From 90cf2cebb235f5e95e26dce847e32aa1957ab83e Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Tue, 17 Dec 2024 16:03:39 +0100 Subject: [PATCH] systemd-257-1 Resolves: RHEL-44417,RHEL-71409 --- 0001-Create-CNAME.patch | 18 -- ...workflows-to-run-on-source-git-setup.patch | 10 +- ... 0002-ci-setup-source-git-automation.patch | 231 +++++++++++++++++- 0002-man-systemd-reorder-content-a-bit.patch | 103 -------- ...03-ci-reconfigure-Packit-for-RHEL-10.patch | 2 +- ...allow-hostnamed-to-exit-on-idle-if-v.patch | 43 ---- ...eate-user-journals-for-users-with-hi.patch | 2 +- ...p-server-clear-buffer-before-receive.patch | 30 --- ...number-of-device-units-generated-for.patch | 29 --- ...-tmpfiles-make-purge-hard-to-mis-use.patch | 12 +- ...-use-system-auth-in-pam-systemd-user.patch | 2 +- ...se-GREEDY_REALLOC-to-grow-the-buffer.patch | 81 ------ ...e-start-rhel10-naming-and-include-rh.patch | 37 +-- ...-fail-if-we-can-t-access-the-TPM-due.patch | 132 ---------- ...dnssec-rrtype-questions-when-we-aren.patch | 37 --- ...les-copy-40-redhat.rules-from-RHEL-9.patch | 2 +- ...nd-set-RemoveIPC-to-false-by-default.patch | 12 +- ...Use-crypt_reencrypt_run-if-available.patch | 123 ---------- ...le-summary-at-the-end-of-TEST-02-UNI.patch | 136 ----------- ...reate-resolv.conf-stub-resolv.conf-s.patch | 16 +- ...al-order-after-network-online.target.patch | 2 +- 0011-repart-Use-CRYPT_ACTIVATE_PRIVATE.patch | 29 --- ...ew-stable-releases-will-be-in-the-ma.patch | 26 -- ...il-increase-random-seed-size-to-1024.patch | 6 +- ...able-systemd-journald-audit.socket-b.patch | 2 +- ...on-only-offer-devices-for-completion.patch | 29 --- ...E-document-reterr_-return-parameters.patch | 98 -------- ...f-don-t-touch-current-audit-settings.patch | 4 +- ...nalyze-show-pcrs-also-in-sha384-bank.patch | 27 -- ...evator-kernel-command-line-parameter.patch | 2 +- ...are-flex-array-updated-for-gcc15-and.patch | 41 ---- ...tTasksMax-to-80-of-the-kernel-pid.ma.patch | 8 +- ...-a-warning-to-systemd-tmpfiles-purge.patch | 31 --- ...ink-change-the-default-MACAddressPol.patch | 8 +- ...g-level-of-messages-about-use-of-Kil.patch | 14 +- ...emporary-from-description-of-systemd.patch | 65 ----- ...rivileged-user-ns-for-integration-te.patch | 24 -- ...ch => 0019-taint-remove-unmerged-bin.patch | 20 +- ...rts.ubuntu.com-for-non-x86-backports.patch | 74 ------ ...atch => 0020-presets-remove-resolved.patch | 2 +- ...st-only-for-Fedora-and-CentOS-Stream.patch | 34 ++- ...I-packages-only-on-EFI-architectures.patch | 58 ----- ...aint-remove-unused-variable-usr_sbin.patch | 6 +- ...kip-condition-before-installing-addi.patch | 31 --- ...ackit-drop-the-libarchive-workaround.patch | 2 +- ...-drop-unneeded-firmware-uefi-setting.patch | 37 --- ...ult-process-and-store-core-files-up-.patch | 4 +- 0024-test-drop-obsolete-comment.patch | 28 --- ...mounted-as-tmpfs-without-the-user-s-.patch | 2 +- 0025-test-support-TEST_NO_KVM.patch | 25 -- ...T_NO_QEMU-in-mkosi-integration-wrapp.patch | 30 --- ...nit-don-t-add-Requires-for-tmp.mount.patch | 10 +- ...stead-of-uefi-for-automated-fallback.patch | 27 -- ...its-add-Install-section-to-tmp.mount.patch | 2 +- ...ce-fix-accept-socket-deserialization.patch | 45 ---- ...le-tmp.mount-statically-in-local-fs..patch | 6 +- ...if-naming-scheme-add-rhel-9.5-scheme.patch | 16 +- ...tion-that-the-captive-portal-option-.patch | 26 -- ...isable-secure-boot-in-mkosi-GHA-runs.patch | 27 -- ...eme-rename-rhel-10.0-to-rhel-10.0.be.patch | 24 +- 0031-mkosi-bump-to-latest.patch | 23 -- ...eme-disable-NAMING_FIRMWARE_NODE_SUN.patch | 29 +++ 0032-NEWS-fix-typo.patch | 23 -- ...ng-scheme-introduce-rhel-10.0-scheme.patch | 61 +++++ ...moving-symlinks-even-for-units-that-.patch | 69 ------ ...t-bail-if-SHELL_-variables-are-unset.patch | 58 +++++ ...ur-dry-run-when-removing-directories.patch | 35 --- ...on-at-least-one-configuration-file-b.patch | 68 ------ ...rge-to-command-section-in-help-text-.patch | 37 --- ...rict-noble-backports-to-noble-builds.patch | 37 --- 0038-repart-fix-memory-leak.patch | 22 -- ...-use-_SOURCE_MONOTONIC_TIMESTAMP-fie.patch | 42 ---- ...i-deploy-systemd-man-to-GitHub-Pages.patch | 78 ------ ...-parameters-together-with-rhel-only-.patch | 37 --- ...n-rename-libbasic-to-libbasic_static.patch | 180 -------------- ...ystemd-core-via-an-intermediate-stat.patch | 63 ----- ...-to-build-systemd-executor-staticall.patch | 101 -------- ...add-downstream-CONTRIBUTING-document.patch | 108 -------- ...ci-allow-policy-as-rhel-only-keyword.patch | 40 --- ...-drop-the-dependency-on-python3-zstd.patch | 28 --- ..._id-use-firmware_node-sun-for-ID_NET.patch | 197 --------------- ...net-naming-scheme-add-missing-period.patch | 36 --- ...-drop-the-dependency-on-python3-zstd.patch | 28 --- ...-try-to-acquire-triggering-units-for.patch | 48 ---- ...unit-add-one-assertion-for-u-manager.patch | 24 -- ...troy-runtime-data-when-Type-oneshot-.patch | 88 ------- ...nore-kernel-threads-in-cg_kill_items.patch | 34 --- ...t-try-to-open-pidfd-for-kernel-threa.patch | 30 --- 0085-cgroup-util-fix-typo.patch | 27 -- ...eme-disable-NAMING_FIRMWARE_NODE_SUN.patch | 43 ---- ...e-remove-NAMING_FIRMWARE_NODE_SUN-fr.patch | 38 --- ...il-Don-t-try-to-open-pidfd-for-kerne.patch | 33 --- ...p-test-on-architectures-without-UEFI.patch | 30 --- ...e-beta-branch-to-match-dist-git-name.patch | 25 -- ...device-symlink-properly-on-udev-acti.patch | 41 ---- ...-TDX-confidential-VM-on-Azure-platfo.patch | 121 --------- ...t-split-caching-of-CVM-detection-int.patch | 76 ------ ...-virt-add-detection-for-s390x-target.patch | 90 ------- ...ct-virt-fix-row-spanning-for-VM-head.patch | 37 --- ...ect-virt-list-known-CVM-technologies.patch | 74 ------ ...t-activation-of-stopped-services-wit.patch | 53 ---- sources | 2 +- systemd.spec | 139 +++-------- 103 files changed, 545 insertions(+), 3918 deletions(-) delete mode 100644 0001-Create-CNAME.patch rename 0040-ci-update-workflows-to-run-on-source-git-setup.patch => 0001-ci-update-workflows-to-run-on-source-git-setup.patch (91%) rename 0041-ci-setup-source-git-automation.patch => 0002-ci-setup-source-git-automation.patch (51%) delete mode 100644 0002-man-systemd-reorder-content-a-bit.patch rename 0043-ci-reconfigure-Packit-for-RHEL-10.patch => 0003-ci-reconfigure-Packit-for-RHEL-10.patch (97%) delete mode 100644 0003-hostnamed-don-t-allow-hostnamed-to-exit-on-idle-if-v.patch rename 0045-journal-again-create-user-journals-for-users-with-hi.patch => 0004-journal-again-create-user-journals-for-users-with-hi.patch (97%) delete mode 100644 0004-sd-dhcp-server-clear-buffer-before-receive.patch delete mode 100644 0005-rules-Limit-the-number-of-device-units-generated-for.patch rename 0046-tmpfiles-make-purge-hard-to-mis-use.patch => 0005-tmpfiles-make-purge-hard-to-mis-use.patch (87%) rename 0047-fedora-use-system-auth-in-pam-systemd-user.patch => 0006-fedora-use-system-auth-in-pam-systemd-user.patch (93%) delete mode 100644 0006-strbuf-use-GREEDY_REALLOC-to-grow-the-buffer.patch rename 0048-net-naming-scheme-start-rhel10-naming-and-include-rh.patch => 0007-net-naming-scheme-start-rhel10-naming-and-include-rh.patch (93%) delete mode 100644 0007-tpm2-setup-Don-t-fail-if-we-can-t-access-the-TPM-due.patch delete mode 100644 0008-resolved-permit-dnssec-rrtype-questions-when-we-aren.patch rename 0049-rules-copy-40-redhat.rules-from-RHEL-9.patch => 0008-rules-copy-40-redhat.rules-from-RHEL-9.patch (98%) rename 0050-logind-set-RemoveIPC-to-false-by-default.patch => 0009-logind-set-RemoveIPC-to-false-by-default.patch (89%) delete mode 100644 0009-repart-Use-crypt_reencrypt_run-if-available.patch delete mode 100644 0010-test-dump-a-simple-summary-at-the-end-of-TEST-02-UNI.patch rename 0051-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch => 0010-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch (78%) rename 0052-rc-local-order-after-network-online.target.patch => 0011-rc-local-order-after-network-online.target.patch (92%) delete mode 100644 0011-repart-Use-CRYPT_ACTIVATE_PRIVATE.patch delete mode 100644 0012-NEWS-note-that-new-stable-releases-will-be-in-the-ma.patch rename 0053-random-util-increase-random-seed-size-to-1024.patch => 0012-random-util-increase-random-seed-size-to-1024.patch (79%) rename 0054-journal-don-t-enable-systemd-journald-audit.socket-b.patch => 0013-journal-don-t-enable-systemd-journald-audit.socket-b.patch (92%) delete mode 100644 0013-shell-completion-only-offer-devices-for-completion.patch delete mode 100644 0014-CODING_STYLE-document-reterr_-return-parameters.patch rename 0055-journald.conf-don-t-touch-current-audit-settings.patch => 0014-journald.conf-don-t-touch-current-audit-settings.patch (83%) delete mode 100644 0015-analyze-show-pcrs-also-in-sha384-bank.patch rename 0056-rules-add-elevator-kernel-command-line-parameter.patch => 0015-rules-add-elevator-kernel-command-line-parameter.patch (96%) delete mode 100644 0016-fundamental-declare-flex-array-updated-for-gcc15-and.patch rename 0057-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch => 0016-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch (94%) delete mode 100644 0017-man-add-a-bit-of-a-warning-to-systemd-tmpfiles-purge.patch rename 0058-udev-net-setup-link-change-the-default-MACAddressPol.patch => 0017-udev-net-setup-link-change-the-default-MACAddressPol.patch (89%) rename 0059-core-decrease-log-level-of-messages-about-use-of-Kil.patch => 0018-core-decrease-log-level-of-messages-about-use-of-Kil.patch (79%) delete mode 100644 0018-man-units-drop-temporary-from-description-of-systemd.patch delete mode 100644 0019-mkosi-enable-unprivileged-user-ns-for-integration-te.patch rename 0063-taint-remove-unmerged-bin.patch => 0019-taint-remove-unmerged-bin.patch (88%) delete mode 100644 0020-mkosi-use-ports.ubuntu.com-for-non-x86-backports.patch rename 0064-presets-remove-resolved.patch => 0020-presets-remove-resolved.patch (93%) rename 0067-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch => 0021-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch (69%) delete mode 100644 0021-mkosi-install-EFI-packages-only-on-EFI-architectures.patch rename 0068-taint-remove-unused-variable-usr_sbin.patch => 0022-taint-remove-unused-variable-usr_sbin.patch (85%) delete mode 100644 0022-test-check-the-skip-condition-before-installing-addi.patch rename 0069-packit-drop-the-libarchive-workaround.patch => 0023-packit-drop-the-libarchive-workaround.patch (93%) delete mode 100644 0023-test-drop-unneeded-firmware-uefi-setting.patch rename 0071-coredump-by-default-process-and-store-core-files-up-.patch => 0024-coredump-by-default-process-and-store-core-files-up-.patch (87%) delete mode 100644 0024-test-drop-obsolete-comment.patch rename 0072-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch => 0025-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch (92%) delete mode 100644 0025-test-support-TEST_NO_KVM.patch delete mode 100644 0026-test-support-TEST_NO_QEMU-in-mkosi-integration-wrapp.patch rename 0073-unit-don-t-add-Requires-for-tmp.mount.patch => 0026-unit-don-t-add-Requires-for-tmp.mount.patch (84%) delete mode 100644 0027-test-use-auto-instead-of-uefi-for-automated-fallback.patch rename 0074-units-add-Install-section-to-tmp.mount.patch => 0027-units-add-Install-section-to-tmp.mount.patch (90%) delete mode 100644 0028-core-service-fix-accept-socket-deserialization.patch rename 0075-units-don-t-enable-tmp.mount-statically-in-local-fs..patch => 0028-units-don-t-enable-tmp.mount-statically-in-local-fs..patch (85%) rename 0076-netif-naming-scheme-add-rhel-9.5-scheme.patch => 0029-netif-naming-scheme-add-rhel-9.5-scheme.patch (86%) delete mode 100644 0029-test-network-mention-that-the-captive-portal-option-.patch delete mode 100644 0030-CI-disable-secure-boot-in-mkosi-GHA-runs.patch rename 0086-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch => 0030-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch (78%) delete mode 100644 0031-mkosi-bump-to-latest.patch create mode 100644 0031-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch delete mode 100644 0032-NEWS-fix-typo.patch create mode 100644 0032-netif-naming-scheme-introduce-rhel-10.0-scheme.patch delete mode 100644 0033-install-allow-removing-symlinks-even-for-units-that-.patch create mode 100644 0033-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch delete mode 100644 0034-tmpfiles-honour-dry-run-when-removing-directories.patch delete mode 100644 0035-tmpfiles-insist-on-at-least-one-configuration-file-b.patch delete mode 100644 0036-tmpfiles-move-purge-to-command-section-in-help-text-.patch delete mode 100644 0037-mkosi-restrict-noble-backports-to-noble-builds.patch delete mode 100644 0038-repart-fix-memory-leak.patch delete mode 100644 0039-logs-show-do-not-use-_SOURCE_MONOTONIC_TIMESTAMP-fie.patch delete mode 100644 0042-ci-deploy-systemd-man-to-GitHub-Pages.patch delete mode 100644 0044-ci-allow-to-pass-parameters-together-with-rhel-only-.patch delete mode 100644 0060-meson-rename-libbasic-to-libbasic_static.patch delete mode 100644 0061-meson-build-libsystemd-core-via-an-intermediate-stat.patch delete mode 100644 0062-meson-add-option-to-build-systemd-executor-staticall.patch delete mode 100644 0065-doc-add-downstream-CONTRIBUTING-document.patch delete mode 100644 0066-ci-allow-policy-as-rhel-only-keyword.patch delete mode 100644 0070-packit-drop-the-dependency-on-python3-zstd.patch delete mode 100644 0077-udev-builtin-net_id-use-firmware_node-sun-for-ID_NET.patch delete mode 100644 0078-man-net-naming-scheme-add-missing-period.patch delete mode 100644 0079-Revert-packit-drop-the-dependency-on-python3-zstd.patch delete mode 100644 0080-systemctl-do-not-try-to-acquire-triggering-units-for.patch delete mode 100644 0081-core-unit-add-one-assertion-for-u-manager.patch delete mode 100644 0082-core-service-destroy-runtime-data-when-Type-oneshot-.patch delete mode 100644 0083-cgroup-util-Ignore-kernel-threads-in-cg_kill_items.patch delete mode 100644 0084-cgroup-util-Don-t-try-to-open-pidfd-for-kernel-threa.patch delete mode 100644 0085-cgroup-util-fix-typo.patch delete mode 100644 0087-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch delete mode 100644 0088-net-naming-scheme-remove-NAMING_FIRMWARE_NODE_SUN-fr.patch delete mode 100644 0089-Revert-cgroup-util-Don-t-try-to-open-pidfd-for-kerne.patch delete mode 100644 0090-ukify-Skip-test-on-architectures-without-UEFI.patch delete mode 100644 0091-ci-rename-beta-branch-to-match-dist-git-name.patch delete mode 100644 0092-udev-Handle-PTP-device-symlink-properly-on-udev-acti.patch delete mode 100644 0093-Fix-detection-of-TDX-confidential-VM-on-Azure-platfo.patch delete mode 100644 0094-confidential-virt-split-caching-of-CVM-detection-int.patch delete mode 100644 0095-confidential-virt-add-detection-for-s390x-target.patch delete mode 100644 0096-man-systemd-detect-virt-fix-row-spanning-for-VM-head.patch delete mode 100644 0097-man-systemd-detect-virt-list-known-CVM-technologies.patch delete mode 100644 0098-socket-fix-socket-activation-of-stopped-services-wit.patch diff --git a/0001-Create-CNAME.patch b/0001-Create-CNAME.patch deleted file mode 100644 index fbb444e..0000000 --- a/0001-Create-CNAME.patch +++ /dev/null @@ -1,18 +0,0 @@ -From 1c27c902ad8316f490648a0e4415abd51b450b1a Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Tue, 11 Jun 2024 23:04:12 +0100 -Subject: [PATCH] Create CNAME - ---- - docs/CNAME | 1 + - 1 file changed, 1 insertion(+) - create mode 100644 docs/CNAME - -diff --git a/docs/CNAME b/docs/CNAME -new file mode 100644 -index 0000000000..cdcf4d9a52 ---- /dev/null -+++ b/docs/CNAME -@@ -0,0 +1 @@ -+systemd.io -\ No newline at end of file diff --git a/0040-ci-update-workflows-to-run-on-source-git-setup.patch b/0001-ci-update-workflows-to-run-on-source-git-setup.patch similarity index 91% rename from 0040-ci-update-workflows-to-run-on-source-git-setup.patch rename to 0001-ci-update-workflows-to-run-on-source-git-setup.patch index b5a7f60..f68f1ab 100644 --- a/0040-ci-update-workflows-to-run-on-source-git-setup.patch +++ b/0001-ci-update-workflows-to-run-on-source-git-setup.patch @@ -1,4 +1,4 @@ -From 67ff61b054e8d4d4d3923c3b81586b2d4e286d6b Mon Sep 17 00:00:00 2001 +From de58c5c9d265444f6916015fd3e747012b07d958 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Thu, 16 May 2024 14:24:38 +0200 Subject: [PATCH] ci: update workflows to run on source-git setup @@ -29,7 +29,7 @@ index f0d321794a..87dcd3c478 100644 permissions: read-all diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml -index 0d284f75f1..daf34486d2 100644 +index 397a5ca8cb..51034783ca 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -6,9 +6,6 @@ name: "CodeQL" @@ -53,7 +53,7 @@ index 0d284f75f1..daf34486d2 100644 permissions: contents: read diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml -index 244f5d503b..403b5cfc58 100644 +index 9122eeb70e..c0d8790680 100644 --- a/.github/workflows/differential-shellcheck.yml +++ b/.github/workflows/differential-shellcheck.yml @@ -4,11 +4,7 @@ @@ -69,7 +69,7 @@ index 244f5d503b..403b5cfc58 100644 permissions: contents: read diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml -index cf0bc09453..e7fb70f2f5 100644 +index d9f6a37680..982013a773 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -6,9 +6,6 @@ name: Lint Code Base @@ -83,7 +83,7 @@ index cf0bc09453..e7fb70f2f5 100644 permissions: contents: read diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml -index 895068c2a2..bf6c820092 100644 +index 12c3a685c7..535ce9d1e2 100644 --- a/.github/workflows/unit_tests.yml +++ b/.github/workflows/unit_tests.yml @@ -5,9 +5,6 @@ diff --git a/0041-ci-setup-source-git-automation.patch b/0002-ci-setup-source-git-automation.patch similarity index 51% rename from 0041-ci-setup-source-git-automation.patch rename to 0002-ci-setup-source-git-automation.patch index 5f9deb7..777947e 100644 --- a/0041-ci-setup-source-git-automation.patch +++ b/0002-ci-setup-source-git-automation.patch @@ -1,4 +1,4 @@ -From 67b16d23396d9837f878850e890f90228d59d49e Mon Sep 17 00:00:00 2001 +From ce0e5f2206de1c6fa2b48177e076f4e6be5faae2 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Thu, 16 May 2024 14:36:04 +0200 Subject: [PATCH] ci: setup source-git automation @@ -6,27 +6,72 @@ Subject: [PATCH] ci: setup source-git automation rhel-only: ci Related: RHEL-36636 + +ci: deploy systemd man to GitHub Pages + +rhel-only: ci + +Related: RHEL-36636 + +ci: allow to pass parameters together with rhel-only note + +Supported parameters: + +* feature - for feature related commits (cross-version) +* bugfix - for bugfix related commits (cross-version) +* doc - for documentation related commits (usually version specific) +* workaround - for workaround related commits (usually version specific) +* ci - for CI related commits (version specific) +* test - for test related commits (version specific) +* other - for commits that do not fit into any of the above categories or use just `rhel-only` + +rhel-only: ci + +Related: RHEL-36636 + +doc: add downstream CONTRIBUTING document + +rhel-only: doc + +Related: RHEL-40924 + +ci: allow `policy` as rhel-only keyword + +rhel-only: ci + +Related: RHEL-40924 + +ci: rename beta branch to match dist-git name + +rhel-only: ci + +Related: RHEL-57603 --- .github/advanced-commit-linter.yml | 17 +++++ - .github/auto-merge.yml | 4 ++ - .github/pull-request-validator.yml | 4 ++ + .github/auto-merge.yml | 4 + + .github/pull-request-validator.yml | 4 + .github/regression-sniffer.yml | 1 + .github/tracker-validator.yml | 31 ++++++++ - .github/workflows/gather-pr-metadata.yml | 12 ++-- - .../source-git-automation-on-demand.yml | 72 +++++++++++++++++++ - .github/workflows/source-git-automation.yml | 45 ++++++++++++ - 8 files changed, 179 insertions(+), 7 deletions(-) + .github/workflows/deploy-man-pages.yml | 59 ++++++++++++++ + .github/workflows/gather-pr-metadata.yml | 12 ++- + .../source-git-automation-on-demand.yml | 72 ++++++++++++++++++ + .github/workflows/source-git-automation.yml | 45 +++++++++++ + CONTRIBUTING.md | 76 +++++++++++++++++++ + README.md | 2 +- + 11 files changed, 315 insertions(+), 8 deletions(-) create mode 100644 .github/advanced-commit-linter.yml create mode 100644 .github/auto-merge.yml create mode 100644 .github/pull-request-validator.yml create mode 100644 .github/regression-sniffer.yml create mode 100644 .github/tracker-validator.yml + create mode 100644 .github/workflows/deploy-man-pages.yml create mode 100644 .github/workflows/source-git-automation-on-demand.yml create mode 100644 .github/workflows/source-git-automation.yml + create mode 100644 CONTRIBUTING.md diff --git a/.github/advanced-commit-linter.yml b/.github/advanced-commit-linter.yml new file mode 100644 -index 0000000000..3609fe4612 +index 0000000000..4a7e6542b4 --- /dev/null +++ b/.github/advanced-commit-linter.yml @@ -0,0 +1,17 @@ @@ -36,8 +81,8 @@ index 0000000000..3609fe4612 + - github: systemd/systemd + exception: + note: -+ - rhel-only -+ - RHEL-only ++ - 'rhel-only: (feature|bugfix|policy|doc|workaround|ci|test|other)' ++ - 'RHEL-only: (feature|bugfix|policy|doc|workaround|ci|test|other)' + tracker: + - keyword: + - 'Resolves: ' @@ -76,7 +121,7 @@ index 0000000000..3824028e92 +upstream: systemd/systemd diff --git a/.github/tracker-validator.yml b/.github/tracker-validator.yml new file mode 100644 -index 0000000000..2e858606ff +index 0000000000..1226b8a92a --- /dev/null +++ b/.github/tracker-validator.yml @@ -0,0 +1,31 @@ @@ -88,7 +133,7 @@ index 0000000000..2e858606ff +products: + - Red Hat Enterprise Linux 10 + - CentOS Stream 10 -+ - rhel-10.0.beta ++ - rhel-10.0-beta + - rhel-10.0 + - rhel-10.0.z + - rhel-10.1 @@ -111,8 +156,73 @@ index 0000000000..2e858606ff + - rhel-10.9.z + - rhel-10.10 + - rhel-10.10.z +diff --git a/.github/workflows/deploy-man-pages.yml b/.github/workflows/deploy-man-pages.yml +new file mode 100644 +index 0000000000..9739228a87 +--- /dev/null ++++ b/.github/workflows/deploy-man-pages.yml +@@ -0,0 +1,59 @@ ++name: Deploy systemd man to Pages ++ ++on: ++ push: ++ branches: [ main ] ++ paths: ++ - man/* ++ - .github/workflows/deploy-man-pages.yml ++ schedule: ++ # Run every Monday at 4:00 AM UTC ++ - cron: 0 4 * * 1 ++ workflow_dispatch: ++ ++permissions: ++ contents: read ++ ++# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. ++# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. ++concurrency: ++ group: pages ++ cancel-in-progress: false ++ ++jobs: ++ # Single deploy job since we're just deploying ++ deploy: ++ environment: ++ name: github-pages ++ url: ${{ steps.deployment.outputs.page_url }} ++ runs-on: ubuntu-latest ++ ++ permissions: ++ pages: write ++ id-token: write ++ ++ steps: ++ - uses: actions/checkout@v4 ++ ++ - name: Install dependencies ++ run: | ++ sudo add-apt-repository -y --no-update --enable-source ++ sudo apt-get -y update ++ sudo apt-get -y build-dep systemd ++ ++ - name: Build HTML man pages ++ run: | ++ meson setup build ++ ninja -C build man/html ++ ++ - name: Setup Pages ++ uses: actions/configure-pages@v4 ++ ++ - name: Upload artifact ++ uses: actions/upload-pages-artifact@v3 ++ with: ++ path: ./build/man ++ ++ - name: Deploy to GitHub Pages ++ id: deployment ++ uses: actions/deploy-pages@v4 diff --git a/.github/workflows/gather-pr-metadata.yml b/.github/workflows/gather-pr-metadata.yml -index e4a0caff03..857689a37b 100644 +index 20160ab91f..fde51a480f 100644 --- a/.github/workflows/gather-pr-metadata.yml +++ b/.github/workflows/gather-pr-metadata.yml @@ -1,18 +1,17 @@ @@ -280,3 +390,98 @@ index 0000000000..d58242efa7 + pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }} + jira-api-token: ${{ secrets.JIRA_API_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} +diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md +new file mode 100644 +index 0000000000..c2e3a2d4d0 +--- /dev/null ++++ b/CONTRIBUTING.md +@@ -0,0 +1,76 @@ ++# Contributing ++ ++Welcome to systemd source-git for CentOS Stream and RHEL. When contributing, please follow the guide below. ++ ++## Workflow ++ ++```mermaid ++flowchart LR ++ A(Issue) --> B{is fixed\nupstream} ++ B -->|YES| C(backport\nupstream patch) ++ B -->|NO| D(upstream\nsubmit issue or PR) ++ D --> E{accepted\nand fixed} ++ E -->|YES| C ++ E -->|NO| F(rhel-only patch) --> G ++ C --> G(submit PR) ++``` ++ ++## Filing issues ++ ++When you find an issue with systemd used in **CentOS Stream** or **RHEL**, please file an issue in Red Hat [Jira ticket system](https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12332745&issuetype=1&components=12380515). ++ ++GitHub Issues are not supported tracking system. If your issue is reproducible using the latest upstream version of systemd, please consider creating [upstream issue](https://github.com/systemd/systemd/issues/new/choose). ++ ++## Posting Pull Requests ++ ++Every Pull Request has to comply with the following rules: ++ ++- Each commit has to reference [upstream](https://github.com/systemd/systemd) commit. ++- Each commit has to reference the approved issue/tracker. ++- Pull requests have to pass mandatory CI validation and testing ++- Pull requests have to be approved by at least one systemd downstream maintainer ++ ++### Upstream reference ++ ++When doing a back-port of an upstream commit, always use `cherry-pick -x `. Consider proposing a change upstream first when an upstream commit doesn't exist. ++If the change isn't upstream relevant or accepted by upstream, mark the commit with the `rhel-only: ` string, where a `` is: ++ ++- `feature` - for feature-related commits (cross-version) ++- `bugfix` - for bugfix-related commits (cross-version) ++- `policy` - for policy-related commits (cross-version) ++- `doc` - for documentation-related commits (usually version-specific) ++- `workaround` - for workaround-related commits (usually version-specific) ++- `ci` - for CI-related commits (version-specific) ++- `test` - for test-related commits (version-specific) ++- `other` - for commits that do not fit into any of the above categories (version-specific) ++ ++```md ++doc: Fix TYPO ++ ++rhel-only: doc ++ ++Resolves: RHEL-678 ++``` ++ ++### Issue reference ++ ++Each commit has to reference the relevant approved systemd issue (see: [Filling issues section](#filing-issues)). For referencing issues, we use the following keywords: ++ ++- **Resolves** for commits that directly resolve issues described in a referenced tracker ++- **Related** for commits related to the referenced issue, but they don't fix it. Usually, tests and documentation. ++- **Reverts** for commits that reverts previously merged commit ++ ++When referencing issues, use the following structure: `: `. See the example below: ++ ++```md ++doc: Fix TYPO ++ ++(cherry picked from commit c5afbac31bb33e7b1f4d59b253425af991a630a4) ++ ++Resolves: RHEL-678 ++``` ++ ++### Validation and testing ++ ++Each Pull Request has to pass all enabled tests that are automatically run using GitHub Actions, CentOS Stream CI, and others. ++If CI failure is unrelated to the change introduced in Pull Request, the downstream maintainer will set the `ci-waived` label and explain why CI was waived. +diff --git a/README.md b/README.md +index 12f1381f08..421a2e6572 100644 +--- a/README.md ++++ b/README.md +@@ -30,7 +30,7 @@ Please see the [Code Map](docs/ARCHITECTURE.md) for information about this repos + + Please see the [Hacking guide](docs/HACKING.md) for information on how to hack on systemd and test your modifications. + +-Please see our [Contribution Guidelines](docs/CONTRIBUTING.md) for more information about filing GitHub Issues and posting GitHub Pull Requests. ++Please see our [Contribution Guidelines](CONTRIBUTING.md) for more information about filing GitHub Issues and posting GitHub Pull Requests. + + When preparing patches for systemd, please follow our [Coding Style Guidelines](docs/CODING_STYLE.md). + diff --git a/0002-man-systemd-reorder-content-a-bit.patch b/0002-man-systemd-reorder-content-a-bit.patch deleted file mode 100644 index 1469876..0000000 --- a/0002-man-systemd-reorder-content-a-bit.patch +++ /dev/null @@ -1,103 +0,0 @@ -From d918804408801bf46a49018e374ebdfbeae08805 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 5 Jun 2024 11:28:21 +0200 -Subject: [PATCH] man/systemd: reorder content a bit - -Section "Description" didn't actually say what systemd does. And we had a giant -"Concepts" section that actually described units types and other details about -them. So let's move the basic description of functionality to "Description" and -rename the following section to "Units". - -The link to the Original Design Document is moved to "See Also", it is of -historical interest mostly at this point. - -The only actual change is that when talking about API filesystems, /dev is also -mentioned. (I think /sys+/proc+/dev are the canonical set and should be always -listed on one breath.) - -(cherry picked from commit f11aaf7dfb295de429b1567282b19caaba036bba) ---- - man/systemd.xml | 49 ++++++++++++++++++++++++------------------------- - 1 file changed, 24 insertions(+), 25 deletions(-) - -diff --git a/man/systemd.xml b/man/systemd.xml -index 66db5bbf25..f4aa7e06ca 100644 ---- a/man/systemd.xml -+++ b/man/systemd.xml -@@ -62,10 +62,29 @@ - user.conf.d directories. See - systemd-system.conf5 - for more information. -+ -+ systemd contains native implementations of various tasks that need to be -+ executed as part of the boot process. For example, it sets the hostname or configures the loopback -+ network device. It also sets up and mounts various API file systems, such as /sys/, -+ /proc/, and /dev/. -+ -+ Note that some but not all interfaces provided by systemd are covered by the -+ Interface Portability and Stability Promise. -+ -+ The D-Bus API of systemd is described in -+ org.freedesktop.systemd15 -+ and -+ org.freedesktop.LogControl15. -+ -+ -+ Systems which invoke systemd in a container or initrd environment should implement the Container Interface or -+ initrd Interface -+ specifications, respectively. - - - -- Concepts -+ Units - - systemd provides a dependency system between various - entities called "units" of 11 different types. Units encapsulate -@@ -261,34 +280,10 @@ - example, start jobs for any of those inactive units getting queued as - well. - -- systemd contains native implementations of various tasks -- that need to be executed as part of the boot process. For example, -- it sets the hostname or configures the loopback network device. It -- also sets up and mounts various API file systems, such as -- /sys/ or /proc/. -- -- For more information about the concepts and -- ideas behind systemd, please refer to the -- Original Design Document. -- -- Note that some but not all interfaces provided by systemd are covered by the -- Interface Portability and Stability Promise. -- - Units may be generated dynamically at boot and system - manager reload time, for example based on other configuration - files or parameters passed on the kernel command line. For details, see - systemd.generator7. -- -- The D-Bus API of systemd is described in -- org.freedesktop.systemd15 -- and -- org.freedesktop.LogControl15. -- -- -- Systems which invoke systemd in a container or initrd environment should implement the Container Interface or -- initrd Interface -- specifications, respectively. - - - -@@ -1558,6 +1553,10 @@ - bootup7 - systemd.directives7 - -+ -+ For more information about the concepts and -+ ideas behind systemd, please refer to the -+ Original Design Document. - - - diff --git a/0043-ci-reconfigure-Packit-for-RHEL-10.patch b/0003-ci-reconfigure-Packit-for-RHEL-10.patch similarity index 97% rename from 0043-ci-reconfigure-Packit-for-RHEL-10.patch rename to 0003-ci-reconfigure-Packit-for-RHEL-10.patch index d58235c..53c0bd6 100644 --- a/0043-ci-reconfigure-Packit-for-RHEL-10.patch +++ b/0003-ci-reconfigure-Packit-for-RHEL-10.patch @@ -1,4 +1,4 @@ -From 970ac707323ce1b50c6f45184df4373d651e669c Mon Sep 17 00:00:00 2001 +From 5c2ddd385ccfdf8ed57d2624ab95aa25f9e09bd5 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Fri, 17 May 2024 13:55:40 +0200 Subject: [PATCH] ci: reconfigure Packit for RHEL 10 diff --git a/0003-hostnamed-don-t-allow-hostnamed-to-exit-on-idle-if-v.patch b/0003-hostnamed-don-t-allow-hostnamed-to-exit-on-idle-if-v.patch deleted file mode 100644 index 99e1e6e..0000000 --- a/0003-hostnamed-don-t-allow-hostnamed-to-exit-on-idle-if-v.patch +++ /dev/null @@ -1,43 +0,0 @@ -From f2b5c1ff51b7c7876036c6c722e2a47b696695d9 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 8 May 2024 10:38:11 +0200 -Subject: [PATCH] hostnamed: don't allow hostnamed to exit on idle if varlink - connections are still ongoing - -And while we are at it, ongoing PK authorizations are also a reason to -block exit on idle. - -(cherry picked from commit ac908152b3b43a49f793d225c075423422cd3e33) ---- - src/hostname/hostnamed.c | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - -diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c -index 82d08803fa..fe1216fc1c 100644 ---- a/src/hostname/hostnamed.c -+++ b/src/hostname/hostnamed.c -@@ -1682,6 +1682,13 @@ static int connect_varlink(Context *c) { - return 0; - } - -+static bool context_check_idle(void *userdata) { -+ Context *c = ASSERT_PTR(userdata); -+ -+ return varlink_server_current_connections(c->varlink_server) == 0 && -+ hashmap_isempty(c->polkit_registry); -+} -+ - static int run(int argc, char *argv[]) { - _cleanup_(context_destroy) Context context = { - .hostname_source = _HOSTNAME_INVALID, /* appropriate value will be set later */ -@@ -1731,8 +1738,8 @@ static int run(int argc, char *argv[]) { - context.bus, - "org.freedesktop.hostname1", - DEFAULT_EXIT_USEC, -- /* check_idle= */ NULL, -- /* userdata= */ NULL); -+ context_check_idle, -+ &context); - if (r < 0) - return log_error_errno(r, "Failed to run event loop: %m"); - diff --git a/0045-journal-again-create-user-journals-for-users-with-hi.patch b/0004-journal-again-create-user-journals-for-users-with-hi.patch similarity index 97% rename from 0045-journal-again-create-user-journals-for-users-with-hi.patch rename to 0004-journal-again-create-user-journals-for-users-with-hi.patch index 4358717..2d94138 100644 --- a/0045-journal-again-create-user-journals-for-users-with-hi.patch +++ b/0004-journal-again-create-user-journals-for-users-with-hi.patch @@ -1,4 +1,4 @@ -From 8ca92aa84573b47bb6ee6a5853ecd08463b97af8 Mon Sep 17 00:00:00 2001 +From bd654fc852571f2e87b3579fe0544c3859516de7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 9 Jan 2024 11:28:04 +0100 Subject: [PATCH] journal: again create user journals for users with high uids diff --git a/0004-sd-dhcp-server-clear-buffer-before-receive.patch b/0004-sd-dhcp-server-clear-buffer-before-receive.patch deleted file mode 100644 index b51d6f3..0000000 --- a/0004-sd-dhcp-server-clear-buffer-before-receive.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 0d573787ea1610ba57a359cf437841f62b186e77 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 12 Jun 2024 00:48:56 +0900 -Subject: [PATCH] sd-dhcp-server: clear buffer before receive - -I do not think this is necessary, but all other places in -libsystemd-network we clear buffer before receive. Without this, -Coverity warns about use-of-uninitialized-values. -Let's silence Coverity. - -Closes CID#1469721. - -(cherry picked from commit 40f9fa0af4c3094d93e833e62f7e301cd453da62) ---- - src/libsystemd-network/sd-dhcp-server.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c -index c3b0f82dc4..4967f066dc 100644 ---- a/src/libsystemd-network/sd-dhcp-server.c -+++ b/src/libsystemd-network/sd-dhcp-server.c -@@ -1252,7 +1252,7 @@ static int server_receive_message(sd_event_source *s, int fd, - /* Preallocate the additional size for DHCP Relay Agent Information Option if needed */ - buflen += relay_agent_information_length(server->agent_circuit_id, server->agent_remote_id) + 2; - -- message = malloc(buflen); -+ message = malloc0(buflen); - if (!message) - return -ENOMEM; - diff --git a/0005-rules-Limit-the-number-of-device-units-generated-for.patch b/0005-rules-Limit-the-number-of-device-units-generated-for.patch deleted file mode 100644 index 8328a1d..0000000 --- a/0005-rules-Limit-the-number-of-device-units-generated-for.patch +++ /dev/null @@ -1,29 +0,0 @@ -From a3d94332a2b5128697373d3093c1cfa56649ec61 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Mon, 10 Jun 2024 12:59:58 +0200 -Subject: [PATCH] rules: Limit the number of device units generated for serial - ttys - -As per the suggestion in https://github.com/systemd/systemd/issues/33242. - -This reduces the number of /dev/ttySXX device units generated in -mkosi from 32 to 4. - -(cherry picked from commit dc38f9addd04c34d1fd743efc407bdebb3573d05) ---- - rules.d/99-systemd.rules.in | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in -index ad0c7e2fb5..8ba6f177f8 100644 ---- a/rules.d/99-systemd.rules.in -+++ b/rules.d/99-systemd.rules.in -@@ -10,6 +10,8 @@ - ACTION=="remove", GOTO="systemd_end" - - SUBSYSTEM=="tty", KERNEL=="tty[a-zA-Z]*|hvc*|xvc*|hvsi*|ttysclp*|sclp_line*|3270/tty[0-9]*", TAG+="systemd" -+# Exclude 8250 serial ports with a zero IO port, as they are not usable until "setserial /dev/ttySxxx port …" is invoked. -+SUBSYSTEM=="tty", KERNEL=="ttyS*", DRIVERS=="serial8250", ATTR{port}=="0x0", ENV{SYSTEMD_READY}="0" - KERNEL=="vport*", TAG+="systemd" - - SUBSYSTEM=="ptp", TAG+="systemd" diff --git a/0046-tmpfiles-make-purge-hard-to-mis-use.patch b/0005-tmpfiles-make-purge-hard-to-mis-use.patch similarity index 87% rename from 0046-tmpfiles-make-purge-hard-to-mis-use.patch rename to 0005-tmpfiles-make-purge-hard-to-mis-use.patch index b699822..cf33177 100644 --- a/0046-tmpfiles-make-purge-hard-to-mis-use.patch +++ b/0005-tmpfiles-make-purge-hard-to-mis-use.patch @@ -1,4 +1,4 @@ -From 6ad266a125eabbf27dfbe64aae9a0d9060c2bd08 Mon Sep 17 00:00:00 2001 +From b9215bbda704a4773de41190a0b2ce004d579bda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 18 Jun 2024 20:32:10 +0200 Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use @@ -13,10 +13,10 @@ Related: RHEL-40924 1 file changed, 17 insertions(+) diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c -index 8cc8c1ccd6..14048545db 100644 +index 86bf16356d..539c18f5e0 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c -@@ -4197,6 +4197,7 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4213,6 +4213,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_IMAGE_POLICY, ARG_REPLACE, ARG_DRY_RUN, @@ -24,7 +24,7 @@ index 8cc8c1ccd6..14048545db 100644 ARG_NO_PAGER, }; -@@ -4220,10 +4221,18 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4236,10 +4237,18 @@ static int parse_argv(int argc, char *argv[]) { { "replace", required_argument, NULL, ARG_REPLACE }, { "dry-run", no_argument, NULL, ARG_DRY_RUN }, { "no-pager", no_argument, NULL, ARG_NO_PAGER }, @@ -43,7 +43,7 @@ index 8cc8c1ccd6..14048545db 100644 assert(argc >= 0); assert(argv); -@@ -4330,6 +4339,10 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4346,6 +4355,10 @@ static int parse_argv(int argc, char *argv[]) { arg_dry_run = true; break; @@ -54,7 +54,7 @@ index 8cc8c1ccd6..14048545db 100644 case ARG_NO_PAGER: arg_pager_flags |= PAGER_DISABLE; break; -@@ -4349,6 +4362,10 @@ static int parse_argv(int argc, char *argv[]) { +@@ -4365,6 +4378,10 @@ static int parse_argv(int argc, char *argv[]) { return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Refusing --purge without specification of a configuration file."); diff --git a/0047-fedora-use-system-auth-in-pam-systemd-user.patch b/0006-fedora-use-system-auth-in-pam-systemd-user.patch similarity index 93% rename from 0047-fedora-use-system-auth-in-pam-systemd-user.patch rename to 0006-fedora-use-system-auth-in-pam-systemd-user.patch index c7a7849..87190b0 100644 --- a/0047-fedora-use-system-auth-in-pam-systemd-user.patch +++ b/0006-fedora-use-system-auth-in-pam-systemd-user.patch @@ -1,4 +1,4 @@ -From 79519b922b59c2282223742327cc8d75c7b219d0 Mon Sep 17 00:00:00 2001 +From 992d0ebb01617ecc48a5667527a02f53d33d3c4a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 14 Dec 2022 22:24:53 +0100 Subject: [PATCH] fedora: use system-auth in pam systemd-user diff --git a/0006-strbuf-use-GREEDY_REALLOC-to-grow-the-buffer.patch b/0006-strbuf-use-GREEDY_REALLOC-to-grow-the-buffer.patch deleted file mode 100644 index 776f109..0000000 --- a/0006-strbuf-use-GREEDY_REALLOC-to-grow-the-buffer.