-simplification-in-test-execute.patch +++ b/0026-tests-minor-simplification-in-test-execute.patch @@ -148,6 +148,3 @@ index 75601eab57..03406c3ee8 100644 +ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1' Type=oneshot SupplementaryGroups=1 --- -2.38.1 - diff --git a/0026-tmpfiles.d-do-not-fail-if-provision.conf-fails.patch b/0027-tmpfiles.d-do-not-fail-if-provision.conf-fails.patch similarity index 98% rename from 0026-tmpfiles.d-do-not-fail-if-provision.conf-fails.patch rename to 0027-tmpfiles.d-do-not-fail-if-provision.conf-fails.patch index fe82b3a..11c83c2 100644 --- a/0026-tmpfiles.d-do-not-fail-if-provision.conf-fails.patch +++ b/0027-tmpfiles.d-do-not-fail-if-provision.conf-fails.patch @@ -27,6 +27,3 @@ index 3c56f42d58..093104aaaf 100644 +d- /root :0700 root :root - +d- /root/.ssh :0700 root :root - f^ /root/.ssh/authorized_keys :0600 root :root - ssh.authorized_keys.root --- -2.38.1 - diff --git a/0027-kernel-install-90-loaderentry-do-not-add-multiple-sy.patch b/0028-kernel-install-90-loaderentry-do-not-add-multiple-sy.patch similarity index 99% rename from 0027-kernel-install-90-loaderentry-do-not-add-multiple-sy.patch rename to 0028-kernel-install-90-loaderentry-do-not-add-multiple-sy.patch index 0e03529..3b9a8a6 100644 --- a/0027-kernel-install-90-loaderentry-do-not-add-multiple-sy.patch +++ b/0028-kernel-install-90-loaderentry-do-not-add-multiple-sy.patch @@ -29,6 +29,3 @@ index 743af33aa9..ea75e1b0d8 100755 BOOT_OPTIONS="$BOOT_OPTIONS systemd.machine_id=$MACHINE_ID" fi --- -2.38.1 - diff --git a/0028-condition-Check-that-subsystem-is-enabled-in-Conditi.patch b/0029-condition-Check-that-subsystem-is-enabled-in-Conditi.patch similarity index 99% rename from 0028-condition-Check-that-subsystem-is-enabled-in-Conditi.patch rename to 0029-condition-Check-that-subsystem-is-enabled-in-Conditi.patch index 342e1b0..44e715c 100644 --- a/0028-condition-Check-that-subsystem-is-enabled-in-Conditi.patch +++ b/0029-condition-Check-that-subsystem-is-enabled-in-Conditi.patch @@ -118,6 +118,3 @@ index 048c28d6ca..c240335ae6 100644 } Tpm2Support; Tpm2Support tpm2_support(void); --- -2.38.1 - diff --git a/0029-semaphore-remove-the-Semaphore-repositories-recursiv.patch b/0030-semaphore-remove-the-Semaphore-repositories-recursiv.patch similarity index 99% rename from 0029-semaphore-remove-the-Semaphore-repositories-recursiv.patch rename to 0030-semaphore-remove-the-Semaphore-repositories-recursiv.patch index 1629b9f..dc3513d 100644 --- a/0029-semaphore-remove-the-Semaphore-repositories-recursiv.patch +++ b/0030-semaphore-remove-the-Semaphore-repositories-recursiv.patch @@ -50,6 +50,3 @@ index 98fd7b4411..b0d32bd136 100755 # enable backports for latest LXC echo "deb http://archive.ubuntu.com/ubuntu $UBUNTU_RELEASE-backports main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list.d/backports.list --- -2.38.1 - diff --git a/0030-kernel-install-90-loaderentry-do-not-override-an-exi.patch b/0031-kernel-install-90-loaderentry-do-not-override-an-exi.patch similarity index 99% rename from 0030-kernel-install-90-loaderentry-do-not-override-an-exi.patch rename to 0031-kernel-install-90-loaderentry-do-not-override-an-exi.patch index c16b9cc..7715845 100644 --- a/0030-kernel-install-90-loaderentry-do-not-override-an-exi.patch +++ b/0031-kernel-install-90-loaderentry-do-not-override-an-exi.patch @@ -27,6 +27,3 @@ index ea75e1b0d8..41a05534b9 100755 BOOT_OPTIONS="$BOOT_OPTIONS systemd.machine_id=$MACHINE_ID" fi --- -2.38.1 - diff --git a/0031-kernel-install-skip-50-depmod-if-depmod-is-not-avail.patch b/0032-kernel-install-skip-50-depmod-if-depmod-is-not-avail.patch similarity index 98% rename from 0031-kernel-install-skip-50-depmod-if-depmod-is-not-avail.patch rename to 0032-kernel-install-skip-50-depmod-if-depmod-is-not-avail.patch index 52179b8..6847cc2 100644 --- a/0031-kernel-install-skip-50-depmod-if-depmod-is-not-avail.patch +++ b/0032-kernel-install-skip-50-depmod-if-depmod-is-not-avail.patch @@ -26,6 +26,3 @@ index d4b991cfd6..43bd87c7ed 100755 [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "+depmod -a $KERNEL_VERSION" exec depmod -a "$KERNEL_VERSION" ;; --- -2.38.1 - diff --git a/0032-man-add-note-that-network-generator-is-not-a-generat.patch b/0033-man-add-note-that-network-generator-is-not-a-generat.patch similarity index 99% rename from 0032-man-add-note-that-network-generator-is-not-a-generat.patch rename to 0033-man-add-note-that-network-generator-is-not-a-generat.patch index c960b89..e0a1d28 100644 --- a/0032-man-add-note-that-network-generator-is-not-a-generat.patch +++ b/0033-man-add-note-that-network-generator-is-not-a-generat.patch @@ -36,6 +36,3 @@ index 6b7e2564d4..2ddeadfc54 100644 --- -2.38.1 - diff --git a/0033-test-fstab-generator-adjust-PATH-for-fsck.patch b/0034-test-fstab-generator-adjust-PATH-for-fsck.patch similarity index 99% rename from 0033-test-fstab-generator-adjust-PATH-for-fsck.patch rename to 0034-test-fstab-generator-adjust-PATH-for-fsck.patch index 7d9fa24..1cd1c0c 100644 --- a/0033-test-fstab-generator-adjust-PATH-for-fsck.patch +++ b/0034-test-fstab-generator-adjust-PATH-for-fsck.patch @@ -62,6 +62,3 @@ index 0c977645e3..7c060dfac7 100755 for f in "$src"/test-*.input; do echo "*** Running $f" --- -2.38.1 - diff --git a/0034-loop-util-open-lock-fd-read-only.patch b/0035-loop-util-open-lock-fd-read-only.patch similarity index 98% rename from 0034-loop-util-open-lock-fd-read-only.patch rename to 0035-loop-util-open-lock-fd-read-only.patch index 99f9839..3fc3fe3 100644 --- a/0034-loop-util-open-lock-fd-read-only.patch +++ b/0035-loop-util-open-lock-fd-read-only.patch @@ -28,6 +28,3 @@ index 731ce29112..fb7e80b1b5 100644 if (lock_fd < 0) return lock_fd; --- -2.38.1 - diff --git a/0035-test-don-t-ignore-non-existent-paths-in-inst_recursi.patch b/0036-test-don-t-ignore-non-existent-paths-in-inst_recursi.patch similarity index 98% rename from 0035-test-don-t-ignore-non-existent-paths-in-inst_recursi.patch rename to 0036-test-don-t-ignore-non-existent-paths-in-inst_recursi.patch index 3dd9971..eeeb288 100644 --- a/0035-test-don-t-ignore-non-existent-paths-in-inst_recursi.patch +++ b/0036-test-don-t-ignore-non-existent-paths-in-inst_recursi.patch @@ -28,6 +28,3 @@ index 16d9da637b..80ce383e64 100644 while read -r item; do if [[ -d "$item" ]]; then inst_dir "$item" --- -2.38.1 - diff --git a/0036-test-fix-locale-installation-when-locale-gen-is-used.patch b/0037-test-fix-locale-installation-when-locale-gen-is-used.patch similarity index 99% rename from 0036-test-fix-locale-installation-when-locale-gen-is-used.patch rename to 0037-test-fix-locale-installation-when-locale-gen-is-used.patch index b759530..be0488e 100644 --- a/0036-test-fix-locale-installation-when-locale-gen-is-used.patch +++ b/0037-test-fix-locale-installation-when-locale-gen-is-used.patch @@ -44,6 +44,3 @@ index 80ce383e64..45ca472916 100644 } # shellcheck disable=SC2120 --- -2.38.1 - diff --git a/0037-test-fix-keymaps-installation-on-Arch.patch b/0038-test-fix-keymaps-installation-on-Arch.patch similarity index 99% rename from 0037-test-fix-keymaps-installation-on-Arch.patch rename to 0038-test-fix-keymaps-installation-on-Arch.patch index 810537a..4832575 100644 --- a/0037-test-fix-keymaps-installation-on-Arch.patch +++ b/0038-test-fix-keymaps-installation-on-Arch.patch @@ -69,6 +69,3 @@ index 45ca472916..194cd682bb 100644 [[ -f "$i" ]] || continue inst "$i" done --- -2.38.1 - diff --git a/0038-test-compile-test-utmp.c-only-if-UTMP-is-enabled.patch b/0039-test-compile-test-utmp.c-only-if-UTMP-is-enabled.patch similarity index 99% rename from 0038-test-compile-test-utmp.c-only-if-UTMP-is-enabled.patch rename to 0039-test-compile-test-utmp.c-only-if-UTMP-is-enabled.patch index 3b049f9..db6f229 100644 --- a/0038-test-compile-test-utmp.c-only-if-UTMP-is-enabled.patch +++ b/0039-test-compile-test-utmp.c-only-if-UTMP-is-enabled.patch @@ -41,6 +41,3 @@ index 86fc1d4fc0..2a4dfe26db 100644 [files('test-udev.c'), [libudevd_core, --- -2.38.1 - diff --git a/0039-Create-CNAME.patch b/0040-Create-CNAME.patch similarity index 97% rename from 0039-Create-CNAME.patch rename to 0040-Create-CNAME.patch index b7398ba..aa2780d 100644 --- a/0039-Create-CNAME.patch +++ b/0040-Create-CNAME.patch @@ -17,6 +17,3 @@ index 0000000000..cdcf4d9a52 @@ -0,0 +1 @@ +systemd.io \ No newline at end of file --- -2.38.1 - diff --git a/0040-tpm2-util-force-default-TCTI-to-be-device-with-param.patch b/0041-tpm2-util-force-default-TCTI-to-be-device-with-param.patch similarity index 99% rename from 0040-tpm2-util-force-default-TCTI-to-be-device-with-param.patch rename to 0041-tpm2-util-force-default-TCTI-to-be-device-with-param.patch index 9ffaa63..1de7853 100644 --- a/0040-tpm2-util-force-default-TCTI-to-be-device-with-param.patch +++ b/0041-tpm2-util-force-default-TCTI-to-be-device-with-param.patch @@ -44,6 +44,3 @@ index 65e8d48347..9d73316146 100644 if (device) { const char *param, *driver, *fn; --- -2.38.1 - diff --git a/0041-tpm2-add-some-extra-validation-of-device-string-befo.patch b/0042-tpm2-add-some-extra-validation-of-device-string-befo.patch similarity index 99% rename from 0041-tpm2-add-some-extra-validation-of-device-string-befo.patch rename to 0042-tpm2-add-some-extra-validation-of-device-string-befo.patch index 3fe657f..41c05aa 100644 --- a/0041-tpm2-add-some-extra-validation-of-device-string-befo.patch +++ b/0042-tpm2-add-some-extra-validation-of-device-string-befo.patch @@ -50,6 +50,3 @@ index 9d73316146..4d0df944a9 100644 dl = dlopen(fn, RTLD_NOW); if (!dl) return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "Failed to load %s: %s", fn, dlerror()); --- -2.38.1 - diff --git a/0042-boot-Fix-error-message.patch b/0043-boot-Fix-error-message.patch similarity index 98% rename from 0042-boot-Fix-error-message.patch rename to 0043-boot-Fix-error-message.patch index 75d4a6c..e5eb228 100644 --- a/0042-boot-Fix-error-message.patch +++ b/0043-boot-Fix-error-message.patch @@ -23,6 +23,3 @@ index 4150b16ecf..84f4cc11a3 100644 export_variables(loaded_image, loaded_image_path, init_usec); --- -2.38.1 - diff --git a/0043-boot-Fix-memory-leak.patch b/0044-boot-Fix-memory-leak.patch similarity index 98% rename from 0043-boot-Fix-memory-leak.patch rename to 0044-boot-Fix-memory-leak.patch index 7d38b62..5e62484 100644 --- a/0043-boot-Fix-memory-leak.patch +++ b/0044-boot-Fix-memory-leak.patch @@ -23,6 +23,3 @@ index 84f4cc11a3..17d4ec2d09 100644 EFI_STATUS err; uint64_t init_usec; bool menu = false; --- -2.38.1 - diff --git a/0044-boot-Do-not-require-a-loaded-image-path.patch b/0045-boot-Do-not-require-a-loaded-image-path.patch similarity index 99% rename from 0044-boot-Do-not-require-a-loaded-image-path.patch rename to 0045-boot-Do-not-require-a-loaded-image-path.patch index 4f363c5..b878368 100644 --- a/0044-boot-Do-not-require-a-loaded-image-path.patch +++ b/0045-boot-Do-not-require-a-loaded-image-path.patch @@ -86,6 +86,3 @@ index 17d4ec2d09..b490a1d972 100644 export_variables(loaded_image, loaded_image_path, init_usec); --- -2.38.1 - diff --git a/0045-boot-Manually-convert-filepaths-if-needed.patch b/0046-boot-Manually-convert-filepaths-if-needed.patch similarity index 99% rename from 0045-boot-Manually-convert-filepaths-if-needed.patch rename to 0046-boot-Manually-convert-filepaths-if-needed.patch index e8e0294..55596aa 100644 --- a/0045-boot-Manually-convert-filepaths-if-needed.patch +++ b/0046-boot-Manually-convert-filepaths-if-needed.patch @@ -73,6 +73,3 @@ index 5547d288de..57436dbf0c 100644 return EFI_SUCCESS; } --- -2.38.1 - diff --git a/0046-boot-Rework-security-arch-override.patch b/0047-boot-Rework-security-arch-override.patch similarity index 99% rename from 0046-boot-Rework-security-arch-override.patch rename to 0047-boot-Rework-security-arch-override.patch index 92fe1cd..5a77743 100644 --- a/0046-boot-Rework-security-arch-override.patch +++ b/0047-boot-Rework-security-arch-override.patch @@ -431,6 +431,3 @@ index 3ae058cb84..ac224336bc 100644 return ret; } --- -2.38.1 - diff --git a/0047-boot-Replace-firmware-security-hooks-directly.patch b/0048-boot-Replace-firmware-security-hooks-directly.patch similarity index 99% rename from 0047-boot-Replace-firmware-security-hooks-directly.patch rename to 0048-boot-Replace-firmware-security-hooks-directly.patch index f1140c4..ee3bd53 100644 --- a/0047-boot-Replace-firmware-security-hooks-directly.patch +++ b/0048-boot-Replace-firmware-security-hooks-directly.patch @@ -183,6 +183,3 @@ index 0e615c55e0..65457bf423 100644 + if (security_override.original_hook2) + security_override.security2->FileAuthentication = security_override.original_hook2; } --- -2.38.1 - diff --git a/0048-networkd-ipv4acd.c-Use-net-if.h-for-getting-IFF_LOOP.patch b/0049-networkd-ipv4acd.c-Use-net-if.h-for-getting-IFF_LOOP.patch similarity index 98% rename from 0048-networkd-ipv4acd.c-Use-net-if.h-for-getting-IFF_LOOP.patch rename to 0049-networkd-ipv4acd.c-Use-net-if.h-for-getting-IFF_LOOP.patch index 7fd3fb5..789b812 100644 --- a/0048-networkd-ipv4acd.c-Use-net-if.h-for-getting-IFF_LOOP.patch +++ b/0049-networkd-ipv4acd.c-Use-net-if.h-for-getting-IFF_LOOP.patch @@ -29,6 +29,3 @@ index 4127657ebd..877dee00ec 100644 #include "sd-dhcp-client.h" #include "sd-ipv4acd.h" --- -2.38.1 - diff --git a/0049-Revert-initrd-extend-SYSTEMD_IN_INITRD-to-accept-non.patch b/0050-Revert-initrd-extend-SYSTEMD_IN_INITRD-to-accept-non.patch similarity index 99% rename from 0049-Revert-initrd-extend-SYSTEMD_IN_INITRD-to-accept-non.patch rename to 0050-Revert-initrd-extend-SYSTEMD_IN_INITRD-to-accept-non.patch index 9c2988c..c730373 100644 --- a/0049-Revert-initrd-extend-SYSTEMD_IN_INITRD-to-accept-non.patch +++ b/0050-Revert-initrd-extend-SYSTEMD_IN_INITRD-to-accept-non.patch @@ -109,6 +109,3 @@ index d7ef382737..981f917fab 100644 return saved_in_initrd; } --- -2.38.1 - diff --git a/0050-pid1-skip-cleanup-if-root-is-not-tmpfs-ramfs.patch b/0051-pid1-skip-cleanup-if-root-is-not-tmpfs-ramfs.patch similarity index 99% rename from 0050-pid1-skip-cleanup-if-root-is-not-tmpfs-ramfs.patch rename to 0051-pid1-skip-cleanup-if-root-is-not-tmpfs-ramfs.patch index 0e38099..83e511c 100644 --- a/0050-pid1-skip-cleanup-if-root-is-not-tmpfs-ramfs.patch +++ b/0051-pid1-skip-cleanup-if-root-is-not-tmpfs-ramfs.patch @@ -122,6 +122,3 @@ index 1a444841fa..4cad3551a6 100644 } return 0; --- -2.38.1 - diff --git a/0051-ac-power-check-battery-existence-and-status.patch b/0052-ac-power-check-battery-existence-and-status.patch similarity index 99% rename from 0051-ac-power-check-battery-existence-and-status.patch rename to 0052-ac-power-check-battery-existence-and-status.patch index ad0ee2f..0c186a2 100644 --- a/0051-ac-power-check-battery-existence-and-status.patch +++ b/0052-ac-power-check-battery-existence-and-status.patch @@ -104,6 +104,3 @@ index aac02cd61b..7d95353452 100644 return true; } } --- -2.38.1 - diff --git a/0052-systemctl-do-not-show-unit-properties-with-all.patch b/0053-systemctl-do-not-show-unit-properties-with-all.patch similarity index 99% rename from 0052-systemctl-do-not-show-unit-properties-with-all.patch rename to 0053-systemctl-do-not-show-unit-properties-with-all.patch index 85241c6..eee52a5 100644 --- a/0052-systemctl-do-not-show-unit-properties-with-all.patch +++ b/0053-systemctl-do-not-show-unit-properties-with-all.patch @@ -32,6 +32,3 @@ index 8d3db98c0a..24c7d564b8 100644 if (r < 0) return r; --- -2.38.1 - diff --git a/0053-Fix-reading-etc-machine-id-in-kernel-install-25388.patch b/0054-Fix-reading-etc-machine-id-in-kernel-install-25388.patch similarity index 99% rename from 0053-Fix-reading-etc-machine-id-in-kernel-install-25388.patch rename to 0054-Fix-reading-etc-machine-id-in-kernel-install-25388.patch index ec1b81d..be70de1 100644 --- a/0053-Fix-reading-etc-machine-id-in-kernel-install-25388.patch +++ b/0054-Fix-reading-etc-machine-id-in-kernel-install-25388.patch @@ -44,6 +44,3 @@ index 22eb4d2be1..bba22f8a20 100755 read -r MACHINE_ID current_location.seqnum_set && sd_id128_equal(j->current_location.seqnum_id, f->header->seqnum_id)) return journal_file_move_to_entry_by_seqnum(f, j->current_location.seqnum, direction, ret, offset); if (j->current_location.monotonic_set) { --- -2.38.1 - diff --git a/0055-boot-Correctly-handle-saved-default-patterns.patch b/0056-boot-Correctly-handle-saved-default-patterns.patch similarity index 98% rename from 0055-boot-Correctly-handle-saved-default-patterns.patch rename to 0056-boot-Correctly-handle-saved-default-patterns.patch index 471f46f..1820864 100644 --- a/0055-boot-Correctly-handle-saved-default-patterns.patch +++ b/0056-boot-Correctly-handle-saved-default-patterns.patch @@ -27,6 +27,3 @@ index 6a34b10c04..d3cfb41a12 100644 for (size_t i = 0; i < config->n_entries; i++) if (fnmatch(id, config->entries[i].id, FNM_CASEFOLD) == 0) return i; --- -2.38.1 - diff --git a/0056-shared-tpm2-util-Fix-Error-Esys-invalid-ESAPI-handle.patch b/0057-shared-tpm2-util-Fix-Error-Esys-invalid-ESAPI-handle.patch similarity index 99% rename from 0056-shared-tpm2-util-Fix-Error-Esys-invalid-ESAPI-handle.patch rename to 0057-shared-tpm2-util-Fix-Error-Esys-invalid-ESAPI-handle.patch index 2758d54..220358d 100644 --- a/0056-shared-tpm2-util-Fix-Error-Esys-invalid-ESAPI-handle.patch +++ b/0057-shared-tpm2-util-Fix-Error-Esys-invalid-ESAPI-handle.patch @@ -80,6 +80,3 @@ index 4d0df944a9..8171b3e9e9 100644 &pubkey_handle); if (rc != TSS2_RC_SUCCESS) { r = log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), --- -2.38.1 - diff --git a/0057-Handle-MACHINE_ID-uninitialized.patch b/0058-Handle-MACHINE_ID-uninitialized.patch similarity index 99% rename from 0057-Handle-MACHINE_ID-uninitialized.patch rename to 0058-Handle-MACHINE_ID-uninitialized.patch index 7d0fc7e..4112cd2 100644 --- a/0057-Handle-MACHINE_ID-uninitialized.patch +++ b/0058-Handle-MACHINE_ID-uninitialized.patch @@ -29,6 +29,3 @@ index bba22f8a20..fa2c0d5276 100755 [ -n "$MACHINE_ID" ] && \ log_verbose "machine-id $MACHINE_ID acquired from /etc/machine-id" fi --- -2.38.1 - diff --git a/0058-fuzz-fuzz-compress-fix-copy-and-paste-error-buf-buf2.patch b/0059-fuzz-fuzz-compress-fix-copy-and-paste-error-buf-buf2.patch similarity index 98% rename from 0058-fuzz-fuzz-compress-fix-copy-and-paste-error-buf-buf2.patch rename to 0059-fuzz-fuzz-compress-fix-copy-and-paste-error-buf-buf2.patch index 7e629d6..3b96e63 100644 --- a/0058-fuzz-fuzz-compress-fix-copy-and-paste-error-buf-buf2.patch +++ b/0059-fuzz-fuzz-compress-fix-copy-and-paste-error-buf-buf2.patch @@ -24,6 +24,3 @@ index 712ab3ffa9..10956cc548 100644 log_oom(); return 0; } --- -2.38.1 - diff --git a/0059-boot-measure-fix-oom-check.patch b/0060-boot-measure-fix-oom-check.patch similarity index 98% rename from 0059-boot-measure-fix-oom-check.patch rename to 0060-boot-measure-fix-oom-check.patch index 187a8ff..180638c 100644 --- a/0059-boot-measure-fix-oom-check.patch +++ b/0060-boot-measure-fix-oom-check.patch @@ -23,6 +23,3 @@ index 4f16acedf0..0bbd386449 100644 r = log_oom(); goto finish; } --- -2.38.1 - diff --git a/0060-nspawn-allow-sched_rr_get_interval_time64-through-se.patch b/0061-nspawn-allow-sched_rr_get_interval_time64-through-se.patch similarity index 99% rename from 0060-nspawn-allow-sched_rr_get_interval_time64-through-se.patch rename to 0061-nspawn-allow-sched_rr_get_interval_time64-through-se.patch index a91a309..ebc0641 100644 --- a/0060-nspawn-allow-sched_rr_get_interval_time64-through-se.patch +++ b/0061-nspawn-allow-sched_rr_get_interval_time64-through-se.patch @@ -55,6 +55,3 @@ index 77f4c2ac88..27044fadd2 100644 { 0, "sched_yield" }, { 0, "seccomp" }, { 0, "sendfile" }, --- -2.38.1 - diff --git a/0061-resolved-use-right-conditionalization-when-setting-u.patch b/0062-resolved-use-right-conditionalization-when-setting-u.patch similarity index 98% rename from 0061-resolved-use-right-conditionalization-when-setting-u.patch rename to 0062-resolved-use-right-conditionalization-when-setting-u.patch index 542311c..d0a3a96 100644 --- a/0061-resolved-use-right-conditionalization-when-setting-u.patch +++ b/0062-resolved-use-right-conditionalization-when-setting-u.patch @@ -24,6 +24,3 @@ index 852829569d..4f744499aa 100644 r = socket_set_unicast_if(fd, sa.sa.sa_family, ifindex); if (r < 0) return r; --- -2.38.1 - diff --git a/0062-resolved-when-configuring-127.0.0.1-as-per-interface.patch b/0063-resolved-when-configuring-127.0.0.1-as-per-interface.patch similarity index 99% rename from 0062-resolved-when-configuring-127.0.0.1-as-per-interface.patch rename to 0063-resolved-when-configuring-127.0.0.1-as-per-interface.patch index cbed663..0d760ca 100644 --- a/0062-resolved-when-configuring-127.0.0.1-as-per-interface.patch +++ b/0063-resolved-when-configuring-127.0.0.1-as-per-interface.patch @@ -32,6 +32,3 @@ index 04a4f53ed0..8ff513fa33 100644 /* The link ifindex always takes precedence */ if (s->link) return s->link->ifindex; --- -2.38.1 - diff --git a/0063-manager-fix-format-strings-for-trigger-metadata.patch b/0064-manager-fix-format-strings-for-trigger-metadata.patch similarity index 99% rename from 0063-manager-fix-format-strings-for-trigger-metadata.patch rename to 0064-manager-fix-format-strings-for-trigger-metadata.patch index 6adab63..e62e697 100644 --- a/0063-manager-fix-format-strings-for-trigger-metadata.patch +++ b/0064-manager-fix-format-strings-for-trigger-metadata.patch @@ -48,6 +48,3 @@ index 8bd430b931..b6810c8599 100644 if (r < 0) return r; --- -2.38.1 - diff --git a/0064-basic-strv-check-printf-arguments-to-strv_extendf.patch b/0065-basic-strv-check-printf-arguments-to-strv_extendf.patch similarity index 99% rename from 0064-basic-strv-check-printf-arguments-to-strv_extendf.patch rename to 0065-basic-strv-check-printf-arguments-to-strv_extendf.patch index 2827d79..ae7fdec 100644 --- a/0064-basic-strv-check-printf-arguments-to-strv_extendf.patch +++ b/0065-basic-strv-check-printf-arguments-to-strv_extendf.patch @@ -28,6 +28,3 @@ index d6f5ac6ba5..6c9fa47943 100644 int strv_extend_front(char ***l, const char *value); int strv_push_with_size(char ***l, size_t *n, char *value); --- -2.38.1 - diff --git a/0065-resolved-Fix-OpenSSL-error-messages.patch b/0066-resolved-Fix-OpenSSL-error-messages.patch similarity index 99% rename from 0065-resolved-Fix-OpenSSL-error-messages.patch rename to 0066-resolved-Fix-OpenSSL-error-messages.patch index 0e95002..2ea5e78 100644 --- a/0065-resolved-Fix-OpenSSL-error-messages.patch +++ b/0066-resolved-Fix-OpenSSL-error-messages.patch @@ -137,6 +137,3 @@ index 4d3a88c8da..4a0132ad3d 100644 stream->dnstls_events = 0; ss = -EPIPE; } --- -2.38.1 - diff --git a/0066-network-wifi-try-to-reconfigure-when-connected.patch b/0067-network-wifi-try-to-reconfigure-when-connected.patch similarity index 99% rename from 0066-network-wifi-try-to-reconfigure-when-connected.patch rename to 0067-network-wifi-try-to-reconfigure-when-connected.patch index 8e5e83c..f585174 100644 --- a/0066-network-wifi-try-to-reconfigure-when-connected.patch +++ b/0067-network-wifi-try-to-reconfigure-when-connected.patch @@ -68,6 +68,3 @@ index 4bf798a9eb..62cbca0cf9 100644 break; } case NL80211_CMD_DISCONNECT: --- -2.38.1 - diff --git a/0067-oomd-always-allow-root-owned-cgroups-to-set-ManagedO.patch b/0068-oomd-always-allow-root-owned-cgroups-to-set-ManagedO.patch similarity index 99% rename from 0067-oomd-always-allow-root-owned-cgroups-to-set-ManagedO.patch rename to 0068-oomd-always-allow-root-owned-cgroups-to-set-ManagedO.patch index 8bb55e2..0bd251e 100644 --- a/0067-oomd-always-allow-root-owned-cgroups-to-set-ManagedO.patch +++ b/0068-oomd-always-allow-root-owned-cgroups-to-set-ManagedO.patch @@ -36,6 +36,3 @@ index 1fc81d1843..70a1dc941e 100644 /* Ignore most errors when reading the xattr since it is usually unset and cgroup xattrs are only used * as an optional feature of systemd-oomd (and the system might not even support them). */ r = cg_get_xattr_bool(SYSTEMD_CGROUP_CONTROLLER, ctx->path, "user.oomd_avoid"); --- -2.38.1 - diff --git