From e20fafc72a168dbfac5841b8482d21b71624ba09 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Wed, 8 Jan 2025 09:25:36 +0100 Subject: [PATCH] systemd-257-3 Resolves: RHEL-44417, RHEL-71409, RHEL-72798 --- 0001-Create-CNAME.patch | 18 ++ ...nk-drop-unexported-functions-from-pu.patch | 56 ++++ 0003-ci-reconfigure-Packit-for-RHEL-10.patch | 61 ---- ...-test-modernize-generate-sym-test.py.patch | 195 +++++++++++++ ...te-list-of-symbols-from-header-files.patch | 142 ++++++++++ ...tenroll-sort-fido2-credential-algori.patch | 65 +++++ 0006-analyze-tab-fix.patch | 23 ++ ...add-missing-mask-option-to-help-text.patch | 24 ++ ...set-nsec3-salt-length-8-in-knot.conf.patch | 29 ++ ...CAP_LINUX_IMMUTABLE-is-not-available.patch | 44 +++ ...p-test-when-lacking-privileges-to-cr.patch | 38 +++ ...pare-FDs-to-bin-sh-instead-of-dev-nu.patch | 36 +++ ...ils-package-instead-of-hostname-for-.patch | 66 +++++ ...rivileged-is-not-for-reading-propert.patch | 55 ++++ ...t-bail-if-SHELL_-variables-are-unset.patch | 56 ++++ ...g-VLAN-ranges-in-man-systemd.network.patch | 25 ++ ...t-fs-Migrate-to-new-assertion-macros.patch | 61 ++++ ...example-in-systemd-measure.xml-35506.patch | 27 ++ 0018-systemd-cryptenroll.xml-fix-typo.patch | 23 ++ 0019-semaphore-skip-some-tests.patch | 28 ++ 0020-shell-completion-add-systemd-creds.patch | 215 +++++++++++++++ ...ding-verity-settings-for-MountImages.patch | 64 +++++ ...e-coverage-for-extensions-and-verity.patch | 48 ++++ 0023-README-drop-CentOS-CI-badges.patch | 26 ++ 0024-meson.version-change-to-257.1.patch | 19 ++ ...urnalctl-honor-quiet-with-setup-keys.patch | 76 +++++ ...-disconnect-on-api-and-system-busses.patch | 35 +++ ...add-list-of-subscribers-to-dump-info.patch | 26 ++ ...to-invoke-polkit-ask-password-agent-.patch | 111 ++++++++ 0029-mkosi-Fix-opensuse-build.patch | 27 ++ ...eTmp-disconnected-instead-of-yes-if-.patch | 71 +++++ ...rse-options-before-checking-for-kern.patch | 36 +++ ...ock-return-77-on-skip-in-more-places.patch | 34 +++ ...mkosi-update-debian-commit-reference.patch | 43 +++ ...t-bail-if-SHELL_-variables-are-unset.patch | 58 ++++ ...-add-smbios11-verb-to-systemd-analyz.patch | 25 ++ ...m-wide-idle-begin-at-the-time-logind.patch | 67 +++++ ...es-reduce-quoting-in-warning-message.patch | 35 +++ 0037-semaphore-bump-timeout.patch | 26 ++ 0038-Revert-semaphore-skip-some-tests.patch | 26 ++ 0039-mkosi-fix-section-for-WithNetwork.patch | 23 ++ ...e-util-fix-truncation-of-usec-to-sec.patch | 57 ++++ ...ork-don-t-warn-with-no-NSID-assigned.patch | 40 +++ ...TEST-35-LOGIN-check-only-tty-session.patch | 56 ++++ ...ronment-setting-for-mkosi-should-be-.patch | 28 ++ ...si-temporarily-disable-panic_on_warn.patch | 31 +++ ...reguard-private-key-read-error-numbe.patch | 25 ++ ...it-ignore-ENOENT-from-unit_is_masked.patch | 59 ++++ ...-skip-TEST-69-SHUTDOWN-on-ubuntu-too.patch | 23 ++ 0048-mkosi-Fix-tools-image-package-name.patch | 23 ++ ...etry-unsealing-after-policy_pcr-retu.patch | 42 +++ ...transaction-completes-expect-other-t.patch | 261 ++++++++++++++++++ ...cument-generator-sandbox-environment.patch | 25 ++ ...ix-regression-in-no-sign-kernel-flag.patch | 46 +++ ...bian-ubuntu-to-ci-v257-stable-branch.patch | 25 ++ ...-debian-ubuntu-to-ci-v257-stable-bra.patch | 23 ++ ...util-unify-code-that-resets-dev-cons.patch | 172 ++++++++++++ 0056-mkosi-move-config-options.patch | 80 ++++++ 0057-mkosi-Update-to-latest.patch | 37 +++ 0058-mkosi-Add-gdb-to-tools-tree.patch | 22 ++ ...osi-Add-libz1-to-opensuse-tools-tree.patch | 24 ++ ...le-EPEL-for-CentOS-Stream-tools-tree.patch | 30 ++ 0061-mkosi-Use-tools-tree-by-default.patch | 52 ++++ ...uild-as-extra-search-path-by-default.patch | 30 ++ ...-t-pass-host-if-we-re-not-using-flat.patch | 24 ++ ...-mkosi.clangd-Fail-on-command-errors.patch | 21 ++ ...-docs-Simplify-hacking-documentation.patch | 210 ++++++++++++++ ...uthselect-systemd-homed-feature-name.patch | 27 ++ ...s-Use-meson-compile-instead-of-ninja.patch | 68 +++++ ...mention-.local-bin-in-section-on-ins.patch | 26 ++ ...osi-update-opensuse-spec-repo-commit.patch | 23 ++ ...osi-update-openSUSE-commit-reference.patch | 25 ++ ...nssl-devel-package-to-openSUSE-tools.patch | 53 ++++ ...github-mirror-of-openSUSE-sources-fr.patch | 144 ++++++++++ ...bling-vcs-tag-via-environment-variab.patch | 65 +++++ ...andbox-in-test-documentation-as-well.patch | 81 ++++++ ...ME-s-Ubuntu-CI-section-for-mkosi-cha.patch | 83 ++++++ 0076-mkosi-Add-docbook-tools.patch | 67 +++++ ...ectories-in-debian-not-installed-cor.patch | 31 +++ ...packaged-files-in-the-debian-package.patch | 23 ++ 0079-mkosi-Update-to-latest.patch | 205 ++++++++++++++ ...mkosi-Make-path-exclude-more-generic.patch | 33 +++ ...ckit-Move-fmf-metadata-into-upstream.patch | 183 ++++++++++++ ...precated-settings-and-command-with-n.patch | 66 +++++ ...kosi-Migrate-more-deprecated-options.patch | 63 +++++ 0084-ci-Rename-qemu-variable-to-vm.patch | 88 ++++++ ...-Insist-on-mkosi-sha-being-available.patch | 43 +++ ...ng-used-downstream-in-dist-git-tests.patch | 75 +++++ ...when-AddDependencyUnitFiles-is-calle.patch | 35 +++ 0088-repart-Use-streq_ptr.patch | 25 ++ ...-sd-device-add-missing-debugging-log.patch | 25 ++ ...lidation-for-devices-under-sys-firmw.patch | 67 +++++ ...ns-lnrr-when-config-changes-to-disab.patch | 73 +++++ ...-util-don-t-attempt-to-fiemap-fd-if-.patch | 48 ++++ ...-util-handle-the-case-where-no-swap-.patch | 45 +++ ...not-load-locale-from-environemnt-whe.patch | 30 ++ ...GC-machine-when-no-leader-PID-is-set.patch | 36 +++ ...-use-after-free-in-varlink-interface.patch | 131 +++++++++ ...rialize-fix-serialization-of-markers.patch | 30 ++ ...mdadm-create-question-for-compat-wit.patch | 84 ++++++ ...-the-entry-for-Logitech-MX-Keys-for-.patch | 38 +++ 0100-mkosi-Install-which-in-build-image.patch | 22 ++ 0101-packit-Simplify-configuration.patch | 62 +++++ ...mf-Check-out-target-branch-in-packit.patch | 23 ++ 0103-stdio-bridge-fix-polled-fds.patch | 33 +++ 0104-Revert-mkosi-Fix-opensuse-build.patch | 28 ++ ...low-integration-to-build-packages-on.patch | 33 +++ ...s-also-trigger-Fedora-package-builds.patch | 29 ++ ...ignore-ENOENT-in-checking-inhibitors.patch | 31 +++ ...nly-ignore-ENOENT-in-checking-inhibi.patch | 33 +++ ...invocation-and-list-invocations-acce.patch | 113 ++++++++ 0110-meson-bump-version-to-257.2.patch | 16 ++ ...workflows-to-run-on-source-git-setup.patch | 2 +- ... 0112-ci-setup-source-git-automation.patch | 2 +- 0113-ci-reconfigure-Packit-for-RHEL-10.patch | 67 +++++ ...eate-user-journals-for-users-with-hi.patch | 2 +- ...-tmpfiles-make-purge-hard-to-mis-use.patch | 2 +- ...-use-system-auth-in-pam-systemd-user.patch | 2 +- ...e-start-rhel10-naming-and-include-rh.patch | 2 +- ...les-copy-40-redhat.rules-from-RHEL-9.patch | 2 +- ...nd-set-RemoveIPC-to-false-by-default.patch | 2 +- ...reate-resolv.conf-stub-resolv.conf-s.patch | 2 +- ...al-order-after-network-online.target.patch | 2 +- ...il-increase-random-seed-size-to-1024.patch | 2 +- ...able-systemd-journald-audit.socket-b.patch | 2 +- ...f-don-t-touch-current-audit-settings.patch | 2 +- ...evator-kernel-command-line-parameter.patch | 2 +- ...tTasksMax-to-80-of-the-kernel-pid.ma.patch | 2 +- ...ink-change-the-default-MACAddressPol.patch | 2 +- ...g-level-of-messages-about-use-of-Kil.patch | 2 +- ...ch => 0129-taint-remove-unmerged-bin.patch | 2 +- ...atch => 0130-presets-remove-resolved.patch | 2 +- ...st-only-for-Fedora-and-CentOS-Stream.patch | 14 +- ...aint-remove-unused-variable-usr_sbin.patch | 2 +- ...ackit-drop-the-libarchive-workaround.patch | 6 +- ...ult-process-and-store-core-files-up-.patch | 2 +- ...mounted-as-tmpfs-without-the-user-s-.patch | 2 +- ...nit-don-t-add-Requires-for-tmp.mount.patch | 2 +- ...its-add-Install-section-to-tmp.mount.patch | 2 +- ...le-tmp.mount-statically-in-local-fs..patch | 2 +- ...if-naming-scheme-add-rhel-9.5-scheme.patch | 2 +- ...eme-rename-rhel-10.0-to-rhel-10.0.be.patch | 2 +- ...eme-disable-NAMING_FIRMWARE_NODE_SUN.patch | 2 +- ...ng-scheme-introduce-rhel-10.0-scheme.patch | 2 +- ...introduce-naming-scheme-for-RHEL-9.6.patch | 58 ++++ sources | 2 +- systemd.spec | 181 +++++++++--- 147 files changed, 6443 insertions(+), 134 deletions(-) create mode 100644 0001-Create-CNAME.patch create mode 100644 0002-sd-json-sd-varlink-drop-unexported-functions-from-pu.patch delete mode 100644 0003-ci-reconfigure-Packit-for-RHEL-10.patch create mode 100644 0003-test-modernize-generate-sym-test.py.patch create mode 100644 0004-test-also-generate-list-of-symbols-from-header-files.patch create mode 100644 0005-man-systemd-cryptenroll-sort-fido2-credential-algori.patch create mode 100644 0006-analyze-tab-fix.patch create mode 100644 0007-analyze-add-missing-mask-option-to-help-text.patch create mode 100644 0008-test-set-nsec3-salt-length-8-in-knot.conf.patch create mode 100644 0009-test-capability-CAP_LINUX_IMMUTABLE-is-not-available.patch create mode 100644 0010-test-fd-util-skip-test-when-lacking-privileges-to-cr.patch create mode 100644 0011-test-fd-util-compare-FDs-to-bin-sh-instead-of-dev-nu.patch create mode 100644 0012-mkosi-use-inetutils-package-instead-of-hostname-for-.patch create mode 100644 0013-man-document-unprivileged-is-not-for-reading-propert.patch create mode 100644 0014-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch create mode 100644 0015-Fixing-VLAN-ranges-in-man-systemd.network.patch create mode 100644 0016-test-bpf-restrict-fs-Migrate-to-new-assertion-macros.patch create mode 100644 0017-man-update-example-in-systemd-measure.xml-35506.patch create mode 100644 0018-systemd-cryptenroll.xml-fix-typo.patch create mode 100644 0019-semaphore-skip-some-tests.patch create mode 100644 0020-shell-completion-add-systemd-creds.patch create mode 100644 0021-core-fix-loading-verity-settings-for-MountImages.patch create mode 100644 0022-test-add-more-coverage-for-extensions-and-verity.patch create mode 100644 0023-README-drop-CentOS-CI-badges.patch create mode 100644 0024-meson.version-change-to-257.1.patch create mode 100644 0025-journalctl-honor-quiet-with-setup-keys.patch create mode 100644 0026-dbus-log-disconnect-on-api-and-system-busses.patch create mode 100644 0027-manager-add-list-of-subscribers-to-dump-info.patch create mode 100644 0028-exec-util-allow-to-invoke-polkit-ask-password-agent-.patch create mode 100644 0029-mkosi-Fix-opensuse-build.patch create mode 100644 0030-units-use-PrivateTmp-disconnected-instead-of-yes-if-.patch create mode 100644 0031-battery-check-parse-options-before-checking-for-kern.patch create mode 100644 0032-test-loop-block-return-77-on-skip-in-more-places.patch create mode 100644 0033-mkosi-update-debian-commit-reference.patch create mode 100644 0033-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch create mode 100644 0034-shell-completion-add-smbios11-verb-to-systemd-analyz.patch create mode 100644 0035-logind-let-system-wide-idle-begin-at-the-time-logind.patch create mode 100644 0036-tmpfiles-reduce-quoting-in-warning-message.patch create mode 100644 0037-semaphore-bump-timeout.patch create mode 100644 0038-Revert-semaphore-skip-some-tests.patch create mode 100644 0039-mkosi-fix-section-for-WithNetwork.patch create mode 100644 0040-test-time-util-fix-truncation-of-usec-to-sec.patch create mode 100644 0041-network-don-t-warn-with-no-NSID-assigned.patch create mode 100644 0042-TEST-35-LOGIN-check-only-tty-session.patch create mode 100644 0043-test-README-Environment-setting-for-mkosi-should-be-.patch create mode 100644 0044-mkosi-temporarily-disable-panic_on_warn.patch create mode 100644 0045-networkd-show-wireguard-private-key-read-error-numbe.patch create mode 100644 0046-systemctl-edit-ignore-ENOENT-from-unit_is_masked.patch create mode 100644 0047-test-skip-TEST-69-SHUTDOWN-on-ubuntu-too.patch create mode 100644 0048-mkosi-Fix-tools-image-package-name.patch create mode 100644 0049-tpm2-util-Also-retry-unsealing-after-policy_pcr-retu.patch create mode 100644 0050-resolved-if-one-transaction-completes-expect-other-t.patch create mode 100644 0051-man-Document-generator-sandbox-environment.patch create mode 100644 0052-ukify-Fix-regression-in-no-sign-kernel-flag.patch create mode 100644 0053-mkosi-switch-debian-ubuntu-to-ci-v257-stable-branch.patch create mode 100644 0054-semaphore-switch-debian-ubuntu-to-ci-v257-stable-bra.patch create mode 100644 0055-Revert-terminal-util-unify-code-that-resets-dev-cons.patch create mode 100644 0056-mkosi-move-config-options.patch create mode 100644 0057-mkosi-Update-to-latest.patch create mode 100644 0058-mkosi-Add-gdb-to-tools-tree.patch create mode 100644 0059-mkosi-Add-libz1-to-opensuse-tools-tree.patch create mode 100644 0060-mkosi-Enable-EPEL-for-CentOS-Stream-tools-tree.patch create mode 100644 0061-mkosi-Use-tools-tree-by-default.patch create mode 100644 0062-mkosi-Use-build-as-extra-search-path-by-default.patch create mode 100644 0063-mkosi.clangd-Don-t-pass-host-if-we-re-not-using-flat.patch create mode 100644 0064-mkosi.clangd-Fail-on-command-errors.patch create mode 100644 0065-docs-Simplify-hacking-documentation.patch create mode 100644 0066-mkosi-Fix-authselect-systemd-homed-feature-name.patch create mode 100644 0067-docs-Use-meson-compile-instead-of-ninja.patch create mode 100644 0068-docs-Explicitly-mention-.local-bin-in-section-on-ins.patch create mode 100644 0069-mkosi-update-opensuse-spec-repo-commit.patch create mode 100644 0070-mkosi-update-openSUSE-commit-reference.patch create mode 100644 0071-mkosi-add-libopenssl-devel-package-to-openSUSE-tools.patch create mode 100644 0072-mkosi-switch-to-github-mirror-of-openSUSE-sources-fr.patch create mode 100644 0073-mkosi-Allow-disabling-vcs-tag-via-environment-variab.patch create mode 100644 0074-docs-Use-mkosi-sandbox-in-test-documentation-as-well.patch create mode 100644 0075-test-update-README-s-Ubuntu-CI-section-for-mkosi-cha.patch create mode 100644 0076-mkosi-Add-docbook-tools.patch create mode 100644 0077-mkosi-Handle-directories-in-debian-not-installed-cor.patch create mode 100644 0078-mkosi-Warn-on-unpackaged-files-in-the-debian-package.patch create mode 100644 0079-mkosi-Update-to-latest.patch create mode 100644 0080-mkosi-Make-path-exclude-more-generic.patch create mode 100644 0081-packit-Move-fmf-metadata-into-upstream.patch create mode 100644 0082-mkosi-replace-deprecated-settings-and-command-with-n.patch create mode 100644 0083-mkosi-Migrate-more-deprecated-options.patch create mode 100644 0084-ci-Rename-qemu-variable-to-vm.patch create mode 100644 0085-fmf-Insist-on-mkosi-sha-being-available.patch create mode 100644 0086-fmf-Support-being-used-downstream-in-dist-git-tests.patch create mode 100644 0087-core-fix-assert-when-AddDependencyUnitFiles-is-calle.patch create mode 100644 0088-repart-Use-streq_ptr.patch create mode 100644 0089-sd-device-add-missing-debugging-log.patch create mode 100644 0090-sd-device-fix-validation-for-devices-under-sys-firmw.patch create mode 100644 0091-resolved-stop-mdns-lnrr-when-config-changes-to-disab.patch create mode 100644 0092-shared-hibernate-util-don-t-attempt-to-fiemap-fd-if-.patch create mode 100644 0093-shared-hibernate-util-handle-the-case-where-no-swap-.patch create mode 100644 0094-locale-setup-do-not-load-locale-from-environemnt-whe.patch create mode 100644 0095-machine-GC-machine-when-no-leader-PID-is-set.patch create mode 100644 0096-creds-fix-use-after-free-in-varlink-interface.patch create mode 100644 0097-core-unit-serialize-fix-serialization-of-markers.patch create mode 100644 0098-test-answer-2nd-mdadm-create-question-for-compat-wit.patch create mode 100644 0099-hwdb-comment-out-the-entry-for-Logitech-MX-Keys-for-.patch create mode 100644 0100-mkosi-Install-which-in-build-image.patch create mode 100644 0101-packit-Simplify-configuration.patch create mode 100644 0102-fmf-Check-out-target-branch-in-packit.patch create mode 100644 0103-stdio-bridge-fix-polled-fds.patch create mode 100644 0104-Revert-mkosi-Fix-opensuse-build.patch create mode 100644 0105-CI-add-OBS-workflow-integration-to-build-packages-on.patch create mode 100644 0106-obs-also-trigger-Fedora-package-builds.patch create mode 100644 0107-systemctl-also-ignore-ENOENT-in-checking-inhibitors.patch create mode 100644 0108-systemctl-certainly-ignore-ENOENT-in-checking-inhibi.patch create mode 100644 0109-journalctl-make-invocation-and-list-invocations-acce.patch create mode 100644 0110-meson-bump-version-to-257.2.patch rename 0001-ci-update-workflows-to-run-on-source-git-setup.patch => 0111-ci-update-workflows-to-run-on-source-git-setup.patch (97%) rename 0002-ci-setup-source-git-automation.patch => 0112-ci-setup-source-git-automation.patch (99%) create mode 100644 0113-ci-reconfigure-Packit-for-RHEL-10.patch rename 0004-journal-again-create-user-journals-for-users-with-hi.patch => 0114-journal-again-create-user-journals-for-users-with-hi.patch (97%) rename 0005-tmpfiles-make-purge-hard-to-mis-use.patch => 0115-tmpfiles-make-purge-hard-to-mis-use.patch (97%) rename 0006-fedora-use-system-auth-in-pam-systemd-user.patch => 0116-fedora-use-system-auth-in-pam-systemd-user.patch (93%) rename 0007-net-naming-scheme-start-rhel10-naming-and-include-rh.patch => 0117-net-naming-scheme-start-rhel10-naming-and-include-rh.patch (99%) rename 0008-rules-copy-40-redhat.rules-from-RHEL-9.patch => 0118-rules-copy-40-redhat.rules-from-RHEL-9.patch (98%) rename 0009-logind-set-RemoveIPC-to-false-by-default.patch => 0119-logind-set-RemoveIPC-to-false-by-default.patch (96%) rename 0010-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch => 0120-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch (95%) rename 0011-rc-local-order-after-network-online.target.patch => 0121-rc-local-order-after-network-online.target.patch (92%) rename 0012-random-util-increase-random-seed-size-to-1024.patch => 0122-random-util-increase-random-seed-size-to-1024.patch (91%) rename 0013-journal-don-t-enable-systemd-journald-audit.socket-b.patch => 0123-journal-don-t-enable-systemd-journald-audit.socket-b.patch (92%) rename 0014-journald.conf-don-t-touch-current-audit-settings.patch => 0124-journald.conf-don-t-touch-current-audit-settings.patch (89%) rename 0015-rules-add-elevator-kernel-command-line-parameter.patch => 0125-rules-add-elevator-kernel-command-line-parameter.patch (96%) rename 0016-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch => 0126-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch (97%) rename 0017-udev-net-setup-link-change-the-default-MACAddressPol.patch => 0127-udev-net-setup-link-change-the-default-MACAddressPol.patch (96%) rename 0018-core-decrease-log-level-of-messages-about-use-of-Kil.patch => 0128-core-decrease-log-level-of-messages-about-use-of-Kil.patch (96%) rename 0019-taint-remove-unmerged-bin.patch => 0129-taint-remove-unmerged-bin.patch (98%) rename 0020-presets-remove-resolved.patch => 0130-presets-remove-resolved.patch (93%) rename 0021-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch => 0131-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch (89%) rename 0022-taint-remove-unused-variable-usr_sbin.patch => 0132-taint-remove-unused-variable-usr_sbin.patch (93%) rename 0023-packit-drop-the-libarchive-workaround.patch => 0133-packit-drop-the-libarchive-workaround.patch (87%) rename 0024-coredump-by-default-process-and-store-core-files-up-.patch => 0134-coredump-by-default-process-and-store-core-files-up-.patch (92%) rename 0025-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch => 0135-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch (92%) rename 0026-unit-don-t-add-Requires-for-tmp.mount.patch => 0136-unit-don-t-add-Requires-for-tmp.mount.patch (96%) rename 0027-units-add-Install-section-to-tmp.mount.patch => 0137-units-add-Install-section-to-tmp.mount.patch (90%) rename 0028-units-don-t-enable-tmp.mount-statically-in-local-fs..patch => 0138-units-don-t-enable-tmp.mount-statically-in-local-fs..patch (92%) rename 0029-netif-naming-scheme-add-rhel-9.5-scheme.patch => 0139-netif-naming-scheme-add-rhel-9.5-scheme.patch (97%) rename 0030-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch => 0140-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch (97%) rename 0031-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch => 0141-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch (94%) rename 0032-netif-naming-scheme-introduce-rhel-10.0-scheme.patch => 0142-netif-naming-scheme-introduce-rhel-10.0-scheme.patch (97%) create mode 100644 0143-udev-net_id-introduce-naming-scheme-for-RHEL-9.6.patch diff --git a/0001-Create-CNAME.patch b/0001-Create-CNAME.patch new file mode 100644 index 0000000..82f7ad2 --- /dev/null +++ b/0001-Create-CNAME.patch @@ -0,0 +1,18 @@ +From 217666530e117eafbed9af56e2e7ab467c02a405 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Tue, 10 Dec 2024 19:39:23 +0000 +Subject: [PATCH] Create CNAME + +--- + docs/CNAME | 1 + + 1 file changed, 1 insertion(+) + create mode 100644 docs/CNAME + +diff --git a/docs/CNAME b/docs/CNAME +new file mode 100644 +index 0000000000..cdcf4d9a52 +--- /dev/null ++++ b/docs/CNAME +@@ -0,0 +1 @@ ++systemd.io +\ No newline at end of file diff --git a/0002-sd-json-sd-varlink-drop-unexported-functions-from-pu.patch b/0002-sd-json-sd-varlink-drop-unexported-functions-from-pu.patch new file mode 100644 index 0000000..4fd4df8 --- /dev/null +++ b/0002-sd-json-sd-varlink-drop-unexported-functions-from-pu.patch @@ -0,0 +1,56 @@ +From d7eeb60cdff19e3b2a69cc14118e65e7bfe96421 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 12 Dec 2024 19:42:48 +0900 +Subject: [PATCH] sd-json,sd-varlink: drop unexported functions from public + headers + +These functions are exported by e11f5aa7226253bf31b2ed61be8599bb213c1819 +and 5fcabde35b8d2592e4ba3f4915839a54d2f246ba in upstream after v257. + +Fixes #35554 in v257. +--- + src/libsystemd/sd-json/json-util.h | 3 +++ + src/systemd/sd-json.h | 3 --- + src/systemd/sd-varlink.h | 1 - + 3 files changed, 3 insertions(+), 4 deletions(-) + +diff --git a/src/libsystemd/sd-json/json-util.h b/src/libsystemd/sd-json/json-util.h +index 808df64d98..b3b4941dcc 100644 +--- a/src/libsystemd/sd-json/json-util.h ++++ b/src/libsystemd/sd-json/json-util.h +@@ -8,6 +8,9 @@ + #include "macro.h" + #include "pidref.h" + ++const char* sd_json_variant_type_to_string(sd_json_variant_type_t t); ++sd_json_variant_type_t sd_json_variant_type_from_string(const char *s); ++ + #define JSON_VARIANT_REPLACE(v, q) \ + do { \ + typeof(v)* _v = &(v); \ +diff --git a/src/systemd/sd-json.h b/src/systemd/sd-json.h +index 3930d82b0d..33817f2327 100644 +--- a/src/systemd/sd-json.h ++++ b/src/systemd/sd-json.h +@@ -339,9 +339,6 @@ int sd_json_variant_strv(sd_json_variant *v, char ***ret); + int sd_json_variant_unbase64(sd_json_variant *v, void **ret, size_t *ret_size); + int sd_json_variant_unhex(sd_json_variant *v, void **ret, size_t *ret_size); + +-const char* sd_json_variant_type_to_string(sd_json_variant_type_t t); +-sd_json_variant_type_t sd_json_variant_type_from_string(const char *s); +- + _sd_const_ static __inline__ int sd_json_format_enabled(sd_json_format_flags_t flags) { + return !(flags & SD_JSON_FORMAT_OFF); + } +diff --git a/src/systemd/sd-varlink.h b/src/systemd/sd-varlink.h +index 816b9b0ebf..17cf8b7386 100644 +--- a/src/systemd/sd-varlink.h ++++ b/src/systemd/sd-varlink.h +@@ -184,7 +184,6 @@ int sd_varlink_dispatch(sd_varlink *v, sd_json_variant *parameters, const sd_jso + /* Write outgoing fds into the socket (to be associated with the next enqueued message) */ + int sd_varlink_push_fd(sd_varlink *v, int fd); + int sd_varlink_push_dup_fd(sd_varlink *v, int fd); +-int sd_varlink_reset_fds(sd_varlink *v); + + /* Read incoming fds from the socket (associated with the currently handled message) */ + int sd_varlink_peek_fd(sd_varlink *v, size_t i); diff --git a/0003-ci-reconfigure-Packit-for-RHEL-10.patch b/0003-ci-reconfigure-Packit-for-RHEL-10.patch deleted file mode 100644 index e9f479b..0000000 --- a/0003-ci-reconfigure-Packit-for-RHEL-10.patch +++ /dev/null @@ -1,61 +0,0 @@ -From ec05646d8b34762d270ab8d3f703e06828ed0a03 Mon Sep 17 00:00:00 2001 -From: Jan Macku -Date: Fri, 17 May 2024 13:55:40 +0200 -Subject: [PATCH] ci: reconfigure Packit for RHEL 10 - -rhel-only: ci - -Related: RHEL-36636 ---- - .packit.yml | 28 +++++++++------------------- - 1 file changed, 9 insertions(+), 19 deletions(-) - -diff --git a/.packit.yml b/.packit.yml -index 2dcc9e86ca..340c6992ec 100644 ---- a/.packit.yml -+++ b/.packit.yml -@@ -24,14 +24,12 @@ actions: - - "bash -ec 'git describe --tags --abbrev=0 | cut -b 2-'" - - post-upstream-clone: -- # Use the Fedora Rawhide specfile -- - "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1" -+ # Use the CentOS Stream 10 specfile -+ - "git clone -b c10s https://gitlab.com/redhat/centos-stream/rpms/systemd.git .packit_rpm --depth=1" - # Drop the "sources" file so rebase-helper doesn't think we're a dist-git - - "rm -fv .packit_rpm/sources" -- # Drop backported patches from the specfile, but keep the downstream-only ones -- # - Patch(0000-0499): backported patches from upstream -- # - Patch0500-9999: downstream-only patches -- - "sed -ri '/^Patch(0[0-4]?[0-9]{0,2})?\\:.+\\.patch/d' .packit_rpm/systemd.spec" -+ # Drop all patches, since they're already included in the tarball -+ - "sed -ri '/^Patch[0-9]+:/d' .packit_rpm/systemd.spec" - # Build the RPM with --werror. Even though --werror doesn't work in all - # cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the - # RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]). -@@ -45,20 +43,12 @@ actions: - # until the change propagates to Rawhide's specfile - - "sed -ri '0,/^BuildRequires: .+$/s//&\\nBuildRequires: libarchive-devel\\nRequires: libarchive/' .packit_rpm/systemd.spec" - -+# Available targets can be listed via `copr-cli list-chroots` - jobs: - - job: copr_build - trigger: pull_request - targets: -- - fedora-rawhide-aarch64 -- - fedora-rawhide-i386 -- - fedora-rawhide-ppc64le -- - fedora-rawhide-s390x -- - fedora-rawhide-x86_64 -- --- job: tests -- trigger: pull_request -- fmf_url: https://src.fedoraproject.org/tests/systemd -- fmf_ref: main -- tmt_plan: ci -- targets: -- - fedora-rawhide-x86_64 -+ - centos-stream-10-aarch64 -+ - centos-stream-10-ppc64le -+ - centos-stream-10-s390x -+ - centos-stream-10-x86_64 diff --git a/0003-test-modernize-generate-sym-test.py.patch b/0003-test-modernize-generate-sym-test.py.patch new file mode 100644 index 0000000..63992f8 --- /dev/null +++ b/0003-test-modernize-generate-sym-test.py.patch @@ -0,0 +1,195 @@ +From e231110a641237817490785bdf3e96df1de524e2 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 12 Dec 2024 10:01:48 +0900 +Subject: [PATCH] test: modernize generate-sym-test.py + +(cherry picked from commit 6e399ece1fd6dc8cbf5830c263a118b58d36acac) +--- + src/test/generate-sym-test.py | 107 +++++++++++++++++++++------------- + 1 file changed, 67 insertions(+), 40 deletions(-) + +diff --git a/src/test/generate-sym-test.py b/src/test/generate-sym-test.py +index 2e5177c934..24223aa7b0 100755 +--- a/src/test/generate-sym-test.py ++++ b/src/test/generate-sym-test.py +@@ -1,78 +1,99 @@ + #!/usr/bin/env python3 + # SPDX-License-Identifier: LGPL-2.1-or-later ++# ++# ruff: noqa: E501 UP015 + + import os + import re + import sys ++from typing import IO + +-def process_sym_file(file): ++ ++def process_sym_file(file: IO[str]) -> None: + for line in file: + m = re.search(r'^ +([a-zA-Z0-9_]+);', line) + if m: + if m[1] == 'sd_bus_object_vtable_format': +- print(' {{"{0}", &{0}}},'.format(m[1])) ++ print(f' {{ "{m[1]}", &{m[1]} }},') + else: +- print(' {{"{0}", {0}}},'.format(m[1])) ++ print(f' {{ "{m[1]}", {m[1]} }},') ++ + +-def process_source_file(file): ++def process_source_file(file: IO[str]) -> None: + for line in file: + # Functions + m = re.search(r'^_public_\s+(\S+\s+)+\**(\w+)\s*\(', line) + if m: +- print(' {{ "{0}", {0} }},'.format(m[2])) ++ print(f' {{ "{m[2]}", {m[2]} }},') ++ continue ++ + # Variables + m = re.search(r'^_public_\s+(\S+\s+)+\**(\w+)\s*=', line) + if m: +- print(' {{ "{0}", &{0} }},'.format(m[2])) ++ print(f' {{ "{m[2]}", &{m[2]} }},') ++ continue ++ + # Functions defined through a macro + m = re.search(r'^DEFINE_PUBLIC_TRIVIAL_REF_FUNC\([^,]+,\s*(\w+)\s*\)', line) + if m: +- print(' {{ "{0}_ref", {0}_ref }},'.format(m[1])) ++ print(f' {{ "{m[1]}_ref", {m[1]}_ref }},') ++ continue ++ + m = re.search(r'^DEFINE_PUBLIC_TRIVIAL_UNREF_FUNC\([^,]+,\s*(\w+)\s*,', line) + if m: +- print(' {{ "{0}_unref", {0}_unref }},'.format(m[1])) +- m = re.search(r"^DEFINE_PUBLIC_TRIVIAL_REF_UNREF_FUNC\([^,]+,\s*(\w+)\s*,", line) ++ print(f' {{ "{m[1]}_unref", {m[1]}_unref }},') ++ continue ++ ++ m = re.search(r'^DEFINE_PUBLIC_TRIVIAL_REF_UNREF_FUNC\([^,]+,\s*(\w+)\s*,', line) ++ if m: ++ print(f' {{ "{m[1]}_ref", {m[1]}_ref }},') ++ print(f' {{ "{m[1]}_unref", {m[1]}_unref }},') ++ continue ++ ++ m = re.search(r'^_DEFINE_STRING_TABLE_LOOKUP\((\w+),\s*\w+,\s*_public_\s*\)', line) + if m: +- print(' {{ "{0}_ref", {0}_ref }},'.format(m[1])) +- print(' {{ "{0}_unref", {0}_unref }},'.format(m[1])) ++ print(f' {{ "{m[1]}_from_string", {m[1]}_from_string }},') ++ print(f' {{ "{m[1]}_to_string", {m[1]}_to_string }},') ++ continue + +-print('''/* SPDX-License-Identifier: LGPL-2.1-or-later */ ++ ++print("""/* SPDX-License-Identifier: LGPL-2.1-or-later */ + + #include + #include + #include + +-''') ++""") + + for header in sys.argv[3:]: + print('#include "{}"'.format(header.split('/')[-1])) + +-print(''' ++print(""" + /* We want to check deprecated symbols too, without complaining */ + #pragma GCC diagnostic ignored "-Wdeprecated-declarations" +-''') ++""") + +-print(''' ++print(""" + struct symbol { + const char *name; + const void *symbol; + }; +-static struct symbol symbols_from_sym[] = {''') ++static struct symbol symbols_from_sym[] = {""") + +-with open(sys.argv[1], "r") as f: ++with open(sys.argv[1], 'r') as f: + process_sym_file(f) + +-print(''' {} +-}, symbols_from_source[] = {''') ++print(""" {} ++}, symbols_from_source[] = {""") + + for dirpath, _, filenames in sorted(os.walk(sys.argv[2])): + for filename in sorted(filenames): +- if not filename.endswith(".c") and not filename.endswith(".h"): ++ if not filename.endswith('.c') and not filename.endswith('.h'): + continue +- with open(os.path.join(dirpath, filename), "r") as f: ++ with open(os.path.join(dirpath, filename), 'r') as f: + process_source_file(f) + +-print(''' {} ++print(""" {} + }; + + static int sort_callback(const void *a, const void *b) { +@@ -81,34 +102,40 @@ static int sort_callback(const void *a, const void *b) { + } + + int main(void) { +- size_t i, j; ++ size_t size = sizeof(symbols_from_sym[0]), ++ n_sym = sizeof(symbols_from_sym)/sizeof(symbols_from_sym[0]) - 1, ++ n_source = sizeof(symbols_from_source)/sizeof(symbols_from_source[0]) - 1; + +- qsort(symbols_from_sym, sizeof(symbols_from_sym)/sizeof(symbols_from_sym[0])-1, sizeof(symbols_from_sym[0]), sort_callback); +- qsort(symbols_from_source, sizeof(symbols_from_source)/sizeof(symbols_from_source[0])-1, sizeof(symbols_from_source[0]), sort_callback); ++ qsort(symbols_from_sym, n_sym, size, sort_callback); ++ qsort(symbols_from_source, n_source, size, sort_callback); + + puts("From symbol file:"); +- for (i = 0; symbols_from_sym[i].name; i++) ++ for (size_t i = 0; i < n_sym; i++) + printf("%p: %s\\n", symbols_from_sym[i].symbol, symbols_from_sym[i].name); + + puts("\\nFrom source files:"); +- for (j = 0; symbols_from_source[j].name; j++) +- printf("%p: %s\\n", symbols_from_source[j].symbol, symbols_from_source[j].name); ++ for (size_t i = 0; i < n_source; i++) ++ printf("%p: %s\\n", symbols_from_source[i].symbol, symbols_from_source[i].name); + + puts(""); +- printf("Found %zu symbols from symbol file.\\n", i); +- printf("Found %zu symbols from source files.\\n", j); ++ printf("Found %zu symbols from symbol file.\\n", n_sym); ++ printf("Found %zu symbols from source files.\\n", n_source); ++ ++ unsigned n_error = 0; + +- for (i = 0; symbols_from_sym[i].name; i++) { +- struct symbol *n = bsearch(symbols_from_sym+i, symbols_from_source, sizeof(symbols_from_source)/sizeof(symbols_from_source[0])-1, sizeof(symbols_from_source[0]), sort_callback); +- if (!n) ++ for (size_t i = 0; i < n_sym; i++) { ++ if (!bsearch(symbols_from_sym+i, symbols_from_source, n_source, size, sort_callback)) { + printf("Found in symbol file, but not in sources: %s\\n", symbols_from_sym[i].name); ++ n_error++; ++ } + } + +- for (j = 0; symbols_from_source[j].name; j++) { +- struct symbol *n = bsearch(symbols_from_source+j, symbols_from_sym, sizeof(symbols_from_sym)/sizeof(symbols_from_sym[0])-1, sizeof(symbols_from_sym[0]), sort_callback); +- if (!n) +- printf("Found in sources, but not in symbol file: %s\\n", symbols_from_source[j].name); ++ for (size_t i = 0; i < n_source; i++) { ++ if (!bsearch(symbols_from_source+i, symbols_from_sym, n_sym, size, sort_callback)) { ++ printf("Found in source file, but not in symbol file: %s\\n", symbols_from_source[i].name); ++ n_error++; ++ } + } + +- return i == j ? EXIT_SUCCESS : EXIT_FAILURE; +-}''') ++ return n_error == 0 ? EXIT_SUCCESS : EXIT_FAILURE; ++}""") diff --git a/0004-test-also-generate-list-of-symbols-from-header-files.patch b/0004-test-also-generate-list-of-symbols-from-header-files.patch new file mode 100644 index 0000000..9b9165c --- /dev/null +++ b/0004-test-also-generate-list-of-symbols-from-header-files.patch @@ -0,0 +1,142 @@ +From 1601149c5b14ed9e6e34b46ddb2ba3006b5f5315 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 12 Dec 2024 13:18:59 +0900 +Subject: [PATCH] test: also generate list of symbols from header files + +To make the generated tests able to detect issues like #35554. + +(cherry picked from commit 0b39dc23ba2d8d3e99f5dc30c3da5d0f6baf10d7) +--- + src/test/generate-sym-test.py | 74 +++++++++++++++++++++++++++++++++++ + 1 file changed, 74 insertions(+) + +diff --git a/src/test/generate-sym-test.py b/src/test/generate-sym-test.py +index 24223aa7b0..7b5ded936c 100755 +--- a/src/test/generate-sym-test.py ++++ b/src/test/generate-sym-test.py +@@ -19,6 +19,47 @@ def process_sym_file(file: IO[str]) -> None: + print(f' {{ "{m[1]}", {m[1]} }},') + + ++def process_header_file(file: IO[str]) -> None: ++ for line in file: ++ if ( ++ line.startswith('#') ++ or line.startswith('typedef') ++ or line.startswith('extern "C"') ++ or line.startswith('__extension__') ++ or line.startswith('/*') ++ or ' __inline__ ' in line ++ or re.search(r'^\s+', line) ++ ): ++ continue ++ ++ m = re.search(r'^(.*)\s*__attribute__', line) ++ if m: ++ line = m[1] ++ ++ m = re.search(r'^(.*)\s*_sd_printf_', line) ++ if m: ++ line = m[1] ++ ++ # Functions ++ m = re.search(r'^(\S+\s+)+\**(\w+)\s*\(', line) ++ if m: ++ print(f' {{ "{m[2]}", {m[2]} }},') ++ continue ++ ++ # Variables ++ m = re.search(r'^extern\s', line) ++ if m: ++ n = line.split()[-1].rstrip(';') ++ print(f' {{ "{n}", &{n} }},') ++ continue ++ ++ # Functions defined by macro ++ m = re.search(r'_SD_DEFINE_POINTER_CLEANUP_FUNC\(\w+,\s*(\w+)\)', line) ++ if m: ++ print(f' {{ "{m[1]}", {m[1]} }},') ++ continue ++ ++ + def process_source_file(file: IO[str]) -> None: + for line in file: + # Functions +@@ -83,6 +124,13 @@ static struct symbol symbols_from_sym[] = {""") + with open(sys.argv[1], 'r') as f: + process_sym_file(f) + ++print(""" {} ++}, symbols_from_header[] = {""") ++ ++for header in sys.argv[3:]: ++ with open(header, 'r') as f: ++ process_header_file(f) ++ + print(""" {} + }, symbols_from_source[] = {""") + +@@ -104,37 +152,63 @@ static int sort_callback(const void *a, const void *b) { + int main(void) { + size_t size = sizeof(symbols_from_sym[0]), + n_sym = sizeof(symbols_from_sym)/sizeof(symbols_from_sym[0]) - 1, ++ n_header = sizeof(symbols_from_header)/sizeof(symbols_from_header[0]) - 1, + n_source = sizeof(symbols_from_source)/sizeof(symbols_from_source[0]) - 1; + + qsort(symbols_from_sym, n_sym, size, sort_callback); ++ qsort(symbols_from_header, n_header, size, sort_callback); + qsort(symbols_from_source, n_source, size, sort_callback); + + puts("From symbol file:"); + for (size_t i = 0; i < n_sym; i++) + printf("%p: %s\\n", symbols_from_sym[i].symbol, symbols_from_sym[i].name); + ++ puts("\\nFrom header files:"); ++ for (size_t i = 0; i < n_header; i++) ++ printf("%p: %s\\n", symbols_from_header[i].symbol, symbols_from_header[i].name); ++ + puts("\\nFrom source files:"); + for (size_t i = 0; i < n_source; i++) + printf("%p: %s\\n", symbols_from_source[i].symbol, symbols_from_source[i].name); + + puts(""); + printf("Found %zu symbols from symbol file.\\n", n_sym); ++ printf("Found %zu symbols from header files.\\n", n_header); + printf("Found %zu symbols from source files.\\n", n_source); + + unsigned n_error = 0; + + for (size_t i = 0; i < n_sym; i++) { ++ if (!bsearch(symbols_from_sym+i, symbols_from_header, n_header, size, sort_callback)) { ++ printf("Found in symbol file, but not in headers: %s\\n", symbols_from_sym[i].name); ++ n_error++; ++ } + if (!bsearch(symbols_from_sym+i, symbols_from_source, n_source, size, sort_callback)) { + printf("Found in symbol file, but not in sources: %s\\n", symbols_from_sym[i].name); + n_error++; + } + } + ++ for (size_t i = 0; i < n_header; i++) { ++ if (!bsearch(symbols_from_header+i, symbols_from_sym, n_sym, size, sort_callback)) { ++ printf("Found in header file, but not in symbol file: %s\\n", symbols_from_header[i].name); ++ n_error++; ++ } ++ if (!bsearch(symbols_from_header+i, symbols_from_source, n_source, size, sort_callback)) { ++ printf("Found in header file, but not in sources: %s\\n", symbols_from_header[i].name); ++ n_error++; ++ } ++ } ++ + for (size_t i = 0; i < n_source; i++) { + if (!bsearch(symbols_from_source+i, symbols_from_sym, n_sym, size, sort_callback)) { + printf("Found in source file, but not in symbol file: %s\\n", symbols_from_source[i].name); + n_error++; + } ++ if (!bsearch(symbols_from_source+i, symbols_from_header, n_header, size, sort_callback)) { ++ printf("Found in source file, but not in header: %s\\n", symbols_from_source[i].name); ++ n_error++; ++ } + } + + return n_error == 0 ? EXIT_SUCCESS : EXIT_FAILURE; diff --git a/0005-man-systemd-cryptenroll-sort-fido2-credential-algori.patch b/0005-man-systemd-cryptenroll-sort-fido2-credential-algori.patch new file mode 100644 index 0000000..58f10da --- /dev/null +++ b/0005-man-systemd-cryptenroll-sort-fido2-credential-algori.patch @@ -0,0 +1,65 @@ +From 2f2cd7a8657ebc7cdbddabe1166cbdcb94d66995 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Wed, 11 Dec 2024 07:32:04 +0100 +Subject: [PATCH] man/systemd-cryptenroll: sort --fido2-credential-algorithm + after --fido2-device + +And also fix a typo. + +(cherry picked from commit 62b7b70bb78f85198509b3327cb29b83ed9218ec) +--- + man/systemd-cryptenroll.xml | 32 ++++++++++++++++---------------- + 1 file changed, 16 insertions(+), 16 deletions(-) + +diff --git a/man/systemd-cryptenroll.xml b/man/systemd-cryptenroll.xml +index 83f8b2d8a1..f3c23adfd0 100644 +--- a/man/systemd-cryptenroll.xml ++++ b/man/systemd-cryptenroll.xml +@@ -384,24 +384,9 @@ + + FIDO2 Enrollment + +- The following options are understood that may be used to enroll PKCS#11 tokens: ++ The following options are understood that may be used to enroll FIDO2 tokens: + + +- +- +- Specify COSE algorithm used in credential generation. The default value is +- es256. Supported values are es256, rs256 +- and eddsa. +- +- es256 denotes ECDSA over NIST P-256 with SHA-256. rs256 +- denotes 2048-bit RSA with PKCS#1.5 padding and SHA-256. eddsa denotes +- EDDSA over Curve25519 with SHA-512. +- +- Note that your authenticator may choose not to support some algorithms. +- +- +- +- + + + +@@ -428,6 +413,21 @@ + + + ++ ++ ++ Specify COSE algorithm used in credential generation. The default value is ++ es256. Supported values are es256, rs256 ++ and eddsa. ++ ++ es256 denotes ECDSA over NIST P-256 with SHA-256. rs256 ++ denotes 2048-bit RSA with PKCS#1.5 padding and SHA-256. eddsa denotes ++ EDDSA over Curve25519 with SHA-512. ++ ++ Note that your authenticator may choose not to support some algorithms. ++ ++ ++ ++ + + + diff --git a/0006-analyze-tab-fix.patch b/0006-analyze-tab-fix.patch new file mode 100644 index 0000000..60a25d8 --- /dev/null +++ b/0006-analyze-tab-fix.patch @@ -0,0 +1,23 @@ +From f4215e7909a74e01f3275c8537d9574924aefa4c Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 11 Dec 2024 10:31:41 +0100 +Subject: [PATCH] analyze: tab fix + +(cherry picked from commit 7167bee6c672f9a0729631ba1f7459dd5e18f549) +--- + src/analyze/analyze-plot.