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 514ef0f93b76cbe0ba6b4de07a7b21fd0c2b7bae Mon Sep 17 00:00:00 2001 -From: q66 -Date: Thu, 6 Jun 2024 13:45:48 +0200 -Subject: [PATCH] strbuf: use GREEDY_REALLOC to grow the buffer - -This allows us to reserve a bunch of capacity ahead of time, -improving the performance of hwdb significantly thanks to not -having to reallocate so many times. - -Before: -``` -$ sudo time valgrind --leak-check=full ./systemd-hwdb update -==113297== Memcheck, a memory error detector -==113297== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al. -==113297== Using Valgrind-3.23.0 and LibVEX; rerun with -h for copyright info -==113297== Command: ./systemd-hwdb update -==113297== -==113297== -==113297== HEAP SUMMARY: -==113297== in use at exit: 0 bytes in 0 blocks -==113297== total heap usage: 1,412,640 allocs, 1,412,640 frees, 117,920,009,195 bytes allocated -==113297== -==113297== All heap blocks were freed -- no leaks are possible -==113297== -==113297== For lists of detected and suppressed errors, rerun with: -s -==113297== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) -132.44user 21.15system 2:35.61elapsed 98%CPU (0avgtext+0avgdata 228560maxresident)k -0inputs+25296outputs (0major+6886930minor)pagefaults 0swaps -``` - -After: -``` -$ sudo time valgrind --leak-check=full ./systemd-hwdb update -==112572== Memcheck, a memory error detector -==112572== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al. -==112572== Using Valgrind-3.23.0 and LibVEX; rerun with -h for copyright info -==112572== Command: ./systemd-hwdb update -==112572== -==112572== -==112572== HEAP SUMMARY: -==112572== in use at exit: 0 bytes in 0 blocks -==112572== total heap usage: 1,320,113 allocs, 1,320,113 frees, 70,614,501 bytes allocated -==112572== -==112572== All heap blocks were freed -- no leaks are possible -==112572== -==112572== For lists of detected and suppressed errors, rerun with: -s -==112572== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) -21.94user 0.19system 0:22.23elapsed 99%CPU (0avgtext+0avgdata 229876maxresident)k -0inputs+25264outputs (0major+57275minor)pagefaults 0swaps -``` - -Co-authored-by: Yu Watanabe -(cherry picked from commit 621b10fe2c3203c537996e84c7c89b0ff994ad93) ---- - src/basic/strbuf.c | 5 +---- - 1 file changed, 1 insertion(+), 4 deletions(-) - -diff --git a/src/basic/strbuf.c b/src/basic/strbuf.c -index 0617acc8d2..6d43955bb1 100644 ---- a/src/basic/strbuf.c -+++ b/src/basic/strbuf.c -@@ -107,7 +107,6 @@ static void bubbleinsert(struct strbuf_node *node, - /* add string, return the index/offset into the buffer */ - ssize_t strbuf_add_string(struct strbuf *str, const char *s, size_t len) { - uint8_t c; -- char *buf_new; - struct strbuf_child_entry *child; - struct strbuf_node *node; - ssize_t off; -@@ -147,10 +146,8 @@ ssize_t strbuf_add_string(struct strbuf *str, const char *s, size_t len) { - } - - /* add new string */ -- buf_new = realloc(str->buf, str->len + len+1); -- if (!buf_new) -+ if (!GREEDY_REALLOC(str->buf, str->len + len + 1)) - return -ENOMEM; -- str->buf = buf_new; - off = str->len; - memcpy(str->buf + off, s, len); - str->len += len; diff --git a/0048-net-naming-scheme-start-rhel10-naming-and-include-rh.patch b/0007-net-naming-scheme-start-rhel10-naming-and-include-rh.patch similarity index 93% rename from 0048-net-naming-scheme-start-rhel10-naming-and-include-rh.patch rename to 0007-net-naming-scheme-start-rhel10-naming-and-include-rh.patch index 2e5bf6a..4d23050 100644 --- a/0048-net-naming-scheme-start-rhel10-naming-and-include-rh.patch +++ b/0007-net-naming-scheme-start-rhel10-naming-and-include-rh.patch @@ -1,4 +1,4 @@ -From b91be007c4172b50e5ca570c3c3cd64fecbf377b Mon Sep 17 00:00:00 2001 +From bae9a92843339ced3fdca08e094881ff638b6b71 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Tue, 25 Jun 2024 14:00:45 +0200 Subject: [PATCH] net-naming-scheme: start rhel10 naming and include rhel8 and @@ -10,20 +10,21 @@ rhel-only: feature Resolves: RHEL-22621 --- - man/systemd.net-naming-scheme.xml | 186 ++++++++++++++++++++++++++++++ + man/systemd.net-naming-scheme.xml | 187 ++++++++++++++++++++++++++++++ man/version-info.xml | 33 ++++++ src/shared/netif-naming-scheme.c | 17 +++ src/shared/netif-naming-scheme.h | 20 ++++ - 4 files changed, 256 insertions(+) + 4 files changed, 257 insertions(+) diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml -index ff811c2bd7..690e3d2c27 100644 +index 19967af880..5965f293dc 100644 --- a/man/systemd.net-naming-scheme.xml +++ b/man/systemd.net-naming-scheme.xml -@@ -525,7 +525,193 @@ +@@ -540,7 +540,194 @@ + - ++ + + rhel-10.0 + @@ -215,13 +216,13 @@ index ff811c2bd7..690e3d2c27 100644 Note that latest may be used to denote the latest scheme known (to this particular version of systemd). diff --git a/man/version-info.xml b/man/version-info.xml -index bd210b20d3..274450d408 100644 +index 54440febd0..325f6eaa3e 100644 --- a/man/version-info.xml +++ b/man/version-info.xml -@@ -81,4 +81,37 @@ - Added in version 255. - Added in version 256. - Added in version 257. +@@ -84,4 +84,37 @@ + Added in version 258. + Added in version 259. + Added in version 260. + Added in rhel-8.0. + Added in rhel-8.1. + Added in rhel-8.2. @@ -257,13 +258,13 @@ index bd210b20d3..274450d408 100644 + Added in rhel-10.10. diff --git a/src/shared/netif-naming-scheme.c b/src/shared/netif-naming-scheme.c -index 2955b6e8d5..e4d4c0ba88 100644 +index 67b7eb4d90..b85dd3dadf 100644 --- a/src/shared/netif-naming-scheme.c +++ b/src/shared/netif-naming-scheme.c -@@ -24,6 +24,23 @@ static const NamingScheme naming_schemes[] = { - { "v253", NAMING_V253 }, +@@ -25,6 +25,23 @@ static const NamingScheme naming_schemes[] = { { "v254", NAMING_V254 }, { "v255", NAMING_V255 }, + { "v257", NAMING_V257 }, + { "rhel-8.0", NAMING_RHEL_8_0 }, + { "rhel-8.1", NAMING_RHEL_8_1 }, + { "rhel-8.2", NAMING_RHEL_8_2 }, @@ -285,12 +286,12 @@ index 2955b6e8d5..e4d4c0ba88 100644 EXTRA_NET_NAMING_MAP diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h -index 62afdc514a..b0697c141e 100644 +index 3ab1d752c8..2cf7d3f3ba 100644 --- a/src/shared/netif-naming-scheme.h +++ b/src/shared/netif-naming-scheme.h -@@ -63,6 +63,26 @@ typedef enum NamingSchemeFlags { - * systemd version 255, naming scheme "v255". */ +@@ -66,6 +66,26 @@ typedef enum NamingSchemeFlags { NAMING_V255 = NAMING_V254 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT, + NAMING_V257 = NAMING_V255 | NAMING_FIRMWARE_NODE_SUN | NAMING_DEVICETREE_PORT_ALIASES, + NAMING_RHEL_8_0 = NAMING_V239, + NAMING_RHEL_8_1 = NAMING_V239, @@ -310,7 +311,7 @@ index 62afdc514a..b0697c141e 100644 + NAMING_RHEL_9_3 = NAMING_RHEL_9_0 | NAMING_SR_IOV_R, + NAMING_RHEL_9_4 = NAMING_RHEL_9_3, + -+ NAMING_RHEL_10_0 = NAMING_V255, ++ NAMING_RHEL_10_0 = NAMING_V257, + EXTRA_NET_NAMING_SCHEMES diff --git a/0007-tpm2-setup-Don-t-fail-if-we-can-t-access-the-TPM-due.patch b/0007-tpm2-setup-Don-t-fail-if-we-can-t-access-the-TPM-due.patch deleted file mode 100644 index 683891a..0000000 --- a/0007-tpm2-setup-Don-t-fail-if-we-can-t-access-the-TPM-due.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 30df42a9277bbf138d52887c9b79e452db425585 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 17 May 2024 16:20:11 +0200 -Subject: [PATCH] tpm2-setup: Don't fail if we can't access the TPM due to - authorization failure - -The TPM might be password/pin protected for various reasons even if -there is no SRK yet. Let's handle those cases gracefully instead of -failing the unit as it is enabled by default. - -(cherry picked from commit d6518003f8ebbfb6f85dbf227736ae05b0961199) ---- - catalog/systemd.catalog.in | 13 +++++++++++++ - src/shared/tpm2-util.c | 2 ++ - src/systemd/sd-messages.h | 3 +++ - src/tpm2-setup/tpm2-setup.c | 13 ++++++++++++- - units/systemd-tpm2-setup-early.service.in | 3 +++ - units/systemd-tpm2-setup.service.in | 3 +++ - 6 files changed, 36 insertions(+), 1 deletion(-) - -diff --git a/catalog/systemd.catalog.in b/catalog/systemd.catalog.in -index 3c9a6860da..2831152763 100644 ---- a/catalog/systemd.catalog.in -+++ b/catalog/systemd.catalog.in -@@ -780,3 +780,16 @@ Documentation: https://systemd.io/PORTABLE_SERVICES/ - A Portable Service @PORTABLE_ROOT@ (with extensions: @PORTABLE_EXTENSION@) has been - detached from the system and is no longer available for use. The list of attached - Portable Services can be queried with 'portablectl list'. -+ -+-- ad7089f928ac4f7ea00c07457d47ba8a -+Subject: Authorization failure while attempting to enroll SRK into TPM -+Defined-By: systemd -+Support: %SUPPORT_URL% -+Documentation: man:systemd-tpm2-setup.service(8) -+ -+An authorization failure occured while attempting to enroll a Storage Root Key (SRK) on the Trusted Platform -+Module (TPM). Most likely this means that a PIN/Password (authValue) has been set on the Owner hierarchy of -+the TPM. -+ -+Automatic SRK enrollment on TPMs in such scenarios is not supported. In order to unset the PIN/password -+protection on the owner hierarchy issue a command like the following: 'tpm2_changeauth -c o -p ""'. -diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c -index 87ce53cf95..9603f1837e 100644 ---- a/src/shared/tpm2-util.c -+++ b/src/shared/tpm2-util.c -@@ -2119,6 +2119,8 @@ int tpm2_create_primary( - /* creationData= */ NULL, - /* creationHash= */ NULL, - /* creationTicket= */ NULL); -+ if (rc == TPM2_RC_BAD_AUTH) -+ return log_debug_errno(SYNTHETIC_ERRNO(EDEADLK), "Authorization failure while attempting to enroll SRK into TPM."); - if (rc != TSS2_RC_SUCCESS) - return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), - "Failed to generate primary key in TPM: %s", -diff --git a/src/systemd/sd-messages.h b/src/systemd/sd-messages.h -index e3f68068a8..16e9986be3 100644 ---- a/src/systemd/sd-messages.h -+++ b/src/systemd/sd-messages.h -@@ -272,6 +272,9 @@ _SD_BEGIN_DECLARATIONS; - #define SD_MESSAGE_PORTABLE_DETACHED SD_ID128_MAKE(76,c5,c7,54,d6,28,49,0d,8e,cb,a4,c9,d0,42,11,2b) - #define SD_MESSAGE_PORTABLE_DETACHED_STR SD_ID128_MAKE_STR(76,c5,c7,54,d6,28,49,0d,8e,cb,a4,c9,d0,42,11,2b) - -+#define SD_MESSAGE_SRK_ENROLLMENT_NEEDS_AUTHORIZATION SD_ID128_MAKE(ad,70,89,f9,28,ac,4f,7e,a0,0c,07,45,7d,47,ba,8a) -+#define SD_MESSAGE_SRK_ENROLLMENT_NEEDS_AUTHORIZATION_STR SD_ID128_MAKE_STR(ad,70,89,f9,28,ac,4f,7e,a0,0c,07,45,7d,47,ba,8a) -+ - _SD_END_DECLARATIONS; - - #endif -diff --git a/src/tpm2-setup/tpm2-setup.c b/src/tpm2-setup/tpm2-setup.c -index 35628fc02a..b95c5e7a58 100644 ---- a/src/tpm2-setup/tpm2-setup.c -+++ b/src/tpm2-setup/tpm2-setup.c -@@ -3,6 +3,8 @@ - #include - #include - -+#include "sd-messages.h" -+ - #include "build.h" - #include "fd-util.h" - #include "fileio.h" -@@ -223,6 +225,8 @@ static int load_public_key_tpm2(struct public_key_data *ret) { - /* ret_name= */ NULL, - /* ret_qname= */ NULL, - NULL); -+ if (r == -EDEADLK) -+ return r; - if (r < 0) - return log_error_errno(r, "Failed to get or create SRK: %m"); - if (r > 0) -@@ -289,6 +293,13 @@ static int run(int argc, char *argv[]) { - } - - r = load_public_key_tpm2(&tpm2_key); -+ if (r == -EDEADLK) { -+ log_struct_errno(LOG_INFO, r, -+ LOG_MESSAGE("Insufficient permissions to access TPM, not generating SRK."), -+ "MESSAGE_ID=" SD_MESSAGE_SRK_ENROLLMENT_NEEDS_AUTHORIZATION_STR); -+ return 76; /* Special return value which means "Insufficient permissions to access TPM, -+ * cannot generate SRK". This isn't really an error when called at boot. */; -+ } - if (r < 0) - return r; - -@@ -383,4 +394,4 @@ static int run(int argc, char *argv[]) { - return 0; - } - --DEFINE_MAIN_FUNCTION(run); -+DEFINE_MAIN_FUNCTION_WITH_POSITIVE_FAILURE(run); -diff --git a/units/systemd-tpm2-setup-early.service.in b/units/systemd-tpm2-setup-early.service.in -index 9982c84aba..7fdb99b53f 100644 ---- a/units/systemd-tpm2-setup-early.service.in -+++ b/units/systemd-tpm2-setup-early.service.in -@@ -21,3 +21,6 @@ ConditionPathExists=!/run/systemd/tpm2-srk-public-key.pem - Type=oneshot - RemainAfterExit=yes - ExecStart={{LIBEXECDIR}}/systemd-tpm2-setup --early=yes --graceful -+ -+# The tool returns 76 if the TPM cannot be accessed due to an authorization failure and we can't generate an SRK. -+SuccessExitStatus=76 -diff --git a/units/systemd-tpm2-setup.service.in b/units/systemd-tpm2-setup.service.in -index 0af7292528..ac29a76966 100644 ---- a/units/systemd-tpm2-setup.service.in -+++ b/units/systemd-tpm2-setup.service.in -@@ -22,3 +22,6 @@ ConditionPathExists=!/etc/initrd-release - Type=oneshot - RemainAfterExit=yes - ExecStart={{LIBEXECDIR}}/systemd-tpm2-setup --graceful -+ -+# The tool returns 76 if the TPM cannot be accessed due to an authorization failure and we can't generate an SRK. -+SuccessExitStatus=76 diff --git a/0008-resolved-permit-dnssec-rrtype-questions-when-we-aren.patch b/0008-resolved-permit-dnssec-rrtype-questions-when-we-aren.patch deleted file mode 100644 index 47ce5cf..0000000 --- a/0008-resolved-permit-dnssec-rrtype-questions-when-we-aren.patch +++ /dev/null @@ -1,37 +0,0 @@ -From ba031f1fe86e36d7adc0340b047de32399c98bf7 Mon Sep 17 00:00:00 2001 -From: Ronan Pigott -Date: Fri, 8 Mar 2024 13:40:08 -0700 -Subject: [PATCH] resolved: permit dnssec rrtype questions when we aren't - validating - -This check introduced in 91adc4db33f6 is intended to spare us from -encountering broken resolver behavior we don't want to deal with. -However if we aren't validating we more than likely don't know the state -of the upstream resolver's support for dnssec. Let's let clients try -these queries if they want. - -This brings the behavior of sd-resolved in-line with previouly stated -change in the meaning of DNSSEC=no, which now means "don't validate" -rather than "don't validate, because the upstream resolver is declared to -be dnssec-unaware". - -Fixes: 9c47b334445a ("resolved: enable DNS proxy mode if client wants DNSSEC") -(cherry picked from commit 364c948707afa097f6ad177b61c2b51a86c0089a) ---- - src/resolve/resolved-dns-server.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c -index 340f11f4f4..b37f541c7f 100644 ---- a/src/resolve/resolved-dns-server.c -+++ b/src/resolve/resolved-dns-server.c -@@ -706,9 +706,6 @@ bool dns_server_dnssec_supported(DnsServer *server) { - if (dns_server_get_dnssec_mode(server) == DNSSEC_YES) /* If strict DNSSEC mode is enabled, always assume DNSSEC mode is supported. */ - return true; - -- if (!DNS_SERVER_FEATURE_LEVEL_IS_DNSSEC(server->possible_feature_level)) -- return false; -- - if (server->packet_bad_opt) - return false; - diff --git a/0049-rules-copy-40-redhat.rules-from-RHEL-9.patch b/0008-rules-copy-40-redhat.rules-from-RHEL-9.patch similarity index 98% rename from 0049-rules-copy-40-redhat.rules-from-RHEL-9.patch rename to 0008-rules-copy-40-redhat.rules-from-RHEL-9.patch index 2d127b9..5195259 100644 --- a/0049-rules-copy-40-redhat.rules-from-RHEL-9.patch +++ b/0008-rules-copy-40-redhat.rules-from-RHEL-9.patch @@ -1,4 +1,4 @@ -From ee9a767142ec66b1ca93af9401dc8f723ae59881 Mon Sep 17 00:00:00 2001 +From 53a7f74c61db28b21bab57b9f9b3b068c6a40649 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Wed, 12 Jun 2024 14:23:30 +0200 Subject: [PATCH] rules: copy 40-redhat.rules from RHEL 9 diff --git a/0050-logind-set-RemoveIPC-to-false-by-default.patch b/0009-logind-set-RemoveIPC-to-false-by-default.patch similarity index 89% rename from 0050-logind-set-RemoveIPC-to-false-by-default.patch rename to 0009-logind-set-RemoveIPC-to-false-by-default.patch index f2a4438..328a578 100644 --- a/0050-logind-set-RemoveIPC-to-false-by-default.patch +++ b/0009-logind-set-RemoveIPC-to-false-by-default.patch @@ -1,4 +1,4 @@ -From 6e4f0c54b24080fb57261a54a4e26b64f806f40d Mon Sep 17 00:00:00 2001 +From bb8e0604ab3033d5436b1ea7b2bdfde077208f58 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 1 Aug 2018 10:58:28 +0200 Subject: [PATCH] logind: set RemoveIPC to false by default @@ -13,10 +13,10 @@ Related: RHEL-40924 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/man/logind.conf.xml b/man/logind.conf.xml -index c52431fd41..bb5e13bfd9 100644 +index 66240b58fe..3265b134e0 100644 --- a/man/logind.conf.xml +++ b/man/logind.conf.xml -@@ -374,7 +374,7 @@ +@@ -376,7 +376,7 @@ user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users @@ -26,7 +26,7 @@ index c52431fd41..bb5e13bfd9 100644 diff --git a/src/login/logind-core.c b/src/login/logind-core.c -index 71e4247a79..26250c5704 100644 +index fad276f195..5c05afb197 100644 --- a/src/login/logind-core.c +++ b/src/login/logind-core.c @@ -36,7 +36,7 @@ void manager_reset_config(Manager *m) { @@ -39,10 +39,10 @@ index 71e4247a79..26250c5704 100644 m->user_stop_delay = 10 * USEC_PER_SEC; diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in -index b62458ec3c..dc798bea2d 100644 +index 2e06b9a050..d6f6938867 100644 --- a/src/login/logind.conf.in +++ b/src/login/logind.conf.in -@@ -46,7 +46,7 @@ +@@ -47,7 +47,7 @@ #IdleActionSec=30min #RuntimeDirectorySize=10% #RuntimeDirectoryInodesMax= diff --git a/0009-repart-Use-crypt_reencrypt_run-if-available.patch b/0009-repart-Use-crypt_reencrypt_run-if-available.patch deleted file mode 100644 index 135eb65..0000000 --- a/0009-repart-Use-crypt_reencrypt_run-if-available.