a/0068-oomd-fix-unreachable-test-case-in-test-oomd-util.patch b/0069-oomd-fix-unreachable-test-case-in-test-oomd-util.patch similarity index 99% rename from 0068-oomd-fix-unreachable-test-case-in-test-oomd-util.patch rename to 0069-oomd-fix-unreachable-test-case-in-test-oomd-util.patch index a4ae783..addff9f 100644 --- a/0068-oomd-fix-unreachable-test-case-in-test-oomd-util.patch +++ b/0069-oomd-fix-unreachable-test-case-in-test-oomd-util.patch @@ -34,6 +34,3 @@ index 176e3a8d69..faa75c5578 100644 assert_se(oomd_cgroup_context_acquire(cgroup, &ctx) == 0); assert_se(oomd_fetch_cgroup_oom_preference(ctx, NULL) == 0); --- -2.38.1 - diff --git a/0069-portable-add-a-few-more-useful-debug-log-messages.patch b/0070-portable-add-a-few-more-useful-debug-log-messages.patch similarity index 99% rename from 0069-portable-add-a-few-more-useful-debug-log-messages.patch rename to 0070-portable-add-a-few-more-useful-debug-log-messages.patch index 3832d1b..c3a9207 100644 --- a/0069-portable-add-a-few-more-useful-debug-log-messages.patch +++ b/0070-portable-add-a-few-more-useful-debug-log-messages.patch @@ -46,6 +46,3 @@ index be906f786c..fbc4497014 100644 } /* We don't care too much for the image symlink, it's just a convenience thing, it's not necessary for proper --- -2.38.1 - diff --git a/0070-repart-respect-discard-no-also-for-block-devices.patch b/0071-repart-respect-discard-no-also-for-block-devices.patch similarity index 99% rename from 0070-repart-respect-discard-no-also-for-block-devices.patch rename to 0071-repart-respect-discard-no-also-for-block-devices.patch index 211a5b5..57b016e 100644 --- a/0070-repart-respect-discard-no-also-for-block-devices.patch +++ b/0071-repart-respect-discard-no-also-for-block-devices.patch @@ -41,6 +41,3 @@ index 8e3cfece89..c4ca9840c8 100644 } r = fdisk_get_partitions(context->fdisk_context, &original_table); --- -2.38.1 - diff --git a/0071-udev-make-sure-auto-root-logic-also-works-in-UKIs-bo.patch b/0072-udev-make-sure-auto-root-logic-also-works-in-UKIs-bo.patch similarity index 99% rename from 0071-udev-make-sure-auto-root-logic-also-works-in-UKIs-bo.patch rename to 0072-udev-make-sure-auto-root-logic-also-works-in-UKIs-bo.patch index 4f39256..9b50d61 100644 --- a/0071-udev-make-sure-auto-root-logic-also-works-in-UKIs-bo.patch +++ b/0072-udev-make-sure-auto-root-logic-also-works-in-UKIs-bo.patch @@ -90,6 +90,3 @@ index 92ea43eef0..9f5646ffdd 100644 udev_builtin_add_property(dev, test, "ID_PART_GPT_AUTO_ROOT_UUID", root_id); #endif --- -2.38.1 - diff --git a/0072-meson-install-test-kernel-install-only-when-Dkernel-.patch b/0073-meson-install-test-kernel-install-only-when-Dkernel-.patch similarity index 98% rename from 0072-meson-install-test-kernel-install-only-when-Dkernel-.patch rename to 0073-meson-install-test-kernel-install-only-when-Dkernel-.patch index 49b3979..4db4f55 100644 --- a/0072-meson-install-test-kernel-install-only-when-Dkernel-.patch +++ b/0073-meson-install-test-kernel-install-only-when-Dkernel-.patch @@ -30,6 +30,3 @@ index 015849af49..35704947e3 100644 test('test-kernel-install', test_kernel_install_sh, args : [exe.full_path(), loaderentry_install]) --- -2.38.1 - diff --git a/0073-boot-Silence-driver-reconnect-errors.patch b/0074-boot-Silence-driver-reconnect-errors.patch similarity index 99% rename from 0073-boot-Silence-driver-reconnect-errors.patch rename to 0074-boot-Silence-driver-reconnect-errors.patch index 314fdc3..f9c0cf8 100644 --- a/0073-boot-Silence-driver-reconnect-errors.patch +++ b/0074-boot-Silence-driver-reconnect-errors.patch @@ -53,6 +53,3 @@ index 39b65e74a6..7f2057f5a1 100644 } EFI_STATUS load_drivers( --- -2.38.1 - diff --git a/0074-dissect-image-do-not-try-to-close-invalid-fd.patch b/0075-dissect-image-do-not-try-to-close-invalid-fd.patch similarity index 99% rename from 0074-dissect-image-do-not-try-to-close-invalid-fd.patch rename to 0075-dissect-image-do-not-try-to-close-invalid-fd.patch index 24d4d04..24613d1 100644 --- a/0074-dissect-image-do-not-try-to-close-invalid-fd.patch +++ b/0075-dissect-image-do-not-try-to-close-invalid-fd.patch @@ -122,6 +122,3 @@ index 8007b544e7..f2278c4dfa 100644 typedef enum PartitionDesignator { PARTITION_ROOT, --- -2.38.1 - diff --git a/0075-bootctl-make-boot-entry-id-logged-in-hex.patch b/0076-bootctl-make-boot-entry-id-logged-in-hex.patch similarity index 99% rename from 0075-bootctl-make-boot-entry-id-logged-in-hex.patch rename to 0076-bootctl-make-boot-entry-id-logged-in-hex.patch index 1ff5bd2..9f93892 100644 --- a/0075-bootctl-make-boot-entry-id-logged-in-hex.patch +++ b/0076-bootctl-make-boot-entry-id-logged-in-hex.patch @@ -31,6 +31,3 @@ index b53df11764..64a4b74715 100644 return 0; } --- -2.38.1 - diff --git a/0076-bootctl-downgrade-log-message-when-firmware-reports-.patch b/0077-bootctl-downgrade-log-message-when-firmware-reports-.patch similarity index 98% rename from 0076-bootctl-downgrade-log-message-when-firmware-reports-.patch rename to 0077-bootctl-downgrade-log-message-when-firmware-reports-.patch index 69ba701..ee2db0a 100644 --- a/0076-bootctl-downgrade-log-message-when-firmware-reports-.patch +++ b/0077-bootctl-downgrade-log-message-when-firmware-reports-.patch @@ -26,6 +26,3 @@ index 64a4b74715..a5811adf20 100644 /* print only configured entries with partition information */ if (!path || sd_id128_is_null(partition)) { --- -2.38.1 - diff --git a/0077-bootctl-rework-how-we-handle-referenced-but-absent-E.patch b/0078-bootctl-rework-how-we-handle-referenced-but-absent-E.patch similarity index 99% rename from 0077-bootctl-rework-how-we-handle-referenced-but-absent-E.patch rename to 0078-bootctl-rework-how-we-handle-referenced-but-absent-E.patch index 68b3866..b4e5bcc 100644 --- a/0077-bootctl-rework-how-we-handle-referenced-but-absent-E.patch +++ b/0078-bootctl-rework-how-we-handle-referenced-but-absent-E.patch @@ -35,6 +35,3 @@ index a5811adf20..7da48b4ca4 100644 /* print only configured entries with partition information */ if (!path || sd_id128_is_null(partition)) { --- -2.38.1 - diff --git a/0078-strv-Make-sure-strv_make_nulstr-always-returns-a-val.patch b/0079-strv-Make-sure-strv_make_nulstr-always-returns-a-val.patch similarity index 99% rename from 0078-strv-Make-sure-strv_make_nulstr-always-returns-a-val.patch rename to 0079-strv-Make-sure-strv_make_nulstr-always-returns-a-val.patch index 6dd8d10..259ca2d 100644 --- a/0078-strv-Make-sure-strv_make_nulstr-always-returns-a-val.patch +++ b/0079-strv-Make-sure-strv_make_nulstr-always-returns-a-val.patch @@ -42,6 +42,3 @@ index eea34ca68d..24fc56a1a5 100644 return 0; } --- -2.38.1 - diff --git a/0079-sd-bus-Use-goto-finish-instead-of-return-in-bus_add_.patch b/0080-sd-bus-Use-goto-finish-instead-of-return-in-bus_add_.patch similarity index 98% rename from 0079-sd-bus-Use-goto-finish-instead-of-return-in-bus_add_.patch rename to 0080-sd-bus-Use-goto-finish-instead-of-return-in-bus_add_.patch index 91328c8..bbe4900 100644 --- a/0079-sd-bus-Use-goto-finish-instead-of-return-in-bus_add_.patch +++ b/0080-sd-bus-Use-goto-finish-instead-of-return-in-bus_add_.patch @@ -26,6 +26,3 @@ index 3803a2c4c4..bc716afabf 100644 /* Make the slot of the match call floating now. We need the reference, but we don't * want that this match pins the bus object, hence we first create it non-floating, but --- -2.38.1 - diff --git a/0080-find-esp-downgrade-and-ignore-error-on-retrieving-PA.patch b/0081-find-esp-downgrade-and-ignore-error-on-retrieving-PA.patch similarity index 99% rename from 0080-find-esp-downgrade-and-ignore-error-on-retrieving-PA.patch rename to 0081-find-esp-downgrade-and-ignore-error-on-retrieving-PA.patch index 4415ab6..e2c3ae6 100644 --- a/0080-find-esp-downgrade-and-ignore-error-on-retrieving-PA.patch +++ b/0081-find-esp-downgrade-and-ignore-error-on-retrieving-PA.patch @@ -54,6 +54,3 @@ index dfe0574aba..aa0b02cc2f 100644 if (streq(type, "gpt")) { --- -2.38.1 - diff --git a/0081-find-esp-include-device-sysname-in-the-log-message.patch b/0082-find-esp-include-device-sysname-in-the-log-message.patch similarity index 99% rename from 0081-find-esp-include-device-sysname-in-the-log-message.patch rename to 0082-find-esp-include-device-sysname-in-the-log-message.patch index d897dbe..70290cf 100644 --- a/0081-find-esp-include-device-sysname-in-the-log-message.patch +++ b/0082-find-esp-include-device-sysname-in-the-log-message.patch @@ -112,6 +112,3 @@ index aa0b02cc2f..fa234c8b5f 100644 r = sd_device_get_property_value(d, "ID_PART_ENTRY_SCHEME", &type); if (r < 0) --- -2.38.1 - diff --git a/0082-tmpfiles-log-at-info-level-when-some-allowed-failure.patch b/0083-tmpfiles-log-at-info-level-when-some-allowed-failure.patch similarity index 99% rename from 0082-tmpfiles-log-at-info-level-when-some-allowed-failure.patch rename to 0083-tmpfiles-log-at-info-level-when-some-allowed-failure.patch index 7e29e72..6a0e338 100644 --- a/0082-tmpfiles-log-at-info-level-when-some-allowed-failure.patch +++ b/0083-tmpfiles-log-at-info-level-when-some-allowed-failure.patch @@ -189,6 +189,3 @@ index 784b895577..18bb75715b 100644 if (pfd < 0) return pfd; --- -2.38.1 - diff --git a/0083-fd-util-make-fd_in_set-and-thus-close_all_fds-handle.patch b/0084-fd-util-make-fd_in_set-and-thus-close_all_fds-handle.patch similarity index 99% rename from 0083-fd-util-make-fd_in_set-and-thus-close_all_fds-handle.patch rename to 0084-fd-util-make-fd_in_set-and-thus-close_all_fds-handle.patch index 8d8ad16..90ba257 100644 --- a/0083-fd-util-make-fd_in_set-and-thus-close_all_fds-handle.patch +++ b/0084-fd-util-make-fd_in_set-and-thus-close_all_fds-handle.patch @@ -45,6 +45,3 @@ index cee20a9a81..6ed04449bf 100644 switch (n_except) { case 0: --- -2.38.1 - diff --git a/0084-fd-util-add-new-fd_cloexec_many-helper.patch b/0085-fd-util-add-new-fd_cloexec_many-helper.patch similarity index 99% rename from 0084-fd-util-add-new-fd_cloexec_many-helper.patch rename to 0085-fd-util-add-new-fd_cloexec_many-helper.patch index 93ce208..f4fe208 100644 --- a/0084-fd-util-add-new-fd_cloexec_many-helper.patch +++ b/0085-fd-util-add-new-fd_cloexec_many-helper.patch @@ -53,6 +53,3 @@ index d9896e27e8..29c7d86f27 100644 int get_max_fd(void); --- -2.38.1 - diff --git a/0085-process-util-add-new-FORK_CLOEXEC_OFF-flag-for-disab.patch b/0086-process-util-add-new-FORK_CLOEXEC_OFF-flag-for-disab.patch similarity index 99% rename from 0085-process-util-add-new-FORK_CLOEXEC_OFF-flag-for-disab.patch rename to 0086-process-util-add-new-FORK_CLOEXEC_OFF-flag-for-disab.patch index a855b1b..1a5a22f 100644 --- a/0085-process-util-add-new-FORK_CLOEXEC_OFF-flag-for-disab.patch +++ b/0086-process-util-add-new-FORK_CLOEXEC_OFF-flag-for-disab.patch @@ -47,6 +47,3 @@ index f8c374a310..ed2f73673e 100644 } ForkFlags; int safe_fork_full(const char *name, const int except_fds[], size_t n_except_fds, ForkFlags flags, pid_t *ret_pid); --- -2.38.1 - diff --git a/0086-dissect-fix-fsck.patch b/0087-dissect-fix-fsck.patch similarity index 99% rename from 0086-dissect-fix-fsck.patch rename to 0087-dissect-fix-fsck.patch index 224d974..40f9916 100644 --- a/0086-dissect-fix-fsck.patch +++ b/0087-dissect-fix-fsck.patch @@ -69,6 +69,3 @@ index 6a991c877a..7676636723 100644 if (r < 0) return r; } --- -2.38.1 - diff --git a/0087-core-update-audit-messages.patch b/0088-core-update-audit-messages.patch similarity index 99% rename from 0087-core-update-audit-messages.patch rename to 0088-core-update-audit-messages.patch index 4ee7e49..ff52e58 100644 --- a/0087-core-update-audit-messages.patch +++ b/0088-core-update-audit-messages.patch @@ -29,6 +29,3 @@ index c69baa8a1a..c1744cff92 100644 return 0; } --- -2.38.1 - diff --git a/0088-logind-set-RemoveIPC-to-false-by-default.patch b/0089-logind-set-RemoveIPC-to-false-by-default.patch similarity index 99% rename from 0088-logind-set-RemoveIPC-to-false-by-default.patch rename to 0089-logind-set-RemoveIPC-to-false-by-default.patch index 1fce86c..1f91c9f 100644 --- a/0088-logind-set-RemoveIPC-to-false-by-default.patch +++ b/0089-logind-set-RemoveIPC-to-false-by-default.patch @@ -51,6 +51,3 @@ index 0b10df6839..09c363817a 100644 #InhibitorsMax=8192 #SessionsMax=8192 #StopIdleSessionSec=infinity --- -2.38.1 - diff --git a/0089-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch b/0090-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch similarity index 99% rename from 0089-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch rename to 0090-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch index a65d148..aa07282 100644 --- a/0089-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch +++ b/0090-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch @@ -41,6 +41,3 @@ index cb1c56d6a6..0000000000 -# See tmpfiles.d(5) for details - -L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf --- -2.38.1 - diff --git a/0090-Copy-40-redhat.rules-from-RHEL-8.patch b/0091-Copy-40-redhat.rules-from-RHEL-8.patch similarity index 99% rename from 0090-Copy-40-redhat.rules-from-RHEL-8.patch rename to 0091-Copy-40-redhat.rules-from-RHEL-8.patch index c383f0c..5d4c145 100644 --- a/0090-Copy-40-redhat.rules-from-RHEL-8.patch +++ b/0091-Copy-40-redhat.rules-from-RHEL-8.patch @@ -78,6 +78,3 @@ index 8d2878a36d..70f48e877b 100644 '60-block.rules', '60-cdrom_id.rules', '60-drm.rules', --- -2.38.1 - diff --git a/0091-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch b/0092-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch similarity index 99% rename from 0091-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch rename to 0092-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch index 3afe02c..e510c2e 100644 --- a/0091-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch +++ b/0092-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch @@ -43,6 +43,3 @@ index d8cdd5ac14..9eae0782a2 100644 -Wants=tmp.mount +# RHEL-only: Disable /tmp on tmpfs. +#Wants=tmp.mount --- -2.38.1 - diff --git a/0092-unit-don-t-add-Requires-for-tmp.mount.patch b/0093-unit-don-t-add-Requires-for-tmp.mount.patch similarity index 99% rename from 0092-unit-don-t-add-Requires-for-tmp.mount.patch rename to 0093-unit-don-t-add-Requires-for-tmp.mount.patch index 560965b..2d28be0 100644 --- a/0092-unit-don-t-add-Requires-for-tmp.mount.patch +++ b/0093-unit-don-t-add-Requires-for-tmp.mount.patch @@ -36,6 +36,3 @@ index 1fad0b0ac8..5af44aaf4a 100644 r = unit_add_dependency(u, UNIT_REQUIRES, m, true, di.origin_mask); if (r < 0) return r; --- -2.38.1 - diff --git a/0093-units-add-Install-section-to-tmp.mount.patch b/0094-units-add-Install-section-to-tmp.mount.patch similarity index 98% rename from 0093-units-add-Install-section-to-tmp.mount.patch rename to 0094-units-add-Install-section-to-tmp.mount.patch index 567ed17..e683e51 100644 --- a/0093-units-add-Install-section-to-tmp.mount.patch +++ b/0094-units-add-Install-section-to-tmp.mount.patch @@ -22,6 +22,3 @@ index 734acea237..b9a41cd803 100644 +# Make 'systemctl enable tmp.mount' work: +[Install] +WantedBy=local-fs.target --- -2.38.1 - diff --git a/0094-rc-local-order-after-network-online.target.patch b/0095-rc-local-order-after-network-online.target.patch similarity index 98% rename from 0094-rc-local-order-after-network-online.target.patch rename to 0095-rc-local-order-after-network-online.target.patch index 5d051ee..6f23065 100644 --- a/0094-rc-local-order-after-network-online.target.patch +++ b/0095-rc-local-order-after-network-online.target.patch @@ -27,6 +27,3 @@ index 55e83dfe00..0eee722154 100644 [Service] Type=forking --- -2.38.1 - diff --git a/0095-ci-drop-CIs-irrelevant-for-downstream.patch b/0096-ci-drop-CIs-irrelevant-for-downstream.patch similarity index 99% rename from 0095-ci-drop-CIs-irrelevant-for-downstream.patch rename to 0096-ci-drop-CIs-irrelevant-for-downstream.patch index f4c7914..b38ede8 100644 --- a/0095-ci-drop-CIs-irrelevant-for-downstream.patch +++ b/0096-ci-drop-CIs-irrelevant-for-downstream.patch @@ -301,6 +301,3 @@ index 2a1163aa07..0000000000 - - - name: Check ${{ matrix.distro }} QEMU - run: sudo python3 -m mkosi shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }" --- -2.38.1 - diff --git a/0096-ci-reconfigure-Packit-for-RHEL-9.patch b/0097-ci-reconfigure-Packit-for-RHEL-9.patch similarity index 99% rename from 0096-ci-reconfigure-Packit-for-RHEL-9.patch rename to 0097-ci-reconfigure-Packit-for-RHEL-9.patch index bcbcd10..be65372 100644 --- a/0096-ci-reconfigure-Packit-for-RHEL-9.patch +++ b/0097-ci-reconfigure-Packit-for-RHEL-9.patch @@ -42,6 +42,3 @@ index a7502b25b4..d0eebab181 100644 - job: copr_build trigger: pull_request metadata: --- -2.38.1 - diff --git a/0097-ci-run-unit-tests-on-z-stream-branches-as-well.patch b/0098-ci-run-unit-tests-on-z-stream-branches-as-well.patch similarity index 98% rename from 0097-ci-run-unit-tests-on-z-stream-branches-as-well.patch rename to 0098-ci-run-unit-tests-on-z-stream-branches-as-well.patch index bbceb73..9d894c3 100644 --- a/0097-ci-run-unit-tests-on-z-stream-branches-as-well.patch +++ b/0098-ci-run-unit-tests-on-z-stream-branches-as-well.patch @@ -26,6 +26,3 @@ index cd6c33eb64..ca4464e95d 100644 permissions: contents: read --- -2.38.1 - diff --git a/0098-random-util-increase-random-seed-size-to-1024.patch b/0099-random-util-increase-random-seed-size-to-1024.patch similarity index 98% rename from 0098-random-util-increase-random-seed-size-to-1024.patch rename to 0099-random-util-increase-random-seed-size-to-1024.patch index 4929b3f..6e90ff7 100644 --- a/0098-random-util-increase-random-seed-size-to-1024.patch +++ b/0099-random-util-increase-random-seed-size-to-1024.patch @@ -23,6 +23,3 @@ index 2d99807272..7e6f66df4d 100644 #define RANDOM_POOL_SIZE_MAX (10U*1024U*1024U) size_t random_pool_size(void); --- -2.38.1 - diff --git a/0099-journal-don-t-enable-systemd-journald-audit.socket-b.patch b/0100-journal-don-t-enable-systemd-journald-audit.socket-b.patch similarity index 99% rename from 0099-journal-don-t-enable-systemd-journald-audit.socket-b.patch rename to 0100-journal-don-t-enable-systemd-journald-audit.socket-b.patch index 263a8ac..19e8b1d 100644 --- a/0099-journal-don-t-enable-systemd-journald-audit.socket-b.patch +++ b/0100-journal-don-t-enable-systemd-journald-audit.socket-b.patch @@ -39,6 +39,3 @@ index 38ba3e2856..e8be031de5 100644 Before=sysinit.target # Mount and swap units need the journal socket units. If they were removed by --- -2.38.1 - diff --git a/0100-journald.conf-don-t-touch-current-audit-settings.patch b/0101-journald.conf-don-t-touch-current-audit-settings.patch similarity index 97% rename from 0100-journald.conf-don-t-touch-current-audit-settings.patch rename to 0101-journald.conf-don-t-touch-current-audit-settings.patch index 13bb5d3..d939bc2 100644 --- a/0100-journald.conf-don-t-touch-current-audit-settings.patch +++ b/0101-journald.conf-don-t-touch-current-audit-settings.patch @@ -20,6 +20,3 @@ index 5a60a9d39c..3544da2112 100644 #ReadKMsg=yes -#Audit=yes +Audit= --- -2.38.1 - diff --git a/0101-Revert-udev-remove-WAIT_FOR-key.patch b/0102-Revert-udev-remove-WAIT_FOR-key.patch similarity index 99% rename from 0101-Revert-udev-remove-WAIT_FOR-key.patch rename to 0102-Revert-udev-remove-WAIT_FOR-key.patch index ae99960..56a2dbb 100644 --- a/0101-Revert-udev-remove-WAIT_FOR-key.patch +++ b/0102-Revert-udev-remove-WAIT_FOR-key.patch @@ -135,6 +135,3 @@ index ec1c75a854..5543931064 100755 args_assign = re.compile(r'(ATTR|ENV|IMPORT|RUN){([a-zA-Z0-9/_.*%-]+)}\s*(=|\+=)\s*' + quoted_string_re + '$') # Find comma-separated groups, but allow commas that are inside quoted strings. # Using quoted_string_re + '?' so that strings missing the last double quote --- -2.38.1 - diff --git a/0102-Really-don-t-enable-systemd-journald-audit.socket.patch b/0103-Really-don-t-enable-systemd-journald-audit.socket.patch similarity index 98% rename from 0102-Really-don-t-enable-systemd-journald-audit.socket.patch rename to 0103-Really-don-t-enable-systemd-journald-audit.socket.patch index 0dc49eb..05c3ee0 100644 --- a/0102-Really-don-t-enable-systemd-journald-audit.socket.patch +++ b/0103-Really-don-t-enable-systemd-journald-audit.socket.patch @@ -23,6 +23,3 @@ index e8be031de5..ee8bdcb9ca 100644 StandardOutput=null SystemCallArchitectures=native SystemCallErrorNumber=EPERM --- -2.38.1 - diff --git a/0103-rules-add-elevator-kernel-command-line-parameter.patch b/0104-rules-add-elevator-kernel-command-line-parameter.patch similarity index 99% rename from 0103-rules-add-elevator-kernel-command-line-parameter.patch rename to 0104-rules-add-elevator-kernel-command-line-parameter.patch index 8cf47ed..8ead8b8 100644 --- a/0103-rules-add-elevator-kernel-command-line-parameter.patch +++ b/0104-rules-add-elevator-kernel-command-line-parameter.patch @@ -56,6 +56,3 @@ index 70f48e877b..4e88400d02 100644 '60-autosuspend.rules', '60-block.rules', '60-cdrom_id.rules', --- -2.38.1 - diff --git a/0104-units-don-t-enable-tmp.mount-statically-in-local-fs..patch b/0105-units-don-t-enable-tmp.mount-statically-in-local-fs..patch similarity index 98% rename from 0104-units-don-t-enable-tmp.mount-statically-in-local-fs..patch rename to 0105-units-don-t-enable-tmp.mount-statically-in-local-fs..patch index 1c7fad3..bf998d7 100644 --- a/0104-units-don-t-enable-tmp.mount-statically-in-local-fs..patch +++ b/0105-units-don-t-enable-tmp.mount-statically-in-local-fs..patch @@ -24,6 +24,3 @@ index b224701eb9..eae7394731 100644 ['umount.target', ''], ['usb-gadget.target', ''], ['user.slice', ''], --- -2.38.1 - diff --git a/0105-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch b/0106-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch similarity index 99% rename from 0105-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch rename to 0106-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch index 597f53f..47d4bbe 100644 --- a/0105-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch +++ b/0106-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch @@ -57,6 +57,3 @@ index 71a5869ec0..5d1f6d24f0 100644 #DefaultLimitCPU= #DefaultLimitFSIZE= #DefaultLimitDATA= --- -2.38.1 - diff --git a/0106-set-core-ulimit-to-0-like-on-RHEL-7.patch b/0107-set-core-ulimit-to-0-like-on-RHEL-7.patch similarity index 98% rename from 0106-set-core-ulimit-to-0-like-on-RHEL-7.patch rename to 0107-set-core-ulimit-to-0-like-on-RHEL-7.patch index 8dc9a67..b0137ae 100644 --- a/0106-set-core-ulimit-to-0-like-on-RHEL-7.patch +++ b/0107-set-core-ulimit-to-0-like-on-RHEL-7.patch @@ -23,6 +23,3 @@ index 5d1f6d24f0..624746e512 100644 #DefaultLimitRSS= #DefaultLimitNOFILE=1024:{{HIGH_RLIMIT_NOFILE}} #DefaultLimitAS= --- -2.38.1 - diff --git a/0107-ci-use-C9S-chroots-in-Packit.patch b/0108-ci-use-C9S-chroots-in-Packit.patch similarity index 98% rename from 0107-ci-use-C9S-chroots-in-Packit.patch rename to 0108-ci-use-C9S-chroots-in-Packit.patch index d8a832d..f1b418f 100644 --- a/0107-ci-use-C9S-chroots-in-Packit.patch +++ b/0108-ci-use-C9S-chroots-in-Packit.patch @@ -26,6 +26,3 @@ index d0eebab181..35938f3586 100644 + - centos-stream-9-ppc64le + - centos-stream-9-s390x + - centos-stream-9-x86_64 --- -2.38.1 - diff --git a/0108-Treat-EPERM-as-not-available-too.patch b/0109-Treat-EPERM-as-not-available-too.patch similarity index 99% rename from 0108-Treat-EPERM-as-not-available-too.patch rename to 0109-Treat-EPERM-as-not-available-too.patch index 8e97837..a514554 100644 --- a/0108-Treat-EPERM-as-not-available-too.patch +++ b/0109-Treat-EPERM-as-not-available-too.patch @@ -28,6 +28,3 @@ index 01a67b5553..93d646ed56 100644 /* This might fail because the kernel or file system doesn't support idmapping. We * can't really distinguish this nicely, nor do we have any guarantees about the * error codes we see, could be EOPNOTSUPP or EINVAL. */ --- -2.38.1 - diff --git a/0109-udev-net-setup-link-change-the-default-MACAddressPol.patch b/0110-udev-net-setup-link-change-the-default-MACAddressPol.patch similarity index 99% rename from 0109-udev-net-setup-link-change-the-default-MACAddressPol.patch rename to 0110-udev-net-setup-link-change-the-default-MACAddressPol.patch index 7724090..7acbcf6 100644 --- a/0109-udev-net-setup-link-change-the-default-MACAddressPol.patch +++ b/0110-udev-net-setup-link-change-the-default-MACAddressPol.patch @@ -51,6 +51,3 @@ index feb5b1fbb0..3d755898b4 100644 NamePolicy=keep kernel database onboard slot path -MACAddressPolicy=persistent +MACAddressPolicy=none --- -2.38.1 - diff --git a/0110-man-mention-System-Administrator-s-Guide-in-systemct.patch b/0111-man-mention-System-Administrator-s-Guide-in-systemct.patch similarity index 99% rename from 0110-man-mention-System-Administrator-s-Guide-in-systemct.patch rename to 0111-man-mention-System-Administrator-s-Guide-in-systemct.patch index 218d853..b138880 100644 --- a/0110-man-mention-System-Administrator-s-Guide-in-systemct.patch +++ b/0111-man-mention-System-Administrator-s-Guide-in-systemct.patch @@ -33,6 +33,3 @@ index 997925892d..f743c182fe 100644 See Also --- -2.38.1 - diff --git a/0111-Net-naming-scheme-for-RHEL-9.0.patch b/0112-Net-naming-scheme-for-RHEL-9.0.patch similarity index 99% rename from 0111-Net-naming-scheme-for-RHEL-9.0.patch rename to 0112-Net-naming-scheme-for-RHEL-9.0.patch index 3dd63a6..57b2cfd 100644 --- a/0111-Net-naming-scheme-for-RHEL-9.0.patch +++ b/0112-Net-naming-scheme-for-RHEL-9.0.patch @@ -54,6 +54,3 @@ index 4fa9170969..b5fa1f0ef0 100644 EXTRA_NET_NAMING_SCHEMES --- -2.38.1 - diff --git a/0112-core-decrease-log-level-of-messages-about-use-of-Kil.patch b/0113-core-decrease-log-level-of-messages-about-use-of-Kil.patch similarity index 99% rename from 0112-core-decrease-log-level-of-messages-about-use-of-Kil.patch rename to 0113-core-decrease-log-level-of-messages-about-use-of-Kil.patch index bc28e43..2bef6e0 100644 --- a/0112-core-decrease-log-level-of-messages-about-use-of-Kil.patch +++ b/0113-core-decrease-log-level-of-messages-about-use-of-Kil.patch @@ -38,6 +38,3 @@ index 5af44aaf4a..4bb7e2d498 100644 "Found left-over process " PID_FMT " (%s) in control group while starting unit. Ignoring.