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/analyze/analyze-plot.c b/src/analyze/analyze-plot.c +index c50343d71c..20d6811f9b 100644 +--- a/src/analyze/analyze-plot.c ++++ b/src/analyze/analyze-plot.c +@@ -170,7 +170,7 @@ static void plot_tooltip(const UnitTimes *ut) { + svg("%s:\n", ut->name); + svg("Activating: %"PRI_USEC".%.3"PRI_USEC"\n", ut->activating / USEC_PER_SEC, ut->activating % USEC_PER_SEC); + svg("Activated: %"PRI_USEC".%.3"PRI_USEC"\n", ut->activated / USEC_PER_SEC, ut->activated % USEC_PER_SEC); +- ++ + UnitDependency i; + FOREACH_ARGUMENT(i, UNIT_AFTER, UNIT_BEFORE, UNIT_REQUIRES, UNIT_REQUISITE, UNIT_WANTS, UNIT_CONFLICTS, UNIT_UPHOLDS) + if (!strv_isempty(ut->deps[i])) { diff --git a/0007-analyze-add-missing-mask-option-to-help-text.patch b/0007-analyze-add-missing-mask-option-to-help-text.patch new file mode 100644 index 0000000..604b9b3 --- /dev/null +++ b/0007-analyze-add-missing-mask-option-to-help-text.patch @@ -0,0 +1,24 @@ +From bbeb07ad24f5a4e2e391dc761fa05f3b39b29077 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 11 Dec 2024 10:31:58 +0100 +Subject: [PATCH] analyze: add missing --mask option to --help text + +Follow-up for: 3e7a029c2856e7814b930443cc2d4fb089377592 + +(cherry picked from commit 4d09f976f6c10729619c7f4c87dd121aa34d019b) +--- + src/analyze/analyze.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c +index 0db3547a49..e21f12c65e 100644 +--- a/src/analyze/analyze.c ++++ b/src/analyze/analyze.c +@@ -284,6 +284,7 @@ static int help(int argc, char *argv[], void *userdata) { + " --root=PATH Operate on an alternate filesystem root\n" + " --image=PATH Operate on disk image as filesystem root\n" + " --image-policy=POLICY Specify disk image dissection policy\n" ++ " -m --mask Parse parameter as numeric capability mask\n" + "\nSee the %2$s for details.\n", + program_invocation_short_name, + link, diff --git a/0008-test-set-nsec3-salt-length-8-in-knot.conf.patch b/0008-test-set-nsec3-salt-length-8-in-knot.conf.patch new file mode 100644 index 0000000..8c67cec --- /dev/null +++ b/0008-test-set-nsec3-salt-length-8-in-knot.conf.patch @@ -0,0 +1,29 @@ +From 1b945fb1a727f85be9230e43d2fdaf78d2567946 Mon Sep 17 00:00:00 2001 +From: Nick Rosbrook +Date: Tue, 10 Dec 2024 16:48:59 -0500 +Subject: [PATCH] test: set nsec3-salt-length=8 in knot.conf + +TEST-75-RESOLVED fails on Ubuntu autopkgtest due to this warning from +knot: + + notice: config, policy 'auto_rollover_nsec3' depends on default nsec3-salt-length=8, since version 3.5 the default becomes 0 + +Explicitly set nsec3-salt-length=8 to silence. + +(cherry picked from commit 59e5108fb4e61957cb40bb15ac7966d085d13af2) +--- + test/knot-data/knot.conf | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/test/knot-data/knot.conf b/test/knot-data/knot.conf +index b8b9e7925d..6d177d7285 100644 +--- a/test/knot-data/knot.conf ++++ b/test/knot-data/knot.conf +@@ -60,6 +60,7 @@ policy: + ksk-submission: parent_zone_sbm + nsec3-iterations: 0 + nsec3: on ++ nsec3-salt-length: 8 + propagation-delay: 1s + signing-threads: 4 + zone-max-ttl: 1s diff --git a/0009-test-capability-CAP_LINUX_IMMUTABLE-is-not-available.patch b/0009-test-capability-CAP_LINUX_IMMUTABLE-is-not-available.patch new file mode 100644 index 0000000..5ba1267 --- /dev/null +++ b/0009-test-capability-CAP_LINUX_IMMUTABLE-is-not-available.patch @@ -0,0 +1,44 @@ +From d80ab6aed678ed89327d86ced9fedd24b5baccd3 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Wed, 11 Dec 2024 12:10:13 +0000 +Subject: [PATCH] test-capability: CAP_LINUX_IMMUTABLE is not available in + unprivileged containers + +have ambient caps: yes +Capabilities:cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep +Failed to drop auxiliary groups list: Operation not permitted +Failed to change group ID: Operation not permitted +Capabilities:cap_dac_override,cap_net_raw=ep +Capabilities:cap_dac_override=ep +Successfully forked off '(getambient)' as PID 12505. +Skipping PR_SET_MM, as we don't have privileges. +Ambient capability cap_linux_immutable requested but missing from bounding set, suppressing automatically. +Assertion 'x < 0 || FLAGS_SET(c, UINT64_C(1) << CAP_LINUX_IMMUTABLE)' failed at src/test/test-capability.c:273, function test_capability_get_ambient(). Aborting. +(getambient) terminated by signal ABRT. +src/test/test-capability.c:258: Assertion failed: expected "r" to succeed, but got error: Protocol error + +Partially fixes #35552 + +(cherry picked from commit 058a07635f3ff70cc99943dcf4f2a079bc9c28b9) +--- + src/test/test-capability.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/test/test-capability.c b/src/test/test-capability.c +index 51bd806348..127f5e3d87 100644 +--- a/src/test/test-capability.c ++++ b/src/test/test-capability.c +@@ -254,6 +254,13 @@ static void test_capability_get_ambient(void) { + + ASSERT_OK(capability_get_ambient(&c)); + ++ r = prctl(PR_CAPBSET_READ, CAP_MKNOD); ++ if (r <= 0) ++ return (void) log_tests_skipped("Lacking CAP_MKNOD, skipping getambient test."); ++ r = prctl(PR_CAPBSET_READ, CAP_LINUX_IMMUTABLE); ++ if (r <= 0) ++ return (void) log_tests_skipped("Lacking CAP_LINUX_IMMUTABLE, skipping getambient test."); ++ + r = safe_fork("(getambient)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_WAIT|FORK_LOG, NULL); + ASSERT_OK(r); + diff --git a/0010-test-fd-util-skip-test-when-lacking-privileges-to-cr.patch b/0010-test-fd-util-skip-test-when-lacking-privileges-to-cr.patch new file mode 100644 index 0000000..4330b73 --- /dev/null +++ b/0010-test-fd-util-skip-test-when-lacking-privileges-to-cr.patch @@ -0,0 +1,38 @@ +From 5573ac7d9c52bed8d38480788b02639ede3881fc Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Wed, 11 Dec 2024 12:01:18 +0000 +Subject: [PATCH] test-fd-util: skip test when lacking privileges to create a + new namespace + +To reproduce, as an unprivileged user start a docker container and build +and run the unit tests inside it: + +$ docker run --rm -ti debian:bookworm bash +... +/* test_close_all_fds */ +Successfully forked off '(caf-plain)' as PID 10496. +Skipping PR_SET_MM, as we don't have privileges. +(caf-plain) succeeded. +Failed to fork off '(caf-noproc)': Operation not permitted +Assertion 'r >= 0' failed at src/test/test-fd-util.c:392, function test_close_all_fds(). Aborting. + +Partially fixes #35552 + +(cherry picked from commit 630a2e7ee195ca96e102acac8df67a278a879124) +--- + src/test/test-fd-util.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/test/test-fd-util.c b/src/test/test-fd-util.c +index 20cf7b7627..5817d92725 100644 +--- a/src/test/test-fd-util.c ++++ b/src/test/test-fd-util.c +@@ -389,6 +389,8 @@ TEST(close_all_fds) { + test_close_all_fds_inner(); + _exit(EXIT_SUCCESS); + } ++ if (ERRNO_IS_NEG_PRIVILEGE(r)) ++ return (void) log_tests_skipped("Lacking privileges for test in namespace with /proc/ overmounted"); + assert_se(r >= 0); + + if (!is_seccomp_available()) diff --git a/0011-test-fd-util-compare-FDs-to-bin-sh-instead-of-dev-nu.patch b/0011-test-fd-util-compare-FDs-to-bin-sh-instead-of-dev-nu.patch new file mode 100644 index 0000000..c57455b --- /dev/null +++ b/0011-test-fd-util-compare-FDs-to-bin-sh-instead-of-dev-nu.patch @@ -0,0 +1,36 @@ +From c026cecac33c3b19b1a466304058eb0f7f71187b Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Wed, 11 Dec 2024 13:40:10 +0000 +Subject: [PATCH] test-fd-util: compare FDs to /bin/sh instead of /dev/null + +/dev/null is a character device, so same_fd() in the fallback path +that compares fstat will fail, as that bails out if the fd refers +to a char device. This happens on kernels without F_DUPFD_QUERY and +without kcmp. + +/* test_same_fd */ +Assertion 'same_fd(d, e) > 0' failed at src/test/test-fd-util.c:111, function test_same_fd(). Aborting. + +Fixes #35552 + +(cherry picked from commit 3b32d333e88f2a66651d58e32e01599fa84c3d19) +--- + src/test/test-fd-util.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/test/test-fd-util.c b/src/test/test-fd-util.c +index 5817d92725..a359efa052 100644 +--- a/src/test/test-fd-util.c ++++ b/src/test/test-fd-util.c +@@ -76,9 +76,9 @@ TEST(same_fd) { + + assert_se(pipe2(p, O_CLOEXEC) >= 0); + assert_se((a = fcntl(p[0], F_DUPFD, 3)) >= 0); +- assert_se((b = open("/dev/null", O_RDONLY|O_CLOEXEC)) >= 0); ++ assert_se((b = open("/bin/sh", O_RDONLY|O_CLOEXEC)) >= 0); + assert_se((c = fcntl(a, F_DUPFD, 3)) >= 0); +- assert_se((d = open("/dev/null", O_RDONLY|O_CLOEXEC|O_PATH)) >= 0); /* O_PATH changes error returns in F_DUPFD_QUERY, let's test explicitly */ ++ assert_se((d = open("/bin/sh", O_RDONLY|O_CLOEXEC|O_PATH)) >= 0); /* O_PATH changes error returns in F_DUPFD_QUERY, let's test explicitly */ + assert_se((e = fcntl(d, F_DUPFD, 3)) >= 0); + + assert_se(same_fd(p[0], p[0]) > 0); diff --git a/0012-mkosi-use-inetutils-package-instead-of-hostname-for-.patch b/0012-mkosi-use-inetutils-package-instead-of-hostname-for-.patch new file mode 100644 index 0000000..6ed4077 --- /dev/null +++ b/0012-mkosi-use-inetutils-package-instead-of-hostname-for-.patch @@ -0,0 +1,66 @@ +From e1659133e79d20799a0841f3099f921957743691 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Wed, 11 Dec 2024 11:48:09 +0000 +Subject: [PATCH] mkosi: use inetutils package instead of hostname for + Archlinux + +In Arch the hostname binary is in a different package + +Follow-up for cf48bde7aea52b18ac3fa218d3f60fd3d533ef66 + +(cherry picked from commit 446d737cba3652a9f3dbd07cea9cb4082350b241) +--- + mkosi.conf.d/10-arch/mkosi.conf | 1 + + mkosi.conf.d/10-centos-fedora/mkosi.conf | 1 + + mkosi.conf.d/10-debian-ubuntu/mkosi.conf | 1 + + mkosi.conf.d/10-opensuse/mkosi.conf | 1 + + 4 files changed, 4 insertions(+) + +diff --git a/mkosi.conf.d/10-arch/mkosi.conf b/mkosi.conf.d/10-arch/mkosi.conf +index 5a4015e4d7..9ceb6ea6f8 100644 +--- a/mkosi.conf.d/10-arch/mkosi.conf ++++ b/mkosi.conf.d/10-arch/mkosi.conf +@@ -25,6 +25,7 @@ Packages= + f2fs-tools + git + gnutls ++ inetutils + iproute + iputils + knot +diff --git a/mkosi.conf.d/10-centos-fedora/mkosi.conf b/mkosi.conf.d/10-centos-fedora/mkosi.conf +index 5b1865a253..8004c089ad 100644 +--- a/mkosi.conf.d/10-centos-fedora/mkosi.conf ++++ b/mkosi.conf.d/10-centos-fedora/mkosi.conf +@@ -32,6 +32,7 @@ Packages= + glibc-langpack-de + glibc-langpack-en + gnutls-utils ++ hostname + integritysetup + iproute + iproute-tc +diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi.conf b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf +index 46dd98828f..c898664f83 100644 +--- a/mkosi.conf.d/10-debian-ubuntu/mkosi.conf ++++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf +@@ -48,6 +48,7 @@ Packages= + fdisk + git-core + gnutls-bin ++ hostname + iproute2 + iputils-ping + isc-dhcp-server +diff --git a/mkosi.conf.d/10-opensuse/mkosi.conf b/mkosi.conf.d/10-opensuse/mkosi.conf +index 8a08b1f8c7..4ee3894c00 100644 +--- a/mkosi.conf.d/10-opensuse/mkosi.conf ++++ b/mkosi.conf.d/10-opensuse/mkosi.conf +@@ -47,6 +47,7 @@ Packages= + grep + group(wheel) + gzip ++ hostname + iputils + kernel-default + kmod diff --git a/0013-man-document-unprivileged-is-not-for-reading-propert.patch b/0013-man-document-unprivileged-is-not-for-reading-propert.patch new file mode 100644 index 0000000..ccf2cff --- /dev/null +++ b/0013-man-document-unprivileged-is-not-for-reading-propert.patch @@ -0,0 +1,55 @@ +From cd727031a4daafe19f491df360c512433562f469 Mon Sep 17 00:00:00 2001 +From: Katariina Lounento +Date: Mon, 9 Dec 2024 16:09:13 +0200 +Subject: [PATCH] man: document unprivileged is not for reading properties + +Document the fact that read-only properties may not have the flag +SD_BUS_VTABLE_UNPRIVILEGED as that is not obvious especially given the +flag is accepted for writable properties. + +Based on the check in `add_object_vtable_internal` called by +`sd_bus_add_object_vtable` (as of the current tip of the main branch +f7f5ba019206cacd486b0892fec76f70f525e04d): + + case _SD_BUS_VTABLE_PROPERTY: { + [...] + if ([...] || + [...] + (v->flags & SD_BUS_VTABLE_UNPRIVILEGED && v->type == _SD_BUS_VTABLE_PROPERTY)) { + r = -EINVAL; + goto fail; + } + +(where `_SD_BUS_VTABLE_PROPERTY` means read-only property whereas +`_SD_BUS_VTABLE_WRITABLE_PROPERTY` maps to writable property). + +This was implemented in the commit +adacb9575a09981fcf11279f2f661e3fc21e58ff ("bus: introduce "trusted" bus +concept and encode access control in object vtables") where +`SD_BUS_VTABLE_UNPRIVILEGED` was introduced: + + Writable properties are also subject to SD_BUS_VTABLE_UNPRIVILEGED + and SD_BUS_VTABLE_CAPABILITY() for controlling write access to them. + Note however that read access is unrestricted, as PropertiesChanged + messages might send out the values anyway as an unrestricted + broadcast. + +(cherry picked from commit 3ca09aa4dd57327989eceb1298754601046ac041) +--- + man/sd_bus_add_object.xml | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/man/sd_bus_add_object.xml b/man/sd_bus_add_object.xml +index 4d14a7e731..5572f421fb 100644 +--- a/man/sd_bus_add_object.xml ++++ b/man/sd_bus_add_object.xml +@@ -589,6 +589,9 @@ + org.freedesktop.systemd1.Privileged annotation with value + true will be shown in introspection data. + ++ SD_BUS_VTABLE_UNPRIVILEGED may not be applied to read-only properties, ++ but read access (to both read-only and writable properties) is always unrestricted. ++ + Note that this page describes checks implemented in the D-Bus client. The D-Bus server has an + additional policy that may permit or deny connections, see + "CONFIGURATION FILE" in diff --git a/0014-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch b/0014-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch new file mode 100644 index 0000000..252f77c --- /dev/null +++ b/0014-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch @@ -0,0 +1,56 @@ +From 6b90a137892e18bd3c2cacb4aba2759da7ff3081 Mon Sep 17 00:00:00 2001 +From: Tobias Klauser +Date: Wed, 11 Dec 2024 15:10:39 +0100 +Subject: [PATCH] profile.d: don't bail if $SHELL_* variables are unset + +If - for whatever reason - a script uses set -u (nounset) and includes +/etc/profile.d/70-systemd-shell-extra.sh (e.g. transitively via +/etc/profile) the script would fail with: + + /etc/profile.d/70-systemd-shell-extra.sh: line 15: SHELL_PROMPT_PREFIX: unbound variable + +For example: + + $ cat > foo.sh < +Date: Wed, 11 Dec 2024 12:46:43 +0000 +Subject: [PATCH] Fixing VLAN ranges in man systemd.network. + +Otherwise it doesn't hold that VLANs 100-400 are allowed (because 201-299 are disallowed). + +(cherry picked from commit ae2f3af63962ba6e2f67cfce07c9fee61722e30e) +--- + man/systemd.network.xml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/man/systemd.network.xml b/man/systemd.network.xml +index 9d8dcba509..32cfb207e0 100644 +--- a/man/systemd.network.xml ++++ b/man/systemd.network.xml +@@ -6431,7 +6431,7 @@ PVID=42 + EgressUntagged=42 + + [BridgeVLAN] +-VLAN=100-200 ++VLAN=100-299 + + [BridgeVLAN] + EgressUntagged=300-400 diff --git a/0016-test-bpf-restrict-fs-Migrate-to-new-assertion-macros.patch b/0016-test-bpf-restrict-fs-Migrate-to-new-assertion-macros.patch new file mode 100644 index 0000000..d467853 --- /dev/null +++ b/0016-test-bpf-restrict-fs-Migrate-to-new-assertion-macros.patch @@ -0,0 +1,61 @@ +From ab99950f1a0ab9401b44357d226a5880b5f262a7 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 11 Dec 2024 12:44:26 +0000 +Subject: [PATCH] test-bpf-restrict-fs: Migrate to new assertion macros + +(cherry picked from commit 1c658c639db1c902266735754f2e2883fe67d1d9) +--- + src/test/test-bpf-restrict-fs.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/src/test/test-bpf-restrict-fs.c b/src/test/test-bpf-restrict-fs.c +index 11e97bf922..349c5a6894 100644 +--- a/src/test/test-bpf-restrict-fs.c ++++ b/src/test/test-bpf-restrict-fs.c +@@ -18,9 +18,9 @@ static int test_restrict_filesystems(Manager *m, const char *unit_name, const ch + ExecContext *ec = NULL; + int cld_code, r; + +- assert_se(u = unit_new(m, sizeof(Service))); +- assert_se(unit_add_name(u, unit_name) == 0); +- assert_se(ec = unit_get_exec_context(u)); ++ ASSERT_NOT_NULL(u = unit_new(m, sizeof(Service))); ++ ASSERT_OK_ZERO(unit_add_name(u, unit_name)); ++ ASSERT_NOT_NULL(ec = unit_get_exec_context(u)); + + STRV_FOREACH(allow_filesystem, allowed_filesystems) { + r = config_parse_restrict_filesystems( +@@ -30,7 +30,7 @@ static int test_restrict_filesystems(Manager *m, const char *unit_name, const ch + return log_unit_error_errno(u, r, "Failed to parse RestrictFileSystems: %m"); + } + +- assert_se(exec_start = strjoin("cat ", file_path)); ++ ASSERT_NOT_NULL(exec_start = strjoin("cat ", file_path)); + r = config_parse_exec(u->id, "filename", 1, "Service", 1, "ExecStart", + SERVICE_EXEC_START, exec_start, SERVICE(u)->exec_command, u); + if (r < 0) +@@ -84,19 +84,19 @@ int main(int argc, char *argv[]) { + + ASSERT_OK(get_testdata_dir("units", &unit_dir)); + ASSERT_OK(setenv_unit_path(unit_dir)); +- assert_se(runtime_dir = setup_fake_runtime_dir()); ++ ASSERT_NOT_NULL(runtime_dir = setup_fake_runtime_dir()); + + ASSERT_OK(manager_new(RUNTIME_SCOPE_SYSTEM, MANAGER_TEST_RUN_BASIC, &m)); + ASSERT_OK(manager_startup(m, NULL, NULL, NULL)); + + /* We need to enable access to the filesystem where the binary is so we + * add @common-block and @application */ +- ASSERT_LT(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("@common-block", "@application")), 0); ++ ASSERT_FAIL(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("@common-block", "@application"))); + ASSERT_OK(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("tracefs", "@common-block", "@application"))); +- ASSERT_LT(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("tracefs", "@common-block", "@application", "~tracefs")), 0); +- ASSERT_LT(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("@common-block", "@application")), 0); ++ ASSERT_FAIL(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("tracefs", "@common-block", "@application", "~tracefs"))); ++ ASSERT_FAIL(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("@common-block", "@application"))); + ASSERT_OK(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("debugfs", "@common-block", "@application"))); +- ASSERT_LT(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("~debugfs")), 0); ++ ASSERT_FAIL(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("~debugfs"))); + + return 0; + } diff --git a/0017-man-update-example-in-systemd-measure.xml-35506.patch b/0017-man-update-example-in-systemd-measure.xml-35506.patch new file mode 100644 index 0000000..767f368 --- /dev/null +++ b/0017-man-update-example-in-systemd-measure.xml-35506.patch @@ -0,0 +1,27 @@ +From 926f5ab6bf0e3541106e6a6f95af4cbdec50582b Mon Sep 17 00:00:00 2001 +From: cvlc12 <97767846+cvlc12@users.noreply.github.com> +Date: Wed, 11 Dec 2024 22:09:11 +0100 +Subject: [PATCH] man: update example in systemd-measure.xml (#35506) + +In the example from systemd-measure(1), do not bind to PCR 7 in +addition to the PCR policy. + +As long as this is still done by default, see #35280. + +(cherry picked from commit 693038fce47a819c5eebeb4fce39c9ac991acf84) +--- + man/systemd-measure.xml | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/man/systemd-measure.xml b/man/systemd-measure.xml +index 5d697dd62f..368c94f700 100644 +--- a/man/systemd-measure.xml ++++ b/man/systemd-measure.xml +@@ -328,6 +328,7 @@ $ ukify build \ + # systemd-cryptenroll --tpm2-device=auto \ + --tpm2-public-key=tpm2-pcr-public-key.pem \ + --tpm2-signature=tpm2-pcr-signature.json \ ++ --tpm2-pcrs="" \ + /dev/sda5 + + And then unlock the device with the signature: diff --git a/0018-systemd-cryptenroll.xml-fix-typo.patch b/0018-systemd-cryptenroll.xml-fix-typo.patch new file mode 100644 index 0000000..4ef898b --- /dev/null +++ b/0018-systemd-cryptenroll.xml-fix-typo.patch @@ -0,0 +1,23 @@ +From df38ba869ceaf15ee7d5962660d644403c068f7a Mon Sep 17 00:00:00 2001 +From: Carlo Teubner +Date: Wed, 11 Dec 2024 22:40:07 +0000 +Subject: [PATCH] systemd-cryptenroll.xml: fix typo + +(cherry picked from commit dfbd4d8bc5f18746051929e32f772078d6782e90) +--- + man/systemd-cryptenroll.xml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/man/systemd-cryptenroll.xml b/man/systemd-cryptenroll.xml +index f3c23adfd0..fb36f455ba 100644 +--- a/man/systemd-cryptenroll.xml ++++ b/man/systemd-cryptenroll.xml +@@ -634,7 +634,7 @@ + Note the difference between and + : the former binds decryption to the current, specific PCR + values; the latter binds decryption to any set of PCR values for which a signature by the specified +- public key can be provided. The latter is hence more useful in scenarios where software updates shell ++ public key can be provided. The latter is hence more useful in scenarios where software updates shall + be possible without losing access to all previously encrypted LUKS2 volumes. Like with + , names defined in the table above can also be used to specify the + registers, for instance diff --git a/0019-semaphore-skip-some-tests.patch b/0019-semaphore-skip-some-tests.patch new file mode 100644 index 0000000..70e6781 --- /dev/null +++ b/0019-semaphore-skip-some-tests.patch @@ -0,0 +1,28 @@ +From e768cf55b19caec6c8936050b245f398aba8b884 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Wed, 11 Dec 2024 20:44:25 +0000 +Subject: [PATCH] semaphore: skip some tests + +semaphore CI runs are always very close to the limit of 1hr, and often +time out when it's particularly oversubscribed. +Skip some low-value test cases to shorten the runtime. + +(cherry picked from commit e19cae12ff2e832ce7d79aa483e1aa27ed0ea1f4) +--- + .semaphore/semaphore-runner.sh | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/.semaphore/semaphore-runner.sh b/.semaphore/semaphore-runner.sh +index e903ced70d..b663674652 100755 +--- a/.semaphore/semaphore-runner.sh ++++ b/.semaphore/semaphore-runner.sh +@@ -109,6 +109,9 @@ EOF + --env DPKG_DEB_COMPRESSOR_TYPE="none" \ + --env DEB_BUILD_PROFILES="pkg.systemd.upstream noudeb nodoc" \ + --env TEST_UPSTREAM=1 \ ++ --skip-test localed-locale \ ++ --skip-test localed-x11-keymap \ ++ --skip-test build-with-static-libsystemd \ + ../systemd_*.dsc \ + -o "$ARTIFACTS_DIR" \ + -- lxc -s "$CONTAINER" \ diff --git a/0020-shell-completion-add-systemd-creds.patch b/0020-shell-completion-add-systemd-creds.patch new file mode 100644 index 0000000..12204a5 --- /dev/null +++ b/0020-shell-completion-add-systemd-creds.patch @@ -0,0 +1,215 @@ +From b256e149d4eceb9931fa6b727f3523a8d9fd0198 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Tue, 10 Dec 2024 22:19:09 +0000 +Subject: [PATCH] shell completion: add systemd-creds + +(cherry picked from commit 783f794e89996ae7f2ae1872d65c515a672437fa) +--- + shell-completion/bash/meson.build | 1 + + shell-completion/bash/systemd-creds | 185 ++++++++++++++++++++++++++++ + 2 files changed, 186 insertions(+) + create mode 100644 shell-completion/bash/systemd-creds + +diff --git a/shell-completion/bash/meson.build b/shell-completion/bash/meson.build +index 91635df74a..59c2e2ef40 100644 +--- a/shell-completion/bash/meson.build ++++ b/shell-completion/bash/meson.build +@@ -24,6 +24,7 @@ items = [['busctl', ''], + ['systemd-cat', ''], + ['systemd-cgls', ''], + ['systemd-cgtop', ''], ++ ['systemd-creds', ''], + ['systemd-delta', ''], + ['systemd-detect-virt', ''], + ['systemd-id128', ''], +diff --git a/shell-completion/bash/systemd-creds b/shell-completion/bash/systemd-creds +new file mode 100644 +index 0000000000..310106b936 +--- /dev/null ++++ b/shell-completion/bash/systemd-creds +@@ -0,0 +1,185 @@ ++# shellcheck shell=bash ++# systemd-creds(1) completion -*- shell-script -*- ++# SPDX-License-Identifier: LGPL-2.1-or-later ++# ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU Lesser General Public License as published by ++# the Free Software Foundation; either version 2.1 of the License, or ++# (at your option) any later version. ++# ++# systemd is distributed in the hope that it will be useful, but ++# WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# General Public License for more details. ++# ++# You should have received a copy of the GNU Lesser General Public License ++# along with systemd; If not, see . ++ ++__contains_word() { ++ local w word=$1; shift ++ for w in "$@"; do ++ [[ $w = "$word" ]] && return ++ done ++} ++ ++__get_tpm2_devices() { ++ local i ++ for i in /dev/tpmrm*; do ++ [ -c "$i" ] && printf '%s\n' "$i" ++ done ++} ++ ++__get_creds() { ++ local a b c ++ local mode=$1; shift 1 ++ systemd-creds list $mode --no-legend --no-pager $1 2>/dev/null | \ ++ { while read -r a b c; do echo " $a"; done } ++} ++ ++_systemd_creds() { ++ local verb comps mode i ++ local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword ++ local -A OPTS=( ++ [STANDALONE]='-h --help --version --no-pager --no-legend ++ -H -T --system --user -p --pretty --allow-null' ++ [ARG]='--tpm2-device ++ --tpm2-device-key ++ --tpm2-pcrs ++ --tpm2-public-key ++ --tpm2-public-key-pcrs ++ --tpm2-signature ++ --json ++ --transcode ++ --newline ++ --name ++ --timestamp ++ --not-after ++ --with-key ++ --uid' ++ ) ++ ++ local -A VERBS=( ++ [STANDALONE]='list setup' ++ [CAT]='cat' ++ [ENCRYPT]='encrypt' ++ [DECRYPT]='decrypt' ++ ) ++ ++ local -A OPTS_FOR_VERB=( ++ [CAT]='--help ++ --version ++ --no-pager ++ --no-legend ++ --user ++ --system' ++ [ENCRYPT]='--help ++ --version ++ --no-pager ++ --no-legend ++ --uid ++ --with-key ++ -H ++ -T ++ --tpm2-device ++ --tpm2-pcrs ++ --tpm2-public-key ++ --tpm2-public-key-pcrs ++ --tpm2-signature ++ --not-after ++ --name ++ --timestamp ++ --pretty' ++ [DECRYPT]='--help ++ --version ++ --no-pager ++ --no-legend ++ --uid ++ --tpm2-device ++ --tpm2-pcrs ++ --tpm2-public-key ++ --tpm2-public-key-pcrs ++ --tpm2-signature ++ --name ++ --timestamp ++ --allow-null' ++ ) ++ ++ _init_completion || return ++ ++ if __contains_word "--user" ${COMP_WORDS[*]}; then ++ mode=--user ++ elif __contains_word "--system" ${COMP_WORDS[*]}; then ++ mode=--system ++ else ++ mode='' ++ fi ++ ++ if __contains_word "$prev" ${OPTS[ARG]}; then ++ case $prev in ++ --tpm2-public-key|--tpm2-signature) ++ comps=$(compgen -A file -- "$cur") ++ compopt -o filenames ++ ;; ++ --tpm2-device) ++ comps="auto list $(__get_tpm2_devices)" ++ ;; ++ --json) ++ comps=$( systemd-creds --json=help 2>/dev/null ) ++ ;; ++ --transcode) ++ comps='base64 unbase64 hex unhex' ++ ;; ++ --with-key) ++ comps='host tpm2 host+tpm2 null auto auto-initrd' ++ ;; ++ esac ++ COMPREPLY=( $(compgen -W '$comps' -- "$cur") ) ++ return 0 ++ fi ++ ++ if [[ -z ${verb-} && "$cur" = -* ]]; then ++ COMPREPLY=( $(compgen -W '${OPTS[*]}' -- "$cur") ) ++ return 0 ++ fi ++ ++ for ((i=0; i < COMP_CWORD; i++)); do ++ if __contains_word "${COMP_WORDS[i]}" ${VERBS[*]} && ++ ! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then ++ verb=${COMP_WORDS[i]} ++ break ++ fi ++ done ++ ++ if [[ -z ${verb-} ]]; then ++ comps=${VERBS[*]} ++ elif __contains_word "$verb" ${VERBS[STANDALONE]}; then ++ comps='' ++ elif __contains_word "$verb" ${VERBS[CAT]}; then ++ if [[ $cur = -* ]]; then ++ comps=${OPTS_FOR_VERB[CAT]} ++ else ++ comps=$( __get_creds $mode ) ++ fi ++ elif __contains_word "$verb" ${VERBS[ENCRYPT]}; then ++ if [[ $cur = -* ]]; then ++ comps=${OPTS_FOR_VERB[ENCRYPT]} ++ else ++ comps=$( compgen -A file -- "$cur" ) ++ compopt -o filenames ++ fi ++ elif __contains_word "$verb" ${VERBS[DECRYPT]}; then ++ if [[ $cur = -* ]]; then ++ comps=${OPTS_FOR_VERB[DECRYPT]} ++ else ++ comps=$( compgen -A file -- "$cur" ) ++ compopt -o filenames ++ fi ++ fi ++ ++ COMPREPLY=( $(compgen -W '${comps-}' -- "$cur") ) ++ return 0 ++} ++ ++complete -F _systemd_creds systemd-creds diff --git a/0021-core-fix-loading-verity-settings-for-MountImages.patch b/0021-core-fix-loading-verity-settings-for-MountImages.patch new file mode 100644 index 0000000..19138e3 --- /dev/null +++ b/0021-core-fix-loading-verity-settings-for-MountImages.patch @@ -0,0 +1,64 @@ +From c52f82b8d53c986798480ceaab4a269ca70126b1 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Thu, 12 Dec 2024 00:24:05 +0000 +Subject: [PATCH] core: fix loading verity settings for MountImages= + +The MountEntry logic was refactored to store the verity +settings, and updated for ExtensionImages=, but not for +MountImages=. + +Follow-up for a1a40297dbfa5bcd926d1a19320deb73c033c6f5 + +(cherry picked from commit 59a83e11887e13a35d88fd7dc71a13b450433715) +--- + src/core/namespace.c | 8 ++++++++ + test/units/TEST-50-DISSECT.dissect.sh | 3 +++ + 2 files changed, 11 insertions(+) + +diff --git a/src/core/namespace.c b/src/core/namespace.c +index 57dbbc4fc7..10f4c50bcc 100644 +--- a/src/core/namespace.c ++++ b/src/core/namespace.c +@@ -480,20 +480,28 @@ static int append_bind_mounts(MountList *ml, const BindMount *binds, size_t n) { + } + + static int append_mount_images(MountList *ml, const MountImage *mount_images, size_t n) { ++ int r; ++ + assert(ml); + assert(mount_images || n == 0); + + FOREACH_ARRAY(m, mount_images, n) { ++ _cleanup_(verity_settings_done) VeritySettings verity = VERITY_SETTINGS_DEFAULT; + MountEntry *me = mount_list_extend(ml); + if (!me) + return log_oom_debug(); + ++ r = verity_settings_load(&verity, m->source, /* root_hash_path= */ NULL, /* root_hash_sig_path= */ NULL); ++ if (r < 0) ++ return log_debug_errno(r, "Failed to check verity root hash of %s: %m", m->source); ++ + *me = (MountEntry) { + .path_const = m->destination, + .mode = MOUNT_IMAGE, + .source_const = m->source, + .image_options_const = m->mount_options, + .ignore = m->ignore_enoent, ++ .verity = TAKE_GENERIC(verity, VeritySettings, VERITY_SETTINGS_DEFAULT), + }; + } + +diff --git a/test/units/TEST-50-DISSECT.dissect.sh b/test/units/TEST-50-DISSECT.dissect.sh +index 6cf1213551..09cb676200 100755 +--- a/test/units/TEST-50-DISSECT.dissect.sh ++++ b/test/units/TEST-50-DISSECT.dissect.sh +@@ -281,6 +281,9 @@ systemd-run -P \ + -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \ + -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" \ + cat /run/img2/usr/lib/os-release | grep -q -F "MARKER=1" ++systemd-run -P \ ++ -p MountImages="$MINIMAL_IMAGE.raw:/run/img2" \ ++ veritysetup status "${MINIMAL_IMAGE_ROOTHASH}-verity" | grep -q "${MINIMAL_IMAGE_ROOTHASH}" + cat >/run/systemd/system/testservice-50c.service < +Date: Thu, 12 Dec 2024 00:50:45 +0000 +Subject: [PATCH] test: add more coverage for extensions and verity + +(cherry picked from commit c7fcb08324774c62bd2a786b03a7104a33049db6) +--- + test/units/TEST-50-DISSECT.dissect.sh | 6 ++++++ + test/units/util.sh | 2 ++ + 2 files changed, 8 insertions(+) + +diff --git a/test/units/TEST-50-DISSECT.dissect.sh b/test/units/TEST-50-DISSECT.dissect.sh +index 09cb676200..f2b4db5133 100755 +--- a/test/units/TEST-50-DISSECT.dissect.sh ++++ b/test/units/TEST-50-DISSECT.dissect.sh +@@ -365,6 +365,12 @@ systemd-run -P \ + --property ExtensionImages=/etc/service-scoped-test.raw \ + --property RootImage="$MINIMAL_IMAGE.raw" \ + cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123" ++systemd-run -P \ ++ --property ExtensionImages="/tmp/app0.raw /tmp/conf0.raw" \ ++ veritysetup status "$(cat /tmp/app0.roothash)-verity" | grep -q "$(cat /tmp/app0.roothash)" ++systemd-run -P \ ++ --property ExtensionImages="/tmp/app0.raw /tmp/conf0.raw" \ ++ veritysetup status "$(cat /tmp/conf0.roothash)-verity" | grep -q "$(cat /tmp/conf0.roothash)" + + # Check that two identical verity images at different paths do not fail with -ELOOP from OverlayFS + mkdir -p /tmp/loop +diff --git a/test/units/util.sh b/test/units/util.sh +index 7a39d4267e..1f903b3293 100755 +--- a/test/units/util.sh ++++ b/test/units/util.sh +@@ -284,6 +284,7 @@ EOF + chmod +x "$initdir/opt/script0.sh" + echo MARKER=1 >"$initdir/usr/lib/systemd/system/some_file" + mksquashfs "$initdir" /tmp/app0.raw -noappend ++ veritysetup format /tmp/app0.raw /tmp/app0.verity --root-hash-file /tmp/app0.roothash + + initdir="/var/tmp/conf0" + mkdir -p "$initdir/etc/extension-release.d" "$initdir/etc/systemd/system" "$initdir/opt" +@@ -295,6 +296,7 @@ EOF + ) >>"$initdir/etc/extension-release.d/extension-release.conf0" + echo MARKER_1 >"$initdir/etc/systemd/system/some_file" + mksquashfs "$initdir" /tmp/conf0.raw -noappend ++ veritysetup format /tmp/conf0.raw /tmp/conf0.verity --root-hash-file /tmp/conf0.roothash + + initdir="/var/tmp/app1" + mkdir -p "$initdir/usr/lib/extension-release.d" "$initdir/usr/lib/systemd/system" "$initdir/opt" diff --git a/0023-README-drop-CentOS-CI-badges.patch b/0023-README-drop-CentOS-CI-badges.patch new file mode 100644 index 0000000..6814028 --- /dev/null +++ b/0023-README-drop-CentOS-CI-badges.patch @@ -0,0 +1,26 @@ +From 3b6b819a289feb76774e7c73654b3f4197181986 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 12 Dec 2024 11:58:24 +0900 +Subject: [PATCH] README: drop CentOS CI badges + +CentOS CIs are disabled after ead814a0b0f64c572282b9e27a0a995893f10cf0. + +(cherry picked from commit 1fe583861feb5796fa0be937dc7f4c2ce07bcde5) +--- + README.md | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/README.md b/README.md +index 12f1381f08..9e026b287c 100644 +--- a/README.md ++++ b/README.md +@@ -7,9 +7,6 @@ System and Service Manager + [![OSS-Fuzz Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/systemd.svg)](https://oss-fuzz-build-logs.storage.googleapis.com/index.html#systemd)
+ [![CIFuzz](https://github.com/systemd/systemd/workflows/CIFuzz/badge.svg)](https://github.com/systemd/systemd/actions)
+ [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1369/badge)](https://bestpractices.coreinfrastructure.org/projects/1369)
+-[![CentOS CI - CentOS 9](https://jenkins-systemd.apps.ocp.cloud.ci.centos.org/buildStatus/icon?subject=CentOS%20CI%20-%20CentOS%209&job=upstream-centos9s)](https://jenkins-systemd.apps.ocp.cloud.ci.centos.org/job/upstream-centos9s/)
+-[![CentOS CI - Arch](https://jenkins-systemd.apps.ocp.cloud.ci.centos.org/buildStatus/icon?subject=CentOS%20CI%20-%20Arch&job=upstream-vagrant-archlinux)](https://jenkins-systemd.apps.ocp.cloud.ci.centos.org/job/upstream-vagrant-archlinux/)
+-[![CentOS CI - Arch (sanitizers)](https://jenkins-systemd.apps.ocp.cloud.ci.centos.org/buildStatus/icon?subject=CentOS%20CI%20-%20Arch%20(sanitizers)&job=upstream-vagrant-archlinux-sanitizers)](https://jenkins-systemd.apps.ocp.cloud.ci.centos.org/job/upstream-vagrant-archlinux-sanitizers/)
+ [![Fossies codespell report](https://fossies.org/linux/test/systemd-main.tar.gz/codespell.svg)](https://fossies.org/linux/test/systemd-main.tar.gz/codespell.html)
+ [![Weblate](https://translate.fedoraproject.org/widgets/systemd/-/master/svg-badge.svg)](https://translate.fedoraproject.org/engage/systemd/)
+ [![Coverage Status](https://coveralls.io/repos/github/systemd/systemd/badge.svg?branch=main)](https://coveralls.io/github/systemd/systemd?branch=main)