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 70f5fb2f7ab585458008b1d3144e4ebaf98db42e Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Sun, 2 Jun 2024 16:24:52 +0200 -Subject: [PATCH] repart: Use crypt_reencrypt_run() if available - -crypt_reencrypt() is deprecated, so let's look for and prefer -crypt_reencrypt_run() if it is available. - -(cherry picked from commit b99b2941276a74878a23470b36c75b0c21dbdd4a) ---- - meson.build | 1 + - src/partition/repart.c | 6 +++++- - src/shared/cryptsetup-util.c | 19 ++++++++----------- - src/shared/cryptsetup-util.h | 6 +++--- - 4 files changed, 17 insertions(+), 15 deletions(-) - -diff --git a/meson.build b/meson.build -index ea4e12aa1c..e42151998b 100644 ---- a/meson.build -+++ b/meson.build -@@ -1262,6 +1262,7 @@ foreach ident : ['crypt_set_metadata_size', - 'crypt_token_max', - 'crypt_reencrypt_init_by_passphrase', - 'crypt_reencrypt', -+ 'crypt_reencrypt_run', - 'crypt_set_data_offset', - 'crypt_set_keyring_to_link', - 'crypt_resume_by_volume_key'] -diff --git a/src/partition/repart.c b/src/partition/repart.c -index 6f67d46025..2ecae4ca03 100644 ---- a/src/partition/repart.c -+++ b/src/partition/repart.c -@@ -3913,7 +3913,7 @@ static int partition_target_sync(Context *context, Partition *p, PartitionTarget - } - - static int partition_encrypt(Context *context, Partition *p, PartitionTarget *target, bool offline) { --#if HAVE_LIBCRYPTSETUP && HAVE_CRYPT_SET_DATA_OFFSET && HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE && HAVE_CRYPT_REENCRYPT -+#if HAVE_LIBCRYPTSETUP && HAVE_CRYPT_SET_DATA_OFFSET && HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE && (HAVE_CRYPT_REENCRYPT_RUN || HAVE_CRYPT_REENCRYPT) - const char *node = partition_target_path(target); - struct crypt_params_luks2 luks_params = { - .label = strempty(ASSERT_PTR(p)->new_label), -@@ -4220,7 +4220,11 @@ static int partition_encrypt(Context *context, Partition *p, PartitionTarget *ta - if (r < 0) - return log_error_errno(r, "Failed to load reencryption context: %m"); - -+#if HAVE_CRYPT_REENCRYPT_RUN -+ r = sym_crypt_reencrypt_run(cd, NULL, NULL); -+#else - r = sym_crypt_reencrypt(cd, NULL); -+#endif - if (r < 0) - return log_error_errno(r, "Failed to encrypt %s: %m", node); - } else { -diff --git a/src/shared/cryptsetup-util.c b/src/shared/cryptsetup-util.c -index 288e6e8942..d0dd434df8 100644 ---- a/src/shared/cryptsetup-util.c -+++ b/src/shared/cryptsetup-util.c -@@ -54,10 +54,10 @@ DLSYM_FUNCTION(crypt_volume_key_get); - #if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE - DLSYM_FUNCTION(crypt_reencrypt_init_by_passphrase); - #endif --#if HAVE_CRYPT_REENCRYPT --DISABLE_WARNING_DEPRECATED_DECLARATIONS; -+#if HAVE_CRYPT_REENCRYPT_RUN -+DLSYM_FUNCTION(crypt_reencrypt_run); -+#elif HAVE_CRYPT_REENCRYPT - DLSYM_FUNCTION(crypt_reencrypt); --REENABLE_WARNING; - #endif - DLSYM_FUNCTION(crypt_metadata_locking); - #if HAVE_CRYPT_SET_DATA_OFFSET -@@ -246,11 +246,8 @@ int dlopen_cryptsetup(void) { - - /* libcryptsetup added crypt_reencrypt() in 2.2.0, and marked it obsolete in 2.4.0, replacing it with - * crypt_reencrypt_run(), which takes one extra argument but is otherwise identical. The old call is -- * still available though, and given we want to support 2.2.0 for a while longer, we'll stick to the -- * old symbol. However, the old symbols now has a GCC deprecation decorator, hence let's turn off -- * warnings about this for now. */ -- -- DISABLE_WARNING_DEPRECATED_DECLARATIONS; -+ * still available though, and given we want to support 2.2.0 for a while longer, we'll use the old -+ * symbol if the new one is not available. */ - - ELF_NOTE_DLOPEN("cryptsetup", - "Support for disk encryption, integrity, and authentication", -@@ -304,7 +301,9 @@ int dlopen_cryptsetup(void) { - #if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE - DLSYM_ARG(crypt_reencrypt_init_by_passphrase), - #endif --#if HAVE_CRYPT_REENCRYPT -+#if HAVE_CRYPT_REENCRYPT_RUN -+ DLSYM_ARG(crypt_reencrypt_run), -+#elif HAVE_CRYPT_REENCRYPT - DLSYM_ARG(crypt_reencrypt), - #endif - DLSYM_ARG(crypt_metadata_locking), -@@ -316,8 +315,6 @@ int dlopen_cryptsetup(void) { - if (r <= 0) - return r; - -- REENABLE_WARNING; -- - /* Redirect the default logging calls of libcryptsetup to our own logging infra. (Note that - * libcryptsetup also maintains per-"struct crypt_device" log functions, which we'll also set - * whenever allocating a "struct crypt_device" context. Why set both? To be defensive: maybe some -diff --git a/src/shared/cryptsetup-util.h b/src/shared/cryptsetup-util.h -index f00ac367b6..d255e59004 100644 ---- a/src/shared/cryptsetup-util.h -+++ b/src/shared/cryptsetup-util.h -@@ -70,10 +70,10 @@ DLSYM_PROTOTYPE(crypt_volume_key_get); - #if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE - DLSYM_PROTOTYPE(crypt_reencrypt_init_by_passphrase); - #endif --#if HAVE_CRYPT_REENCRYPT --DISABLE_WARNING_DEPRECATED_DECLARATIONS; -+#if HAVE_CRYPT_REENCRYPT_RUN -+DLSYM_PROTOTYPE(crypt_reencrypt_run); -+#elif HAVE_CRYPT_REENCRYPT - DLSYM_PROTOTYPE(crypt_reencrypt); --REENABLE_WARNING; - #endif - DLSYM_PROTOTYPE(crypt_metadata_locking); - #if HAVE_CRYPT_SET_DATA_OFFSET diff --git a/0010-test-dump-a-simple-summary-at-the-end-of-TEST-02-UNI.patch b/0010-test-dump-a-simple-summary-at-the-end-of-TEST-02-UNI.patch deleted file mode 100644 index 315a5ff..0000000 --- a/0010-test-dump-a-simple-summary-at-the-end-of-TEST-02-UNI.patch +++ /dev/null @@ -1,136 +0,0 @@ -From 4a468387acbc8a2bd51bffaeca242e415e55b614 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Wed, 12 Jun 2024 12:09:25 +0200 -Subject: [PATCH] test: dump a simple summary at the end of TEST-02-UNITTEST - -Let's dump a list of skipped tests and logs from failed tests at the end -of TEST-02-UNITTEST to make debugging fails in CI slightly less painful. - -(cherry picked from commit 2ac0e52f29eb5f0040882fc46bcfa369893577f3) ---- - test/TEST-02-UNITTESTS/test.sh | 8 ---- - test/test-functions | 68 --------------------------------- - test/units/TEST-02-UNITTESTS.sh | 14 +++++++ - 3 files changed, 14 insertions(+), 76 deletions(-) - -diff --git a/test/TEST-02-UNITTESTS/test.sh b/test/TEST-02-UNITTESTS/test.sh -index f165c99368..2cf9c31096 100755 ---- a/test/TEST-02-UNITTESTS/test.sh -+++ b/test/TEST-02-UNITTESTS/test.sh -@@ -37,12 +37,4 @@ test_append_files() { - fi - } - --check_result_nspawn() { -- check_result_nspawn_unittests "${1}" --} -- --check_result_qemu() { -- check_result_qemu_unittests --} -- - do_test "$@" -diff --git a/test/test-functions b/test/test-functions -index be6eb1d9b2..8b497b2e27 100644 ---- a/test/test-functions -+++ b/test/test-functions -@@ -1860,74 +1860,6 @@ check_result_qemu() { - return $ret - } - --check_result_nspawn_unittests() { -- local workspace="${1:?}" -- local ret=1 -- -- [[ -e "$workspace/testok" ]] && ret=0 -- -- if [[ -s "$workspace/failed" ]]; then -- ret=$((ret + 1)) -- echo "=== Failed test log ===" -- cat "$workspace/failed" -- else -- if [[ -s "$workspace/skipped" ]]; then -- echo "=== Skipped test log ==" -- cat "$workspace/skipped" -- # We might have only skipped tests - that should not fail the job -- ret=0 -- fi -- if [[ -s "$workspace/testok" ]]; then -- echo "=== Passed tests ===" -- cat "$workspace/testok" -- fi -- fi -- -- get_bool "${TIMED_OUT:=}" && ret=1 -- check_coverage_reports "$workspace" || ret=5 -- -- save_journal "$workspace/var/log/journal" $ret -- echo "${JOURNAL_LIST:-"No journals were saved"}" -- -- _umount_dir "${initdir:?}" -- -- return $ret --} -- --check_result_qemu_unittests() { -- local ret=1 -- -- mount_initdir -- [[ -e "${initdir:?}/testok" ]] && ret=0 -- -- if [[ -s "$initdir/failed" ]]; then -- ret=$((ret + 1)) -- echo "=== Failed test log ===" -- cat "$initdir/failed" -- else -- if [[ -s "$initdir/skipped" ]]; then -- echo "=== Skipped test log ==" -- cat "$initdir/skipped" -- # We might have only skipped tests - that should not fail the job -- ret=0 -- fi -- if [[ -s "$initdir/testok" ]]; then -- echo "=== Passed tests ===" -- cat "$initdir/testok" -- fi -- fi -- -- get_bool "${TIMED_OUT:=}" && ret=1 -- check_coverage_reports "$initdir" || ret=5 -- -- save_journal "$initdir/var/log/journal" $ret -- echo "${JOURNAL_LIST:-"No journals were saved"}" -- -- _umount_dir "$initdir" -- -- return $ret --} -- - create_rc_local() { - dinfo "Create rc.local" - mkdir -p "${initdir:?}/etc/rc.d" -diff --git a/test/units/TEST-02-UNITTESTS.sh b/test/units/TEST-02-UNITTESTS.sh -index 6392425130..4448643f9a 100755 ---- a/test/units/TEST-02-UNITTESTS.sh -+++ b/test/units/TEST-02-UNITTESTS.sh -@@ -95,6 +95,20 @@ export -f run_test - find /usr/lib/systemd/tests/unit-tests/ -maxdepth 1 -type f -name "${TESTS_GLOB}" -print0 | - xargs -0 -I {} --max-procs="$MAX_QUEUE_SIZE" bash -ec "run_test {}" - -+# Write all pending messages, so they don't get mixed with the summaries below -+journalctl --sync -+ -+# No need for full test logs in this case -+if [[ -s /skipped-tests ]]; then -+ : "=== SKIPPED TESTS ===" -+ cat /skipped-tests -+fi -+ -+if [[ -s /failed ]]; then -+ : "=== FAILED TESTS ===" -+ cat /failed -+fi -+ - # Test logs are sometimes lost, as the system shuts down immediately after - journalctl --sync - diff --git a/0051-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch b/0010-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch similarity index 78% rename from 0051-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch rename to 0010-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch index beb127b..44ce976 100644 --- a/0051-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch +++ b/0010-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch @@ -1,4 +1,4 @@ -From ed416f79aac6c1136f5d20a19cfc20c2709ab314 Mon Sep 17 00:00:00 2001 +From 04aacb1500c8625db8ec30d3cbeaacaf337653ad Mon Sep 17 00:00:00 2001 From: Michal Sekletar Date: Thu, 5 Aug 2021 17:11:47 +0200 Subject: [PATCH] tmpfiles: don't create resolv.conf -> stub-resolv.conf @@ -14,20 +14,20 @@ Related: RHEL-40924 delete mode 100644 tmpfiles.d/systemd-resolve.conf diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build -index bec24ac7b4..55ce48979d 100644 +index 19eb6d9c99..4335f7c130 100644 --- a/tmpfiles.d/meson.build +++ b/tmpfiles.d/meson.build -@@ -10,7 +10,6 @@ files = [['README', ''], +@@ -12,7 +12,6 @@ files = [['README'], ['systemd-nologin.conf', 'HAVE_PAM'], ['systemd-nspawn.conf', 'ENABLE_MACHINED'], ['systemd-pstore.conf', 'ENABLE_PSTORE'], - ['systemd-resolve.conf', 'ENABLE_RESOLVE'], - ['systemd-tmp.conf', ''], - ['tmp.conf', ''], - ['x11.conf', ''], + ['systemd-tmp.conf'], + ['tmp.conf'], + ['x11.conf'], diff --git a/tmpfiles.d/systemd-resolve.conf b/tmpfiles.d/systemd-resolve.conf deleted file mode 100644 -index cb1c56d6a6..0000000000 +index be5edc98e0..0000000000 --- a/tmpfiles.d/systemd-resolve.conf +++ /dev/null @@ -1,10 +0,0 @@ @@ -38,6 +38,6 @@ index cb1c56d6a6..0000000000 -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. - --# See tmpfiles.d(5) for details +-# See tmpfiles.d(5) for details. - -L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf diff --git a/0052-rc-local-order-after-network-online.target.patch b/0011-rc-local-order-after-network-online.target.patch similarity index 92% rename from 0052-rc-local-order-after-network-online.target.patch rename to 0011-rc-local-order-after-network-online.target.patch index d8c1298..99ed7aa 100644 --- a/0052-rc-local-order-after-network-online.target.patch +++ b/0011-rc-local-order-after-network-online.target.patch @@ -1,4 +1,4 @@ -From 49241b42effa3684b485a8b90e5b4256a6223971 Mon Sep 17 00:00:00 2001 +From f1c96726a753198321ce124c413476d6eb1b2d43 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Thu, 11 Mar 2021 15:48:23 +0100 Subject: [PATCH] rc-local: order after network-online.target diff --git a/0011-repart-Use-CRYPT_ACTIVATE_PRIVATE.patch b/0011-repart-Use-CRYPT_ACTIVATE_PRIVATE.patch deleted file mode 100644 index 8afa8c8..0000000 --- a/0011-repart-Use-CRYPT_ACTIVATE_PRIVATE.patch +++ /dev/null @@ -1,29 +0,0 @@ -From d316aed5d8e15fb5b13b5618f1b2d1d020b1e7bf Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Mon, 3 Jun 2024 12:35:29 +0200 -Subject: [PATCH] repart: Use CRYPT_ACTIVATE_PRIVATE - -Let's skip udev device scanning when activating a LUKS volume in -systemd-repart as we don't depend on any udev symlinks and don't -expect anything except repart to access the volume. - -Suggested by https://github.com/systemd/systemd/issues/33129#issuecomment-2143390941. - -(cherry picked from commit 726fc7ae696510b04c24810f691d34f5d20529d6) ---- - src/partition/repart.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/partition/repart.c b/src/partition/repart.c -index 2ecae4ca03..78cf60f724 100644 ---- a/src/partition/repart.c -+++ b/src/partition/repart.c -@@ -4236,7 +4236,7 @@ static int partition_encrypt(Context *context, Partition *p, PartitionTarget *ta - dm_name, - NULL, - VOLUME_KEY_SIZE, -- arg_discard ? CRYPT_ACTIVATE_ALLOW_DISCARDS : 0); -+ (arg_discard ? CRYPT_ACTIVATE_ALLOW_DISCARDS : 0) | CRYPT_ACTIVATE_PRIVATE); - if (r < 0) - return log_error_errno(r, "Failed to activate LUKS superblock: %m"); - diff --git a/0012-NEWS-note-that-new-stable-releases-will-be-in-the-ma.patch b/0012-NEWS-note-that-new-stable-releases-will-be-in-the-ma.patch deleted file mode 100644 index 13f9173..0000000 --- a/0012-NEWS-note-that-new-stable-releases-will-be-in-the-ma.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 4ebcdcb1360dbb10444f518bad7f04e10bcb6387 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Tue, 11 Jun 2024 23:09:30 +0100 -Subject: [PATCH] NEWS: note that new stable releases will be in the main repo - -(cherry picked from commit 40d637bace4041f081088673cb230669c1e34faf) ---- - NEWS | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/NEWS b/NEWS -index 02ad8b2c79..bbee0852be 100644 ---- a/NEWS -+++ b/NEWS -@@ -81,6 +81,11 @@ CHANGES WITH 256: - * systemd.crash_reboot and related settings are deprecated in favor of - systemd.crash_action=. - -+ * Stable releases for version v256 and newer will now be pushed in the -+ main repository. The systemd-stable repository will be used for existing -+ stable branches (v255-stable and lower), and when they reach EOL it will -+ be archived. -+ - General Changes and New Features: - - * Various programs will now attempt to load the main configuration file diff --git a/0053-random-util-increase-random-seed-size-to-1024.patch b/0012-random-util-increase-random-seed-size-to-1024.patch similarity index 79% rename from 0053-random-util-increase-random-seed-size-to-1024.patch rename to 0012-random-util-increase-random-seed-size-to-1024.patch index f1710ba..09ca3e9 100644 --- a/0053-random-util-increase-random-seed-size-to-1024.patch +++ b/0012-random-util-increase-random-seed-size-to-1024.patch @@ -1,4 +1,4 @@ -From 9a6ef20bab1411570b3af6f6bbdb1a299ea8e73a Mon Sep 17 00:00:00 2001 +From bb9588c6bef5d4ec69665e30a7ae142ce02d5935 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Thu, 15 Jul 2021 11:15:17 +0200 Subject: [PATCH] random-util: increase random seed size to 1024 @@ -11,10 +11,10 @@ Related: RHEL-40924 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/basic/random-util.h b/src/basic/random-util.h -index b1a4d10971..08b1a3599a 100644 +index 0b5ba77190..4118b77864 100644 --- a/src/basic/random-util.h +++ b/src/basic/random-util.h -@@ -21,7 +21,7 @@ static inline uint32_t random_u32(void) { +@@ -23,7 +23,7 @@ static inline uint32_t random_u32(void) { } /* Some limits on the pool sizes when we deal with the kernel random pool */ diff --git a/0054-journal-don-t-enable-systemd-journald-audit.socket-b.patch b/0013-journal-don-t-enable-systemd-journald-audit.socket-b.patch similarity index 92% rename from 0054-journal-don-t-enable-systemd-journald-audit.socket-b.patch rename to 0013-journal-don-t-enable-systemd-journald-audit.socket-b.patch index 3d95209..6d03578 100644 --- a/0054-journal-don-t-enable-systemd-journald-audit.socket-b.patch +++ b/0013-journal-don-t-enable-systemd-journald-audit.socket-b.patch @@ -1,4 +1,4 @@ -From 15465a4a302c4379746a21ef7b7fb9a9bfea9297 Mon Sep 17 00:00:00 2001 +From 5a60eea4b59d1ec3620726c9307ce32f91f8bb3d Mon Sep 17 00:00:00 2001 From: Jan Synacek Date: Thu, 2 May 2019 14:11:54 +0200 Subject: [PATCH] journal: don't enable systemd-journald-audit.socket by diff --git a/0013-shell-completion-only-offer-devices-for-completion.patch b/0013-shell-completion-only-offer-devices-for-completion.patch deleted file mode 100644 index 4d871f8..0000000 --- a/0013-shell-completion-only-offer-devices-for-completion.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 2034de6157cc0d3e60489cdc16c7a5651f38783c Mon Sep 17 00:00:00 2001 -From: David Tardon -Date: Wed, 12 Jun 2024 14:35:34 +0200 -Subject: [PATCH] shell-completion: only offer devices for completion - -This skips directories and other stuff like /dev/core, /dev/initctl or -/dev/log. - -(cherry picked from commit bde35f4a91663ebb854330f582baeef0f9adcbfb) ---- - shell-completion/bash/udevadm | 5 +---- - 1 file changed, 1 insertion(+), 4 deletions(-) - -diff --git a/shell-completion/bash/udevadm b/shell-completion/bash/udevadm -index 05f921cf49..3842d722e7 100644 ---- a/shell-completion/bash/udevadm -+++ b/shell-completion/bash/udevadm -@@ -32,10 +32,7 @@ __get_all_sysdevs() { - } - - __get_all_device_nodes() { -- local i -- for i in /dev/* /dev/*/* /dev/*/*/*; do -- echo $i -- done -+ find /dev -xtype b -o -xtype c - } - - __get_all_device_units() { diff --git a/0014-CODING_STYLE-document-reterr_-return-parameters.patch b/0014-CODING_STYLE-document-reterr_-return-parameters.patch deleted file mode 100644 index 9a94776..0000000 --- a/0014-CODING_STYLE-document-reterr_-return-parameters.patch +++ /dev/null @@ -1,98 +0,0 @@ -From a61a83a22b5f464463f9ab9e3ee3950f299c9f43 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 12 Jun 2024 18:31:56 +0200 -Subject: [PATCH] CODING_STYLE: document "reterr_" return parameters - -In some recent PRs (e.g. #32628) I started to systematically name return -parameters that shall only be initialized on failure (because they carry -additional error meta information, such as the line/column number of -parse failures or so). Let's make this official in the coding style. - -(cherry picked from commit 7811864b08393eda5ff92145ea2776180d9b28ee) ---- - docs/CODING_STYLE.md | 62 ++++++++++++++++++++++++++++++++++---------- - 1 file changed, 48 insertions(+), 14 deletions(-) - -diff --git a/docs/CODING_STYLE.md b/docs/CODING_STYLE.md -index 8f687e6662..309436a397 100644 ---- a/docs/CODING_STYLE.md -+++ b/docs/CODING_STYLE.md -@@ -164,30 +164,64 @@ SPDX-License-Identifier: LGPL-2.1-or-later - thread. Use `is_main_thread()` to detect whether the calling thread is the - main thread. - --- Do not write functions that clobber call-by-reference variables on -- failure. Use temporary variables for these cases and change the passed in -- variables only on success. The rule is: never clobber return parameters on -- failure, always initialize return parameters on success. -- --- Typically, function parameters fit into three categories: input parameters, -- mutable objects, and call-by-reference return parameters. Input parameters -- should always carry suitable "const" declarators if they are pointers, to -- indicate they are input-only and not changed by the function. Return -- parameters are best prefixed with "ret_", to clarify they are return -- parameters. (Conversely, please do not prefix parameters that aren't -- output-only with "ret_", in particular not mutable parameters that are both -- input as well as output). Example: -+- Typically, function parameters fit into four categories: input parameters, -+ mutable objects, call-by-reference return parameters that are initialized on -+ success, and call-by-reference return parameters that are initialized on -+ failure. Input parameters should always carry suitable `const` declarators if -+ they are pointers, to indicate they are input-only and not changed by the -+ function. The name of return parameters that are initialized on success -+ should be prefixed with `ret_`, to clarify they are return parameters. The -+ name of return parameters that are initialized on failure should be prefixed -+ with `reterr_`. (Examples of such parameters: those which carry additional -+ error information, such as the row/column of parse errors or so). – -+ Conversely, please do not prefix parameters that aren't output-only with -+ `ret_` or `reterr_`, in particular not mutable parameters that are both input -+ as well as output. -+ -+ Example: - - ```c - static int foobar_frobnicate( - Foobar* object, /* the associated mutable object */ - const char *input, /* immutable input parameter */ -- char **ret_frobnicated) { /* return parameter */ -+ char **ret_frobnicated, /* return parameter on success */ -+ unsigned *reterr_line, /* return parameter on failure */ -+ unsigned *reterr_column) { /* ditto */ - … - return 0; - } - ``` - -+- Do not write functions that clobber call-by-reference success return -+ parameters on failure (i.e. `ret_xyz`, see above), or that clobber -+ call-by-reference failure return parameters on success -+ (i.e. `reterr_xyz`). Use temporary variables for these cases and change the -+ passed in variables only in the right condition. The rule is: never clobber -+ success return parameters on failure, always initialize success return -+ parameters on success (and the reverse for failure return parameters, of -+ course). -+ -+- Please put `reterr_` return parameters in the function parameter list last, -+ and `ret_` return parameters immediately before that. -+ -+ Good: -+ -+ ```c -+ static int do_something( -+ const char *input, -+ const char *ret_on_success, -+ const char *reterr_on_failure); -+ ``` -+ -+ Not good: -+ -+ ```c -+ static int do_something( -+ const char *reterr_on_failure, -+ const char *ret_on_success, -+ const char *input); -+ ``` -+ - - The order in which header files are included doesn't matter too - much. systemd-internal headers must not rely on an include order, so it is - safe to include them in any order possible. However, to not clutter global diff --git a/0055-journald.conf-don-t-touch-current-audit-settings.patch b/0014-journald.conf-don-t-touch-current-audit-settings.patch similarity index 83% rename from 0055-journald.conf-don-t-touch-current-audit-settings.patch rename to 0014-journald.conf-don-t-touch-current-audit-settings.patch index fe1a827..94fef45 100644 --- a/0055-journald.conf-don-t-touch-current-audit-settings.patch +++ b/0014-journald.conf-don-t-touch-current-audit-settings.patch @@ -1,4 +1,4 @@ -From b340b4c797599aa444f9dbf07c6ef7ea29021604 Mon Sep 17 00:00:00 2001 +From 1ee56a7495a28b9479f49d664a56e1be8ee0f4b4 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Thu, 5 Aug 2021 15:26:13 +0200 Subject: [PATCH] journald.conf: don't touch current audit settings @@ -11,7 +11,7 @@ Related: RHEL-40924 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/journal/journald.conf b/src/journal/journald.conf -index 13cdd6300f..fc307c53c2 100644 +index 9a12ca7657..fe519f03e2 100644 --- a/src/journal/journald.conf +++ b/src/journal/journald.conf @@ -47,4 +47,4 @@ diff --git a/0015-analyze-show-pcrs-also-in-sha384-bank.patch b/0015-analyze-show-pcrs-also-in-sha384-bank.patch deleted file mode 100644 index c94137a..0000000 --- a/0015-analyze-show-pcrs-also-in-sha384-bank.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 51390a1f41a762ef96d3c496d8a5d890d722907d Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 4 Jun 2024 11:02:34 +0200 -Subject: [PATCH] analyze: show pcrs also in sha384 bank - -SHA384 is pretty much the bank we actually *want* to use, since it's -faster to calculate than SHA256, hence at the very least, start -considering. - -(cherry picked from commit acaca5ab250a51be6ba07768bee80bf0f7b462fa) ---- - src/analyze/analyze-pcrs.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/analyze/analyze-pcrs.c b/src/analyze/analyze-pcrs.c -index 43e415fc6d..1c3da3fd84 100644 ---- a/src/analyze/analyze-pcrs.c -+++ b/src/analyze/analyze-pcrs.c -@@ -11,7 +11,7 @@ - static int get_pcr_alg(const char **ret) { - assert(ret); - -- FOREACH_STRING(alg, "sha256", "sha1") { -+ FOREACH_STRING(alg, "sha256", "sha384", "sha1") { - _cleanup_free_ char *p = NULL; - - if (asprintf(&p, "/sys/class/tpm/tpm0/pcr-%s/0", alg) < 0) diff --git a/0056-rules-add-elevator-kernel-command-line-parameter.patch b/0015-rules-add-elevator-kernel-command-line-parameter.patch similarity index 96% rename from 0056-rules-add-elevator-kernel-command-line-parameter.patch rename to 0015-rules-add-elevator-kernel-command-line-parameter.patch index 58c8c31..532db99 100644 --- a/0056-rules-add-elevator-kernel-command-line-parameter.patch +++ b/0015-rules-add-elevator-kernel-command-line-parameter.patch @@ -1,4 +1,4 @@ -From 3847259c117fd511043a60400233ca9d1af1b5ce Mon Sep 17 00:00:00 2001 +From 9a50ecbb2ce61e7679b9e30c16cd9e18f3004e7c Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Tue, 12 Feb 2019 16:58:16 +0100 Subject: [PATCH] rules: add elevator= kernel command line parameter diff --git a/0016-fundamental-declare-flex-array-updated-for-gcc15-and.patch b/0016-fundamental-declare-flex-array-updated-for-gcc15-and.patch deleted file mode 100644 index 44ebc9b..0000000 --- a/0016-fundamental-declare-flex-array-updated-for-gcc15-and.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 3706b5e8e92fe6a4ff21cefe66f2eb27953a3fdf Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= -Date: Thu, 13 Jun 2024 11:59:28 -0400 -Subject: [PATCH] fundamental: declare flex array updated for gcc15 and clang - 19 - -Silly workaround that: -- allowed flexible arrays in unions -- allowed flexible arrays in otherwise empty structs - -Is no longer needed since https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=adb1c8a0f167c3a1f7593d75f5a10eb07a5d741a -(GCC15) or clang 19 https://github.com/llvm/llvm-project/commit/14ba782a87e16e9e15460a51f50e67e2744c26d9 - -(cherry picked from commit 3c2f2146f50c75662987541719bedc4aee9df939) ---- - src/fundamental/macro-fundamental.h | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/fundamental/macro-fundamental.h b/src/fundamental/macro-fundamental.h -index 5ccbda5186..8aca5f784a 100644 ---- a/src/fundamental/macro-fundamental.h -+++ b/src/fundamental/macro-fundamental.h -@@ -517,6 +517,10 @@ static inline uint64_t ALIGN_OFFSET_U64(uint64_t l, uint64_t ali) { - } \ - } - -+/* Restriction/bug (see above) was fixed in GCC 15 and clang 19.*/ -+#if __GNUC__ >= 15 || (defined(__clang__) && __clang_major__ >= 19) -+#define DECLARE_FLEX_ARRAY(type, name) type name[]; -+#else - /* Declare a flexible array usable in a union. - * This is essentially a work-around for a pointless constraint in C99 - * and might go away in some future version of the standard. -@@ -528,6 +532,7 @@ static inline uint64_t ALIGN_OFFSET_U64(uint64_t l, uint64_t ali) { - dummy_t __empty__ ## name; \ - type name[]; \ - } -+#endif - - /* Declares an ELF read-only string section that does not occupy memory at runtime. */ - #define DECLARE_NOALLOC_SECTION(name, text) \ diff --git a/0057-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch b/0016-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch similarity index 94% rename from 0057-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch rename to 0016-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch index a10993c..a245bf4 100644 --- a/0057-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch +++ b/0016-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch @@ -1,4 +1,4 @@ -From 5725d315940804ba80468e6e3b6ea4653587f109 Mon Sep 17 00:00:00 2001 +From 051e7668f89db42292bd5b060fdda07e6232effd Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 1 Aug 2018 13:19:39 +0200 Subject: [PATCH] pid1: bump DefaultTasksMax to 80% of the kernel pid.max value @@ -15,10 +15,10 @@ Related: RHEL-40924 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml -index ae5b61b149..22919842f5 100644 +index 580da9d75f..297838eaa4 100644 --- a/man/systemd-system.conf.xml +++ b/man/systemd-system.conf.xml -@@ -520,10 +520,10 @@ +@@ -230,10 +230,10 @@ Configure the default value for the per-unit TasksMax= setting. See systemd.resource-control5 for details. This setting applies to all unit types that support resource control settings, with the exception @@ -32,7 +32,7 @@ index ae5b61b149..22919842f5 100644 diff --git a/src/core/manager.c b/src/core/manager.c -index 90e72b0c02..8ddf37fdad 100644 +index f21a4f7ceb..485fdd1a66 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -117,7 +117,7 @@ diff --git a/0017-man-add-a-bit-of-a-warning-to-systemd-tmpfiles-purge.patch b/0017-man-add-a-bit-of-a-warning-to-systemd-tmpfiles-purge.patch deleted file mode 100644 index a7a5afc..0000000 --- a/0017-man-add-a-bit-of-a-warning-to-systemd-tmpfiles-purge.patch +++ /dev/null @@ -1,31 +0,0 @@ -From aedeaf745028a463150fd6d2b1aca778797735ac Mon Sep 17 00:00:00 2001 -From: Nick Rosbrook -Date: Fri, 14 Jun 2024 17:31:22 -0400 -Subject: [PATCH] man: add a bit of a warning to systemd-tmpfiles --purge - -Mention that by default, /home is managed by tmpfiles.d/home.conf, and -recommend that users run systemd-tmpfiles --dry-run --purge first to -see exactly what will be removed. - -(cherry picked from commit 9ebcac3b5125a8b0b11f371731ea167cd4684adc) ---- - man/systemd-tmpfiles.xml | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml -index 008bff62da..6f3ec66611 100644 ---- a/man/systemd-tmpfiles.xml -+++ b/man/systemd-tmpfiles.xml -@@ -150,7 +150,11 @@ - - - If this option is passed, all files and directories created by a -- tmpfiles.d/ entry will be deleted. -+ tmpfiles.d/ entry will be deleted. Keep in mind that by default, -+ /home is created by systemd-tmpfiles -+ (see /usr/lib/tmpfiles.d/home.conf). Therefore it is recommended -+ to first run systemd-tmpfiles --dry-run --purge to be certain which files -+ and directories will be deleted. - - - diff --git a/0058-udev-net-setup-link-change-the-default-MACAddressPol.patch b/0017-udev-net-setup-link-change-the-default-MACAddressPol.patch similarity index 89% rename from 0058-udev-net-setup-link-change-the-default-MACAddressPol.patch rename to 0017-udev-net-setup-link-change-the-default-MACAddressPol.patch index 4929912..565098e 100644 --- a/0058-udev-net-setup-link-change-the-default-MACAddressPol.patch +++ b/0017-udev-net-setup-link-change-the-default-MACAddressPol.patch @@ -1,4 +1,4 @@ -From 2b9b38af0bd6f15d316869022ad296f5927f2d2b Mon Sep 17 00:00:00 2001 +From 053b814d8f22c15e07f25ce5820d27a25d80a68b Mon Sep 17 00:00:00 2001 From: Michal Sekletar Date: Tue, 21 Sep 2021 15:01:19 +0200 Subject: [PATCH] udev/net-setup-link: change the default MACAddressPolicy to @@ -19,7 +19,7 @@ Related: RHEL-40924 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/man/systemd.link.xml b/man/systemd.link.xml -index 3991d91881..0002eb3617 100644 +index 81d54cdc39..cfdad61741 100644 --- a/man/systemd.link.xml +++ b/man/systemd.link.xml @@ -1386,7 +1386,7 @@ OriginalName=* @@ -32,13 +32,13 @@ index 3991d91881..0002eb3617 100644 diff --git a/network/99-default.link b/network/99-default.link -index 56030b62be..5628dcf845 100644 +index 083dca48c9..e64ac7efec 100644 --- a/network/99-default.link +++ b/network/99-default.link @@ -12,4 +12,4 @@ OriginalName=* [Link] NamePolicy=keep kernel database onboard slot path - AlternativeNamesPolicy=database onboard slot path + AlternativeNamesPolicy=database onboard slot path mac -MACAddressPolicy=persistent +MACAddressPolicy=none diff --git a/test/fuzz/fuzz-link-parser/99-default.link b/test/fuzz/fuzz-link-parser/99-default.link diff --git a/0059-core-decrease-log-level-of-messages-about-use-of-Kil.patch b/0018-core-decrease-log-level-of-messages-about-use-of-Kil.patch similarity index 79% rename from 0059-core-decrease-log-level-of-messages-about-use-of-Kil.patch rename to 0018-core-decrease-log-level-of-messages-about-use-of-Kil.patch index 6422fc2..775a290 100644 --- a/0059-core-decrease-log-level-of-messages-about-use-of-Kil.patch +++ b/0018-core-decrease-log-level-of-messages-about-use-of-Kil.patch @@ -1,4 +1,4 @@ -From 74151c1fd19cbd73f2a6d1c2f84eac9bb73eac7e Mon Sep 17 00:00:00 2001 +From 06b4116be34987c24502088bcff404621ea658fa Mon Sep 17 00:00:00 2001 From: Michal Sekletar Date: Tue, 22 Feb 2022 13:24:11 +0100 Subject: [PATCH] core: decrease log level of messages about use of @@ -13,10 +13,10 @@ Related: RHEL-40924 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c -index 5ae68886af..d4c006eb87 100644 +index f34c930f4e..b46f53f157 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c -@@ -868,7 +868,7 @@ int config_parse_kill_mode( +@@ -871,7 +871,7 @@ int config_parse_kill_mode( } if (m == KILL_NONE) @@ -26,15 +26,15 @@ index 5ae68886af..d4c006eb87 100644 "This is unsafe, as it disables systemd's process lifecycle management for the service. " "Please update the service to use a safer KillMode=, such as 'mixed' or 'control-group'. " diff --git a/src/core/unit.c b/src/core/unit.c -index 2d40618fcb..0ec5dcaf75 100644 +index 0d88f4f641..1a5fffcc15 100644 --- a/src/core/unit.c +++ b/src/core/unit.c -@@ -5867,7 +5867,7 @@ int unit_log_leftover_process_start(const PidRef *pid, int sig, void *userdata) +@@ -5914,7 +5914,7 @@ static int unit_log_leftover_process_start(const PidRef *pid, int sig, void *use /* During start we print a warning */ -- log_unit_warning(userdata, -+ log_unit_debug(userdata, +- log_unit_warning(u, ++ log_unit_debug(u, "Found left-over process " PID_FMT " (%s) in control group while starting unit. Ignoring.\n" "This usually indicates unclean termination of a previous run, or service implementation deficiencies.", pid->pid, strna(comm)); diff --git a/0018-man-units-drop-temporary-from-description-of-systemd.patch b/0018-man-units-drop-temporary-from-description-of-systemd.patch deleted file mode 100644 index 207204d..0000000 --- a/0018-man-units-drop-temporary-from-description-of-systemd.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 1a0e6961cfaed42bda542e111738c136f7b4d73f Mon Sep 17 00:00:00 2001 -From: Mike Yuan -Date: Sat, 15 Jun 2024 17:27:33 +0200 -Subject: [PATCH] man,units: drop "temporary" from description of - systemd-tmpfiles - -Historically, systemd-tmpfiles was designed to manager temporary -files, but nowadays it has become a generic tool for managing -all kinds of files. To avoid user confusion, let's remove "temporary" -from the tool's description. - -As discussed in #33349 - -(cherry picked from commit b5c8cc0a3b8e4e2fea0539d6420a76b524ea5735) ---- - man/systemd-tmpfiles.xml | 8 +++++--- - units/systemd-tmpfiles-setup.service | 2 +- - units/user/systemd-tmpfiles-setup.service | 2 +- - 3 files changed, 7 insertions(+), 5 deletions(-) - -diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml -index 6f3ec66611..9767aead85 100644 ---- a/man/systemd-tmpfiles.xml -+++ b/man/systemd-tmpfiles.xml -@@ -55,9 +55,11 @@ - - Description - -- systemd-tmpfiles creates, deletes, and cleans up volatile and temporary files -- and directories, using the configuration file format and location specified in -- tmpfiles.d5. It must -+ systemd-tmpfiles creates, deletes, and cleans up files and directories, using -+ the configuration file format and location specified in -+ tmpfiles.d5. -+ Historically, it was designed to manage volatile and temporary files, as the name suggests, but it provides -+ generic file management functionality and can be used to manage any kind of files. It must - be invoked with one or more commands , , and - , to select the respective subset of operations. - -diff --git a/units/systemd-tmpfiles-setup.service b/units/systemd-tmpfiles-setup.service -index 6cae32850f..b92beb7314 100644 ---- a/units/systemd-tmpfiles-setup.service -+++ b/units/systemd-tmpfiles-setup.service -@@ -8,7 +8,7 @@ - # (at your option) any later version. - - [Unit] --Description=Create Volatile Files and Directories -+Description=Create System Files and Directories - Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) - - DefaultDependencies=no -diff --git a/units/user/systemd-tmpfiles-setup.service b/units/user/systemd-tmpfiles-setup.service -index 156689edcd..54e453c4fc 100644 ---- a/units/user/systemd-tmpfiles-setup.service -+++ b/units/user/systemd-tmpfiles-setup.service -@@ -8,7 +8,7 @@ - # (at your option) any later version. - - [Unit] --Description=Create User's Volatile Files and Directories -+Description=Create User Files and Directories - Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) - DefaultDependencies=no - Conflicts=shutdown.target diff --git a/0019-mkosi-enable-unprivileged-user-ns-for-integration-te.patch b/0019-mkosi-enable-unprivileged-user-ns-for-integration-te.patch deleted file mode 100644 index ddc2f39..0000000 --- a/0019-mkosi-enable-unprivileged-user-ns-for-integration-te.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 9f5f3c2f8bc2c3d82678672f3e700c1eb4e52d61 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Sun, 16 Jun 2024 11:16:21 +0100 -Subject: [PATCH] mkosi: enable unprivileged user ns for integration tests - -Ubuntu disables them by default in Noble, ship a sysctl to turn them back on -so that tests can use them - -(cherry picked from commit 4cfcde024f34b3e5f682364d4e0c6185ef07d467) ---- - .../usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf | 4 ++++ - 1 file changed, 4 insertions(+) - create mode 100644 mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf - -diff --git a/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf b/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf -new file mode 100644 -index 0000000000..657ac72f8d ---- /dev/null -+++ b/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf -@@ -0,0 +1,4 @@ -+# Ubuntu since Noble disables unprivileged user namespaces by default, re-enable them as they are needed -+# for integration tests -+kernel.apparmor_restrict_unprivileged_unconfined = 0 -+kernel.apparmor_restrict_unprivileged_userns = 0 diff --git a/0063-taint-remove-unmerged-bin.patch b/0019-taint-remove-unmerged-bin.patch similarity index 88% rename from 0063-taint-remove-unmerged-bin.patch rename to 0019-taint-remove-unmerged-bin.patch index d73f29b..09b102d 100644 --- a/0063-taint-remove-unmerged-bin.patch +++ b/0019-taint-remove-unmerged-bin.patch @@ -1,4 +1,4 @@ -From 13a07024f674e770844de29cd3d01cb7117f56d9 Mon Sep 17 00:00:00 2001 +From 42a6e71e98d03988ecf0915183f7c228690d2788 Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Mon, 8 Jul 2024 14:44:45 +0200 Subject: [PATCH] taint: remove unmerged-bin @@ -16,10 +16,10 @@ Resolves: RHEL-46277 4 files changed, 1 insertion(+), 17 deletions(-) diff --git a/catalog/systemd.catalog.in b/catalog/systemd.catalog.in -index 2831152763..66ffefd1c8 100644 +index eab4afd0cd..cf86af9d8d 100644 --- a/catalog/systemd.catalog.in +++ b/catalog/systemd.catalog.in -@@ -560,7 +560,6 @@ Support: %SUPPORT_URL% +@@ -570,7 +570,6 @@ Support: %SUPPORT_URL% The following "tags" are possible: - "unmerged-usr" - /bin, /sbin, /lib* are not symlinks to their counterparts under /usr/ @@ -28,10 +28,10 @@ index 2831152763..66ffefd1c8 100644 - "cgroupsv1" - the system is using the deprecated cgroup v1 hierarchy - "local-hwclock" - the local hardware clock (RTC) is configured to be in diff --git a/catalog/systemd.pl.catalog.in b/catalog/systemd.pl.catalog.in -index 75039e9fcd..fcba4b500a 100644 +index f8a525f030..a7102439a2 100644 --- a/catalog/systemd.pl.catalog.in +++ b/catalog/systemd.pl.catalog.in -@@ -566,7 +566,6 @@ Support: %SUPPORT_URL% +@@ -578,7 +578,6 @@ Support: %SUPPORT_URL% Możliwe są następujące „etykiety”: • „unmerged-usr” — /bin, /sbin, /lib* nie są dowiązaniami symbolicznymi do swoich odpowiedników pod /usr/, @@ -40,10 +40,10 @@ index 75039e9fcd..fcba4b500a 100644 • „cgroupsv1” — system używa przestarzałej hierarchii cgroup v1, • „local-hwclock” — lokalny zegar sprzętowy (RTC) jest skonfigurowany diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml -index b0b45097e3..f2b5ca39e7 100644 +index 9cd6a69311..caa7a687cd 100644 --- a/man/org.freedesktop.systemd1.xml +++ b/man/org.freedesktop.systemd1.xml -@@ -1666,15 +1666,6 @@ node /org/freedesktop/systemd1 { +@@ -1676,15 +1676,6 @@ node /org/freedesktop/systemd1 { @@ -60,19 +60,19 @@ index b0b45097e3..f2b5ca39e7 100644 var-run-bad diff --git a/src/core/taint.c b/src/core/taint.c -index 969b37f209..4c98312f54 100644 +index b7a1c647a2..f9b3b3d69a 100644 --- a/src/core/taint.c +++ b/src/core/taint.c @@ -32,7 +32,7 @@ static int short_uid_gid_range(UIDRangeUsernsMode mode) { } - char* taint_string(void) { + char** taint_strv(void) { - const char *stage[12] = {}; + const char *stage[11] = {}; size_t n = 0; /* Returns a "taint string", e.g. "local-hwclock:var-run-bad". Only things that are detected at -@@ -44,11 +44,6 @@ char* taint_string(void) { +@@ -44,11 +44,6 @@ char** taint_strv(void) { if (readlink_malloc("/bin", &bin) < 0 || !PATH_IN_SET(bin, "usr/bin", "/usr/bin")) stage[n++] = "unmerged-usr"; diff --git a/0020-mkosi-use-ports.ubuntu.com-for-non-x86-backports.patch b/0020-mkosi-use-ports.ubuntu.com-for-non-x86-backports.patch deleted file mode 100644 index 19dd89d..0000000 --- a/0020-mkosi-use-ports.ubuntu.com-for-non-x86-backports.