\n" "This usually indicates unclean termination of a previous run, or service implementation deficiencies.", pid, strna(comm)); --- -2.38.1 - diff --git a/0113-ci-Mergify-configuration-update.patch b/0114-ci-Mergify-configuration-update.patch similarity index 99% rename from 0113-ci-Mergify-configuration-update.patch rename to 0114-ci-Mergify-configuration-update.patch index 69e8c11..95d41c1 100644 --- a/0113-ci-Mergify-configuration-update.patch +++ b/0114-ci-Mergify-configuration-update.patch @@ -95,6 +95,3 @@ index 0000000000..c06e0fb1be + label: + remove: + - needs-ci --- -2.38.1 - diff --git a/0114-ci-Mergify-fix-copy-paste-bug.patch b/0115-ci-Mergify-fix-copy-paste-bug.patch similarity index 99% rename from 0114-ci-Mergify-fix-copy-paste-bug.patch rename to 0115-ci-Mergify-fix-copy-paste-bug.patch index 73a7a74..048f662 100644 --- a/0114-ci-Mergify-fix-copy-paste-bug.patch +++ b/0115-ci-Mergify-fix-copy-paste-bug.patch @@ -32,6 +32,3 @@ index c06e0fb1be..b7852b201c 100644 # Packit - check-success=rpm-build:centos-stream-9-aarch64 - check-success=rpm-build:centos-stream-9-x86_64 --- -2.38.1 - diff --git a/0115-ci-Mergify-Add-ci-waived-logic.patch b/0116-ci-Mergify-Add-ci-waived-logic.patch similarity index 99% rename from 0115-ci-Mergify-Add-ci-waived-logic.patch rename to 0116-ci-Mergify-Add-ci-waived-logic.patch index 1caf82a..3387169 100644 --- a/0115-ci-Mergify-Add-ci-waived-logic.patch +++ b/0116-ci-Mergify-Add-ci-waived-logic.patch @@ -102,6 +102,3 @@ index b7852b201c..be25e52c76 100644 actions: label: remove: --- -2.38.1 - diff --git a/0116-udev-net_id-avoid-slot-based-names-only-for-single-f.patch b/0117-udev-net_id-avoid-slot-based-names-only-for-single-f.patch similarity index 99% rename from 0116-udev-net_id-avoid-slot-based-names-only-for-single-f.patch rename to 0117-udev-net_id-avoid-slot-based-names-only-for-single-f.patch index 8572c25..0a6dad7 100644 --- a/0116-udev-net_id-avoid-slot-based-names-only-for-single-f.patch +++ b/0117-udev-net_id-avoid-slot-based-names-only-for-single-f.patch @@ -48,6 +48,3 @@ index b5fa1f0ef0..fd3ae1b7f5 100644 EXTRA_NET_NAMING_SCHEMES --- -2.38.1 - diff --git a/0117-udev-net_id-add-rhel-9.1-naming-scheme.patch b/0118-udev-net_id-add-rhel-9.1-naming-scheme.patch similarity index 99% rename from 0117-udev-net_id-add-rhel-9.1-naming-scheme.patch rename to 0118-udev-net_id-add-rhel-9.1-naming-scheme.patch index 5573aa8..a432f5f 100644 --- a/0117-udev-net_id-add-rhel-9.1-naming-scheme.patch +++ b/0118-udev-net_id-add-rhel-9.1-naming-scheme.patch @@ -53,6 +53,3 @@ index fd3ae1b7f5..d70c19ade3 100644 EXTRA_NET_NAMING_SCHEMES --- -2.38.1 - diff --git a/0118-ci-lint-Update-Differential-ShellCheck-config-to-run.patch b/0119-ci-lint-Update-Differential-ShellCheck-config-to-run.patch similarity index 98% rename from 0118-ci-lint-Update-Differential-ShellCheck-config-to-run.patch rename to 0119-ci-lint-Update-Differential-ShellCheck-config-to-run.patch index 9399f8a..7f67fea 100644 --- a/0118-ci-lint-Update-Differential-ShellCheck-config-to-run.patch +++ b/0119-ci-lint-Update-Differential-ShellCheck-config-to-run.patch @@ -30,6 +30,3 @@ index 20ce681632..47ec23731d 100644 runs-on: ubuntu-latest permissions: --- -2.38.1 - diff --git a/0119-ci-mergify-Update-policy-Drop-LGTM-checks.patch b/0120-ci-mergify-Update-policy-Drop-LGTM-checks.patch similarity index 99% rename from 0119-ci-mergify-Update-policy-Drop-LGTM-checks.patch rename to 0120-ci-mergify-Update-policy-Drop-LGTM-checks.patch index 9333822..66f45a8 100644 --- a/0119-ci-mergify-Update-policy-Drop-LGTM-checks.patch +++ b/0120-ci-mergify-Update-policy-Drop-LGTM-checks.patch @@ -85,6 +85,3 @@ index be25e52c76..ddc79a1d7a 100644 remove: - - needs-ci + - needs-ci --- -2.38.1 - diff --git a/0120-test-sd-device-skip-misc-devices.patch b/0121-test-sd-device-skip-misc-devices.patch similarity index 98% rename from 0120-test-sd-device-skip-misc-devices.patch rename to 0121-test-sd-device-skip-misc-devices.patch index 578544e..45fd4ce 100644 --- a/0120-test-sd-device-skip-misc-devices.patch +++ b/0121-test-sd-device-skip-misc-devices.patch @@ -22,6 +22,3 @@ index 4ab8b3894a..a1bcf18059 100644 FOREACH_DEVICE(e, d) test_sd_device_one(d); } --- -2.38.1 - diff --git a/0121-test-skip-test_ntp-if-systemd-timesyncd-is-not-avail.patch b/0122-test-skip-test_ntp-if-systemd-timesyncd-is-not-avail.patch similarity index 98% rename from 0121-test-skip-test_ntp-if-systemd-timesyncd-is-not-avail.patch rename to 0122-test-skip-test_ntp-if-systemd-timesyncd-is-not-avail.patch index 935274f..48646bd 100644 --- a/0121-test-skip-test_ntp-if-systemd-timesyncd-is-not-avail.patch +++ b/0122-test-skip-test_ntp-if-systemd-timesyncd-is-not-avail.patch @@ -27,6 +27,3 @@ index 24e888c587..7e757e4b00 100755 # timesyncd has ConditionVirtualization=!container by default; drop/mock that for testing if systemd-detect-virt --container --quiet; then systemctl disable --quiet --now systemd-timesyncd --- -2.38.1 - diff --git a/0122-test-accept-EPERM-for-unavailable-idmapped-mounts-as.patch b/0123-test-accept-EPERM-for-unavailable-idmapped-mounts-as.patch similarity index 98% rename from 0122-test-accept-EPERM-for-unavailable-idmapped-mounts-as.patch rename to 0123-test-accept-EPERM-for-unavailable-idmapped-mounts-as.patch index b3f26f8..2418174 100644 --- a/0122-test-accept-EPERM-for-unavailable-idmapped-mounts-as.patch +++ b/0123-test-accept-EPERM-for-unavailable-idmapped-mounts-as.patch @@ -24,6 +24,3 @@ index 4ad7431e42..2b6e6df8a3 100755 echo "idmapped mounts are not supported, skipping the test..." return 0 fi --- -2.38.1 - diff --git a/0123-test-don-t-test-buses-we-don-t-ship.patch b/0124-test-don-t-test-buses-we-don-t-ship.patch similarity index 99% rename from 0123-test-don-t-test-buses-we-don-t-ship.patch rename to 0124-test-don-t-test-buses-we-don-t-ship.patch index 8932a53..011e419 100644 --- a/0123-test-don-t-test-buses-we-don-t-ship.patch +++ b/0124-test-don-t-test-buses-we-don-t-ship.patch @@ -50,6 +50,3 @@ index d931e63167..e7d97ae06e 100755 SESSION_BUS_LIST=( org.freedesktop.systemd1 ) --- -2.38.1 - diff --git a/0124-basic-add-fallback-in-chase_symlinks_and_opendir-for.patch b/0125-basic-add-fallback-in-chase_symlinks_and_opendir-for.patch similarity index 99% rename from 0124-basic-add-fallback-in-chase_symlinks_and_opendir-for.patch rename to 0125-basic-add-fallback-in-chase_symlinks_and_opendir-for.patch index 2c6b16a..f67e0f5 100644 --- a/0124-basic-add-fallback-in-chase_symlinks_and_opendir-for.patch +++ b/0125-basic-add-fallback-in-chase_symlinks_and_opendir-for.patch @@ -41,6 +41,3 @@ index afab54f067..c09aab389e 100644 if (ret_path) *ret_path = TAKE_PTR(p); --- -2.38.1 - diff --git a/0126-test-check-if-we-can-use-SHA1-MD-for-signing-before-.patch b/0126-test-check-if-we-can-use-SHA1-MD-for-signing-before-.patch new file mode 100644 index 0000000..ba13b70 --- /dev/null +++ b/0126-test-check-if-we-can-use-SHA1-MD-for-signing-before-.patch @@ -0,0 +1,69 @@ +From 17cc25a2d7c2ebe75e18cf813d539e5997610e25 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Fri, 2 Dec 2022 12:48:26 +0100 +Subject: [PATCH] test: check if we can use SHA1 MD for signing before using it + +Some distributions have started phasing out SHA1, which breaks +the systemd-measure test case in its current form. Let's make sure we +can use SHA1 for signing beforehand to mitigate this. + +Spotted on RHEL 9, where SHA1 signatures are disallowed by [0]: +``` +openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out "/tmp/pcrsign-private.pem" +... +openssl rsa -pubout -in "/tmp/pcrsign-private.pem" -out "/tmp/pcrsign-public.pem" +writing RSA key +/usr/lib/systemd/systemd-measure sign --current --bank=sha1 --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" +Failed to initialize signature context. +``` + +[0] https://gitlab.com/redhat/centos-stream/rpms/openssl/-/blob/c9s/0049-Selectively-disallow-SHA1-signatures.patch + +(cherry picked from commit d19e5540f20c78caa949ff33050b4a530cae1982) + +Related: #2141979 +--- + test/units/testsuite-70.sh | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/test/units/testsuite-70.sh b/test/units/testsuite-70.sh +index b1cf7e83c4..89cd2a3f82 100755 +--- a/test/units/testsuite-70.sh ++++ b/test/units/testsuite-70.sh +@@ -102,8 +102,17 @@ if [ -e /usr/lib/systemd/systemd-measure ] && \ + openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out "/tmp/pcrsign-private.pem" + openssl rsa -pubout -in "/tmp/pcrsign-private.pem" -out "/tmp/pcrsign-public.pem" + ++ MEASURE_BANKS=("--bank=sha256") ++ # Check if SHA1 signatures are supported ++ # ++ # Some distros have started phasing out SHA1, so make sure the SHA1 ++ # signatures are supported before trying to use them. ++ if echo hello | openssl dgst -sign /tmp/pcrsign-private.pem -sha1 >/dev/null; then ++ MEASURE_BANKS+=("--bank=sha1") ++ fi ++ + # Sign current PCR state with it +- /usr/lib/systemd/systemd-measure sign --current --bank=sha1 --bank=sha256 --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: | tee "/tmp/pcrsign.sig" ++ /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: | tee "/tmp/pcrsign.sig" + dd if=/dev/urandom of=/tmp/pcrtestdata bs=1024 count=64 + systemd-creds encrypt /tmp/pcrtestdata /tmp/pcrtestdata.encrypted --with-key=host+tpm2-with-public-key --tpm2-public-key="/tmp/pcrsign-public.pem" + systemd-creds decrypt /tmp/pcrtestdata.encrypted - --tpm2-signature="/tmp/pcrsign.sig" | cmp - /tmp/pcrtestdata +@@ -113,7 +122,7 @@ if [ -e /usr/lib/systemd/systemd-measure ] && \ + systemd-creds decrypt /tmp/pcrtestdata.encrypted - --tpm2-signature="/tmp/pcrsign.sig" > /dev/null && { echo 'unexpected success'; exit 1; } + + # Sign new PCR state, decrypting should work now. +- /usr/lib/systemd/systemd-measure sign --current --bank=sha1 --bank=sha256 --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: > "/tmp/pcrsign.sig2" ++ /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: > "/tmp/pcrsign.sig2" + systemd-creds decrypt /tmp/pcrtestdata.encrypted - --tpm2-signature="/tmp/pcrsign.sig2" | cmp - /tmp/pcrtestdata + + # Now, do the same, but with a cryptsetup binding +@@ -135,7 +144,7 @@ if [ -e /usr/lib/systemd/systemd-measure ] && \ + SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=1 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig2",headless=1 && { echo 'unexpected success'; exit 1; } + + # But once we sign the current PCRs, we should be able to unlock again +- /usr/lib/systemd/systemd-measure sign --current --bank=sha1 --bank=sha256 --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: > "/tmp/pcrsign.sig3" ++ /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: > "/tmp/pcrsign.sig3" + SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=0 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig3",headless=1 + /usr/lib/systemd/systemd-cryptsetup detach test-volume2 + SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=1 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig3",headless=1 diff --git a/0127-boot-cleanups-for-efivar_get-and-friends.patch b/0127-boot-cleanups-for-efivar_get-and-friends.patch new file mode 100644 index 0000000..e7145dd --- /dev/null +++ b/0127-boot-cleanups-for-efivar_get-and-friends.patch @@ -0,0 +1,188 @@ +From a83ec37232ca1ea817b3446b905f9e880223de21 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Tue, 6 Dec 2022 13:06:57 +0900 +Subject: [PATCH] boot: cleanups for efivar_get() and friends + +- rename function arguments for storing results, and support the case + that they are NULL, +- return earlier on error, +- always validate read size in efivar_get_uint32_le() and efivar_get_uint64_le(). + +(cherry picked from commit 9e406b1141da2d93b73428910f2504850631a3ee) + +Related: #2141979 +--- + src/boot/efi/util.c | 63 ++++++++++++++++++++++++--------------------- + src/boot/efi/util.h | 6 ++--- + 2 files changed, 37 insertions(+), 32 deletions(-) + +diff --git a/src/boot/efi/util.c b/src/boot/efi/util.c +index 57436dbf0c..3eba2ade07 100644 +--- a/src/boot/efi/util.c ++++ b/src/boot/efi/util.c +@@ -91,7 +91,7 @@ EFI_STATUS efivar_set_uint64_le(const EFI_GUID *vendor, const char16_t *name, ui + return efivar_set_raw(vendor, name, buf, sizeof(buf), flags); + } + +-EFI_STATUS efivar_get(const EFI_GUID *vendor, const char16_t *name, char16_t **value) { ++EFI_STATUS efivar_get(const EFI_GUID *vendor, const char16_t *name, char16_t **ret) { + _cleanup_free_ char16_t *buf = NULL; + EFI_STATUS err; + char16_t *val; +@@ -108,12 +108,12 @@ EFI_STATUS efivar_get(const EFI_GUID *vendor, const char16_t *name, char16_t **v + if ((size % sizeof(char16_t)) != 0) + return EFI_INVALID_PARAMETER; + +- if (!value) ++ if (!ret) + return EFI_SUCCESS; + + /* Return buffer directly if it happens to be NUL terminated already */ + if (size >= sizeof(char16_t) && buf[size / sizeof(char16_t) - 1] == 0) { +- *value = TAKE_PTR(buf); ++ *ret = TAKE_PTR(buf); + return EFI_SUCCESS; + } + +@@ -123,18 +123,17 @@ EFI_STATUS efivar_get(const EFI_GUID *vendor, const char16_t *name, char16_t **v + memcpy(val, buf, size); + val[size / sizeof(char16_t) - 1] = 0; /* NUL terminate */ + +- *value = val; ++ *ret = val; + return EFI_SUCCESS; + } + +-EFI_STATUS efivar_get_uint_string(const EFI_GUID *vendor, const char16_t *name, UINTN *i) { ++EFI_STATUS efivar_get_uint_string(const EFI_GUID *vendor, const char16_t *name, UINTN *ret) { + _cleanup_free_ char16_t *val = NULL; + EFI_STATUS err; + uint64_t u; + + assert(vendor); + assert(name); +- assert(i); + + err = efivar_get(vendor, name, &val); + if (err != EFI_SUCCESS) +@@ -143,7 +142,8 @@ EFI_STATUS efivar_get_uint_string(const EFI_GUID *vendor, const char16_t *name, + if (!parse_number16(val, &u, NULL) || u > UINTN_MAX) + return EFI_INVALID_PARAMETER; + +- *i = u; ++ if (ret) ++ *ret = u; + return EFI_SUCCESS; + } + +@@ -156,15 +156,17 @@ EFI_STATUS efivar_get_uint32_le(const EFI_GUID *vendor, const char16_t *name, ui + assert(name); + + err = efivar_get_raw(vendor, name, &buf, &size); +- if (err == EFI_SUCCESS && ret) { +- if (size != sizeof(uint32_t)) +- return EFI_BUFFER_TOO_SMALL; ++ if (err != EFI_SUCCESS) ++ return err; + ++ if (size != sizeof(uint32_t)) ++ return EFI_BUFFER_TOO_SMALL; ++ ++ if (ret) + *ret = (uint32_t) buf[0] << 0U | (uint32_t) buf[1] << 8U | (uint32_t) buf[2] << 16U | + (uint32_t) buf[3] << 24U; +- } + +- return err; ++ return EFI_SUCCESS; + } + + EFI_STATUS efivar_get_uint64_le(const EFI_GUID *vendor, const char16_t *name, uint64_t *ret) { +@@ -176,19 +178,21 @@ EFI_STATUS efivar_get_uint64_le(const EFI_GUID *vendor, const char16_t *name, ui + assert(name); + + err = efivar_get_raw(vendor, name, &buf, &size); +- if (err == EFI_SUCCESS && ret) { +- if (size != sizeof(uint64_t)) +- return EFI_BUFFER_TOO_SMALL; ++ if (err != EFI_SUCCESS) ++ return err; ++ ++ if (size != sizeof(uint64_t)) ++ return EFI_BUFFER_TOO_SMALL; + ++ if (ret) + *ret = (uint64_t) buf[0] << 0U | (uint64_t) buf[1] << 8U | (uint64_t) buf[2] << 16U | + (uint64_t) buf[3] << 24U | (uint64_t) buf[4] << 32U | (uint64_t) buf[5] << 40U | + (uint64_t) buf[6] << 48U | (uint64_t) buf[7] << 56U; +- } + +- return err; ++ return EFI_SUCCESS; + } + +-EFI_STATUS efivar_get_raw(const EFI_GUID *vendor, const char16_t *name, char **buffer, UINTN *size) { ++EFI_STATUS efivar_get_raw(const EFI_GUID *vendor, const char16_t *name, char **ret, UINTN *ret_size) { + _cleanup_free_ char *buf = NULL; + UINTN l; + EFI_STATUS err; +@@ -200,16 +204,15 @@ EFI_STATUS efivar_get_raw(const EFI_GUID *vendor, const char16_t *name, char **b + buf = xmalloc(l); + + err = RT->GetVariable((char16_t *) name, (EFI_GUID *) vendor, NULL, &l, buf); +- if (err == EFI_SUCCESS) { +- +- if (buffer) +- *buffer = TAKE_PTR(buf); ++ if (err != EFI_SUCCESS) ++ return err; + +- if (size) +- *size = l; +- } ++ if (ret) ++ *ret = TAKE_PTR(buf); ++ if (ret_size) ++ *ret_size = l; + +- return err; ++ return EFI_SUCCESS; + } + + EFI_STATUS efivar_get_boolean_u8(const EFI_GUID *vendor, const char16_t *name, bool *ret) { +@@ -219,13 +222,15 @@ EFI_STATUS efivar_get_boolean_u8(const EFI_GUID *vendor, const char16_t *name, b + + assert(vendor); + assert(name); +- assert(ret); + + err = efivar_get_raw(vendor, name, &b, &size); +- if (err == EFI_SUCCESS) ++ if (err != EFI_SUCCESS) ++ return err; ++ ++ if (ret) + *ret = *b > 0; + +- return err; ++ return EFI_SUCCESS; + } + + void efivar_set_time_usec(const EFI_GUID *vendor, const char16_t *name, uint64_t usec) { +diff --git a/src/boot/efi/util.h b/src/boot/efi/util.h +index b33c50f9fc..994cf52ad6 100644 +--- a/src/boot/efi/util.h ++++ b/src/boot/efi/util.h +@@ -105,9 +105,9 @@ EFI_STATUS efivar_set_uint32_le(const EFI_GUID *vendor, const char16_t *NAME, ui + EFI_STATUS efivar_set_uint64_le(const EFI_GUID *vendor, const char16_t *name, uint64_t value, uint32_t flags); + void efivar_set_time_usec(const EFI_GUID *vendor, const char16_t *name, uint64_t usec); + +-EFI_STATUS efivar_get(const EFI_GUID *vendor, const char16_t *name, char16_t **value); +-EFI_STATUS efivar_get_raw(const EFI_GUID *vendor, const char16_t *name, char **buffer, UINTN *size); +-EFI_STATUS efivar_get_uint_string(const EFI_GUID *vendor, const char16_t *name, UINTN *i); ++EFI_STATUS efivar_get(const EFI_GUID *vendor, const char16_t *name, char16_t **ret); ++EFI_STATUS efivar_get_raw(const EFI_GUID *vendor, const char16_t *name, char **ret, UINTN *ret_size); ++EFI_STATUS efivar_get_uint_string(const EFI_GUID *vendor, const char16_t *name, UINTN *ret); + EFI_STATUS efivar_get_uint32_le(const EFI_GUID *vendor, const char16_t *name, uint32_t *ret); + EFI_STATUS efivar_get_uint64_le(const EFI_GUID *vendor, const char16_t *name, uint64_t *ret); + EFI_STATUS efivar_get_boolean_u8(const EFI_GUID *vendor, const char16_t *name, bool *ret); diff --git a/0128-boot-fix-false-maybe-uninitialized-warning.patch b/0128-boot-fix-false-maybe-uninitialized-warning.patch new file mode 100644 index 0000000..79a9734 --- /dev/null +++ b/0128-boot-fix-false-maybe-uninitialized-warning.patch @@ -0,0 +1,64 @@ +From fdb8d8dee1821dc91c44b8f8195f959b9eae12ee Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Tue, 6 Dec 2022 12:57:43 +0900 +Subject: [PATCH] boot: fix false maybe-uninitialized warning + +Fixes #25641. + +(cherry picked from commit febe556191c739fb79a22cf742dd447c75e90446) + +Related: #2141979 +--- + src/boot/efi/boot.c | 4 ++-- + src/boot/efi/cpio.c | 2 +- + src/boot/efi/secure-boot.c | 2 +- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c +index b490a1d972..db6ca97df4 100644 +--- a/src/boot/efi/boot.c ++++ b/src/boot/efi/boot.c +@@ -1572,7 +1572,7 @@ static EFI_STATUS efivar_get_timeout(const char16_t *var, uint32_t *ret_value) { + + static void config_load_defaults(Config *config, EFI_FILE *root_dir) { + _cleanup_free_ char *content = NULL; +- UINTN value; ++ UINTN value = 0; /* avoid false maybe-uninitialized warning */ + EFI_STATUS err; + + assert(root_dir); +@@ -2258,7 +2258,7 @@ static void config_load_xbootldr( + EFI_HANDLE *device) { + + _cleanup_(file_closep) EFI_FILE *root_dir = NULL; +- EFI_HANDLE new_device; ++ EFI_HANDLE new_device = NULL; /* avoid false maybe-uninitialized warning */ + EFI_STATUS err; + + assert(config); +diff --git a/src/boot/efi/cpio.c b/src/boot/efi/cpio.c +index 648f9f000f..1dbfe5f380 100644 +--- a/src/boot/efi/cpio.c ++++ b/src/boot/efi/cpio.c +@@ -485,7 +485,7 @@ EFI_STATUS pack_cpio( + + for (UINTN i = 0; i < n_items; i++) { + _cleanup_free_ char *content = NULL; +- UINTN contentsize; ++ UINTN contentsize = 0; /* avoid false maybe-uninitialized warning */ + + err = file_read(extra_dir, items[i], 0, 0, &content, &contentsize); + if (err != EFI_SUCCESS) { +diff --git a/src/boot/efi/secure-boot.c b/src/boot/efi/secure-boot.c +index 65457bf423..6212868134 100644 +--- a/src/boot/efi/secure-boot.c ++++ b/src/boot/efi/secure-boot.c +@@ -6,7 +6,7 @@ + #include "util.h" + + bool secure_boot_enabled(void) { +- bool secure; ++ bool secure = false; /* avoid false maybe-uninitialized warning */ + EFI_STATUS err; + + err = efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"SecureBoot", &secure); diff --git a/0129-tree-wide-modernizations-with-RET_NERRNO.patch b/0129-tree-wide-modernizations-with-RET_NERRNO.patch new file mode 100644 index 0000000..c906c4d --- /dev/null +++ b/0129-tree-wide-modernizations-with-RET_NERRNO.patch @@ -0,0 +1,115 @@ +From f0c8da5396c02e2a935e9e8de1e8c08956feb672 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 22 Nov 2022 12:14:33 +0100 +Subject: [PATCH] tree-wide: modernizations with RET_NERRNO() + +(cherry picked from commit 108dfff2c7aebadb78e485ed564caf559367bf7c) + +Related: #2137584 +--- + src/shared/ask-password-api.c | 30 +++++++++++++----------------- + src/shared/barrier.c | 4 +--- + 2 files changed, 14 insertions(+), 20 deletions(-) + +diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c +index 17474fe0be..871af2ec99 100644 +--- a/src/shared/ask-password-api.c ++++ b/src/shared/ask-password-api.c +@@ -230,8 +230,7 @@ int ask_password_plymouth( + if (notify < 0) + return -errno; + +- r = inotify_add_watch(notify, flag_file, IN_ATTRIB); /* for the link count */ +- if (r < 0) ++ if (inotify_add_watch(notify, flag_file, IN_ATTRIB) < 0) /* for the link count */ + return -errno; + } + +@@ -239,8 +238,7 @@ int ask_password_plymouth( + if (fd < 0) + return -errno; + +- r = connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)); +- if (r < 0) ++ if (connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) + return -errno; + + if (FLAGS_SET(flags, ASK_PASSWORD_ACCEPT_CACHED)) { +@@ -464,10 +462,9 @@ int ask_password_tty( + new_termios.c_cc[VMIN] = 1; + new_termios.c_cc[VTIME] = 0; + +- if (tcsetattr(ttyfd, TCSADRAIN, &new_termios) < 0) { +- r = -errno; ++ r = RET_NERRNO(tcsetattr(ttyfd, TCSADRAIN, &new_termios)); ++ if (r < 0) + goto finish; +- } + + reset_tty = true; + } +@@ -491,11 +488,11 @@ int ask_password_tty( + else + timeout = USEC_INFINITY; + +- if (flag_file) +- if (access(flag_file, F_OK) < 0) { +- r = -errno; ++ if (flag_file) { ++ r = RET_NERRNO(access(flag_file, F_OK)); ++ if (r < 0) + goto finish; +- } ++ } + + r = ppoll_usec(pollfd, notify >= 0 ? 