diff --git a/0024-meson.version-change-to-257.1.patch b/0024-meson.version-change-to-257.1.patch new file mode 100644 index 0000000..81997e7 --- /dev/null +++ b/0024-meson.version-change-to-257.1.patch @@ -0,0 +1,19 @@ +From 3267661c626bd904395e3dd0f5e24b550f7309fe Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Thu, 12 Dec 2024 13:11:51 +0000 +Subject: [PATCH] meson.version: change to 257.1 + +This is used to detect in various CIs that we are on a stable branch, +so set the new version early, otherwise some scripts will think it's +running in main +--- + meson.version | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/meson.version b/meson.version +index a700e79997..97fb426c59 100644 +--- a/meson.version ++++ b/meson.version +@@ -1 +1 @@ +-257 ++257.1 diff --git a/0025-journalctl-honor-quiet-with-setup-keys.patch b/0025-journalctl-honor-quiet-with-setup-keys.patch new file mode 100644 index 0000000..96e814c --- /dev/null +++ b/0025-journalctl-honor-quiet-with-setup-keys.patch @@ -0,0 +1,76 @@ +From 644f2a02c8befba986ebbc5d58767807fb2999ee Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Tue, 10 Dec 2024 09:40:43 +0900 +Subject: [PATCH] journalctl: honor --quiet with --setup-keys + +Closes #35504. + +(cherry picked from commit a5b2973850e5952b9dffdfa3f6a0ef486957cb17) +--- + src/journal/journalctl-authenticate.c | 13 ++++++++----- + test/units/TEST-04-JOURNAL.fss.sh | 6 ++++-- + 2 files changed, 12 insertions(+), 7 deletions(-) + +diff --git a/src/journal/journalctl-authenticate.c b/src/journal/journalctl-authenticate.c +index 865814cd03..87374816b4 100644 +--- a/src/journal/journalctl-authenticate.c ++++ b/src/journal/journalctl-authenticate.c +@@ -97,17 +97,20 @@ int action_setup_keys(void) { + state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR); + state = alloca_safe(state_size); + +- log_info("Generating seed..."); ++ if (!arg_quiet) ++ log_info("Generating seed..."); + r = crypto_random_bytes(seed, seed_size); + if (r < 0) + return log_error_errno(r, "Failed to acquire random seed: %m"); + +- log_info("Generating key pair..."); ++ if (!arg_quiet) ++ log_info("Generating key pair..."); + r = FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR); + if (r < 0) + return log_error_errno(r, "Failed to generate key pair: %m"); + +- log_info("Generating sealing key..."); ++ if (!arg_quiet) ++ log_info("Generating sealing key..."); + r = FSPRG_GenState0(state, mpk, seed, seed_size); + if (r < 0) + return log_error_errno(r, "Failed to generate sealing key: %m"); +@@ -122,7 +125,7 @@ int action_setup_keys(void) { + + r = chattr_secret(fd, CHATTR_WARN_UNSUPPORTED_FLAGS); + if (r < 0) +- log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING, ++ log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) || arg_quiet ? LOG_DEBUG : LOG_WARNING, + r, "Failed to set file attributes on a temporary file for '%s', ignoring: %m", path); + + struct FSSHeader h = { +@@ -155,7 +158,7 @@ int action_setup_keys(void) { + if (r < 0) + return r; + +- if (!on_tty()) { ++ if (!on_tty() || arg_quiet) { + /* If we are not on a TTY, show only the key. */ + puts(key); + return 0; +diff --git a/test/units/TEST-04-JOURNAL.fss.sh b/test/units/TEST-04-JOURNAL.fss.sh +index 03351b812f..140bd9fd67 100755 +--- a/test/units/TEST-04-JOURNAL.fss.sh ++++ b/test/units/TEST-04-JOURNAL.fss.sh +@@ -10,8 +10,10 @@ if ! journalctl --version | grep -qF +GCRYPT; then + exit 0 + fi + +-journalctl --force --setup-keys --interval=2 |& tee /tmp/fss +-FSS_VKEY="$(sed -rn '/([a-f0-9]{6}\-){3}[a-f0-9]{6}\/[a-f0-9]+\-[a-f0-9]+/p' /tmp/fss)" ++# without --quiet, should be effectively equivalent to the below, as we are not on tty ++journalctl --force --setup-keys --interval=2 ++ ++FSS_VKEY=$(journalctl --force --setup-keys --interval=2 --quiet) + [[ -n "$FSS_VKEY" ]] + + # Generate some buzz in the journal and wait until the FSS key is changed diff --git a/0026-dbus-log-disconnect-on-api-and-system-busses.patch b/0026-dbus-log-disconnect-on-api-and-system-busses.patch new file mode 100644 index 0000000..df375f6 --- /dev/null +++ b/0026-dbus-log-disconnect-on-api-and-system-busses.patch @@ -0,0 +1,35 @@ +From c189ecc7fe5039d98bbb448ab45ab0fa3842b3a3 Mon Sep 17 00:00:00 2001 +From: Ronan Pigott +Date: Thu, 28 Nov 2024 12:51:38 -0700 +Subject: [PATCH] dbus: log disconnect on api and system busses + +This is an interesting event. Let's log about it. + +(cherry picked from commit 11ee1bab60abde67cd0edc470c93c1afe10d975d) +--- + src/core/dbus.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/core/dbus.c b/src/core/dbus.c +index 744b97f991..3f0f40e702 100644 +--- a/src/core/dbus.c ++++ b/src/core/dbus.c +@@ -131,10 +131,16 @@ static int signal_disconnected(sd_bus_message *message, void *userdata, sd_bus_e + assert(message); + assert_se(bus = sd_bus_message_get_bus(message)); + +- if (bus == m->api_bus) ++ if (bus == m->api_bus) { ++ log_notice("Got disconnect on API bus."); + bus_done_api(m); +- if (bus == m->system_bus) ++ } ++ if (bus == m->system_bus) { ++ /* If we are the system manager, this is already logged by the API bus. */ ++ if (!MANAGER_IS_SYSTEM(m)) ++ log_notice("Got disconnect on system bus."); + bus_done_system(m); ++ } + + if (set_remove(m->private_buses, bus)) { + log_debug("Got disconnect on private connection."); diff --git a/0027-manager-add-list-of-subscribers-to-dump-info.patch b/0027-manager-add-list-of-subscribers-to-dump-info.patch new file mode 100644 index 0000000..1a7853f --- /dev/null +++ b/0027-manager-add-list-of-subscribers-to-dump-info.patch @@ -0,0 +1,26 @@ +From bcf740e4a3caa32b3a920512833b68fc6d530125 Mon Sep 17 00:00:00 2001 +From: Ronan Pigott +Date: Thu, 28 Nov 2024 12:52:45 -0700 +Subject: [PATCH] manager: add list of subscribers to dump info + +This is handy for debugging. + +(cherry picked from commit 91713841491d0d4775566ed59f621f0f9a2413b5) +--- + src/core/manager-dump.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/core/manager-dump.c b/src/core/manager-dump.c +index a12d50c91e..7e678fa03e 100644 +--- a/src/core/manager-dump.c ++++ b/src/core/manager-dump.c +@@ -77,6 +77,9 @@ static void manager_dump_header(Manager *m, FILE *f, const char *prefix) { + timestamp_is_set(t->realtime) ? FORMAT_TIMESTAMP(t->realtime) : + FORMAT_TIMESPAN(t->monotonic, 1)); + } ++ ++ for (const char *n = sd_bus_track_first(m->subscribed); n; n = sd_bus_track_next(m->subscribed)) ++ fprintf(f, "%sSubscribed: %s\n", strempty(prefix), n); + } + + void manager_dump(Manager *m, FILE *f, char **patterns, const char *prefix) { diff --git a/0028-exec-util-allow-to-invoke-polkit-ask-password-agent-.patch b/0028-exec-util-allow-to-invoke-polkit-ask-password-agent-.patch new file mode 100644 index 0000000..21d724b --- /dev/null +++ b/0028-exec-util-allow-to-invoke-polkit-ask-password-agent-.patch @@ -0,0 +1,111 @@ +From 070c28a12a3687966d91a633ce9df78b35e0b364 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sun, 1 Dec 2024 17:36:33 +0900 +Subject: [PATCH] exec-util: allow to invoke polkit/ask-password agent even if + STDIN is not a tty + +Closes #35018. + +(cherry picked from commit 0f81c8406f0f47175c699715e84de8291057033c) +--- + src/shared/ask-password-agent.c | 8 ++------ + src/shared/exec-util.c | 23 ++++++++++++++--------- + src/shared/polkit-agent.c | 8 ++------ + 3 files changed, 18 insertions(+), 21 deletions(-) + +diff --git a/src/shared/ask-password-agent.c b/src/shared/ask-password-agent.c +index 62b73503ca..d02d68a4e1 100644 +--- a/src/shared/ask-password-agent.c ++++ b/src/shared/ask-password-agent.c +@@ -18,12 +18,8 @@ int ask_password_agent_open(void) { + if (agent_pid > 0) + return 0; + +- /* We check STDIN here, not STDOUT, since this is about input, not output */ +- if (!isatty_safe(STDIN_FILENO)) +- return 0; +- +- /* Also check if we have a controlling terminal. If not (ENXIO here), we aren't actually invoked +- * interactively on a terminal, hence fail */ ++ /* Check if we have a controlling terminal. If not (ENXIO here), we aren't actually invoked ++ * interactively on a terminal, hence fail. */ + r = get_ctty_devnr(0, NULL); + if (r == -ENXIO) + return 0; +diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c +index 8435c4f118..599b925a99 100644 +--- a/src/shared/exec-util.c ++++ b/src/shared/exec-util.c +@@ -544,7 +544,6 @@ int fexecve_or_execve(int executable_fd, const char *executable, char *const arg + } + + int _fork_agent(const char *name, const int except[], size_t n_except, pid_t *ret_pid, const char *path, ...) { +- bool stdout_is_tty, stderr_is_tty; + size_t n, i; + va_list ap; + char **l; +@@ -567,17 +566,18 @@ int _fork_agent(const char *name, const int except[], size_t n_except, pid_t *re + + /* In the child: */ + +- stdout_is_tty = isatty_safe(STDOUT_FILENO); +- stderr_is_tty = isatty_safe(STDERR_FILENO); ++ bool stdin_is_tty = isatty_safe(STDIN_FILENO), ++ stdout_is_tty = isatty_safe(STDOUT_FILENO), ++ stderr_is_tty = isatty_safe(STDERR_FILENO); + +- if (!stdout_is_tty || !stderr_is_tty) { ++ if (!stdin_is_tty || !stdout_is_tty || !stderr_is_tty) { + int fd; + +- /* Detach from stdout/stderr and reopen /dev/tty for them. This is important to ensure that +- * when systemctl is started via popen() or a similar call that expects to read EOF we ++ /* Detach from stdin/stdout/stderr and reopen /dev/tty for them. This is important to ensure ++ * that when systemctl is started via popen() or a similar call that expects to read EOF we + * actually do generate EOF and not delay this indefinitely by keeping an unused copy of + * stdin around. */ +- fd = open("/dev/tty", O_WRONLY); ++ fd = open("/dev/tty", stdin_is_tty ? O_WRONLY : (stdout_is_tty && stderr_is_tty) ? O_RDONLY : O_RDWR); + if (fd < 0) { + if (errno != ENXIO) { + log_error_errno(errno, "Failed to open /dev/tty: %m"); +@@ -588,13 +588,18 @@ int _fork_agent(const char *name, const int except[], size_t n_except, pid_t *re + * connected to a TTY. That's a weird setup, but let's handle it gracefully: let's + * skip the forking of the agents, given the TTY setup is not in order. */ + } else { ++ if (!stdin_is_tty && dup2(fd, STDIN_FILENO) < 0) { ++ log_error_errno(errno, "Failed to dup2 /dev/tty to STDIN: %m"); ++ _exit(EXIT_FAILURE); ++ } ++ + if (!stdout_is_tty && dup2(fd, STDOUT_FILENO) < 0) { +- log_error_errno(errno, "Failed to dup2 /dev/tty: %m"); ++ log_error_errno(errno, "Failed to dup2 /dev/tty to STDOUT: %m"); + _exit(EXIT_FAILURE); + } + + if (!stderr_is_tty && dup2(fd, STDERR_FILENO) < 0) { +- log_error_errno(errno, "Failed to dup2 /dev/tty: %m"); ++ log_error_errno(errno, "Failed to dup2 /dev/tty to STDERR: %m"); + _exit(EXIT_FAILURE); + } + +diff --git a/src/shared/polkit-agent.c b/src/shared/polkit-agent.c +index 842e41e8db..d87eb56164 100644 +--- a/src/shared/polkit-agent.c ++++ b/src/shared/polkit-agent.c +@@ -31,12 +31,8 @@ int polkit_agent_open(void) { + if (geteuid() == 0) + return 0; + +- /* We check STDIN here, not STDOUT, since this is about input, not output */ +- if (!isatty_safe(STDIN_FILENO)) +- return 0; +- +- /* Also check if we have a controlling terminal. If not (ENXIO here), we aren't actually invoked +- * interactively on a terminal, hence fail */ ++ /* Check if we have a controlling terminal. If not (ENXIO here), we aren't actually invoked ++ * interactively on a terminal, hence fail. */ + r = get_ctty_devnr(0, NULL); + if (r == -ENXIO) + return 0; diff --git a/0029-mkosi-Fix-opensuse-build.patch b/0029-mkosi-Fix-opensuse-build.patch new file mode 100644 index 0000000..a753129 --- /dev/null +++ b/0029-mkosi-Fix-opensuse-build.patch @@ -0,0 +1,27 @@ +From 4162c331dd4fc6657d1f51c90a7a0223e9f4a30d Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 12 Dec 2024 11:58:42 +0000 +Subject: [PATCH] mkosi: Fix opensuse build + +The opensuse spec still looks for README.testsuite so hack it to look +for README.md instead now that we changed the name in the repo. + +(cherry picked from commit 3aa725732161f11788a51405f9c5204190e7a0e9) +--- + mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot +index 7349038638..c9089b78c4 100755 +--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot ++++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot +@@ -60,6 +60,9 @@ fi + # TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream). + sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR/systemd.spec" + ++# TODO: Drop when the opensuse spec uses README.md instead of README.testsuite. ++sed --in-place 's/README.testsuite/README.md/' "pkg/$PKG_SUBDIR/systemd.spec" ++ + build() { + IFS= + # shellcheck disable=SC2046 diff --git a/0030-units-use-PrivateTmp-disconnected-instead-of-yes-if-.patch b/0030-units-use-PrivateTmp-disconnected-instead-of-yes-if-.patch new file mode 100644 index 0000000..6fea3cc --- /dev/null +++ b/0030-units-use-PrivateTmp-disconnected-instead-of-yes-if-.patch @@ -0,0 +1,71 @@ +From 1f6e1928488d461d19fd1e4b4d645b0ea5ea8bf5 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Thu, 12 Dec 2024 11:48:52 +0000 +Subject: [PATCH] units: use PrivateTmp=disconnected instead of 'yes' if + DefaultDependencies=no + +Avoids subtle race conditions such as the one described at +#35582. + +Fixes #35582 + +(cherry picked from commit 1ca315be0097bccc9ff55e09ac339a48fdb9a040) +--- + units/systemd-coredump@.service.in | 2 +- + units/systemd-oomd.service.in | 2 +- + units/systemd-resolved.service.in | 2 +- + units/systemd-timesyncd.service.in | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in +index fa3206d07b..c74dc7a5a1 100644 +--- a/units/systemd-coredump@.service.in ++++ b/units/systemd-coredump@.service.in +@@ -26,7 +26,7 @@ NoNewPrivileges=yes + OOMScoreAdjust=500 + PrivateDevices=yes + PrivateNetwork=yes +-PrivateTmp=yes ++PrivateTmp=disconnected + ProtectControlGroups=yes + ProtectHome=read-only + ProtectHostname=yes +diff --git a/units/systemd-oomd.service.in b/units/systemd-oomd.service.in +index 82bd6245f8..670d5e6140 100644 +--- a/units/systemd-oomd.service.in ++++ b/units/systemd-oomd.service.in +@@ -37,7 +37,7 @@ MemoryLow=64M + NoNewPrivileges=yes + OOMScoreAdjust=-900 + PrivateDevices=yes +-PrivateTmp=yes ++PrivateTmp=disconnected + ProtectClock=yes + ProtectHome=yes + ProtectHostname=yes +diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in +index 4aa0788ac4..e181b2528a 100644 +--- a/units/systemd-resolved.service.in ++++ b/units/systemd-resolved.service.in +@@ -29,7 +29,7 @@ LockPersonality=yes + MemoryDenyWriteExecute=yes + NoNewPrivileges=yes + PrivateDevices=yes +-PrivateTmp=yes ++PrivateTmp=disconnected + ProtectClock=yes + ProtectControlGroups=yes + ProtectHome=yes +diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in +index cf233fbffd..835d6327e7 100644 +--- a/units/systemd-timesyncd.service.in ++++ b/units/systemd-timesyncd.service.in +@@ -31,7 +31,7 @@ LockPersonality=yes + MemoryDenyWriteExecute=yes + NoNewPrivileges=yes + PrivateDevices=yes +-PrivateTmp=yes ++PrivateTmp=disconnected + ProtectProc=invisible + ProtectControlGroups=yes + ProtectHome=yes diff --git a/0031-battery-check-parse-options-before-checking-for-kern.patch b/0031-battery-check-parse-options-before-checking-for-kern.patch new file mode 100644 index 0000000..534a4cd --- /dev/null +++ b/0031-battery-check-parse-options-before-checking-for-kern.patch @@ -0,0 +1,36 @@ +From 29cdad871ea5febb64336b43f08aab5ac15ab4cb Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Fri, 8 Nov 2024 12:23:37 +0000 +Subject: [PATCH] battery-check: parse options before checking for kernel + command line + +Otherwise --help/--version/etc which exit immediately will do pointless work + +(cherry picked from commit 60d23b7f4ae26d934e5748d30bb7ae956f3ad83d) +--- + src/battery-check/battery-check.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/battery-check/battery-check.c b/src/battery-check/battery-check.c +index 1563147b7b..a2ed5cbafd 100644 +--- a/src/battery-check/battery-check.c ++++ b/src/battery-check/battery-check.c +@@ -123,14 +123,14 @@ static int run(int argc, char *argv[]) { + + log_setup(); + +- r = proc_cmdline_get_bool("systemd.battery_check", PROC_CMDLINE_STRIP_RD_PREFIX|PROC_CMDLINE_TRUE_WHEN_MISSING, &arg_doit); +- if (r < 0) +- log_warning_errno(r, "Failed to parse systemd.battery_check= kernel command line option, ignoring: %m"); +- + r = parse_argv(argc, argv); + if (r <= 0) + return r; + ++ r = proc_cmdline_get_bool("systemd.battery_check", PROC_CMDLINE_STRIP_RD_PREFIX|PROC_CMDLINE_TRUE_WHEN_MISSING, &arg_doit); ++ if (r < 0) ++ log_warning_errno(r, "Failed to parse systemd.battery_check= kernel command line option, ignoring: %m"); ++ + if (!arg_doit) { + log_info("Checking battery status and AC power existence is disabled by the kernel command line, skipping execution."); + return 0; diff --git a/0032-test-loop-block-return-77-on-skip-in-more-places.patch b/0032-test-loop-block-return-77-on-skip-in-more-places.patch new file mode 100644 index 0000000..58a16ff --- /dev/null +++ b/0032-test-loop-block-return-77-on-skip-in-more-places.patch @@ -0,0 +1,34 @@ +From 1fb4673a6977c6a694f786dbc6cf2ff1990794ff Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Wed, 13 Nov 2024 14:20:34 +0000 +Subject: [PATCH] test-loop-block: return -77 on skip in more places + +(cherry picked from commit 81e0693465402d2e72cb3ba1b28e25e3c4c0206a) +--- + src/test/test-loop-block.c | 12 ++++-------- + 1 file changed, 4 insertions(+), 8 deletions(-) + +diff --git a/src/test/test-loop-block.c b/src/test/test-loop-block.c +index e69c0d5caf..921049c3fb 100644 +--- a/src/test/test-loop-block.c ++++ b/src/test/test-loop-block.c +@@ -224,15 +224,11 @@ static int run(int argc, char *argv[]) { + dissected = dissected_image_unref(dissected); + #endif + +- if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0) { +- log_tests_skipped("not running privileged"); +- return 0; +- } ++ if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0) ++ return log_tests_skipped("not running privileged"); + +- if (detect_container() > 0) { +- log_tests_skipped("Test not supported in a container, requires udev/uevent notifications"); +- return 0; +- } ++ if (detect_container() > 0) ++ return log_tests_skipped("Test not supported in a container, requires udev/uevent notifications"); + + assert_se(loop_device_make(fd, O_RDWR, 0, UINT64_MAX, 0, LO_FLAGS_PARTSCAN, LOCK_EX, &loop) >= 0); + diff --git a/0033-mkosi-update-debian-commit-reference.patch b/0033-mkosi-update-debian-commit-reference.patch new file mode 100644 index 0000000..6e82278 --- /dev/null +++ b/0033-mkosi-update-debian-commit-reference.patch @@ -0,0 +1,43 @@ +From 1a259b4e6006a48d5e3a83680f3341e1c68a2ba2 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Thu, 12 Dec 2024 16:46:11 +0000 +Subject: [PATCH] mkosi: update debian commit reference + +* e8b7c9a4dd Install 81-net-bridge.rules +* 50d2997a07 Install systemd-creds bash completion +* ff0c42823c test: fix flaky boot-and-services test +* 2a19dee4ba test: fix flaky boot-and-services test +* a15a0bfe60 Update changelog for 257-2 release +* c24eafcb7e Backport patches to fix test failures +* 29840f9b68 udev: install dmi_memory_id and its rules on riscv64 +* 44893bdb32 Update changelog for 257-1 release +* 7f71d995fb Update symbols file for v257 +* 2dd2b80499 Update upstream source from tag 'upstream/257' +* 51a3271a85 Update changelog for 257~rc3-1 release +* 8e687227c5 Update symbols for 257~rc3 +* c9bae527d6 Drop patches, merged upstream +* e8cf329870 Update upstream source from tag 'upstream/257_rc3' +* 794457516d autopkgtest: fix one more tzdata dependency +* 16bb143da1 Bump version in tzdata dependency due to p-u upload +* f2ddf70604 sysctl: Add file trigger on /usr/lib/sysctl.d to restart systemd-sysctl +* 79260cb0f4 Increase minimum sections in stub PE header on arm64/armhf/riscv64 to 500 +* ed3af24635 systemd-ukfy: recommend systemd-boot-efi for the stub + +(cherry picked from commit 8d20606eec236232fb003594b3e6c88131744f6b) +--- + mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf +index 5fb7dab758..6914a9ed59 100644 +--- a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf ++++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf +@@ -9,7 +9,7 @@ Environment= + GIT_URL=https://salsa.debian.org/systemd-team/systemd.git + GIT_SUBDIR=debian + GIT_BRANCH=debian/master +- GIT_COMMIT=51cd22f3684725a1b199012555e7378f2f468c16 ++ GIT_COMMIT=e8b7c9a4dda2888fec41ac020e1194cfdf57eb5d + PKG_SUBDIR=debian + + [Content] diff --git a/0033-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch b/0033-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch new file mode 100644 index 0000000..84a4d66 --- /dev/null +++ b/0033-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch @@ -0,0 +1,58 @@ +From 2a6fbf9da93ad2f76aa5578641e39801a13fd5dd Mon Sep 17 00:00:00 2001 +From: Tobias Klauser +Date: Wed, 11 Dec 2024 15:10:39 +0100 +Subject: [PATCH] profile.d: don't bail if $SHELL_* variables are unset + +If - for whatever reason - a script uses set -u (nounset) and includes +/etc/profile.d/70-systemd-shell-extra.sh (e.g. transitively via +/etc/profile) the script would fail with: + + /etc/profile.d/70-systemd-shell-extra.sh: line 15: SHELL_PROMPT_PREFIX: unbound variable + +For example: + + $ cat > foo.sh < +Date: Thu, 12 Dec 2024 12:41:45 +0000 +Subject: [PATCH] shell-completion: add smbios11 verb to systemd-analyze + +Follow-up for 8c5045f9b2681774e8731dc0d142c207b61aedf6 + +(cherry picked from commit e7fce6a370894de3a3ded32910e0a4b251d805df) +--- + shell-completion/bash/systemd-analyze | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/shell-completion/bash/systemd-analyze b/shell-completion/bash/systemd-analyze +index 7c5cb1c512..caec77e718 100644 +--- a/shell-completion/bash/systemd-analyze ++++ b/shell-completion/bash/systemd-analyze +@@ -67,7 +67,7 @@ _systemd_analyze() { + ) + + local -A VERBS=( +- [STANDALONE]='time blame unit-files unit-paths exit-status compare-versions calendar timestamp timespan pcrs srk has-tpm2' ++ [STANDALONE]='time blame unit-files unit-paths exit-status compare-versions calendar timestamp timespan pcrs srk has-tpm2 smbios11' + [CRITICAL_CHAIN]='critical-chain' + [DOT]='dot' + [DUMP]='dump' diff --git a/0035-logind-let-system-wide-idle-begin-at-the-time-logind.patch b/0035-logind-let-system-wide-idle-begin-at-the-time-logind.patch new file mode 100644 index 0000000..83c0cee --- /dev/null +++ b/0035-logind-let-system-wide-idle-begin-at-the-time-logind.patch @@ -0,0 +1,67 @@ +From 9d36809256c6d92c6d8358769479ad2c2b695664 Mon Sep 17 00:00:00 2001 +From: Florian Schmaus +Date: Sat, 16 Nov 2024 10:29:35 +0100 +Subject: [PATCH] logind: let system-wide idle begin at the time logind was + initialized + +Initialize the start of the system-wide idle time with the time logind was +initialized and not with the start of the Unix epoch. This means that systemd +will not repport a unreasonable long idle time (around 54 years at the time of +writing this), especially at in the early boot, while no login manager session, +e.g,. gdm, had a chance to provide a more accurate start of the idle period. + +Fixes #35163 + +(cherry picked from commit 718b31138b9a93f262259f297ad6b521454decc6) +--- + src/login/logind-core.c | 6 +++++- + src/login/logind.c | 2 ++ + src/login/logind.h | 2 ++ + 3 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/src/login/logind-core.c b/src/login/logind-core.c +index fad276f195..9892285805 100644 +--- a/src/login/logind-core.c ++++ b/src/login/logind-core.c +@@ -407,10 +407,14 @@ int manager_get_user_by_pid(Manager *m, pid_t pid, User **ret) { + int manager_get_idle_hint(Manager *m, dual_timestamp *t) { + Session *s; + bool idle_hint; +- dual_timestamp ts = DUAL_TIMESTAMP_NULL; ++ dual_timestamp ts; + + assert(m); + ++ /* Initialize the baseline timestamp with the time the manager got initialized to avoid reporting ++ * unreasonable large idle periods starting with the Unix epoch. */ ++ ts = m->init_ts; ++ + idle_hint = !manager_is_inhibited(m, INHIBIT_IDLE, /* block= */ true, t, false, false, 0, NULL); + + HASHMAP_FOREACH(s, m->sessions) { +diff --git a/src/login/logind.c b/src/login/logind.c +index f88a2004fd..8dc1781edf 100644 +--- a/src/login/logind.c ++++ b/src/login/logind.c +@@ -100,6 +100,8 @@ static int manager_new(Manager **ret) { + + (void) sd_event_set_watchdog(m->event, true); + ++ dual_timestamp_now(&m->init_ts); ++ + manager_reset_config(m); + + *ret = TAKE_PTR(m); +diff --git a/src/login/logind.h b/src/login/logind.h +index 1e17b610bc..ce7e76e761 100644 +--- a/src/login/logind.h ++++ b/src/login/logind.h +@@ -145,6 +145,8 @@ struct Manager { + struct stat efi_loader_entry_one_shot_stat; + + CalendarSpec *maintenance_time; ++ ++ dual_timestamp init_ts; + }; + + void manager_reset_config(Manager *m); diff --git a/0036-tmpfiles-reduce-quoting-in-warning-message.patch b/0036-tmpfiles-reduce-quoting-in-warning-message.patch new file mode 100644 index 0000000..5012437 --- /dev/null +++ b/0036-tmpfiles-reduce-quoting-in-warning-message.patch @@ -0,0 +1,35 @@ +From 3efa9e717f047bc4e51f6b1130468bdd6e004fdc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 7 Nov 2024 15:45:24 +0100 +Subject: [PATCH] tmpfiles: reduce quoting in warning message + +We printed: +systemd-tmpfiles[705]: /usr/lib/tmpfiles.d/20-systemd-shell-extra.conf:10: Unknown modifiers in command 'L$'. +systemd-tmpfiles[705]: /usr/lib/tmpfiles.d/systemd-network.conf:10: Unknown modifiers in command 'd$'. +systemd-tmpfiles[705]: /usr/lib/tmpfiles.d/systemd-network.conf:11: Unknown modifiers in command 'd$'. +... + +There's a lot of additional characters here make the message harder to parse. We know +that the command is a word without any whitespace, so quoting isn't really necessary. + +Change this to: +... unknown modifiers in command: L$ + +(cherry picked from commit 390bab53923eea822ac525d0e4aa4b7f86d8cd92) +--- + src/tmpfiles/tmpfiles.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c +index 86bf16356d..bff05cda6f 100644 +--- a/src/tmpfiles/tmpfiles.c ++++ b/src/tmpfiles/tmpfiles.c +@@ -3684,7 +3684,7 @@ static int parse_line( + else { + *invalid_config = true; + return log_syntax(NULL, LOG_ERR, fname, line, SYNTHETIC_ERRNO(EBADMSG), +- "Unknown modifiers in command '%s'.", action); ++ "Unknown modifiers in command: %s", action); + } + + if (boot && !arg_boot) { diff --git a/0037-semaphore-bump-timeout.patch b/0037-semaphore-bump-timeout.patch new file mode 100644 index 0000000..b75bc64 --- /dev/null +++ b/0037-semaphore-bump-timeout.patch @@ -0,0 +1,26 @@ +From 96b9fe831f888a0e9772a33acc752ebb822357b9 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Fri, 13 Dec 2024 22:08:27 +0000 +Subject: [PATCH] semaphore: bump timeout + +When semaphore is overloaded tests can take more than 1hr, bump +timeout + +(cherry picked from commit 1855064d4eb95abe6909a93f72bee46658dad36b) +--- + .semaphore/semaphore.yml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml +index 07742337e8..42df0f648f 100644 +--- a/.semaphore/semaphore.yml ++++ b/.semaphore/semaphore.yml +@@ -15,7 +15,7 @@ auto_cancel: + when: "true" + + execution_time_limit: +- hours: 1 ++ hours: 2 + + blocks: + - name: "Setup & test" diff --git a/0038-Revert-semaphore-skip-some-tests.patch b/0038-Revert-semaphore-skip-some-tests.patch new file mode 100644 index 0000000..d0914cc --- /dev/null +++ b/0038-Revert-semaphore-skip-some-tests.patch @@ -0,0 +1,26 @@ +From 61e321c452309b6686b345ff3be363d37dfb21d6 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Fri, 13 Dec 2024 23:43:28 +0000 +Subject: [PATCH] Revert "semaphore: skip some tests" + +This reverts commit e19cae12ff2e832ce7d79aa483e1aa27ed0ea1f4. + +(cherry picked from commit 7406e0a3afafc1e1c994a88a4e988e94177e5550) +--- + .semaphore/semaphore-runner.sh | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/.semaphore/semaphore-runner.sh b/.semaphore/semaphore-runner.sh +index b663674652..e903ced70d 100755 +--- a/.semaphore/semaphore-runner.sh ++++ b/.semaphore/semaphore-runner.sh +@@ -109,9 +109,6 @@ EOF + --env DPKG_DEB_COMPRESSOR_TYPE="none" \ + --env DEB_BUILD_PROFILES="pkg.systemd.upstream noudeb nodoc" \ + --env TEST_UPSTREAM=1 \ +- --skip-test localed-locale \ +- --skip-test localed-x11-keymap \ +- --skip-test build-with-static-libsystemd \ + ../systemd_*.dsc \ + -o "$ARTIFACTS_DIR" \ + -- lxc -s "$CONTAINER" \ diff --git a/0039-mkosi-fix-section-for-WithNetwork.patch b/0039-mkosi-fix-section-for-WithNetwork.patch new file mode 100644 index 0000000..8e76e24 --- /dev/null +++ b/0039-mkosi-fix-section-for-WithNetwork.patch @@ -0,0 +1,23 @@ +From 6186c2735bdd922cb5287be8586bdae1a5736c89 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Sat, 14 Dec 2024 10:57:34 +0000 +Subject: [PATCH] mkosi: fix section for WithNetwork= + +/tmp/autopkgtest.L6NPL0/build.doZ/src/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf: Setting WithNetwork should be configured in [Build], not [Content] + +(cherry picked from commit 301c159ce526933d048b9fd02ad7e2adfb4a6c58) +--- + mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf +index 4fb4f46075..a535736452 100644 +--- a/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf ++++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf +@@ -3,5 +3,5 @@ + [Match] + Environment=NO_BUILD=1 + +-[Content] ++[Build] + WithNetwork=yes diff --git a/0040-test-time-util-fix-truncation-of-usec-to-sec.patch b/0040-test-time-util-fix-truncation-of-usec-to-sec.patch new file mode 100644 index 0000000..139c7fd --- /dev/null +++ b/0040-test-time-util-fix-truncation-of-usec-to-sec.patch @@ -0,0 +1,57 @@ +From 11d70500171ca6dbbad8ecf9b1cf0d29e1d6d1ed Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sat, 14 Dec 2024 16:49:54 +0900 +Subject: [PATCH] test-time-util: fix truncation of usec to sec + +Also +- use ASSERT_XYZ() macros, +- log tzname[] on failure. + +(cherry picked from commit 3f1d499964abb6a4c0141d7ea8f852829880adff) +--- + src/test/test-time-util.c | 18 +++++++++++------- + 1 file changed, 11 insertions(+), 7 deletions(-) + +diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c +index d761261e24..d717ca94d2 100644 +--- a/src/test/test-time-util.c ++++ b/src/test/test-time-util.c +@@ -393,27 +393,31 @@ TEST(format_timestamp) { + static void test_format_timestamp_impl(usec_t x) { + bool success, override; + const char *xx, *yy; +- usec_t y; ++ usec_t y, x_sec, y_sec; + + xx = FORMAT_TIMESTAMP(x); +- assert_se(xx); +- assert_se(parse_timestamp(xx, &y) >= 0); ++ ASSERT_NOT_NULL(xx); ++ ASSERT_OK(parse_timestamp(xx, &y)); + yy = FORMAT_TIMESTAMP(y); +- assert_se(yy); ++ ASSERT_NOT_NULL(yy); + +- success = (x / USEC_PER_SEC == y / USEC_PER_SEC) && streq(xx, yy); ++ x_sec = x / USEC_PER_SEC; ++ y_sec = y / USEC_PER_SEC; ++ success = (x_sec == y_sec) && streq(xx, yy); + /* Workaround for https://github.com/systemd/systemd/issues/28472 + * and https://github.com/systemd/systemd/pull/35471. */ + override = !success && + (STRPTR_IN_SET(tzname[0], "CAT", "EAT", "WET") || + STRPTR_IN_SET(tzname[1], "CAT", "EAT", "WET")) && +- DIV_ROUND_UP(x > y ? x - y : y - x, USEC_PER_SEC) == 3600; /* 1 hour, ignore fractional second */ ++ (x_sec > y_sec ? x_sec - y_sec : y_sec - x_sec) == 3600; /* 1 hour, ignore fractional second */ + log_full(success ? LOG_DEBUG : override ? LOG_WARNING : LOG_ERR, + "@" USEC_FMT " → %s → @" USEC_FMT " → %s%s", + x, xx, y, yy, + override ? ", ignoring." : ""); + if (!override) { +- assert_se(x / USEC_PER_SEC == y / USEC_PER_SEC); ++ if (!success) ++ log_warning("tzname[0]=\"%s\", tzname[1]=\"%s\"", tzname[0], tzname[1]); ++ ASSERT_EQ(x_sec, y_sec); + ASSERT_STREQ(xx, yy); + } + } diff --git a/0041-network-don-t-warn-with-no-NSID-assigned.patch b/0041-network-don-t-warn-with-no-NSID-assigned.patch new file mode 100644 index 0000000..c5ba13c --- /dev/null +++ b/0041-network-don-t-warn-with-no-NSID-assigned.patch @@ -0,0 +1,40 @@ +From 0cddbebfbeedd3f71037d988dc91b6fb9f9b281f Mon Sep 17 00:00:00 2001 +From: Ronan Pigott +Date: Sat, 14 Dec 2024 14:39:26 -0700 +Subject: [PATCH] network: don't warn with no NSID assigned + +This is nothing interesting to warn about. Also use the symbolic +constant name when testing for this condition. + +(cherry picked from commit e803e95760be87588533f9affd76db6ad0b5fac8) +--- + src/network/networkd-manager-bus.c | 2 +- + src/shared/socket-netlink.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/network/networkd-manager-bus.c b/src/network/networkd-manager-bus.c +index 04a986a38d..29e5895255 100644 +--- a/src/network/networkd-manager-bus.c ++++ b/src/network/networkd-manager-bus.c +@@ -304,7 +304,7 @@ static int property_get_namespace_nsid( + * number. */ + + r = netns_get_nsid(/* netnsfd= */ -EBADF, &nsid); +- if (r < 0) ++ if (r < 0 && r != -ENODATA) + log_warning_errno(r, "Failed to query network nsid, ignoring: %m"); + + return sd_bus_message_append(reply, "u", nsid); +diff --git a/src/shared/socket-netlink.c b/src/shared/socket-netlink.c +index 09477449b9..b0500abd8b 100644 +--- a/src/shared/socket-netlink.c ++++ b/src/shared/socket-netlink.c +@@ -475,7 +475,7 @@ int netns_get_nsid(int netnsfd, uint32_t *ret) { + if (r < 0) + return r; + +- if (u == UINT32_MAX) /* no NSID assigned yet */ ++ if (u == (uint32_t) NETNSA_NSID_NOT_ASSIGNED) /* no NSID assigned yet */ + return -ENODATA; + + if (ret) diff --git a/0042-TEST-35-LOGIN-check-only-tty-session.patch b/0042-TEST-35-LOGIN-check-only-tty-session.patch new file mode 100644 index 0000000..b0c0e8f --- /dev/null +++ b/0042-TEST-35-LOGIN-check-only-tty-session.patch @@ -0,0 +1,56 @@ +From d23133ef7914a63df4a79864d0b2170a790ddd60 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sun, 15 Dec 2024 17:42:10 +0900 +Subject: [PATCH] TEST-35-LOGIN: check only tty session +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +For some reasons, another session logind-test-user may be started. +=== +Dec 13 07:04:16 systemd-logind[2140]: Got message type=method_call ... member=CreateSessionWithPIDFD ... +(snip) +Dec 13 07:04:16 systemd-logind[2140]: New session 15 of user logind-test-user. +Dec 13 07:04:16 systemd-logind[2140]: VT changed to 2 +Dec 13 07:04:16 systemd-logind[2140]: rfkill: Found udev node /dev/rfkill for seat seat0 +Dec 13 07:04:16 systemd-logind[2140]: udmabuf: Found udev node /dev/udmabuf for seat seat0 +Dec 13 07:04:16 systemd-logind[2140]: Found static node /dev/snd/timer for seat seat0 +Dec 13 07:04:16 systemd-logind[2140]: Found static node /dev/snd/seq for seat seat0 +Dec 13 07:04:16 systemd-logind[2140]: Changing ACLs at /dev/snd/timer for seat seat0 (uid 0→4712 add) +Dec 13 07:04:16 systemd-logind[2140]: Changing ACLs at /dev/rfkill for seat seat0 (uid 0→4712 add) +Dec 13 07:04:16 systemd-logind[2140]: Changing ACLs at /dev/udmabuf for seat seat0 (uid 0→4712 add) +Dec 13 07:04:16 systemd-logind[2140]: Changing ACLs at /dev/snd/seq for seat seat0 (uid 0→4712 add) +Dec 13 07:04:16 systemd[1]: user-4712.slice: Changed dead -> active +Dec 13 07:04:16 systemd[1]: user-4712.slice: Job 5951 user-4712.slice/start finished, result=done +Dec 13 07:04:16 systemd[1]: Created slice user-4712.slice. +Dec 13 07:04:16 systemd-logind[2140]: Electing new display for user logind-test-user +Dec 13 07:04:16 systemd-logind[2140]: Choosing session 15 in preference to - +(snip) +Dec 13 07:04:16 systemd-logind[2140]: Got message type=method_call ... member=CreateSessionWithPIDFD ... +(snip) +Dec 13 07:04:16 systemd-logind[2140]: New session 16 of user logind-test-user. +Dec 13 07:04:16 systemd-logind[2140]: Electing new display for user logind-test-user +Dec 13 07:04:16 systemd-logind[2140]: Ignoring session 16 +=== +Let's track only session for the user with tty, which we explicitly created. + +Fixes #35597. + +(cherry picked from commit 26f65dc0c76f59eb3896014346652885c493ae71) +--- + test/units/TEST-35-LOGIN.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/units/TEST-35-LOGIN.sh b/test/units/TEST-35-LOGIN.sh +index ac3836b816..80320e32e1 100755 +--- a/test/units/TEST-35-LOGIN.sh ++++ b/test/units/TEST-35-LOGIN.sh +@@ -639,7 +639,7 @@ EOF + + journalctl --sync + assert_eq "$(journalctl -b -u systemd-logind.service --since="$ts" --grep "Session \"$id\" of user \"logind-test-user\" is idle, stopping." | wc -l)" 1 +- assert_eq "$(loginctl --no-legend | grep -v manager | grep -c "logind-test-user")" 0 ++ assert_eq "$(loginctl --no-legend | grep -v manager | grep tty | grep -c "logind-test-user")" 0 + } + + testcase_ambient_caps() { diff --git a/0043-test-README-Environment-setting-for-mkosi-should-be-.patch b/0043-test-README-Environment-setting-for-mkosi-should-be-.patch new file mode 100644 index 0000000..65f8adf --- /dev/null +++ b/0043-test-README-Environment-setting-for-mkosi-should-be-.patch @@ -0,0 +1,28 @@ +From ddda27b8c449150ad2d6c07bc569d85a88809d06 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 16 Dec 2024 02:02:30 +0900 +Subject: [PATCH] test/README: Environment= setting for mkosi should be in + [Build] section + +Otherwise, we get the following warning: + +mkosi.local.conf: Setting Environment should be configured in [Build], not [Content]. + +(cherry picked from commit 78ef3959474a760679e50eb57b52563cb6f9b66d) +--- + test/README.testsuite | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/README.testsuite b/test/README.testsuite +index 5546fcf8b1..fc1c9f136d 100644 +--- a/test/README.testsuite ++++ b/test/README.testsuite +@@ -18,7 +18,7 @@ To make sure `mkosi` doesn't try to build systemd from source during the image b + process, you can add the following to `mkosi.local.conf`: + + ``` +-[Content] ++[Build] + Environment=NO_BUILD=1 + ``` + diff --git a/0044-mkosi-temporarily-disable-panic_on_warn.patch b/0044-mkosi-temporarily-disable-panic_on_warn.patch new file mode 100644 index 0000000..ea14130 --- /dev/null +++ b/0044-mkosi-temporarily-disable-panic_on_warn.patch @@ -0,0 +1,31 @@ +From 72ef5ac211b1d578dfd7630301d8c2bb73439819 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Mon, 16 Dec 2024 17:13:08 +0000 +Subject: [PATCH] mkosi: temporarily disable panic_on_warn + +Due to a BTRFS issue in kernel 6.12 (and backported in Ubuntu to 6.8) +there's a warning triggered by some tests, and it then causes a panic. + +The BTRFS issue has a patch but it is not available in any distro yet, +so disable panic_on_warn until it reaches Arch and Ubuntu Noble. Bugs +have been filed. + +(cherry picked from commit 930d65ccca8193a8cb635099c55852b677f5d58a) +--- + mkosi.conf | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/mkosi.conf b/mkosi.conf +index a5d4eab23b..5622667078 100644 +--- a/mkosi.conf ++++ b/mkosi.conf +@@ -74,7 +74,8 @@ KernelCommandLine= + oops=panic + panic=-1 + softlockup_panic=1 +- panic_on_warn=1 ++ # Disabled due to BTRFS issue, waiting for the fix to become available ++ panic_on_warn=0 + psi=1 + + KernelModulesInitrdExclude=.* diff --git a/0045-networkd-show-wireguard-private-key-read-error-numbe.patch b/0045-networkd-show-wireguard-private-key-read-error-numbe.patch new file mode 100644 index 0000000..3bcd2b3 --- /dev/null +++ b/0045-networkd-show-wireguard-private-key-read-error-numbe.patch @@ -0,0 +1,25 @@ +From b5dc1922f9bd0a64cf17be8c503baba58bf5ba82 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 16 Dec 2024 17:19:59 +0100 +Subject: [PATCH] networkd: show wireguard private key read error number + +Noticed while looking at #35641 + +(cherry picked from commit 0543b02cf8211353c0bb1065e09614f551944a41) +--- + src/network/netdev/wireguard.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c +index 8d1dddf828..5a58e1082c 100644 +--- a/src/network/netdev/wireguard.c ++++ b/src/network/netdev/wireguard.c +@@ -1198,7 +1198,7 @@ static int wireguard_verify(NetDev *netdev, const char *filename) { + r = wireguard_read_key_file(w->private_key_file, w->private_key); + if (r < 0) + return log_netdev_error_errno(netdev, r, +- "Failed to read private key from %s. Ignoring network device.", ++ "Failed to read private key from '%s', ignoring network device: %m", + w->private_key_file); + + if (eqzero(w->private_key)) { diff --git a/0046-systemctl-edit-ignore-ENOENT-from-unit_is_masked.patch b/0046-systemctl-edit-ignore-ENOENT-from-unit_is_masked.patch new file mode 100644 index 0000000..16f06c7 --- /dev/null +++ b/0046-systemctl-edit-ignore-ENOENT-from-unit_is_masked.patch @@ -0,0 +1,59 @@ +From 48b404d546e6cb6d32d9cb346bbd43760311790b Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 16 Dec 2024 12:37:17 +0900 +Subject: [PATCH] systemctl-edit: ignore ENOENT from unit_is_masked() + +If a specified unit does not exist, then it is definitely not masked. + +Fixes #35632. + +(cherry picked from commit b58b00e4c33474505009c8118d6cfdf29a2c6cb1) +--- + src/systemctl/systemctl-edit.c | 4 ++-- + test/units/TEST-26-SYSTEMCTL.sh | 11 +++++++++++ + 2 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/src/systemctl/systemctl-edit.c b/src/systemctl/systemctl-edit.c +index c42a31153d..7165fa1cf7 100644 +--- a/src/systemctl/systemctl-edit.c ++++ b/src/systemctl/systemctl-edit.c +@@ -349,8 +349,8 @@ int verb_edit(int argc, char *argv[], void *userdata) { + + STRV_FOREACH(tmp, names) { + r = unit_is_masked(bus, *tmp); +- if (r < 0) +- return r; ++ if (r < 0 && r != -ENOENT) ++ return log_error_errno(r, "Failed to check if unit %s is masked: %m", *tmp); + if (r > 0) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot edit %s: unit is masked.", *tmp); + } +diff --git a/test/units/TEST-26-SYSTEMCTL.sh b/test/units/TEST-26-SYSTEMCTL.sh +index ed7b9f64bf..8e895aa9ae 100755 +--- a/test/units/TEST-26-SYSTEMCTL.sh ++++ b/test/units/TEST-26-SYSTEMCTL.sh +@@ -21,6 +21,7 @@ at_exit() { + # the 'revert' verb as well + export UNIT_NAME="systemctl-test-$RANDOM.service" + export UNIT_NAME2="systemctl-test-$RANDOM.service" ++export UNIT_NAME_TEMPLATE="systemctl-test-${RANDOM}@.service" + + cat >"/usr/lib/systemd/system/$UNIT_NAME" <<\EOF + [Unit] +@@ -65,6 +66,16 @@ EOF + printf '%s\n' '[Unit]' 'Description=spectacular' '# this comment should remain' | \ + cmp - "/etc/systemd/system/$UNIT_NAME.d/override2.conf" + ++# Edit nonexistent template unit, see issue #35632. ++systemctl edit "$UNIT_NAME_TEMPLATE" --stdin --runtime --force --full < +Date: Tue, 17 Dec 2024 11:10:42 -0500 +Subject: [PATCH] test: skip TEST-69-SHUTDOWN on ubuntu too + +(cherry picked from commit 96c4d9d94d06c6c0a8b68be376505f8d8b5eba2b) +--- + test/units/TEST-69-SHUTDOWN.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/units/TEST-69-SHUTDOWN.py b/test/units/TEST-69-SHUTDOWN.py +index d044164135..4e554702ab 100755 +--- a/test/units/TEST-69-SHUTDOWN.py ++++ b/test/units/TEST-69-SHUTDOWN.py +@@ -13,7 +13,7 @@ def main(): + with open("/usr/lib/os-release") as f: + for line in f: + if line.startswith("ID="): +- if "debian" in line: ++ if "debian" in line or "ubuntu" in line: + sys.exit(77) + + logger = logging.getLogger("test-shutdown") diff --git a/0048-mkosi-Fix-tools-image-package-name.patch b/0048-mkosi-Fix-tools-image-package-name.patch new file mode 100644 index 0000000..586efb0 --- /dev/null +++ b/0048-mkosi-Fix-tools-image-package-name.patch @@ -0,0 +1,23 @@ +From 7ce53569dfe00f22d3da397be7b9f0f858cd9f4f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michal=20Koutn=C3=BD?= +Date: Wed, 18 Dec 2024 10:36:55 +0100 +Subject: [PATCH] mkosi: Fix tools image package name + +(cherry picked from commit 4c9f242a54ced16897857a80867758557829f0c3) +--- + mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf +index 9c56164f32..c065a52cf3 100644 +--- a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf ++++ b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf +@@ -15,7 +15,7 @@ ToolsTreePackages= + pkgconfig(libmicrohttpd) + pkgconfig(mount) + python3-ruff +- tss2-devel ++ tpm2-0-tss-devel + python3-jinja2 + python3-pytest + ShellCheck diff --git a/0049-tpm2-util-Also-retry-unsealing-after-policy_pcr-retu.patch b/0049-tpm2-util-Also-retry-unsealing-after-policy_pcr-retu.patch new file mode 100644 index 0000000..2a70642 --- /dev/null +++ b/0049-tpm2-util-Also-retry-unsealing-after-policy_pcr-retu.patch @@ -0,0 +1,42 @@ +From 9258e27f4a1ddf2834d0cadd66770ad65e55e066 Mon Sep 17 00:00:00 2001 +From: Fabian Vogt +Date: Mon, 16 Dec 2024 19:08:13 +0100 +Subject: [PATCH] tpm2-util: Also retry unsealing after policy_pcr returns + PCR_CHANGED + +It's not just Esys_Unseal that may fail due to PCR changes during the +session, but also Esys_PolicyPCR. Perform a retry in that case as well. + +Fixes #35490 + +(cherry picked from commit e61032bf47e6a7e572643a0060c6dd610635c854) +--- + src/shared/tpm2-util.