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 21feae324e812580062c36aa14cc5e68a37aa151 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Sun, 16 Jun 2024 15:28:56 +0100 -Subject: [PATCH] mkosi: use ports.ubuntu.com for non-x86 backports - -Follow-up for 46368556afee7a1f3a1685609942438ef2d9d6c1 - -(cherry picked from commit c01cb8cbff8512b65b7903b55f78c8d12661b8d7) ---- - mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf | 3 --- - .../mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf | 9 +++++++++ - .../system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf | 9 +++++++++ - .../mkosi.conf.d/10-ubuntu/noble-backports-ports.sources | 6 ++++++ - 4 files changed, 24 insertions(+), 3 deletions(-) - create mode 100644 mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf - create mode 100644 mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf - create mode 100644 mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources - -diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf -index 25957b1e92..86f9736ed9 100644 ---- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf -+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf -@@ -3,9 +3,6 @@ - [Match] - Distribution=ubuntu - --[Distribution] --PackageManagerTrees=noble-backports.sources:/etc/apt/sources.list.d/noble-backports.sources -- - [Content] - Packages= - linux-image-generic -diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf -new file mode 100644 -index 0000000000..0ec4807822 ---- /dev/null -+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf -@@ -0,0 +1,9 @@ -+# SPDX-License-Identifier: LGPL-2.1-or-later -+# The ports Ubuntu archive is for non i386/amd64 repositories -+ -+[Match] -+Architecture=!x86-64 -+Architecture=!x86 -+ -+[Distribution] -+PackageManagerTrees=noble-backports-ports.sources:/etc/apt/sources.list.d/noble-backports-ports.sources -diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf -new file mode 100644 -index 0000000000..c08eeac337 ---- /dev/null -+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf -@@ -0,0 +1,9 @@ -+# SPDX-License-Identifier: LGPL-2.1-or-later -+# The main Ubuntu archive is only for i386/amd64 repositories -+ -+[Match] -+Architecture=|x86-64 -+Architecture=|x86 -+ -+[Distribution] -+PackageManagerTrees=noble-backports.sources:/etc/apt/sources.list.d/noble-backports.sources -diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources b/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources -new file mode 100644 -index 0000000000..5b96dc544d ---- /dev/null -+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources -@@ -0,0 +1,6 @@ -+# SPDX-License-Identifier: LGPL-2.1-or-later -+Types: deb -+URIs: http://ports.ubuntu.com -+Suites: noble-backports -+Components: main universe -+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg diff --git a/0064-presets-remove-resolved.patch b/0020-presets-remove-resolved.patch similarity index 93% rename from 0064-presets-remove-resolved.patch rename to 0020-presets-remove-resolved.patch index 5ed7b6a..6139bae 100644 --- a/0064-presets-remove-resolved.patch +++ b/0020-presets-remove-resolved.patch @@ -1,4 +1,4 @@ -From c2f507732264038dbef44b7652c8f5dee148e1e2 Mon Sep 17 00:00:00 2001 +From e10f3e04f92d72ecac5179609b6dc900443625b5 Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Mon, 8 Jul 2024 13:13:10 +0200 Subject: [PATCH] presets: remove resolved diff --git a/0067-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch b/0021-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch similarity index 69% rename from 0067-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch rename to 0021-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch index d6d81ff..0098b40 100644 --- a/0067-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch +++ b/0021-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch @@ -1,4 +1,4 @@ -From 1a643a20c5e772fc15a921ed81c7b010fa6bd4a7 Mon Sep 17 00:00:00 2001 +From 44b06a0c152412b9e08db6caae10a3b73fa240ef Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Tue, 16 Jul 2024 10:08:06 +0200 Subject: [PATCH] ci: run mkosi test only for Fedora and CentOS Stream @@ -7,11 +7,11 @@ rhel-only: ci Related: RHEL-40924 --- - .github/workflows/mkosi.yml | 24 ++---------------------- - 1 file changed, 2 insertions(+), 22 deletions(-) + .github/workflows/mkosi.yml | 32 ++------------------------------ + 1 file changed, 2 insertions(+), 30 deletions(-) diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml -index 3a8dabd95c..9add22c2ea 100644 +index e7575fb6bb..ee46b3544a 100644 --- a/.github/workflows/mkosi.yml +++ b/.github/workflows/mkosi.yml @@ -8,7 +8,7 @@ on: @@ -21,8 +21,8 @@ index 3a8dabd95c..9add22c2ea 100644 - - v[0-9]+-stable + - rhel-10.* paths: - - '**' - - '!README*' + - "**" + - "!README*" @@ -26,7 +26,7 @@ on: pull_request: branches: @@ -30,9 +30,9 @@ index 3a8dabd95c..9add22c2ea 100644 - - v[0-9]+-stable + - rhel-10.* paths: - - '**' - - '!README*' -@@ -54,21 +54,6 @@ jobs: + - "**" + - "!README*" +@@ -54,27 +54,6 @@ jobs: fail-fast: false matrix: include: @@ -41,28 +41,36 @@ index 3a8dabd95c..9add22c2ea 100644 - sanitizers: "" - llvm: 0 - cflags: "-O2 -D_FORTIFY_SOURCE=3" +- relabel: no +- qemu: 1 - - distro: debian - release: testing - sanitizers: "" - llvm: 0 - cflags: "-Og" +- relabel: no +- qemu: 0 - - distro: ubuntu - release: noble - sanitizers: "" - llvm: 0 - cflags: "-Og" +- relabel: no +- qemu: 0 - distro: fedora - release: "40" + release: "41" sanitizers: "" -@@ -79,11 +64,6 @@ jobs: - sanitizers: address,undefined - llvm: 1 +@@ -89,13 +68,6 @@ jobs: cflags: "-Og" + relabel: yes + qemu: 0 - - distro: opensuse - release: tumbleweed - sanitizers: "" - llvm: 0 - cflags: "-Og" +- relabel: no +- qemu: 0 - distro: centos release: "9" sanitizers: "" diff --git a/0021-mkosi-install-EFI-packages-only-on-EFI-architectures.patch b/0021-mkosi-install-EFI-packages-only-on-EFI-architectures.patch deleted file mode 100644 index 3229128..0000000 --- a/0021-mkosi-install-EFI-packages-only-on-EFI-architectures.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 9802a28b367b3d403c41b570949e3c91f505ede5 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Sun, 16 Jun 2024 20:42:12 +0100 -Subject: [PATCH] mkosi: install EFI packages only on EFI architectures - -sbsigntool, systemd-boot and systemd-boot-efi do not exist on other -architectures - -(cherry picked from commit 47fe3f29b4ba1b44ae71a7e67c579c4883731dd4) ---- - .../mkosi.conf.d/10-debian-ubuntu/mkosi.conf | 3 --- - .../10-debian-ubuntu/mkosi.conf.d/efi.conf | 16 ++++++++++++++++ - 2 files changed, 16 insertions(+), 3 deletions(-) - create mode 100644 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf - -diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf -index ae014fa966..ecac78049d 100644 ---- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf -+++ b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf -@@ -20,8 +20,6 @@ VolatilePackages= - libsystemd-dev - libudev-dev - systemd -- systemd-boot -- systemd-boot-efi - systemd-container - systemd-coredump - systemd-dev -@@ -74,7 +72,6 @@ Packages= - python3-pexpect - python3-psutil - quota -- sbsigntool - softhsm2 - squashfs-tools - stress -diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf -new file mode 100644 -index 0000000000..781670a775 ---- /dev/null -+++ b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf -@@ -0,0 +1,16 @@ -+# SPDX-License-Identifier: LGPL-2.1-or-later -+# sbsigntool exists only on UEFI architectures -+ -+[Match] -+Architecture=|x86 -+Architecture=|x86-64 -+Architecture=|arm -+Architecture=|arm64 -+Architecture=|riscv32 -+Architecture=|riscv64 -+ -+[Content] -+Packages= -+ sbsigntool -+ systemd-boot -+ systemd-boot-efi diff --git a/0068-taint-remove-unused-variable-usr_sbin.patch b/0022-taint-remove-unused-variable-usr_sbin.patch similarity index 85% rename from 0068-taint-remove-unused-variable-usr_sbin.patch rename to 0022-taint-remove-unused-variable-usr_sbin.patch index 5f0af4a..54a4f1c 100644 --- a/0068-taint-remove-unused-variable-usr_sbin.patch +++ b/0022-taint-remove-unused-variable-usr_sbin.patch @@ -1,4 +1,4 @@ -From 423af3467e66fd07a3a739b40af97b265bd4e45e Mon Sep 17 00:00:00 2001 +From f224307ee5d471a6b619244e6e36c9740e4319f5 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Tue, 16 Jul 2024 10:09:23 +0200 Subject: [PATCH] taint: remove unused variable `usr_sbin` @@ -13,10 +13,10 @@ Related: RHEL-40924 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/taint.c b/src/core/taint.c -index 4c98312f54..370f0297e3 100644 +index f9b3b3d69a..676cb4d5e7 100644 --- a/src/core/taint.c +++ b/src/core/taint.c -@@ -39,7 +39,7 @@ char* taint_string(void) { +@@ -39,7 +39,7 @@ char** taint_strv(void) { * runtime should be tagged here. For stuff that is known during compilation, emit a warning in the * configuration phase. */ diff --git a/0022-test-check-the-skip-condition-before-installing-addi.patch b/0022-test-check-the-skip-condition-before-installing-addi.patch deleted file mode 100644 index 415f47d..0000000 --- a/0022-test-check-the-skip-condition-before-installing-addi.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 50b53b8221aa9d5e8fa3269b73d13b8a304728a8 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Sun, 16 Jun 2024 13:41:50 +0100 -Subject: [PATCH] test: check the skip condition before installing additional - files - -(cherry picked from commit e1daedb4be6d8180790e0b303872fb1c87ddc7fc) ---- - test/units/TEST-43-PRIVATEUSER-UNPRIV.sh | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/test/units/TEST-43-PRIVATEUSER-UNPRIV.sh b/test/units/TEST-43-PRIVATEUSER-UNPRIV.sh -index 165af47f15..f8a2a62467 100755 ---- a/test/units/TEST-43-PRIVATEUSER-UNPRIV.sh -+++ b/test/units/TEST-43-PRIVATEUSER-UNPRIV.sh -@@ -6,13 +6,13 @@ set -o pipefail - # shellcheck source=test/units/util.sh - . "$(dirname "$0")"/util.sh - --install_extension_images -- - if [[ "$(sysctl -ne kernel.apparmor_restrict_unprivileged_userns)" -eq 1 ]]; then - echo "Cannot create unprivileged user namespaces" >/skipped - exit 77 - fi - -+install_extension_images -+ - systemd-analyze log-level debug - - runas testuser systemd-run --wait --user --unit=test-private-users \ diff --git a/0069-packit-drop-the-libarchive-workaround.patch b/0023-packit-drop-the-libarchive-workaround.patch similarity index 93% rename from 0069-packit-drop-the-libarchive-workaround.patch rename to 0023-packit-drop-the-libarchive-workaround.patch index c32dd65..d2b0aa7 100644 --- a/0069-packit-drop-the-libarchive-workaround.patch +++ b/0023-packit-drop-the-libarchive-workaround.patch @@ -1,4 +1,4 @@ -From fb422df08369fd10a4d3543697f09a7bd2f4c288 Mon Sep 17 00:00:00 2001 +From 17218ad668ec29b0ea7556bd67e5a7170e1ab794 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Wed, 17 Jul 2024 12:19:03 +0200 Subject: [PATCH] packit: drop the libarchive workaround diff --git a/0023-test-drop-unneeded-firmware-uefi-setting.patch b/0023-test-drop-unneeded-firmware-uefi-setting.patch deleted file mode 100644 index 32a797a..0000000 --- a/0023-test-drop-unneeded-firmware-uefi-setting.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 51a2e7be5ec1a28be11d309897671c8dd4511ae8 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Sun, 16 Jun 2024 16:08:57 +0100 -Subject: [PATCH] test: drop unneeded firmware: uefi setting - -These tests no longer need this, as they are running in nspawn, drop it - -(cherry picked from commit f44fc531c95e37c83203375c411189009a01b482) ---- - test/TEST-09-REBOOT/meson.build | 2 -- - test/TEST-18-FAILUREACTION/meson.build | 2 -- - 2 files changed, 4 deletions(-) - -diff --git a/test/TEST-09-REBOOT/meson.build b/test/TEST-09-REBOOT/meson.build -index c4b41bc97b..b7556189f5 100644 ---- a/test/TEST-09-REBOOT/meson.build -+++ b/test/TEST-09-REBOOT/meson.build -@@ -4,7 +4,5 @@ integration_tests += [ - integration_test_template + { - 'name' : fs.name(meson.current_source_dir()), - 'storage' : 'persistent', -- # FIXME; Figure out why reboot sometimes hangs with 'linux' firmware. -- 'firmware' : 'uefi', - }, - ] -diff --git a/test/TEST-18-FAILUREACTION/meson.build b/test/TEST-18-FAILUREACTION/meson.build -index 5edfbcad1f..8dec5f37e7 100644 ---- a/test/TEST-18-FAILUREACTION/meson.build -+++ b/test/TEST-18-FAILUREACTION/meson.build -@@ -3,7 +3,5 @@ - integration_tests += [ - integration_test_template + { - 'name' : fs.name(meson.current_source_dir()), -- # FIXME; Figure out why reboot sometimes hangs with 'linux' firmware. -- 'firmware' : 'uefi', - }, - ] diff --git a/0071-coredump-by-default-process-and-store-core-files-up-.patch b/0024-coredump-by-default-process-and-store-core-files-up-.patch similarity index 87% rename from 0071-coredump-by-default-process-and-store-core-files-up-.patch rename to 0024-coredump-by-default-process-and-store-core-files-up-.patch index 0d1e230..d4144b5 100644 --- a/0071-coredump-by-default-process-and-store-core-files-up-.patch +++ b/0024-coredump-by-default-process-and-store-core-files-up-.patch @@ -1,4 +1,4 @@ -From 612afd332a5e647faed3c3acba03ca653bace41b Mon Sep 17 00:00:00 2001 +From 78b2176529760fac86dfc994f13fefbcd6a4b5aa Mon Sep 17 00:00:00 2001 From: Michal Sekletar Date: Fri, 5 Apr 2024 15:56:58 +0200 Subject: [PATCH] coredump: by default process and store core files up to 1GiB @@ -13,7 +13,7 @@ Related: RHEL-46778 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/coredump/coredump.conf b/src/coredump/coredump.conf -index ae341e40d7..3603edb782 100644 +index 181aede9da..1a65655fda 100644 --- a/src/coredump/coredump.conf +++ b/src/coredump/coredump.conf @@ -19,9 +19,8 @@ diff --git a/0024-test-drop-obsolete-comment.patch b/0024-test-drop-obsolete-comment.patch deleted file mode 100644 index 4b1e1ab..0000000 --- a/0024-test-drop-obsolete-comment.patch +++ /dev/null @@ -1,28 +0,0 @@ -From df1e7d9572fab94209989f341bb1e1a86d88223b Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Sun, 16 Jun 2024 19:21:32 +0100 -Subject: [PATCH] test: drop obsolete comment - -We want to keep various logic here instead of mkosi, so drop the -temporary comment - -(cherry picked from commit 626518ecd5e7b0c0c708ba53d7eb62934506ed54) ---- - test/integration-test-wrapper.py | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index 5b098a3e01..1e015e7d47 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -2,10 +2,6 @@ - # SPDX-License-Identifier: LGPL-2.1-or-later - - '''Test wrapper command for driving integration tests. -- --Note: This is deliberately rough and only intended to drive existing tests --with the expectation that as part of formally defining the API it will be tidy. -- - ''' - - import argparse diff --git a/0072-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch b/0025-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch similarity index 92% rename from 0072-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch rename to 0025-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch index d4434cd..b3ecbf5 100644 --- a/0072-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch +++ b/0025-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch @@ -1,4 +1,4 @@ -From 352f8ad0bfdd8a41f6aa34e3e43038ae75eedf73 Mon Sep 17 00:00:00 2001 +From 038ea755196a3270fc5a8074ee5a3e55fd5b88be Mon Sep 17 00:00:00 2001 From: Jan Synacek Date: Tue, 15 May 2018 09:24:20 +0200 Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's will diff --git a/0025-test-support-TEST_NO_KVM.patch b/0025-test-support-TEST_NO_KVM.patch deleted file mode 100644 index e30df11..0000000 --- a/0025-test-support-TEST_NO_KVM.patch +++ /dev/null @@ -1,25 +0,0 @@ -From a36cb5660e4d84c16242c1d70b99d9a2e389f191 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Sun, 16 Jun 2024 19:15:24 +0100 -Subject: [PATCH] test: support TEST_NO_KVM - -The shell integration suite allows to manually deselect KVM, so -suppor the same env var for the same purpose in python. - -(cherry picked from commit 7d2701e7d1d0a7194026dd371071df6e63f59a82) ---- - test/integration-test-wrapper.py | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index 1e015e7d47..15b1ce1055 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -124,6 +124,7 @@ def main(): - *args.mkosi_args, - '--append', - '--qemu-firmware', args.firmware, -+ '--qemu-kvm', "auto" if not bool(int(os.getenv("TEST_NO_KVM", "0"))) else "no", - '--kernel-command-line-extra', - ' '.join([ - 'systemd.hostname=H', diff --git a/0026-test-support-TEST_NO_QEMU-in-mkosi-integration-wrapp.patch b/0026-test-support-TEST_NO_QEMU-in-mkosi-integration-wrapp.patch deleted file mode 100644 index 95739e6..0000000 --- a/0026-test-support-TEST_NO_QEMU-in-mkosi-integration-wrapp.