2 : 1, timeout); + if (r == -EINTR) +@@ -747,10 +744,10 @@ int ask_password_agent( + r = -errno; + goto finish; + } +- if (inotify_add_watch(notify, "/run/systemd/ask-password", IN_ATTRIB /* for mtime */) < 0) { +- r = -errno; ++ ++ r = RET_NERRNO(inotify_add_watch(notify, "/run/systemd/ask-password", IN_ATTRIB /* for mtime */)); ++ if (r < 0) + goto finish; +- } + } + + fd = mkostemp_safe(temp); +@@ -813,10 +810,9 @@ int ask_password_agent( + final[sizeof(final)-10] = 's'; + final[sizeof(final)-9] = 'k'; + +- if (rename(temp, final) < 0) { +- r = -errno; ++ r = RET_NERRNO(rename(temp, final)); ++ if (r < 0) + goto finish; +- } + + zero(pollfd); + pollfd[FD_SOCKET].fd = socket_fd; +diff --git a/src/shared/barrier.c b/src/shared/barrier.c +index cbe54a60cd..d76a61a5db 100644 +--- a/src/shared/barrier.c ++++ b/src/shared/barrier.c +@@ -92,7 +92,6 @@ + */ + int barrier_create(Barrier *b) { + _unused_ _cleanup_(barrier_destroyp) Barrier *staging = b; +- int r; + + assert(b); + +@@ -104,8 +103,7 @@ int barrier_create(Barrier *b) { + if (b->them < 0) + return -errno; + +- r = pipe2(b->pipe, O_CLOEXEC | O_NONBLOCK); +- if (r < 0) ++ if (pipe2(b->pipe, O_CLOEXEC | O_NONBLOCK) < 0) + return -errno; + + staging = NULL; diff --git a/0130-sd-bus-handle-EINTR-return-from-bus_poll.patch b/0130-sd-bus-handle-EINTR-return-from-bus_poll.patch new file mode 100644 index 0000000..de3a980 --- /dev/null +++ b/0130-sd-bus-handle-EINTR-return-from-bus_poll.patch @@ -0,0 +1,90 @@ +From d56013fb245dc2878ee91bbb937a91850050ada3 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 21 Nov 2022 17:42:04 +0100 +Subject: [PATCH] sd-bus: handle -EINTR return from bus_poll() + +In sd_bus_wait(), let's convert EINTR to a return code of 0, thus asking +the caller do loop again and enter sd_bus_process() again (which will +not find any queued events). This way we'll not return an error on +something that isn't really an error. This should typically make sure +things are properly handled by the caller, magically, without eating up +the event entirely, and still giving the caller time to run some code if +they want. + +(cherry picked from commit 3022916b4d2483452c3ddbbac9ee7c4372b1cb46) + +Resolves: #2137584 +--- + src/libsystemd/sd-bus/bus-socket.c | 5 ++++- + src/libsystemd/sd-bus/sd-bus.c | 18 +++++++++++++++--- + 2 files changed, 19 insertions(+), 4 deletions(-) + +diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c +index c94befef73..253f41c636 100644 +--- a/src/libsystemd/sd-bus/bus-socket.c ++++ b/src/libsystemd/sd-bus/bus-socket.c +@@ -1308,8 +1308,11 @@ int bus_socket_process_opening(sd_bus *b) { + assert(b->state == BUS_OPENING); + + events = fd_wait_for_event(b->output_fd, POLLOUT, 0); +- if (events < 0) ++ if (events < 0) { ++ if (ERRNO_IS_TRANSIENT(events)) ++ return 0; + return events; ++ } + if (!(events & (POLLOUT|POLLERR|POLLHUP))) + return 0; + +diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +index bc716afabf..c3a1bae295 100644 +--- a/src/libsystemd/sd-bus/sd-bus.c ++++ b/src/libsystemd/sd-bus/sd-bus.c +@@ -2465,8 +2465,11 @@ _public_ int sd_bus_call( + left = UINT64_MAX; + + r = bus_poll(bus, true, left); +- if (r < 0) ++ if (r < 0) { ++ if (ERRNO_IS_TRANSIENT(r)) ++ continue; + goto fail; ++ } + if (r == 0) { + r = -ETIMEDOUT; + goto fail; +@@ -3321,6 +3324,7 @@ static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec) { + } + + _public_ int sd_bus_wait(sd_bus *bus, uint64_t timeout_usec) { ++ int r; + + assert_return(bus, -EINVAL); + assert_return(bus = bus_resolve(bus), -ENOPKG); +@@ -3335,7 +3339,11 @@ _public_ int sd_bus_wait(sd_bus *bus, uint64_t timeout_usec) { + if (bus->rqueue_size > 0) + return 0; + +- return bus_poll(bus, false, timeout_usec); ++ r = bus_poll(bus, false, timeout_usec); ++ if (r < 0 && ERRNO_IS_TRANSIENT(r)) ++ return 1; /* treat EINTR as success, but let's exit, so that the caller will call back into us soon. */ ++ ++ return r; + } + + _public_ int sd_bus_flush(sd_bus *bus) { +@@ -3377,8 +3385,12 @@ _public_ int sd_bus_flush(sd_bus *bus) { + return 0; + + r = bus_poll(bus, false, UINT64_MAX); +- if (r < 0) ++ if (r < 0) { ++ if (ERRNO_IS_TRANSIENT(r)) ++ continue; ++ + return r; ++ } + } + } + diff --git a/0131-stdio-bridge-don-t-be-bothered-with-EINTR.patch b/0131-stdio-bridge-don-t-be-bothered-with-EINTR.patch new file mode 100644 index 0000000..21680ca --- /dev/null +++ b/0131-stdio-bridge-don-t-be-bothered-with-EINTR.patch @@ -0,0 +1,32 @@ +From b277e35fdb56560110e8b96fb90042ff2e19a2c5 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 22 Nov 2022 12:18:07 +0100 +Subject: [PATCH] stdio-bridge: don't be bothered with EINTR + +We handle signals via signal handlers, hence no need to be concerned +about EINTR. + +(cherry picked from commit 7c75f34131772781f690860de797d3e35fd0bed9) + +Related: #2137584 +--- + src/stdio-bridge/stdio-bridge.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/stdio-bridge/stdio-bridge.c b/src/stdio-bridge/stdio-bridge.c +index c851059a09..1b94374b4b 100644 +--- a/src/stdio-bridge/stdio-bridge.c ++++ b/src/stdio-bridge/stdio-bridge.c +@@ -242,8 +242,11 @@ static int run(int argc, char *argv[]) { + }; + + r = ppoll_usec(p, ELEMENTSOF(p), t); +- if (r < 0) ++ if (r < 0) { ++ if (ERRNO_IS_TRANSIENT(r)) /* don't be bothered by signals, i.e. EINTR */ ++ continue; + return log_error_errno(r, "ppoll() failed: %m"); ++ } + } + + return 0; diff --git a/0132-varlink-also-handle-EINTR-gracefully-when-waiting-fo.patch b/0132-varlink-also-handle-EINTR-gracefully-when-waiting-fo.patch new file mode 100644 index 0000000..ac1f3a9 --- /dev/null +++ b/0132-varlink-also-handle-EINTR-gracefully-when-waiting-fo.patch @@ -0,0 +1,50 @@ +From e95dd8e99188377bb6351fc0a4ceb4e790612044 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 22 Nov 2022 12:42:46 +0100 +Subject: [PATCH] varlink: also handle EINTR gracefully when waiting for EIO + via ppoll() + +(cherry picked from commit 6976bf5cd614761eb4bd57d39e24f7eca1d6b863) + +Related: #2137584 +--- + src/shared/varlink.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/src/shared/varlink.c b/src/shared/varlink.c +index 4f7ac97689..4d2cfee491 100644 +--- a/src/shared/varlink.c ++++ b/src/shared/varlink.c +@@ -1025,7 +1025,7 @@ static void handle_revents(Varlink *v, int revents) { + if ((revents & (POLLOUT|POLLHUP)) == 0) + return; + +- varlink_log(v, "Anynchronous connection completed."); ++ varlink_log(v, "Asynchronous connection completed."); + v->connecting = false; + } else { + /* Note that we don't care much about POLLIN/POLLOUT here, we'll just try reading and writing +@@ -1075,6 +1075,9 @@ int varlink_wait(Varlink *v, usec_t timeout) { + return events; + + r = fd_wait_for_event(fd, events, t); ++ if (r < 0 && ERRNO_IS_TRANSIENT(r)) /* Treat EINTR as not a timeout, but also nothing happened, and ++ * the caller gets a chance to call back into us */ ++ return 1; + if (r <= 0) + return r; + +@@ -1161,8 +1164,12 @@ int varlink_flush(Varlink *v) { + } + + r = fd_wait_for_event(v->fd, POLLOUT, USEC_INFINITY); +- if (r < 0) ++ if (r < 0) { ++ if (ERRNO_IS_TRANSIENT(r)) ++ continue; ++ + return varlink_log_errno(v, r, "Poll failed on fd: %m"); ++ } + + assert(r != 0); + diff --git a/0133-sd-netlink-handle-EINTR-from-poll-gracefully-as-succ.patch b/0133-sd-netlink-handle-EINTR-from-poll-gracefully-as-succ.patch new file mode 100644 index 0000000..7a314f9 --- /dev/null +++ b/0133-sd-netlink-handle-EINTR-from-poll-gracefully-as-succ.patch @@ -0,0 +1,36 @@ +From cd822ff6ef904e3e25060e77556670784b0b1aea Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 22 Nov 2022 13:00:48 +0100 +Subject: [PATCH] sd-netlink: handle EINTR from poll() gracefully, as success + +(cherry picked from commit 69858785335afffc51bc03127beb53332c0fb983) + +Related: #2137584 +--- + src/libsystemd/sd-netlink/sd-netlink.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-netlink/sd-netlink.c b/src/libsystemd/sd-netlink/sd-netlink.c +index feb751a848..b99abae640 100644 +--- a/src/libsystemd/sd-netlink/sd-netlink.c ++++ b/src/libsystemd/sd-netlink/sd-netlink.c +@@ -464,13 +464,18 @@ static int netlink_poll(sd_netlink *nl, bool need_more, usec_t timeout_usec) { + } + + int sd_netlink_wait(sd_netlink *nl, uint64_t timeout_usec) { ++ int r; ++ + assert_return(nl, -EINVAL); + assert_return(!netlink_pid_changed(nl), -ECHILD); + + if (nl->rqueue_size > 0) + return 0; + +- return netlink_poll(nl, false, timeout_usec); ++ r = netlink_poll(nl, false, timeout_usec); ++ if (r < 0 && ERRNO_IS_TRANSIENT(r)) /* Convert EINTR to "something happened" and give user a chance to run some code before calling back into us */ ++ return 1; ++ return r; + } + + static int timeout_compare(const void *a, const void *b) { diff --git a/0134-resolved-handle-EINTR-returned-from-fd_wait_for_even.patch b/0134-resolved-handle-EINTR-returned-from-fd_wait_for_even.patch new file mode 100644 index 0000000..f2da989 --- /dev/null +++ b/0134-resolved-handle-EINTR-returned-from-fd_wait_for_even.patch @@ -0,0 +1,79 @@ +From 471b70bca8f1a77b1d5402e190b00a61aa0d58b0 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 22 Nov 2022 12:28:19 +0100 +Subject: [PATCH] resolved: handle -EINTR returned from fd_wait_for_event() + better + +We might get signals for various reasons (for example, somebody asking +us to reload caches via a signal), hence let's handle this gracefully. + +(cherry picked from commit 6d66a221685c15798e796d9738f73fdb1fdccdb2) + +Related: #2137584 +--- + src/resolve/resolved-manager.c | 20 ++++++++++++++++---- + 1 file changed, 16 insertions(+), 4 deletions(-) + +diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c +index f62efa87aa..1c9048670b 100644 +--- a/src/resolve/resolved-manager.c ++++ b/src/resolve/resolved-manager.c +@@ -868,11 +868,14 @@ int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) { + } + + static int sendmsg_loop(int fd, struct msghdr *mh, int flags) { ++ usec_t end; + int r; + + assert(fd >= 0); + assert(mh); + ++ end = usec_add(now(CLOCK_MONOTONIC), SEND_TIMEOUT_USEC); ++ + for (;;) { + if (sendmsg(fd, mh, flags) >= 0) + return 0; +@@ -881,20 +884,26 @@ static int sendmsg_loop(int fd, struct msghdr *mh, int flags) { + if (errno != EAGAIN) + return -errno; + +- r = fd_wait_for_event(fd, POLLOUT, SEND_TIMEOUT_USEC); +- if (r < 0) ++ r = fd_wait_for_event(fd, POLLOUT, LESS_BY(end, now(CLOCK_MONOTONIC))); ++ if (r < 0) { ++ if (ERRNO_IS_TRANSIENT(r)) ++ continue; + return r; ++ } + if (r == 0) + return -ETIMEDOUT; + } + } + + static int write_loop(int fd, void *message, size_t length) { ++ usec_t end; + int r; + + assert(fd >= 0); + assert(message); + ++ end = usec_add(now(CLOCK_MONOTONIC), SEND_TIMEOUT_USEC); ++ + for (;;) { + if (write(fd, message, length) >= 0) + return 0; +@@ -903,9 +912,12 @@ static int write_loop(int fd, void *message, size_t length) { + if (errno != EAGAIN) + return -errno; + +- r = fd_wait_for_event(fd, POLLOUT, SEND_TIMEOUT_USEC); +- if (r < 0) ++ r = fd_wait_for_event(fd, POLLOUT, LESS_BY(end, now(CLOCK_MONOTONIC))); ++ if (r < 0) { ++ if (ERRNO_IS_TRANSIENT(r)) ++ continue; + return r; ++ } + if (r == 0) + return -ETIMEDOUT; + } diff --git a/0135-homed-handle-EINTR-gracefully-when-waiting-for-devic.patch b/0135-homed-handle-EINTR-gracefully-when-waiting-for-devic.patch new file mode 100644 index 0000000..b9836b1 --- /dev/null +++ b/0135-homed-handle-EINTR-gracefully-when-waiting-for-devic.patch @@ -0,0 +1,31 @@ +From b546d82758e0149fd235d2ff8f9c4fdc8d0bd29c Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 22 Nov 2022 12:55:10 +0100 +Subject: [PATCH] homed: handle EINTR gracefully when waiting for device node + +(cherry picked from commit f3d9278f38f0a9e03ed29215f27d8ca21c1fa6a1) + +Related: #2137584 +--- + src/home/homework-luks.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c +index 97fb5a1051..5e1d5bbd65 100644 +--- a/src/home/homework-luks.c ++++ b/src/home/homework-luks.c +@@ -2017,9 +2017,12 @@ static int wait_for_devlink(const char *path) { + if (w >= until) + return log_error_errno(SYNTHETIC_ERRNO(ETIMEDOUT), "Device link %s still hasn't shown up, giving up.", path); + +- r = fd_wait_for_event(inotify_fd, POLLIN, usec_sub_unsigned(until, w)); +- if (r < 0) ++ r = fd_wait_for_event(inotify_fd, POLLIN, until - w); ++ if (r < 0) { ++ if (ERRNO_IS_TRANSIENT(r)) ++ continue; + return log_error_errno(r, "Failed to watch inotify: %m"); ++ } + + (void) flush_fd(inotify_fd); + } diff --git a/0136-utmp-wtmp-fix-error-in-case-isatty-fails.patch b/0136-utmp-wtmp-fix-error-in-case-isatty-fails.patch new file mode 100644 index 0000000..aa0162f --- /dev/null +++ b/0136-utmp-wtmp-fix-error-in-case-isatty-fails.patch @@ -0,0 +1,28 @@ +From 7c2898cac4e05e24b24743e5d7d738f437d1e6f8 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 22 Nov 2022 12:56:38 +0100 +Subject: [PATCH] utmp-wtmp: fix error in case isatty() fails + +(cherry picked from commit 80b780ba178a84b248ecee47eef82358480c9492) + +Related: #2137584 +--- + src/shared/utmp-wtmp.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/shared/utmp-wtmp.c b/src/shared/utmp-wtmp.c +index d2c8473c60..20add0e81b 100644 +--- a/src/shared/utmp-wtmp.c ++++ b/src/shared/utmp-wtmp.c +@@ -292,8 +292,10 @@ static int write_to_terminal(const char *tty, const char *message) { + assert(message); + + fd = open(tty, O_WRONLY|O_NONBLOCK|O_NOCTTY|O_CLOEXEC); +- if (fd < 0 || !isatty(fd)) ++ if (fd < 0) + return -errno; ++ if (!isatty(fd)) ++ return -ENOTTY; + + p = message; + left = strlen(message); diff --git a/0137-utmp-wtmp-handle-EINTR-gracefully-when-waiting-to-wr.patch b/0137-utmp-wtmp-handle-EINTR-gracefully-when-waiting-to-wr.patch new file mode 100644 index 0000000..2747b09 --- /dev/null +++ b/0137-utmp-wtmp-handle-EINTR-gracefully-when-waiting-to-wr.patch @@ -0,0 +1,59 @@ +From 62686ccc4631b6a5f73722fd7f1dcaca8782431c Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 22 Nov 2022 12:56:55 +0100 +Subject: [PATCH] utmp-wtmp: handle EINTR gracefully when waiting to write to + tty + +(cherry picked from commit 22ecfa83123dbfa2322346ac4e25ad2193a3b10c) + +Related: #2137584 +--- + src/shared/utmp-wtmp.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/src/shared/utmp-wtmp.c b/src/shared/utmp-wtmp.c +index 20add0e81b..37a5bf7990 100644 +--- a/src/shared/utmp-wtmp.c ++++ b/src/shared/utmp-wtmp.c +@@ -12,6 +12,7 @@ + #include + + #include "alloc-util.h" ++#include "errno-util.h" + #include "fd-util.h" + #include "hostname-util.h" + #include "io-util.h" +@@ -300,7 +301,7 @@ static int write_to_terminal(const char *tty, const char *message) { + p = message; + left = strlen(message); + +- end = now(CLOCK_MONOTONIC) + TIMEOUT_USEC; ++ end = usec_add(now(CLOCK_MONOTONIC), TIMEOUT_USEC); + + while (left > 0) { + ssize_t n; +@@ -308,19 +309,21 @@ static int write_to_terminal(const char *tty, const char *message) { + int k; + + t = now(CLOCK_MONOTONIC); +- + if (t >= end) + return -ETIME; + + k = fd_wait_for_event(fd, POLLOUT, end - t); +- if (k < 0) ++ if (k < 0) { ++ if (ERRNO_IS_TRANSIENT(k)) ++ continue; + return k; ++ } + if (k == 0) + return -ETIME; + + n = write(fd, p, left); + if (n < 0) { +- if (errno == EAGAIN) ++ if (ERRNO_IS_TRANSIENT(errno)) + continue; + + return -errno; diff --git a/0138-io-util-document-EINTR-situation-a-bit.patch b/0138-io-util-document-EINTR-situation-a-bit.patch new file mode 100644 index 0000000..2b2db91 --- /dev/null +++ b/0138-io-util-document-EINTR-situation-a-bit.patch @@ -0,0 +1,48 @@ +From 3850d27f47a887a958ded828f6ce8de4e791037c Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 22 Nov 2022 15:23:34 +0100 +Subject: [PATCH] io-util: document EINTR situation a bit + +(cherry picked from commit ffbcc8d423671ad2fe827e4823a8032dc1f0a8b3) + +Related: #2137584 +--- + src/basic/io-util.c | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/src/basic/io-util.c b/src/basic/io-util.c +index cdad939aa6..f642beca3a 100644 +--- a/src/basic/io-util.c ++++ b/src/basic/io-util.c +@@ -161,6 +161,21 @@ int ppoll_usec(struct pollfd *fds, size_t nfds, usec_t timeout) { + + assert(fds || nfds == 0); + ++ /* This is a wrapper around ppoll() that does primarily two things: ++ * ++ * ✅ Takes a usec_t instead of a struct timespec ++ * ++ * ✅ Guarantees that if an invalid fd is specified we return EBADF (i.e. converts POLLNVAL to ++ * EBADF). This is done because EBADF is a programming error usually, and hence should bubble up ++ * as error, and not be eaten up as non-error POLLNVAL event. ++ * ++ * ⚠️ ⚠️ ⚠️ Note that this function does not add any special handling for EINTR. Don't forget ++ * poll()/ppoll() will return with EINTR on any received signal always, there is no automatic ++ * restarting via SA_RESTART available. Thus, typically you want to handle EINTR not as an error, ++ * but just as reason to restart things, under the assumption you use a more appropriate mechanism ++ * to handle signals, such as signalfd() or signal handlers. ⚠️ ⚠️ ⚠️ ++ */ ++ + if (nfds == 0) + return 0; + +@@ -188,6 +203,9 @@ int fd_wait_for_event(int fd, int event, usec_t timeout) { + }; + int r; + ++ /* ⚠️ ⚠️ ⚠️ Keep in mind you almost certainly want to handle -EINTR gracefully in the caller, see ++ * ppoll_usec() above! ⚠️ ⚠️ ⚠️ */ ++ + r = ppoll_usec(&pollfd, 1, timeout); + if (r <= 0) + return r; diff --git a/0139-terminal-util-Set-OPOST-when-setting-ONLCR.patch b/0139-terminal-util-Set-OPOST-when-setting-ONLCR.patch new file mode 100644 index 0000000..5435222 --- /dev/null +++ b/0139-terminal-util-Set-OPOST-when-setting-ONLCR.patch @@ -0,0 +1,44 @@ +From c5e4b6b9b2a1dea35f58f3e1c3313bca76a90162 Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Wed, 30 Nov 2022 14:07:29 -0500 +Subject: [PATCH] terminal-util: Set OPOST when setting ONLCR + +reset_terminal_fd sets certain minimum required terminal attributes +that systemd relies on. + +One of those attributes is `ONLCR` which ensures that when a new line +is sent to the terminal, that the cursor not only moves to the next +line, but also moves to the very beginning of that line. + +In order for `ONLCR` to work, the terminal needs to perform output +post-processing. That requires an additional attribute, `OPOST`, +which reset_terminal_fd currently fails to ensure is set. + +In most cases `OPOST` (and `ONLCR` actually) are both set anyway, so +it's not an issue, but it could be a problem if, e.g., the terminal was +put in raw mode by a program and the program unexpectedly died before +restoring settings. + +This commit ensures when `ONLCR` is set `OPOST` is set too, which is +the only thing that really makes sense to do. + +(cherry picked from commit 9fe26523a189435d75b9d745188e09c17928d89e) + +Related: #2138081 +--- + src/basic/terminal-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c +index 0c092597eb..a75234f354 100644 +--- a/src/basic/terminal-util.c ++++ b/src/basic/terminal-util.c +@@ -269,7 +269,7 @@ int reset_terminal_fd(int fd, bool switch_to_text) { + + termios.c_iflag &= ~(IGNBRK | BRKINT | ISTRIP | INLCR | IGNCR | IUCLC); + termios.c_iflag |= ICRNL | IMAXBEL | IUTF8; +- termios.c_oflag |= ONLCR; ++ termios.c_oflag |= ONLCR | OPOST; + termios.c_cflag |= CREAD; + termios.c_lflag = ISIG | ICANON | IEXTEN | ECHO | ECHOE | ECHOK | ECHOCTL | ECHOPRT | ECHOKE; + diff --git a/0140-cgtop-Do-not-rewrite-P-or-k-options.patch b/0140-cgtop-Do-not-rewrite-P-or-k-options.patch new file mode 100644 index 0000000..aad192e --- /dev/null +++ b/0140-cgtop-Do-not-rewrite-P-or-k-options.patch @@ -0,0 +1,67 @@ +From 1672b8dd340c4d4aa6398a08b15b36368ba442ec Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michal=20Koutn=C3=BD?= +Date: Fri, 25 Nov 2022 17:50:27 +0100 +Subject: [PATCH] cgtop: Do not rewrite -P or -k options + +--recursive=no will overwrite possible -P or -k option hence making the +recursive disabling impossible. + +Check what counting types the system supports (encoded in the ordering +of our enum) of and pick whatever user requests but is also supported. + +Fixes: #25248 +(cherry picked from commit 48600b3524afe05d0faa8a5c88b5aaa53b801199) + +Related: #2138081 +--- + src/cgtop/cgtop.c | 16 ++++++++++------ + 1 file changed, 10 insertions(+), 6 deletions(-) + +diff --git a/src/cgtop/cgtop.c b/src/cgtop/cgtop.c +index 95c3987525..8a51a9371b 100644 +--- a/src/cgtop/cgtop.c ++++ b/src/cgtop/cgtop.c +@@ -55,6 +55,12 @@ typedef struct Group { + uint64_t io_input_bps, io_output_bps; + } Group; + ++typedef enum PidsCount { ++ COUNT_USERSPACE_PROCESSES, ++ COUNT_ALL_PROCESSES, ++ COUNT_PIDS, ++} PidsCount; ++ + static unsigned arg_depth = 3; + static unsigned arg_iterations = UINT_MAX; + static bool arg_batch = false; +@@ -65,11 +71,7 @@ static char* arg_root = NULL; + static bool arg_recursive = true; + static bool arg_recursive_unset = false; + +-static enum { +- COUNT_PIDS, +- COUNT_USERSPACE_PROCESSES, +- COUNT_ALL_PROCESSES, +-} arg_count = COUNT_PIDS; ++static PidsCount arg_count = COUNT_PIDS; + + static enum { + ORDER_PATH, +@@ -915,6 +917,7 @@ static int run(int argc, char *argv[]) { + usec_t last_refresh = 0; + bool quit = false, immediate_refresh = false; + _cleanup_free_ char *root = NULL; ++ PidsCount possible_count; + CGroupMask mask; + int r; + +@@ -928,7 +931,8 @@ static int run(int argc, char *argv[]) { + if (r < 0) + return log_error_errno(r, "Failed to determine supported controllers: %m"); + +- arg_count = (mask & CGROUP_MASK_PIDS) ? COUNT_PIDS : COUNT_USERSPACE_PROCESSES; ++ possible_count = (mask & CGROUP_MASK_PIDS) ? COUNT_PIDS : COUNT_ALL_PROCESSES; ++ arg_count = MIN(possible_count, arg_count); + + if (arg_recursive_unset && arg_count == COUNT_PIDS) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), diff --git a/0141-test-Add-tests-for-systemd-cgtop-args-parsing.patch b/0141-test-Add-tests-for-systemd-cgtop-args-parsing.patch new file mode 100644 index 0000000..9b40058 --- /dev/null +++ b/0141-test-Add-tests-for-systemd-cgtop-args-parsing.patch @@ -0,0 +1,33 @@ +From ba43ad7ae9db3e06debd9fd0b1653fc695322093 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michal=20Koutn=C3=BD?= +Date: Fri, 25 Nov 2022 18:14:22 +0100 +Subject: [PATCH] test: Add tests for systemd-cgtop args parsing + +(cherry picked from commit d4e32838e875539ad6991b75b083c9563eddc3ed) + +Related: #2138081 +--- + test/units/testsuite-74.cgtop.sh | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/test/units/testsuite-74.cgtop.sh b/test/units/testsuite-74.cgtop.sh +index 8141ec1b1f..6f08362e7c 100755 +--- a/test/units/testsuite-74.cgtop.sh ++++ b/test/units/testsuite-74.cgtop.sh +@@ -15,8 +15,8 @@ systemd-cgtop --cpu=percentage + systemd-cgtop --cpu=time + systemd-cgtop -P + systemd-cgtop -k +-# FIXME: https://github.com/systemd/systemd/issues/25248 +-#systemd-cgtop --recursive=no ++systemd-cgtop --recursive=no -P ++systemd-cgtop --recursive=no -k + systemd-cgtop --depth=0 + systemd-cgtop --depth=100 + +@@ -29,4 +29,5 @@ systemd-cgtop -p -t -c -m -i + (! systemd-cgtop --order=foo) + (! systemd-cgtop --depth=-1) + (! systemd-cgtop --recursive=foo) ++(! systemd-cgtop --recursive=no) + (! systemd-cgtop --delay=1foo) diff --git a/0142-resolved-remove-inappropriate-assert.patch b/0142-resolved-remove-inappropriate-assert.patch new file mode 100644 index 0000000..fe78037 --- /dev/null +++ b/0142-resolved-remove-inappropriate-assert.patch @@ -0,0 +1,36 @@ +From 87b1eac151e5bbb9322d3213072dc2e5fba24f4e Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 24 Nov 2022 18:42:08 +0100 +Subject: [PATCH] resolved: remove inappropriate assert() + +A NULL Bitmap object is by all our code considered identical to an empty +bitmap. Hence let's remove the entirely unnecessary assert(). + +The assert() can be triggered if debug monitoring is used an an empty +NSEC or NSEC3 RR is included in an answer resolved returns. + +it's not really a security issue since enabling debug monitoring is a +manual step requiring root privileges, that is off by default. Moreover, +it's a "clean" assert(), i.e. the worst that happens is tha a coredump +is generated and resolved restarted. + +Fixes: #25449 +(cherry picked from commit fb896517aeecc2a8ec16586a34a0249606eb9f66) + +Related: #2138081 +--- + src/resolve/resolved-dns-rr.