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c +index 36a0f906da..5b6b3ea93c 100644 +--- a/src/shared/tpm2-util.c ++++ b/src/shared/tpm2-util.c +@@ -4015,6 +4015,9 @@ int tpm2_policy_pcr( + ESYS_TR_NONE, + NULL, + pcr_selection); ++ if (rc == TPM2_RC_PCR_CHANGED) ++ return log_debug_errno(SYNTHETIC_ERRNO(EUCLEAN), ++ "Failed to add PCR policy to TPM: %s", sym_Tss2_RC_Decode(rc)); + if (rc != TSS2_RC_SUCCESS) + return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), + "Failed to add PCR policy to TPM: %s", sym_Tss2_RC_Decode(rc)); +@@ -5810,6 +5813,11 @@ int tpm2_unseal(Tpm2Context *c, + !!pin, + (shard == 1 || !iovec_is_set(pubkey)) ? pcrlock_policy : NULL, + &policy_digest); ++ if (r == -EUCLEAN && i > 0) { ++ log_debug("A PCR value changed during the TPM2 policy session, restarting HMAC key unsealing (%u tries left).", i); ++ retry = true; ++ break; ++ } + if (r < 0) + return r; + diff --git a/0050-resolved-if-one-transaction-completes-expect-other-t.patch b/0050-resolved-if-one-transaction-completes-expect-other-t.patch new file mode 100644 index 0000000..3d40f58 --- /dev/null +++ b/0050-resolved-if-one-transaction-completes-expect-other-t.patch @@ -0,0 +1,261 @@ +From 1748265915e09120d75766baaa4516b2779140eb Mon Sep 17 00:00:00 2001 +From: Morten Hauke Solvang +Date: Thu, 12 Dec 2024 14:26:31 +0100 +Subject: [PATCH] resolved: if one transaction completes, expect other + transactions within candidate to succeed quickly + +Fixes #22575, as suggested by poettering in #35514. + +Intended as a workaround for some buggy routers, which refuse to send empty +replies. If systemd-resolved starts two DnsTransactions, one for A and one +for AAAA, and the domain in question has no AAAA entry, then the server will +send a reply for A and no reply for AAAA. Correct behavior for the server would +be to send an empty reply for AAAA. + +systemd-resolved would previously keep retrying the AAAA transaction, and +eventually timeout the whole query, returning an error to the caller. + +Now, if the server replies to one query and not another, we cut short the +timeout and return the partial result. Returning the partial result allows +the rest of the system to keep working. It matches how e.g. glibc libnss_dns +behaves. + +(cherry picked from commit 0da73fab56506ff1e4f8e59c167d27961f0fbf33) +--- + src/resolve/resolved-dns-query.c | 46 +++++++++++++++++++++++++- + src/resolve/resolved-dns-query.h | 1 + + src/resolve/resolved-dns-scope.c | 1 + + src/resolve/resolved-dns-transaction.c | 10 ++---- + src/resolve/resolved-dns-transaction.h | 21 ------------ + src/resolve/resolved-timeouts.h | 39 ++++++++++++++++++++++ + 6 files changed, 88 insertions(+), 30 deletions(-) + create mode 100644 src/resolve/resolved-timeouts.h + +diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c +index 47788e3216..700c40a8ae 100644 +--- a/src/resolve/resolved-dns-query.c ++++ b/src/resolve/resolved-dns-query.c +@@ -10,6 +10,7 @@ + #include "resolved-dns-query.h" + #include "resolved-dns-synthesize.h" + #include "resolved-etc-hosts.h" ++#include "resolved-timeouts.h" + #include "string-util.h" + + #define QUERIES_MAX 2048 +@@ -48,6 +49,8 @@ static void dns_query_candidate_stop(DnsQueryCandidate *c) { + + assert(c); + ++ (void) event_source_disable(c->timeout_event_source); ++ + /* Detach all the DnsTransactions attached to this query */ + + while ((t = set_steal_first(c->transactions))) { +@@ -62,6 +65,8 @@ static void dns_query_candidate_abandon(DnsQueryCandidate *c) { + + assert(c); + ++ (void) event_source_disable(c->timeout_event_source); ++ + /* Abandon all the DnsTransactions attached to this query */ + + while ((t = set_steal_first(c->transactions))) { +@@ -94,6 +99,8 @@ static DnsQueryCandidate* dns_query_candidate_free(DnsQueryCandidate *c) { + if (!c) + return NULL; + ++ c->timeout_event_source = sd_event_source_disable_unref(c->timeout_event_source); ++ + dns_query_candidate_stop(c); + dns_query_candidate_unlink(c); + +@@ -312,6 +319,30 @@ fail: + return r; + } + ++static void dns_query_accept(DnsQuery *q, DnsQueryCandidate *c); ++ ++static int on_candidate_timeout(sd_event_source *s, usec_t usec, void *userdata) { ++ DnsQueryCandidate *c = userdata; ++ ++ assert(s); ++ assert(c); ++ ++ log_debug("Accepting incomplete query candidate after expedited timeout on partial success."); ++ dns_query_accept(c->query, c); ++ ++ return 0; ++} ++ ++static bool dns_query_candidate_has_partially_succeeded(DnsQueryCandidate *c) { ++ DnsTransaction *t; ++ ++ SET_FOREACH(t, c->transactions) ++ if (t->state == DNS_TRANSACTION_SUCCESS) ++ return true; ++ ++ return false; ++} ++ + void dns_query_candidate_notify(DnsQueryCandidate *c) { + DnsTransactionState state; + int r; +@@ -323,11 +354,24 @@ void dns_query_candidate_notify(DnsQueryCandidate *c) { + + state = dns_query_candidate_state(c); + +- if (DNS_TRANSACTION_IS_LIVE(state)) ++ if (DNS_TRANSACTION_IS_LIVE(state)) { ++ if (dns_query_candidate_has_partially_succeeded(c)) ++ (void) event_reset_time_relative( ++ c->query->manager->event, ++ &c->timeout_event_source, ++ CLOCK_BOOTTIME, ++ CANDIDATE_EXPEDITED_TIMEOUT_USEC, /* accuracy_usec= */ 0, ++ on_candidate_timeout, c, ++ /* priority= */ 0, "candidate-timeout", ++ /* force_reset= */ false); ++ + return; ++ } + + if (state != DNS_TRANSACTION_SUCCESS && c->search_domain) { + ++ (void) event_source_disable(c->timeout_event_source); ++ + r = dns_query_candidate_next_search_domain(c); + if (r < 0) + goto fail; +diff --git a/src/resolve/resolved-dns-query.h b/src/resolve/resolved-dns-query.h +index 6bbebcac93..1097e90dc0 100644 +--- a/src/resolve/resolved-dns-query.h ++++ b/src/resolve/resolved-dns-query.h +@@ -25,6 +25,7 @@ struct DnsQueryCandidate { + DnsSearchDomain *search_domain; + + Set *transactions; ++ sd_event_source *timeout_event_source; + + LIST_FIELDS(DnsQueryCandidate, candidates_by_query); + LIST_FIELDS(DnsQueryCandidate, candidates_by_scope); +diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c +index cd16d2475e..3f137468cc 100644 +--- a/src/resolve/resolved-dns-scope.c ++++ b/src/resolve/resolved-dns-scope.c +@@ -16,6 +16,7 @@ + #include "resolved-dns-zone.h" + #include "resolved-llmnr.h" + #include "resolved-mdns.h" ++#include "resolved-timeouts.h" + #include "socket-util.h" + #include "strv.h" + +diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c +index a162a91a03..9e539a54f3 100644 +--- a/src/resolve/resolved-dns-transaction.c ++++ b/src/resolve/resolved-dns-transaction.c +@@ -14,13 +14,10 @@ + #include "resolved-dns-transaction.h" + #include "resolved-dnstls.h" + #include "resolved-llmnr.h" ++#include "resolved-timeouts.h" + #include "string-table.h" + + #define TRANSACTIONS_MAX 4096 +-#define TRANSACTION_TCP_TIMEOUT_USEC (10U*USEC_PER_SEC) +- +-/* After how much time to repeat classic DNS requests */ +-#define DNS_TIMEOUT_USEC (SD_RESOLVED_QUERY_TIMEOUT_USEC / DNS_TRANSACTION_ATTEMPTS_MAX) + + static void dns_transaction_reset_answer(DnsTransaction *t) { + assert(t); +@@ -1632,13 +1629,10 @@ static usec_t transaction_get_resend_timeout(DnsTransaction *t) { + + case DNS_PROTOCOL_DNS: + +- /* When we do TCP, grant a much longer timeout, as in this case there's no need for us to quickly +- * resend, as the kernel does that anyway for us, and we really don't want to interrupt it in that +- * needlessly. */ + if (t->stream) + return TRANSACTION_TCP_TIMEOUT_USEC; + +- return DNS_TIMEOUT_USEC; ++ return TRANSACTION_UDP_TIMEOUT_USEC; + + case DNS_PROTOCOL_MDNS: + if (t->probing) +diff --git a/src/resolve/resolved-dns-transaction.h b/src/resolve/resolved-dns-transaction.h +index 30d2167d64..cea0a890db 100644 +--- a/src/resolve/resolved-dns-transaction.h ++++ b/src/resolve/resolved-dns-transaction.h +@@ -203,24 +203,3 @@ DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_; + + const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_; + DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_; +- +-/* LLMNR Jitter interval, see RFC 4795 Section 7 */ +-#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC) +- +-/* mDNS probing interval, see RFC 6762 Section 8.1 */ +-#define MDNS_PROBING_INTERVAL_USEC (250 * USEC_PER_MSEC) +- +-/* Maximum attempts to send DNS requests, across all DNS servers */ +-#define DNS_TRANSACTION_ATTEMPTS_MAX 24 +- +-/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */ +-#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3 +- +-/* Maximum attempts to send MDNS requests, see RFC 6762 Section 8.1 */ +-#define MDNS_TRANSACTION_ATTEMPTS_MAX 3 +- +-#define TRANSACTION_ATTEMPTS_MAX(p) ((p) == DNS_PROTOCOL_LLMNR ? \ +- LLMNR_TRANSACTION_ATTEMPTS_MAX : \ +- (p) == DNS_PROTOCOL_MDNS ? \ +- MDNS_TRANSACTION_ATTEMPTS_MAX : \ +- DNS_TRANSACTION_ATTEMPTS_MAX) +diff --git a/src/resolve/resolved-timeouts.h b/src/resolve/resolved-timeouts.h +new file mode 100644 +index 0000000000..e17fe30175 +--- /dev/null ++++ b/src/resolve/resolved-timeouts.h +@@ -0,0 +1,39 @@ ++/* SPDX-License-Identifier: LGPL-2.1-or-later */ ++#pragma once ++ ++#include "time-util.h" ++#include "resolved-def.h" ++ ++/* LLMNR Jitter interval, see RFC 4795 Section 7 */ ++#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC) ++ ++/* mDNS probing interval, see RFC 6762 Section 8.1 */ ++#define MDNS_PROBING_INTERVAL_USEC (250 * USEC_PER_MSEC) ++ ++/* Maximum attempts to send DNS requests, across all DNS servers */ ++#define DNS_TRANSACTION_ATTEMPTS_MAX 24 ++ ++/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */ ++#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3 ++ ++/* Maximum attempts to send MDNS requests, see RFC 6762 Section 8.1 */ ++#define MDNS_TRANSACTION_ATTEMPTS_MAX 3 ++ ++#define TRANSACTION_ATTEMPTS_MAX(p) (\ ++ (p) == DNS_PROTOCOL_LLMNR ? \ ++ LLMNR_TRANSACTION_ATTEMPTS_MAX : \ ++ (p) == DNS_PROTOCOL_MDNS ? \ ++ MDNS_TRANSACTION_ATTEMPTS_MAX : \ ++ DNS_TRANSACTION_ATTEMPTS_MAX) ++ ++/* After how much time to repeat classic DNS requests */ ++#define TRANSACTION_UDP_TIMEOUT_USEC (SD_RESOLVED_QUERY_TIMEOUT_USEC / DNS_TRANSACTION_ATTEMPTS_MAX) ++ ++/* When we do TCP, grant a much longer timeout, as in this case there's no need for us to quickly ++ * resend, as the kernel does that anyway for us, and we really don't want to interrupt it in that ++ * needlessly. */ ++#define TRANSACTION_TCP_TIMEOUT_USEC (10 * USEC_PER_SEC) ++ ++/* Should be longer than transaction timeout for a single UDP transaction, so we get at least ++ * one transaction retry before timeouting the whole candidate */ ++#define CANDIDATE_EXPEDITED_TIMEOUT_USEC (TRANSACTION_UDP_TIMEOUT_USEC + 1 * USEC_PER_SEC) diff --git a/0051-man-Document-generator-sandbox-environment.patch b/0051-man-Document-generator-sandbox-environment.patch new file mode 100644 index 0000000..1a1c15e --- /dev/null +++ b/0051-man-Document-generator-sandbox-environment.patch @@ -0,0 +1,25 @@ +From 0acc4cd05efab53c1d25b2dff47ed6103b0ddf0e Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 18 Dec 2024 12:32:59 +0100 +Subject: [PATCH] man: Document generator sandbox environment + +(cherry picked from commit a48803fd8464e56747f0e145af61bd746351c7d6) +--- + man/systemd.generator.xml | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/man/systemd.generator.xml b/man/systemd.generator.xml +index 1a9b5d1653..ce09a6648f 100644 +--- a/man/systemd.generator.xml ++++ b/man/systemd.generator.xml +@@ -64,6 +64,10 @@ + override existing definitions. For tests, generators may be called with just one argument; the generator + should assume that all three paths are the same in that case. + ++ Generators executed by the system manager are invoked in a sandbox with a private writable ++ /tmp/ directory and where most of the file system is read-only except for the ++ generator output directories. ++ + Directory paths for generator output differ by priority: …/generator.early has + priority higher than the admin configuration in /etc/, while + …/generator has lower priority than /etc/ but higher than diff --git a/0052-ukify-Fix-regression-in-no-sign-kernel-flag.patch b/0052-ukify-Fix-regression-in-no-sign-kernel-flag.patch new file mode 100644 index 0000000..85421e1 --- /dev/null +++ b/0052-ukify-Fix-regression-in-no-sign-kernel-flag.patch @@ -0,0 +1,46 @@ +From 82d97eb8fa19a6753dafcb2b623cb8277213804f Mon Sep 17 00:00:00 2001 +From: Thomas Hebb +Date: Wed, 18 Dec 2024 11:08:17 -0500 +Subject: [PATCH] ukify: Fix regression in --no-sign-kernel flag + +The man page says that --sign-kernel and --no-sign-kernel "override the +detection of whether to sign the Linux binary", so we should only +autodetect if neither are specified. But as of commit 02eabaffe98c +("ukify: Add a unified interface for signing tools"), we autodetect even +when --no-sign-kernel is passed, which makes the flag useless. + +The sign_kernel option is parsed using argparse.BooleanOptionalAction, +which sets it to either True, False, or None. commit 02eabaffe98c +replaced `sign_kernel is None` with `not sign_kernel`. These are not the +same in Python, as the latter accepts False as well as None. + +Restore the original check and fix type annotations accordingly. + +Fixes: 02eabaffe98c ("ukify: Add a unified interface for signing tools") +(cherry picked from commit 32c3e1379dce563a7e686c99045549ac74cce142) +--- + src/ukify/ukify.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py +index e661dfe548..3f36aa7af6 100755 +--- a/src/ukify/ukify.py ++++ b/src/ukify/ukify.py +@@ -264,7 +264,7 @@ class UkifyConfig: + sbat: Optional[list[str]] + sections: list['Section'] + sections_by_name: dict[str, 'Section'] +- sign_kernel: bool ++ sign_kernel: Optional[bool] + signing_engine: Optional[str] + signing_provider: Optional[str] + certificate_provider: Optional[str] +@@ -1108,7 +1108,7 @@ def make_uki(opts: UkifyConfig) -> None: + assert opts.signtool is not None + signtool = SignTool.from_string(opts.signtool) + +- if not sign_kernel: ++ if sign_kernel is None: + # figure out if we should sign the kernel + sign_kernel = signtool.verify(opts) + diff --git a/0053-mkosi-switch-debian-ubuntu-to-ci-v257-stable-branch.patch b/0053-mkosi-switch-debian-ubuntu-to-ci-v257-stable-branch.patch new file mode 100644 index 0000000..ad2f52f --- /dev/null +++ b/0053-mkosi-switch-debian-ubuntu-to-ci-v257-stable-branch.patch @@ -0,0 +1,25 @@ +From 7eba6cdd2f1cf507c3308d4ea9f6d89e67faf35f Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Thu, 19 Dec 2024 11:45:43 +0000 +Subject: [PATCH] mkosi: switch debian/ubuntu to ci/v257-stable branch + +Packaging has diverged from main due to new files +--- + mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf +index 6914a9ed59..321dc5422f 100644 +--- a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf ++++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf +@@ -8,8 +8,8 @@ Distribution=|ubuntu + Environment= + GIT_URL=https://salsa.debian.org/systemd-team/systemd.git + GIT_SUBDIR=debian +- GIT_BRANCH=debian/master +- GIT_COMMIT=e8b7c9a4dda2888fec41ac020e1194cfdf57eb5d ++ GIT_BRANCH=ci/v257-stable ++ GIT_COMMIT=20150867b7123aa825e3320227aed642e6cc9a08 + PKG_SUBDIR=debian + + [Content] diff --git a/0054-semaphore-switch-debian-ubuntu-to-ci-v257-stable-bra.patch b/0054-semaphore-switch-debian-ubuntu-to-ci-v257-stable-bra.patch new file mode 100644 index 0000000..fb0a32d --- /dev/null +++ b/0054-semaphore-switch-debian-ubuntu-to-ci-v257-stable-bra.patch @@ -0,0 +1,23 @@ +From 9c8559bccfe266b7f1a36f337cbd868121e0c372 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Thu, 19 Dec 2024 11:46:50 +0000 +Subject: [PATCH] semaphore: switch debian/ubuntu to ci/v257-stable branch + +Packaging has diverged from main due to new files +--- + .semaphore/semaphore-runner.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/.semaphore/semaphore-runner.sh b/.semaphore/semaphore-runner.sh +index e903ced70d..74fc0ab36c 100755 +--- a/.semaphore/semaphore-runner.sh ++++ b/.semaphore/semaphore-runner.sh +@@ -8,7 +8,7 @@ set -o pipefail + DISTRO="${DISTRO:-debian}" + RELEASE="${RELEASE:-bookworm}" + SALSA_URL="${SALSA_URL:-https://salsa.debian.org/systemd-team/systemd.git}" +-BRANCH="${BRANCH:-debian/master}" ++BRANCH="${BRANCH:-ci/v257-stable}" + ARCH="${ARCH:-amd64}" + CONTAINER="${RELEASE}-${ARCH}" + CACHE_DIR=/var/tmp diff --git a/0055-Revert-terminal-util-unify-code-that-resets-dev-cons.patch b/0055-Revert-terminal-util-unify-code-that-resets-dev-cons.patch new file mode 100644 index 0000000..8b49378 --- /dev/null +++ b/0055-Revert-terminal-util-unify-code-that-resets-dev-cons.patch @@ -0,0 +1,172 @@ +From 2b379aa0cbce5c4ddee5ca118387503023b5474c Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Thu, 19 Dec 2024 12:26:36 +0000 +Subject: [PATCH] Revert "terminal-util: unify code that resets /dev/console in + common helper" + +This reverts commit 2736295ddb78a457796f24805e7b98c3f5304848. +--- + src/basic/terminal-util.c | 53 ++++++++++++++++----------------------- + src/basic/terminal-util.h | 3 ++- + src/core/main.c | 30 ++++++++++++++++------ + 3 files changed, 45 insertions(+), 41 deletions(-) + +diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c +index 878c1ec06a..409f2abb45 100644 +--- a/src/basic/terminal-util.c ++++ b/src/basic/terminal-util.c +@@ -577,7 +577,7 @@ static int vt_reset_keyboard(int fd) { + return RET_NERRNO(ioctl(fd, KDSKBMODE, kb)); + } + +-static int terminal_reset_ioctl(int fd, bool switch_to_text) { ++int terminal_reset_ioctl(int fd, bool switch_to_text) { + struct termios termios; + int r; + +@@ -645,7 +645,7 @@ finish: + return r; + } + +-static int terminal_reset_ansi_seq(int fd) { ++int terminal_reset_ansi_seq(int fd) { + int r, k; + + assert(fd >= 0); +@@ -675,35 +675,6 @@ static int terminal_reset_ansi_seq(int fd) { + return k < 0 ? k : r; + } + +-void reset_dev_console_fd(int fd, bool switch_to_text) { +- int r; +- +- assert(fd >= 0); +- +- _cleanup_close_ int lock_fd = lock_dev_console(); +- if (lock_fd < 0) +- log_debug_errno(lock_fd, "Failed to lock /dev/console, ignoring: %m"); +- +- r = terminal_reset_ioctl(fd, switch_to_text); +- if (r < 0) +- log_warning_errno(r, "Failed to reset /dev/console, ignoring: %m"); +- +- unsigned rows, cols; +- r = proc_cmdline_tty_size("/dev/console", &rows, &cols); +- if (r < 0) +- log_warning_errno(r, "Failed to get /dev/console size, ignoring: %m"); +- else if (r > 0) { +- r = terminal_set_size_fd(fd, NULL, rows, cols); +- if (r < 0) +- log_warning_errno(r, "Failed to set configured terminal size on /dev/console, ignoring: %m"); +- } else +- (void) terminal_fix_size(fd, fd); +- +- r = terminal_reset_ansi_seq(fd); +- if (r < 0) +- log_warning_errno(r, "Failed to reset /dev/console using ANSI sequences, ignoring: %m"); +-} +- + int lock_dev_console(void) { + _cleanup_close_ int fd = -EBADF; + int r; +@@ -737,7 +708,25 @@ int make_console_stdio(void) { + return log_error_errno(r, "Failed to make /dev/null stdin/stdout/stderr: %m"); + + } else { +- reset_dev_console_fd(fd, /* switch_to_text= */ true); ++ unsigned rows, cols; ++ ++ r = terminal_reset_ioctl(fd, /* switch_to_text= */ true); ++ if (r < 0) ++ log_warning_errno(r, "Failed to reset terminal, ignoring: %m"); ++ ++ r = proc_cmdline_tty_size("/dev/console", &rows, &cols); ++ if (r < 0) ++ log_warning_errno(r, "Failed to get terminal size, ignoring: %m"); ++ else if (r > 0) { ++ r = terminal_set_size_fd(fd, NULL, rows, cols); ++ if (r < 0) ++ log_warning_errno(r, "Failed to set configured terminal size, ignoring: %m"); ++ } else ++ (void) terminal_fix_size(fd, fd); ++ ++ r = terminal_reset_ansi_seq(fd); ++ if (r < 0) ++ log_warning_errno(r, "Failed to reset terminal using ANSI sequences, ignoring: %m"); + + r = rearrange_stdio(fd, fd, fd); /* This invalidates 'fd' both on success and on failure. */ + if (r < 0) +diff --git a/src/basic/terminal-util.h b/src/basic/terminal-util.h +index c30faf168c..90662e2e66 100644 +--- a/src/basic/terminal-util.h ++++ b/src/basic/terminal-util.h +@@ -39,6 +39,8 @@ + + bool isatty_safe(int fd); + ++int terminal_reset_ioctl(int fd, bool switch_to_text); ++int terminal_reset_ansi_seq(int fd); + int terminal_reset_defensive(int fd, bool switch_to_text); + int terminal_reset_defensive_locked(int fd, bool switch_to_text); + +@@ -101,7 +103,6 @@ bool tty_is_console(const char *tty) _pure_; + int vtnr_from_tty(const char *tty); + const char* default_term_for_tty(const char *tty); + +-void reset_dev_console_fd(int fd, bool switch_to_text); + int lock_dev_console(void); + int make_console_stdio(void); + +diff --git a/src/core/main.c b/src/core/main.c +index 172742c769..4bd2d8df75 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -245,18 +245,32 @@ unset: + } + + static int console_setup(void) { +- +- if (getpid_cached() != 1) +- return 0; +- + _cleanup_close_ int tty_fd = -EBADF; ++ unsigned rows, cols; ++ int r; + +- tty_fd = open_terminal("/dev/console", O_RDWR|O_NOCTTY|O_CLOEXEC); ++ tty_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC); + if (tty_fd < 0) + return log_error_errno(tty_fd, "Failed to open /dev/console: %m"); + +- /* We don't want to force text mode. Plymouth may be showing pictures already from initrd. */ +- reset_dev_console_fd(tty_fd, /* switch_to_text= */ false); ++ /* We don't want to force text mode. plymouth may be showing ++ * pictures already from initrd. */ ++ r = terminal_reset_ioctl(tty_fd, false); ++ if (r < 0) ++ return log_error_errno(r, "Failed to reset /dev/console: %m"); ++ ++ r = proc_cmdline_tty_size("/dev/console", &rows, &cols); ++ if (r < 0) ++ log_warning_errno(r, "Failed to get /dev/console size, ignoring: %m"); ++ else { ++ r = terminal_set_size_fd(tty_fd, NULL, rows, cols); ++ if (r < 0) ++ log_warning_errno(r, "Failed to set /dev/console size, ignoring: %m"); ++ } ++ ++ r = terminal_reset_ansi_seq(tty_fd); ++ if (r < 0) ++ log_warning_errno(r, "Failed to reset /dev/console using ANSI sequences, ignoring: %m"); + + save_console_winsize_in_environment(tty_fd); + +@@ -2977,7 +2991,7 @@ static void setup_console_terminal(bool skip_setup) { + (void) release_terminal(); + + /* Reset the console, but only if this is really init and we are freshly booted */ +- if (!skip_setup) ++ if (getpid_cached() == 1 && !skip_setup) + (void) console_setup(); + } + diff --git a/0056-mkosi-move-config-options.patch b/0056-mkosi-move-config-options.patch new file mode 100644 index 0000000..af6e807 --- /dev/null +++ b/0056-mkosi-move-config-options.patch @@ -0,0 +1,80 @@ +From b90f896880817da5ef41a08681426090edf2f25d Mon Sep 17 00:00:00 2001 +From: Matteo Croce +Date: Thu, 19 Dec 2024 19:51:42 +0100 +Subject: [PATCH] mkosi: move config options + +Move some config option in the right section, fixes the following warning: +``` +mkosi.conf: Setting Credentials should be configured in [Runtime], not [Host]. +mkosi.conf: Setting RuntimeBuildSources should be configured in [Runtime], not [Host]. +mkosi.conf: Setting RuntimeScratch should be configured in [Runtime], not [Host]. +mkosi.conf: Setting QemuSmp should be configured in [Runtime], not [Host]. +mkosi.conf: Setting QemuSwtpm should be configured in [Runtime], not [Host]. +mkosi.conf: Setting QemuVsock should be configured in [Runtime], not [Host]. +mkosi.conf: Setting QemuKvm should be configured in [Runtime], not [Host]. +``` + +(cherry picked from commit 77d4a263c14ffbb6133382bc18319b6a54a8eaae) +--- + .github/workflows/coverage.yml | 4 ++-- + .github/workflows/mkosi.yml | 4 ++-- + mkosi.conf | 2 +- + 3 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml +index 73409e53ef..410f77dc5e 100644 +--- a/.github/workflows/coverage.yml ++++ b/.github/workflows/coverage.yml +@@ -16,7 +16,7 @@ jobs: + + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 +- - uses: systemd/mkosi@07ef37c4c0dad5dfc6cec86c967a7600df1cd88c ++ - uses: systemd/mkosi@7d45366395f29fdb2b534a850c09d23d29b78fa9 + + # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space + # immediately, we remove the files in the background. However, we first move them to a different location +@@ -64,7 +64,7 @@ jobs: + MESON_OPTIONS=--werror + COVERAGE=1 + +- [Host] ++ [Runtime] + QemuMem=4G + EOF + +diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml +index e7575fb6bb..3a10d116eb 100644 +--- a/.github/workflows/mkosi.yml ++++ b/.github/workflows/mkosi.yml +@@ -113,7 +113,7 @@ jobs: + + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 +- - uses: systemd/mkosi@c4bbf3b71a3e2cf947995caedf10f69da3c4957a ++ - uses: systemd/mkosi@7d45366395f29fdb2b534a850c09d23d29b78fa9 + + # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space + # immediately, we remove the files in the background. However, we first move them to a different location +@@ -171,7 +171,7 @@ jobs: + [Content] + SELinuxRelabel=${{ matrix.relabel }} + +- [Host] ++ [Runtime] + QemuMem=4G + EOF + +diff --git a/mkosi.conf b/mkosi.conf +index 5622667078..3da4e07a87 100644 +--- a/mkosi.conf ++++ b/mkosi.conf +@@ -130,7 +130,7 @@ Packages= + zsh + zstd + +-[Host] ++[Runtime] + Credentials= + journal.storage=persistent + tty.serial.hvc0.agetty.autologin=root diff --git a/0057-mkosi-Update-to-latest.patch b/0057-mkosi-Update-to-latest.patch new file mode 100644 index 0000000..e8a21b0 --- /dev/null +++ b/0057-mkosi-Update-to-latest.patch @@ -0,0 +1,37 @@ +From e48a63bf774bd184093c2279c62f299fe69cdf18 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 19 Dec 2024 13:54:13 +0100 +Subject: [PATCH] mkosi: Update to latest + +(cherry picked from commit 1dd345b00d3c0e29abd661094f1cc58173a266e0) +--- + .github/workflows/coverage.yml | 2 +- + .github/workflows/mkosi.yml | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml +index 410f77dc5e..7850c2c514 100644 +--- a/.github/workflows/coverage.yml ++++ b/.github/workflows/coverage.yml +@@ -16,7 +16,7 @@ jobs: + + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 +- - uses: systemd/mkosi@7d45366395f29fdb2b534a850c09d23d29b78fa9 ++ - uses: systemd/mkosi@ba07d53000b6c560ad0b9f07550aca93c0284e88 + + # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space + # immediately, we remove the files in the background. However, we first move them to a different location +diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml +index 3a10d116eb..c9d4b012a2 100644 +--- a/.github/workflows/mkosi.yml ++++ b/.github/workflows/mkosi.yml +@@ -113,7 +113,7 @@ jobs: + + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 +- - uses: systemd/mkosi@7d45366395f29fdb2b534a850c09d23d29b78fa9 ++ - uses: systemd/mkosi@ba07d53000b6c560ad0b9f07550aca93c0284e88 + + # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space + # immediately, we remove the files in the background. However, we first move them to a different location diff --git a/0058-mkosi-Add-gdb-to-tools-tree.patch b/0058-mkosi-Add-gdb-to-tools-tree.patch new file mode 100644 index 0000000..a3b9ce1 --- /dev/null +++ b/0058-mkosi-Add-gdb-to-tools-tree.patch @@ -0,0 +1,22 @@ +From f91dab598b7b897c90868eecb308820c60e2d663 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 19 Dec 2024 11:32:51 +0100 +Subject: [PATCH] mkosi: Add gdb to tools tree + +(cherry picked from commit 7337f4b1972a099714d596a5d0e7e26f7f2dab48) +--- + mkosi.conf.d/05-tools/mkosi.conf | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/mkosi.conf.d/05-tools/mkosi.conf b/mkosi.conf.d/05-tools/mkosi.conf +index 15c336a304..322851b627 100644 +--- a/mkosi.conf.d/05-tools/mkosi.conf ++++ b/mkosi.conf.d/05-tools/mkosi.conf +@@ -3,6 +3,7 @@ + [Build] + ToolsTreePackages= + gcc ++ gdb + gperf + lcov + llvm diff --git a/0059-mkosi-Add-libz1-to-opensuse-tools-tree.patch b/0059-mkosi-Add-libz1-to-opensuse-tools-tree.patch new file mode 100644 index 0000000..0672520 --- /dev/null +++ b/0059-mkosi-Add-libz1-to-opensuse-tools-tree.patch @@ -0,0 +1,24 @@ +From 0257f4ba228582112e1c38dc79d8ac3887f023c1 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 19 Dec 2024 14:43:48 +0100 +Subject: [PATCH] mkosi: Add libz1 to opensuse tools tree + +Without meson fails to configure properly. + +(cherry picked from commit d4dda34854c3bcb44ab5929ad32d0793e4debb9f) +--- + mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf +index c065a52cf3..468f56856f 100644 +--- a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf ++++ b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf +@@ -5,6 +5,7 @@ ToolsTreeDistribution=opensuse + + [Build] + ToolsTreePackages= ++ libz1 + gh + mypy + pkgconfig(blkid) diff --git a/0060-mkosi-Enable-EPEL-for-CentOS-Stream-tools-tree.patch b/0060-mkosi-Enable-EPEL-for-CentOS-Stream-tools-tree.patch new file mode 100644 index 0000000..ce92330 --- /dev/null +++ b/0060-mkosi-Enable-EPEL-for-CentOS-Stream-tools-tree.patch @@ -0,0 +1,30 @@ +From a3cf3df23a71d8497287f4ef23ca19332d0b77bb Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 19 Dec 2024 16:49:59 +0100 +Subject: [PATCH] mkosi: Enable EPEL for CentOS Stream tools tree + +We need packages from EPEL to be able to build CentOS Stream images +with a CentOS Stream tools tree so enable it. This is broken on CentOS +Stream 10 but given using a CentOS Stream tools tree is broken without +EPEL as well, we might as well enable it and just wait until the packages +are added to EPEL 10. + +(cherry picked from commit ac1a711d9a237eea36b053d43c0c35af7ac40b1f) +--- + mkosi.conf.d/05-tools/mkosi.conf.d/centos.conf | 7 +++++++ + 1 file changed, 7 insertions(+) + create mode 100644 mkosi.conf.d/05-tools/mkosi.conf.d/centos.conf + +diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/centos.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/centos.conf +new file mode 100644 +index 0000000000..737fec3a3d +--- /dev/null ++++ b/mkosi.conf.d/05-tools/mkosi.conf.d/centos.conf +@@ -0,0 +1,7 @@ ++# SPDX-License-Identifier: LGPL-2.1-or-later ++ ++[Match] ++ToolsTreeDistribution=centos ++ ++[Build] ++ToolsTreeRepositories=epel,epel-next diff --git a/0061-mkosi-Use-tools-tree-by-default.patch b/0061-mkosi-Use-tools-tree-by-default.patch new file mode 100644 index 0000000..3ac3cd8 --- /dev/null +++ b/0061-mkosi-Use-tools-tree-by-default.patch @@ -0,0 +1,52 @@ +From e0bc5a219af218b8d201d93bc5369a9b361d6312 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 19 Dec 2024 11:41:40 +0100 +Subject: [PATCH] mkosi: Use tools tree by default + +Let's enable usage of a tools tree by default to simplify the setup +for new contributors and save them from having to install or upgrade +a bunch of extra tools to get mkosi working as expected. + +(cherry picked from commit 1995084a9e01b53cf012a54fe69e35016c235151) +--- + .github/workflows/coverage.yml | 1 - + .github/workflows/mkosi.yml | 1 - + mkosi.conf | 1 + + 3 files changed, 1 insertion(+), 2 deletions(-) + +diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml +index 7850c2c514..a1587e62e9 100644 +--- a/.github/workflows/coverage.yml ++++ b/.github/workflows/coverage.yml +@@ -49,7 +49,6 @@ jobs: + Distribution=arch + + [Build] +- ToolsTree=default + ToolsTreeDistribution=arch + UseSubvolumes=yes + WithTests=no +diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml +index c9d4b012a2..4d128822fb 100644 +--- a/.github/workflows/mkosi.yml ++++ b/.github/workflows/mkosi.yml +@@ -152,7 +152,6 @@ jobs: + + [Build] + UseSubvolumes=yes +- ToolsTree=default + ToolsTreeDistribution=fedora + ToolsTreeRelease=rawhide + +diff --git a/mkosi.conf b/mkosi.conf +index 3da4e07a87..ab8a6a1372 100644 +--- a/mkosi.conf ++++ b/mkosi.conf +@@ -29,6 +29,7 @@ RepartDirectories=mkosi.repart + OutputDirectory=build/mkosi.output + + [Build] ++ToolsTree=default + BuildDirectory=build/mkosi.builddir + CacheDirectory=build/mkosi.cache + BuildSourcesEphemeral=yes diff --git a/0062-mkosi-Use-build-as-extra-search-path-by-default.patch b/0062-mkosi-Use-build-as-extra-search-path-by-default.patch new file mode 100644 index 0000000..d47744d --- /dev/null +++ b/0062-mkosi-Use-build-as-extra-search-path-by-default.patch @@ -0,0 +1,30 @@ +From b24ade737cbc163b5b11b45ee81498b01db32688 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 19 Dec 2024 11:43:01 +0100 +Subject: [PATCH] mkosi: Use build/ as extra search path by default + +Building systemd with mkosi generally requires a very recent version +of systemd which might not be installed on the host. Let's configure +mkosi to look for extra executables in the build/ directory by default +so that we prefer systemd executables from the build directory over those +on the host as those on the host are likely to be too old. + +(cherry picked from commit 8c5b4df5435ff9e49421ef8db0ca6de06c856b04) +--- + mkosi.conf.d/20-extra-search-path.conf | 7 +++++++ + 1 file changed, 7 insertions(+) + create mode 100644 mkosi.conf.d/20-extra-search-path.conf + +diff --git a/mkosi.conf.d/20-extra-search-path.conf b/mkosi.conf.d/20-extra-search-path.conf +new file mode 100644 +index 0000000000..b7308f7f21 +--- /dev/null ++++ b/mkosi.conf.d/20-extra-search-path.conf +@@ -0,0 +1,7 @@ ++# SPDX-License-Identifier: LGPL-2.1-or-later ++ ++[Match] ++PathExists=build/ ++ ++[Build] ++ExtraSearchPaths=build/ diff --git a/0063-mkosi.clangd-Don-t-pass-host-if-we-re-not-using-flat.patch b/0063-mkosi.clangd-Don-t-pass-host-if-we-re-not-using-flat.patch new file mode 100644 index 0000000..31d9cc0 --- /dev/null +++ b/0063-mkosi.clangd-Don-t-pass-host-if-we-re-not-using-flat.patch @@ -0,0 +1,24 @@ +From debe1f7f56d8123c9953cd2ca068d39156a4b964 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 19 Dec 2024 15:05:33 +0100 +Subject: [PATCH] mkosi.clangd: Don't pass --host if we're not using + flatpak-spawn + +(cherry picked from commit b133f57544cb6cce244bb8566fbacc952db76d73) +--- + mkosi.clangd | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/mkosi.clangd b/mkosi.clangd +index 7cd447c4ee..10c44a70d8 100755 +--- a/mkosi.clangd ++++ b/mkosi.clangd +@@ -7,7 +7,7 @@ else + SPAWN=() + fi + +-MKOSI_CONFIG="$("${SPAWN[@]}" --host mkosi --json summary | jq -r .Images[-1])" ++MKOSI_CONFIG="$("${SPAWN[@]}" mkosi --json summary | jq -r .Images[-1])" + DISTRIBUTION="$(jq -r .Distribution <<< "$MKOSI_CONFIG")" + RELEASE="$(jq -r .Release <<< "$MKOSI_CONFIG")" + ARCH="$(jq -r .Architecture <<< "$MKOSI_CONFIG")" diff --git a/0064-mkosi.clangd-Fail-on-command-errors.patch b/0064-mkosi.clangd-Fail-on-command-errors.patch new file mode 100644 index 0000000..6354c94 --- /dev/null +++ b/0064-mkosi.clangd-Fail-on-command-errors.patch @@ -0,0 +1,21 @@ +From 51a31ac6e5fbc00066f669aa410d8b5ebb893faf Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 19 Dec 2024 15:05:51 +0100 +Subject: [PATCH] mkosi.clangd: Fail on command errors + +(cherry picked from commit ba3f148307e551d1be3e92383c8d37a9cc5b7a95) +--- + mkosi.clangd | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/mkosi.clangd b/mkosi.clangd +index 10c44a70d8..23251baf63 100755 +--- a/mkosi.clangd ++++ b/mkosi.clangd +@@ -1,5 +1,6 @@ + #!/bin/bash + # SPDX-License-Identifier: LGPL-2.1-or-later ++set -e + + if command -v flatpak-spawn >/dev/null; then + SPAWN=(flatpak-spawn --host) diff --git a/0065-docs-Simplify-hacking-documentation.patch b/0065-docs-Simplify-hacking-documentation.patch new file mode 100644 index 0000000..59bfc21 --- /dev/null +++ b/0065-docs-Simplify-hacking-documentation.patch @@ -0,0 +1,210 @@ +From c96a642764e3ceb23c43eff0a49d132caf58bee7 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 19 Dec 2024 11:45:01 +0100 +Subject: [PATCH] docs: Simplify hacking documentation + +Let's use "mkosi sandbox" in the docs so that users can build systemd +without having to install anything except mkosi. Using mkosi sandbox +will use tools and dependencies from the tools tree which is also used +in CI and thus has a higher chance of working from the first try compared +to whatever tools might be installed on the host system of a new contributor. + +(cherry picked from commit 34b5a27b0bfd1b0b35bf67c70d1f8bf5c6795b7d) +--- + docs/HACKING.md | 153 +++++++++++++++++++++--------------------------- + 1 file changed, 68 insertions(+), 85 deletions(-) + +diff --git a/docs/HACKING.md b/docs/HACKING.md +index cedf35fef0..2203c32640 100644 +--- a/docs/HACKING.md ++++ b/docs/HACKING.md +@@ -7,94 +7,97 @@ SPDX-License-Identifier: LGPL-2.1-or-later + + # Hacking on systemd + +-We welcome all contributions to systemd. +-If you notice a bug or a missing feature, please feel invited to fix it, and submit your work as a ++We welcome all contributions to systemd. If you notice a bug or a missing ++feature, please feel invited to fix it, and submit your work as a + [GitHub Pull Request (PR)](https://github.com/systemd/systemd/pull/new). + +-Please make sure to follow our [Coding Style](/CODING_STYLE) when submitting patches. +-Also have a look at our [Contribution Guidelines](/CONTRIBUTING). +- +-When adding new functionality, tests should be added. +-For shared functionality (in `src/basic/` and `src/shared/`) unit tests should be sufficient. +-The general policy is to keep tests in matching files underneath `src/test/`, +-e.g. `src/test/test-path-util.c` contains tests for any functions in `src/basic/path-util.c`. +-If adding a new source file, consider adding a matching test executable. +-For features at a higher level, tests in `src/test/` are very strongly recommended. +-If that is not possible, integration tests in `test/` are encouraged. +- +-Please always test your work before submitting a PR. +-For many of the components of systemd testing is straightforward as you can simply compile systemd and run the relevant tool from the build directory. +- +-For some components (most importantly, systemd/PID 1 itself) this is not possible, however. +-In order to simplify testing for cases like this we provide a set of `mkosi` config files directly in the source tree. +-[mkosi](https://mkosi.systemd.io/) +-is a tool for building clean OS images from an upstream distribution in combination with a fresh build of the project in the local working directory. +-To make use of this, please install `mkosi` from the [GitHub repository](https://github.com/systemd/mkosi#running-mkosi-from-the-repository). +-`mkosi` will build an image for the host distro by default. +-First, run `mkosi genkey` to generate a key and certificate to be used for secure boot and verity signing. +-After that is done, it is sufficient to type `mkosi` in the systemd project directory to generate a disk image you can boot either in `systemd-nspawn` or in a UEFI-capable VM: ++Please make sure to follow our [Coding Style](/CODING_STYLE) when submitting ++patches. Also have a look at our [Contribution Guidelines](/CONTRIBUTING). ++ ++When adding new functionality, tests should be added. For shared functionality ++(in `src/basic/` and `src/shared/`) unit tests should be sufficient. The general ++policy is to keep tests in matching files underneath `src/test/`, e.g. ++`src/test/test-path-util.c` contains tests for any functions in ++`src/basic/path-util.c`. If adding a new source file, consider adding a matching ++test executable. For features at a higher level, tests in `src/test/` are very ++strongly recommended. If that is not possible, integration tests in `test/` are ++encouraged. Please always test your work before submitting a PR. ++ ++## Hacking on systemd with mkosi ++ ++[mkosi](https://mkosi.systemd.io/) is our swiss army knife for hacking on ++systemd. It makes sure all necessary dependencies are available to build systemd ++and allows building and booting an OS image with the latest systemd installed ++for testing purposes. ++ ++First, install `mkosi` from the ++[GitHub repository](https://github.com/systemd/mkosi#running-mkosi-from-the-repository). ++Note that it's not possible to use your distribution's packaged version of mkosi ++as mkosi has to be installed outside of `/usr` for the following steps to work. ++ ++Then, you can build and run systemd executables as follows: + + ```sh +-$ sudo mkosi boot # nspawn still needs sudo for now ++$ mkosi -f sandbox meson setup build ++$ mkosi -f sandbox ninja -C build ++$ mkosi -f sandbox build/systemctl --version + ``` + +-or: ++To build and boot an OS image with the latest systemd installed: + + ```sh +-$ mkosi qemu ++$ mkosi -f genkey # Generate signing keys once. ++$ mkosi -f sandbox ninja -C build mkosi # (re-)build the OS image ++$ sudo mkosi boot # Boot the image with systemd-nspawn. ++$ mkosi qemu # Boot the image with qemu. + ``` + +-By default, the tools from your host system are used to build the image. +-Sometimes we start using mkosi features that rely on functionality in systemd +-tools that's not in an official release yet. In that case, you'll need to build +-systemd from source on the host and configure mkosi to use the tools from the +-systemd build directory. +- +-To do a local build, most distributions provide very simple and convenient ways +-to install most development packages necessary to build systemd: ++Putting this all together, here's a series of commands for preparing a patch for ++systemd: + + ```sh +-# Fedora +-$ sudo dnf builddep systemd +-# Debian/Ubuntu +-$ sudo apt-get build-dep systemd +-# Arch +-$ sudo pacman -S devtools +-$ pkgctl repo clone --protocol=https systemd ++$ git clone https://github.com/systemd/mkosi.git ++$ ln -s $PWD/mkosi/bin/mkosi ~/.local/bin/mkosi # Make sure ~/.local/bin is in $PATH. ++$ git clone https://github.com/systemd/systemd.git + $ cd systemd +-$ makepkg -seoc ++$ git checkout -b # where BRANCH is the name of the branch ++$ $EDITOR src/core/main.c # or wherever you'd like to make your changes ++$ mkosi -f sandbox meson setup build # Set up meson ++$ mkosi -f genkey # Generate signing keys once. ++$ mkosi -f sandbox ninja -C build mkosi # (re-)build the test image ++$ mkosi qemu # Boot the image in qemu ++$ git add -p # interactively put together your patch ++$ git commit # commit it ++$ git push -u # where REMOTE is your "fork" on GitHub + ``` + +-After installing the development packages, systemd can be built from source as follows: ++And after that, head over to your repo on GitHub and click "Compare & pull ++request" + +-```sh +-$ meson setup build +-$ ninja -C build +-$ meson test -C build +-``` ++Happy hacking! + +-To have `mkosi` use the systemd tools from the `build/` directory, add the +-following to `mkosi.local.conf`: ++The following sections contain advanced topics on how to speed up development or ++streamline debugging. Feel free to read them if you're interested but they're ++not required to write basic patches. + +-```conf +-[Host] +-ExtraSearchPaths=build/ +-``` ++## Building the OS image without a tools tree + +-And if you want `mkosi` to build a tools image and use the tools from there +-instead of looking for tools on the host, add the following to +-`mkosi.local.conf`: ++By default, `mkosi` will first build a tools tree and use it build the image and ++provide the environment for `mkosi sandbox`. To disable the tools tree and use ++binaries from your host instead, write the following to `mkosi.local.conf`: + + ```conf +-[Host] +-ToolsTree=default ++[Build] ++ToolsTree= + ``` + +-Every time you rerun the `mkosi` command a fresh image is built, incorporating +-all current changes you made to the project tree. To build the latest changes +-and re-install after booting the image, run one of the following commands in +-another terminal on your host (choose the right one depending on the +-distribution of the container or virtual machine): ++## Rebuilding systemd without rebuilding the OS image ++ ++Every time the `mkosi` target is built, a fresh image is built. To build the ++latest changes and re-install systemd without rebuilding the image, run one of ++the following commands in another terminal on your host after booting the image ++(choose the right one depending on the distribution of the container or virtual ++machine): + + ```sh + mkosi -t none && mkosi ssh dnf upgrade --disablerepo="*" --assumeyes "/work/build/*.rpm" # CentOS/Fedora +@@ -107,26 +110,6 @@ and optionally restart the daemon(s) you're working on using + `systemctl restart ` or `systemctl daemon-reexec` if you're working on + pid1 or `systemctl soft-reboot` to restart everything. + +-Putting this all together, here's a series of commands for preparing a patch for systemd: +- +-```sh +-$ git clone https://github.com/systemd/mkosi.git +-$ ln -s $PWD/mkosi/bin/mkosi /usr/local/bin/mkosi +-$ git clone https://github.com/systemd/systemd.git +-$ cd systemd +-$ git checkout -b # where BRANCH is the name of the branch +-$ vim src/core/main.c # or wherever you'd like to make your changes +-$ mkosi -f qemu # (re-)build and boot up the test image in qemu +-$ mkosi -t none # Build new packages without rebuilding the image +-$ git add -p # interactively put together your patch +-$ git commit # commit it +-$ git push -u # where REMOTE is your "fork" on GitHub +-``` +- +-And after that, head over to your repo on GitHub and click "Compare & pull request" +- +-Happy hacking! +- + ## Building distribution packages with mkosi + + To build distribution packages for a specific distribution and release without diff --git a/0066-mkosi-Fix-authselect-systemd-homed-feature-name.patch b/0066-mkosi-Fix-authselect-systemd-homed-feature-name.patch new file mode 100644 index 0000000..5d31c19 --- /dev/null +++ b/0066-mkosi-Fix-authselect-systemd-homed-feature-name.patch @@ -0,0 +1,27 @@ +From 586b56f2fe741303af241f00c00c088dd2acadca Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Sat, 21 Dec 2024 19:10:42 +0100 +Subject: [PATCH] mkosi: Fix authselect systemd-homed feature name + +The feature name is with-systemd-homed, not with-homed. + +(cherry picked from commit 5495b11360d649dc8810d59b096231ba596e9436) +--- + mkosi.postinst.chroot | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/mkosi.postinst.chroot b/mkosi.postinst.chroot +index 0f9e361488..310a26fa14 100755 +--- a/mkosi.postinst.chroot ++++ b/mkosi.postinst.chroot +@@ -24,8 +24,8 @@ if command -v authselect >/dev/null; then + + authselect select "$PROFILE" + +- if authselect list-features "$PROFILE" | grep -q "with-homed"; then +- authselect enable-feature with-homed ++ if authselect list-features "$PROFILE" | grep -q "with-systemd-homed"; then ++ authselect enable-feature with-systemd-homed + fi + fi + diff --git a/0067-docs-Use-meson-compile-instead-of-ninja.patch b/0067-docs-Use-meson-compile-instead-of-ninja.patch new file mode 100644 index 0000000..7b1ec96 --- /dev/null +++ b/0067-docs-Use-meson-compile-instead-of-ninja.patch @@ -0,0 +1,68 @@ +From 5f0d736f448973e8a8e68d6bbf9625061dfbc2ab Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Tue, 24 Dec 2024 09:53:53 +0100 +Subject: [PATCH] docs: Use meson compile instead of ninja + +"ninja -C build mkosi" doesn't actually work and fails because ninja +thinks the mkosi target does not exist. "meson compile -C build mkosi" +dpes work so let's use that instead. + +Fixes #35741 + +(cherry picked from commit ece81f339ff41113876bf7a9a2c1ad317c2eb258) +--- + docs/HACKING.md | 28 ++++++++++++++-------------- + 1 file changed, 14 insertions(+), 14 deletions(-) + +diff --git a/docs/HACKING.md b/docs/HACKING.md +index 2203c32640..d1202dee4e 100644 +--- a/docs/HACKING.md ++++ b/docs/HACKING.md +@@ -39,17 +39,17 @@ Then, you can build and run systemd executables as follows: + + ```sh + $ mkosi -f sandbox meson setup build +-$ mkosi -f sandbox ninja -C build ++$ mkosi -f sandbox meson compile -C build + $ mkosi -f sandbox build/systemctl --version + ``` + + To build and boot an OS image with the latest systemd installed: + + ```sh +-$ mkosi -f genkey # Generate signing keys once. +-$ mkosi -f sandbox ninja -C build mkosi # (re-)build the OS image +-$ sudo mkosi boot # Boot the image with systemd-nspawn. +-$ mkosi qemu # Boot the image with qemu. ++$ mkosi -f genkey # Generate signing keys once. ++$ mkosi -f sandbox meson compile -C build mkosi # (re-)build the OS image ++$ sudo mkosi boot # Boot the image with systemd-nspawn. ++$ mkosi qemu # Boot the image with qemu. + ``` + + Putting this all together, here's a series of commands for preparing a patch for +@@ -60,15 +60,15 @@ $ git clone https://github.com/systemd/mkosi.git + $ ln -s $PWD/mkosi/bin/mkosi ~/.local/bin/mkosi # Make sure ~/.local/bin is in $PATH. + $ git clone https://github.com/systemd/systemd.git + $ cd systemd +-$ git checkout -b # where BRANCH is the name of the branch +-$ $EDITOR src/core/main.c # or wherever you'd like to make your changes +-$ mkosi -f sandbox meson setup build # Set up meson +-$ mkosi -f genkey # Generate signing keys once. +-$ mkosi -f sandbox ninja -C build mkosi # (re-)build the test image +-$ mkosi qemu # Boot the image in qemu +-$ git add -p # interactively put together your patch +-$ git commit # commit it +-$ git push -u # where REMOTE is your "fork" on GitHub ++$ git checkout -b # where BRANCH is the name of the branch ++$ $EDITOR src/core/main.c # or wherever you'd like to make your changes ++$ mkosi -f sandbox meson setup build # Set up meson ++$ mkosi -f genkey # Generate signing keys once. ++$ mkosi -f sandbox meson compile -C build mkosi # (re-)build the test image ++$ mkosi qemu # Boot the image in qemu ++$ git add -p # interactively put together your patch ++$ git commit # commit it ++$ git push -u # where REMOTE is your "fork" on GitHub + ``` + + And after that, head over to your repo on GitHub and click "Compare & pull diff --git a/0068-docs-Explicitly-mention-.local-bin-in-section-on-ins.patch b/0068-docs-Explicitly-mention-.local-bin-in-section-on-ins.patch new file mode 100644 index 0000000..9ca7c30 --- /dev/null +++ b/0068-docs-Explicitly-mention-.local-bin-in-section-on-ins.patch @@ -0,0 +1,26 @@ +From bcda7cc1b1121594ea34e3ccf7074a4386407f7b Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Mon, 23 Dec 2024 21:30:32 +0100 +Subject: [PATCH] docs: Explicitly mention ~/.local/bin in section on + installing mkosi + +(cherry picked from commit 54b4ec887066b12fe97ac28d7ed5108a23f262de) +--- + docs/HACKING.md | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/docs/HACKING.md b/docs/HACKING.md +index d1202dee4e..de3f66dd55 100644 +--- a/docs/HACKING.md ++++ b/docs/HACKING.md +@@ -33,7 +33,9 @@ for testing purposes. + First, install `mkosi` from the + [GitHub repository](https://github.com/systemd/mkosi#running-mkosi-from-the-repository). + Note that it's not possible to use your distribution's packaged version of mkosi +-as mkosi has to be installed outside of `/usr` for the following steps to work. ++as mkosi has to be installed outside of `/usr` for the following steps to work. When ++installing mkosi from the github repository, make sure to symlink it to `~/.local/bin` ++instead of `/usr/local/bin` if you want to add it to your `$PATH`. + + Then, you can build and run systemd executables as follows: + diff --git a/0069-mkosi-update-opensuse-spec-repo-commit.patch b/0069-mkosi-update-opensuse-spec-repo-commit.patch new file mode 100644 index 0000000..795ddf1 --- /dev/null +++ b/0069-mkosi-update-opensuse-spec-repo-commit.patch @@ -0,0 +1,23 @@ +From 3e998a517ebc4b3fca069ada0f0adb35b3158a75 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Thu, 26 Dec 2024 12:08:34 +0000 +Subject: [PATCH] mkosi: update opensuse spec repo commit + +(cherry picked from commit 4db0252c7fd53dc5388db458ad93ce7ef433e704) +--- + mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf +index 991d610bb8..972b12c56f 100644 +--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf ++++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf +@@ -7,7 +7,7 @@ Distribution=opensuse + Environment= + GIT_URL=https://src.opensuse.org/pool/systemd + GIT_BRANCH=devel +- GIT_COMMIT=35e7ce86d092dd1f4a85c51b0c6dc07769235f0fafc0b7072cffbbe79976d6ec ++ GIT_COMMIT=34e937066081c33841b53ff69130ac843100b68f2dc5bca5e21b30699385998e + PKG_SUBDIR=opensuse + + [Content] diff --git a/0070-mkosi-update-openSUSE-commit-reference.patch b/0070-mkosi-update-openSUSE-commit-reference.patch new file mode 100644 index 0000000..e4f183d --- /dev/null +++ b/0070-mkosi-update-openSUSE-commit-reference.patch @@ -0,0 +1,25 @@ +From 869964c1eecad09dfe38cff5a6b7b25343cbc8f4 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Mon, 30 Dec 2024 11:00:07 +0100 +Subject: [PATCH] mkosi: update openSUSE commit reference + +Force-pushed as usual, now HEAD is v257.1. + +(cherry picked from commit 37c2be73e7238a99bc114f85c7af5c4702f15046) +--- + mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf +index 972b12c56f..4e83002c91 100644 +--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf ++++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf +@@ -7,7 +7,7 @@ Distribution=opensuse + Environment= + GIT_URL=https://src.opensuse.org/pool/systemd + GIT_BRANCH=devel +- GIT_COMMIT=34e937066081c33841b53ff69130ac843100b68f2dc5bca5e21b30699385998e ++ GIT_COMMIT=cfdec97b3a3d459b1a74a6be33372fed9558fe6d5bef4ece4d7fb94905057c75 + PKG_SUBDIR=opensuse + + [Content] diff --git a/0071-mkosi-add-libopenssl-devel-package-to-openSUSE-tools.patch b/0071-mkosi-add-libopenssl-devel-package-to-openSUSE-tools.patch new file mode 100644 index 0000000..6650f93 --- /dev/null +++ b/0071-mkosi-add-libopenssl-devel-package-to-openSUSE-tools.patch @@ -0,0 +1,53 @@ +From e28aa452ce82ff34d2bf29d1f00ee7aa3df780ae Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Mon, 30 Dec 2024 17:38:36 +0100 +Subject: [PATCH] mkosi: add libopenssl devel package to openSUSE tools tree +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Otherwise, the build fails with: + +``` +INFO: autodetecting backend as ninja +INFO: calculating backend command to run: /usr/bin/ninja -C /mnt/work/src/systemd/upstream-fork/main/build-mkosi +ninja: Entering directory `/mnt/work/src/systemd/upstream-fork/main/build-mkosi' +[463/2561] Compiling C object src/shared/libsystemd-shared-258.a.p/openssl-util.c.o +FAILED: src/shared/libsystemd-shared-258.a.p/openssl-util.c.o +cc -Isrc/shared/libsystemd-shared-258.a.p -Isrc/shared -I../src/shared -Isrc/basic -I../src/basic -Isrc/fundamental -I../src/fundamental -Isrc/systemd -I../src/systemd -I. -I.. -I../src/libsystemd/sd-bus -I../src/libsystemd/sd-device -I../src/libsystemd/sd-event -I../src/libsystemd/sd-hwdb -I../src/libsystemd/sd-id128 -I../src/libsystemd/sd-journal -I../src/libsystemd/sd-json -I../src/libsystemd/sd-netlink -I../src/libsystemd/sd-network -I../src/libsystemd/sd-path -I../src/libsystemd/sd-resolve -I../src/libsystemd/sd-varlink -I/usr/include/blkid -I/usr/include/libmount -I/usr/include/p11-kit-1 -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -std=gnu11 -O0 -g -Wno-missing-field-initializers -Wno-unused-parameter -Wno-nonnull-compare -Warray-bounds -Warray-bounds=2 -Wdate-time -Wendif-labels -Werror=format=2 -Werror=format-signedness -Werror=implicit-function-declaration -Werror=implicit-int -Werror=incompatible-pointer-types -Werror=int-conversion -Werror=missing-declarations -Werror=missing-prototypes -Werror=overflow -Werror=override-init -Werror=return-type -Werror=shift-count-overflow -Werror=shift-overflow=2 -Werror=strict-flex-arrays -Werror=undef -Wfloat-equal -Wimplicit-fallthrough=5 -Winit-self -Wlogical-op -Wmissing-include-dirs -Wmissing-noreturn -Wnested-externs -Wold-style-definition -Wpointer-arith -Wredundant-decls -Wshadow -Wstrict-aliasing=2 -Wstrict-prototypes -Wsuggest-attribute=noreturn -Wunused-function -Wwrite-strings -Wzero-length-bounds -fdiagnostics-show-option -fno-common -fstack-protector -fstack-protector-strong -fstrict-flex-arrays=3 --param=ssp-buffer-size=4 -Wno-unused-result -Werror=shadow -fPIC -fno-strict-aliasing -fstrict-flex-arrays=1 -fvisibility=hidden -fno-omit-frame-pointer -include config.h -pthread -fvisibility=default -MD -MQ src/shared/libsystemd-shared-258.a.p/openssl-util.c.o -MF src/shared/libsystemd-shared-258.a.p/openssl-util.c.o.d -o src/shared/libsystemd-shared-258.a.p/openssl-util.c.o -c ../src/shared/openssl-util.c +../src/shared/openssl-util.c: In function ‘openssl_ask_password_ui_read’: +../src/shared/openssl-util.c:1395:65: error: implicit declaration of function ‘UI_method_get_ex_data’; did you mean ‘UI_method_get_reader’? [-Wimplicit-function-declaration] + 1395 | AskPasswordRequest *req = (AskPasswordRequest*) UI_method_get_ex_data(UI_get_method(ui), 0); + | ^~~~~~~~~~~~~~~~~~~~~ + | UI_method_get_reader +../src/shared/openssl-util.c:1395:65: warning: nested extern declaration of ‘UI_method_get_ex_data’ [-Wnested-externs] +../src/shared/openssl-util.c:1395:43: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] + 1395 | AskPasswordRequest *req = (AskPasswordRequest*) UI_method_get_ex_data(UI_get_method(ui), 0); + | ^ +../src/shared/openssl-util.c: In function ‘openssl_ask_password_ui_new’: +../src/shared/openssl-util.c:1479:13: error: implicit declaration of function ‘UI_method_set_ex_data’; did you mean ‘UI_method_set_reader’? [-Wimplicit-function-declaration] + 1479 | if (UI_method_set_ex_data(ui->method, 0, &ui->request) == 0) + | ^~~~~~~~~~~~~~~~~~~~~ + | UI_method_set_reader +../src/shared/openssl-util.c:1479:13: warning: nested extern declaration of ‘UI_method_set_ex_data’ [-Wnested-externs] +[480/2561] Compiling C object src/shared/libsystemd-shared-258.a.p/pkcs11-util.c.o +ninja: build stopped: subcommand failed. +``` + +(cherry picked from commit 8a6ad7c8376b5dab1d3502a39cead9c63152293d) +--- + mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf +index 468f56856f..d486875fab 100644 +--- a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf ++++ b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf +@@ -15,6 +15,7 @@ ToolsTreePackages= + pkgconfig(fdisk) + pkgconfig(libmicrohttpd) + pkgconfig(mount) ++ pkgconfig(libopenssl) + python3-ruff + tpm2-0-tss-devel + python3-jinja2 diff --git a/0072-mkosi-switch-to-github-mirror-of-openSUSE-sources-fr.patch b/0072-mkosi-switch-to-github-mirror-of-openSUSE-sources-fr.patch new file mode 100644 index 0000000..da22186 --- /dev/null +++ b/0072-mkosi-switch-to-github-mirror-of-openSUSE-sources-fr.patch @@ -0,0 +1,144 @@ +From dd5c8cacbdc9ce7e5f678a963c92d68e9fe88879 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Mon, 30 Dec 2024 17:39:16 +0100 +Subject: [PATCH] mkosi: switch to github mirror of openSUSE sources from + build.opensuse.org + +The current src.opensuse.org is very unstable and commit hashes are reset (or +even removed) every now and then. While the official repo is not fixed, let's +move to a more stable source, the github mirror of code.opensuse.org, maintained +since 2019. + +(cherry picked from commit 07638ce2a46c99300e21d7b54e9404fdce488d53) +--- + .../mkosi.conf.d/opensuse/mkosi.build.chroot | 16 ++++++++-------- + .../build/mkosi.conf.d/opensuse/mkosi.conf | 7 ++++--- + .../build/mkosi.conf.d/opensuse/mkosi.prepare | 14 +++++++------- + 3 files changed, 19 insertions(+), 18 deletions(-) + +diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot +index c9089b78c4..8c4fb9bd6f 100755 +--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot ++++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot +@@ -4,8 +4,8 @@ set -e + + . mkosi.functions + +-if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then +- echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 ++if [[ ! -f "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec" ]]; then ++ echo "spec not found at pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 + exit 1 + fi + +@@ -14,7 +14,7 @@ TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" + # The openSUSE filelists hardcode the manpage compression extension. This causes rpmbuild errors since we + # disable manpage compression as the files cannot be found. Fix the issue by removing the compression + # extension. +-find "pkg/$PKG_SUBDIR" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \; ++find "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \; + + if [[ "$(rpm --eval "%{lua:print(rpm.vercmp('$(rpm --version | cut -d ' ' -f3)', '4.20'))}")" == "-1" ]]; then + # Fix the %install override so debuginfo packages are generated. +@@ -58,10 +58,10 @@ if ((COVERAGE)); then + fi + + # TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream). +-sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR/systemd.spec" ++sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec" + + # TODO: Drop when the opensuse spec uses README.md instead of README.testsuite. +-sed --in-place 's/README.testsuite/README.md/' "pkg/$PKG_SUBDIR/systemd.spec" ++sed --in-place 's/README.testsuite/README.md/' "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec" + + build() { + IFS= +@@ -81,7 +81,7 @@ build() { + --with upstream \ + $( ((WITH_TESTS)) || echo "--nocheck") \ + --define "_topdir /var/tmp" \ +- --define "_sourcedir $PWD/pkg/$PKG_SUBDIR" \ ++ --define "_sourcedir $PWD/pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}" \ + --define "_rpmdir $BUILDDIR" \ + ${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ +@@ -103,7 +103,7 @@ build() { + --define "_find_debuginfo_opts --unique-debug-src-base \"%{name}\"" \ + --noclean \ + "$@" \ +- "pkg/$PKG_SUBDIR/systemd.spec" ++ "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec" + + EXIT_STATUS=$? + +@@ -127,7 +127,7 @@ if ! build; then + # warnings. + rm systemd.lang + +- grep -v ".debug" /tmp/unpackaged-files >>"pkg/$PKG_SUBDIR/files.systemd" ++ grep -v ".debug" /tmp/unpackaged-files >>"pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/files.systemd" + build --noprep --nocheck + fi + +diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf +index 4e83002c91..a374207e4d 100644 +--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf ++++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf +@@ -5,9 +5,10 @@ Distribution=opensuse + + [Build] + Environment= +- GIT_URL=https://src.opensuse.org/pool/systemd +- GIT_BRANCH=devel +- GIT_COMMIT=cfdec97b3a3d459b1a74a6be33372fed9558fe6d5bef4ece4d7fb94905057c75 ++ GIT_URL=https://github.com/bmwiedemann/openSUSE ++ GIT_SUBDIR=packages/s/systemd ++ GIT_BRANCH=master ++ GIT_COMMIT=1477f2646dd26ee3b166f26bd380a173fb649939 + PKG_SUBDIR=opensuse + + [Content] +diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare +index c4a9580715..de736a570f 100755 +--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare ++++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare +@@ -6,13 +6,13 @@ if [[ "$1" == "build" ]]; then + exit 0 + fi + +-if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then +- echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 ++if [[ ! -f "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec" ]]; then ++ echo "spec not found at pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 + exit 1 + fi + + # TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream). +-sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR/systemd.spec" ++sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec" + + mkosi-chroot \ + rpmspec \ +@@ -20,8 +20,8 @@ mkosi-chroot \ + --query \ + --buildrequires \ + --define "_topdir /var/tmp" \ +- --define "_sourcedir $PWD/pkg/$PKG_SUBDIR" \ +- "pkg/$PKG_SUBDIR/systemd.spec" | ++ --define "_sourcedir $PWD/pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}" \ ++ "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec" | + grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev | + sort --unique | + tee /tmp/buildrequires | +@@ -34,9 +34,9 @@ until mkosi-chroot \ + --build-in-place \ + --with upstream \ + --define "_topdir /var/tmp" \ +- --define "_sourcedir $PWD/pkg/$PKG_SUBDIR" \ ++ --define "_sourcedir $PWD/pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}" \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ +- "pkg/$PKG_SUBDIR/systemd.spec" ++ "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec" + do + EXIT_STATUS=$? + if [[ $EXIT_STATUS -ne 11 ]]; then diff --git a/0073-mkosi-Allow-disabling-vcs-tag-via-environment-variab.patch b/0073-mkosi-Allow-disabling-vcs-tag-via-environment-variab.patch new file mode 100644 index 0000000..48121b9 --- /dev/null +++ b/0073-mkosi-Allow-disabling-vcs-tag-via-environment-variab.patch @@ -0,0 +1,65 @@ +From 04dc2fab4c1aa8cc1cf54c61d73f38185f8074f6 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 2 Jan 2025 13:11:48 +0100 +Subject: [PATCH] mkosi: Allow disabling vcs-tag via environment variable + +(cherry picked from commit 76d80cc34331b0cefd354ea9de70e9bbb46550a0) +--- + mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot | 2 +- + .../build/mkosi.conf.d/centos-fedora/mkosi.build.chroot | 2 +- + .../build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot | 2 +- + mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot +index 83c4960ac8..202646f0ad 100755 +--- a/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot ++++ b/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot +@@ -28,7 +28,7 @@ if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")" + fi + +-MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" ++MKOSI_MESON_OPTIONS="-D mode=developer -D vcs-tag=${VCS_TAG:-true} -D b_sanitize=${SANITIZERS:-none}" + if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then + MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" + fi +diff --git a/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot +index 1de1578e20..e41b9b1189 100755 +--- a/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot ++++ b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot +@@ -48,7 +48,7 @@ if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")" + fi + +-MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" ++MKOSI_MESON_OPTIONS="-D mode=developer -D vcs-tag=${VCS_TAG:-true} -D b_sanitize=${SANITIZERS:-none}" + if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then + MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" + fi +diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot +index 5f3e53ff53..b17483a03f 100755 +--- a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot ++++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot +@@ -44,7 +44,7 @@ if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")" + fi + +-MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" ++MKOSI_MESON_OPTIONS="-D mode=developer -D vcs-tag=${VCS_TAG:-true} -D b_sanitize=${SANITIZERS:-none}" + if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then + MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" + fi +diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot +index 8c4fb9bd6f..72115c2c5b 100755 +--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot ++++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot +@@ -48,7 +48,7 @@ if [[ -z "${MKOSI_LDFLAGS// }" ]]; then + MKOSI_LDFLAGS="%{nil}" + fi + +-MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" ++MKOSI_MESON_OPTIONS="-D mode=developer -D vcs-tag=${VCS_TAG:-true} -D b_sanitize=${SANITIZERS:-none}" + if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then + MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" + fi diff --git a/0074-docs-Use-mkosi-sandbox-in-test-documentation-as-well.patch b/0074-docs-Use-mkosi-sandbox-in-test-documentation-as-well.patch new file mode 100644 index 0000000..eab05ee --- /dev/null +++ b/0074-docs-Use-mkosi-sandbox-in-test-documentation-as-well.patch @@ -0,0 +1,81 @@ +From 194f7bbe9a12051f19dcff16eaa297261b657e86 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 2 Jan 2025 16:17:53 +0100 +Subject: [PATCH] docs: Use mkosi sandbox in test documentation as well + +Same change as in HACKING.md, but for running the integration tests. + +(cherry picked from commit 8a652636503ee99dd484e2ae051cc1f1bdfc18ab) +--- + test/README.testsuite | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/test/README.testsuite b/test/README.testsuite +index fc1c9f136d..25b44912e9 100644 +--- a/test/README.testsuite ++++ b/test/README.testsuite +@@ -11,7 +11,7 @@ reconfiguring meson to make sure it is picked up properly. + We also need to make sure the required meson options are enabled: + + ```shell +-$ meson setup --reconfigure build -Dremote=enabled ++$ mkosi -f sandbox meson setup --reconfigure build -Dremote=enabled + ``` + + To make sure `mkosi` doesn't try to build systemd from source during the image build +@@ -31,7 +31,7 @@ to /etc which is used when building the image instead. + Next, we can build the integration test image with meson: + + ```shell +-$ meson compile -C build mkosi ++$ mkosi -f sandbox meson compile -C build mkosi + ``` + + By default, the `mkosi` meson target which builds the integration test image depends on +@@ -52,24 +52,24 @@ directory (`OutputDirectory=`) to point to the other directory using `mkosi.loca + After the image has been built, the integration tests can be run with: + + ```shell +-$ env SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild --suite integration-tests --num-processes "$(($(nproc) / 4))" ++$ env SYSTEMD_INTEGRATION_TESTS=1 mkosi -f sandbox meson test -C build --no-rebuild --suite integration-tests --num-processes "$(($(nproc) / 4))" + ``` + + As usual, specific tests can be run in meson by appending the name of the test + which is usually the name of the directory e.g. + + ```shell +-$ env SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -v TEST-01-BASIC ++$ env SYSTEMD_INTEGRATION_TESTS=1 mkosi -f sandbox meson test -C build --no-rebuild -v TEST-01-BASIC + ``` + +-See `meson introspect build --tests` for a list of tests. ++See `mkosi -f sandbox meson introspect build --tests` for a list of tests. + + To interactively debug a failing integration test, the `--interactive` option + (`-i`) for `meson test` can be used. Note that this requires meson v1.5.0 or + newer: + + ```shell +-$ env SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -i TEST-01-BASIC ++$ env SYSTEMD_INTEGRATION_TESTS=1 mkosi -f sandbox meson test -C build --no-rebuild -i TEST-01-BASIC + ``` + + Due to limitations in meson, the integration tests do not yet depend on the +@@ -78,7 +78,7 @@ running the integration tests. To rebuild the image and rerun a test, the + following command can be used: + + ```shell +-$ meson compile -C build mkosi && env SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -v TEST-01-BASIC ++$ mkosi -f sandbox meson compile -C build mkosi && env SYSTEMD_INTEGRATION_TESTS=1 mkosi -f sandbox meson test -C build --no-rebuild -v TEST-01-BASIC + ``` + + The integration tests use the same mkosi configuration that's used when you run +@@ -92,7 +92,7 @@ To iterate on an integration test, let's first get a shell in the integration te + the following: + + ```shell +-$ meson compile -C build mkosi && env SYSTEMD_INTEGRATION_TESTS=1 TEST_SHELL=1 meson test -C build --no-rebuild -i TEST-01-BASIC ++$ mkosi -f sandbox meson compile -C build mkosi && env SYSTEMD_INTEGRATION_TESTS=1 TEST_SHELL=1 mkosi -f sandbox meson test -C build --no-rebuild -i TEST-01-BASIC + ``` + + This will get us a shell in the integration test environment after booting the machine without running the diff --git a/0075-test-update-README-s-Ubuntu-CI-section-for-mkosi-cha.patch b/0075-test-update-README-s-Ubuntu-CI-section-for-mkosi-cha.patch new file mode 100644 index 0000000..6232a5d --- /dev/null +++ b/0075-test-update-README-s-Ubuntu-CI-section-for-mkosi-cha.patch @@ -0,0 +1,83 @@ +From 20b0b2d7973049d918a69025c5d6b6cbe00f5f41 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Thu, 2 Jan 2025 16:21:42 +0000 +Subject: [PATCH] test: update README's Ubuntu CI section for mkosi changes + +(cherry picked from commit 01829580471eb1958bc5c43caa871b243edb1055) +--- + test/README.testsuite | 30 ++++++------------------------ + 1 file changed, 6 insertions(+), 24 deletions(-) + +diff --git a/test/README.testsuite b/test/README.testsuite +index 25b44912e9..da2d17a6db 100644 +--- a/test/README.testsuite ++++ b/test/README.testsuite +@@ -155,23 +155,7 @@ that make use of `run_testcases`. + + New PRs submitted to the project are run through regression tests, and one set + of those is the 'autopkgtest' runs for several different architectures, called +-'Ubuntu CI'. Part of that testing is to run all these tests. Sometimes these +-tests are temporarily deny-listed from running in the 'autopkgtest' tests while +-debugging a flaky test; that is done by creating a file in the test directory +-named 'deny-list-ubuntu-ci', for example to prevent the TEST-01-BASIC test from +-running in the 'autopkgtest' runs, create the file +-'TEST-01-BASIC/deny-list-ubuntu-ci'. +- +-The tests may be disabled only for specific archs, by creating a deny-list file +-with the arch name at the end, e.g. +-'TEST-01-BASIC/deny-list-ubuntu-ci-arm64' to disable the TEST-01-BASIC test +-only on test runs for the 'arm64' architecture. +- +-Note the arch naming is not from 'uname -m', it is Debian arch names: +-https://wiki.debian.org/ArchitectureSpecificsMemo +- +-For PRs that fix a currently deny-listed test, the PR should include removal +-of the deny-list file. ++'Ubuntu CI'. Part of that testing is to run all these tests. + + In case a test fails, the full set of artifacts, including the journal of the + failed run, can be downloaded from the artifacts.tar.gz archive which will be +@@ -268,7 +252,7 @@ the PR (set by the `$UPSTREAM_PULL_REQUEST` env variable) you'd like to debug: + ```shell + $ git clone https://salsa.debian.org/systemd-team/systemd.git + $ cd systemd +-$ git checkout upstream-ci ++$ git checkout ci/v-stable + $ TEST_UPSTREAM=1 UPSTREAM_PULL_REQUEST=12345 ./debian/extra/checkout-upstream + ``` + +@@ -278,22 +262,20 @@ Now install necessary build & test dependencies: + # PPA with some newer Ubuntu packages required by upstream systemd + $ add-apt-repository -y --enable-source ppa:upstream-systemd-ci/systemd-ci + $ apt build-dep -y systemd +-$ apt install -y autopkgtest debhelper genisoimage git qemu-system-x86 \ +- libcurl4-openssl-dev libfdisk-dev libtss2-dev libfido2-dev \ +- libssl-dev python3-pefile ++$ apt install -y autopkgtest fakemachine qemu-system-x86 + ``` + + Build systemd deb packages with debug info: + + ```shell +-$ TEST_UPSTREAM=1 DEB_BUILD_OPTIONS="nocheck nostrip noopt" dpkg-buildpackage -us -uc ++$ TEST_UPSTREAM=1 DEB_BUILD_OPTIONS="nocheck nostrip noopt pkg.systemd.upstream" dpkg-buildpackage -us -uc -b + $ cd .. + ``` + + Prepare a testbed image for autopkgtest (tweak the release as necessary): + + ```shell +-$ autopkgtest-buildvm-ubuntu-cloud --ram-size 1024 -v -a amd64 -r jammy ++$ autopkgtest-buildvm-ubuntu-cloud --ram-size 1024 -v -a amd64 -r noble + ``` + + And finally run the autopkgtest itself: +@@ -304,7 +286,7 @@ $ autopkgtest -o logs *.deb systemd/ \ + --timeout-factor=3 \ + --test-name=boot-and-services \ + --shell-fail \ +- -- autopkgtest-virt-qemu --cpus 4 --ram-size 2048 autopkgtest-jammy-amd64.img ++ -- autopkgtest-virt-qemu --cpus 4 --ram-size 2048 autopkgtest-noble-amd64.img + ``` + + where `--test-name=` is the name of the test you want to run/debug. The diff --git a/0076-mkosi-Add-docbook-tools.patch b/0076-mkosi-Add-docbook-tools.patch new file mode 100644 index 0000000..410f17f --- /dev/null +++ b/0076-mkosi-Add-docbook-tools.patch @@ -0,0 +1,67 @@ +From 3bf84a14d22f7e259b4adf4cc88895af0cdd1ccc Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 2 Jan 2025 15:48:54 +0100 +Subject: [PATCH] mkosi: Add docbook tools + +(cherry picked from commit fd3ee47d8d1cac09acf034cdbe53071ee6fdde74) +--- + mkosi.conf.d/05-tools/mkosi.conf.d/arch.conf | 2 ++ + mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf | 3 +++ + mkosi.conf.d/05-tools/mkosi.conf.d/debian-ubuntu.conf | 2 ++ + mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf | 2 ++ + 4 files changed, 9 insertions(+) + +diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/arch.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/arch.conf +index 5787aa8f44..c6ec83a6b0 100644 +--- a/mkosi.conf.d/05-tools/mkosi.conf.d/arch.conf ++++ b/mkosi.conf.d/05-tools/mkosi.conf.d/arch.conf +@@ -9,9 +9,11 @@ ToolsTreePackages= + github-cli + libcap + libmicrohttpd ++ libxslt + mypy + perl-json-xs + python-jinja ++ python-lxml + python-pytest + ruff + shellcheck +diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf +index 23731f7376..21d3741504 100644 +--- a/mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf ++++ b/mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf +@@ -15,6 +15,9 @@ ToolsTreePackages= + pkgconfig(mount) + tpm2-tss-devel + python3-jinja2 ++ python3-lxml + python3-mypy + python3-pytest + shellcheck ++ xsltproc ++ docbook-style-xsl +diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/debian-ubuntu.