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 6178aa4bbcc6b0531314c1a2e9df61e45e6c9ad4 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Mon, 17 Jun 2024 14:09:40 +0100 -Subject: [PATCH] test: support TEST_NO_QEMU in mkosi integration wrapper - -Same as the old integration test suite, allow skipping tests that -require qemu. -ppc64el's vsock support doesn't appear to work, so we'll skip it, -as it is already done in the legacy framework. - -(cherry picked from commit 464d182b3e470e4163ca376145539a537a6e43a2) ---- - test/integration-test-wrapper.py | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py -index 15b1ce1055..b6a16aa3ef 100755 ---- a/test/integration-test-wrapper.py -+++ b/test/integration-test-wrapper.py -@@ -57,6 +57,10 @@ def main(): - print(f"SYSTEMD_SLOW_TESTS=1 not found in environment, skipping {args.name}", file=sys.stderr) - exit(77) - -+ if args.vm and bool(int(os.getenv("TEST_NO_QEMU", "0"))): -+ print(f"TEST_NO_QEMU=1, skipping {args.name}", file=sys.stderr) -+ exit(77) -+ - name = args.name + (f"-{i}" if (i := os.getenv("MESON_TEST_ITERATION")) else "") - - dropin = textwrap.dedent( diff --git a/0073-unit-don-t-add-Requires-for-tmp.mount.patch b/0026-unit-don-t-add-Requires-for-tmp.mount.patch similarity index 84% rename from 0073-unit-don-t-add-Requires-for-tmp.mount.patch rename to 0026-unit-don-t-add-Requires-for-tmp.mount.patch index c4e7c5a..980bc7e 100644 --- a/0073-unit-don-t-add-Requires-for-tmp.mount.patch +++ b/0026-unit-don-t-add-Requires-for-tmp.mount.patch @@ -1,4 +1,4 @@ -From e794e570a50392b503549befb65bc8cac0a29869 Mon Sep 17 00:00:00 2001 +From 781f75b5677cb1843f2c51859b160ee4110c330a Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Mon, 5 Sep 2016 12:47:09 +0200 Subject: [PATCH] unit: don't add Requires for tmp.mount @@ -12,10 +12,10 @@ Related: RHEL-40924 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/core/mount.c b/src/core/mount.c -index ebafcafa92..9edb2d47eb 100644 +index 689ef5672d..f16e46e276 100644 --- a/src/core/mount.c +++ b/src/core/mount.c -@@ -313,7 +313,7 @@ static int mount_add_mount_dependencies(Mount *m) { +@@ -314,7 +314,7 @@ static int mount_add_mount_dependencies(Mount *m) { if (r < 0) return r; @@ -25,10 +25,10 @@ index ebafcafa92..9edb2d47eb 100644 r = unit_add_dependency( other, diff --git a/src/core/unit.c b/src/core/unit.c -index 0ec5dcaf75..a5556ba462 100644 +index 1a5fffcc15..ac893ac82a 100644 --- a/src/core/unit.c +++ b/src/core/unit.c -@@ -1544,7 +1544,7 @@ static int unit_add_mount_dependencies(Unit *u) { +@@ -1529,7 +1529,7 @@ static int unit_add_mount_dependencies(Unit *u) { return r; changed = changed || r > 0; diff --git a/0027-test-use-auto-instead-of-uefi-for-automated-fallback.patch b/0027-test-use-auto-instead-of-uefi-for-automated-fallback.patch deleted file mode 100644 index 405e322..0000000 --- a/0027-test-use-auto-instead-of-uefi-for-automated-fallback.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 7d65709901cb3fc746639398776cfdb7cb750a03 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Mon, 17 Jun 2024 15:37:43 +0100 -Subject: [PATCH] test: use 'auto' instead of 'uefi' for automated fallback - -mkosi will prefer UEFI if the architecture supports it, but fallback -to 'linux' if it doesn't. - -(cherry picked from commit 80468db8fa21ffd07dc2f28c656eeaf8f0292367) ---- - test/TEST-06-SELINUX/meson.build | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/test/TEST-06-SELINUX/meson.build b/test/TEST-06-SELINUX/meson.build -index 7a850beb81..9261a49c49 100644 ---- a/test/TEST-06-SELINUX/meson.build -+++ b/test/TEST-06-SELINUX/meson.build -@@ -5,7 +5,8 @@ integration_tests += [ - 'name' : fs.name(meson.current_source_dir()), - 'cmdline' : integration_test_template['cmdline'] + ['selinux=1', 'lsm=selinux'], - # FIXME; Figure out why reboot sometimes hangs with 'linux' firmware. -- 'firmware' : 'uefi', -+ # Use 'auto' to automatically fallback on non-uefi architectures. -+ 'firmware' : 'auto', - 'vm' : true, - }, - ] diff --git a/0074-units-add-Install-section-to-tmp.mount.patch b/0027-units-add-Install-section-to-tmp.mount.patch similarity index 90% rename from 0074-units-add-Install-section-to-tmp.mount.patch rename to 0027-units-add-Install-section-to-tmp.mount.patch index 9095578..03ff401 100644 --- a/0074-units-add-Install-section-to-tmp.mount.patch +++ b/0027-units-add-Install-section-to-tmp.mount.patch @@ -1,4 +1,4 @@ -From de0e2fde86a7eebbc5c11bb5e4d40d9ab6621ed1 Mon Sep 17 00:00:00 2001 +From 2d2c58ac4f748caa6b8726a1c155729aa70472ca Mon Sep 17 00:00:00 2001 From: Jan Synacek Date: Tue, 22 Jan 2019 10:28:42 +0100 Subject: [PATCH] units: add [Install] section to tmp.mount diff --git a/0028-core-service-fix-accept-socket-deserialization.patch b/0028-core-service-fix-accept-socket-deserialization.patch deleted file mode 100644 index c92c6b2..0000000 --- a/0028-core-service-fix-accept-socket-deserialization.patch +++ /dev/null @@ -1,45 +0,0 @@ -From f7d55cc801611781fbff2817f2fd4a16ec96ca85 Mon Sep 17 00:00:00 2001 -From: Mike Yuan -Date: Mon, 17 Jun 2024 07:47:20 +0200 -Subject: [PATCH] core/service: fix accept-socket deserialization - -Follow-up for 45b1017488cef2a5bacdf82028ce900a311c9a1c - -(cherry picked from commit 9f5d8c3da4f505346bd1edfae907a2abcdbdc578) ---- - src/core/service.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/core/service.c b/src/core/service.c -index 8ec27c463a..6e81460ad0 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -1351,7 +1351,7 @@ static int service_coldplug(Unit *u) { - service_start_watchdog(s); - - if (UNIT_ISSET(s->accept_socket)) { -- Socket* socket = SOCKET(UNIT_DEREF(s->accept_socket)); -+ Socket *socket = SOCKET(UNIT_DEREF(s->accept_socket)); - - if (socket->max_connections_per_source > 0) { - SocketPeer *peer; -@@ -3220,8 +3220,8 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value, - } else if (streq(key, "accept-socket")) { - Unit *socket; - -- if (u->type != UNIT_SOCKET) { -- log_unit_debug(u, "Failed to deserialize accept-socket: unit is not a socket"); -+ if (unit_name_to_type(value) != UNIT_SOCKET) { -+ log_unit_debug(u, "Deserialized accept-socket is not a socket unit, ignoring: %s", value); - return 0; - } - -@@ -3230,7 +3230,7 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value, - log_unit_debug_errno(u, r, "Failed to load accept-socket unit '%s': %m", value); - else { - unit_ref_set(&s->accept_socket, u, socket); -- SOCKET(socket)->n_connections++; -+ ASSERT_PTR(SOCKET(socket))->n_connections++; - } - - } else if (streq(key, "socket-fd")) { diff --git a/0075-units-don-t-enable-tmp.mount-statically-in-local-fs..patch b/0028-units-don-t-enable-tmp.mount-statically-in-local-fs..patch similarity index 85% rename from 0075-units-don-t-enable-tmp.mount-statically-in-local-fs..patch rename to 0028-units-don-t-enable-tmp.mount-statically-in-local-fs..patch index b355b18..e3a4eca 100644 --- a/0075-units-don-t-enable-tmp.mount-statically-in-local-fs..patch +++ b/0028-units-don-t-enable-tmp.mount-statically-in-local-fs..patch @@ -1,4 +1,4 @@ -From 571c902adb894bfff481de4591a56a16add2670b Mon Sep 17 00:00:00 2001 +From 19091a48b923a990183c791f25bcf4fb24fc1b67 Mon Sep 17 00:00:00 2001 From: Michal Sekletar Date: Wed, 22 Sep 2021 14:38:00 +0200 Subject: [PATCH] units: don't enable tmp.mount statically in local-fs.target @@ -11,10 +11,10 @@ Related: RHEL-40924 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/units/meson.build b/units/meson.build -index b231341a1f..39fa6f42c0 100644 +index 96f4852741..086e7735d4 100644 --- a/units/meson.build +++ b/units/meson.build -@@ -761,10 +761,7 @@ units = [ +@@ -771,10 +771,7 @@ units = [ { 'file' : 'time-set.target' }, { 'file' : 'time-sync.target' }, { 'file' : 'timers.target' }, diff --git a/0076-netif-naming-scheme-add-rhel-9.5-scheme.patch b/0029-netif-naming-scheme-add-rhel-9.5-scheme.patch similarity index 86% rename from 0076-netif-naming-scheme-add-rhel-9.5-scheme.patch rename to 0029-netif-naming-scheme-add-rhel-9.5-scheme.patch index 69e96ab..8237856 100644 --- a/0076-netif-naming-scheme-add-rhel-9.5-scheme.patch +++ b/0029-netif-naming-scheme-add-rhel-9.5-scheme.patch @@ -1,4 +1,4 @@ -From fefc4bc15fe28d8f7def8bd75ada13ede21663cb Mon Sep 17 00:00:00 2001 +From 339250daaa9eb39cc690c2b2a2cedaa7bbb04a85 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Thu, 8 Aug 2024 13:12:58 +0200 Subject: [PATCH] netif-naming-scheme: add rhel-9.5 scheme @@ -13,10 +13,10 @@ Resolves: RHEL-44416 3 files changed, 17 insertions(+) diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml -index 690e3d2c27..b2d78c95ab 100644 +index 5965f293dc..8c2979f420 100644 --- a/man/systemd.net-naming-scheme.xml +++ b/man/systemd.net-naming-scheme.xml -@@ -592,6 +592,21 @@ +@@ -608,6 +608,21 @@ @@ -39,10 +39,10 @@ index 690e3d2c27..b2d78c95ab 100644 diff --git a/src/shared/netif-naming-scheme.c b/src/shared/netif-naming-scheme.c -index e4d4c0ba88..149794e926 100644 +index b85dd3dadf..553ad13269 100644 --- a/src/shared/netif-naming-scheme.c +++ b/src/shared/netif-naming-scheme.c -@@ -40,6 +40,7 @@ static const NamingScheme naming_schemes[] = { +@@ -41,6 +41,7 @@ static const NamingScheme naming_schemes[] = { { "rhel-9.2", NAMING_RHEL_9_2 }, { "rhel-9.3", NAMING_RHEL_9_3 }, { "rhel-9.4", NAMING_RHEL_9_4 }, @@ -51,14 +51,14 @@ index e4d4c0ba88..149794e926 100644 /* … add more schemes here, as the logic to name devices is updated … */ diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h -index b0697c141e..a55bb0b1cb 100644 +index 2cf7d3f3ba..35ab0a98da 100644 --- a/src/shared/netif-naming-scheme.h +++ b/src/shared/netif-naming-scheme.h -@@ -80,6 +80,7 @@ typedef enum NamingSchemeFlags { +@@ -83,6 +83,7 @@ typedef enum NamingSchemeFlags { NAMING_RHEL_9_2 = NAMING_RHEL_9_0, NAMING_RHEL_9_3 = NAMING_RHEL_9_0 | NAMING_SR_IOV_R, NAMING_RHEL_9_4 = NAMING_RHEL_9_3, + NAMING_RHEL_9_5 = NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT, - NAMING_RHEL_10_0 = NAMING_V255, + NAMING_RHEL_10_0 = NAMING_V257, diff --git a/0029-test-network-mention-that-the-captive-portal-option-.patch b/0029-test-network-mention-that-the-captive-portal-option-.patch deleted file mode 100644 index 4e78bf7..0000000 --- a/0029-test-network-mention-that-the-captive-portal-option-.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 4cc6da9a5dfb69f149404d5a784c57bca2a21237 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 18 Jun 2024 00:09:03 +0900 -Subject: [PATCH] test-network: mention that the captive portal option is - supported since v2.20 - -The current latest release is v2.19, hence the test is typically skipped now. - -(cherry picked from commit 4f6d8ab0767e534553bfa130f39dbb07ebb804a4) ---- - test/test-network/systemd-networkd-tests.py | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py -index 92cb07f11c..0355c7aca1 100755 ---- a/test/test-network/systemd-networkd-tests.py -+++ b/test/test-network/systemd-networkd-tests.py -@@ -5824,6 +5824,8 @@ class NetworkdRATests(unittest.TestCase, Utilities): - self.assertIn('pref high', output) - self.assertNotIn('pref low', output) - -+ # radvd supports captive portal since v2.20. -+ # https://github.com/radvd-project/radvd/commit/791179a7f730decbddb2290ef0e34aa85d71b1bc - @unittest.skipUnless(radvd_check_config('captive-portal.conf'), "Installed radvd doesn't support captive portals") - def test_captive_portal(self): - copy_network_unit('25-veth-client.netdev', diff --git a/0030-CI-disable-secure-boot-in-mkosi-GHA-runs.patch b/0030-CI-disable-secure-boot-in-mkosi-GHA-runs.patch deleted file mode 100644 index 72675ca..0000000 --- a/0030-CI-disable-secure-boot-in-mkosi-GHA-runs.patch +++ /dev/null @@ -1,27 +0,0 @@ -From b455006ae189d4ceef4214d8d4ab2027781d37e0 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Mon, 17 Jun 2024 17:40:28 +0100 -Subject: [PATCH] CI: disable secure boot in mkosi GHA runs - -Booting a guest with secure boot is broken in Azure due to a hypervisor -bug. Disable it for now. Given there's no option, need to edit -the configuration on the fly. - -(cherry picked from commit bdd0b45bfd7190bb8eb50c71ff6f50a80d6e6e52) ---- - .github/workflows/mkosi.yml | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml -index 425d737b62..62efd367cb 100644 ---- a/.github/workflows/mkosi.yml -+++ b/.github/workflows/mkosi.yml -@@ -117,6 +117,8 @@ jobs: - - - name: Configure - run: | -+ # XXX: drop after the HyperV bug that breaks secure boot KVM guests is solved -+ sed -i "s/'firmware'\s*:\s*'auto'/'firmware' : 'uefi'/g" test/*/meson.build - tee mkosi.local.conf < Date: Thu, 22 Aug 2024 13:42:11 +0200 Subject: [PATCH] netif-naming-scheme: rename rhel-10.0 to rhel-10.0.beta @@ -13,17 +13,17 @@ Related: RHEL-55728 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml -index e458b5dd6b..610a05485b 100644 +index 8c2979f420..18c1d95a74 100644 --- a/man/systemd.net-naming-scheme.xml +++ b/man/systemd.net-naming-scheme.xml -@@ -526,15 +526,15 @@ +@@ -542,15 +542,15 @@ - rhel-10.0 + rhel-10.0-beta - PCI slot number is now read from firmware_node/sun sysfs file. + Same as naming scheme v255. - + @@ -36,10 +36,10 @@ index e458b5dd6b..610a05485b 100644 RHEL-9 schemes diff --git a/man/version-info.xml b/man/version-info.xml -index 274450d408..c05cebfbe2 100644 +index 325f6eaa3e..c1138dfe22 100644 --- a/man/version-info.xml +++ b/man/version-info.xml -@@ -103,6 +103,7 @@ +@@ -106,6 +106,7 @@ Added in rhel-9.8. Added in rhel-9.9. Added in rhel-9.10. @@ -48,10 +48,10 @@ index 274450d408..c05cebfbe2 100644 Added in rhel-10.1. Added in rhel-10.2. diff --git a/src/shared/netif-naming-scheme.c b/src/shared/netif-naming-scheme.c -index 149794e926..cb5f8c5d38 100644 +index 553ad13269..45646af6a6 100644 --- a/src/shared/netif-naming-scheme.c +++ b/src/shared/netif-naming-scheme.c -@@ -41,7 +41,7 @@ static const NamingScheme naming_schemes[] = { +@@ -42,7 +42,7 @@ static const NamingScheme naming_schemes[] = { { "rhel-9.3", NAMING_RHEL_9_3 }, { "rhel-9.4", NAMING_RHEL_9_4 }, { "rhel-9.5", NAMING_RHEL_9_5 }, @@ -61,14 +61,14 @@ index 149794e926..cb5f8c5d38 100644 EXTRA_NET_NAMING_MAP diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h -index 229232d452..2e2023ba5b 100644 +index 35ab0a98da..c511ee86f5 100644 --- a/src/shared/netif-naming-scheme.h +++ b/src/shared/netif-naming-scheme.h -@@ -83,7 +83,7 @@ typedef enum NamingSchemeFlags { +@@ -85,7 +85,7 @@ typedef enum NamingSchemeFlags { NAMING_RHEL_9_4 = NAMING_RHEL_9_3, - NAMING_RHEL_9_5 = (NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT) | NAMING_FIRMWARE_NODE_SUN, + NAMING_RHEL_9_5 = NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT, -- NAMING_RHEL_10_0 = NAMING_V255 | NAMING_FIRMWARE_NODE_SUN, +- NAMING_RHEL_10_0 = NAMING_V257, + NAMING_RHEL_10_0_BETA = NAMING_V255 | NAMING_FIRMWARE_NODE_SUN, EXTRA_NET_NAMING_SCHEMES diff --git a/0031-mkosi-bump-to-latest.patch b/0031-mkosi-bump-to-latest.patch deleted file mode 100644 index a64acdd..0000000 --- a/0031-mkosi-bump-to-latest.patch +++ /dev/null @@ -1,23 +0,0 @@ -From d89c99c7ad165fa2471e1c5c1a3bdedab0818da9 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Mon, 17 Jun 2024 15:40:10 +0100 -Subject: [PATCH] mkosi: bump to latest - -(cherry picked from commit 3001339dc5b3faf8f8edee4c07b14a4abdf3d66f) ---- - .github/workflows/mkosi.yml | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml -index 62efd367cb..3a8dabd95c 100644 ---- a/.github/workflows/mkosi.yml -+++ b/.github/workflows/mkosi.yml -@@ -92,7 +92,7 @@ jobs: - - steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 -- - uses: systemd/mkosi@0081ea66faf56a35353d6aeadfe42f9679c7d1cf -+ - uses: systemd/mkosi@6972f9efba5c8472d990be3783b7e7dbf76e109e - - # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space - # immediately, we remove the files in the background. However, we first move them to a different location diff --git a/0031-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch b/0031-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch new file mode 100644 index 0000000..d47db3b --- /dev/null +++ b/0031-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch @@ -0,0 +1,29 @@ +From 06efc733d10fba0b1282e1e65b4d464587d4ad41 Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn +Date: Thu, 22 Aug 2024 13:47:56 +0200 +Subject: [PATCH] net-naming-scheme: disable NAMING_FIRMWARE_NODE_SUN + +It seems that virtio devices always have "0" in +the firmware_node/sun. And because of that, udev will +always name the device ens0, which leads to collisions. +So let's disable it for now. + +rhel-only: policy +Resolves: RHEL-55728 +--- + src/shared/netif-naming-scheme.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h +index c511ee86f5..c4e18bb035 100644 +--- a/src/shared/netif-naming-scheme.h ++++ b/src/shared/netif-naming-scheme.h +@@ -85,7 +85,7 @@ typedef enum NamingSchemeFlags { + NAMING_RHEL_9_4 = NAMING_RHEL_9_3, + NAMING_RHEL_9_5 = NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT, + +- NAMING_RHEL_10_0_BETA = NAMING_V255 | NAMING_FIRMWARE_NODE_SUN, ++ NAMING_RHEL_10_0_BETA = NAMING_V255, + + EXTRA_NET_NAMING_SCHEMES + diff --git a/0032-NEWS-fix-typo.patch b/0032-NEWS-fix-typo.patch deleted file mode 100644 index 4c4fbcd..0000000 --- a/0032-NEWS-fix-typo.patch +++ /dev/null @@ -1,23 +0,0 @@ -From a776dcf7af3b189f4f9616d174dbfc53a9bd6db6 Mon Sep 17 00:00:00 2001 -From: Carlo Teubner -Date: Tue, 18 Jun 2024 09:41:59 +0100 -Subject: [PATCH] NEWS: fix typo - -(cherry picked from commit f6d517f8478bdd83b7d149b242a47d7686235c7e) ---- - NEWS | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/NEWS b/NEWS -index bbee0852be..da81fe3c5d 100644 ---- a/NEWS -+++ b/NEWS -@@ -195,7 +195,7 @@ CHANGES WITH 256: - additional per-user service managers, whose users are transient and - are only defined as long as the service manager is running. (This is - implemented via DynamicUser=1), allowing a user manager to be used to -- manager a group of processes without needing to create an actual user -+ manage a group of processes without needing to create an actual user - account. These service managers run with home directories of - /var/lib/capsules/ and can contain regular services and - other units. A capsule is started via a simple "systemctl start diff --git a/0032-netif-naming-scheme-introduce-rhel-10.0-scheme.patch b/0032-netif-naming-scheme-introduce-rhel-10.0-scheme.patch new file mode 100644 index 0000000..8b9c979 --- /dev/null +++ b/0032-netif-naming-scheme-introduce-rhel-10.0-scheme.patch @@ -0,0 +1,61 @@ +From 8711965bf33fafe4685bb3df1d130c4fa45251d4 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Mon, 16 Dec 2024 15:08:50 +0100 +Subject: [PATCH] netif-naming-scheme: introduce rhel-10.0 scheme + +rhel-only: policy + +Related: RHEL-44417 +--- + man/systemd.net-naming-scheme.xml | 11 ++++++++++- + src/shared/netif-naming-scheme.c | 1 + + src/shared/netif-naming-scheme.h | 1 + + 3 files changed, 12 insertions(+), 1 deletion(-) + +diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml +index 18c1d95a74..e23d1c5758 100644 +--- a/man/systemd.net-naming-scheme.xml ++++ b/man/systemd.net-naming-scheme.xml +@@ -549,8 +549,17 @@ + + + ++ ++ ++ rhel-10.0 ++ ++ Same as naming scheme v257. ++ ++ ++ ++ + +- By default rhel-10.0-beta is used. ++ By default rhel-10.0 is used. + + + RHEL-9 schemes +diff --git a/src/shared/netif-naming-scheme.c b/src/shared/netif-naming-scheme.c +index 45646af6a6..42b0470a11 100644 +--- a/src/shared/netif-naming-scheme.c ++++ b/src/shared/netif-naming-scheme.c +@@ -43,6 +43,7 @@ static const NamingScheme naming_schemes[] = { + { "rhel-9.4", NAMING_RHEL_9_4 }, + { "rhel-9.5", NAMING_RHEL_9_5 }, + { "rhel-10.0-beta", NAMING_RHEL_10_0_BETA }, ++ { "rhel-10.0", NAMING_RHEL_10_0 }, + /* … add more schemes here, as the logic to name devices is updated … */ + + EXTRA_NET_NAMING_MAP +diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h +index c4e18bb035..780392a583 100644 +--- a/src/shared/netif-naming-scheme.h ++++ b/src/shared/netif-naming-scheme.h +@@ -86,6 +86,7 @@ typedef enum NamingSchemeFlags { + NAMING_RHEL_9_5 = NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT, + + NAMING_RHEL_10_0_BETA = NAMING_V255, ++ NAMING_RHEL_10_0 = NAMING_V257, + + EXTRA_NET_NAMING_SCHEMES + diff --git a/0033-install-allow-removing-symlinks-even-for-units-that-.patch b/0033-install-allow-removing-symlinks-even-for-units-that-.patch deleted file