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/resolve/resolved-dns-rr.c b/src/resolve/resolved-dns-rr.c +index 8123ca1f98..d47cdbbd8e 100644 +--- a/src/resolve/resolved-dns-rr.c ++++ b/src/resolve/resolved-dns-rr.c +@@ -1865,7 +1865,6 @@ static int type_bitmap_to_json(Bitmap *b, JsonVariant **ret) { + unsigned t; + int r; + +- assert(b); + assert(ret); + + BITMAP_FOREACH(t, b) { diff --git a/0143-boot-Add-xstrn8_to_16.patch b/0143-boot-Add-xstrn8_to_16.patch new file mode 100644 index 0000000..4822e32 --- /dev/null +++ b/0143-boot-Add-xstrn8_to_16.patch @@ -0,0 +1,164 @@ +From c48d12fc0abb8f113ed386c47bf02451ea8f853d Mon Sep 17 00:00:00 2001 +From: Jan Janssen +Date: Tue, 22 Nov 2022 15:55:07 +0100 +Subject: [PATCH] boot: Add xstrn8_to_16 + +(cherry picked from commit 8ad7deffa95d33b5849ad6589dd52ab12e645edc) + +Related: #2138081 +--- + src/boot/efi/efi-string.c | 78 +++++++++++++++++++++++++++++++++- + src/boot/efi/efi-string.h | 5 +++ + src/boot/efi/test-efi-string.c | 27 ++++++++++++ + 3 files changed, 109 insertions(+), 1 deletion(-) + +diff --git a/src/boot/efi/efi-string.c b/src/boot/efi/efi-string.c +index b877c6f224..2ba15673c9 100644 +--- a/src/boot/efi/efi-string.c ++++ b/src/boot/efi/efi-string.c +@@ -9,7 +9,8 @@ + # include "util.h" + #else + # include +-# include "macro.h" ++# include "alloc-util.h" ++# define xnew(t, n) ASSERT_SE_PTR(new(t, n)) + # define xmalloc(n) ASSERT_SE_PTR(malloc(n)) + #endif + +@@ -138,6 +139,81 @@ DEFINE_STRCHR(char16_t, strchr16); + DEFINE_STRNDUP(char, xstrndup8, strnlen8); + DEFINE_STRNDUP(char16_t, xstrndup16, strnlen16); + ++static unsigned utf8_to_unichar(const char *utf8, size_t n, char32_t *c) { ++ char32_t unichar; ++ unsigned len; ++ ++ assert(utf8); ++ assert(c); ++ ++ if (!(utf8[0] & 0x80)) { ++ *c = utf8[0]; ++ return 1; ++ } else if ((utf8[0] & 0xe0) == 0xc0) { ++ len = 2; ++ unichar = utf8[0] & 0x1f; ++ } else if ((utf8[0] & 0xf0) == 0xe0) { ++ len = 3; ++ unichar = utf8[0] & 0x0f; ++ } else if ((utf8[0] & 0xf8) == 0xf0) { ++ len = 4; ++ unichar = utf8[0] & 0x07; ++ } else if ((utf8[0] & 0xfc) == 0xf8) { ++ len = 5; ++ unichar = utf8[0] & 0x03; ++ } else if ((utf8[0] & 0xfe) == 0xfc) { ++ len = 6; ++ unichar = utf8[0] & 0x01; ++ } else { ++ *c = UINT32_MAX; ++ return 1; ++ } ++ ++ if (len > n) { ++ *c = UINT32_MAX; ++ return len; ++ } ++ ++ for (unsigned i = 1; i < len; i++) { ++ if ((utf8[i] & 0xc0) != 0x80) { ++ *c = UINT32_MAX; ++ return len; ++ } ++ unichar <<= 6; ++ unichar |= utf8[i] & 0x3f; ++ } ++ ++ *c = unichar; ++ return len; ++} ++ ++/* Convert UTF-8 to UCS-2, skipping any invalid or short byte sequences. */ ++char16_t *xstrn8_to_16(const char *str8, size_t n) { ++ if (!str8 || n == 0) ++ return NULL; ++ ++ size_t i = 0; ++ char16_t *str16 = xnew(char16_t, n + 1); ++ ++ while (n > 0 && *str8 != '\0') { ++ char32_t unichar; ++ ++ size_t utf8len = utf8_to_unichar(str8, n, &unichar); ++ str8 += utf8len; ++ n = LESS_BY(n, utf8len); ++ ++ switch (unichar) { ++ case 0 ... 0xd7ffU: ++ case 0xe000U ... 0xffffU: ++ str16[i++] = unichar; ++ break; ++ } ++ } ++ ++ str16[i] = '\0'; ++ return str16; ++} ++ + static bool efi_fnmatch_prefix(const char16_t *p, const char16_t *h, const char16_t **ret_p, const char16_t **ret_h) { + assert(p); + assert(h); +diff --git a/src/boot/efi/efi-string.h b/src/boot/efi/efi-string.h +index 1ebd5fd6b7..9b2a9ad1c5 100644 +--- a/src/boot/efi/efi-string.h ++++ b/src/boot/efi/efi-string.h +@@ -99,6 +99,11 @@ static inline char16_t *xstrdup16(const char16_t *s) { + return xstrndup16(s, SIZE_MAX); + } + ++char16_t *xstrn8_to_16(const char *str8, size_t n); ++static inline char16_t *xstr8_to_16(const char *str8) { ++ return xstrn8_to_16(str8, strlen8(str8)); ++} ++ + bool efi_fnmatch(const char16_t *pattern, const char16_t *haystack); + + bool parse_number8(const char *s, uint64_t *ret_u, const char **ret_tail); +diff --git a/src/boot/efi/test-efi-string.c b/src/boot/efi/test-efi-string.c +index 2b2359fe5c..7b43e1d629 100644 +--- a/src/boot/efi/test-efi-string.c ++++ b/src/boot/efi/test-efi-string.c +@@ -324,6 +324,33 @@ TEST(xstrdup16) { + free(s); + } + ++TEST(xstrn8_to_16) { ++ char16_t *s = NULL; ++ ++ assert_se(xstrn8_to_16(NULL, 1) == NULL); ++ assert_se(xstrn8_to_16("a", 0) == NULL); ++ ++ assert_se(s = xstrn8_to_16("", 1)); ++ assert_se(streq16(s, u"")); ++ free(s); ++ ++ assert_se(s = xstrn8_to_16("1", 1)); ++ assert_se(streq16(s, u"1")); ++ free(s); ++ ++ assert_se(s = xstr8_to_16("abcxyzABCXYZ09 .,-_#*!\"§$%&/()=?`~")); ++ assert_se(streq16(s, u"abcxyzABCXYZ09 .,-_#*!\"§$%&/()=?`~")); ++ free(s); ++ ++ assert_se(s = xstr8_to_16("ÿⱿ𝇉 😺")); ++ assert_se(streq16(s, u"ÿⱿ ")); ++ free(s); ++ ++ assert_se(s = xstrn8_to_16("¶¶", 3)); ++ assert_se(streq16(s, u"¶")); ++ free(s); ++} ++ + #define TEST_FNMATCH_ONE(pattern, haystack, expect) \ + ({ \ + assert_se(fnmatch(pattern, haystack, 0) == (expect ? 0 : FNM_NOMATCH)); \ diff --git a/0144-boot-Use-xstr8_to_16.patch b/0144-boot-Use-xstr8_to_16.patch new file mode 100644 index 0000000..6eae3bb --- /dev/null +++ b/0144-boot-Use-xstr8_to_16.patch @@ -0,0 +1,214 @@ +From 2ccf2637e7b3caa147962976178bb347fa227946 Mon Sep 17 00:00:00 2001 +From: Jan Janssen +Date: Tue, 22 Nov 2022 16:03:03 +0100 +Subject: [PATCH] boot: Use xstr8_to_16 + +(cherry picked from commit aee515bbb58496272a6d975858aa26a355c4fb90) + +Related: #2138081 +--- + src/boot/efi/boot.c | 30 +++++++++++++++--------------- + src/boot/efi/linux.c | 2 +- + src/boot/efi/measure.c | 2 +- + src/boot/efi/util.c | 30 ------------------------------ + src/boot/efi/util.h | 1 - + 5 files changed, 17 insertions(+), 48 deletions(-) + +diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c +index db6ca97df4..013df67e49 100644 +--- a/src/boot/efi/boot.c ++++ b/src/boot/efi/boot.c +@@ -1205,7 +1205,7 @@ static void config_defaults_load_from_file(Config *config, char *content) { + continue; + } + free(config->entry_default_config); +- config->entry_default_config = xstra_to_str(value); ++ config->entry_default_config = xstr8_to_16(value); + continue; + } + +@@ -1440,25 +1440,25 @@ static void config_entry_add_type1( + while ((line = line_get_key_value(content, " \t", &pos, &key, &value))) { + if (streq8(key, "title")) { + free(entry->title); +- entry->title = xstra_to_str(value); ++ entry->title = xstr8_to_16(value); + continue; + } + + if (streq8(key, "sort-key")) { + free(entry->sort_key); +- entry->sort_key = xstra_to_str(value); ++ entry->sort_key = xstr8_to_16(value); + continue; + } + + if (streq8(key, "version")) { + free(entry->version); +- entry->version = xstra_to_str(value); ++ entry->version = xstr8_to_16(value); + continue; + } + + if (streq8(key, "machine-id")) { + free(entry->machine_id); +- entry->machine_id = xstra_to_str(value); ++ entry->machine_id = xstr8_to_16(value); + continue; + } + +@@ -1511,7 +1511,7 @@ static void config_entry_add_type1( + if (streq8(key, "options")) { + _cleanup_free_ char16_t *new = NULL; + +- new = xstra_to_str(value); ++ new = xstr8_to_16(value); + if (entry->options) { + char16_t *s = xpool_print(L"%s %s", entry->options, new); + free(entry->options); +@@ -2157,49 +2157,49 @@ static void config_entry_add_unified( + while ((line = line_get_key_value(content, "=", &pos, &key, &value))) { + if (streq8(key, "PRETTY_NAME")) { + free(os_pretty_name); +- os_pretty_name = xstra_to_str(value); ++ os_pretty_name = xstr8_to_16(value); + continue; + } + + if (streq8(key, "IMAGE_ID")) { + free(os_image_id); +- os_image_id = xstra_to_str(value); ++ os_image_id = xstr8_to_16(value); + continue; + } + + if (streq8(key, "NAME")) { + free(os_name); +- os_name = xstra_to_str(value); ++ os_name = xstr8_to_16(value); + continue; + } + + if (streq8(key, "ID")) { + free(os_id); +- os_id = xstra_to_str(value); ++ os_id = xstr8_to_16(value); + continue; + } + + if (streq8(key, "IMAGE_VERSION")) { + free(os_image_version); +- os_image_version = xstra_to_str(value); ++ os_image_version = xstr8_to_16(value); + continue; + } + + if (streq8(key, "VERSION")) { + free(os_version); +- os_version = xstra_to_str(value); ++ os_version = xstr8_to_16(value); + continue; + } + + if (streq8(key, "VERSION_ID")) { + free(os_version_id); +- os_version_id = xstra_to_str(value); ++ os_version_id = xstr8_to_16(value); + continue; + } + + if (streq8(key, "BUILD_ID")) { + free(os_build_id); +- os_build_id = xstra_to_str(value); ++ os_build_id = xstr8_to_16(value); + continue; + } + } +@@ -2248,7 +2248,7 @@ static void config_entry_add_unified( + if (content[szs[SECTION_CMDLINE] - 1] == '\n') + content[szs[SECTION_CMDLINE] - 1] = '\0'; + +- entry->options = xstra_to_str(content); ++ entry->options = xstr8_to_16(content); + } + } + } +diff --git a/src/boot/efi/linux.c b/src/boot/efi/linux.c +index dd7eb48c8c..668510fca3 100644 +--- a/src/boot/efi/linux.c ++++ b/src/boot/efi/linux.c +@@ -133,7 +133,7 @@ EFI_STATUS linux_exec( + return log_error_status_stall(err, u"Error getting kernel loaded image protocol: %r", err); + + if (cmdline) { +- loaded_image->LoadOptions = xstra_to_str(cmdline); ++ loaded_image->LoadOptions = xstrn8_to_16(cmdline, cmdline_len); + loaded_image->LoadOptionsSize = strsize16(loaded_image->LoadOptions); + } + +diff --git a/src/boot/efi/measure.c b/src/boot/efi/measure.c +index 9a16920787..6da07d917e 100644 +--- a/src/boot/efi/measure.c ++++ b/src/boot/efi/measure.c +@@ -187,7 +187,7 @@ EFI_STATUS tpm_log_event_ascii(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, U + _cleanup_free_ char16_t *c = NULL; + + if (description) +- c = xstra_to_str(description); ++ c = xstr8_to_16(description); + + return tpm_log_event(pcrindex, buffer, buffer_size, c, ret_measured); + } +diff --git a/src/boot/efi/util.c b/src/boot/efi/util.c +index 3eba2ade07..b727d6de7e 100644 +--- a/src/boot/efi/util.c ++++ b/src/boot/efi/util.c +@@ -303,36 +303,6 @@ static int utf8_to_16(const char *stra, char16_t *c) { + return len; + } + +-char16_t *xstra_to_str(const char *stra) { +- UINTN strlen; +- UINTN len; +- UINTN i; +- char16_t *str; +- +- assert(stra); +- +- len = strlen8(stra); +- str = xnew(char16_t, len + 1); +- +- strlen = 0; +- i = 0; +- while (i < len) { +- int utf8len; +- +- utf8len = utf8_to_16(stra + i, str + strlen); +- if (utf8len <= 0) { +- /* invalid utf8 sequence, skip the garbage */ +- i++; +- continue; +- } +- +- strlen++; +- i += utf8len; +- } +- str[strlen] = '\0'; +- return str; +-} +- + char16_t *xstra_to_path(const char *stra) { + char16_t *str; + UINTN strlen; +diff --git a/src/boot/efi/util.h b/src/boot/efi/util.h +index 994cf52ad6..d78feac39c 100644 +--- a/src/boot/efi/util.h ++++ b/src/boot/efi/util.h +@@ -113,7 +113,6 @@ EFI_STATUS efivar_get_uint64_le(const EFI_GUID *vendor, const char16_t *name, ui + EFI_STATUS efivar_get_boolean_u8(const EFI_GUID *vendor, const char16_t *name, bool *ret); + + char16_t *xstra_to_path(const char *stra); +-char16_t *xstra_to_str(const char *stra); + + EFI_STATUS file_read(EFI_FILE *dir, const char16_t *name, UINTN off, UINTN size, char **content, UINTN *content_size); + diff --git a/0145-boot-Use-xstr8_to_16-for-path-conversion.patch b/0145-boot-Use-xstr8_to_16-for-path-conversion.patch new file mode 100644 index 0000000..5e4c706 --- /dev/null +++ b/0145-boot-Use-xstr8_to_16-for-path-conversion.patch @@ -0,0 +1,218 @@ +From 57474bf255aafb683f4bb38e5bcb88cf48f07882 Mon Sep 17 00:00:00 2001 +From: Jan Janssen +Date: Tue, 22 Nov 2022 16:30:44 +0100 +Subject: [PATCH] boot: Use xstr8_to_16 for path conversion + +(cherry picked from commit 7444e10611671abac35be3ab9fe9697cd4c90d62) + +Related: #2138081 +--- + src/boot/efi/boot.c | 8 ++-- + src/boot/efi/cpio.c | 19 +-------- + src/boot/efi/util.c | 102 ++++++++------------------------------------ + src/boot/efi/util.h | 3 +- + 4 files changed, 24 insertions(+), 108 deletions(-) + +diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c +index 013df67e49..581043df01 100644 +--- a/src/boot/efi/boot.c ++++ b/src/boot/efi/boot.c +@@ -1465,7 +1465,7 @@ static void config_entry_add_type1( + if (streq8(key, "linux")) { + free(entry->loader); + entry->type = LOADER_LINUX; +- entry->loader = xstra_to_path(value); ++ entry->loader = xstr8_to_path(value); + entry->key = 'l'; + continue; + } +@@ -1473,7 +1473,7 @@ static void config_entry_add_type1( + if (streq8(key, "efi")) { + entry->type = LOADER_EFI; + free(entry->loader); +- entry->loader = xstra_to_path(value); ++ entry->loader = xstr8_to_path(value); + + /* do not add an entry for ourselves */ + if (strcaseeq16(entry->loader, loaded_image_path)) { +@@ -1494,7 +1494,7 @@ static void config_entry_add_type1( + + if (streq8(key, "devicetree")) { + free(entry->devicetree); +- entry->devicetree = xstra_to_path(value); ++ entry->devicetree = xstr8_to_path(value); + continue; + } + +@@ -1503,7 +1503,7 @@ static void config_entry_add_type1( + entry->initrd, + n_initrd == 0 ? 0 : (n_initrd + 1) * sizeof(uint16_t *), + (n_initrd + 2) * sizeof(uint16_t *)); +- entry->initrd[n_initrd++] = xstra_to_path(value); ++ entry->initrd[n_initrd++] = xstr8_to_path(value); + entry->initrd[n_initrd] = NULL; + continue; + } +diff --git a/src/boot/efi/cpio.c b/src/boot/efi/cpio.c +index 1dbfe5f380..79b5d4327b 100644 +--- a/src/boot/efi/cpio.c ++++ b/src/boot/efi/cpio.c +@@ -359,24 +359,7 @@ static char16_t *get_dropin_dir(const EFI_DEVICE_PATH *file_path) { + if (device_path_to_str(file_path, &file_path_str) != EFI_SUCCESS) + return NULL; + +- for (char16_t *i = file_path_str, *fixed = i;; i++) { +- if (*i == '\0') { +- *fixed = '\0'; +- break; +- } +- +- /* Fix device path node separator. */ +- if (*i == '/') +- *i = '\\'; +- +- /* Double '\' is not allowed in EFI file paths. */ +- if (fixed != file_path_str && fixed[-1] == '\\' && *i == '\\') +- continue; +- +- *fixed = *i; +- fixed++; +- } +- ++ convert_efi_path(file_path_str); + return xpool_print(u"%s.extra.d", file_path_str); + } + +diff --git a/src/boot/efi/util.c b/src/boot/efi/util.c +index b727d6de7e..3268c511d0 100644 +--- a/src/boot/efi/util.c ++++ b/src/boot/efi/util.c +@@ -249,97 +249,29 @@ void efivar_set_time_usec(const EFI_GUID *vendor, const char16_t *name, uint64_t + efivar_set(vendor, name, str, 0); + } + +-static int utf8_to_16(const char *stra, char16_t *c) { +- char16_t unichar; +- UINTN len; +- +- assert(stra); +- assert(c); +- +- if (!(stra[0] & 0x80)) +- len = 1; +- else if ((stra[0] & 0xe0) == 0xc0) +- len = 2; +- else if ((stra[0] & 0xf0) == 0xe0) +- len = 3; +- else if ((stra[0] & 0xf8) == 0xf0) +- len = 4; +- else if ((stra[0] & 0xfc) == 0xf8) +- len = 5; +- else if ((stra[0] & 0xfe) == 0xfc) +- len = 6; +- else +- return -1; +- +- switch (len) { +- case 1: +- unichar = stra[0]; +- break; +- case 2: +- unichar = stra[0] & 0x1f; +- break; +- case 3: +- unichar = stra[0] & 0x0f; +- break; +- case 4: +- unichar = stra[0] & 0x07; +- break; +- case 5: +- unichar = stra[0] & 0x03; +- break; +- case 6: +- unichar = stra[0] & 0x01; +- break; +- } +- +- for (UINTN i = 1; i < len; i++) { +- if ((stra[i] & 0xc0) != 0x80) +- return -1; +- unichar <<= 6; +- unichar |= stra[i] & 0x3f; +- } +- +- *c = unichar; +- return len; +-} +- +-char16_t *xstra_to_path(const char *stra) { +- char16_t *str; +- UINTN strlen; +- UINTN len; +- UINTN i; +- +- assert(stra); ++void convert_efi_path(char16_t *path) { ++ assert(path); + +- len = strlen8(stra); +- str = xnew(char16_t, len + 2); ++ for (size_t i = 0, fixed = 0;; i++) { ++ /* Fix device path node separator. */ ++ path[fixed] = (path[i] == '/') ? '\\' : path[i]; + +- str[0] = '\\'; +- strlen = 1; +- i = 0; +- while (i < len) { +- int utf8len; +- +- utf8len = utf8_to_16(stra + i, str + strlen); +- if (utf8len <= 0) { +- /* invalid utf8 sequence, skip the garbage */ +- i++; ++ /* Double '\' is not allowed in EFI file paths. */ ++ if (fixed > 0 && path[fixed - 1] == '\\' && path[fixed] == '\\') + continue; +- } + +- if (str[strlen] == '/') +- str[strlen] = '\\'; +- if (str[strlen] == '\\' && str[strlen-1] == '\\') { +- /* skip double slashes */ +- i += utf8len; +- continue; +- } ++ if (path[i] == '\0') ++ break; + +- strlen++; +- i += utf8len; ++ fixed++; + } +- str[strlen] = '\0'; +- return str; ++} ++ ++char16_t *xstr8_to_path(const char *str8) { ++ assert(str8); ++ char16_t *path = xstr8_to_16(str8); ++ convert_efi_path(path); ++ return path; + } + + EFI_STATUS file_read(EFI_FILE *dir, const char16_t *name, UINTN off, UINTN size, char **ret, UINTN *ret_size) { +diff --git a/src/boot/efi/util.h b/src/boot/efi/util.h +index d78feac39c..e4ab8138c4 100644 +--- a/src/boot/efi/util.h ++++ b/src/boot/efi/util.h +@@ -112,7 +112,8 @@ EFI_STATUS efivar_get_uint32_le(const EFI_GUID *vendor, const char16_t *name, ui + EFI_STATUS efivar_get_uint64_le(const EFI_GUID *vendor, const char16_t *name, uint64_t *ret); + EFI_STATUS efivar_get_boolean_u8(const EFI_GUID *vendor, const char16_t *name, bool *ret); + +-char16_t *xstra_to_path(const char *stra); ++void convert_efi_path(char16_t *path); ++char16_t *xstr8_to_path(const char *stra); + + EFI_STATUS file_read(EFI_FILE *dir, const char16_t *name, UINTN off, UINTN size, char **content, UINTN *content_size); + diff --git a/0146-stub-Fix-cmdline-handling.patch b/0146-stub-Fix-cmdline-handling.patch new file mode 100644 index 0000000..c2d77e0 --- /dev/null +++ b/0146-stub-Fix-cmdline-handling.patch @@ -0,0 +1,284 @@ +From 9489991adc3313efff58837010e53db80aebdd1b Mon Sep 17 00:00:00 2001 +From: Jan Janssen +Date: Tue, 22 Nov 2022 17:42:38 +0100 +Subject: [PATCH] stub: Fix cmdline handling + +This fixes some bugs that could lead to garbage getting appended to the +command line passed to the kernel: + 1. The .cmdline section is not guaranteed to be NUL-terminated, but it + was used as if it was. + 2. The conversion of the command line to ASCII that was passed to the + stub ate the NUL at the end. + 3. LoadOptions is not guaranteed to be a NUL-terminated EFI string (it + really should be and generally always is, though). + +This also fixes the inconsistent mangling of the command line. If the +.cmdline section was used ASCII controls chars (new lines in particular) +would not be converted to spaces. + +As part of this commit, we optimize conversion for the generic code +instead of the (deprecated) EFI handover protocol. Previously we would +convert to ASCII/UTF-8 and then back to EFI string for the (now) default +generic code path. Instead we now convert to EFI string and mangle that +back to ASCII in the EFI handover protocol path. + +(cherry picked from commit 927ebebe588970fa2dd082a0daaef246229f009b) + +Related: #2138081 +--- + src/boot/efi/boot.c | 10 ++++------ + src/boot/efi/linux.c | 12 ++++++------ + src/boot/efi/linux.h | 17 +++++++++++------ + src/boot/efi/linux_x86.c | 21 ++++++++++++++------- + src/boot/efi/stub.c | 38 +++++++++++++++++--------------------- + src/boot/efi/util.c | 7 +++++++ + src/boot/efi/util.h | 1 + + 7 files changed, 60 insertions(+), 46 deletions(-) + +diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c +index 581043df01..426bdc3cc2 100644 +--- a/src/boot/efi/boot.c ++++ b/src/boot/efi/boot.c +@@ -2242,13 +2242,11 @@ static void config_entry_add_unified( + content = mfree(content); + + /* read the embedded cmdline file */ +- err = file_read(linux_dir, f->FileName, offs[SECTION_CMDLINE], szs[SECTION_CMDLINE], &content, NULL); ++ size_t cmdline_len; ++ err = file_read(linux_dir, f->FileName, offs[SECTION_CMDLINE], szs[SECTION_CMDLINE], &content, &cmdline_len); + if (err == EFI_SUCCESS) { +- /* chomp the newline */ +- if (content[szs[SECTION_CMDLINE] - 1] == '\n') +- content[szs[SECTION_CMDLINE] - 1] = '\0'; +- +- entry->options = xstr8_to_16(content); ++ entry->options = xstrn8_to_16(content, cmdline_len); ++ mangle_stub_cmdline(entry->options); + } + } + } +diff --git a/src/boot/efi/linux.c b/src/boot/efi/linux.c +index 668510fca3..48801f9dd8 100644 +--- a/src/boot/efi/linux.c ++++ b/src/boot/efi/linux.c +@@ -93,15 +93,16 @@ static EFI_STATUS load_image(EFI_HANDLE parent, const void *source, size_t len, + + EFI_STATUS linux_exec( + EFI_HANDLE parent, +- const char *cmdline, UINTN cmdline_len, +- const void *linux_buffer, UINTN linux_length, +- const void *initrd_buffer, UINTN initrd_length) { ++ const char16_t *cmdline, ++ const void *linux_buffer, ++ size_t linux_length, ++ const void *initrd_buffer, ++ size_t initrd_length) { + + uint32_t compat_address; + EFI_STATUS err; + + assert(parent); +- assert(cmdline || cmdline_len == 0); + assert(linux_buffer && linux_length > 0); + assert(initrd_buffer || initrd_length == 0); + +@@ -113,7 +114,6 @@ EFI_STATUS linux_exec( + return linux_exec_efi_handover( + parent, + cmdline, +- cmdline_len, + linux_buffer, + linux_length, + initrd_buffer, +@@ -133,7 +133,7 @@ EFI_STATUS linux_exec( + return log_error_status_stall(err, u"Error getting kernel loaded image protocol: %r", err); + + if (cmdline) { +- loaded_image->LoadOptions = xstrn8_to_16(cmdline, cmdline_len); ++ loaded_image->LoadOptions = (void *) cmdline; + loaded_image->LoadOptionsSize = strsize16(loaded_image->LoadOptions); + } + +diff --git a/src/boot/efi/linux.h b/src/boot/efi/linux.h +index 19e5f5c4a8..f0a6a37ed1 100644 +--- a/src/boot/efi/linux.h ++++ b/src/boot/efi/linux.h +@@ -2,14 +2,19 @@ + #pragma once + + #include ++#include + + EFI_STATUS linux_exec( + EFI_HANDLE parent, +- const char *cmdline, UINTN cmdline_len, +- const void *linux_buffer, UINTN linux_length, +- const void *initrd_buffer, UINTN initrd_length); ++ const char16_t *cmdline, ++ const void *linux_buffer, ++ size_t linux_length, ++ const void *initrd_buffer, ++ size_t initrd_length); + EFI_STATUS linux_exec_efi_handover( + EFI_HANDLE parent, +- const char *cmdline, UINTN cmdline_len, +- const void *linux_buffer, UINTN linux_length, +- const void *initrd_buffer, UINTN initrd_length); ++ const char16_t *cmdline, ++ const void *linux_buffer, ++ size_t linux_length, ++ const void *initrd_buffer, ++ size_t initrd_length); +diff --git a/src/boot/efi/linux_x86.c b/src/boot/efi/linux_x86.c +index 64336ce348..6a5e431107 100644 +--- a/src/boot/efi/linux_x86.c ++++ b/src/boot/efi/linux_x86.c +@@ -126,12 +126,13 @@ static void linux_efi_handover(EFI_HANDLE parent, uintptr_t kernel, BootParams * + + EFI_STATUS linux_exec_efi_handover( + EFI_HANDLE parent, +- const char *cmdline, UINTN cmdline_len, +- const void *linux_buffer, UINTN linux_length, +- const void *initrd_buffer, UINTN initrd_length) { ++ const char16_t *cmdline, ++ const void *linux_buffer, ++ size_t linux_length, ++ const void *initrd_buffer, ++ size_t initrd_length) { + + assert(parent); +- assert(cmdline || cmdline_len == 0); + assert(linux_buffer); + assert(initrd_buffer || initrd_length == 0); + +@@ -185,14 +186,20 @@ EFI_STATUS linux_exec_efi_handover( + + _cleanup_pages_ Pages cmdline_pages = {}; + if (cmdline) { ++ size_t len = MIN(strlen16(cmdline), image_params->hdr.cmdline_size); ++ + cmdline_pages = xmalloc_pages( + can_4g ? AllocateAnyPages : AllocateMaxAddress, + EfiLoaderData, +- EFI_SIZE_TO_PAGES(cmdline_len + 1), ++ EFI_SIZE_TO_PAGES(len + 1), + CMDLINE_PTR_MAX); + +- memcpy(PHYSICAL_ADDRESS_TO_POINTER(cmdline_pages.addr), cmdline, cmdline_len); +- ((char *) PHYSICAL_ADDRESS_TO_POINTER(cmdline_pages.addr))[cmdline_len] = 0; ++ /* Convert cmdline to ASCII. */ ++ char *cmdline8 = PHYSICAL_ADDRESS_TO_POINTER(cmdline_pages.addr); ++ for (size_t i = 0; i < len; i++) ++ cmdline8[i] = cmdline[i] <= 0x7E ? cmdline[i] : ' '; ++ cmdline8[len] = '\0'; ++ + boot_params->hdr.cmd_line_ptr = (uint32_t) cmdline_pages.addr; + boot_params->ext_cmd_line_ptr = cmdline_pages.addr >> 32; + assert(can_4g || cmdline_pages.addr <= CMDLINE_PTR_MAX); +diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c +index a842c5c679..841a0e41bd 100644 +--- a/src/boot/efi/stub.c ++++ b/src/boot/efi/stub.c +@@ -132,14 +132,13 @@ static void export_variables(EFI_LOADED_IMAGE_PROTOCOL *loaded_image) { + + EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { + _cleanup_free_ void *credential_initrd = NULL, *global_credential_initrd = NULL, *sysext_initrd = NULL, *pcrsig_initrd = NULL, *pcrpkey_initrd = NULL; +- UINTN credential_initrd_size = 0, global_credential_initrd_size = 0, sysext_initrd_size = 0, pcrsig_initrd_size = 0, pcrpkey_initrd_size = 0; +- UINTN cmdline_len = 0, linux_size, initrd_size, dt_size; ++ size_t credential_initrd_size = 0, global_credential_initrd_size = 0, sysext_initrd_size = 0, pcrsig_initrd_size = 0, pcrpkey_initrd_size = 0; ++ size_t linux_size, initrd_size, dt_size; + EFI_PHYSICAL_ADDRESS linux_base, initrd_base, dt_base; + _cleanup_(devicetree_cleanup) struct devicetree_state dt_state = {}; + EFI_LOADED_IMAGE_PROTOCOL *loaded_image; +- UINTN addrs[_UNIFIED_SECTION_MAX] = {}, szs[_UNIFIED_SECTION_MAX] = {}; +- char *cmdline = NULL; +- _cleanup_free_ char *cmdline_owned = NULL; ++ size_t addrs[_UNIFIED_SECTION_MAX] = {}, szs[_UNIFIED_SECTION_MAX] = {}; ++ _cleanup_free_ char16_t *cmdline = NULL; + int sections_measured = -1, parameters_measured = -1; + bool sysext_measured = false, m; + EFI_STATUS err; +@@ -208,32 +207,29 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { + /* Show splash screen as early as possible */ + graphics_splash((const uint8_t*) loaded_image->ImageBase + addrs[UNIFIED_SECTION_SPLASH], szs[UNIFIED_SECTION_SPLASH]); + +- if (szs[UNIFIED_SECTION_CMDLINE] > 0) { +- cmdline = (char *) loaded_image->ImageBase + addrs[UNIFIED_SECTION_CMDLINE]; +- cmdline_len = szs[UNIFIED_SECTION_CMDLINE]; +- } +- + /* if we are not in secure boot mode, or none was provided, accept a custom command line and replace + * the built-in one. We also do a superficial check whether first character of passed command line + * is printable character (for compat with some Dell systems which fill in garbage?). */ +- if ((!secure_boot_enabled() || cmdline_len == 0) && +- loaded_image->LoadOptionsSize > 0 && ++ if ((!secure_boot_enabled() || szs[UNIFIED_SECTION_CMDLINE] == 0) && ++ loaded_image->LoadOptionsSize > sizeof(char16_t) && + ((char16_t *) loaded_image->LoadOptions)[0] > 0x1F) { +- cmdline_len = (loaded_image->LoadOptionsSize / sizeof(char16_t)) * sizeof(char); +- cmdline = cmdline_owned = xnew(char, cmdline_len); +- +- for (UINTN i = 0; i < cmdline_len; i++) { +- char16_t c = ((char16_t *) loaded_image->LoadOptions)[i]; +- cmdline[i] = c > 0x1F && c < 0x7F ? c : ' '; /* convert non-printable and non_ASCII characters to spaces. */ +- } ++ /* Note that LoadOptions is a void*, so it could be anything! */ ++ cmdline = xstrndup16( ++ loaded_image->LoadOptions, loaded_image->LoadOptionsSize / sizeof(char16_t)); ++ mangle_stub_cmdline(cmdline); + + /* Let's measure the passed kernel command line into the TPM. Note that this possibly + * duplicates what we already did in the boot menu, if that was already used. However, since + * we want the boot menu to support an EFI binary, and want to this stub to be usable from + * any boot menu, let's measure things anyway. */ + m = false; +- (void) tpm_log_load_options(loaded_image->LoadOptions, &m); ++ (void) tpm_log_load_options(cmdline, &m); + parameters_measured = m; ++ } else if (szs[UNIFIED_SECTION_CMDLINE] > 0) { ++ cmdline = xstrn8_to_16( ++ (char *) loaded_image->ImageBase + addrs[UNIFIED_SECTION_CMDLINE], ++ szs[UNIFIED_SECTION_CMDLINE]); ++ mangle_stub_cmdline(cmdline); + } + + export_variables(loaded_image); +@@ -374,7 +370,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { + log_error_stall(L"Error loading embedded devicetree: %r", err); + } + +- err = linux_exec(image, cmdline, cmdline_len, ++ err = linux_exec(image, cmdline, + PHYSICAL_ADDRESS_TO_POINTER(linux_base), linux_size, + PHYSICAL_ADDRESS_TO_POINTER(initrd_base), initrd_size); + graphics_mode(false); +diff --git a/src/boot/efi/util.c b/src/boot/efi/util.c +index 3268c511d0..1f07fbc38c 100644 +--- a/src/boot/efi/util.c ++++ b/src/boot/efi/util.c +@@ -274,6 +274,13 @@ char16_t *xstr8_to_path(const char *str8) { + return path; + } + ++void mangle_stub_cmdline(char16_t *cmdline) { ++ for (; *cmdline != '\0'; cmdline++) ++ /* Convert ASCII control characters to spaces. */ ++ if (*cmdline <= 0x1F) ++ *cmdline = ' '; ++} ++ + EFI_STATUS file_read(EFI_FILE *dir, const char16_t *name, UINTN off, UINTN size, char **ret, UINTN *ret_size) { + _cleanup_(file_closep) EFI_FILE *handle = NULL; + _cleanup_free_ char *buf = NULL; +diff --git a/src/boot/efi/util.h b/src/boot/efi/util.h +index e4ab8138c4..f58d24fce1 100644 +--- a/src/boot/efi/util.h ++++ b/src/boot/efi/util.h +@@ -114,6 +114,7 @@ EFI_STATUS efivar_get_boolean_u8(const EFI_GUID *vendor, const char16_t *name, b + + void convert_efi_path(char16_t *path); + char16_t *xstr8_to_path(const char *stra); ++void mangle_stub_cmdline(char16_t *cmdline); + + EFI_STATUS file_read(EFI_FILE *dir, const char16_t *name, UINTN off, UINTN size, char **content, UINTN *content_size); + diff --git a/0147-stub-Detect-empty-LoadOptions-when-run-from-EFI-shel.patch b/0147-stub-Detect-empty-LoadOptions-when-run-from-EFI-shel.patch new file mode 100644 index 0000000..f3cabf5 --- /dev/null +++ b/0147-stub-Detect-empty-LoadOptions-when-run-from-EFI-shel.patch @@ -0,0 +1,121 @@ +From c287f39f5df561968c4cb7712750e5ed23c02b29 Mon Sep 17 00:00:00 2001 +From: Jan Janssen +Date: Wed, 2 Nov 2022 10:25:32 +0100 +Subject: [PATCH] stub: Detect empty LoadOptions when run from EFI shell + +The EFI shell will pass the entire command line to the application it +starts, which includes the file path of the stub binary. This prevents +us from using the built-in cmdline if the command line is otherwise +empty. + +Fortunately, the EFI shell registers a protocol on any images it starts +this way. The protocol even lets us access the args individually, making +it easy to strip the stub path off. + +Fixes: #25201 +(cherry picked from commit b17f3b3d8077ab6827549a123ac636d655fe8d4d) + +Related: #2138081 +--- + src/boot/efi/missing_efi.h | 13 +++++++++ + src/boot/efi/stub.c | 59 +++++++++++++++++++++++++++++++------- + 2 files changed, 61 insertions(+), 11 deletions(-) + +diff --git a/src/boot/efi/missing_efi.h b/src/boot/efi/missing_efi.h +index f9169248ec..250c84c248 100644 +--- a/src/boot/efi/missing_efi.h ++++ b/src/boot/efi/missing_efi.h +@@ -385,3 +385,16 @@ typedef struct _EFI_CONSOLE_CONTROL_PROTOCOL { + { 0xd719b2cb, 0x3d3a, 0x4596, {0xa3, 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f }} + + #endif ++ ++#ifndef EFI_SHELL_PARAMETERS_PROTOCOL_GUID ++# define EFI_SHELL_PARAMETERS_PROTOCOL_GUID \ ++ { 0x752f3136, 0x4e16, 0x4fdc, { 0xa2, 0x2a, 0xe5, 0xf4, 0x68, 0x12, 0xf4, 0xca } } ++ ++typedef struct { ++ CHAR16 **Argv; ++ UINTN Argc; ++ void *StdIn; ++ void *StdOut; ++ void *StdErr; ++} EFI_SHELL_PARAMETERS_PROTOCOL; ++#endif +diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c +index 841a0e41bd..7c42a16c70 100644 +--- a/src/boot/efi/stub.c ++++ b/src/boot/efi/stub.c +@@ -130,6 +130,53 @@ static void export_variables(EFI_LOADED_IMAGE_PROTOCOL *loaded_image) { + (void) efivar_set_uint64_le(LOADER_GUID, L"StubFeatures", stub_features, 0); + } + ++static bool use_load_options( ++ EFI_HANDLE stub_image, ++ EFI_LOADED_IMAGE_PROTOCOL *loaded_image, ++ bool have_cmdline, ++ char16_t **ret) { ++ ++ assert(stub_image); ++ assert(loaded_image); ++ assert(ret); ++ ++ /* We only allow custom command lines if we aren't in secure boot or if no cmdline was baked into ++ * the stub image. */ ++ if (secure_boot_enabled() && have_cmdline) ++ return false; ++ ++ /* We also do a superficial check whether first character of passed command line ++ * is printable character (for compat with some Dell systems which fill in garbage?). */ ++ if (loaded_image->LoadOptionsSize < sizeof(char16_t) || ((char16_t *) loaded_image->LoadOptions)[0] <= 0x1F) ++ return false; ++ ++ /* The UEFI shell registers EFI_SHELL_PARAMETERS_PROTOCOL onto images it runs. This lets us know that ++ * LoadOptions starts with the stub binary path which we want to strip off. */ ++ EFI_SHELL_PARAMETERS_PROTOCOL *shell; ++ if (BS->HandleProtocol(stub_image, &(EFI_GUID) EFI_SHELL_PARAMETERS_PROTOCOL_GUID, (void **) &shell) ++ != EFI_SUCCESS) { ++ /* Not running from EFI shell, use entire LoadOptions. Note that LoadOptions is a void*, so ++ * it could be anything! */ ++ *ret = xstrndup16(loaded_image->LoadOptions, loaded_image->LoadOptionsSize / sizeof(char16_t)); ++ mangle_stub_cmdline(*ret); ++ return true; ++ } ++ ++ if (shell->Argc < 2) ++ /* No arguments were provided? Then we fall back to built-in cmdline. */ ++ return false; ++ ++ /* Assemble the command line ourselves without our stub path. */ ++ *ret = xstrdup16(shell->Argv[1]); ++ for (size_t i = 2; i < shell->Argc; i++) { ++ _cleanup_free_ char16_t *old = *ret; ++ *ret = xpool_print(u"%s %s", old, shell->Argv[i]); ++ } ++ ++ mangle_stub_cmdline(*ret); ++ return true; ++} ++ + EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { + _cleanup_free_ void *credential_initrd = NULL, *global_credential_initrd = NULL, *sysext_initrd = NULL, *pcrsig_initrd = NULL, *pcrpkey_initrd = NULL; + size_t credential_initrd_size = 0, global_credential_initrd_size = 0, sysext_initrd_size = 0, pcrsig_initrd_size = 0, pcrpkey_initrd_size = 0; +@@ -207,17 +254,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { + /* Show splash screen as early as possible */ + graphics_splash((const uint8_t*) loaded_image->ImageBase + addrs[UNIFIED_SECTION_SPLASH], szs[UNIFIED_SECTION_SPLASH]); + +- /* if we are not in secure boot mode, or none was provided, accept a custom command line and replace +- * the built-in one. We also do a superficial check whether first character of passed command line +- * is printable character (for compat with some Dell systems which fill in garbage?). */ +- if ((!secure_boot_enabled() || szs[UNIFIED_SECTION_CMDLINE] == 0) && +- loaded_image->LoadOptionsSize > sizeof(char16_t) && +- ((char16_t *) loaded_image->LoadOptions)[0] > 0x1F) { +- /* Note that LoadOptions is a void*, so it could be anything! */ +- cmdline = xstrndup16( +- loaded_image->LoadOptions, loaded_image->LoadOptionsSize / sizeof(char16_t)); +- mangle_stub_cmdline(cmdline); +- ++ if (use_load_options(image, loaded_image, szs[UNIFIED_SECTION_CMDLINE] > 0, &cmdline)) { + /* Let's measure the passed kernel command line into the TPM. Note that this possibly + * duplicates what we already did in the boot menu, if that was already used. However, since + * we want the boot menu to support an EFI binary, and want to this stub to be usable from diff --git a/0148-boot-Use-EFI_BOOT_MANAGER_POLICY_PROTOCOL-to-connect.patch b/0148-boot-Use-EFI_BOOT_MANAGER_POLICY_PROTOCOL-to-connect.patch new file mode 100644 index 0000000..929f1db --- /dev/null +++ b/0148-boot-Use-EFI_BOOT_MANAGER_POLICY_PROTOCOL-to-connect.patch @@ -0,0 +1,75 @@ +From 071cef46b87b605f8b4918a95dcecae08b843e23 Mon Sep 17 00:00:00 2001 +From: Jan Janssen +Date: Sun, 27 Nov 2022 13:38:18 +0100 +Subject: [PATCH] boot: Use EFI_BOOT_MANAGER_POLICY_PROTOCOL to connect console + devices + +(cherry picked from commit b99bf5811850afdb2502ba37251c48348da63c82) + +Related: #2138081 +--- + src/boot/efi/console.c | 16 ++++++++++++++++ + src/boot/efi/missing_efi.h | 19 +++++++++++++++++++ + 2 files changed, 35 insertions(+) + +diff --git a/src/boot/efi/console.c b/src/boot/efi/console.c +index 14c0008afb..cd980fd535 100644 +--- a/src/boot/efi/console.c ++++ b/src/boot/efi/console.c +@@ -12,6 +12,20 @@ + #define VERTICAL_MAX_OK 1080 + #define VIEWPORT_RATIO 10 + ++static EFI_STATUS console_connect(void) { ++ EFI_BOOT_MANAGER_POLICY_PROTOCOL *boot_policy; ++ EFI_STATUS err; ++ ++ /* This should make console devices appear/fully initialize on fastboot firmware. */ ++ ++ err = BS->LocateProtocol( ++ &(EFI_GUID) EFI_BOOT_MANAGER_POLICY_PROTOCOL_GUID, NULL, (void **) &boot_policy); ++ if (err != EFI_SUCCESS) ++ return err; ++ ++ return boot_policy->ConnectDeviceClass(boot_policy, &(EFI_GUID) EFI_BOOT_MANAGER_POLICY_CONSOLE_GUID); ++} ++ + static inline void event_closep(EFI_EVENT *event) { + if (!*event) + return; +@@ -47,6 +61,8 @@ EFI_STATUS console_key_read(uint64_t *key, uint64_t timeout_usec) { + assert(key); + + if (!checked) { ++ console_connect(); ++ + /* Get the *first* TextInputEx device.*/ + err = BS->LocateProtocol(&SimpleTextInputExProtocol, NULL, (void **) &extraInEx); + if (err != EFI_SUCCESS || BS->CheckEvent(extraInEx->WaitForKeyEx) == EFI_INVALID_PARAMETER) +diff --git a/src/boot/efi/missing_efi.h b/src/boot/efi/missing_efi.h +index 250c84c248..b446e0399f 100644 +--- a/src/boot/efi/missing_efi.h ++++ b/src/boot/efi/missing_efi.h +@@ -398,3 +398,22 @@ typedef struct { + void *StdErr; + } EFI_SHELL_PARAMETERS_PROTOCOL; + #endif ++ ++#ifndef EFI_BOOT_MANAGER_POLICY_PROTOCOL_GUID ++#define EFI_BOOT_MANAGER_POLICY_PROTOCOL_GUID \ ++ { 0xFEDF8E0C, 0xE147, 0x11E3, { 0x99, 0x03, 0xB8, 0xE8, 0x56, 0x2C, 0xBA, 0xFA } } ++#define EFI_BOOT_MANAGER_POLICY_CONSOLE_GUID \ ++ { 0xCAB0E94C, 0xE15F, 0x11E3, { 0x91, 0x8D, 0xB8, 0xE8, 0x56, 0x2C, 0xBA, 0xFA } } ++ ++typedef struct EFI_BOOT_MANAGER_POLICY_PROTOCOL EFI_BOOT_MANAGER_POLICY_PROTOCOL; ++struct EFI_BOOT_MANAGER_POLICY_PROTOCOL { ++ UINT64 Revision; ++ EFI_STATUS (EFIAPI *ConnectDevicePath)( ++ EFI_BOOT_MANAGER_POLICY_PROTOCOL *This, ++ EFI_DEVICE_PATH *DevicePath, ++ BOOLEAN Recursive); ++ EFI_STATUS (EFIAPI *ConnectDeviceClass)( ++ EFI_BOOT_MANAGER_POLICY_PROTOCOL *This, ++ EFI_GUID *Class); ++}; ++#endif diff --git a/0149-boot-Make-sure-all-partitions-drivers-are-connected.patch b/0149-boot-Make-sure-all-partitions-drivers-are-connected.patch new file mode 100644 index 0000000..13fce87 --- /dev/null +++ b/0149-boot-Make-sure-all-partitions-drivers-are-connected.patch @@ -0,0 +1,27 @@ +From 57b58ec8a72f00a66b43e7975ed3825dc28b851f Mon Sep 17 00:00:00 2001 +From: Jan Janssen +Date: Sun, 27 Nov 2022 13:53:30 +0100 +Subject: [PATCH] boot: Make sure all partitions drivers are connected + +(cherry picked from commit 7f19be808c9cb9cabcaf1e48ccff875fa8191d3a) + +Related: #2138081 +--- + src/boot/efi/xbootldr.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/boot/efi/xbootldr.c b/src/boot/efi/xbootldr.c +index e5b9ca7268..7fef909312 100644 +--- a/src/boot/efi/xbootldr.c ++++ b/src/boot/efi/xbootldr.c +@@ -201,6 +201,10 @@ static EFI_STATUS find_device(EFI_HANDLE *device, EFI_DEVICE_PATH **ret_device_p + if (err != EFI_SUCCESS) + return err; + ++ /* The drivers for other partitions on this drive may not be initialized on fastboot firmware, so we ++ * have to ask the firmware to do just that. */ ++ (void) BS->ConnectController(disk_handle, NULL, NULL, true); ++ + err = BS->HandleProtocol(disk_handle, &BlockIoProtocol, (void **)&block_io); + if (err != EFI_SUCCESS) + return err; diff --git a/0150-boot-improve-support-for-qemu.patch b/0150-boot-improve-support-for-qemu.patch new file mode 100644 index 0000000..f586008 --- /dev/null +++ b/0150-boot-improve-support-for-qemu.patch @@ -0,0 +1,225 @@ +From e2065196eb434008cfcba7c889138f58f7d492d7 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Fri, 9 Sep 2022 13:12:04 +0200 +Subject: [PATCH] boot: improve support for qemu + +systemd-boot expects being loaded from ESP and is quite unhappy in case +the loaded image device path is something else. When running on qemu +this can easily happen though. Case one is direct kernel boot, i.e. +loading via 'qemu -kernel systemd-bootx64.efi'. Case two is sd-boot +being added to the ovmf firmware image and being loaded from there. + +This patch detects both cases and goes inspect all file systems known to +the firmware, trying to find the ESP. When present the +VMMBootOrderNNNN variables are used to inspect the file systems in the +given order. + +(cherry picked from commit 8fec4f95be7a323410f9853b6773c810ba6c7152) + +Related: #2138081 +--- + src/boot/efi/boot.c | 10 ++- + src/boot/efi/meson.build | 1 + + src/boot/efi/vmm.c | 130 +++++++++++++++++++++++++++++++++++++++ + src/boot/efi/vmm.h | 8 +++ + 4 files changed, 148 insertions(+), 1 deletion(-) + create mode 100644 src/boot/efi/vmm.c + create mode 100644 src/boot/efi/vmm.h + +diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c +index 426bdc3cc2..e182ee7840 100644 +--- a/src/boot/efi/boot.c ++++ b/src/boot/efi/boot.c +@@ -16,6 +16,7 @@ + #include "linux.h" + #include "measure.h" + #include "pe.h" ++#include "vmm.h" + #include "random-seed.h" + #include "secure-boot.h" + #include "shim.h" +@@ -2639,6 +2640,13 @@ static void config_load_all_entries( + config_default_entry_select(config); + } + ++static EFI_STATUS discover_root_dir(EFI_LOADED_IMAGE_PROTOCOL *loaded_image, EFI_FILE **ret_dir) { ++ if (is_direct_boot(loaded_image->DeviceHandle)) ++ return vmm_open(&loaded_image->DeviceHandle, ret_dir); ++ else ++ return open_volume(loaded_image->DeviceHandle, ret_dir); ++} ++ + EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { + EFI_LOADED_IMAGE_PROTOCOL *loaded_image; + _cleanup_(file_closep) EFI_FILE *root_dir = NULL; +@@ -2673,7 +2681,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { + + export_variables(loaded_image, loaded_image_path, init_usec); + +- err = open_volume(loaded_image->DeviceHandle, &root_dir); ++ err = discover_root_dir(loaded_image, &root_dir); + if (err != EFI_SUCCESS) + return log_error_status_stall(err, L"Unable to open root directory: %r", err); + +diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build +index 395386d3ed..0de43993a4 100644 +--- a/src/boot/efi/meson.build ++++ b/src/boot/efi/meson.build +@@ -389,6 +389,7 @@ systemd_boot_sources = files( + 'boot.c', + 'drivers.c', + 'random-seed.c', ++ 'vmm.c', + 'shim.c', + 'xbootldr.c', + ) +diff --git a/src/boot/efi/vmm.c b/src/boot/efi/vmm.c +new file mode 100644 +index 0000000000..b1bfd778fc +--- /dev/null ++++ b/src/boot/efi/vmm.c +@@ -0,0 +1,130 @@ ++/* SPDX-License-Identifier: LGPL-2.1-or-later */ ++ ++#include ++#include ++#include ++ ++#include "drivers.h" ++#include "efi-string.h" ++#include "string-util-fundamental.h" ++#include "util.h" ++ ++#define QEMU_KERNEL_LOADER_FS_MEDIA_GUID \ ++ { 0x1428f772, 0xb64a, 0x441e, {0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7 }} ++ ++#define VMM_BOOT_ORDER_GUID \ ++ { 0x668f4529, 0x63d0, 0x4bb5, {0xb6, 0x5d, 0x6f, 0xbb, 0x9d, 0x36, 0xa4, 0x4a }} ++ ++/* detect direct boot */ ++bool is_direct_boot(EFI_HANDLE device) { ++ EFI_STATUS err; ++ VENDOR_DEVICE_PATH *dp; ++ ++ err = BS->HandleProtocol(device, &DevicePathProtocol, (void **) &dp); ++ if (err != EFI_SUCCESS) ++ return false; ++ ++ /* 'qemu -kernel systemd-bootx64.efi' */ ++ if (dp->Header.Type == MEDIA_DEVICE_PATH && ++ dp->Header.SubType == MEDIA_VENDOR_DP && ++ memcmp(&dp->Guid, &(EFI_GUID)QEMU_KERNEL_LOADER_FS_MEDIA_GUID, sizeof(EFI_GUID)) == 0) ++ return true; ++ ++ /* loaded from firmware volume (sd-boot added to ovmf) */ ++ if (dp->Header.Type == MEDIA_DEVICE_PATH && ++ dp->Header.SubType == MEDIA_PIWG_FW_VOL_DP) ++ return true; ++ ++ return false; ++} ++ ++static bool device_path_startswith(const EFI_DEVICE_PATH *dp, const EFI_DEVICE_PATH *start) { ++ if (!start) ++ return true; ++ if (!dp) ++ return false; ++ for (;;) { ++ if (IsDevicePathEnd(start)) ++ return true; ++ if (IsDevicePathEnd(dp)) ++ return false; ++ size_t l1 = DevicePathNodeLength(start); ++ size_t l2 = DevicePathNodeLength(dp); ++ if (l1 != l2) ++ return false; ++ if (memcmp(dp, start, l1) != 0) ++ return false; ++ start = NextDevicePathNode(start); ++ dp = NextDevicePathNode(dp); ++ } ++} ++ ++/* ++ * Try find ESP when not loaded from ESP ++ * ++ * Inspect all filesystems known to the firmware, try find the ESP. In case VMMBootOrderNNNN variables are ++ * present they are used to inspect the filesystems in the specified order. When nothing was found or the ++ * variables are not present the function will do one final search pass over all filesystems. ++ * ++ * Recent OVMF builds store the qemu boot order (as specified using the bootindex property on the qemu ++ * command line) in VMMBootOrderNNNN. The variables contain a device path. ++ * ++ * Example qemu command line: ++ * qemu -virtio-scsi-pci,addr=14.0 -device scsi-cd,scsi-id=4,bootindex=1 ++ * ++ * Resulting variable: ++ * VMMBootOrder0000 = PciRoot(0x0)/Pci(0x14,0x0)/Scsi(0x4,0x0) ++ */ ++EFI_STATUS vmm_open(EFI_HANDLE *ret_vmm_dev, EFI_FILE **ret_vmm_dir) { ++ _cleanup_free_ EFI_HANDLE *handles = NULL; ++ size_t n_handles; ++ EFI_STATUS err, dp_err; ++ ++ assert(ret_vmm_dev); ++ assert(ret_vmm_dir); ++ ++ /* find all file system handles */ ++ err = BS->LocateHandleBuffer(ByProtocol, &FileSystemProtocol, NULL, &n_handles, &handles); ++ if (err != EFI_SUCCESS) ++ return err; ++ ++ for (size_t order = 0;; order++) { ++ _cleanup_free_ EFI_DEVICE_PATH *dp = NULL; ++ char16_t order_str[STRLEN("VMMBootOrder") + 4 + 1]; ++ ++ SPrint(order_str, sizeof(order_str), u"VMMBootOrder%04x", order); ++ dp_err = efivar_get_raw(&(EFI_GUID)VMM_BOOT_ORDER_GUID, order_str, (char**)&dp, NULL); ++ ++ for (size_t i = 0; i < n_handles; i++) { ++ _cleanup_(file_closep) EFI_FILE *root_dir = NULL, *efi_dir = NULL; ++ EFI_DEVICE_PATH *fs; ++ ++ err = BS->HandleProtocol(handles[i], &DevicePathProtocol, (void **) &fs); ++ if (err != EFI_SUCCESS) ++ return err; ++ ++ /* check against VMMBootOrderNNNN (if set) */ ++ if (dp_err == EFI_SUCCESS && !device_path_startswith(fs, dp)) ++ continue; ++ ++ err = open_volume(handles[i], &root_dir); ++ if (err != EFI_SUCCESS) ++ continue; ++ ++ /* simple ESP check */ ++ err = root_dir->Open(root_dir, &efi_dir, (char16_t*) u"\\EFI", ++ EFI_FILE_MODE_READ, ++ EFI_FILE_READ_ONLY | EFI_FILE_DIRECTORY); ++ if (err != EFI_SUCCESS) ++ continue; ++ ++ *ret_vmm_dev = handles[i]; ++ *ret_vmm_dir = TAKE_PTR(root_dir); ++ return EFI_SUCCESS; ++ } ++ ++ if (dp_err != EFI_SUCCESS) ++ return EFI_NOT_FOUND; ++ } ++ assert_not_reached(); ++} +diff --git a/src/boot/efi/vmm.h b/src/boot/efi/vmm.h +new file mode 100644 +index 0000000000..7bac1a324a +--- /dev/null ++++ b/src/boot/efi/vmm.h +@@ -0,0 +1,8 @@ ++/* SPDX-License-Identifier: LGPL-2.1-or-later */ ++#pragma once ++ ++#include ++#include ++ ++bool is_direct_boot(EFI_HANDLE device); ++EFI_STATUS vmm_open(EFI_HANDLE *ret_qemu_dev, EFI_FILE **ret_qemu_dir); diff --git a/0151-systemd-boot-man-page-add-section-for-virtual-machin.patch b/0151-systemd-boot-man-page-add-section-for-virtual-machin.patch new file mode 100644 index 0000000..7fac54a --- /dev/null +++ b/0151-systemd-boot-man-page-add-section-for-virtual-machin.patch @@ -0,0 +1,40 @@ +From 236e3846e8497f2f7e5c4dfcfc9ff2e922fd02a0 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Tue, 4 Oct 2022 15:01:39 +0200 +Subject: [PATCH] systemd-boot man page: add section for virtual machines + +(cherry picked from commit 941d418d19397bd20c570729877a5dfa37d762b2) + +Related: #2138081 +--- + man/systemd-boot.xml | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/man/systemd-boot.xml b/man/systemd-boot.xml +index 0eee532f90..57b66803fa 100644 +--- a/man/systemd-boot.xml ++++ b/man/systemd-boot.xml +@@ -525,6 +525,23 @@ + /etc/kernel/tries when a boot loader entry is first created. + + ++ ++ Using systemd-boot in virtual machines. ++ ++ When using qemu with OVMF (UEFI Firmware for virtual machines) the switch ++ works not only for linux kernels, but for any EFI binary, including sd-boot and unified linux ++ kernels. Example command line for loading sd-boot on x64: ++ ++ ++ qemu-system-x86_64 [ ... ] ++ -kernel /usr/lib/systemd/boot/efi/systemd-bootx64.efi ++ ++ ++ systemd-boot will detect that it was started directly instead of being loaded from ESP and will ++ search for the ESP in that case, taking into account boot order information from the