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/debian-ubuntu.conf +index 46204fe8f6..106072f541 100644 +--- a/mkosi.conf.d/05-tools/mkosi.conf.d/debian-ubuntu.conf ++++ b/mkosi.conf.d/05-tools/mkosi.conf.d/debian-ubuntu.conf +@@ -17,5 +17,7 @@ ToolsTreePackages= + libtss2-dev + mypy + python3-jinja2 ++ python3-lxml + python3-pytest + shellcheck ++ xsltproc +diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf +index d486875fab..8a659360fa 100644 +--- a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf ++++ b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf +@@ -19,5 +19,7 @@ ToolsTreePackages= + python3-ruff + tpm2-0-tss-devel + python3-jinja2 ++ python3-lxml + python3-pytest ++ xsltproc + ShellCheck diff --git a/0077-mkosi-Handle-directories-in-debian-not-installed-cor.patch b/0077-mkosi-Handle-directories-in-debian-not-installed-cor.patch new file mode 100644 index 0000000..db664ab --- /dev/null +++ b/0077-mkosi-Handle-directories-in-debian-not-installed-cor.patch @@ -0,0 +1,31 @@ +From 472239d4301d25eb3c7c69eb7e8f13542ef2769f Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 3 Jan 2025 10:20:45 +0100 +Subject: [PATCH] mkosi: Handle directories in debian/not-installed correctly + +If a directory is specified without a glob pattern, we have to exclude +all files in that directory, so add a recursive glob to every directory +and enable the bash globstar feature when globbing to '**/*' matches all +files and directories beneath the given directory. + +(cherry picked from commit d304b95beb76fd62ea249357df526fb211426edc) +--- + .../build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot +index b17483a03f..569bf64499 100755 +--- a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot ++++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot +@@ -111,8 +111,9 @@ if ! build; then + if [[ -f debian/not-installed ]]; then + pushd debian/tmp + grep --invert-match "^#" ../not-installed | +- xargs -I {} bash -O nullglob -c "printf '%s\n' {}" | +- sed "/^$/d" | ++ xargs -I {} sh -c "test -d '{}' && echo '{}/**/*' || echo '{}'" | ++ xargs -I {} bash -O nullglob -O globstar -c "printf '%s\n' {}" | ++ sed --expression "/^$/d" --expression "s#//*#/#g" | + xargs -I {} sh -c "test -f '{}' && echo '{}' || true" >>/tmp/packaged-files + popd + fi diff --git a/0078-mkosi-Warn-on-unpackaged-files-in-the-debian-package.patch b/0078-mkosi-Warn-on-unpackaged-files-in-the-debian-package.patch new file mode 100644 index 0000000..4c9b556 --- /dev/null +++ b/0078-mkosi-Warn-on-unpackaged-files-in-the-debian-package.patch @@ -0,0 +1,23 @@ +From 4bc36b7d57b0210bdaf765fce3d8f9e23444c957 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 3 Jan 2025 11:42:47 +0100 +Subject: [PATCH] mkosi: Warn on unpackaged files in the debian package build + +(cherry picked from commit e965430f57834d641b0b1327617622c20aa23b70) +--- + .../build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot +index 569bf64499..9717286586 100755 +--- a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot ++++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot +@@ -128,6 +128,8 @@ if ! build; then + exit 1 + fi + ++ echo -e "::warning title=UNPACKAGED-FILES::The following files were not picked up by the package, please update the packaging recipe to include: $(tr '\n' ' ' >debian/systemd.install + build diff --git a/0079-mkosi-Update-to-latest.patch b/0079-mkosi-Update-to-latest.patch new file mode 100644 index 0000000..f64624a --- /dev/null +++ b/0079-mkosi-Update-to-latest.patch @@ -0,0 +1,205 @@ +From 3484ab94b94216de0db23ad1f1567641d21a8ad7 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 3 Jan 2025 23:25:23 +0100 +Subject: [PATCH] mkosi: Update to latest + +(cherry picked from commit c008b703701e676a88e16de4c867b9fc4818070d) +--- + .github/workflows/coverage.yml | 2 +- + .github/workflows/mkosi.yml | 2 +- + test/TEST-64-UDEV-STORAGE/btrfs_basic.configure | 2 +- + test/TEST-64-UDEV-STORAGE/iscsi_lvm.configure | 2 +- + test/TEST-64-UDEV-STORAGE/long_sysfs_path.configure | 2 +- + test/TEST-64-UDEV-STORAGE/lvm_basic.configure | 2 +- + test/TEST-64-UDEV-STORAGE/mdadm_basic.configure | 2 +- + test/TEST-64-UDEV-STORAGE/mdadm_lvm.configure | 2 +- + test/TEST-64-UDEV-STORAGE/multipath_basic_failover.configure | 2 +- + test/TEST-64-UDEV-STORAGE/nvme_basic.configure | 2 +- + test/TEST-64-UDEV-STORAGE/nvme_subsystem.configure | 2 +- + test/TEST-64-UDEV-STORAGE/simultaneous_events.configure | 2 +- + test/TEST-64-UDEV-STORAGE/virtio_scsi_basic.configure | 2 +- + .../virtio_scsi_identically_named_partitions.configure | 2 +- + 14 files changed, 14 insertions(+), 14 deletions(-) + +diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml +index a1587e62e9..cea1e84af2 100644 +--- a/.github/workflows/coverage.yml ++++ b/.github/workflows/coverage.yml +@@ -16,7 +16,7 @@ jobs: + + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 +- - uses: systemd/mkosi@ba07d53000b6c560ad0b9f07550aca93c0284e88 ++ - uses: systemd/mkosi@7051715d8541d4d077a218f7445976225ec74d78 + + # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space + # immediately, we remove the files in the background. However, we first move them to a different location +diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml +index 4d128822fb..873ed589b6 100644 +--- a/.github/workflows/mkosi.yml ++++ b/.github/workflows/mkosi.yml +@@ -113,7 +113,7 @@ jobs: + + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 +- - uses: systemd/mkosi@ba07d53000b6c560ad0b9f07550aca93c0284e88 ++ - uses: systemd/mkosi@7051715d8541d4d077a218f7445976225ec74d78 + + # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space + # immediately, we remove the files in the background. However, we first move them to a different location +diff --git a/test/TEST-64-UDEV-STORAGE/btrfs_basic.configure b/test/TEST-64-UDEV-STORAGE/btrfs_basic.configure +index 8ef58a9fdd..85ec983fc3 100755 +--- a/test/TEST-64-UDEV-STORAGE/btrfs_basic.configure ++++ b/test/TEST-64-UDEV-STORAGE/btrfs_basic.configure +@@ -11,7 +11,7 @@ config["QemuArgs"] += ["-device", "virtio-scsi-pci,id=scsi0"] + + for i in range(4): + id = f"drivebtrfsbasic{i}" +- config["QemuDrives"] += [ ++ config["Drives"] += [ + { + "Id": id, + "Size": "350M" if i == 0 else "128M", +diff --git a/test/TEST-64-UDEV-STORAGE/iscsi_lvm.configure b/test/TEST-64-UDEV-STORAGE/iscsi_lvm.configure +index ca23e33858..1d7a0c5b9a 100755 +--- a/test/TEST-64-UDEV-STORAGE/iscsi_lvm.configure ++++ b/test/TEST-64-UDEV-STORAGE/iscsi_lvm.configure +@@ -11,7 +11,7 @@ config["QemuArgs"] += ["-device", "virtio-scsi-pci,id=scsi0"] + + for i in range(4): + id = f"driveiscsibasic{i}" +- config["QemuDrives"] += [ ++ config["Drives"] += [ + { + "Id": id, + "Size": "150M" if i == 0 else "70M", +diff --git a/test/TEST-64-UDEV-STORAGE/long_sysfs_path.configure b/test/TEST-64-UDEV-STORAGE/long_sysfs_path.configure +index 02e2ac4daa..a920171add 100755 +--- a/test/TEST-64-UDEV-STORAGE/long_sysfs_path.configure ++++ b/test/TEST-64-UDEV-STORAGE/long_sysfs_path.configure +@@ -7,7 +7,7 @@ import sys + + config = json.load(sys.stdin) + +-config["QemuDrives"] += [ ++config["Drives"] += [ + { + "Id": "drive0", + "Size": "64M", +diff --git a/test/TEST-64-UDEV-STORAGE/lvm_basic.configure b/test/TEST-64-UDEV-STORAGE/lvm_basic.configure +index 9387b8377c..c4074becb4 100755 +--- a/test/TEST-64-UDEV-STORAGE/lvm_basic.configure ++++ b/test/TEST-64-UDEV-STORAGE/lvm_basic.configure +@@ -11,7 +11,7 @@ config["QemuArgs"] += ["-device", "virtio-scsi-pci,id=scsi0"] + + for i in range(4): + id = f"drivelvmbasic{i}" +- config["QemuDrives"] += [ ++ config["Drives"] += [ + { + "Id": id, + "Size": "32M", +diff --git a/test/TEST-64-UDEV-STORAGE/mdadm_basic.configure b/test/TEST-64-UDEV-STORAGE/mdadm_basic.configure +index 3f00afa955..d722e081e2 100755 +--- a/test/TEST-64-UDEV-STORAGE/mdadm_basic.configure ++++ b/test/TEST-64-UDEV-STORAGE/mdadm_basic.configure +@@ -11,7 +11,7 @@ config["QemuArgs"] += ["-device", "virtio-scsi-pci,id=scsi0"] + + for i in range(5): + id = f"drivemdadmbasic{i}" +- config["QemuDrives"] += [ ++ config["Drives"] += [ + { + "Id": id, + "Size": "64M", +diff --git a/test/TEST-64-UDEV-STORAGE/mdadm_lvm.configure b/test/TEST-64-UDEV-STORAGE/mdadm_lvm.configure +index b7661d9e81..d669895925 100755 +--- a/test/TEST-64-UDEV-STORAGE/mdadm_lvm.configure ++++ b/test/TEST-64-UDEV-STORAGE/mdadm_lvm.configure +@@ -11,7 +11,7 @@ config["QemuArgs"] += ["-device", "virtio-scsi-pci,id=scsi0"] + + for i in range(5): + id = f"drivemdadmlvm{i}" +- config["QemuDrives"] += [ ++ config["Drives"] += [ + { + "Id": id, + "Size": "64M", +diff --git a/test/TEST-64-UDEV-STORAGE/multipath_basic_failover.configure b/test/TEST-64-UDEV-STORAGE/multipath_basic_failover.configure +index 5f323b8a8b..a59927c3b7 100755 +--- a/test/TEST-64-UDEV-STORAGE/multipath_basic_failover.configure ++++ b/test/TEST-64-UDEV-STORAGE/multipath_basic_failover.configure +@@ -18,7 +18,7 @@ for ndisk in range(16): + + for nback in range(4): + id = f"drive{ndisk}x{nback}" +- config["QemuDrives"] += [ ++ config["Drives"] += [ + { + "Id": id, + "Size": size, +diff --git a/test/TEST-64-UDEV-STORAGE/nvme_basic.configure b/test/TEST-64-UDEV-STORAGE/nvme_basic.configure +index b740c096c4..948003e4de 100755 +--- a/test/TEST-64-UDEV-STORAGE/nvme_basic.configure ++++ b/test/TEST-64-UDEV-STORAGE/nvme_basic.configure +@@ -18,7 +18,7 @@ if 'name "nvme"' not in result.stdout: + def add_drive(i: int, serial: str) -> None: + global config + id = f"nvme{i}" +- config["QemuDrives"] += [ ++ config["Drives"] += [ + { + "Id": id, + "Size": "1M", +diff --git a/test/TEST-64-UDEV-STORAGE/nvme_subsystem.configure b/test/TEST-64-UDEV-STORAGE/nvme_subsystem.configure +index 3d7900773c..029d4360ba 100755 +--- a/test/TEST-64-UDEV-STORAGE/nvme_subsystem.configure ++++ b/test/TEST-64-UDEV-STORAGE/nvme_subsystem.configure +@@ -16,7 +16,7 @@ if 'name "nvme"' not in result.stdout: + exit(77) + + for id in ("nvme0", "nvme1"): +- config["QemuDrives"] += [ ++ config["Drives"] += [ + { + "Id": id, + "Size": "1M", +diff --git a/test/TEST-64-UDEV-STORAGE/simultaneous_events.configure b/test/TEST-64-UDEV-STORAGE/simultaneous_events.configure +index a0edb01cc1..668f3e2aa0 100755 +--- a/test/TEST-64-UDEV-STORAGE/simultaneous_events.configure ++++ b/test/TEST-64-UDEV-STORAGE/simultaneous_events.configure +@@ -9,7 +9,7 @@ config = json.load(sys.stdin) + + for i in range(10): + id = f"drivesimultaneousevents{i}" +- config["QemuDrives"] += [ ++ config["Drives"] += [ + { + "Id": id, + "Size": "128M", +diff --git a/test/TEST-64-UDEV-STORAGE/virtio_scsi_basic.configure b/test/TEST-64-UDEV-STORAGE/virtio_scsi_basic.configure +index ab8d530a3e..91e1fe14e5 100755 +--- a/test/TEST-64-UDEV-STORAGE/virtio_scsi_basic.configure ++++ b/test/TEST-64-UDEV-STORAGE/virtio_scsi_basic.configure +@@ -12,7 +12,7 @@ for i in range(4): + + for i in range(128): + id = f"drive{i}" +- config["QemuDrives"] += [ ++ config["Drives"] += [ + { + "Id": id, + "Size": "1M", +diff --git a/test/TEST-64-UDEV-STORAGE/virtio_scsi_identically_named_partitions.configure b/test/TEST-64-UDEV-STORAGE/virtio_scsi_identically_named_partitions.configure +index edc5138ce8..dce6b1503f 100755 +--- a/test/TEST-64-UDEV-STORAGE/virtio_scsi_identically_named_partitions.configure ++++ b/test/TEST-64-UDEV-STORAGE/virtio_scsi_identically_named_partitions.configure +@@ -21,7 +21,7 @@ config["QemuArgs"] += ["-device", "virtio-scsi-pci,id=scsi0,num_queues=4"] + + for i in range(0, num_disk): + id = f"drive{i}" +- config["QemuDrives"] += [ ++ config["Drives"] += [ + { + "Id": id, + "Size": "40M", diff --git a/0080-mkosi-Make-path-exclude-more-generic.patch b/0080-mkosi-Make-path-exclude-more-generic.patch new file mode 100644 index 0000000..78c5612 --- /dev/null +++ b/0080-mkosi-Make-path-exclude-more-generic.patch @@ -0,0 +1,33 @@ +From ef6f0afb544c38e71824412012f657aeb5780d1a Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Sun, 5 Jan 2025 23:19:44 +0100 +Subject: [PATCH] mkosi: Make path exclude more generic + +The systemd rpms we try to install in packit have /usr/bin/bash and +/usr/bin/python3 as dependencies which breaks dnf5 because mkosi +doesn't download filelists metadata and +https://bugzilla.redhat.com/show_bug.cgi?id=2263771 is still not fixed +almost a year after being reported. + +(cherry picked from commit 8a9b989cba75810406b0c881bcabe03c27fa47e5) +--- + mkosi.conf.d/10-centos-fedora/mkosi.prepare | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/mkosi.conf.d/10-centos-fedora/mkosi.prepare b/mkosi.conf.d/10-centos-fedora/mkosi.prepare +index 9aca0096d5..1e5bd21995 100755 +--- a/mkosi.conf.d/10-centos-fedora/mkosi.prepare ++++ b/mkosi.conf.d/10-centos-fedora/mkosi.prepare +@@ -12,8 +12,11 @@ for DEPS in --requires --recommends --suggests; do + # We need --latest-limit=1 to only consider the newest version of the packages. + # --latest-limit=1 is per . so we have to pass --arch= explicitly to make sure i686 packages + # are not considered on x86-64. ++ # Because mkosi does not download the filelists repository metadata, we have to exclude all path based ++ # dependencies, (even those within /usr and /bin because of ++ # https://bugzilla.redhat.com/show_bug.cgi?id=2263771). + dnf repoquery --arch="$DISTRIBUTION_ARCHITECTURE,noarch" --latest-limit=1 --quiet "$DEPS" "${PACKAGES[@]}" | +- grep --extended-regexp --invert-match --regexp "$(IFS=\| ; echo "${PACKAGES[*]}")" --regexp /bin/sh --regexp grubby --regexp sdubby --regexp libcurl-minimal | ++ grep --extended-regexp --invert-match --regexp "$(IFS=\| ; echo "${PACKAGES[*]}")" --regexp /bin --regexp /usr --regexp grubby --regexp sdubby --regexp libcurl-minimal | + sort --unique | + xargs --delimiter '\n' --no-run-if-empty mkosi-install + done diff --git a/0081-packit-Move-fmf-metadata-into-upstream.patch b/0081-packit-Move-fmf-metadata-into-upstream.patch new file mode 100644 index 0000000..f4bec27 --- /dev/null +++ b/0081-packit-Move-fmf-metadata-into-upstream.patch @@ -0,0 +1,183 @@ +From 3fd7ff599719852113fee64b2dc124493c3b53dc Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 20 Dec 2024 15:34:13 +0100 +Subject: [PATCH] packit: Move fmf metadata into upstream + +This moves https://src.fedoraproject.org/tests/systemd into upstream +so it's one less moving piece that we need to remember. While we're at +it, do various cleanups as well: + +- Remove non-packit logic +- Set NO_BUILD in mkosi.local.conf as it's not picked up from the + process environment +- Don't set unused environment variables +- Remove workdir logic as we run in an ephemeral VM already +- Drop --verbose from meson test to reduce noise + from passed tests +- Use mkosi sandbox and drop duplicated deps from metadata file +- Stop running the unit tests as they already run as part of the rpm + build and as part of the integration tests. +- Various style fixes + +(cherry picked from commit b0b88f18b3237704d1f6d5b3dcb533367816ce23) +--- + .packit.yml | 3 +- + test/fmf/.fmf/version | 1 + + test/fmf/integration-tests/main.fmf | 10 ++++ + test/fmf/integration-tests/test.sh | 88 +++++++++++++++++++++++++++++ + test/fmf/plans/ci.fmf | 12 ++++ + 5 files changed, 112 insertions(+), 2 deletions(-) + create mode 100644 test/fmf/.fmf/version + create mode 100644 test/fmf/integration-tests/main.fmf + create mode 100755 test/fmf/integration-tests/test.sh + create mode 100644 test/fmf/plans/ci.fmf + +diff --git a/.packit.yml b/.packit.yml +index 2dcc9e86ca..eef6e48fcf 100644 +--- a/.packit.yml ++++ b/.packit.yml +@@ -57,8 +57,7 @@ jobs: + + - job: tests + trigger: pull_request +- fmf_url: https://src.fedoraproject.org/tests/systemd +- fmf_ref: main ++ fmf_path: test/fmf + tmt_plan: ci + targets: + - fedora-rawhide-x86_64 +diff --git a/test/fmf/.fmf/version b/test/fmf/.fmf/version +new file mode 100644 +index 0000000000..d00491fd7e +--- /dev/null ++++ b/test/fmf/.fmf/version +@@ -0,0 +1 @@ ++1 +diff --git a/test/fmf/integration-tests/main.fmf b/test/fmf/integration-tests/main.fmf +new file mode 100644 +index 0000000000..a1686c09c3 +--- /dev/null ++++ b/test/fmf/integration-tests/main.fmf +@@ -0,0 +1,10 @@ ++# SPDX-License-Identifier: LGPL-2.1-or-later ++ ++summary: Run the upstream integration test suite ++test: ./test.sh ++duration: 2h ++require: ++ - coreutils ++ - distribution-gpg-keys ++ - dnf ++ - git-core +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +new file mode 100755 +index 0000000000..51cbab6ec9 +--- /dev/null ++++ b/test/fmf/integration-tests/test.sh +@@ -0,0 +1,88 @@ ++#!/bin/bash ++# SPDX-License-Identifier: LGPL-2.1-or-later ++ ++set -eux ++set -o pipefail ++ ++# Switch SELinux to permissive, since the tests don't set proper contexts ++setenforce 0 ++ ++# Prepare systemd source tree ++git clone "$PACKIT_TARGET_URL" systemd ++pushd systemd ++# If we're running in a pull request job, merge the remote branch into the current main ++if [[ -n "${PACKIT_SOURCE_URL:-}" ]]; then ++ git remote add pr "${PACKIT_SOURCE_URL:?}" ++ git fetch pr "${PACKIT_SOURCE_BRANCH:?}" ++ git merge "pr/$PACKIT_SOURCE_BRANCH" ++fi ++git log --oneline -5 ++popd ++ ++# Now prepare mkosi, possibly at the same version required by the systemd repo ++git clone https://github.com/systemd/mkosi ++# If we have it, pin the mkosi version to the same one used by Github Actions, to ensure consistency ++if [ -f .github/workflows/mkosi.yml ]; then ++ mkosi_hash="$(grep systemd/mkosi@ .github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" ++ git -C mkosi checkout "$mkosi_hash" ++fi ++ ++export PATH="$PWD/mkosi/bin:$PATH" ++ ++pushd systemd ++ ++# shellcheck source=/dev/null ++. /etc/os-release || . /usr/lib/os-release ++ ++tee mkosi.local.conf <> /etc/yum.repos.d/copr_build* ++ ++# Disable mkosi's own repository logic ++touch /etc/yum.repos.d/mkosi.repo ++ ++# TODO: drop once BTRFS regression is fixed in kernel 6.13 ++sed -i "s/Format=btrfs/Format=ext4/" mkosi.repart/10-root.conf ++ ++# If we don't have KVM, skip running in qemu, as it's too slow. But try to load the module first. ++modprobe kvm || true ++if [[ ! -e /dev/kvm ]]; then ++ export TEST_NO_QEMU=1 ++fi ++ ++# Create missing mountpoint for mkosi sandbox. ++mkdir -p /etc/pacman.d/gnupg ++ ++mkosi summary ++mkosi -f sandbox true ++mkosi -f sandbox meson setup --buildtype=debugoptimized -Dintegration-tests=true build ++mkosi genkey ++mkosi -f sandbox meson compile -C build mkosi ++mkosi -f sandbox \ ++ meson test \ ++ -C build \ ++ --no-rebuild \ ++ --suite integration-tests \ ++ --print-errorlogs \ ++ --no-stdsplit \ ++ --num-processes "$(($(nproc) - 1))" ++ ++popd +diff --git a/test/fmf/plans/ci.fmf b/test/fmf/plans/ci.fmf +new file mode 100644 +index 0000000000..3e2a16bc89 +--- /dev/null ++++ b/test/fmf/plans/ci.fmf +@@ -0,0 +1,12 @@ ++# SPDX-License-Identifier: LGPL-2.1-or-later ++ ++summary: systemd Fedora test suite ++discover: ++ how: fmf ++prepare: ++ - name: systemd ++ how: install ++ exclude: ++ - systemd-standalone-.* ++execute: ++ how: tmt diff --git a/0082-mkosi-replace-deprecated-settings-and-command-with-n.patch b/0082-mkosi-replace-deprecated-settings-and-command-with-n.patch new file mode 100644 index 0000000..5a6dc0d --- /dev/null +++ b/0082-mkosi-replace-deprecated-settings-and-command-with-n.patch @@ -0,0 +1,66 @@ +From a1f6747606484c47581172b36aa70aa73a13ab6a Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 6 Jan 2025 16:30:26 +0900 +Subject: [PATCH] mkosi: replace deprecated settings and command with new ones + +Follow-up for c008b703701e676a88e16de4c867b9fc4818070d. + +These settings and command were deprecated by the following commit. +https://github.com/systemd/mkosi/commit/ebcd2efa03af5c04de91434634f2e4a956f7e53c + +(cherry picked from commit d5cdcba928823faf5ddcca267e3866ab5d5fc729) +--- + docs/HACKING.md | 6 +++--- + mkosi.conf | 8 ++++---- + 2 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/docs/HACKING.md b/docs/HACKING.md +index de3f66dd55..b6aeff11c3 100644 +--- a/docs/HACKING.md ++++ b/docs/HACKING.md +@@ -51,7 +51,7 @@ To build and boot an OS image with the latest systemd installed: + $ mkosi -f genkey # Generate signing keys once. + $ mkosi -f sandbox meson compile -C build mkosi # (re-)build the OS image + $ sudo mkosi boot # Boot the image with systemd-nspawn. +-$ mkosi qemu # Boot the image with qemu. ++$ mkosi vm # Boot the image with qemu. + ``` + + Putting this all together, here's a series of commands for preparing a patch for +@@ -67,7 +67,7 @@ $ $EDITOR src/core/main.c # or wherever you'd like to make + $ mkosi -f sandbox meson setup build # Set up meson + $ mkosi -f genkey # Generate signing keys once. + $ mkosi -f sandbox meson compile -C build mkosi # (re-)build the test image +-$ mkosi qemu # Boot the image in qemu ++$ mkosi vm # Boot the image in qemu + $ git add -p # interactively put together your patch + $ git commit # commit it + $ git push -u # where REMOTE is your "fork" on GitHub +@@ -275,7 +275,7 @@ To simplify debugging systemd when testing changes using mkosi, we're going to s + + To allow VSCode's debugger to attach to systemd running in a mkosi image, + we have to make sure it can access the virtual machine spawned by mkosi where systemd is running. +-After booting the image with `mkosi qemu`, ++After booting the image with `mkosi vm`, + you should now be able to connect to it by running `mkosi ssh` from the same directory in another terminal window. + + Now we need to configure VSCode. +diff --git a/mkosi.conf b/mkosi.conf +index ab8a6a1372..2517aba518 100644 +--- a/mkosi.conf ++++ b/mkosi.conf +@@ -140,10 +140,10 @@ Credentials= + tty.console.login.noauth=yes + RuntimeBuildSources=yes + RuntimeScratch=no +-QemuSmp=2 +-QemuSwtpm=yes +-QemuVsock=yes +-QemuKvm=yes ++CPUs=2 ++TPM=yes ++VSock=yes ++KVM=yes + + [Include] + Include=%D/mkosi.sanitizers diff --git a/0083-mkosi-Migrate-more-deprecated-options.patch b/0083-mkosi-Migrate-more-deprecated-options.patch new file mode 100644 index 0000000..ab11afe --- /dev/null +++ b/0083-mkosi-Migrate-more-deprecated-options.patch @@ -0,0 +1,63 @@ +From d9bf9ede93027aaeb2726b359b12838e0b617528 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Mon, 6 Jan 2025 12:07:53 +0100 +Subject: [PATCH] mkosi: Migrate more deprecated options + +(cherry picked from commit 28baef47a3098bd82b27c0a629df6c5f885693e7) +--- + .github/workflows/coverage.yml | 2 +- + .github/workflows/mkosi.yml | 2 +- + test/integration-test-wrapper.py | 7 +++---- + 3 files changed, 5 insertions(+), 6 deletions(-) + +diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml +index cea1e84af2..e678283143 100644 +--- a/.github/workflows/coverage.yml ++++ b/.github/workflows/coverage.yml +@@ -64,7 +64,7 @@ jobs: + COVERAGE=1 + + [Runtime] +- QemuMem=4G ++ RAM=4G + EOF + + - name: Generate secure boot key +diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml +index 873ed589b6..d4b37f72b0 100644 +--- a/.github/workflows/mkosi.yml ++++ b/.github/workflows/mkosi.yml +@@ -171,7 +171,7 @@ jobs: + SELinuxRelabel=${{ matrix.relabel }} + + [Runtime] +- QemuMem=4G ++ RAM=4G + EOF + + - name: Generate secure boot key +diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py +index d44e8f8bd6..ef6df8840f 100755 +--- a/test/integration-test-wrapper.py ++++ b/test/integration-test-wrapper.py +@@ -479,9 +479,8 @@ def main() -> None: + '--runtime-network=none', + '--runtime-scratch=no', + *args.mkosi_args, +- '--qemu-firmware', +- args.firmware, +- *(['--qemu-kvm', 'no'] if int(os.getenv('TEST_NO_KVM', '0')) else []), ++ '--firmware', args.firmware, ++ *(['--kvm', 'no'] if int(os.getenv('TEST_NO_KVM', '0')) else []), + '--kernel-command-line-extra', + ' '.join( + [ +@@ -504,7 +503,7 @@ def main() -> None: + ), + '--credential', f"journal.storage={'persistent' if sys.stderr.isatty() else args.storage}", + *(['--runtime-build-sources=no'] if not sys.stderr.isatty() else []), +- 'qemu' if args.vm or os.getuid() != 0 or os.getenv('TEST_PREFER_QEMU', '0') == '1' else 'boot', ++ 'vm' if args.vm or os.getuid() != 0 or os.getenv('TEST_PREFER_QEMU', '0') == '1' else 'boot', + ] # fmt: skip + + result = subprocess.run(cmd) diff --git a/0084-ci-Rename-qemu-variable-to-vm.patch b/0084-ci-Rename-qemu-variable-to-vm.patch new file mode 100644 index 0000000..c1765b2 --- /dev/null +++ b/0084-ci-Rename-qemu-variable-to-vm.patch @@ -0,0 +1,88 @@ +From 9db018d9baf17460b9105915b2b92bee63f48912 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Mon, 6 Jan 2025 12:08:33 +0100 +Subject: [PATCH] ci: Rename qemu variable to vm + +(cherry picked from commit c5981510e9744b9646088717aeef1ea71f74b1a6) +--- + .github/workflows/mkosi.yml | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml +index d4b37f72b0..a043022ce0 100644 +--- a/.github/workflows/mkosi.yml ++++ b/.github/workflows/mkosi.yml +@@ -60,56 +60,56 @@ jobs: + llvm: 0 + cflags: "-O2 -D_FORTIFY_SOURCE=3" + relabel: no +- qemu: 1 ++ vm: 1 + - distro: debian + release: testing + sanitizers: "" + llvm: 0 + cflags: "-Og" + relabel: no +- qemu: 0 ++ vm: 0 + - distro: ubuntu + release: noble + sanitizers: "" + llvm: 0 + cflags: "-Og" + relabel: no +- qemu: 0 ++ vm: 0 + - distro: fedora + release: "41" + sanitizers: "" + llvm: 0 + cflags: "-Og" + relabel: yes +- qemu: 0 ++ vm: 0 + - distro: fedora + release: rawhide + sanitizers: address,undefined + llvm: 1 + cflags: "-Og" + relabel: yes +- qemu: 0 ++ vm: 0 + - distro: opensuse + release: tumbleweed + sanitizers: "" + llvm: 0 + cflags: "-Og" + relabel: no +- qemu: 0 ++ vm: 0 + - distro: centos + release: "9" + sanitizers: "" + llvm: 0 + cflags: "-Og" + relabel: yes +- qemu: 0 ++ vm: 0 + - distro: centos + release: "10" + sanitizers: "" + llvm: 0 + cflags: "-Og" + relabel: yes +- qemu: 0 ++ vm: 0 + + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 +@@ -194,7 +194,7 @@ jobs: + sudo --preserve-env \ + mkosi sandbox \ + env \ +- TEST_PREFER_QEMU=${{ matrix.qemu }} \ ++ TEST_PREFER_QEMU=${{ matrix.vm }} \ + meson test \ + -C build \ + --no-rebuild \ diff --git a/0085-fmf-Insist-on-mkosi-sha-being-available.patch b/0085-fmf-Insist-on-mkosi-sha-being-available.patch new file mode 100644 index 0000000..26a8009 --- /dev/null +++ b/0085-fmf-Insist-on-mkosi-sha-being-available.patch @@ -0,0 +1,43 @@ +From 80b0e03a8e38618a59ba36a4e96ea572613e6b62 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Mon, 6 Jan 2025 16:28:39 +0100 +Subject: [PATCH] fmf: Insist on mkosi sha being available + +Let's assume the workflow file containing the mkosi always being +available. + +Also fix the detection while we're at it by not leaving the systemd +directory. + +(cherry picked from commit 9e76e9c9dc211440e79a7e27600593169597cc41) +--- + test/fmf/integration-tests/test.sh | 10 ++-------- + 1 file changed, 2 insertions(+), 8 deletions(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 51cbab6ec9..f16bd84cba 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -17,20 +17,14 @@ if [[ -n "${PACKIT_SOURCE_URL:-}" ]]; then + git merge "pr/$PACKIT_SOURCE_BRANCH" + fi + git log --oneline -5 +-popd + + # Now prepare mkosi, possibly at the same version required by the systemd repo + git clone https://github.com/systemd/mkosi +-# If we have it, pin the mkosi version to the same one used by Github Actions, to ensure consistency +-if [ -f .github/workflows/mkosi.yml ]; then +- mkosi_hash="$(grep systemd/mkosi@ .github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" +- git -C mkosi checkout "$mkosi_hash" +-fi ++mkosi_hash="$(grep systemd/mkosi@ .github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")" ++git -C mkosi checkout "$mkosi_hash" + + export PATH="$PWD/mkosi/bin:$PATH" + +-pushd systemd +- + # shellcheck source=/dev/null + . /etc/os-release || . /usr/lib/os-release + diff --git a/0086-fmf-Support-being-used-downstream-in-dist-git-tests.patch b/0086-fmf-Support-being-used-downstream-in-dist-git-tests.patch new file mode 100644 index 0000000..860865d --- /dev/null +++ b/0086-fmf-Support-being-used-downstream-in-dist-git-tests.patch @@ -0,0 +1,75 @@ +From 54b90f783d45303c91a91300c2ef46c5dbd93220 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Mon, 6 Jan 2025 16:30:23 +0100 +Subject: [PATCH] fmf: Support being used downstream in dist-git tests + +We can use our upstream fmf definitions to run downstream tests in +the Fedora systemd dist-git repository +(https://src.fedoraproject.org/rpms/systemd). To have access to the +dist-git sources when running the tests, we enable dist-git-source: true +downstream which makes the sources available in $TMT_SOURCE_DIR so +let's make sure we use those sources if they're available. + +(cherry picked from commit 0eb7e29dfb388f746797675cef1ebd7bc3568b6e) +--- + test/fmf/integration-tests/test.sh | 46 ++++++++++++++++++++++++------ + 1 file changed, 37 insertions(+), 9 deletions(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index f16bd84cba..690e07aa56 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -7,16 +7,44 @@ set -o pipefail + # Switch SELinux to permissive, since the tests don't set proper contexts + setenforce 0 + +-# Prepare systemd source tree +-git clone "$PACKIT_TARGET_URL" systemd +-pushd systemd +-# If we're running in a pull request job, merge the remote branch into the current main +-if [[ -n "${PACKIT_SOURCE_URL:-}" ]]; then +- git remote add pr "${PACKIT_SOURCE_URL:?}" +- git fetch pr "${PACKIT_SOURCE_BRANCH:?}" +- git merge "pr/$PACKIT_SOURCE_BRANCH" ++# Allow running the integration tests downstream in dist-git with something like ++# the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR: ++# ++# summary: systemd Fedora test suite ++# discover: ++# how: fmf ++# url: https://github.com/systemd/systemd ++# ref: main ++# path: test/fmf ++# dist-git-source: true ++# dist-git-install-builddeps: false ++# prepare: ++# - name: systemd ++# how: install ++# exclude: ++# - systemd-standalone-.* ++# execute: ++# how: tmt ++ ++if [[ -n "${TMT_SOURCE_DIR:-}" ]]; then ++ pushd "$TMT_SOURCE_DIR/*/" ++elif [[ -n "${PACKIT_TARGET_URL:-}" ]]; then ++ # Prepare systemd source tree ++ git clone "$PACKIT_TARGET_URL" systemd ++ pushd systemd ++ ++ # If we're running in a pull request job, merge the remote branch into the current main ++ if [[ -n "${PACKIT_SOURCE_URL:-}" ]]; then ++ git remote add pr "${PACKIT_SOURCE_URL:?}" ++ git fetch pr "${PACKIT_SOURCE_BRANCH:?}" ++ git merge "pr/$PACKIT_SOURCE_BRANCH" ++ fi ++ ++ git log --oneline -5 ++else ++ echo "Not running within packit or Fedora CI" ++ exit 1 + fi +-git log --oneline -5 + + # Now prepare mkosi, possibly at the same version required by the systemd repo + git clone https://github.com/systemd/mkosi diff --git a/0087-core-fix-assert-when-AddDependencyUnitFiles-is-calle.patch b/0087-core-fix-assert-when-AddDependencyUnitFiles-is-calle.patch new file mode 100644 index 0000000..aa9141f --- /dev/null +++ b/0087-core-fix-assert-when-AddDependencyUnitFiles-is-calle.patch @@ -0,0 +1,35 @@ +From b6792202f31c4e83d23a944b845e1f17fc14f619 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Mon, 6 Jan 2025 18:16:29 +0000 +Subject: [PATCH] core: fix assert when AddDependencyUnitFiles is called with + invalid parameter + +unit_file_add_dependency() asserts, so check before calling it that the +type is expected, or return EINVAL to the caller. + +root@localhost:~# busctl call org.freedesktop.systemd1 /org/freedesktop/systemd1 org.freedesktop.systemd1.Manager AddDependencyUnitFiles "asssbb" 0 uwhatm8 After 1 1 + +Broadcast message from systemd-journald@localhost (Mon 2025-01-06 18:12:14 UTC): + +systemd[1]: Caught , from our own process. + +Fixes https://github.com/systemd/systemd/issues/35882 + +(cherry picked from commit d87dc74e8f1a30d72a0f202e411400bab34ab55a) +--- + src/core/dbus-manager.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c +index 20b05446b6..c4a7e2a20b 100644 +--- a/src/core/dbus-manager.c ++++ b/src/core/dbus-manager.c +@@ -2760,7 +2760,7 @@ static int method_add_dependency_unit_files(sd_bus_message *message, void *userd + flags = unit_file_bools_to_flags(runtime, force); + + dep = unit_dependency_from_string(type); +- if (dep < 0) ++ if (dep < 0 || !IN_SET(dep, UNIT_WANTS, UNIT_REQUIRES)) + return -EINVAL; + + r = unit_file_add_dependency(m->runtime_scope, flags, NULL, l, target, dep, &changes, &n_changes); diff --git a/0088-repart-Use-streq_ptr.patch b/0088-repart-Use-streq_ptr.patch new file mode 100644 index 0000000..23779d6 --- /dev/null +++ b/0088-repart-Use-streq_ptr.patch @@ -0,0 +1,25 @@ +From 85a9b7cfd1d9fc6d2a82ee9585eccbef543c520f Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Mon, 6 Jan 2025 23:02:30 +0100 +Subject: [PATCH] repart: Use streq_ptr() + +p->format is not guaranteed to be initialized. + +(cherry picked from commit ffcdaec632d8b96b63499054ff3492b03b33e233) +--- + src/repart/repart.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/repart/repart.c b/src/repart/repart.c +index 7e6fd2a29a..2ddff313fc 100644 +--- a/src/repart/repart.c ++++ b/src/repart/repart.c +@@ -2311,7 +2311,7 @@ static int partition_finalize_fstype(Partition *p, const char *path) { + return log_oom(); + + const char *v = secure_getenv(e); +- if (!v || streq(p->format, v)) ++ if (!v || streq_ptr(p->format, v)) + return 0; + + log_syntax(NULL, LOG_NOTICE, path, 1, 0, diff --git a/0089-sd-device-add-missing-debugging-log.patch b/0089-sd-device-add-missing-debugging-log.patch new file mode 100644 index 0000000..969a383 --- /dev/null +++ b/0089-sd-device-add-missing-debugging-log.patch @@ -0,0 +1,25 @@ +From b3951fb0a8e1d0b1158602567dfc1cfb4ef50f49 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sun, 5 Jan 2025 03:09:29 +0900 +Subject: [PATCH] sd-device: add missing debugging log + +It was unexpectedly dropped by 660087dc9c4a5c610da99e7b6b1772e371eb0a80. + +(cherry picked from commit 7e5238625ed4a879c2fe8ff7e457021d174bf083) +--- + src/libsystemd/sd-device/sd-device.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c +index 01fa90b1ff..94dfd2ef13 100644 +--- a/src/libsystemd/sd-device/sd-device.c ++++ b/src/libsystemd/sd-device/sd-device.c +@@ -234,7 +234,7 @@ int device_set_syspath(sd_device *device, const char *_syspath, bool verify) { + + r = path_simplify_alloc(_syspath, &syspath); + if (r < 0) +- return r; ++ return log_oom_debug(); + } + + assert_se(devpath = startswith(syspath, "/sys")); diff --git a/0090-sd-device-fix-validation-for-devices-under-sys-firmw.patch b/0090-sd-device-fix-validation-for-devices-under-sys-firmw.patch new file mode 100644 index 0000000..80ebaba --- /dev/null +++ b/0090-sd-device-fix-validation-for-devices-under-sys-firmw.patch @@ -0,0 +1,67 @@ +From 47f9a9879a075505c03b394ed532f225689ec570 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sun, 5 Jan 2025 03:52:05 +0900 +Subject: [PATCH] sd-device: fix validation for devices under /sys/firmware/ in + sd_device_new_from_subsystem_sysname() + +Devices under /sys/firmware/ do not have subsystems. Hence, the +validation in sd_device_new_from_subsystem_sysname() -> +device_new_from_path_join() always failed. + +Fixes a bug introduced by cd7c71154cd62d3f50c07ce387edd9c20aebd7bc (v257). +Fixes #35861. + +(cherry picked from commit 3328d1e1816f408e6516c35991a89a8d21fd60b4) +--- + src/libsystemd/sd-device/sd-device.c | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c +index 94dfd2ef13..9e28159779 100644 +--- a/src/libsystemd/sd-device/sd-device.c ++++ b/src/libsystemd/sd-device/sd-device.c +@@ -401,7 +401,6 @@ static int device_new_from_path_join( + int r; + + assert(device); +- assert(subsystem); + assert(sysname); + + p = path_join(a, b, c, d); +@@ -486,13 +485,13 @@ _public_ int sd_device_new_from_subsystem_sysname( + + if (streq(subsystem, "subsystem")) { + FOREACH_STRING(s, "/sys/bus/", "/sys/class/") { +- r = device_new_from_path_join(&device, subsystem, NULL, sysname, s, name, NULL, NULL); ++ r = device_new_from_path_join(&device, subsystem, /* driver_subsystem = */ NULL, sysname, s, name, NULL, NULL); + if (r < 0) + return r; + } + + } else if (streq(subsystem, "module")) { +- r = device_new_from_path_join(&device, subsystem, NULL, sysname, "/sys/module/", name, NULL, NULL); ++ r = device_new_from_path_join(&device, subsystem, /* driver_subsystem = */ NULL, sysname, "/sys/module/", name, NULL, NULL); + if (r < 0) + return r; + +@@ -514,15 +513,17 @@ _public_ int sd_device_new_from_subsystem_sysname( + } + } + +- r = device_new_from_path_join(&device, subsystem, NULL, sysname, "/sys/bus/", subsystem, "/devices/", name); ++ r = device_new_from_path_join(&device, subsystem, /* driver_subsystem = */ NULL, sysname, "/sys/bus/", subsystem, "/devices/", name); + if (r < 0) + return r; + +- r = device_new_from_path_join(&device, subsystem, NULL, sysname, "/sys/class/", subsystem, name, NULL); ++ r = device_new_from_path_join(&device, subsystem, /* driver_subsystem = */ NULL, sysname, "/sys/class/", subsystem, name, NULL); + if (r < 0) + return r; + +- r = device_new_from_path_join(&device, subsystem, NULL, sysname, "/sys/firmware/", subsystem, name, NULL); ++ /* Note that devices under /sys/firmware/ (e.g. /sys/firmware/devicetree/base/) do not have ++ * subsystem. Hence, pass NULL for subsystem. See issue #35861. */ ++ r = device_new_from_path_join(&device, /* subsystem = */ NULL, /* driver_subsystem = */ NULL, sysname, "/sys/firmware/", subsystem, name, NULL); + if (r < 0) + return r; + diff --git a/0091-resolved-stop-mdns-lnrr-when-config-changes-to-disab.patch b/0091-resolved-stop-mdns-lnrr-when-config-changes-to-disab.patch new file mode 100644 index 0000000..19e8590 --- /dev/null +++ b/0091-resolved-stop-mdns-lnrr-when-config-changes-to-disab.patch @@ -0,0 +1,73 @@ +From 331888d165b6c4171db4fac318e773248db2218a Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Thu, 2 Jan 2025 17:30:21 +0000 +Subject: [PATCH] resolved: stop mdns/lnrr when config changes to disabled on + reload + +Currently on reload mdns/lnrr are enabled if they were disabled, +but not viceversa. Fix it. + +Follow-up for 14a52176798bc2d013297b503ac6fa49a64e2725 + +(cherry picked from commit 2976730a4d34749bfb7a88da341464f1834ab1c6) +--- + mkosi.conf | 1 + + src/resolve/resolved-link.c | 7 +++++-- + test/units/TEST-75-RESOLVED.sh | 2 ++ + 3 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/mkosi.conf b/mkosi.conf +index 2517aba518..559901dfff 100644 +--- a/mkosi.conf ++++ b/mkosi.conf +@@ -103,6 +103,7 @@ Packages= + kmod + less + llvm ++ lsof + lvm2 + man + mdadm +diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c +index 928137b967..067a0813ec 100644 +--- a/src/resolve/resolved-link.c ++++ b/src/resolve/resolved-link.c +@@ -651,13 +651,16 @@ int link_update(Link *l) { + r = manager_llmnr_start(l->manager); + if (r < 0) + return r; +- } ++ } else ++ manager_llmnr_stop(l->manager); ++ + + if (link_get_mdns_support(l) != RESOLVE_SUPPORT_NO) { + r = manager_mdns_start(l->manager); + if (r < 0) + return r; +- } ++ } else ++ manager_mdns_stop(l->manager); + + link_allocate_scopes(l); + link_add_rrs(l, false); +diff --git a/test/units/TEST-75-RESOLVED.sh b/test/units/TEST-75-RESOLVED.sh +index 576c04f87a..fd07fd898a 100755 +--- a/test/units/TEST-75-RESOLVED.sh ++++ b/test/units/TEST-75-RESOLVED.sh +@@ -339,6 +339,7 @@ manual_testcase_02_mdns_llmnr() { + # defaults to yes (both the global and per-link settings are yes) + assert_in 'yes' "$(resolvectl mdns hoge)" + assert_in 'yes' "$(resolvectl llmnr hoge)" ++ lsof -p "$(systemctl show --property MainPID --value systemd-resolved.service)" | grep -q ":mdns\|:5353" + # set per-link setting + resolvectl mdns hoge yes + resolvectl llmnr hoge yes +@@ -379,6 +380,7 @@ manual_testcase_02_mdns_llmnr() { + echo "LLMNR=no" + } >/run/systemd/resolved.conf.d/mdns-llmnr.conf + systemctl reload systemd-resolved.service ++ (! lsof -p "$(systemctl show --property MainPID --value systemd-resolved.service)" | grep -q ":mdns\|:5353") + # set per-link setting + resolvectl mdns hoge yes + resolvectl llmnr hoge yes diff --git a/0092-shared-hibernate-util-don-t-attempt-to-fiemap-fd-if-.patch b/0092-shared-hibernate-util-don-t-attempt-to-fiemap-fd-if-.patch new file mode 100644 index 0000000..c06ee9a --- /dev/null +++ b/0092-shared-hibernate-util-don-t-attempt-to-fiemap-fd-if-.patch @@ -0,0 +1,48 @@ +From 74d673d7ae13e561e4f72d0f16a35fb8f5f3f5be Mon Sep 17 00:00:00 2001 +From: Mike Yuan +Date: Thu, 2 Jan 2025 04:13:23 +0100 +Subject: [PATCH] shared/hibernate-util: don't attempt to fiemap fd if no + backing dev available + +Prompted by #35798 + +Co-authored-by: Yu Watanabe +(cherry picked from commit 6d3b2273b1e14d79548a018674ad6e5a5b8b8009) +--- + src/shared/hibernate-util.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/src/shared/hibernate-util.c b/src/shared/hibernate-util.c +index 1213fdc2c7..49ce787d02 100644 +--- a/src/shared/hibernate-util.c ++++ b/src/shared/hibernate-util.c +@@ -235,6 +235,8 @@ static int swap_entry_get_resume_config(SwapEntry *swap) { + r = get_block_device_fd(fd, &swap->devno); + if (r < 0) + return r; ++ if (r == 0) ++ return -EMEDIUMTYPE; + + r = fd_is_fs_type(fd, BTRFS_SUPER_MAGIC); + if (r < 0) +@@ -362,14 +364,16 @@ int find_suitable_hibernation_device_full(HibernationDevice *ret_device, uint64_ + + FOREACH_ARRAY(swap, entries.swaps, entries.n_swaps) { + r = swap_entry_get_resume_config(swap); +- if (r < 0) +- return log_debug_errno(r, "Failed to get devno and offset for swap '%s': %m", swap->path); +- if (swap->devno == 0) { ++ if (r == -EMEDIUMTYPE) { + assert(swap->swapfile); + +- log_debug("Swap file '%s' is not backed by block device, ignoring: %m", swap->path); ++ log_debug_errno(r, "Unable to acquire backing block device for swap file '%s' (maybe on a RAID btrfs?), ignoring.", ++ swap->path); + continue; + } ++ if (r < 0) ++ return log_debug_errno(r, "Failed to get devno and offset for swap '%s': %m", swap->path); ++ assert(swap->devno > 0); + + if (resume_config_devno > 0) { + if (swap->devno == resume_config_devno && diff --git a/0093-shared-hibernate-util-handle-the-case-where-no-swap-.patch b/0093-shared-hibernate-util-handle-the-case-where-no-swap-.patch new file mode 100644 index 0000000..378a1f8 --- /dev/null +++ b/0093-shared-hibernate-util-handle-the-case-where-no-swap-.patch @@ -0,0 +1,45 @@ +From 01686c36cd564f8fd77386ae69808f498c32be83 Mon Sep 17 00:00:00 2001 +From: Mike Yuan +Date: Thu, 2 Jan 2025 04:17:47 +0100 +Subject: [PATCH] shared/hibernate-util: handle the case where no swap has + available backing dev + +This also makes find_suitable_hibernation_device() report +more accurate error (ENOSPC -> ESTALE) if there's +no swap space on the system at all but resume= is set. + +Fixes #35798 +Replaces #35801 + +(cherry picked from commit bd3d361580715c7a6204c74df9185cc81d67f0c2) +--- + src/shared/hibernate-util.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/src/shared/hibernate-util.c b/src/shared/hibernate-util.c +index 49ce787d02..25d742ed1f 100644 +--- a/src/shared/hibernate-util.c ++++ b/src/shared/hibernate-util.c +@@ -359,8 +359,6 @@ int find_suitable_hibernation_device_full(HibernationDevice *ret_device, uint64_ + r = read_swap_entries(&entries); + if (r < 0) + return r; +- if (entries.n_swaps == 0) +- return log_debug_errno(SYNTHETIC_ERRNO(ENOSPC), "No swap space available for hibernation."); + + FOREACH_ARRAY(swap, entries.swaps, entries.n_swaps) { + r = swap_entry_get_resume_config(swap); +@@ -396,9 +394,10 @@ int find_suitable_hibernation_device_full(HibernationDevice *ret_device, uint64_ + } + + if (!entry) { +- /* No need to check n_swaps == 0, since it's rejected early */ +- assert(resume_config_devno > 0); +- return log_debug_errno(SYNTHETIC_ERRNO(ESTALE), "Cannot find swap entry corresponding to /sys/power/resume."); ++ if (resume_config_devno > 0) ++ return log_debug_errno(SYNTHETIC_ERRNO(ESTALE), "Cannot find swap entry corresponding to /sys/power/resume."); ++ ++ return log_debug_errno(SYNTHETIC_ERRNO(ENOSPC), "No swap space available for hibernation."); + } + + if (ret_device) { diff --git a/0094-locale-setup-do-not-load-locale-from-environemnt-whe.patch b/0094-locale-setup-do-not-load-locale-from-environemnt-whe.patch new file mode 100644 index 0000000..b8bea18 --- /dev/null +++ b/0094-locale-setup-do-not-load-locale-from-environemnt-whe.patch @@ -0,0 +1,30 @@ +From d00cc09bf0c23c9bb376e1280773f7996ab7820e Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sat, 28 Dec 2024 15:07:31 +0900 +Subject: [PATCH] locale-setup: do not load locale from environemnt when + /etc/locale.conf is unchanged + +Previously, when /etc/locale.conf is unchanged, locales were loaded from +possibly outdated environment variable. + +Fixes a bug introduced by 018befcff6b51f8a50ca232e1984d34526037241 (v253). +Fixes #35717. + +(cherry picked from commit 80797bbb919b3ccde4e51b349f3ca70c1157053e) +--- + src/shared/locale-setup.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/locale-setup.c b/src/shared/locale-setup.c +index 4e7f486a23..5c4580cfff 100644 +--- a/src/shared/locale-setup.c ++++ b/src/shared/locale-setup.c +@@ -75,7 +75,7 @@ static int locale_context_load_conf(LocaleContext *c, LocaleLoadFlag flag) { + + /* If the file is not changed, then we do not need to re-read the file. */ + if (stat_inode_unmodified(&c->st, &st)) +- return 0; ++ return 1; /* (already) loaded */ + + c->st = st; + locale_context_clear(c); diff --git a/0095-machine-GC-machine-when-no-leader-PID-is-set.patch b/0095-machine-GC-machine-when-no-leader-PID-is-set.patch new file mode 100644 index 0000000..f66620b --- /dev/null +++ b/0095-machine-GC-machine-when-no-leader-PID-is-set.patch @@ -0,0 +1,36 @@ +From 962bdd1d02df80a6e846a6426709624009c7d9d8 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sat, 28 Dec 2024 11:38:24 +0900 +Subject: [PATCH] machine: GC machine when no leader PID is set + +After d8854ff1aca4434db0d7d6dcaf9fcf2f38105fb4, if a serialized +leader PID of a machine is already dead when deserialized, then the +leader PID and PIDFD are unset for the machine, and subsequent +machine_start() -> machine_watch_pidfd() will trigger an assertion. +This makes a Machine object without leader PID GCed. + +Fixes a bug introduced by the combination of +d8854ff1aca4434db0d7d6dcaf9fcf2f38105fb4 (v255) and +1762c2c045d3a78d3cad54c6b1e5ee9624b32b00 (v257). + +Fixes #35602. + +(cherry picked from commit 51a0a3b0494d01c1622f6d0c3e2c31e01c18612f) +--- + src/machine/machine.