hypervisor (if ++ available). ++ ++ + + See Also + diff --git a/0152-boot-Only-do-full-driver-initialization-in-VMs.patch b/0152-boot-Only-do-full-driver-initialization-in-VMs.patch new file mode 100644 index 0000000..096ae37 --- /dev/null +++ b/0152-boot-Only-do-full-driver-initialization-in-VMs.patch @@ -0,0 +1,51 @@ +From 7dec74695751b70a8a86eb647062e7d5a5157446 Mon Sep 17 00:00:00 2001 +From: Jan Janssen +Date: Sun, 27 Nov 2022 13:56:18 +0100 +Subject: [PATCH] boot: Only do full driver initialization in VMs + +Doing the reconnect dance on some real firmware creates huge delays on +boot. This should not be needed anymore as we now ask the firmware to +make console devices and xbootldr partitions available explicitly in a +more targeted fashion. + +Fixes: #25510 +(cherry picked from commit f6d59e2ebfc1bf50683a2e640aad501c372a50e4) + +Related: #2138081 +--- + src/boot/efi/boot.c | 6 ------ + src/boot/efi/vmm.c | 4 ++++ + 2 files changed, 4 insertions(+), 6 deletions(-) + +diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c +index e182ee7840..5944451e6a 100644 +--- a/src/boot/efi/boot.c ++++ b/src/boot/efi/boot.c +@@ -2662,12 +2662,6 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { + /* Uncomment the next line if you need to wait for debugger. */ + // debug_break(); + +- /* The firmware may skip initializing some devices for the sake of a faster boot. This is especially +- * true for fastboot enabled firmwares. But this means that things we use like input devices or the +- * xbootldr partition may not be available yet. Reconnect all drivers should hopefully make the +- * firmware initialize everything we need. */ +- (void) reconnect_all_drivers(); +- + err = BS->OpenProtocol(image, + &LoadedImageProtocol, + (void **)&loaded_image, +diff --git a/src/boot/efi/vmm.c b/src/boot/efi/vmm.c +index b1bfd778fc..2260b217b7 100644 +--- a/src/boot/efi/vmm.c ++++ b/src/boot/efi/vmm.c +@@ -83,6 +83,10 @@ EFI_STATUS vmm_open(EFI_HANDLE *ret_vmm_dev, EFI_FILE **ret_vmm_dir) { + assert(ret_vmm_dev); + assert(ret_vmm_dir); + ++ /* Make sure all file systems have been initialized. Only do this in VMs as this is slow ++ * on some real firmwares. */ ++ (void) reconnect_all_drivers(); ++ + /* find all file system handles */ + err = BS->LocateHandleBuffer(ByProtocol, &FileSystemProtocol, NULL, &n_handles, &handles); + if (err != EFI_SUCCESS) diff --git a/0153-dissect-rework-DISSECT_IMAGE_ADD_PARTITION_DEVICES-D.patch b/0153-dissect-rework-DISSECT_IMAGE_ADD_PARTITION_DEVICES-D.patch new file mode 100644 index 0000000..c7d02ec --- /dev/null +++ b/0153-dissect-rework-DISSECT_IMAGE_ADD_PARTITION_DEVICES-D.patch @@ -0,0 +1,303 @@ +From 4d081a18d324e2010b6c46d468f693b1186c4275 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 30 Nov 2022 17:17:20 +0100 +Subject: [PATCH] dissect: rework DISSECT_IMAGE_ADD_PARTITION_DEVICES + + DISSECT_IMAGE_OPEN_PARTITION_DEVICES + +Curently, these two flags were implied by dissect_loop_device(), but +that's not right, because this means systemd-gpt-auto-generator will +dissect the root block device with these flags set and that's not +desirable: the generator should not cause the partition devices to be +created (we don't intend to use them right-away after all, but expect +udev to find/probe them first, and then mount them though .mount units). +And there's no point in opening the partition devices, since we do not +intend to mount them via fds either. + +Hence, rework this: instead of implying the flags, specify them +explicitly. + +While we are at it, let's also rename the flags to make them more +descriptive: + +DISSECT_IMAGE_MANAGE_PARTITION_DEVICES becomes +DISSECT_IMAGE_ADD_PARTITION_DEVICES, since that's really all this does: +add the partition devices via BLKPG. + +DISSECT_IMAGE_OPEN_PARTITION_DEVICES becomes +DISSECT_IMAGE_PIN_PARTITION_DEVICES, since we not only open the devices, +but keep the devices open continously (i.e. we "pin" them). + +Also, drop the DISSECT_IMAGE_BLOCK_DEVICE combination flag, since it is +misleading, i.e. it suggests it was appropriate to specify on all +dissected blocking devices, but that's precisely not the case, see the +systemd-gpt-auto-generator case. My guess is that the confusion around +this was actually the cause for this bug we are addressing here. + +Fixes: #25528 +(cherry picked from commit 73d88b806b92efa0738bb6bcccbf105441f6d8cb) + +Related: #2138081 +--- + src/core/namespace.c | 4 +++- + src/dissect/dissect.c | 4 +++- + src/gpt-auto-generator/gpt-auto-generator.c | 5 +++++ + src/nspawn/nspawn.c | 4 +++- + src/portable/portable.c | 4 +++- + src/shared/discover-image.c | 4 +++- + src/shared/dissect-image.c | 23 +++++++++++++-------- + src/shared/dissect-image.h | 6 ++---- + src/sysext/sysext.c | 4 +++- + src/test/test-loop-block.c | 6 +++--- + 10 files changed, 42 insertions(+), 22 deletions(-) + +diff --git a/src/core/namespace.c b/src/core/namespace.c +index 852be3bdde..96b05303eb 100644 +--- a/src/core/namespace.c ++++ b/src/core/namespace.c +@@ -2051,7 +2051,9 @@ int setup_namespace( + DISSECT_IMAGE_RELAX_VAR_CHECK | + DISSECT_IMAGE_FSCK | + DISSECT_IMAGE_USR_NO_ROOT | +- DISSECT_IMAGE_GROWFS; ++ DISSECT_IMAGE_GROWFS | ++ DISSECT_IMAGE_ADD_PARTITION_DEVICES | ++ DISSECT_IMAGE_PIN_PARTITION_DEVICES; + size_t n_mounts; + int r; + +diff --git a/src/dissect/dissect.c b/src/dissect/dissect.c +index c465115fc7..c1d731dc82 100644 +--- a/src/dissect/dissect.c ++++ b/src/dissect/dissect.c +@@ -60,7 +60,9 @@ static DissectImageFlags arg_flags = + DISSECT_IMAGE_RELAX_VAR_CHECK | + DISSECT_IMAGE_FSCK | + DISSECT_IMAGE_USR_NO_ROOT | +- DISSECT_IMAGE_GROWFS; ++ DISSECT_IMAGE_GROWFS | ++ DISSECT_IMAGE_PIN_PARTITION_DEVICES | ++ DISSECT_IMAGE_ADD_PARTITION_DEVICES; + static VeritySettings arg_verity_settings = VERITY_SETTINGS_DEFAULT; + static JsonFormatFlags arg_json_format_flags = JSON_FORMAT_OFF; + static PagerFlags arg_pager_flags = 0; +diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c +index 0fb53bb9ea..143faa0c39 100644 +--- a/src/gpt-auto-generator/gpt-auto-generator.c ++++ b/src/gpt-auto-generator/gpt-auto-generator.c +@@ -665,6 +665,11 @@ static int enumerate_partitions(dev_t devnum) { + NULL, NULL, + DISSECT_IMAGE_GPT_ONLY| + DISSECT_IMAGE_USR_NO_ROOT, ++ /* NB! Unlike most other places where we dissect block devices we do not use ++ * DISSECT_IMAGE_ADD_PARTITION_DEVICES here: we want that the kernel finds the ++ * devices, and udev probes them before we mount them via .mount units much later ++ * on. And thus we also don't set DISSECT_IMAGE_PIN_PARTITION_DEVICES here, because ++ * we don't actually mount anything immediately. */ + &m); + if (r == -ENOPKG) { + log_debug_errno(r, "No suitable partition table found, ignoring."); +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index 93d646ed56..57723aa3cf 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -5657,7 +5657,9 @@ static int run(int argc, char *argv[]) { + DISSECT_IMAGE_GENERIC_ROOT | + DISSECT_IMAGE_REQUIRE_ROOT | + DISSECT_IMAGE_RELAX_VAR_CHECK | +- DISSECT_IMAGE_USR_NO_ROOT; ++ DISSECT_IMAGE_USR_NO_ROOT | ++ DISSECT_IMAGE_ADD_PARTITION_DEVICES | ++ DISSECT_IMAGE_PIN_PARTITION_DEVICES; + assert(arg_image); + assert(!arg_template); + +diff --git a/src/portable/portable.c b/src/portable/portable.c +index fbc4497014..570751f05b 100644 +--- a/src/portable/portable.c ++++ b/src/portable/portable.c +@@ -375,7 +375,9 @@ static int portable_extract_by_path( + DISSECT_IMAGE_REQUIRE_ROOT | + DISSECT_IMAGE_DISCARD_ON_LOOP | + DISSECT_IMAGE_RELAX_VAR_CHECK | +- DISSECT_IMAGE_USR_NO_ROOT, ++ DISSECT_IMAGE_USR_NO_ROOT | ++ DISSECT_IMAGE_ADD_PARTITION_DEVICES | ++ DISSECT_IMAGE_PIN_PARTITION_DEVICES, + &m); + if (r == -ENOPKG) + sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Couldn't identify a suitable partition table or file system in '%s'.", path); +diff --git a/src/shared/discover-image.c b/src/shared/discover-image.c +index fad95f7f43..5d740de266 100644 +--- a/src/shared/discover-image.c ++++ b/src/shared/discover-image.c +@@ -1203,7 +1203,9 @@ int image_read_metadata(Image *i) { + DISSECT_IMAGE_REQUIRE_ROOT | + DISSECT_IMAGE_RELAX_VAR_CHECK | + DISSECT_IMAGE_READ_ONLY | +- DISSECT_IMAGE_USR_NO_ROOT, ++ DISSECT_IMAGE_USR_NO_ROOT | ++ DISSECT_IMAGE_ADD_PARTITION_DEVICES | ++ DISSECT_IMAGE_PIN_PARTITION_DEVICES, + &m); + if (r < 0) + return r; +diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c +index 7676636723..462ee4b3e8 100644 +--- a/src/shared/dissect-image.c ++++ b/src/shared/dissect-image.c +@@ -436,7 +436,7 @@ static int dissect_image( + const char *fstype = NULL, *options = NULL; + _cleanup_close_ int mount_node_fd = -1; + +- if (FLAGS_SET(flags, DISSECT_IMAGE_OPEN_PARTITION_DEVICES)) { ++ if (FLAGS_SET(flags, DISSECT_IMAGE_PIN_PARTITION_DEVICES)) { + mount_node_fd = open_partition(devname, /* is_partition = */ false, m->loop); + if (mount_node_fd < 0) + return mount_node_fd; +@@ -505,7 +505,7 @@ static int dissect_image( + if (verity && verity->data_path) + return -EBADR; + +- if (FLAGS_SET(flags, DISSECT_IMAGE_MANAGE_PARTITION_DEVICES)) { ++ if (FLAGS_SET(flags, DISSECT_IMAGE_ADD_PARTITION_DEVICES)) { + /* Safety check: refuse block devices that carry a partition table but for which the kernel doesn't + * do partition scanning. */ + r = blockdev_partscan_enabled(fd); +@@ -574,7 +574,7 @@ static int dissect_image( + * Kernel returns EBUSY if there's already a partition by that number or an overlapping + * partition already existent. */ + +- if (FLAGS_SET(flags, DISSECT_IMAGE_MANAGE_PARTITION_DEVICES)) { ++ if (FLAGS_SET(flags, DISSECT_IMAGE_ADD_PARTITION_DEVICES)) { + r = block_device_add_partition(fd, node, nr, (uint64_t) start * 512, (uint64_t) size * 512); + if (r < 0) { + if (r != -EBUSY) +@@ -871,7 +871,7 @@ static int dissect_image( + dissected_partition_done(m->partitions + designator); + } + +- if (FLAGS_SET(flags, DISSECT_IMAGE_OPEN_PARTITION_DEVICES)) { ++ if (FLAGS_SET(flags, DISSECT_IMAGE_PIN_PARTITION_DEVICES)) { + mount_node_fd = open_partition(node, /* is_partition = */ true, m->loop); + if (mount_node_fd < 0) + return mount_node_fd; +@@ -945,7 +945,7 @@ static int dissect_image( + if (m->partitions[PARTITION_XBOOTLDR].found) + continue; + +- if (FLAGS_SET(flags, DISSECT_IMAGE_OPEN_PARTITION_DEVICES)) { ++ if (FLAGS_SET(flags, DISSECT_IMAGE_PIN_PARTITION_DEVICES)) { + mount_node_fd = open_partition(node, /* is_partition = */ true, m->loop); + if (mount_node_fd < 0) + return mount_node_fd; +@@ -1127,7 +1127,7 @@ static int dissect_image( + _cleanup_free_ char *o = NULL; + const char *options; + +- if (FLAGS_SET(flags, DISSECT_IMAGE_OPEN_PARTITION_DEVICES)) { ++ if (FLAGS_SET(flags, DISSECT_IMAGE_PIN_PARTITION_DEVICES)) { + mount_node_fd = open_partition(generic_node, /* is_partition = */ true, m->loop); + if (mount_node_fd < 0) + return mount_node_fd; +@@ -1232,7 +1232,6 @@ int dissect_image_file( + int r; + + assert(path); +- assert((flags & DISSECT_IMAGE_BLOCK_DEVICE) == 0); + assert(ret); + + fd = open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY); +@@ -3036,7 +3035,7 @@ int dissect_loop_device( + + m->loop = loop_device_ref(loop); + +- r = dissect_image(m, loop->fd, loop->node, verity, mount_options, flags | DISSECT_IMAGE_BLOCK_DEVICE); ++ r = dissect_image(m, loop->fd, loop->node, verity, mount_options, flags); + if (r < 0) + return r; + +@@ -3199,6 +3198,10 @@ int mount_image_privately_interactively( + assert(ret_directory); + assert(ret_loop_device); + ++ /* We intend to mount this right-away, hence add the partitions if needed and pin them*/ ++ flags |= DISSECT_IMAGE_ADD_PARTITION_DEVICES | ++ DISSECT_IMAGE_PIN_PARTITION_DEVICES; ++ + r = verity_settings_load(&verity, image, NULL, NULL); + if (r < 0) + return log_error_errno(r, "Failed to load root hash data: %m"); +@@ -3321,7 +3324,9 @@ int verity_dissect_and_mount( + return log_debug_errno(r, "Failed to load root hash: %m"); + + dissect_image_flags = (verity.data_path ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0) | +- (relax_extension_release_check ? DISSECT_IMAGE_RELAX_SYSEXT_CHECK : 0); ++ (relax_extension_release_check ? DISSECT_IMAGE_RELAX_SYSEXT_CHECK : 0) | ++ DISSECT_IMAGE_ADD_PARTITION_DEVICES | ++ DISSECT_IMAGE_PIN_PARTITION_DEVICES; + + /* Note that we don't use loop_device_make here, as the FD is most likely O_PATH which would not be + * accepted by LOOP_CONFIGURE, so just let loop_device_make_by_path reopen it as a regular FD. */ +diff --git a/src/shared/dissect-image.h b/src/shared/dissect-image.h +index f2278c4dfa..631d4c7a04 100644 +--- a/src/shared/dissect-image.h ++++ b/src/shared/dissect-image.h +@@ -214,10 +214,8 @@ typedef enum DissectImageFlags { + DISSECT_IMAGE_MOUNT_READ_ONLY, + DISSECT_IMAGE_GROWFS = 1 << 18, /* Grow file systems in partitions marked for that to the size of the partitions after mount */ + DISSECT_IMAGE_MOUNT_IDMAPPED = 1 << 19, /* Mount mounts with kernel 5.12-style userns ID mapping, if file system type doesn't support uid=/gid= */ +- DISSECT_IMAGE_MANAGE_PARTITION_DEVICES = 1 << 20, /* Manage partition devices, e.g. probe each partition in more detail */ +- DISSECT_IMAGE_OPEN_PARTITION_DEVICES = 1 << 21, /* Open dissected partitions and decrypted partitions */ +- DISSECT_IMAGE_BLOCK_DEVICE = DISSECT_IMAGE_MANAGE_PARTITION_DEVICES | +- DISSECT_IMAGE_OPEN_PARTITION_DEVICES, ++ DISSECT_IMAGE_ADD_PARTITION_DEVICES = 1 << 20, /* Create partition devices via BLKPG_ADD_PARTITION */ ++ DISSECT_IMAGE_PIN_PARTITION_DEVICES = 1 << 21, /* Open dissected partitions and decrypted partitions and pin them by fd */ + DISSECT_IMAGE_RELAX_SYSEXT_CHECK = 1 << 22, /* Don't insist that the extension-release file name matches the image name */ + } DissectImageFlags; + +diff --git a/src/sysext/sysext.c b/src/sysext/sysext.c +index 0875099d5f..c57293b0e5 100644 +--- a/src/sysext/sysext.c ++++ b/src/sysext/sysext.c +@@ -520,7 +520,9 @@ static int merge_subprocess(Hashmap *images, const char *workspace) { + DISSECT_IMAGE_GENERIC_ROOT | + DISSECT_IMAGE_REQUIRE_ROOT | + DISSECT_IMAGE_MOUNT_ROOT_ONLY | +- DISSECT_IMAGE_USR_NO_ROOT; ++ DISSECT_IMAGE_USR_NO_ROOT | ++ DISSECT_IMAGE_ADD_PARTITION_DEVICES | ++ DISSECT_IMAGE_PIN_PARTITION_DEVICES; + + r = verity_settings_load(&verity_settings, img->path, NULL, NULL); + if (r < 0) +diff --git a/src/test/test-loop-block.c b/src/test/test-loop-block.c +index e2b97dd56f..af2a9683a4 100644 +--- a/src/test/test-loop-block.c ++++ b/src/test/test-loop-block.c +@@ -71,7 +71,7 @@ static void* thread_func(void *ptr) { + + log_notice("Acquired loop device %s, will mount on %s", loop->node, mounted); + +- r = dissect_loop_device(loop, NULL, NULL, DISSECT_IMAGE_READ_ONLY, &dissected); ++ r = dissect_loop_device(loop, NULL, NULL, DISSECT_IMAGE_READ_ONLY|DISSECT_IMAGE_ADD_PARTITION_DEVICES|DISSECT_IMAGE_PIN_PARTITION_DEVICES, &dissected); + if (r < 0) + log_error_errno(r, "Failed dissect loopback device %s: %m", loop->node); + assert_se(r >= 0); +@@ -220,7 +220,7 @@ static int run(int argc, char *argv[]) { + assert_se(loop_device_make(fd, O_RDWR, 0, UINT64_MAX, 0, LO_FLAGS_PARTSCAN, LOCK_EX, &loop) >= 0); + + #if HAVE_BLKID +- assert_se(dissect_loop_device(loop, NULL, NULL, 0, &dissected) >= 0); ++ assert_se(dissect_loop_device(loop, NULL, NULL, DISSECT_IMAGE_ADD_PARTITION_DEVICES|DISSECT_IMAGE_PIN_PARTITION_DEVICES, &dissected) >= 0); + verify_dissected_image(dissected); + + FOREACH_STRING(fs, "vfat", "ext4") { +@@ -246,7 +246,7 @@ static int run(int argc, char *argv[]) { + assert_se(make_filesystem(dissected->partitions[PARTITION_HOME].node, "ext4", "home", NULL, id, true) >= 0); + + dissected = dissected_image_unref(dissected); +- assert_se(dissect_loop_device(loop, NULL, NULL, 0, &dissected) >= 0); ++ assert_se(dissect_loop_device(loop, NULL, NULL, DISSECT_IMAGE_ADD_PARTITION_DEVICES|DISSECT_IMAGE_PIN_PARTITION_DEVICES, &dissected) >= 0); + verify_dissected_image(dissected); + + assert_se(mkdtemp_malloc(NULL, &mounted) >= 0); diff --git a/0154-ci-Mergify-v252-configuration-update.patch b/0154-ci-Mergify-v252-configuration-update.patch new file mode 100644 index 0000000..0f73990 --- /dev/null +++ b/0154-ci-Mergify-v252-configuration-update.patch @@ -0,0 +1,158 @@ +From cdfc360ed871f54faa6d10c0fe9cf4cd28061a28 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Thu, 8 Dec 2022 15:42:41 +0100 +Subject: [PATCH] ci(Mergify): v252 configuration update + +rhel-only + +Related: #2138081 +--- + .mergify.yml | 101 +++++++++++++++++++++++++++++++++++++++++++++------ + 1 file changed, 89 insertions(+), 12 deletions(-) + +diff --git a/.mergify.yml b/.mergify.yml +index ddc79a1d7a..bc1743e8ea 100644 +--- a/.mergify.yml ++++ b/.mergify.yml +@@ -2,23 +2,31 @@ + --- + + pull_request_rules: +- - name: Add `needs-ci` label on CI fail ++ - name: Add `needs-ci` label on CI fail - v252 + conditions: ++ # Policy is relevant for rhel-9.2.0 branches and newer & main branch ++ - base~=^main$|^rhel-9.([2-9]|\d{2,}).0$ + - label!=ci-waived + - or: + # Build test +- - -check-success=build (gcc, 10, bfd) +- - -check-success=build (gcc, 11, gold) +- - -check-success=build (clang, 11, bfd) +- - -check-success=build (clang, 12, gold) +- - -check-success=build (clang, 13, lld) ++ - -check-success=build (gcc, 11, bfd, gcrypt) ++ - -check-success=build (gcc, 12, gold, openssl) ++ - -check-success=build (clang, 13, mold, gcrypt) ++ - -check-success=build (clang, 14, lld, openssl) ++ - -check-success=build (clang, 15, bfd, auto) + # Unit tests + - -check-success=build (GCC, auto) + - -check-success=build (GCC_ASAN_UBSAN, auto) + - -check-success=build (CLANG, auto) ++ - -check-success=build (CLANG_RELEASE, auto) + - -check-success=build (CLANG_ASAN_UBSAN, auto) ++ - -check-success=build (CLANG_ASAN_UBSAN_NO_DEPS, auto) + - -check-success=build (GCC, openssl) + - -check-success=build (CLANG, gcrypt) ++ # ClusterFuzzingLite ++ - -check-success=PR (address) ++ - -check-success=PR (undefined) ++ - -check-success=PR (memory) + # CentOS CI + - -check-success=CentOS CI (CentOS Stream 9) + - -check-success=CentOS CI (CentOS Stream 9 + sanitizers) +@@ -35,24 +43,62 @@ pull_request_rules: + add: + - needs-ci + +- - name: Remove `needs-ci` label on CI success ++ - name: Add `needs-ci` label on CI fail - v250 + conditions: ++ # Policy is relevant branches before rhel-9.2.0 ++ - base~=^rhel-9.0.0-beta$|^rhel-9.[0-1].0$ ++ - label!=ci-waived ++ - or: ++ # Build test ++ - -check-success=build (gcc, 10, bfd) ++ - -check-success=build (gcc, 11, gold) ++ - -check-success=build (clang, 11, bfd) ++ - -check-success=build (clang, 12, gold) ++ - -check-success=build (clang, 13, lld) ++ # Unit tests ++ - -check-success=build (GCC, auto) ++ - -check-success=build (GCC_ASAN_UBSAN, auto) ++ - -check-success=build (CLANG, auto) ++ - -check-success=build (CLANG_ASAN_UBSAN, auto) ++ - -check-success=build (GCC, openssl) ++ - -check-success=build (CLANG, gcrypt) ++ # CentOS CI ++ - -check-success=CentOS CI (CentOS Stream 9) ++ - -check-success=CentOS CI (CentOS Stream 9 + sanitizers) ++ # Packit ++ - -check-success=rpm-build:centos-stream-9-aarch64 ++ - -check-success=rpm-build:centos-stream-9-x86_64 ++ actions: ++ label: ++ add: ++ - needs-ci ++ ++ - name: Remove `needs-ci` label on CI success - v252 ++ conditions: ++ # Policy is relevant for rhel-9.2.0 branches and newer & main branch ++ - base~=^main$|^rhel-9.([2-9]|\d{2,}).0$ + - or: + - label=ci-waived + - and: + # Build test +- - check-success=build (gcc, 10, bfd) +- - check-success=build (gcc, 11, gold) +- - check-success=build (clang, 11, bfd) +- - check-success=build (clang, 12, gold) +- - check-success=build (clang, 13, lld) ++ - check-success=build (gcc, 11, bfd, gcrypt) ++ - check-success=build (gcc, 12, gold, openssl) ++ - check-success=build (clang, 13, mold, gcrypt) ++ - check-success=build (clang, 14, lld, openssl) ++ - check-success=build (clang, 15, bfd, auto) + # Unit tests + - check-success=build (GCC, auto) + - check-success=build (GCC_ASAN_UBSAN, auto) + - check-success=build (CLANG, auto) ++ - check-success=build (CLANG_RELEASE, auto) + - check-success=build (CLANG_ASAN_UBSAN, auto) ++ - check-success=build (CLANG_ASAN_UBSAN_NO_DEPS, auto) + - check-success=build (GCC, openssl) + - check-success=build (CLANG, gcrypt) ++ # ClusterFuzzingLite ++ - check-success=PR (address) ++ - check-success=PR (undefined) ++ - check-success=PR (memory) + # CentOS CI + - check-success=CentOS CI (CentOS Stream 9) + - check-success=CentOS CI (CentOS Stream 9 + sanitizers) +@@ -68,3 +114,34 @@ pull_request_rules: + label: + remove: + - needs-ci ++ ++ - name: Remove `needs-ci` label on CI success - v250 ++ conditions: ++ # Policy is relevant branches before rhel-9.2.0 ++ - base~=^rhel-9.0.0-beta$|^rhel-9.[0-1].0$ ++ - or: ++ - label=ci-waived ++ - and: ++ # Build test ++ - check-success=build (gcc, 10, bfd) ++ - check-success=build (gcc, 11, gold) ++ - check-success=build (clang, 11, bfd) ++ - check-success=build (clang, 12, gold) ++ - check-success=build (clang, 13, lld) ++ # Unit tests ++ - check-success=build (GCC, auto) ++ - check-success=build (GCC_ASAN_UBSAN, auto) ++ - check-success=build (CLANG, auto) ++ - check-success=build (CLANG_ASAN_UBSAN, auto) ++ - check-success=build (GCC, openssl) ++ - check-success=build (CLANG, gcrypt) ++ # CentOS CI ++ - check-success=CentOS CI (CentOS Stream 9) ++ - check-success=CentOS CI (CentOS Stream 9 + sanitizers) ++ # Packit ++ - check-success=rpm-build:centos-stream-9-aarch64 ++ - check-success=rpm-build:centos-stream-9-x86_64 ++ actions: ++ label: ++ remove: ++ - needs-ci diff --git a/0155-ci-Run-GitHub-workflows-on-rhel-branches.patch b/0155-ci-Run-GitHub-workflows-on-rhel-branches.patch new file mode 100644 index 0000000..c563bae --- /dev/null +++ b/0155-ci-Run-GitHub-workflows-on-rhel-branches.patch @@ -0,0 +1,62 @@ +From 70dcdd6dfcda08486201442f225f7d8c9980e047 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Thu, 8 Dec 2022 15:52:30 +0100 +Subject: [PATCH] ci: Run GitHub workflows on rhel branches + +rhel-only + +Related: #2138081 +--- + .github/workflows/cflite_pr.yml | 2 +- + .github/workflows/codeql.yml | 4 ++-- + .github/workflows/linter.yml | 2 +- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml +index a35a97f046..500be1c2cf 100644 +--- a/.github/workflows/cflite_pr.yml ++++ b/.github/workflows/cflite_pr.yml +@@ -7,7 +7,7 @@ on: + pull_request: + branches: + - main +- - v[0-9]+-stable ++ - rhel-9.*.0 + + permissions: read-all + +diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml +index b531753cab..e8236b1857 100644 +--- a/.github/workflows/codeql.yml ++++ b/.github/workflows/codeql.yml +@@ -8,7 +8,7 @@ on: + pull_request: + branches: + - main +- - v[0-9]+-stable ++ - rhel-9.*.0 + paths: + - '**/meson.build' + - '.github/**/codeql*' +@@ -18,7 +18,7 @@ on: + push: + branches: + - main +- - v[0-9]+-stable ++ - rhel-9.*.0 + + permissions: + contents: read +diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml +index 180cfbfdba..eddd350122 100644 +--- a/.github/workflows/linter.yml ++++ b/.github/workflows/linter.yml +@@ -8,7 +8,7 @@ on: + pull_request: + branches: + - main +- - v[0-9]+-stable ++ - rhel-9.