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/machine/machine.c b/src/machine/machine.c +index 587c2267b6..26ce1556a5 100644 +--- a/src/machine/machine.c ++++ b/src/machine/machine.c +@@ -610,6 +610,9 @@ bool machine_may_gc(Machine *m, bool drop_not_started) { + if (m->class == MACHINE_HOST) + return false; + ++ if (!pidref_is_set(&m->leader)) ++ return true; ++ + if (drop_not_started && !m->started) + return true; + diff --git a/0096-creds-fix-use-after-free-in-varlink-interface.patch b/0096-creds-fix-use-after-free-in-varlink-interface.patch new file mode 100644 index 0000000..36ddf0a --- /dev/null +++ b/0096-creds-fix-use-after-free-in-varlink-interface.patch @@ -0,0 +1,131 @@ +From b342fb52b09f9e6b2e027460831f9bc139c8b27e Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Fri, 27 Dec 2024 15:06:39 +0000 +Subject: [PATCH] creds: fix use-after-free in varlink interface + +All other usages of sd_varlink_call* do not free the json return parameter, +and it is owned by the varlink object instead. Do the same here. + +TEST-54-CREDS.sh[1074]: ==1074==ERROR: AddressSanitizer: heap-use-after-free on address 0x50c00000095a at pc 0x55cf8cd18a0f bp 0x7ffd7b9d4f10 sp 0x7ffd7b9d4f08 +TEST-54-CREDS.sh[1074]: READ of size 2 at 0x50c00000095a thread T0 ((sd-mkdcreds)) +TEST-54-CREDS.sh[1074]: #0 0x55cf8cd18a0e in sd_json_variant_unref /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:887:16 +TEST-54-CREDS.sh[1074]: #1 0x55cf8cd4cecb in varlink_clear_current /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:593:22 +TEST-54-CREDS.sh[1074]: #2 0x55cf8cd4975e in varlink_clear /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:614:9 +TEST-54-CREDS.sh[1074]: #3 0x55cf8cd3dc3c in varlink_destroy /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:651:9 +TEST-54-CREDS.sh[1074]: #4 0x55cf8cd3dc3c in sd_varlink_unref /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:657:1 +TEST-54-CREDS.sh[1074]: #5 0x55cf8cb47a82 in sd_varlink_unrefp /usr/src/debug/systemd/src/systemd/sd-varlink.h:279:1 +TEST-54-CREDS.sh[1074]: #6 0x55cf8cb47a82 in ipc_decrypt_credential /usr/src/debug/systemd/src/shared/creds-util.c:1660:1 +TEST-54-CREDS.sh[1074]: #7 0x55cf8caca99a in maybe_decrypt_and_write_credential /usr/src/debug/systemd/src/core/exec-credential.c:486:29 +TEST-54-CREDS.sh[1074]: #8 0x55cf8cac790b in load_credential /usr/src/debug/systemd/src/core/exec-credential.c:713:16 +TEST-54-CREDS.sh[1074]: #9 0x55cf8cac5403 in acquire_credentials /usr/src/debug/systemd/src/core/exec-credential.c:819:29 +TEST-54-CREDS.sh[1074]: #10 0x55cf8cac5403 in setup_credentials_internal /usr/src/debug/systemd/src/core/exec-credential.c:1023:13 +TEST-54-CREDS.sh[1074]: #11 0x55cf8cac42d4 in exec_setup_credentials /usr/src/debug/systemd/src/core/exec-credential.c:1168:21 +TEST-54-CREDS.sh[1074]: #12 0x55cf8ca59569 in exec_invoke /usr/src/debug/systemd/src/core/exec-invoke.c:4866:13 +TEST-54-CREDS.sh[1074]: #13 0x55cf8ca428d8 in run /usr/src/debug/systemd/src/core/executor.c:244:13 +TEST-54-CREDS.sh[1074]: #14 0x55cf8ca428d8 in main /usr/src/debug/systemd/src/core/executor.c:275:13 +TEST-54-CREDS.sh[1074]: #15 0x7f64b40110c7 in __libc_start_call_main (/lib64/libc.so.6+0x40c7) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05) +TEST-54-CREDS.sh[1074]: #16 0x7f64b401118a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x418a) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05) +TEST-54-CREDS.sh[1074]: #17 0x55cf8ca41cb4 (/usr/lib/systemd/systemd-executor+0x124cb4) (BuildId: 24f2b1608c3aaee3226cdd14fa2b6e6741156222) +TEST-54-CREDS.sh[1074]: 0x50c00000095a is located 26 bytes inside of 120-byte region [0x50c000000940,0x50c0000009b8) +TEST-54-CREDS.sh[1074]: freed by thread T0 ((sd-mkdcreds)) here: +TEST-54-CREDS.sh[1074]: #0 0x7f64b48d57ea in free (/usr/lib/clang/19/lib/x86_64-redhat-linux-gnu/libclang_rt.asan.so+0xd57ea) (BuildId: c59bbd28ceb74038a60373d4a8cd4c258bcf0b4e) +TEST-54-CREDS.sh[1074]: #1 0x55cf8cd188ab in sd_json_variant_unref /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:895:25 +TEST-54-CREDS.sh[1074]: #2 0x55cf8cb47a4c in sd_json_variant_unrefp /usr/src/debug/systemd/src/systemd/sd-json.h:98:1 +TEST-54-CREDS.sh[1074]: #3 0x55cf8cb47a4c in ipc_decrypt_credential /usr/src/debug/systemd/src/shared/creds-util.c:1660:1 +TEST-54-CREDS.sh[1074]: #4 0x55cf8caca99a in maybe_decrypt_and_write_credential /usr/src/debug/systemd/src/core/exec-credential.c:486:29 +TEST-54-CREDS.sh[1074]: #5 0x55cf8cac790b in load_credential /usr/src/debug/systemd/src/core/exec-credential.c:713:16 +TEST-54-CREDS.sh[1074]: #6 0x55cf8cac5403 in acquire_credentials /usr/src/debug/systemd/src/core/exec-credential.c:819:29 +TEST-54-CREDS.sh[1074]: #7 0x55cf8cac5403 in setup_credentials_internal /usr/src/debug/systemd/src/core/exec-credential.c:1023:13 +TEST-54-CREDS.sh[1074]: #8 0x55cf8cac42d4 in exec_setup_credentials /usr/src/debug/systemd/src/core/exec-credential.c:1168:21 +TEST-54-CREDS.sh[1074]: #9 0x55cf8ca59569 in exec_invoke /usr/src/debug/systemd/src/core/exec-invoke.c:4866:13 +TEST-54-CREDS.sh[1074]: #10 0x55cf8ca428d8 in run /usr/src/debug/systemd/src/core/executor.c:244:13 +TEST-54-CREDS.sh[1074]: #11 0x55cf8ca428d8 in main /usr/src/debug/systemd/src/core/executor.c:275:13 +TEST-54-CREDS.sh[1074]: #12 0x7f64b40110c7 in __libc_start_call_main (/lib64/libc.so.6+0x40c7) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05) +TEST-54-CREDS.sh[1074]: #13 0x7f64b401118a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x418a) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05) +TEST-54-CREDS.sh[1074]: #14 0x55cf8ca41cb4 (/usr/lib/systemd/systemd-executor+0x124cb4) (BuildId: 24f2b1608c3aaee3226cdd14fa2b6e6741156222) +TEST-54-CREDS.sh[1074]: previously allocated by thread T0 ((sd-mkdcreds)) here: +TEST-54-CREDS.sh[1074]: #0 0x7f64b48d5a83 in malloc (/usr/lib/clang/19/lib/x86_64-redhat-linux-gnu/libclang_rt.asan.so+0xd5a83) (BuildId: c59bbd28ceb74038a60373d4a8cd4c258bcf0b4e) +TEST-54-CREDS.sh[1074]: #1 0x55cf8cd16bb7 in malloc_multiply /usr/src/debug/systemd/src/basic/alloc-util.h:119:16 +TEST-54-CREDS.sh[1074]: #2 0x55cf8cd16bb7 in sd_json_variant_new_object /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:737:13 +TEST-54-CREDS.sh[1074]: #3 0x55cf8cd32e58 in json_parse_internal /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:3161:29 +TEST-54-CREDS.sh[1074]: #4 0x55cf8cd37326 in sd_json_parse_with_source /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:3408:16 +TEST-54-CREDS.sh[1074]: #5 0x55cf8cd37326 in sd_json_parse /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:3437:16 +TEST-54-CREDS.sh[1074]: #6 0x55cf8cd3f753 in varlink_parse_message /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:962:13 +TEST-54-CREDS.sh[1074]: #7 0x55cf8cd3f753 in sd_varlink_process /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:1466:13 +TEST-54-CREDS.sh[1074]: #8 0x55cf8cd4c0a9 in sd_varlink_call_full /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:2160:21 +TEST-54-CREDS.sh[1074]: #9 0x55cf8cd4d617 in sd_varlink_callb_ap /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:2237:16 +TEST-54-CREDS.sh[1074]: #10 0x55cf8cd4da3c in sd_varlink_callb /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:2251:13 +TEST-54-CREDS.sh[1074]: #11 0x55cf8cb47686 in ipc_decrypt_credential /usr/src/debug/systemd/src/shared/creds-util.c:1623:13 +TEST-54-CREDS.sh[1074]: #12 0x55cf8caca99a in maybe_decrypt_and_write_credential /usr/src/debug/systemd/src/core/exec-credential.c:486:29 +TEST-54-CREDS.sh[1074]: #13 0x55cf8cac790b in load_credential /usr/src/debug/systemd/src/core/exec-credential.c:713:16 +TEST-54-CREDS.sh[1074]: #14 0x55cf8cac5403 in acquire_credentials /usr/src/debug/systemd/src/core/exec-credential.c:819:29 +TEST-54-CREDS.sh[1074]: #15 0x55cf8cac5403 in setup_credentials_internal /usr/src/debug/systemd/src/core/exec-credential.c:1023:13 +TEST-54-CREDS.sh[1074]: #16 0x55cf8cac42d4 in exec_setup_credentials /usr/src/debug/systemd/src/core/exec-credential.c:1168:21 +TEST-54-CREDS.sh[1074]: #17 0x55cf8ca59569 in exec_invoke /usr/src/debug/systemd/src/core/exec-invoke.c:4866:13 +TEST-54-CREDS.sh[1074]: #18 0x55cf8ca428d8 in run /usr/src/debug/systemd/src/core/executor.c:244:13 +TEST-54-CREDS.sh[1074]: #19 0x55cf8ca428d8 in main /usr/src/debug/systemd/src/core/executor.c:275:13 +TEST-54-CREDS.sh[1074]: #20 0x7f64b40110c7 in __libc_start_call_main (/lib64/libc.so.6+0x40c7) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05) +TEST-54-CREDS.sh[1074]: #21 0x7f64b401118a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x418a) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05) +TEST-54-CREDS.sh[1074]: #22 0x55cf8ca41cb4 (/usr/lib/systemd/systemd-executor+0x124cb4) (BuildId: 24f2b1608c3aaee3226cdd14fa2b6e6741156222) +TEST-54-CREDS.sh[1074]: SUMMARY: AddressSanitizer: heap-use-after-free /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:887:16 in sd_json_variant_unref +TEST-54-CREDS.sh[1074]: Shadow bytes around the buggy address: +TEST-54-CREDS.sh[1074]: 0x50c000000680: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa +TEST-54-CREDS.sh[1074]: 0x50c000000700: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd +TEST-54-CREDS.sh[1074]: 0x50c000000780: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 +TEST-54-CREDS.sh[1074]: 0x50c000000800: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa +TEST-54-CREDS.sh[1074]: 0x50c000000880: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa +TEST-54-CREDS.sh[1074]: =>0x50c000000900: fa fa fa fa fa fa fa fa fd fd fd[fd]fd fd fd fd +TEST-54-CREDS.sh[1074]: 0x50c000000980: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa +TEST-54-CREDS.sh[1074]: 0x50c000000a00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa +TEST-54-CREDS.sh[1074]: 0x50c000000a80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa +TEST-54-CREDS.sh[1074]: 0x50c000000b00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa +TEST-54-CREDS.sh[1074]: 0x50c000000b80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa +TEST-54-CREDS.sh[1074]: Shadow byte legend (one shadow byte represents 8 application bytes): +TEST-54-CREDS.sh[1074]: Addressable: 00 +TEST-54-CREDS.sh[1074]: Partially addressable: 01 02 03 04 05 06 07 +TEST-54-CREDS.sh[1074]: Heap left redzone: fa +TEST-54-CREDS.sh[1074]: Freed heap region: fd +TEST-54-CREDS.sh[1074]: Stack left redzone: f1 +TEST-54-CREDS.sh[1074]: Stack mid redzone: f2 +TEST-54-CREDS.sh[1074]: Stack right redzone: f3 +TEST-54-CREDS.sh[1074]: Stack after return: f5 +TEST-54-CREDS.sh[1074]: Stack use after scope: f8 +TEST-54-CREDS.sh[1074]: Global redzone: f9 +TEST-54-CREDS.sh[1074]: Global init order: f6 +TEST-54-CREDS.sh[1074]: Poisoned by user: f7 +TEST-54-CREDS.sh[1074]: Container overflow: fc +TEST-54-CREDS.sh[1074]: Array cookie: ac +TEST-54-CREDS.sh[1074]: Intra object redzone: bb +TEST-54-CREDS.sh[1074]: ASan internal: fe +TEST-54-CREDS.sh[1074]: Left alloca redzone: ca +TEST-54-CREDS.sh[1074]: Right alloca redzone: cb + +Follow-up for 2c3cbc5c018e05b3a3e5ec6c6a2da6f3c6c3fb09 + +(cherry picked from commit 842a674d4f7fb69af28e67f447c1250383e50f41) +--- + src/shared/creds-util.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c +index 6ee18838cc..5156c63fd3 100644 +--- a/src/shared/creds-util.c ++++ b/src/shared/creds-util.c +@@ -1560,7 +1560,7 @@ int ipc_encrypt_credential(const char *name, usec_t timestamp, usec_t not_after, + + sd_json_variant_sensitive(jinput); + +- _cleanup_(sd_json_variant_unrefp) sd_json_variant *reply = NULL; ++ sd_json_variant *reply = NULL; + const char *error_id = NULL; + r = sd_varlink_callbo( + vl, +@@ -1618,7 +1618,7 @@ int ipc_decrypt_credential(const char *validate_name, usec_t validate_timestamp, + + sd_json_variant_sensitive(jinput); + +- _cleanup_(sd_json_variant_unrefp) sd_json_variant *reply = NULL; ++ sd_json_variant *reply = NULL; + const char *error_id = NULL; + r = sd_varlink_callbo( + vl, diff --git a/0097-core-unit-serialize-fix-serialization-of-markers.patch b/0097-core-unit-serialize-fix-serialization-of-markers.patch new file mode 100644 index 0000000..eee1713 --- /dev/null +++ b/0097-core-unit-serialize-fix-serialization-of-markers.patch @@ -0,0 +1,30 @@ +From 6f30e56bf3e5272e83cff11d153ae70c3ffb7624 Mon Sep 17 00:00:00 2001 +From: Mike Yuan +Date: Thu, 26 Dec 2024 21:15:44 +0100 +Subject: [PATCH] core/unit-serialize: fix serialization of markers + +Follow-up for ff68472a20c208121b69ea13586f3105a219bc14 + +(cherry picked from commit 5ce8d7d83902e920a34488c4193d9bc4b5bb70ae) +--- + src/core/unit-serialize.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c +index f196242eaf..82102c0c32 100644 +--- a/src/core/unit-serialize.c ++++ b/src/core/unit-serialize.c +@@ -21,10 +21,12 @@ static int serialize_markers(FILE *f, unsigned markers) { + if (markers == 0) + return 0; + ++ bool space = false; ++ + fputs("markers=", f); + for (UnitMarker m = 0; m < _UNIT_MARKER_MAX; m++) + if (FLAGS_SET(markers, 1u << m)) +- fputs(unit_marker_to_string(m), f); ++ fputs_with_separator(f, unit_marker_to_string(m), /* separator = */ NULL, &space); + fputc('\n', f); + return 0; + } diff --git a/0098-test-answer-2nd-mdadm-create-question-for-compat-wit.patch b/0098-test-answer-2nd-mdadm-create-question-for-compat-wit.patch new file mode 100644 index 0000000..8e88473 --- /dev/null +++ b/0098-test-answer-2nd-mdadm-create-question-for-compat-wit.patch @@ -0,0 +1,84 @@ +From b2320ced3873981f1215eddb597cfa4aad5bd1b6 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Sun, 22 Dec 2024 13:31:36 +0000 +Subject: [PATCH] test: answer 2nd mdadm --create question for compat with new + version + +New version of mdadm now asks a second question, so send 'y' twice +to it in the test scripts + +[ 5.253483] TEST-64-UDEV-STORAGE.sh[684]: + echo y +[ 5.254412] TEST-64-UDEV-STORAGE.sh[685]: + mdadm --create /dev/md/mdmirror --name mdmirror --uuid aaaaaaaa:bbbbbbbb:cccccccc:00000001 /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm0 /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm1 -v -f --level=1 --raid-devices=2 +[ 5.254759] TEST-64-UDEV-STORAGE.sh[685]: To optimalize recovery speed, it is recommended to enable write-indent bitmap, do you want to enable it now? [y/N]? mdadm: Note: this array has metadata at the start and +[ 5.255085] TEST-64-UDEV-STORAGE.sh[685]: may not be suitable as a boot device. If you plan to +[ 5.255418] TEST-64-UDEV-STORAGE.sh[685]: store '/boot' on this device please ensure that +[ 5.255745] TEST-64-UDEV-STORAGE.sh[685]: your boot-loader understands md/v1.x metadata, or use +[ 5.256285] TEST-64-UDEV-STORAGE.sh[685]: --metadata=0.90 +[ 5.256672] TEST-64-UDEV-STORAGE.sh[685]: mdadm: size set to 64512K +[ 5.257063] TEST-64-UDEV-STORAGE.sh[685]: Continue creating array [y/N]? mdadm: create aborted. + +This is backward compatible with the older version that asks just one +question + +(cherry picked from commit 16406420ea449b75e70a7dced05d7b98bc0f5376) +--- + test/units/TEST-64-UDEV-STORAGE.sh | 8 ++++---- + test/units/TEST-74-AUX-UTILS.bootctl.sh | 4 ++-- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/test/units/TEST-64-UDEV-STORAGE.sh b/test/units/TEST-64-UDEV-STORAGE.sh +index 24c1adaeda..01c3dd68ea 100755 +--- a/test/units/TEST-64-UDEV-STORAGE.sh ++++ b/test/units/TEST-64-UDEV-STORAGE.sh +@@ -1080,7 +1080,7 @@ testcase_mdadm_basic() { + "/dev/disk/by-label/$part_name" # ext4 partition + ) + # Create a simple RAID 1 with an ext4 filesystem +- echo y | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm{0..1} -v -f --level=1 --raid-devices=2 ++ printf 'y\ny\n' | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm{0..1} -v -f --level=1 --raid-devices=2 + udevadm wait --settle --timeout=30 "$raid_dev" + # udevd does not lock md devices, hence we need to trigger uevent after creating filesystem. + mkfs.ext4 -L "$part_name" "$raid_dev" +@@ -1111,7 +1111,7 @@ testcase_mdadm_basic() { + "/dev/disk/by-label/$part_name" # ext4 partition + ) + # Create a simple RAID 5 with an ext4 filesystem +- echo y | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm{0..2} -v -f --level=5 --raid-devices=3 ++ printf 'y\ny\n' | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm{0..2} -v -f --level=5 --raid-devices=3 + udevadm wait --settle --timeout=30 "$raid_dev" + mkfs.ext4 -L "$part_name" "$raid_dev" + udevadm trigger --settle "$raid_dev" +@@ -1152,7 +1152,7 @@ testcase_mdadm_basic() { + "/dev/disk/by-id/md-uuid-$uuid-part3" + ) + # Create a simple RAID 10 with an ext4 filesystem +- echo y | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm{0..3} -v -f --level=10 --raid-devices=4 ++ printf 'y\ny\n' | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm{0..3} -v -f --level=10 --raid-devices=4 + udevadm wait --settle --timeout=30 "$raid_dev" + # Partition the raid device + # Here, 'udevadm lock' is meaningless, as udevd does not lock MD devices. +@@ -1208,7 +1208,7 @@ testcase_mdadm_lvm() { + "/dev/disk/by-label/$part_name" # ext4 partition + ) + # Create a RAID 10 with LVM + ext4 +- echo y | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadmlvm{0..3} -v -f --level=10 --raid-devices=4 ++ printf 'y\ny\n' | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadmlvm{0..3} -v -f --level=10 --raid-devices=4 + udevadm wait --settle --timeout=30 "$raid_dev" + # Create an LVM on the MD + lvm pvcreate -y "$raid_dev" +diff --git a/test/units/TEST-74-AUX-UTILS.bootctl.sh b/test/units/TEST-74-AUX-UTILS.bootctl.sh +index 46fd5d1f2d..650c289aca 100755 +--- a/test/units/TEST-74-AUX-UTILS.bootctl.sh ++++ b/test/units/TEST-74-AUX-UTILS.bootctl.sh +@@ -215,9 +215,9 @@ EOF + + udevadm settle + +- echo y | mdadm --create /dev/md/raid-esp --name "raid-esp" "${LOOPDEV1}p1" "${LOOPDEV2}p1" -v -f --level=1 --raid-devices=2 ++ printf 'y\ny\n' | mdadm --create /dev/md/raid-esp --name "raid-esp" "${LOOPDEV1}p1" "${LOOPDEV2}p1" -v -f --level=1 --raid-devices=2 + mkfs.vfat /dev/md/raid-esp +- echo y | mdadm --create /dev/md/raid-root --name "raid-root" "${LOOPDEV1}p2" "${LOOPDEV2}p2" -v -f --level=1 --raid-devices=2 ++ printf 'y\ny\n' | mdadm --create /dev/md/raid-root --name "raid-root" "${LOOPDEV1}p2" "${LOOPDEV2}p2" -v -f --level=1 --raid-devices=2 + mkfs.ext4 /dev/md/raid-root + mkfs.btrfs -f -M -d raid1 -m raid1 -L "raid-boot" "${LOOPDEV1}p3" "${LOOPDEV2}p3" + diff --git a/0099-hwdb-comment-out-the-entry-for-Logitech-MX-Keys-for-.patch b/0099-hwdb-comment-out-the-entry-for-Logitech-MX-Keys-for-.patch new file mode 100644 index 0000000..7be23d6 --- /dev/null +++ b/0099-hwdb-comment-out-the-entry-for-Logitech-MX-Keys-for-.patch @@ -0,0 +1,38 @@ +From 685de97882c3e44569b0fd2268c3cc065d9c158e Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sat, 21 Dec 2024 03:13:18 +0900 +Subject: [PATCH] hwdb: comment out the entry for Logitech MX Keys for Mac + +This effectively reverts the commit f70e5620b6ac319beac1d5ce26331bdc48d25daa, +as the entry seems to match multiple models. + +Fixes #35691. + +(cherry picked from commit 52a2b049476b374dea2efa22d39c5a1944125c47) +--- + hwdb.d/60-keyboard.hwdb | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/hwdb.d/60-keyboard.hwdb b/hwdb.d/60-keyboard.hwdb +index 6cc059123a..71221fdbfb 100644 +--- a/hwdb.d/60-keyboard.hwdb ++++ b/hwdb.d/60-keyboard.hwdb +@@ -1438,10 +1438,15 @@ evdev:input:b0003v046DpC309* + KEYBOARD_KEY_c01b6=images # My Pictures (F11) + KEYBOARD_KEY_c01b7=audio # My Music (F12) + ++# The wireless receiver b0003v046Dp4092* seems to be used by multiple models. ++# See issue #35691. Hence, the entry below cannot be enabled by default. If ++# you're using the model below, consider copying the entry to a custom hwdb ++# file to enable the setting. ++# + # Logitech MX Keys for Mac +-evdev:input:b0003v046Dp4092* +- KEYBOARD_KEY_70035=102nd # '<' key +- KEYBOARD_KEY_70064=grave # '^' key ++#evdev:input:b0003v046Dp4092* ++# KEYBOARD_KEY_70035=102nd # '<' key ++# KEYBOARD_KEY_70064=grave # '^' key + + ########################################################### + # Maxdata diff --git a/0100-mkosi-Install-which-in-build-image.patch b/0100-mkosi-Install-which-in-build-image.patch new file mode 100644 index 0000000..09070d1 --- /dev/null +++ b/0100-mkosi-Install-which-in-build-image.patch @@ -0,0 +1,22 @@ +From b23751d0d0abc53f62108e0b6e035955eed30af9 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Tue, 7 Jan 2025 12:23:09 +0100 +Subject: [PATCH] mkosi: Install which in build image + +Required by gdb-add-index to find gdb and not declared as a dependency +of the package. + +(cherry picked from commit 414fe9629cebf1ca2dc4c38d82ad8872a5483e89) +--- + mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf +index 727e9bccd7..b81649feba 100644 +--- a/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf ++++ b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf +@@ -20,3 +20,4 @@ Packages= + libasan + libubsan + rpm-build ++ which diff --git a/0101-packit-Simplify-configuration.patch b/0101-packit-Simplify-configuration.patch new file mode 100644 index 0000000..f503c4a --- /dev/null +++ b/0101-packit-Simplify-configuration.patch @@ -0,0 +1,62 @@ +From 177b7aae44151ee1ce2ac87883318d8edd81bbe4 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Mon, 6 Jan 2025 13:44:03 +0100 +Subject: [PATCH] packit: Simplify configuration + +(cherry picked from commit 86a6d7cc5a4798e614c50ed02c751e71f74637f9) +--- + .packit.yml | 29 ++++++----------------------- + 1 file changed, 6 insertions(+), 23 deletions(-) + +diff --git a/.packit.yml b/.packit.yml +index eef6e48fcf..697defd3e7 100644 +--- a/.packit.yml ++++ b/.packit.yml +@@ -1,6 +1,5 @@ + --- +-# vi:ts=2 sw=2 et: +-# ++# SPDX-License-Identifier: LGPL-2.1-or-later + # Docs: https://packit.dev/docs/ + + specfile_path: .packit_rpm/systemd.spec +@@ -8,8 +7,6 @@ files_to_sync: + - .packit.yml + - src: .packit_rpm/systemd.spec + dest: systemd.spec +-upstream_package_name: systemd +-downstream_package_name: systemd + # `git describe` returns in systemd's case 'v245-xxx' which breaks RPM version + # detection (that expects 245-xxxx'). Let's tweak the version string accordingly + upstream_tag_template: "v{version}" +@@ -25,25 +22,11 @@ actions: + + post-upstream-clone: + # Use the Fedora Rawhide specfile +- - "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1" +- # Drop the "sources" file so rebase-helper doesn't think we're a dist-git +- - "rm -fv .packit_rpm/sources" +- # Drop backported patches from the specfile, but keep the downstream-only ones +- # - Patch(0000-0499): backported patches from upstream +- # - Patch0500-9999: downstream-only patches +- - "sed -ri '/^Patch(0[0-4]?[0-9]{0,2})?\\:.+\\.patch/d' .packit_rpm/systemd.spec" +- # Build the RPM with --werror. Even though --werror doesn't work in all +- # cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the +- # RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]). +- # +- # [0] https://github.com/mesonbuild/meson/issues/7360 +- # [1] https://github.com/systemd/systemd/pull/18908#issuecomment-792250110 +- - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec' +- # Ignore unpackaged standalone binaries +- - "sed -i 's/assert False,.*/pass/' .packit_rpm/split-files.py" +- # Temporarily add libarchive-devel build dep and libarchive runtime dep +- # until the change propagates to Rawhide's specfile +- - "sed -ri '0,/^BuildRequires: .+$/s//&\\nBuildRequires: libarchive-devel\\nRequires: libarchive/' .packit_rpm/systemd.spec" ++ - git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1 ++ - bash -c 'echo "%bcond upstream 1" > .packit_rpm/systemd.spec.new' ++ - bash -c 'echo "%define meson_extra_configure_options --werror" >> .packit_rpm/systemd.spec.new' ++ - bash -c 'cat .packit_rpm/systemd.spec >> .packit_rpm/systemd.spec.new' ++ - mv .packit_rpm/systemd.spec.new .packit_rpm/systemd.spec + + jobs: + - job: copr_build diff --git a/0102-fmf-Check-out-target-branch-in-packit.patch b/0102-fmf-Check-out-target-branch-in-packit.patch new file mode 100644 index 0000000..1afffe9 --- /dev/null +++ b/0102-fmf-Check-out-target-branch-in-packit.patch @@ -0,0 +1,23 @@ +From cc599a20eff836cc92ad5c94953d55d408d3a6d7 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Tue, 7 Jan 2025 14:39:53 +0100 +Subject: [PATCH] fmf: Check out target branch in packit + +(cherry picked from commit 3c9ffd2e4b81e6bbc8cb28634432b6c9dccd661e) +--- + test/fmf/integration-tests/test.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh +index 690e07aa56..4984fb119b 100755 +--- a/test/fmf/integration-tests/test.sh ++++ b/test/fmf/integration-tests/test.sh +@@ -30,7 +30,7 @@ if [[ -n "${TMT_SOURCE_DIR:-}" ]]; then + pushd "$TMT_SOURCE_DIR/*/" + elif [[ -n "${PACKIT_TARGET_URL:-}" ]]; then + # Prepare systemd source tree +- git clone "$PACKIT_TARGET_URL" systemd ++ git clone "$PACKIT_TARGET_URL" systemd --branch "$PACKIT_TARGET_BRANCH" + pushd systemd + + # If we're running in a pull request job, merge the remote branch into the current main diff --git a/0103-stdio-bridge-fix-polled-fds.patch b/0103-stdio-bridge-fix-polled-fds.patch new file mode 100644 index 0000000..598c348 --- /dev/null +++ b/0103-stdio-bridge-fix-polled-fds.patch @@ -0,0 +1,33 @@ +From a398d18e797d5b4dec6d265e753f8b688ffcd570 Mon Sep 17 00:00:00 2001 +From: Jacob McNamee +Date: Tue, 7 Jan 2025 03:29:31 -0800 +Subject: [PATCH] stdio-bridge: fix polled fds + +Poll fds associated with the bus instead of hardcoding stdin/stdout. + +This is consequential under socket activation, when the provided fd +should be used instead of stdin/stdout. + +(cherry picked from commit 9d1c28b2d8422df700e7d94339ac6052a6755c6c) +(cherry picked from commit 59f5a4323468befbdca2bae7907219eaf8852f9a) +--- + src/stdio-bridge/stdio-bridge.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/stdio-bridge/stdio-bridge.c b/src/stdio-bridge/stdio-bridge.c +index 22570511cb..f48b7e574e 100644 +--- a/src/stdio-bridge/stdio-bridge.c ++++ b/src/stdio-bridge/stdio-bridge.c +@@ -236,9 +236,9 @@ static int run(int argc, char *argv[]) { + t = usec_sub_unsigned(MIN(timeout_a, timeout_b), now(CLOCK_MONOTONIC)); + + struct pollfd p[3] = { +- { .fd = fd, .events = events_a }, +- { .fd = STDIN_FILENO, .events = events_b & POLLIN }, +- { .fd = STDOUT_FILENO, .events = events_b & POLLOUT }, ++ { .fd = fd, .events = events_a }, ++ { .fd = in_fd, .events = events_b & POLLIN }, ++ { .fd = out_fd, .events = events_b & POLLOUT }, + }; + + r = ppoll_usec(p, ELEMENTSOF(p), t); diff --git a/0104-Revert-mkosi-Fix-opensuse-build.patch b/0104-Revert-mkosi-Fix-opensuse-build.patch new file mode 100644 index 0000000..12b6b85 --- /dev/null +++ b/0104-Revert-mkosi-Fix-opensuse-build.patch @@ -0,0 +1,28 @@ +From 253ee3c07f31c6938dacdca3e1bbfc3dbc17e403 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Tue, 7 Jan 2025 16:25:03 +0100 +Subject: [PATCH] Revert "mkosi: Fix opensuse build" + +The commit that changes the name from README.testsuite to README.md +was never backported (and shouldn't as it would break opensuse's spec) +so revert the corresponding change in the mkosi opensuse build script. + +This reverts commit 4162c331dd4fc6657d1f51c90a7a0223e9f4a30d. +--- + mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot +index 72115c2c5b..d672c31647 100755 +--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot ++++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot +@@ -60,9 +60,6 @@ fi + # TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream). + sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec" + +-# TODO: Drop when the opensuse spec uses README.md instead of README.testsuite. +-sed --in-place 's/README.testsuite/README.md/' "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec" +- + build() { + IFS= + # shellcheck disable=SC2046 diff --git a/0105-CI-add-OBS-workflow-integration-to-build-packages-on.patch b/0105-CI-add-OBS-workflow-integration-to-build-packages-on.patch new file mode 100644 index 0000000..33babaf --- /dev/null +++ b/0105-CI-add-OBS-workflow-integration-to-build-packages-on.patch @@ -0,0 +1,33 @@ +From 986e51805b0b8af92742e9d67719f3353616e89b Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Mon, 6 Jan 2025 10:45:21 +0000 +Subject: [PATCH] CI: add OBS workflow integration to build packages on push to + main + +When main is updated, packages for Arch/Debian/Ubuntu/SUSE will be built and published +on OBS: + +https://download.opensuse.org/repositories/home:/bluca:/systemd/ +https://build.opensuse.org/project/show/home:bluca:systemd +(cherry picked from commit 0b5f9269398d1422bb7ff3f928a4ffe67332ff63) +--- + .obs/workflows.yml | 10 ++++++++++ + 1 file changed, 10 insertions(+) + create mode 100644 .obs/workflows.yml + +diff --git a/.obs/workflows.yml b/.obs/workflows.yml +new file mode 100644 +index 0000000000..5e417f9398 +--- /dev/null ++++ b/.obs/workflows.yml +@@ -0,0 +1,10 @@ ++rebuild: ++ steps: ++ - trigger_services: ++ project: home:bluca:systemd ++ package: systemd ++ filters: ++ event: push ++ branches: ++ only: ++ - main diff --git a/0106-obs-also-trigger-Fedora-package-builds.patch b/0106-obs-also-trigger-Fedora-package-builds.patch new file mode 100644 index 0000000..26e54ac --- /dev/null +++ b/0106-obs-also-trigger-Fedora-package-builds.patch @@ -0,0 +1,29 @@ +From e3d0ccaa5a3d4eb637966ee581dc522cd51307e8 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Tue, 7 Jan 2025 00:40:02 +0000 +Subject: [PATCH] obs: also trigger Fedora package builds + +The package is logistically separated, as the rpm sources conflict from Fedora +conflict with the rpm sources from SUSE (some files have the same name and +location but different, incompatible content), so Fedora builds can't be +triggered from the same package. The result is the same. + +(cherry picked from commit 5c4cb68390a4a3b60d2ca733e283c44fcc205df7) +--- + .obs/workflows.yml | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/.obs/workflows.yml b/.obs/workflows.yml +index 5e417f9398..92e0336b99 100644 +--- a/.obs/workflows.yml ++++ b/.obs/workflows.yml +@@ -3,6 +3,9 @@ rebuild: + - trigger_services: + project: home:bluca:systemd + package: systemd ++ - trigger_services: ++ project: home:bluca:systemd ++ package: systemd-fedora + filters: + event: push + branches: diff --git a/0107-systemctl-also-ignore-ENOENT-in-checking-inhibitors.patch b/0107-systemctl-also-ignore-ENOENT-in-checking-inhibitors.patch new file mode 100644 index 0000000..fa5e660 --- /dev/null +++ b/0107-systemctl-also-ignore-ENOENT-in-checking-inhibitors.patch @@ -0,0 +1,31 @@ +From ec38b373c6c05021858873d99c5e42701933e409 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sat, 28 Dec 2024 13:36:32 +0900 +Subject: [PATCH] systemctl: also ignore ENOENT in checking inhibitors + +Fixes a bug caused by 804874d26ac73e0af07c4c5d7165c95372f03f6d. +Follow-up for a1417e5563acb73a0accdc12b3af91e4ec1c7f46. +Fixes #35757. + +(cherry picked from commit 084f361b509cbffe7ffd5ab6085469f76f799fe5) +--- + src/systemctl/systemctl-logind.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/systemctl/systemctl-logind.c b/src/systemctl/systemctl-logind.c +index 1258852a01..d7b373ce0b 100644 +--- a/src/systemctl/systemctl-logind.c ++++ b/src/systemctl/systemctl-logind.c +@@ -152,9 +152,9 @@ int logind_check_inhibitors(enum action a) { + return 0; + + r = acquire_bus(BUS_FULL, &bus); +- if (r == -ECONNREFUSED && geteuid() == 0) +- return 0; /* When D-Bus is not running, allow root to force a shutdown. E.g. when running at +- * the emergency console. */ ++ if (ERRNO_IS_NEG_DISCONNECT(r) && geteuid() == 0) ++ return 0; /* When D-Bus is not running (ECONNREFUSED) or D-Bus socket is not created (ENOENT), ++ * allow root to force a shutdown. E.g. when running at the emergency console. */ + if (r < 0) + return r; + diff --git a/0108-systemctl-certainly-ignore-ENOENT-in-checking-inhibi.patch b/0108-systemctl-certainly-ignore-ENOENT-in-checking-inhibi.patch new file mode 100644 index 0000000..2e9c84e --- /dev/null +++ b/0108-systemctl-certainly-ignore-ENOENT-in-checking-inhibi.patch @@ -0,0 +1,33 @@ +From a65b5131829c7c80e657b4929a85746436c81b2b Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 2 Jan 2025 21:15:02 +0900 +Subject: [PATCH] systemctl: certainly ignore ENOENT in checking inhibitors + +Fixes a bug caused by 804874d26ac73e0af07c4c5d7165c95372f03f6d. + +Follow-up for 084f361b509cbffe7ffd5ab6085469f76f799fe5 and +a1417e5563acb73a0accdc12b3af91e4ec1c7f46. + +Note, ERRNO_IS_NEG_DISCONNECT() includes ENONET rather than ENOENT... +So, ENOENT needs to be handled explicitly. + +Fixes #35757 and #35806. + +(cherry picked from commit 66f379b63ddac8c72b9130df86a82b68ec42c119) +--- + src/systemctl/systemctl-logind.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/systemctl/systemctl-logind.c b/src/systemctl/systemctl-logind.c +index d7b373ce0b..792529eaa0 100644 +--- a/src/systemctl/systemctl-logind.c ++++ b/src/systemctl/systemctl-logind.c +@@ -152,7 +152,7 @@ int logind_check_inhibitors(enum action a) { + return 0; + + r = acquire_bus(BUS_FULL, &bus); +- if (ERRNO_IS_NEG_DISCONNECT(r) && geteuid() == 0) ++ if ((ERRNO_IS_NEG_DISCONNECT(r) || r == -ENOENT) && geteuid() == 0) + return 0; /* When D-Bus is not running (ECONNREFUSED) or D-Bus socket is not created (ENOENT), + * allow root to force a shutdown. E.g. when running at the emergency console. */ + if (r < 0) diff --git a/0109-journalctl-make-invocation-and-list-invocations-acce.patch b/0109-journalctl-make-invocation-and-list-invocations-acce.patch new file mode 100644 index 0000000..a674291 --- /dev/null +++ b/0109-journalctl-make-invocation-and-list-invocations-acce.patch @@ -0,0 +1,113 @@ +From fe5b433e75df158a041553b6877080a1520ef1da Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 11 Dec 2024 09:05:34 +0900 +Subject: [PATCH] journalctl: make --invocation and --list-invocations accept + unit name without suffix + +Fixes #35538. + +(cherry picked from commit e8823b5e352711c68ab3282697a6ab1cfb06d25a) +--- + src/journal/journalctl-util.c | 21 +++++++++++++++++---- + test/units/TEST-04-JOURNAL.invocation.sh | 9 ++++++++- + 2 files changed, 25 insertions(+), 5 deletions(-) + +diff --git a/src/journal/journalctl-util.c b/src/journal/journalctl-util.c +index 1996bddf60..62d6ed7f32 100644 +--- a/src/journal/journalctl-util.c ++++ b/src/journal/journalctl-util.c +@@ -10,6 +10,7 @@ + #include "rlimit-util.h" + #include "strv.h" + #include "terminal-util.h" ++#include "unit-name.h" + + char* format_timestamp_maybe_utc(char *buf, size_t l, usec_t t) { + assert(buf); +@@ -117,6 +118,7 @@ int journal_acquire_boot(sd_journal *j) { + + int acquire_unit(const char *option_name, const char **ret_unit, LogIdType *ret_type) { + size_t n; ++ int r; + + assert(option_name); + assert(ret_unit); +@@ -132,15 +134,26 @@ int acquire_unit(const char *option_name, const char **ret_unit, LogIdType *ret_ + "Using %s with multiple units is not supported.", + option_name); + ++ LogIdType type; ++ char **units; + if (!strv_isempty(arg_system_units)) { +- *ret_type = LOG_SYSTEM_UNIT_INVOCATION_ID; +- *ret_unit = arg_system_units[0]; ++ type = LOG_SYSTEM_UNIT_INVOCATION_ID; ++ units = arg_system_units; + } else { + assert(!strv_isempty(arg_user_units)); +- *ret_type = LOG_USER_UNIT_INVOCATION_ID; +- *ret_unit = arg_user_units[0]; ++ type = LOG_USER_UNIT_INVOCATION_ID; ++ units = arg_user_units; + } + ++ _cleanup_free_ char *u = NULL; ++ r = unit_name_mangle(units[0], arg_quiet ? 0 : UNIT_NAME_MANGLE_WARN, &u); ++ if (r < 0) ++ return log_error_errno(r, "Failed to mangle unit name '%s': %m", units[0]); ++ ++ free_and_replace(units[0], u); ++ ++ *ret_type = type; ++ *ret_unit = units[0]; + return 0; + } + +diff --git a/test/units/TEST-04-JOURNAL.invocation.sh b/test/units/TEST-04-JOURNAL.invocation.sh +index e7a6f547b4..3ac931e263 100755 +--- a/test/units/TEST-04-JOURNAL.invocation.sh ++++ b/test/units/TEST-04-JOURNAL.invocation.sh +@@ -7,7 +7,8 @@ set -o pipefail + # shellcheck source=test/units/util.sh + . "$(dirname "$0")"/util.sh + +-SERVICE_NAME=invocation-id-test-"$RANDOM".service ++SERVICE_NAME_SHORT=invocation-id-test-"$RANDOM" ++SERVICE_NAME="$SERVICE_NAME_SHORT".service + + TMP_DIR=$(mktemp -d) + +@@ -26,6 +27,7 @@ done + # systemd[1]: invocation-id-test-26448.service: Deactivated successfully. + journalctl --sync + ++journalctl --list-invocation -u "$SERVICE_NAME_SHORT" | tee "$TMP_DIR"/short + journalctl --list-invocation -u "$SERVICE_NAME" | tee "$TMP_DIR"/10 + journalctl --list-invocation -u "$SERVICE_NAME" --reverse | tee "$TMP_DIR"/10-r + journalctl --list-invocation -u "$SERVICE_NAME" -n +10 | tee "$TMP_DIR"/p10 +@@ -44,6 +46,7 @@ journalctl --list-invocation -u "$SERVICE_NAME" -n +5 --reverse | tee "$TMP_DIR" + [[ $(cat "$TMP_DIR"/p5 | wc -l) == 6 ]] + [[ $(cat "$TMP_DIR"/p5-r | wc -l) == 6 ]] + ++diff "$TMP_DIR"/10 "$TMP_DIR"/short + diff <(tail -n 10 "$TMP_DIR"/10 | tac) <(tail -n 10 "$TMP_DIR"/10-r) + diff <(tail -n 5 "$TMP_DIR"/10) <(tail -n 5 "$TMP_DIR"/5) + diff <(tail -n 5 "$TMP_DIR"/10 | tac) <(tail -n 5 "$TMP_DIR"/5-r) +@@ -54,6 +57,8 @@ diff <(tail -n 10 "$TMP_DIR"/p10 | head -n 5 | tac) <(tail -n 5 "$TMP_DIR"/p5-r) + tail -n 10 "$TMP_DIR"/10 | + while read -r idx invocation _; do + i="$(( idx + 10 ))" ++ assert_in "invocation ${i} ${invocation}" "$(journalctl --no-hostname -n 1 -t bash --invocation="${i}" -u "$SERVICE_NAME_SHORT")" ++ assert_in "invocation ${i} ${invocation}" "$(journalctl --no-hostname -n 1 -t bash --invocation="${idx}" -u "$SERVICE_NAME_SHORT")" + assert_in "invocation ${i} ${invocation}" "$(journalctl --no-hostname -n 1 -t bash --invocation="${i}" -u "$SERVICE_NAME")" + assert_in "invocation ${i} ${invocation}" "$(journalctl --no-hostname -n 1 -t bash --invocation="${idx}" -u "$SERVICE_NAME")" + assert_in "invocation ${i} ${invocation}" "$(journalctl --no-hostname -n 1 -t bash --invocation="${invocation}")" +@@ -62,6 +67,8 @@ tail -n 10 "$TMP_DIR"/10 | + tail -n 10 "$TMP_DIR"/p10 | + while read -r i invocation _; do + idx="$(( i - 10 ))" ++ assert_in "invocation ${i} ${invocation}" "$(journalctl --no-hostname -n 1 -t bash --invocation="${i}" -u "$SERVICE_NAME_SHORT")" ++ assert_in "invocation ${i} ${invocation}" "$(journalctl --no-hostname -n 1 -t bash --invocation="${idx}" -u "$SERVICE_NAME_SHORT")" + assert_in "invocation ${i} ${invocation}" "$(journalctl --no-hostname -n 1 -t bash --invocation="${i}" -u "$SERVICE_NAME")" + assert_in "invocation ${i} ${invocation}" "$(journalctl --no-hostname -n 1 -t bash --invocation="${idx}" -u "$SERVICE_NAME")" + assert_in "invocation ${i} ${invocation}" "$(journalctl --no-hostname -n 1 -t bash --invocation="${invocation}")" diff --git a/0110-meson-bump-version-to-257.2.patch b/0110-meson-bump-version-to-257.2.patch new file mode 100644 index 0000000..dfa502e --- /dev/null +++ b/0110-meson-bump-version-to-257.2.patch @@ -0,0 +1,16 @@ +From 7fa3b5018bfffa176c77a2a5794dce792eebadcb Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Tue, 7 Jan 2025 20:45:53 +0000 +Subject: [PATCH] meson: bump version to 257.2 + +--- + meson.version | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/meson.version b/meson.version +index 97fb426c59..f813cadc5d 100644 +--- a/meson.version ++++ b/meson.version +@@ -1 +1 @@ +-257.1 ++257.2 diff --git a/0001-ci-update-workflows-to-run-on-source-git-setup.patch b/0111-ci-update-workflows-to-run-on-source-git-setup.patch similarity index 97% rename from 0001-ci-update-workflows-to-run-on-source-git-setup.patch rename to 0111-ci-update-workflows-to-run-on-source-git-setup.patch index 9df098c..22567aa 100644 --- a/0001-ci-update-workflows-to-run-on-source-git-setup.patch +++ b/0111-ci-update-workflows-to-run-on-source-git-setup.patch @@ -1,4 +1,4 @@ -From 3553500ea1d9dddeeb05e5fa3bed02a3c64b882f Mon Sep 17 00:00:00 2001 +From 5f07273cdf4b31f252ec05bf2eccd8c52f90bca0 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Thu, 16 May 2024 14:24:38 +0200 Subject: [PATCH] ci: update workflows to run on source-git setup diff --git a/0002-ci-setup-source-git-automation.patch b/0112-ci-setup-source-git-automation.patch similarity index 99% rename from 0002-ci-setup-source-git-automation.patch rename to 0112-ci-setup-source-git-automation.patch index ac65cfe..4e31720 100644 --- a/0002-ci-setup-source-git-automation.patch +++ b/0112-ci-setup-source-git-automation.patch @@ -1,4 +1,4 @@ -From 952dfb240674f2afc334460d11e38ccccfb69d60 Mon Sep 17 00:00:00 2001 +From 3d94dd75b923d0bf1b0665baa292de6b4555aae9 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Thu, 16 May 2024 14:36:04 +0200 Subject: [PATCH] ci: setup source-git automation diff --git a/0113-ci-reconfigure-Packit-for-RHEL-10.patch b/0113-ci-reconfigure-Packit-for-RHEL-10.patch new file mode 100644 index 0000000..f937923 --- /dev/null +++ b/0113-ci-reconfigure-Packit-for-RHEL-10.patch @@ -0,0 +1,67 @@ +From d38b8b1f9484a2d9fdecd5f50b3b60425cb1943c Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Fri, 17 May 2024 13:55:40 +0200 +Subject: [PATCH] ci: reconfigure Packit for RHEL 10 + +rhel-only: ci + +Related: RHEL-36636 +--- + .packit.yml | 36 ++++++++++++++++++++++++------------ + 1 file changed, 24 insertions(+), 12 deletions(-) + +diff --git a/.packit.yml b/.packit.yml +index 697defd3e7..88d74d29af 100644 +--- a/.packit.yml ++++ b/.packit.yml +@@ -21,26 +21,38 @@ actions: + - "bash -ec 'git describe --tags --abbrev=0 | cut -b 2-'" + + post-upstream-clone: +- # Use the Fedora Rawhide specfile +- - git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1 +- - bash -c 'echo "%bcond upstream 1" > .packit_rpm/systemd.spec.new' +- - bash -c 'echo "%define meson_extra_configure_options --werror" >> .packit_rpm/systemd.spec.new' +- - bash -c 'cat .packit_rpm/systemd.spec >> .packit_rpm/systemd.spec.new' +- - mv .packit_rpm/systemd.spec.new .packit_rpm/systemd.spec ++ # Use the CentOS Stream 10 specfile ++ - "git clone -b c10s https://gitlab.com/redhat/centos-stream/rpms/systemd.git .packit_rpm --depth=1" ++ # Drop the "sources" file so rebase-helper doesn't think we're a dist-git ++ - "rm -fv .packit_rpm/sources" ++ # Drop all patches, since they're already included in the tarball ++ - "sed -ri '/^Patch[0-9]+:/d' .packit_rpm/systemd.spec" ++ # Build the RPM with --werror. Even though --werror doesn't work in all ++ # cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the ++ # RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]). ++ # ++ # [0] https://github.com/mesonbuild/meson/issues/7360 ++ # [1] https://github.com/systemd/systemd/pull/18908#issuecomment-792250110 ++ - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec' ++ # Ignore unpackaged standalone binaries ++ - "sed -i 's/assert False,.*/pass/' .packit_rpm/split-files.py" ++ # Temporarily add libarchive-devel build dep and libarchive runtime dep ++ # until the change propagates to Rawhide's specfile ++ - "sed -ri '0,/^BuildRequires: .+$/s//&\\nBuildRequires: libarchive-devel\\nRequires: libarchive/' .packit_rpm/systemd.spec" + ++# Available targets can be listed via `copr-cli list-chroots` + jobs: + - job: copr_build + trigger: pull_request + targets: +- - fedora-rawhide-aarch64 +- - fedora-rawhide-i386 +- - fedora-rawhide-ppc64le +- - fedora-rawhide-s390x +- - fedora-rawhide-x86_64 ++ - centos-stream-10-aarch64 ++ - centos-stream-10-ppc64le ++ - centos-stream-10-s390x ++ - centos-stream-10-x86_64 + + - job: tests + trigger: pull_request + fmf_path: test/fmf + tmt_plan: ci + targets: +- - fedora-rawhide-x86_64 ++ - centos-stream-10-x86_64 diff --git a/0004-journal-again-create-user-journals-for-users-with-hi.patch b/0114-journal-again-create-user-journals-for-users-with-hi.patch similarity index 97% rename from 0004-journal-again-create-user-journals-for-users-with-hi.patch rename to 0114-journal-again-create-user-journals-for-users-with-hi.patch index f1a3949..4bf27bd 100644 --- a/0004-journal-again-create-user-journals-for-users-with-hi.patch +++ b/0114-journal-again-create-user-journals-for-users-with-hi.patch @@ -1,4 +1,4 @@ -From f37a654f54717a0f85abb14f82a980685169161a Mon Sep 17 00:00:00 2001 +From 6a3b583ca4b498e6d136a126ed69fc037538d0be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 9 Jan 2024 11:28:04 +0100 Subject: [PATCH] journal: again create user journals for users with high uids diff --git a/0005-tmpfiles-make-purge-hard-to-mis-use.patch b/0115-tmpfiles-make-purge-hard-to-mis-use.patch similarity index 97% rename from 0005-tmpfiles-make-purge-hard-to-mis-use.patch rename to 0115-tmpfiles-make-purge-hard-to-mis-use.patch index f33fb5f..a9cee6b 100644 --- a/0005-tmpfiles-make-purge-hard-to-mis-use.patch +++ b/0115-tmpfiles-make-purge-hard-to-mis-use.patch @@ -1,4 +1,4 @@ -From dad955382c2e795e5f5d79ed89957d4af63880ca Mon Sep 17 00:00:00 2001 +From 15fbdad66bb68f17fc7b25a0ceaaf8fb62913a72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 18 Jun 2024 20:32:10 +0200 Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use diff --git a/0006-fedora-use-system-auth-in-pam-systemd-user.patch b/0116-fedora-use-system-auth-in-pam-systemd-user.patch similarity index 93% rename from 0006-fedora-use-system-auth-in-pam-systemd-user.patch rename to 0116-fedora-use-system-auth-in-pam-systemd-user.patch index f57c1da..b158e43 100644 --- a/0006-fedora-use-system-auth-in-pam-systemd-user.patch +++ b/0116-fedora-use-system-auth-in-pam-systemd-user.patch @@ -1,4 +1,4 @@ -From e3b9e1165b0cfc9267fb9c1f42a85b6e8cd39f71 Mon Sep 17 00:00:00 2001 +From f9d710d4e1b0039a4d1a12acbd4836153f9f819d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 14 Dec 2022 22:24:53 +0100 Subject: [PATCH] fedora: use system-auth in pam systemd-user diff --git a/0007-net-naming-scheme-start-rhel10-naming-and-include-rh.patch b/0117-net-naming-scheme-start-rhel10-naming-and-include-rh.patch similarity index 99% rename from 0007-net-naming-scheme-start-rhel10-naming-and-include-rh.patch rename to 0117-net-naming-scheme-start-rhel10-naming-and-include-rh.patch index ba472dc..7457f26 100644 --- a/0007-net-naming-scheme-start-rhel10-naming-and-include-rh.patch +++ b/0117-net-naming-scheme-start-rhel10-naming-and-include-rh.patch @@ -1,4 +1,4 @@ -From 2ffae8b36845e354c038c1619b78c205cd20cf09 Mon Sep 17 00:00:00 2001 +From f25ba3a80bd4893154a0d9d761bf2425ed73e5e6 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Tue, 25 Jun 2024 14:00:45 +0200 Subject: [PATCH] net-naming-scheme: start rhel10 naming and include rhel8 and diff --git a/0008-rules-copy-40-redhat.rules-from-RHEL-9.patch b/0118-rules-copy-40-redhat.rules-from-RHEL-9.patch similarity index 98% rename from 0008-rules-copy-40-redhat.rules-from-RHEL-9.patch rename to 0118-rules-copy-40-redhat.rules-from-RHEL-9.patch index 1e87c48..b5067dd 100644 --- a/0008-rules-copy-40-redhat.rules-from-RHEL-9.patch +++ b/0118-rules-copy-40-redhat.rules-from-RHEL-9.patch @@ -1,4 +1,4 @@ -From 6d267290d76302f9770b2f400a7ed992b6dcb42c Mon Sep 17 00:00:00 2001 +From 681ceb94f6b351c8479ee068383f6aaa2248f63d Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Wed, 12 Jun 2024 14:23:30 +0200 Subject: [PATCH] rules: copy 40-redhat.rules from RHEL 9 diff --git a/0009-logind-set-RemoveIPC-to-false-by-default.patch b/0119-logind-set-RemoveIPC-to-false-by-default.patch similarity index 96% rename from 0009-logind-set-RemoveIPC-to-false-by-default.patch rename to 0119-logind-set-RemoveIPC-to-false-by-default.patch index ae363f5..5e71a6b 100644 --- a/0009-logind-set-RemoveIPC-to-false-by-default.patch +++ b/0119-logind-set-RemoveIPC-to-false-by-default.patch @@ -1,4 +1,4 @@ -From 138db841fbefdbb2fb293be06afe245b32cd95b1 Mon Sep 17 00:00:00 2001 +From ba26df987134fd5c38ba61f74aa02fa810dba0b1 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 1 Aug 2018 10:58:28 +0200 Subject: [PATCH] logind: set RemoveIPC to false by default diff --git a/0010-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch b/0120-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch similarity index 95% rename from 0010-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch rename to 0120-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch index 24f297c..d9e5998 100644 --- a/0010-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch +++ b/0120-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch @@ -1,4 +1,4 @@ -From 2a735b1d1260278103a9c4fce2417b5e93a10b5f Mon Sep 17 00:00:00 2001 +From b3cb1c3f1f020475656bf50f18c4de8260f56777 Mon Sep 17 00:00:00 2001 From: Michal Sekletar Date: Thu, 5 Aug 2021 17:11:47 +0200 Subject: [PATCH] tmpfiles: don't create resolv.conf -> stub-resolv.conf diff --git a/0011-rc-local-order-after-network-online.target.patch b/0121-rc-local-order-after-network-online.target.patch similarity index 92% rename from 0011-rc-local-order-after-network-online.target.patch rename to 0121-rc-local-order-after-network-online.target.patch index 9a5e7ba..55d9aef 100644 --- a/0011-rc-local-order-after-network-online.target.patch +++ b/0121-rc-local-order-after-network-online.target.patch @@ -1,4 +1,4 @@ -From d477232d7330b512ef41ad75e9997c0aac900276 Mon Sep 17 00:00:00 2001 +From 5af11076817e70fe25dc3c467a5706a9cf865b05 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Thu, 11 Mar 2021 15:48:23 +0100 Subject: [PATCH] rc-local: order after network-online.target diff --git a/0012-random-util-increase-random-seed-size-to-1024.patch b/0122-random-util-increase-random-seed-size-to-1024.patch similarity index 91% rename from 0012-random-util-increase-random-seed-size-to-1024.patch rename to 0122-random-util-increase-random-seed-size-to-1024.patch index 0f8dde3..cc53118 100644 --- a/0012-random-util-increase-random-seed-size-to-1024.patch +++ b/0122-random-util-increase-random-seed-size-to-1024.patch @@ -1,4 +1,4 @@ -From e7b0c09ce9340d8d996fb1801ba66b6513f38be5 Mon Sep 17 00:00:00 2001 +From 3a8330c2c2ede435f4f2dad03b939969f63565c0 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Thu, 15 Jul 2021 11:15:17 +0200 Subject: [PATCH] random-util: increase random seed size to 1024 diff --git a/0013-journal-don-t-enable-systemd-journald-audit.socket-b.patch b/0123-journal-don-t-enable-systemd-journald-audit.socket-b.patch similarity index 92% rename from 0013-journal-don-t-enable-systemd-journald-audit.socket-b.patch rename to 0123-journal-don-t-enable-systemd-journald-audit.socket-b.patch index f97f6c5..c901ce1 100644 --- a/0013-journal-don-t-enable-systemd-journald-audit.socket-b.patch +++ b/0123-journal-don-t-enable-systemd-journald-audit.socket-b.patch @@ -1,4 +1,4 @@ -From 407a281c19897303a3f0f730151fd6a59bdf0846 Mon Sep 17 00:00:00 2001 +From 7286e81cbc1ba8283b81c8c1e604b24347ae6b3a Mon Sep 17 00:00:00 2001 From: Jan Synacek Date: Thu, 2 May 2019 14:11:54 +0200 Subject: [PATCH] journal: don't enable systemd-journald-audit.socket by diff --git a/0014-journald.conf-don-t-touch-current-audit-settings.patch b/0124-journald.conf-don-t-touch-current-audit-settings.patch similarity index 89% rename from 0014-journald.conf-don-t-touch-current-audit-settings.patch rename to 0124-journald.conf-don-t-touch-current-audit-settings.patch index 7c97e81..b7376f2 100644 --- a/0014-journald.conf-don-t-touch-current-audit-settings.patch +++ b/0124-journald.conf-don-t-touch-current-audit-settings.patch @@ -1,4 +1,4 @@ -From d556abba450e23e900eedece11305c48b77a248f Mon Sep 17 00:00:00 2001 +From 216a27427829c5a74798b0dd79f321b3b8b06d93 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Thu, 5 Aug 2021 15:26:13 +0200 Subject: [PATCH] journald.conf: don't touch current audit settings diff --git a/0015-rules-add-elevator-kernel-command-line-parameter.patch b/0125-rules-add-elevator-kernel-command-line-parameter.patch similarity index 96% rename from 0015-rules-add-elevator-kernel-command-line-parameter.patch rename to 0125-rules-add-elevator-kernel-command-line-parameter.patch index 3e5de1e..e829ca6 100644 --- a/0015-rules-add-elevator-kernel-command-line-parameter.patch +++ b/0125-rules-add-elevator-kernel-command-line-parameter.patch @@ -1,4 +1,4 @@ -From 634847fd61e037e9e119b018ed50bd1997c24886 Mon Sep 17 00:00:00 2001 +From 37d6f0680f53cdb27878fd5a816fc7047335998c Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Tue, 12 Feb 2019 16:58:16 +0100 Subject: [PATCH] rules: add elevator= kernel command line parameter diff --git a/0016-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch b/0126-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch similarity index 97% rename from 0016-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch rename to 0126-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch index a2a48fe..dec25ee 100644 --- a/0016-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch +++ b/0126-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch @@ -1,4 +1,4 @@ -From bfb8c22224948b56f3d8310572987dcd54bd59c6 Mon Sep 17 00:00:00 2001 +From c9679716cd09f98be12784c7aecaf1ab2e92f0e9 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 1 Aug 2018 13:19:39 +0200 Subject: [PATCH] pid1: bump DefaultTasksMax to 80% of the kernel pid.max value diff --git a/0017-udev-net-setup-link-change-the-default-MACAddressPol.patch b/0127-udev-net-setup-link-change-the-default-MACAddressPol.patch similarity index 96% rename from 0017-udev-net-setup-link-change-the-default-MACAddressPol.patch rename to 0127-udev-net-setup-link-change-the-default-MACAddressPol.patch index a20e089..725f9c4 100644 --- a/0017-udev-net-setup-link-change-the-default-MACAddressPol.patch +++ b/0127-udev-net-setup-link-change-the-default-MACAddressPol.patch @@ -1,4 +1,4 @@ -From ec6d57d8ff39de440393955a8de88883a014a4b6 Mon Sep 17 00:00:00 2001 +From b9870ba2ba624c3519b98d7c8f04fc5e06eb8d45 Mon Sep 17 00:00:00 2001 From: Michal Sekletar Date: Tue, 21 Sep 2021 15:01:19 +0200 Subject: [PATCH] udev/net-setup-link: change the default MACAddressPolicy to diff --git a/0018-core-decrease-log-level-of-messages-about-use-of-Kil.patch b/0128-core-decrease-log-level-of-messages-about-use-of-Kil.patch similarity index 96% rename from 0018-core-decrease-log-level-of-messages-about-use-of-Kil.patch rename to 0128-core-decrease-log-level-of-messages-about-use-of-Kil.patch index 95b73bf..00daca9 100644 --- a/0018-core-decrease-log-level-of-messages-about-use-of-Kil.patch +++ b/0128-core-decrease-log-level-of-messages-about-use-of-Kil.patch @@ -1,4 +1,4 @@ -From ed6ec13adeea59d7534f694c03e08f403b2fe411 Mon Sep 17 00:00:00 2001 +From 614ad5860a7c76748ff7ccbbceae31b81c728c4a Mon Sep 17 00:00:00 2001 From: Michal Sekletar Date: Tue, 22 Feb 2022 13:24:11 +0100 Subject: [PATCH] core: decrease log level of messages about use of diff --git a/0019-taint-remove-unmerged-bin.patch b/0129-taint-remove-unmerged-bin.patch similarity index 98% rename from 0019-taint-remove-unmerged-bin.patch rename to 0129-taint-remove-unmerged-bin.patch index c6fe207..48f9222 100644 --- a/0019-taint-remove-unmerged-bin.patch +++ b/0129-taint-remove-unmerged-bin.patch @@ -1,4 +1,4 @@ -From 574ba06befc0a56ada6ee9b125f105573ee5f06a Mon Sep 17 00:00:00 2001 +From 26a2ea7c26c82d1afc0c601ac9319eb6b0735d57 Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Mon, 8 Jul 2024 14:44:45 +0200 Subject: [PATCH] taint: remove unmerged-bin diff --git a/0020-presets-remove-resolved.patch b/0130-presets-remove-resolved.patch similarity index 93% rename from 0020-presets-remove-resolved.patch rename to 0130-presets-remove-resolved.patch index b63a8de..24ab120 100644 --- a/0020-presets-remove-resolved.patch +++ b/0130-presets-remove-resolved.patch @@ -1,4 +1,4 @@ -From 1a3648b92c97ab60104a4a0023fd96711c7a256b Mon Sep 17 00:00:00 2001 +From e369893cf89ea214641894a0ef36399e4aba771d Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Mon, 8 Jul 2024 13:13:10 +0200 Subject: [PATCH] presets: remove resolved diff --git a/0021-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch b/0131-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch similarity index 89% rename from 0021-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch rename to 0131-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch index 4755d68..8ad19e0 100644 --- a/0021-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch +++ b/0131-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch @@ -1,4 +1,4 @@ -From e24597f722f9a6af3809704d76df8087d8f79c5a Mon Sep 17 00:00:00 2001 +From ce7432871f2a0fef665ae95b563b92715d6a6066 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Tue, 16 Jul 2024 10:08:06 +0200 Subject: [PATCH] ci: run mkosi test only for Fedora and CentOS Stream @@ -11,7 +11,7 @@ Related: RHEL-40924 1 file changed, 2 insertions(+), 30 deletions(-) diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml -index e7575fb6bb..ee46b3544a 100644 +index a043022ce0..fa1c7cf118 100644 --- a/.github/workflows/mkosi.yml +++ b/.github/workflows/mkosi.yml @@ -8,7 +8,7 @@ on: @@ -42,35 +42,35 @@ index e7575fb6bb..ee46b3544a 100644 - llvm: 0 - cflags: "-O2 -D_FORTIFY_SOURCE=3" - relabel: no -- qemu: 1 +- vm: 1 - - distro: debian - release: testing - sanitizers: "" - llvm: 0 - cflags: "-Og" - relabel: no -- qemu: 0 +- vm: 0 - - distro: ubuntu - release: noble - sanitizers: "" - llvm: 0 - cflags: "-Og" - relabel: no -- qemu: 0 +- vm: 0 - distro: fedora release: "41" sanitizers: "" @@ -89,13 +68,6 @@ jobs: cflags: "-Og" relabel: yes - qemu: 0 + vm: 0 - - distro: opensuse - release: tumbleweed - sanitizers: "" - llvm: 0 - cflags: "-Og" - relabel: no -- qemu: 0 +- vm: 0 - distro: centos release: "9" sanitizers: "" diff --git a/0022-taint-remove-unused-variable-usr_sbin.patch b/0132-taint-remove-unused-variable-usr_sbin.patch similarity index 93% rename from 0022-taint-remove-unused-variable-usr_sbin.patch rename to 0132-taint-remove-unused-variable-usr_sbin.patch index aa61e00..b77b5f8 100644 --- a/0022-taint-remove-unused-variable-usr_sbin.patch +++ b/0132-taint-remove-unused-variable-usr_sbin.patch @@ -1,4 +1,4 @@ -From 5af7d3308ed778445a945688dcf339f940644d53 Mon Sep 17 00:00:00 2001 +From 6f7aba66f47ad4537d5c5ddefc1c35332fb00f56 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Tue, 16 Jul 2024 10:09:23 +0200 Subject: [PATCH] taint: remove unused variable `usr_sbin` diff --git a/0023-packit-drop-the-libarchive-workaround.patch b/0133-packit-drop-the-libarchive-workaround.patch similarity index 87% rename from 0023-packit-drop-the-libarchive-workaround.patch rename to 0133-packit-drop-the-libarchive-workaround.patch index ebb6c8d..058c3fa 100644 --- a/0023-packit-drop-the-libarchive-workaround.patch +++ b/0133-packit-drop-the-libarchive-workaround.patch @@ -1,4 +1,4 @@ -From 67fd26df5f6fbe2780b2ab308eb39088efc86844 Mon Sep 17 00:00:00 2001 +From 46360e32b6cb31acf26760778a0590bb06a4c2f0 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Wed, 17 Jul 2024 12:19:03 +0200 Subject: [PATCH] packit: drop the libarchive workaround @@ -13,10 +13,10 @@ Related: RHEL-40924 1 file changed, 3 deletions(-) diff --git a/.packit.yml b/.packit.yml -index 340c6992ec..03b3aae7d5 100644 +index 88d74d29af..d16e630817 100644 --- a/.packit.yml +++ b/.packit.yml -@@ -39,9 +39,6 @@ actions: +@@ -36,9 +36,6 @@ actions: - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec' # Ignore unpackaged standalone binaries - "sed -i 's/assert False,.*/pass/' .packit_rpm/split-files.py" diff --git a/0024-coredump-by-default-process-and-store-core-files-up-.patch b/0134-coredump-by-default-process-and-store-core-files-up-.patch similarity index 92% rename from 0024-coredump-by-default-process-and-store-core-files-up-.patch rename to 0134-coredump-by-default-process-and-store-core-files-up-.patch index 09687e0..72a46b5 100644 --- a/0024-coredump-by-default-process-and-store-core-files-up-.patch +++ b/0134-coredump-by-default-process-and-store-core-files-up-.patch @@ -1,4 +1,4 @@ -From 52243386bfc005ed52903c958e172fcb70a1236a Mon Sep 17 00:00:00 2001 +From 324b1d13153c2a0e6db4043a29b7233ad1bf782e Mon Sep 17 00:00:00 2001 From: Michal Sekletar Date: Fri, 5 Apr 2024 15:56:58 +0200 Subject: [PATCH] coredump: by default process and store core files up to 1GiB diff --git a/0025-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch b/0135-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch similarity index 92% rename from 0025-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch rename to 0135-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch index 42099e3..13f31fc 100644 --- a/0025-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch +++ b/0135-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch @@ -1,4 +1,4 @@ -From 12bef1e0622eeb1cb4b1ed2e3d63fb1d38b1527a Mon Sep 17 00:00:00 2001 +From cbb117130198501b8fd10c42b18b5afca8fda0f1 Mon Sep 17 00:00:00 2001 From: Jan Synacek Date: Tue, 15 May 2018 09:24:20 +0200 Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's will diff --git a/0026-unit-don-t-add-Requires-for-tmp.mount.patch b/0136-unit-don-t-add-Requires-for-tmp.mount.patch similarity index 96% rename from 0026-unit-don-t-add-Requires-for-tmp.mount.patch rename to 0136-unit-don-t-add-Requires-for-tmp.mount.patch index 2c6de81..181bfbe 100644 --- a/0026-unit-don-t-add-Requires-for-tmp.mount.patch +++ b/0136-unit-don-t-add-Requires-for-tmp.mount.patch @@ -1,4 +1,4 @@ -From 4d152dcd8bad5d8049390aa98f408b14b536db16 Mon Sep 17 00:00:00 2001 +From 092547697b7e256ef7c91b2687920a01f8a0a6a4 Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Mon, 5 Sep 2016 12:47:09 +0200 Subject: [PATCH] unit: don't add Requires for tmp.mount diff --git a/0027-units-add-Install-section-to-tmp.mount.patch b/0137-units-add-Install-section-to-tmp.mount.patch similarity index 90% rename from 0027-units-add-Install-section-to-tmp.mount.patch rename to 0137-units-add-Install-section-to-tmp.mount.patch index 3eb620c..652ef15 100644 --- a/0027-units-add-Install-section-to-tmp.mount.patch +++ b/0137-units-add-Install-section-to-tmp.mount.patch @@ -1,4 +1,4 @@ -From 4aff4ef75b58b4fcc8cc02529feb6bdc2c564c9c Mon Sep 17 00:00:00 2001 +From 62753331bf0a5cd57b4146794504dee40f61c389 Mon Sep 17 00:00:00 2001 From: Jan Synacek Date: Tue, 22 Jan 2019 10:28:42 +0100 Subject: [PATCH] units: add [Install] section to tmp.mount diff --git a/0028-units-don-t-enable-tmp.mount-statically-in-local-fs..patch b/0138-units-don-t-enable-tmp.mount-statically-in-local-fs..patch similarity index 92% rename from 0028-units-don-t-enable-tmp.mount-statically-in-local-fs..patch rename to 0138-units-don-t-enable-tmp.mount-statically-in-local-fs..patch index 332dc13..1d6551c 100644 --- a/0028-units-don-t-enable-tmp.mount-statically-in-local-fs..patch +++ b/0138-units-don-t-enable-tmp.mount-statically-in-local-fs..patch @@ -1,4 +1,4 @@ -From 940c4cd0fc9245ac3c5530a6b902c0ec77f28d48 Mon Sep 17 00:00:00 2001 +From de9836fa622be725de079b68966ae392283ab050 Mon Sep 17 00:00:00 2001 From: Michal Sekletar Date: Wed, 22 Sep 2021 14:38:00 +0200 Subject: [PATCH] units: don't enable tmp.mount statically in local-fs.target diff --git a/0029-netif-naming-scheme-add-rhel-9.5-scheme.patch b/0139-netif-naming-scheme-add-rhel-9.5-scheme.patch similarity index 97% rename from 0029-netif-naming-scheme-add-rhel-9.5-scheme.patch rename to 0139-netif-naming-scheme-add-rhel-9.5-scheme.patch index 2c435ac..f50fa24 100644 --- a/0029-netif-naming-scheme-add-rhel-9.5-scheme.patch +++ b/0139-netif-naming-scheme-add-rhel-9.5-scheme.patch @@ -1,4 +1,4 @@ -From 7b31af5f75649e847cf3d19e1e6e44758237ce28 Mon Sep 17 00:00:00 2001 +From 5aaa5d1ee78bacae69e12a056db178bdceec11e8 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Thu, 8 Aug 2024 13:12:58 +0200 Subject: [PATCH] netif-naming-scheme: add rhel-9.5 scheme diff --git a/0030-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch b/0140-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch similarity index 97% rename from 0030-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch rename to 0140-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch index 6e6b4f7..c70bd33 100644 --- a/0030-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch +++ b/0140-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch @@ -1,4 +1,4 @@ -From c20009926d4d143bd8fc605695092ae8403d1a20 Mon Sep 17 00:00:00 2001 +From d2afe66feccb3abe53f4a745784481a28838a8b8 Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Thu, 22 Aug 2024 13:42:11 +0200 Subject: [PATCH] netif-naming-scheme: rename rhel-10.0 to rhel-10.0.beta diff --git a/0031-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch b/0141-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch similarity index 94% rename from 0031-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch rename to 0141-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch index 4319754..cc01b65 100644 --- a/0031-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch +++ b/0141-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch @@ -1,4 +1,4 @@ -From d4db6a9e9e139432fd78574458de4ff72d697843 Mon Sep 17 00:00:00 2001 +From 8ae633adfe6370fa4a1d737167f339d5b8424cdd Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Thu, 22 Aug 2024 13:47:56 +0200 Subject: [PATCH] net-naming-scheme: disable NAMING_FIRMWARE_NODE_SUN diff --git a/0032-netif-naming-scheme-introduce-rhel-10.0-scheme.patch b/0142-netif-naming-scheme-introduce-rhel-10.0-scheme.patch similarity index 97% rename from 0032-netif-naming-scheme-introduce-rhel-10.0-scheme.patch rename to 0142-netif-naming-scheme-introduce-rhel-10.0-scheme.patch index 06d5a84..2556714 100644 --- a/0032-netif-naming-scheme-introduce-rhel-10.0-scheme.patch +++ b/0142-netif-naming-scheme-introduce-rhel-10.0-scheme.patch @@ -1,4 +1,4 @@ -From 5d21d8fba63d27a563137304324f5a52f527cbef Mon Sep 17 00:00:00 2001 +From fadb75463f626c2a623538d3048ba7b3cc8e1f3f Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Mon, 16 Dec 2024 15:08:50 +0100 Subject: [PATCH] netif-naming-scheme: introduce rhel-10.0 scheme diff --git a/0143-udev-net_id-introduce-naming-scheme-for-RHEL-9.6.patch b/0143-udev-net_id-introduce-naming-scheme-for-RHEL-9.6.patch new file mode 100644 index 0000000..4839287 --- /dev/null +++ b/0143-udev-net_id-introduce-naming-scheme-for-RHEL-9.6.patch @@ -0,0 +1,58 @@ +From 5021cbc27c56e62ec850e0d20c3942208fd9ec51 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Mon, 6 Jan 2025 09:09:11 +0100 +Subject: [PATCH] udev/net_id: introduce naming scheme for RHEL-9.6 + +rhel-only: policy + +Resolves: RHEL-44417 +--- + man/systemd.net-naming-scheme.xml | 9 +++++++++ + src/shared/netif-naming-scheme.c | 1 + + src/shared/netif-naming-scheme.h | 1 + + 3 files changed, 11 insertions(+) + +diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml +index e23d1c5758..0b0bbbb2f1 100644 +--- a/man/systemd.net-naming-scheme.xml ++++ b/man/systemd.net-naming-scheme.xml +@@ -632,6 +632,15 @@ + + + ++ ++ ++ rhel-9.6 ++ ++ Same as naming scheme rhel-9.5. ++ ++ ++ ++ + + + +diff --git a/src/shared/netif-naming-scheme.c b/src/shared/netif-naming-scheme.c +index 42b0470a11..5211eebc22 100644 +--- a/src/shared/netif-naming-scheme.c ++++ b/src/shared/netif-naming-scheme.c +@@ -42,6 +42,7 @@ static const NamingScheme naming_schemes[] = { + { "rhel-9.3", NAMING_RHEL_9_3 }, + { "rhel-9.4", NAMING_RHEL_9_4 }, + { "rhel-9.5", NAMING_RHEL_9_5 }, ++ { "rhel-9.6", NAMING_RHEL_9_6 }, + { "rhel-10.0-beta", NAMING_RHEL_10_0_BETA }, + { "rhel-10.0", NAMING_RHEL_10_0 }, + /* … add more schemes here, as the logic to name devices is updated … */ +diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h +index 780392a583..a82f2f04d3 100644 +--- a/src/shared/netif-naming-scheme.h ++++ b/src/shared/netif-naming-scheme.h +@@ -84,6 +84,7 @@ typedef enum NamingSchemeFlags { + NAMING_RHEL_9_3 = NAMING_RHEL_9_0 | NAMING_SR_IOV_R, + NAMING_RHEL_9_4 = NAMING_RHEL_9_3, + NAMING_RHEL_9_5 = NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT, ++ NAMING_RHEL_9_6 = NAMING_RHEL_9_5, + + NAMING_RHEL_10_0_BETA = NAMING_V255, + NAMING_RHEL_10_0 = NAMING_V257, diff --git a/sources b/sources index 106d2e4..10b97c7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.tar.gz) = c92a406d6dab4a514b189ce0104e697291c993bb87217c749db637b3e18638dd82cf93de343352ae429e44b84261fce7a4bf3f9e315564544dd62b857b71b85d +SHA512 (systemd-257.tar.gz) = b8cd23ed1a5dff1894f33a831413f9805b2b7bafe93046f163aa4c1c8b929365785d0c04a4c758823624a7536d2a47c8fafae659dd41d4440ddace3d88bb1ff7 diff --git a/systemd.spec b/systemd.spec index 2aeb074..e389beb 100644 --- a/systemd.spec +++ b/systemd.spec @@ -48,7 +48,7 @@ Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. Version: %{?version_override}%{!?version_override:257} -Release: 2%{?dist} +Release: 3%{?dist} %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -109,38 +109,149 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # applying upstream pull requests. # RHEL-specific -Patch0001: 0001-ci-update-workflows-to-run-on-source-git-setup.patch -Patch0002: 0002-ci-setup-source-git-automation.patch -Patch0003: 0003-ci-reconfigure-Packit-for-RHEL-10.patch -Patch0004: 0004-journal-again-create-user-journals-for-users-with-hi.patch -Patch0005: 0005-tmpfiles-make-purge-hard-to-mis-use.patch -Patch0006: 0006-fedora-use-system-auth-in-pam-systemd-user.patch -Patch0007: 0007-net-naming-scheme-start-rhel10-naming-and-include-rh.patch -Patch0008: 0008-rules-copy-40-redhat.rules-from-RHEL-9.patch -Patch0009: 0009-logind-set-RemoveIPC-to-false-by-default.patch -Patch0010: 0010-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch -Patch0011: 0011-rc-local-order-after-network-online.target.patch -Patch0012: 0012-random-util-increase-random-seed-size-to-1024.patch -Patch0013: 0013-journal-don-t-enable-systemd-journald-audit.socket-b.patch -Patch0014: 0014-journald.conf-don-t-touch-current-audit-settings.patch -Patch0015: 0015-rules-add-elevator-kernel-command-line-parameter.patch -Patch0016: 0016-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch -Patch0017: 0017-udev-net-setup-link-change-the-default-MACAddressPol.patch -Patch0018: 0018-core-decrease-log-level-of-messages-about-use-of-Kil.patch -Patch0019: 0019-taint-remove-unmerged-bin.patch -Patch0020: 0020-presets-remove-resolved.patch -Patch0021: 0021-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch -Patch0022: 0022-taint-remove-unused-variable-usr_sbin.patch -Patch0023: 0023-packit-drop-the-libarchive-workaround.patch -Patch0024: 0024-coredump-by-default-process-and-store-core-files-up-.patch -Patch0025: 0025-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch -Patch0026: 0026-unit-don-t-add-Requires-for-tmp.mount.patch -Patch0027: 0027-units-add-Install-section-to-tmp.mount.patch -Patch0028: 0028-units-don-t-enable-tmp.mount-statically-in-local-fs..patch -Patch0029: 0029-netif-naming-scheme-add-rhel-9.5-scheme.patch -Patch0030: 0030-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch -Patch0031: 0031-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch -Patch0032: 0032-netif-naming-scheme-introduce-rhel-10.0-scheme.patch +Patch0001: 0001-Create-CNAME.patch +Patch0002: 0002-sd-json-sd-varlink-drop-unexported-functions-from-pu.patch +Patch0003: 0003-test-modernize-generate-sym-test.py.patch +Patch0004: 0004-test-also-generate-list-of-symbols-from-header-files.patch +Patch0005: 0005-man-systemd-cryptenroll-sort-fido2-credential-algori.patch +Patch0006: 0006-analyze-tab-fix.patch +Patch0007: 0007-analyze-add-missing-mask-option-to-help-text.patch +Patch0008: 0008-test-set-nsec3-salt-length-8-in-knot.conf.patch +Patch0009: 0009-test-capability-CAP_LINUX_IMMUTABLE-is-not-available.patch +Patch0010: 0010-test-fd-util-skip-test-when-lacking-privileges-to-cr.patch +Patch0011: 0011-test-fd-util-compare-FDs-to-bin-sh-instead-of-dev-nu.patch +Patch0012: 0012-mkosi-use-inetutils-package-instead-of-hostname-for-.patch +Patch0013: 0013-man-document-unprivileged-is-not-for-reading-propert.patch +Patch0014: 0014-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch +Patch0015: 0015-Fixing-VLAN-ranges-in-man-systemd.network.patch +Patch0016: 0016-test-bpf-restrict-fs-Migrate-to-new-assertion-macros.patch +Patch0017: 0017-man-update-example-in-systemd-measure.xml-35506.patch +Patch0018: 0018-systemd-cryptenroll.xml-fix-typo.patch +Patch0019: 0019-semaphore-skip-some-tests.patch +Patch0020: 0020-shell-completion-add-systemd-creds.patch +Patch0021: 0021-core-fix-loading-verity-settings-for-MountImages.patch +Patch0022: 0022-test-add-more-coverage-for-extensions-and-verity.patch +Patch0023: 0023-README-drop-CentOS-CI-badges.patch +Patch0024: 0024-meson.version-change-to-257.1.patch +Patch0025: 0025-journalctl-honor-quiet-with-setup-keys.patch +Patch0026: 0026-dbus-log-disconnect-on-api-and-system-busses.patch +Patch0027: 0027-manager-add-list-of-subscribers-to-dump-info.patch +Patch0028: 0028-exec-util-allow-to-invoke-polkit-ask-password-agent-.patch +Patch0029: 0029-mkosi-Fix-opensuse-build.patch +Patch0030: 0030-units-use-PrivateTmp-disconnected-instead-of-yes-if-.patch +Patch0031: 0031-battery-check-parse-options-before-checking-for-kern.patch +Patch0032: 0032-test-loop-block-return-77-on-skip-in-more-places.patch +Patch0033: 0033-mkosi-update-debian-commit-reference.patch +Patch0034: 0034-shell-completion-add-smbios11-verb-to-systemd-analyz.patch +Patch0035: 0035-logind-let-system-wide-idle-begin-at-the-time-logind.patch +Patch0036: 0036-tmpfiles-reduce-quoting-in-warning-message.patch +Patch0037: 0037-semaphore-bump-timeout.patch +Patch0038: 0038-Revert-semaphore-skip-some-tests.patch +Patch0039: 0039-mkosi-fix-section-for-WithNetwork.patch +Patch0040: 0040-test-time-util-fix-truncation-of-usec-to-sec.patch +Patch0041: 0041-network-don-t-warn-with-no-NSID-assigned.patch +Patch0042: 0042-TEST-35-LOGIN-check-only-tty-session.patch +Patch0043: 0043-test-README-Environment-setting-for-mkosi-should-be-.patch +Patch0044: 0044-mkosi-temporarily-disable-panic_on_warn.patch +Patch0045: 0045-networkd-show-wireguard-private-key-read-error-numbe.patch +Patch0046: 0046-systemctl-edit-ignore-ENOENT-from-unit_is_masked.patch +Patch0047: 0047-test-skip-TEST-69-SHUTDOWN-on-ubuntu-too.patch +Patch0048: 0048-mkosi-Fix-tools-image-package-name.patch +Patch0049: 0049-tpm2-util-Also-retry-unsealing-after-policy_pcr-retu.patch +Patch0050: 0050-resolved-if-one-transaction-completes-expect-other-t.patch +Patch0051: 0051-man-Document-generator-sandbox-environment.patch +Patch0052: 0052-ukify-Fix-regression-in-no-sign-kernel-flag.patch +Patch0053: 0053-mkosi-switch-debian-ubuntu-to-ci-v257-stable-branch.patch +Patch0054: 0054-semaphore-switch-debian-ubuntu-to-ci-v257-stable-bra.patch +Patch0055: 0055-Revert-terminal-util-unify-code-that-resets-dev-cons.patch +Patch0056: 0056-mkosi-move-config-options.patch +Patch0057: 0057-mkosi-Update-to-latest.patch +Patch0058: 0058-mkosi-Add-gdb-to-tools-tree.patch +Patch0059: 0059-mkosi-Add-libz1-to-opensuse-tools-tree.patch +Patch0060: 0060-mkosi-Enable-EPEL-for-CentOS-Stream-tools-tree.patch +Patch0061: 0061-mkosi-Use-tools-tree-by-default.patch +Patch0062: 0062-mkosi-Use-build-as-extra-search-path-by-default.patch +Patch0063: 0063-mkosi.clangd-Don-t-pass-host-if-we-re-not-using-flat.patch +Patch0064: 0064-mkosi.clangd-Fail-on-command-errors.patch +Patch0065: 0065-docs-Simplify-hacking-documentation.patch +Patch0066: 0066-mkosi-Fix-authselect-systemd-homed-feature-name.patch +Patch0067: 0067-docs-Use-meson-compile-instead-of-ninja.patch +Patch0068: 0068-docs-Explicitly-mention-.local-bin-in-section-on-ins.patch +Patch0069: 0069-mkosi-update-opensuse-spec-repo-commit.patch +Patch0070: 0070-mkosi-update-openSUSE-commit-reference.patch +Patch0071: 0071-mkosi-add-libopenssl-devel-package-to-openSUSE-tools.patch +Patch0072: 0072-mkosi-switch-to-github-mirror-of-openSUSE-sources-fr.patch +Patch0073: 0073-mkosi-Allow-disabling-vcs-tag-via-environment-variab.patch +Patch0074: 0074-docs-Use-mkosi-sandbox-in-test-documentation-as-well.patch +Patch0075: 0075-test-update-README-s-Ubuntu-CI-section-for-mkosi-cha.patch +Patch0076: 0076-mkosi-Add-docbook-tools.patch +Patch0077: 0077-mkosi-Handle-directories-in-debian-not-installed-cor.patch +Patch0078: 0078-mkosi-Warn-on-unpackaged-files-in-the-debian-package.patch +Patch0079: 0079-mkosi-Update-to-latest.patch +Patch0080: 0080-mkosi-Make-path-exclude-more-generic.patch +Patch0081: 0081-packit-Move-fmf-metadata-into-upstream.patch +Patch0082: 0082-mkosi-replace-deprecated-settings-and-command-with-n.patch +Patch0083: 0083-mkosi-Migrate-more-deprecated-options.patch +Patch0084: 0084-ci-Rename-qemu-variable-to-vm.patch +Patch0085: 0085-fmf-Insist-on-mkosi-sha-being-available.patch +Patch0086: 0086-fmf-Support-being-used-downstream-in-dist-git-tests.patch +Patch0087: 0087-core-fix-assert-when-AddDependencyUnitFiles-is-calle.patch +Patch0088: 0088-repart-Use-streq_ptr.patch +Patch0089: 0089-sd-device-add-missing-debugging-log.patch +Patch0090: 0090-sd-device-fix-validation-for-devices-under-sys-firmw.patch +Patch0091: 0091-resolved-stop-mdns-lnrr-when-config-changes-to-disab.patch +Patch0092: 0092-shared-hibernate-util-don-t-attempt-to-fiemap-fd-if-.patch +Patch0093: 0093-shared-hibernate-util-handle-the-case-where-no-swap-.patch +Patch0094: 0094-locale-setup-do-not-load-locale-from-environemnt-whe.patch +Patch0095: 0095-machine-GC-machine-when-no-leader-PID-is-set.patch +Patch0096: 0096-creds-fix-use-after-free-in-varlink-interface.patch +Patch0097: 0097-core-unit-serialize-fix-serialization-of-markers.patch +Patch0098: 0098-test-answer-2nd-mdadm-create-question-for-compat-wit.patch +Patch0099: 0099-hwdb-comment-out-the-entry-for-Logitech-MX-Keys-for-.patch +Patch0100: 0100-mkosi-Install-which-in-build-image.patch +Patch0101: 0101-packit-Simplify-configuration.patch +Patch0102: 0102-fmf-Check-out-target-branch-in-packit.patch +Patch0103: 0103-stdio-bridge-fix-polled-fds.patch +Patch0104: 0104-Revert-mkosi-Fix-opensuse-build.patch +Patch0105: 0105-CI-add-OBS-workflow-integration-to-build-packages-on.patch +Patch0106: 0106-obs-also-trigger-Fedora-package-builds.patch +Patch0107: 0107-systemctl-also-ignore-ENOENT-in-checking-inhibitors.patch +Patch0108: 0108-systemctl-certainly-ignore-ENOENT-in-checking-inhibi.patch +Patch0109: 0109-journalctl-make-invocation-and-list-invocations-acce.patch +Patch0110: 0110-meson-bump-version-to-257.2.patch +Patch0111: 0111-ci-update-workflows-to-run-on-source-git-setup.patch +Patch0112: 0112-ci-setup-source-git-automation.patch +Patch0113: 0113-ci-reconfigure-Packit-for-RHEL-10.patch +Patch0114: 0114-journal-again-create-user-journals-for-users-with-hi.patch +Patch0115: 0115-tmpfiles-make-purge-hard-to-mis-use.patch +Patch0116: 0116-fedora-use-system-auth-in-pam-systemd-user.patch +Patch0117: 0117-net-naming-scheme-start-rhel10-naming-and-include-rh.patch +Patch0118: 0118-rules-copy-40-redhat.rules-from-RHEL-9.patch +Patch0119: 0119-logind-set-RemoveIPC-to-false-by-default.patch +Patch0120: 0120-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch +Patch0121: 0121-rc-local-order-after-network-online.target.patch +Patch0122: 0122-random-util-increase-random-seed-size-to-1024.patch +Patch0123: 0123-journal-don-t-enable-systemd-journald-audit.socket-b.patch +Patch0124: 0124-journald.conf-don-t-touch-current-audit-settings.patch +Patch0125: 0125-rules-add-elevator-kernel-command-line-parameter.patch +Patch0126: 0126-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch +Patch0127: 0127-udev-net-setup-link-change-the-default-MACAddressPol.patch +Patch0128: 0128-core-decrease-log-level-of-messages-about-use-of-Kil.patch +Patch0129: 0129-taint-remove-unmerged-bin.patch +Patch0130: 0130-presets-remove-resolved.patch +Patch0131: 0131-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch +Patch0132: 0132-taint-remove-unused-variable-usr_sbin.patch +Patch0133: 0133-packit-drop-the-libarchive-workaround.patch +Patch0134: 0134-coredump-by-default-process-and-store-core-files-up-.patch +Patch0135: 0135-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch +Patch0136: 0136-unit-don-t-add-Requires-for-tmp.mount.patch +Patch0137: 0137-units-add-Install-section-to-tmp.mount.patch +Patch0138: 0138-units-don-t-enable-tmp.mount-statically-in-local-fs..patch +Patch0139: 0139-netif-naming-scheme-add-rhel-9.5-scheme.patch +Patch0140: 0140-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch +Patch0141: 0141-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch +Patch0142: 0142-netif-naming-scheme-introduce-rhel-10.0-scheme.patch +Patch0143: 0143-udev-net_id-introduce-naming-scheme-for-RHEL-9.6.patch # Downstream-only patches (9000–9999) @@ -1071,6 +1182,10 @@ rm -f .file-list-* rm -f %{name}.lang %changelog +* Wed Jan 08 2024 Jan Macku - 257-3 +- udev/net_id: introduce naming scheme for RHEL-9.6 (RHEL-44417) +- Rebase to new upstream stable release v257.2 (RHEL-71409) + * Fri Dec 20 2024 Jan Macku - 257-2 - Rebase to new upstream stable release v257.1 (RHEL-71409)