*.0 + + permissions: + contents: read diff --git a/0156-ci-Drop-scorecards-workflow-not-relevant.patch b/0156-ci-Drop-scorecards-workflow-not-relevant.patch new file mode 100644 index 0000000..40340c9 --- /dev/null +++ b/0156-ci-Drop-scorecards-workflow-not-relevant.patch @@ -0,0 +1,89 @@ +From e28f0b746d630230cf6256215f9388de7f3f6dd7 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Thu, 8 Dec 2022 16:00:58 +0100 +Subject: [PATCH] ci: Drop scorecards workflow, not relevant + +rhel-only + +Related: #2138081 +--- + .github/workflows/scorecards.yml | 70 -------------------------------- + 1 file changed, 70 deletions(-) + delete mode 100644 .github/workflows/scorecards.yml + +diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml +deleted file mode 100644 +index 911ac5a35e..0000000000 +--- a/.github/workflows/scorecards.yml ++++ /dev/null +@@ -1,70 +0,0 @@ +---- +-# vi: ts=2 sw=2 et: +-# SPDX-License-Identifier: LGPL-2.1-or-later +-name: Scorecards supply-chain security +-on: +- # Only the default branch is supported. +- branch_protection_rule: +- schedule: +- - cron: '15 21 * * 6' +- push: +- branches: +- - main +- pull_request: +- branches: +- - main +- paths: +- - '.github/workflows/scorecards.yml' +- +-# Declare default permissions as read only. +-permissions: read-all +- +-jobs: +- analysis: +- name: Scorecards analysis +- if: github.repository == 'systemd/systemd' +- runs-on: ubuntu-latest +- permissions: +- # Needed to upload the results to code-scanning dashboard. +- security-events: write +- # Used to receive a badge. +- id-token: write +- +- steps: +- - name: Checkout code +- uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0 +- with: +- persist-credentials: false +- +- - name: Run analysis +- uses: ossf/scorecard-action@e363bfca00e752f91de7b7d2a77340e2e523cb18 # tag=v2.0.4 +- with: +- results_file: results.sarif +- results_format: sarif +- # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if: +- # - you want to enable the Branch-Protection check on a *public* repository, or +- # - you are installing Scorecards on a *private* repository +- # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. +- # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} +- +- # Publish the results for public repositories to enable scorecard badges. For more details, see +- # https://github.com/ossf/scorecard-action#publishing-results. +- # For private repositories, `publish_results` will automatically be set to `false`, regardless +- # of the value entered here. +- publish_results: ${{ github.event_name != 'pull_request' }} +- +- # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF +- # format to the repository Actions tab. +- - name: Upload artifact +- uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # tag=v3.0.0 +- with: +- name: SARIF file +- path: results.sarif +- retention-days: 5 +- +- # Upload the results to GitHub's code scanning dashboard. +- - name: Upload to code-scanning +- if: github.event_name != 'pull_request' +- uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # tag=v1.0.26 +- with: +- sarif_file: results.sarif diff --git a/systemd.spec b/systemd.spec index 593de6a..5ad2828 100644 --- a/systemd.spec +++ b/systemd.spec @@ -21,7 +21,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd Version: 252 -Release: 1%{?dist} +Release: 2%{?dist} # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: System and Service Manager @@ -78,130 +78,162 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # patches in this range before applying upstream pull requests. # RHEL-specific -Patch0001: 0001-macro-fix-indentation.patch -Patch0002: 0002-test-add-a-couple-of-sanity-tests-for-journalctl.patch -Patch0003: 0003-man-fix-typo-found-by-Lintian.patch -Patch0004: 0004-test-add-x-to-assert.sh.patch -Patch0005: 0005-parse_hwdb-allow-negative-value-for-EVDEV_ABS_-prope.patch -Patch0006: 0006-resolved-fix-typo-in-feature-level-table.patch -Patch0007: 0007-coverage-Mark-_coverage__exit-as-noreturn.patch -Patch0008: 0008-namespace-Add-hidepid-subset-support-check.patch -Patch0009: 0009-test-add-a-couple-of-sanity-tests-for-loginctl.patch -Patch0010: 0010-test-rename-TEST-26-SETENV-to-TEST-26-SYSTEMCTL.patch -Patch0011: 0011-test-add-a-couple-of-sanity-tests-for-systemctl.patch -Patch0012: 0012-docs-DPS-and-BLS-have-moved-to-uapi-group.org.patch -Patch0013: 0013-core-fix-memleak-in-GetUnitFileLinks-method.patch -Patch0014: 0014-man-use-the-correct-Markers-property-name-for-markin.patch -Patch0015: 0015-test-further-extend-systemctl-s-sanity-coverage.patch -Patch0016: 0016-test-add-a-sanity-coverage-for-systemd-analyze-verbs.patch -Patch0017: 0017-udev-first-set-properties-based-on-usb-subsystem.patch -Patch0018: 0018-udev-drop-redundant-call-of-usb_id-and-assignment-of.patch -Patch0019: 0019-udev-add-safe-guard-for-setting-by-id-symlink.patch -Patch0020: 0020-test-cover-legacy-deprecated-systemd-analyze-verbs.patch -Patch0021: 0021-test-cover-a-couple-of-previously-missed-analyze-cod.patch -Patch0022: 0022-test-introduce-sanity-coverage-for-auxiliary-utils.patch -Patch0023: 0023-firstboot-fix-segfault-when-locale-messages-is-passe.patch -Patch0024: 0024-tests-make-test-execute-pass-on-openSUSE.patch -Patch0025: 0025-tests-minor-simplification-in-test-execute.patch -Patch0026: 0026-tmpfiles.d-do-not-fail-if-provision.conf-fails.patch -Patch0027: 0027-kernel-install-90-loaderentry-do-not-add-multiple-sy.patch -Patch0028: 0028-condition-Check-that-subsystem-is-enabled-in-Conditi.patch -Patch0029: 0029-semaphore-remove-the-Semaphore-repositories-recursiv.patch -Patch0030: 0030-kernel-install-90-loaderentry-do-not-override-an-exi.patch -Patch0031: 0031-kernel-install-skip-50-depmod-if-depmod-is-not-avail.patch -Patch0032: 0032-man-add-note-that-network-generator-is-not-a-generat.patch -Patch0033: 0033-test-fstab-generator-adjust-PATH-for-fsck.patch -Patch0034: 0034-loop-util-open-lock-fd-read-only.patch -Patch0035: 0035-test-don-t-ignore-non-existent-paths-in-inst_recursi.patch -Patch0036: 0036-test-fix-locale-installation-when-locale-gen-is-used.patch -Patch0037: 0037-test-fix-keymaps-installation-on-Arch.patch -Patch0038: 0038-test-compile-test-utmp.c-only-if-UTMP-is-enabled.patch -Patch0039: 0039-Create-CNAME.patch -Patch0040: 0040-tpm2-util-force-default-TCTI-to-be-device-with-param.patch -Patch0041: 0041-tpm2-add-some-extra-validation-of-device-string-befo.patch -Patch0042: 0042-boot-Fix-error-message.patch -Patch0043: 0043-boot-Fix-memory-leak.patch -Patch0044: 0044-boot-Do-not-require-a-loaded-image-path.patch -Patch0045: 0045-boot-Manually-convert-filepaths-if-needed.patch -Patch0046: 0046-boot-Rework-security-arch-override.patch -Patch0047: 0047-boot-Replace-firmware-security-hooks-directly.patch -Patch0048: 0048-networkd-ipv4acd.c-Use-net-if.h-for-getting-IFF_LOOP.patch -Patch0049: 0049-Revert-initrd-extend-SYSTEMD_IN_INITRD-to-accept-non.patch -Patch0050: 0050-pid1-skip-cleanup-if-root-is-not-tmpfs-ramfs.patch -Patch0051: 0051-ac-power-check-battery-existence-and-status.patch -Patch0052: 0052-systemctl-do-not-show-unit-properties-with-all.patch -Patch0053: 0053-Fix-reading-etc-machine-id-in-kernel-install-25388.patch -Patch0054: 0054-Revert-journal-Make-sd_journal_previous-next-return-.patch -Patch0055: 0055-boot-Correctly-handle-saved-default-patterns.patch -Patch0056: 0056-shared-tpm2-util-Fix-Error-Esys-invalid-ESAPI-handle.patch -Patch0057: 0057-Handle-MACHINE_ID-uninitialized.patch -Patch0058: 0058-fuzz-fuzz-compress-fix-copy-and-paste-error-buf-buf2.patch -Patch0059: 0059-boot-measure-fix-oom-check.patch -Patch0060: 0060-nspawn-allow-sched_rr_get_interval_time64-through-se.patch -Patch0061: 0061-resolved-use-right-conditionalization-when-setting-u.patch -Patch0062: 0062-resolved-when-configuring-127.0.0.1-as-per-interface.patch -Patch0063: 0063-manager-fix-format-strings-for-trigger-metadata.patch -Patch0064: 0064-basic-strv-check-printf-arguments-to-strv_extendf.patch -Patch0065: 0065-resolved-Fix-OpenSSL-error-messages.patch -Patch0066: 0066-network-wifi-try-to-reconfigure-when-connected.patch -Patch0067: 0067-oomd-always-allow-root-owned-cgroups-to-set-ManagedO.patch -Patch0068: 0068-oomd-fix-unreachable-test-case-in-test-oomd-util.patch -Patch0069: 0069-portable-add-a-few-more-useful-debug-log-messages.patch -Patch0070: 0070-repart-respect-discard-no-also-for-block-devices.patch -Patch0071: 0071-udev-make-sure-auto-root-logic-also-works-in-UKIs-bo.patch -Patch0072: 0072-meson-install-test-kernel-install-only-when-Dkernel-.patch -Patch0073: 0073-boot-Silence-driver-reconnect-errors.patch -Patch0074: 0074-dissect-image-do-not-try-to-close-invalid-fd.patch -Patch0075: 0075-bootctl-make-boot-entry-id-logged-in-hex.patch -Patch0076: 0076-bootctl-downgrade-log-message-when-firmware-reports-.patch -Patch0077: 0077-bootctl-rework-how-we-handle-referenced-but-absent-E.patch -Patch0078: 0078-strv-Make-sure-strv_make_nulstr-always-returns-a-val.patch -Patch0079: 0079-sd-bus-Use-goto-finish-instead-of-return-in-bus_add_.patch -Patch0080: 0080-find-esp-downgrade-and-ignore-error-on-retrieving-PA.patch -Patch0081: 0081-find-esp-include-device-sysname-in-the-log-message.patch -Patch0082: 0082-tmpfiles-log-at-info-level-when-some-allowed-failure.patch -Patch0083: 0083-fd-util-make-fd_in_set-and-thus-close_all_fds-handle.patch -Patch0084: 0084-fd-util-add-new-fd_cloexec_many-helper.patch -Patch0085: 0085-process-util-add-new-FORK_CLOEXEC_OFF-flag-for-disab.patch -Patch0086: 0086-dissect-fix-fsck.patch -Patch0087: 0087-core-update-audit-messages.patch -Patch0088: 0088-logind-set-RemoveIPC-to-false-by-default.patch -Patch0089: 0089-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch -Patch0090: 0090-Copy-40-redhat.rules-from-RHEL-8.patch -Patch0091: 0091-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch -Patch0092: 0092-unit-don-t-add-Requires-for-tmp.mount.patch -Patch0093: 0093-units-add-Install-section-to-tmp.mount.patch -Patch0094: 0094-rc-local-order-after-network-online.target.patch -Patch0095: 0095-ci-drop-CIs-irrelevant-for-downstream.patch -Patch0096: 0096-ci-reconfigure-Packit-for-RHEL-9.patch -Patch0097: 0097-ci-run-unit-tests-on-z-stream-branches-as-well.patch -Patch0098: 0098-random-util-increase-random-seed-size-to-1024.patch -Patch0099: 0099-journal-don-t-enable-systemd-journald-audit.socket-b.patch -Patch0100: 0100-journald.conf-don-t-touch-current-audit-settings.patch -Patch0101: 0101-Revert-udev-remove-WAIT_FOR-key.patch -Patch0102: 0102-Really-don-t-enable-systemd-journald-audit.socket.patch -Patch0103: 0103-rules-add-elevator-kernel-command-line-parameter.patch -Patch0104: 0104-units-don-t-enable-tmp.mount-statically-in-local-fs..patch -Patch0105: 0105-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch -Patch0106: 0106-set-core-ulimit-to-0-like-on-RHEL-7.patch -Patch0107: 0107-ci-use-C9S-chroots-in-Packit.patch -Patch0108: 0108-Treat-EPERM-as-not-available-too.patch -Patch0109: 0109-udev-net-setup-link-change-the-default-MACAddressPol.patch -Patch0110: 0110-man-mention-System-Administrator-s-Guide-in-systemct.patch -Patch0111: 0111-Net-naming-scheme-for-RHEL-9.0.patch -Patch0112: 0112-core-decrease-log-level-of-messages-about-use-of-Kil.patch -Patch0113: 0113-ci-Mergify-configuration-update.patch -Patch0114: 0114-ci-Mergify-fix-copy-paste-bug.patch -Patch0115: 0115-ci-Mergify-Add-ci-waived-logic.patch -Patch0116: 0116-udev-net_id-avoid-slot-based-names-only-for-single-f.patch -Patch0117: 0117-udev-net_id-add-rhel-9.1-naming-scheme.patch -Patch0118: 0118-ci-lint-Update-Differential-ShellCheck-config-to-run.patch -Patch0119: 0119-ci-mergify-Update-policy-Drop-LGTM-checks.patch -Patch0120: 0120-test-sd-device-skip-misc-devices.patch -Patch0121: 0121-test-skip-test_ntp-if-systemd-timesyncd-is-not-avail.patch -Patch0122: 0122-test-accept-EPERM-for-unavailable-idmapped-mounts-as.patch -Patch0123: 0123-test-don-t-test-buses-we-don-t-ship.patch -Patch0124: 0124-basic-add-fallback-in-chase_symlinks_and_opendir-for.patch +Patch0001: 0001-macro-Simply-case-macros-for-IN_SET.patch +Patch0002: 0002-macro-fix-indentation.patch +Patch0003: 0003-test-add-a-couple-of-sanity-tests-for-journalctl.patch +Patch0004: 0004-man-fix-typo-found-by-Lintian.patch +Patch0005: 0005-test-add-x-to-assert.sh.patch +Patch0006: 0006-parse_hwdb-allow-negative-value-for-EVDEV_ABS_-prope.patch +Patch0007: 0007-resolved-fix-typo-in-feature-level-table.patch +Patch0008: 0008-coverage-Mark-_coverage__exit-as-noreturn.patch +Patch0009: 0009-namespace-Add-hidepid-subset-support-check.patch +Patch0010: 0010-test-add-a-couple-of-sanity-tests-for-loginctl.patch +Patch0011: 0011-test-rename-TEST-26-SETENV-to-TEST-26-SYSTEMCTL.patch +Patch0012: 0012-test-add-a-couple-of-sanity-tests-for-systemctl.patch +Patch0013: 0013-docs-DPS-and-BLS-have-moved-to-uapi-group.org.patch +Patch0014: 0014-core-fix-memleak-in-GetUnitFileLinks-method.patch +Patch0015: 0015-man-use-the-correct-Markers-property-name-for-markin.patch +Patch0016: 0016-test-further-extend-systemctl-s-sanity-coverage.patch +Patch0017: 0017-test-add-a-sanity-coverage-for-systemd-analyze-verbs.patch +Patch0018: 0018-udev-first-set-properties-based-on-usb-subsystem.patch +Patch0019: 0019-udev-drop-redundant-call-of-usb_id-and-assignment-of.patch +Patch0020: 0020-udev-add-safe-guard-for-setting-by-id-symlink.patch +Patch0021: 0021-test-cover-legacy-deprecated-systemd-analyze-verbs.patch +Patch0022: 0022-test-cover-a-couple-of-previously-missed-analyze-cod.patch +Patch0023: 0023-test-introduce-sanity-coverage-for-auxiliary-utils.patch +Patch0024: 0024-firstboot-fix-segfault-when-locale-messages-is-passe.patch +Patch0025: 0025-tests-make-test-execute-pass-on-openSUSE.patch +Patch0026: 0026-tests-minor-simplification-in-test-execute.patch +Patch0027: 0027-tmpfiles.d-do-not-fail-if-provision.conf-fails.patch +Patch0028: 0028-kernel-install-90-loaderentry-do-not-add-multiple-sy.patch +Patch0029: 0029-condition-Check-that-subsystem-is-enabled-in-Conditi.patch +Patch0030: 0030-semaphore-remove-the-Semaphore-repositories-recursiv.patch +Patch0031: 0031-kernel-install-90-loaderentry-do-not-override-an-exi.patch +Patch0032: 0032-kernel-install-skip-50-depmod-if-depmod-is-not-avail.patch +Patch0033: 0033-man-add-note-that-network-generator-is-not-a-generat.patch +Patch0034: 0034-test-fstab-generator-adjust-PATH-for-fsck.patch +Patch0035: 0035-loop-util-open-lock-fd-read-only.patch +Patch0036: 0036-test-don-t-ignore-non-existent-paths-in-inst_recursi.patch +Patch0037: 0037-test-fix-locale-installation-when-locale-gen-is-used.patch +Patch0038: 0038-test-fix-keymaps-installation-on-Arch.patch +Patch0039: 0039-test-compile-test-utmp.c-only-if-UTMP-is-enabled.patch +Patch0040: 0040-Create-CNAME.patch +Patch0041: 0041-tpm2-util-force-default-TCTI-to-be-device-with-param.patch +Patch0042: 0042-tpm2-add-some-extra-validation-of-device-string-befo.patch +Patch0043: 0043-boot-Fix-error-message.patch +Patch0044: 0044-boot-Fix-memory-leak.patch +Patch0045: 0045-boot-Do-not-require-a-loaded-image-path.patch +Patch0046: 0046-boot-Manually-convert-filepaths-if-needed.patch +Patch0047: 0047-boot-Rework-security-arch-override.patch +Patch0048: 0048-boot-Replace-firmware-security-hooks-directly.patch +Patch0049: 0049-networkd-ipv4acd.c-Use-net-if.h-for-getting-IFF_LOOP.patch +Patch0050: 0050-Revert-initrd-extend-SYSTEMD_IN_INITRD-to-accept-non.patch +Patch0051: 0051-pid1-skip-cleanup-if-root-is-not-tmpfs-ramfs.patch +Patch0052: 0052-ac-power-check-battery-existence-and-status.patch +Patch0053: 0053-systemctl-do-not-show-unit-properties-with-all.patch +Patch0054: 0054-Fix-reading-etc-machine-id-in-kernel-install-25388.patch +Patch0055: 0055-Revert-journal-Make-sd_journal_previous-next-return-.patch +Patch0056: 0056-boot-Correctly-handle-saved-default-patterns.patch +Patch0057: 0057-shared-tpm2-util-Fix-Error-Esys-invalid-ESAPI-handle.patch +Patch0058: 0058-Handle-MACHINE_ID-uninitialized.patch +Patch0059: 0059-fuzz-fuzz-compress-fix-copy-and-paste-error-buf-buf2.patch +Patch0060: 0060-boot-measure-fix-oom-check.patch +Patch0061: 0061-nspawn-allow-sched_rr_get_interval_time64-through-se.patch +Patch0062: 0062-resolved-use-right-conditionalization-when-setting-u.patch +Patch0063: 0063-resolved-when-configuring-127.0.0.1-as-per-interface.patch +Patch0064: 0064-manager-fix-format-strings-for-trigger-metadata.patch +Patch0065: 0065-basic-strv-check-printf-arguments-to-strv_extendf.patch +Patch0066: 0066-resolved-Fix-OpenSSL-error-messages.patch +Patch0067: 0067-network-wifi-try-to-reconfigure-when-connected.patch +Patch0068: 0068-oomd-always-allow-root-owned-cgroups-to-set-ManagedO.patch +Patch0069: 0069-oomd-fix-unreachable-test-case-in-test-oomd-util.patch +Patch0070: 0070-portable-add-a-few-more-useful-debug-log-messages.patch +Patch0071: 0071-repart-respect-discard-no-also-for-block-devices.patch +Patch0072: 0072-udev-make-sure-auto-root-logic-also-works-in-UKIs-bo.patch +Patch0073: 0073-meson-install-test-kernel-install-only-when-Dkernel-.patch +Patch0074: 0074-boot-Silence-driver-reconnect-errors.patch +Patch0075: 0075-dissect-image-do-not-try-to-close-invalid-fd.patch +Patch0076: 0076-bootctl-make-boot-entry-id-logged-in-hex.patch +Patch0077: 0077-bootctl-downgrade-log-message-when-firmware-reports-.patch +Patch0078: 0078-bootctl-rework-how-we-handle-referenced-but-absent-E.patch +Patch0079: 0079-strv-Make-sure-strv_make_nulstr-always-returns-a-val.patch +Patch0080: 0080-sd-bus-Use-goto-finish-instead-of-return-in-bus_add_.patch +Patch0081: 0081-find-esp-downgrade-and-ignore-error-on-retrieving-PA.patch +Patch0082: 0082-find-esp-include-device-sysname-in-the-log-message.patch +Patch0083: 0083-tmpfiles-log-at-info-level-when-some-allowed-failure.patch +Patch0084: 0084-fd-util-make-fd_in_set-and-thus-close_all_fds-handle.patch +Patch0085: 0085-fd-util-add-new-fd_cloexec_many-helper.patch +Patch0086: 0086-process-util-add-new-FORK_CLOEXEC_OFF-flag-for-disab.patch +Patch0087: 0087-dissect-fix-fsck.patch +Patch0088: 0088-core-update-audit-messages.patch +Patch0089: 0089-logind-set-RemoveIPC-to-false-by-default.patch +Patch0090: 0090-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch +Patch0091: 0091-Copy-40-redhat.rules-from-RHEL-8.patch +Patch0092: 0092-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch +Patch0093: 0093-unit-don-t-add-Requires-for-tmp.mount.patch +Patch0094: 0094-units-add-Install-section-to-tmp.mount.patch +Patch0095: 0095-rc-local-order-after-network-online.target.patch +Patch0096: 0096-ci-drop-CIs-irrelevant-for-downstream.patch +Patch0097: 0097-ci-reconfigure-Packit-for-RHEL-9.patch +Patch0098: 0098-ci-run-unit-tests-on-z-stream-branches-as-well.patch +Patch0099: 0099-random-util-increase-random-seed-size-to-1024.patch +Patch0100: 0100-journal-don-t-enable-systemd-journald-audit.socket-b.patch +Patch0101: 0101-journald.conf-don-t-touch-current-audit-settings.patch +Patch0102: 0102-Revert-udev-remove-WAIT_FOR-key.patch +Patch0103: 0103-Really-don-t-enable-systemd-journald-audit.socket.patch +Patch0104: 0104-rules-add-elevator-kernel-command-line-parameter.patch +Patch0105: 0105-units-don-t-enable-tmp.mount-statically-in-local-fs..patch +Patch0106: 0106-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch +Patch0107: 0107-set-core-ulimit-to-0-like-on-RHEL-7.patch +Patch0108: 0108-ci-use-C9S-chroots-in-Packit.patch +Patch0109: 0109-Treat-EPERM-as-not-available-too.patch +Patch0110: 0110-udev-net-setup-link-change-the-default-MACAddressPol.patch +Patch0111: 0111-man-mention-System-Administrator-s-Guide-in-systemct.patch +Patch0112: 0112-Net-naming-scheme-for-RHEL-9.0.patch +Patch0113: 0113-core-decrease-log-level-of-messages-about-use-of-Kil.patch +Patch0114: 0114-ci-Mergify-configuration-update.patch +Patch0115: 0115-ci-Mergify-fix-copy-paste-bug.patch +Patch0116: 0116-ci-Mergify-Add-ci-waived-logic.patch +Patch0117: 0117-udev-net_id-avoid-slot-based-names-only-for-single-f.patch +Patch0118: 0118-udev-net_id-add-rhel-9.1-naming-scheme.patch +Patch0119: 0119-ci-lint-Update-Differential-ShellCheck-config-to-run.patch +Patch0120: 0120-ci-mergify-Update-policy-Drop-LGTM-checks.patch +Patch0121: 0121-test-sd-device-skip-misc-devices.patch +Patch0122: 0122-test-skip-test_ntp-if-systemd-timesyncd-is-not-avail.patch +Patch0123: 0123-test-accept-EPERM-for-unavailable-idmapped-mounts-as.patch +Patch0124: 0124-test-don-t-test-buses-we-don-t-ship.patch +Patch0125: 0125-basic-add-fallback-in-chase_symlinks_and_opendir-for.patch +Patch0126: 0126-test-check-if-we-can-use-SHA1-MD-for-signing-before-.patch +Patch0127: 0127-boot-cleanups-for-efivar_get-and-friends.patch +Patch0128: 0128-boot-fix-false-maybe-uninitialized-warning.patch +Patch0129: 0129-tree-wide-modernizations-with-RET_NERRNO.patch +Patch0130: 0130-sd-bus-handle-EINTR-return-from-bus_poll.patch +Patch0131: 0131-stdio-bridge-don-t-be-bothered-with-EINTR.patch +Patch0132: 0132-varlink-also-handle-EINTR-gracefully-when-waiting-fo.patch +Patch0133: 0133-sd-netlink-handle-EINTR-from-poll-gracefully-as-succ.patch +Patch0134: 0134-resolved-handle-EINTR-returned-from-fd_wait_for_even.patch +Patch0135: 0135-homed-handle-EINTR-gracefully-when-waiting-for-devic.patch +Patch0136: 0136-utmp-wtmp-fix-error-in-case-isatty-fails.patch +Patch0137: 0137-utmp-wtmp-handle-EINTR-gracefully-when-waiting-to-wr.patch +Patch0138: 0138-io-util-document-EINTR-situation-a-bit.patch +Patch0139: 0139-terminal-util-Set-OPOST-when-setting-ONLCR.patch +Patch0140: 0140-cgtop-Do-not-rewrite-P-or-k-options.patch +Patch0141: 0141-test-Add-tests-for-systemd-cgtop-args-parsing.patch +Patch0142: 0142-resolved-remove-inappropriate-assert.patch +Patch0143: 0143-boot-Add-xstrn8_to_16.patch +Patch0144: 0144-boot-Use-xstr8_to_16.patch +Patch0145: 0145-boot-Use-xstr8_to_16-for-path-conversion.patch +Patch0146: 0146-stub-Fix-cmdline-handling.patch +Patch0147: 0147-stub-Detect-empty-LoadOptions-when-run-from-EFI-shel.patch +Patch0148: 0148-boot-Use-EFI_BOOT_MANAGER_POLICY_PROTOCOL-to-connect.patch +Patch0149: 0149-boot-Make-sure-all-partitions-drivers-are-connected.patch +Patch0150: 0150-boot-improve-support-for-qemu.patch +Patch0151: 0151-systemd-boot-man-page-add-section-for-virtual-machin.patch +Patch0152: 0152-boot-Only-do-full-driver-initialization-in-VMs.patch +Patch0153: 0153-dissect-rework-DISSECT_IMAGE_ADD_PARTITION_DEVICES-D.patch +Patch0154: 0154-ci-Mergify-v252-configuration-update.patch +Patch0155: 0155-ci-Run-GitHub-workflows-on-rhel-branches.patch +Patch0156: 0156-ci-Drop-scorecards-workflow-not-relevant.patch # Downstream-only patches (9000–9999) @@ -993,6 +1025,39 @@ getent passwd systemd-oom &>/dev/null || useradd -r -l -g systemd-oom -d / -s /s %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Fri Dec 09 2022 systemd maintenance team - 252-2 +- test: check if we can use SHA1 MD for signing before using it (#2141979) +- boot: cleanups for efivar_get() and friends (#2141979) +- boot: fix false maybe-uninitialized warning (#2141979) +- tree-wide: modernizations with RET_NERRNO() (#2137584) +- sd-bus: handle -EINTR return from bus_poll() (#2137584) +- stdio-bridge: don't be bothered with EINTR (#2137584) +- varlink: also handle EINTR gracefully when waiting for EIO via ppoll() (#2137584) +- sd-netlink: handle EINTR from poll() gracefully, as success (#2137584) +- resolved: handle -EINTR returned from fd_wait_for_event() better (#2137584) +- homed: handle EINTR gracefully when waiting for device node (#2137584) +- utmp-wtmp: fix error in case isatty() fails (#2137584) +- utmp-wtmp: handle EINTR gracefully when waiting to write to tty (#2137584) +- io-util: document EINTR situation a bit (#2137584) +- terminal-util: Set OPOST when setting ONLCR (#2138081) +- cgtop: Do not rewrite -P or -k options (#2138081) +- test: Add tests for systemd-cgtop args parsing (#2138081) +- resolved: remove inappropriate assert() (#2138081) +- boot: Add xstrn8_to_16 (#2138081) +- boot: Use xstr8_to_16 (#2138081) +- boot: Use xstr8_to_16 for path conversion (#2138081) +- stub: Fix cmdline handling (#2138081) +- stub: Detect empty LoadOptions when run from EFI shell (#2138081) +- boot: Use EFI_BOOT_MANAGER_POLICY_PROTOCOL to connect console devices (#2138081) +- boot: Make sure all partitions drivers are connected (#2138081) +- boot: improve support for qemu (#2138081) +- systemd-boot man page: add section for virtual machines (#2138081) +- boot: Only do full driver initialization in VMs (#2138081) +- dissect: rework DISSECT_IMAGE_ADD_PARTITION_DEVICES + DISSECT_IMAGE_OPEN_PARTITION_DEVICES (#2138081) +- ci(Mergify): v252 configuration update (#2138081) +- ci: Run GitHub workflows on rhel branches (#2138081) +- ci: Drop scorecards workflow, not relevant (#2138081) + * Fri Dec 02 2022 systemd maintenance team - 252-1 - Rebase to systemd v252 + systemd-stable v252.2 (#2138081)