mode 100644 index b8e614f..0000000 --- a/0033-install-allow-removing-symlinks-even-for-units-that-.patch +++ /dev/null @@ -1,69 +0,0 @@ -From c26e56d08f30a2946dfa1d03781c63bfa9f56c1d Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Fri, 7 Jun 2024 21:39:45 +0100 -Subject: [PATCH] install: allow removing symlinks even for units that are gone - -If a symlink is leftover, still allow cleaning it up via 'disable'. This -happens when a unit is stopped and removed, but not disabled, and a reload -has already happened. At that point, cleaning up the old symlinks becomes -impossible through the APIs, and needs to be done manually. Always allow -cleaning up symlinks, if they exist, by only erroring out if there is an -OOM. - -Follow-up for f31f10a6207efc9ae9e0b1f73975b5b610914017 - -(cherry picked from commit 5163c9b1e56293b1bb2803420613c5b374570892) ---- - src/shared/install.c | 14 ++++++++++---- - test/units/TEST-26-SYSTEMCTL.sh | 6 ++++++ - 2 files changed, 16 insertions(+), 4 deletions(-) - -diff --git a/src/shared/install.c b/src/shared/install.c -index dd2bd5c948..c94b456c21 100644 ---- a/src/shared/install.c -+++ b/src/shared/install.c -@@ -2282,7 +2282,9 @@ static int install_context_mark_for_removal( - else { - log_debug_errno(r, "Unit %s not found, removing name.", i->name); - r = install_changes_add(changes, n_changes, r, i->path ?: i->name, NULL); -- if (r < 0) -+ /* In case there's no unit, we still want to remove any leftover symlink, even if -+ * the unit might have been removed already, hence treating ENOENT as non-fatal. */ -+ if (r != -ENOENT) - return r; - } - } else if (r < 0) { -@@ -2874,9 +2876,13 @@ static int do_unit_file_disable( - r = install_info_add(&ctx, *name, NULL, lp->root_dir, /* auxiliary= */ false, &info); - if (r >= 0) - r = install_info_traverse(&ctx, lp, info, SEARCH_LOAD|SEARCH_FOLLOW_CONFIG_SYMLINKS, NULL); -- -- if (r < 0) -- return install_changes_add(changes, n_changes, r, *name, NULL); -+ if (r < 0) { -+ r = install_changes_add(changes, n_changes, r, *name, NULL); -+ /* In case there's no unit, we still want to remove any leftover symlink, even if -+ * the unit might have been removed already, hence treating ENOENT as non-fatal. */ -+ if (r != -ENOENT) -+ return r; -+ } - - /* If we enable multiple units, some with install info and others without, - * the "empty [Install] section" warning is not shown. Let's make the behavior -diff --git a/test/units/TEST-26-SYSTEMCTL.sh b/test/units/TEST-26-SYSTEMCTL.sh -index ae7a5d6eb6..1471f3fd9e 100755 ---- a/test/units/TEST-26-SYSTEMCTL.sh -+++ b/test/units/TEST-26-SYSTEMCTL.sh -@@ -343,6 +343,12 @@ systemctl cat "$UNIT_NAME" - systemctl help "$UNIT_NAME" - systemctl service-watchdogs - systemctl service-watchdogs "$(systemctl service-watchdogs)" -+# Ensure that the enablement symlinks can still be removed after the user is gone, to avoid having leftovers -+systemctl enable "$UNIT_NAME" -+systemctl stop "$UNIT_NAME" -+rm -f "/usr/lib/systemd/system/$UNIT_NAME" -+systemctl daemon-reload -+systemctl disable "$UNIT_NAME" - - # show/set-environment - # Make sure PATH is set diff --git a/0033-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch b/0033-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch new file mode 100644 index 0000000..84a4d66 --- /dev/null +++ b/0033-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch @@ -0,0 +1,58 @@ +From 2a6fbf9da93ad2f76aa5578641e39801a13fd5dd Mon Sep 17 00:00:00 2001 +From: Tobias Klauser +Date: Wed, 11 Dec 2024 15:10:39 +0100 +Subject: [PATCH] profile.d: don't bail if $SHELL_* variables are unset + +If - for whatever reason - a script uses set -u (nounset) and includes +/etc/profile.d/70-systemd-shell-extra.sh (e.g. transitively via +/etc/profile) the script would fail with: + + /etc/profile.d/70-systemd-shell-extra.sh: line 15: SHELL_PROMPT_PREFIX: unbound variable + +For example: + + $ cat > foo.sh < -Date: Tue, 18 Jun 2024 09:54:33 +0200 -Subject: [PATCH] tmpfiles: honour --dry-run when removing directories - -(cherry picked from commit edeceb80a91e8400e8c22f08a41045a2ba270fe6) ---- - src/tmpfiles/tmpfiles.c | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) - -diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c -index 807925f199..283be21d16 100644 ---- a/src/tmpfiles/tmpfiles.c -+++ b/src/tmpfiles/tmpfiles.c -@@ -3024,10 +3024,16 @@ static int remove_recursive( - return r; - - if (remove_instance) { -- log_debug("Removing directory \"%s\".", instance); -- r = RET_NERRNO(rmdir(instance)); -- if (r < 0 && !IN_SET(r, -ENOENT, -ENOTEMPTY)) -- return log_error_errno(r, "Failed to remove %s: %m", instance); -+ log_action("Would remove", "Removing", "%s directory \"%s\".", instance); -+ if (!arg_dry_run) { -+ r = RET_NERRNO(rmdir(instance)); -+ if (r < 0) { -+ bool fatal = !IN_SET(r, -ENOENT, -ENOTEMPTY); -+ log_full_errno(fatal ? LOG_ERR : LOG_DEBUG, r, "Failed to remove %s: %m", instance); -+ if (fatal) -+ return r; -+ } -+ } - } - return 0; - } diff --git a/0035-tmpfiles-insist-on-at-least-one-configuration-file-b.patch b/0035-tmpfiles-insist-on-at-least-one-configuration-file-b.patch deleted file mode 100644 index 0fc7532..0000000 --- a/0035-tmpfiles-insist-on-at-least-one-configuration-file-b.patch +++ /dev/null @@ -1,68 +0,0 @@ -From e76015738942246db70f444b3567afd1b132f824 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 18 Jun 2024 09:55:20 +0200 -Subject: [PATCH] tmpfiles: insist on at least one configuration file being - specified on --purge - -Also, extend the man page explanation substantially, matching more -closely what --create says. - -Fixes: #33349 -(cherry picked from commit 41064a3c97c9a53c97bbe8a1de799a82c4374a2d) ---- - man/systemd-tmpfiles.xml | 26 ++++++++++++++++++++------ - src/tmpfiles/tmpfiles.c | 4 ++++ - 2 files changed, 24 insertions(+), 6 deletions(-) - -diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml -index 9767aead85..2a494b9c5c 100644 ---- a/man/systemd-tmpfiles.xml -+++ b/man/systemd-tmpfiles.xml -@@ -151,12 +151,26 @@ - - - -- If this option is passed, all files and directories created by a -- tmpfiles.d/ entry will be deleted. Keep in mind that by default, -- /home is created by systemd-tmpfiles -- (see /usr/lib/tmpfiles.d/home.conf). Therefore it is recommended -- to first run systemd-tmpfiles --dry-run --purge to be certain which files -- and directories will be deleted. -+ -+ If this option is passed, all files and directories marked for -+ creation by the tmpfiles.d/ files specified on the command -+ line will be deleted. Specifically, this acts on all files and directories -+ marked with f, F, d, D, -+ v, q, Q, p, -+ L, c, b, C, -+ w, e. If this switch is used at least one -+ tmpfiles.d/ file (or - for standard input) must be -+ specified on the command line or the invocation will be refused, for safety reasons (as otherwise -+ much of the installed system files might be removed). -+ -+ The primary usecase for this option is to automatically remove files and directories that -+ originally have been created on behalf of an installed packaged at package removal time. -+ -+ It is recommended to first run this command in combination with -+ (see below) to verify which files and directories will be deleted. -+ -+ Warning! This is is usually not the command you want! In most cases -+ is what you are looking for. - - - -diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c -index 283be21d16..1704197207 100644 ---- a/src/tmpfiles/tmpfiles.c -+++ b/src/tmpfiles/tmpfiles.c -@@ -4344,6 +4344,10 @@ static int parse_argv(int argc, char *argv[]) { - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "You need to specify at least one of --clean, --create, --remove, or --purge."); - -+ if (FLAGS_SET(arg_operation, OPERATION_PURGE) && optind >= argc) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), -+ "Refusing --purge without specification of a configuration file."); -+ - if (arg_replace && arg_cat_flags != CAT_CONFIG_OFF) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Option --replace= is not supported with --cat-config/--tldr."); diff --git a/0036-tmpfiles-move-purge-to-command-section-in-help-text-.patch b/0036-tmpfiles-move-purge-to-command-section-in-help-text-.patch deleted file mode 100644 index 954232f..0000000 --- a/0036-tmpfiles-move-purge-to-command-section-in-help-text-.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 08b8237303efdf072a0f61615b7f1633eafc8e0a Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 18 Jun 2024 09:56:15 +0200 -Subject: [PATCH] tmpfiles: move --purge to command section in --help text - where it belongs - -Also, make contrast between --remove and --purge clearer: one deletes -files marked for deletion, the other deletes files marked for creation. - -(cherry picked from commit 69d76823ce6e9c307184946ed55b207eb728e625) ---- - src/tmpfiles/tmpfiles.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c -index 1704197207..8cc8c1ccd6 100644 ---- a/src/tmpfiles/tmpfiles.c -+++ b/src/tmpfiles/tmpfiles.c -@@ -4148,7 +4148,9 @@ static int help(void) { - "\n%3$sCommands:%4$s\n" - " --create Create files and directories\n" - " --clean Clean up files and directories\n" -- " --remove Remove files and directories\n" -+ " --remove Remove files and directories marked for removal\n" -+ " --purge Delete files and directories marked for creation in\n" -+ " specified configuration files (careful!)\n" - " -h --help Show this help\n" - " --version Show package version\n" - "\n%3$sOptions:%4$s\n" -@@ -4157,7 +4159,6 @@ static int help(void) { - " --tldr Show non-comment parts of configuration\n" - " --boot Execute actions only safe at boot\n" - " --graceful Quietly ignore unknown users or groups\n" -- " --purge Delete all files owned by the configuration files\n" - " --prefix=PATH Only apply rules with the specified prefix\n" - " --exclude-prefix=PATH Ignore rules with the specified prefix\n" - " -E Ignore rules prefixed with /dev, /proc, /run, /sys\n" diff --git a/0037-mkosi-restrict-noble-backports-to-noble-builds.patch b/0037-mkosi-restrict-noble-backports-to-noble-builds.patch deleted file mode 100644 index b2dd982..0000000 --- a/0037-mkosi-restrict-noble-backports-to-noble-builds.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 7b18adadde58798a895366105c6c1517231029d9 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Tue, 18 Jun 2024 13:35:32 +0100 -Subject: [PATCH] mkosi: restrict noble-backports to noble builds - -Follow-up for c01cb8cbff8512b65b7903b55f78c8d12661b8d7 - -(cherry picked from commit f97b243edfcae211aade6ceb2fd89ae9d9209fac) ---- - .../system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf | 1 + - mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf | 1 + - 2 files changed, 2 insertions(+) - -diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf -index 0ec4807822..582f038b5f 100644 ---- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf -+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf -@@ -4,6 +4,7 @@ - [Match] - Architecture=!x86-64 - Architecture=!x86 -+Release=noble - - [Distribution] - PackageManagerTrees=noble-backports-ports.sources:/etc/apt/sources.list.d/noble-backports-ports.sources -diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf -index c08eeac337..7347be9069 100644 ---- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf -+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf -@@ -4,6 +4,7 @@ - [Match] - Architecture=|x86-64 - Architecture=|x86 -+Release=noble - - [Distribution] - PackageManagerTrees=noble-backports.sources:/etc/apt/sources.list.d/noble-backports.sources diff --git a/0038-repart-fix-memory-leak.patch b/0038-repart-fix-memory-leak.patch deleted file mode 100644 index 1b81bdb..0000000 --- a/0038-repart-fix-memory-leak.patch +++ /dev/null @@ -1,22 +0,0 @@ -From f8f669fd69bf15f386308ef8f4cbbbd5a7ad69cd Mon Sep 17 00:00:00 2001 -From: Antonio Alvarez Feijoo -Date: Tue, 18 Jun 2024 14:07:50 +0200 -Subject: [PATCH] repart: fix memory leak - -(cherry picked from commit a81f5ffd40081441dafc678fe83d185436dde35a) ---- - src/partition/repart.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/partition/repart.c b/src/partition/repart.c -index 78cf60f724..8f64520ee7 100644 ---- a/src/partition/repart.c -+++ b/src/partition/repart.c -@@ -187,6 +187,7 @@ STATIC_DESTRUCTOR_REGISTER(arg_tpm2_hash_pcr_values, freep); - STATIC_DESTRUCTOR_REGISTER(arg_tpm2_public_key, freep); - STATIC_DESTRUCTOR_REGISTER(arg_tpm2_pcrlock, freep); - STATIC_DESTRUCTOR_REGISTER(arg_filter_partitions, freep); -+STATIC_DESTRUCTOR_REGISTER(arg_defer_partitions, freep); - STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep); - STATIC_DESTRUCTOR_REGISTER(arg_copy_from, strv_freep); - STATIC_DESTRUCTOR_REGISTER(arg_copy_source, freep); diff --git a/0039-logs-show-do-not-use-_SOURCE_MONOTONIC_TIMESTAMP-fie.patch b/0039-logs-show-do-not-use-_SOURCE_MONOTONIC_TIMESTAMP-fie.patch deleted file mode 100644 index 5e2315d..0000000 --- a/0039-logs-show-do-not-use-_SOURCE_MONOTONIC_TIMESTAMP-fie.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 34ba18b0124407403690738b46fbd6236fe65c92 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 18 Jun 2024 17:55:31 +0900 -Subject: [PATCH] logs-show: do not use _SOURCE_MONOTONIC_TIMESTAMP field - -The timestamp is not in CLOCK_MONOTONIC, but CLOCK_BOOTTIME, -while header monotonic timestamp is in CLOCK_MONOTONIC. Hence, we cannot -adjust timestamp by comparing with header monotonic timestamp and -_SOURCE_MONOTONIC_TIMESTAMP field. - -Fixes a regression caused by affde1d7e79a634ee6053dbd4a57b3b51b74c170. -Fixes #33293. - -(cherry picked from commit 144498e7e6efe2d90981cb14e3ed462a70a955c6) ---- - src/shared/logs-show.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c -index c71c868889..153a4110ce 100644 ---- a/src/shared/logs-show.c -+++ b/src/shared/logs-show.c -@@ -450,6 +450,9 @@ static void parse_display_realtime( - assert(j); - assert(ret); - -+ // FIXME: _SOURCE_MONOTONIC_TIMESTAMP is in CLOCK_BOOTTIME, hence we cannot use it for adjusting realtime. -+ source_monotonic = NULL; -+ - /* First, try _SOURCE_REALTIME_TIMESTAMP. */ - if (source_realtime && safe_atou64(source_realtime, &t) >= 0 && VALID_REALTIME(t)) { - *ret = t; -@@ -488,6 +491,9 @@ static void parse_display_timestamp( - assert(ret_display_ts); - assert(ret_boot_id); - -+ // FIXME: _SOURCE_MONOTONIC_TIMESTAMP is in CLOCK_BOOTTIME, hence we cannot use it for adjusting realtime. -+ source_monotonic = NULL; -+ - if (source_realtime && safe_atou64(source_realtime, &t) >= 0 && VALID_REALTIME(t)) - source_ts.realtime = t; - diff --git a/0042-ci-deploy-systemd-man-to-GitHub-Pages.patch b/0042-ci-deploy-systemd-man-to-GitHub-Pages.patch deleted file mode 100644 index a42248f..0000000 --- a/0042-ci-deploy-systemd-man-to-GitHub-Pages.patch +++ /dev/null @@ -1,78 +0,0 @@ -From ecae988291383e13e5b23b5d7a4a1f8a7d6736dc Mon Sep 17 00:00:00 2001 -From: Jan Macku -Date: Thu, 16 May 2024 15:14:17 +0200 -Subject: [PATCH] ci: deploy systemd man to GitHub Pages - -rhel-only: ci - -Related: RHEL-36636 ---- - .github/workflows/deploy-man-pages.yml | 59 ++++++++++++++++++++++++++ - 1 file changed, 59 insertions(+) - create mode 100644 .github/workflows/deploy-man-pages.yml - -diff --git a/.github/workflows/deploy-man-pages.yml b/.github/workflows/deploy-man-pages.yml -new file mode 100644 -index 0000000000..9739228a87 ---- /dev/null -+++ b/.github/workflows/deploy-man-pages.yml -@@ -0,0 +1,59 @@ -+name: Deploy systemd man to Pages -+ -+on: -+ push: -+ branches: [ main ] -+ paths: -+ - man/* -+ - .github/workflows/deploy-man-pages.yml -+ schedule: -+ # Run every Monday at 4:00 AM UTC -+ - cron: 0 4 * * 1 -+ workflow_dispatch: -+ -+permissions: -+ contents: read -+ -+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. -+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. -+concurrency: -+ group: pages -+ cancel-in-progress: false -+ -+jobs: -+ # Single deploy job since we're just deploying -+ deploy: -+ environment: -+ name: github-pages -+ url: ${{ steps.deployment.outputs.page_url }} -+ runs-on: ubuntu-latest -+ -+ permissions: -+ pages: write -+ id-token: write -+ -+ steps: -+ - uses: actions/checkout@v4 -+ -+ - name: Install dependencies -+ run: | -+ sudo add-apt-repository -y --no-update --enable-source -+ sudo apt-get -y update -+ sudo apt-get -y build-dep systemd -+ -+ - name: Build HTML man pages -+ run: | -+ meson setup build -+ ninja -C build man/html -+ -+ - name: Setup Pages -+ uses: actions/configure-pages@v4 -+ -+ - name: Upload artifact -+ uses: actions/upload-pages-artifact@v3 -+ with: -+ path: ./build/man -+ -+ - name: Deploy to GitHub Pages -+ id: deployment -+ uses: actions/deploy-pages@v4 diff --git a/0044-ci-allow-to-pass-parameters-together-with-rhel-only-.patch b/0044-ci-allow-to-pass-parameters-together-with-rhel-only-.patch deleted file mode 100644 index bac631f..0000000 --- a/0044-ci-allow-to-pass-parameters-together-with-rhel-only-.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 517bf132e5508a2ac140dbea3650e89205dee052 Mon Sep 17 00:00:00 2001 -From: Jan Macku -Date: Fri, 21 Jun 2024 16:15:24 +0200 -Subject: [PATCH] ci: allow to pass parameters together with rhel-only note - -Supported parameters: - -* feature - for feature related commits (cross-version) -* bugfix - for bugfix related commits (cross-version) -* doc - for documentation related commits (usually version specific) -* workaround - for workaround related commits (usually version specific) -* ci - for CI related commits (version specific) -* test - for test related commits (version specific) -* other - for commits that do not fit into any of the above categories or use just `rhel-only` - -rhel-only: ci - -Related: RHEL-36636 ---- - .github/advanced-commit-linter.yml | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/.github/advanced-commit-linter.yml b/.github/advanced-commit-linter.yml -index 3609fe4612..3e3e3fe2bf 100644 ---- a/.github/advanced-commit-linter.yml -+++ b/.github/advanced-commit-linter.yml -@@ -4,8 +4,8 @@ policy: - - github: systemd/systemd - exception: - note: -- - rhel-only -- - RHEL-only -+ - 'rhel-only: (feature|bugfix|doc|workaround|ci|test|other)' -+ - 'RHEL-only: (feature|bugfix|doc|workaround|ci|test|other)' - tracker: - - keyword: - - 'Resolves: ' diff --git a/0060-meson-rename-libbasic-to-libbasic_static.patch b/0060-meson-rename-libbasic-to-libbasic_static.patch deleted file mode 100644 index 5f3a54b..0000000 --- a/0060-meson-rename-libbasic-to-libbasic_static.patch +++ /dev/null @@ -1,180 +0,0 @@ -From 40527d91d2fb1d987473bb4bcf1c929a85ffe9a0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 3 Jul 2024 16:51:05 +0200 -Subject: [PATCH] meson: rename libbasic to libbasic_static - -Our variables for internal libraries are named 'libfoo' for the shared lib -variant, and 'libfoo_static' for the static lib variant. The only exception was -libbasic, because we didn't have a shared variant for it. But let's rename it -for consitency. This makes the build config easier to understand. - -see currently unmerged https://github.com/systemd/systemd/pull/33599 - -RHEL-only workaround - -Resolves: RHEL-46020 ---- - meson.build | 4 ++-- - src/basic/meson.build | 2 +- - src/libsystemd/meson.build | 2 +- - src/partition/meson.build | 2 +- - src/shared/meson.build | 2 +- - src/shutdown/meson.build | 2 +- - src/sysusers/meson.build | 2 +- - src/test/meson.build | 8 ++++---- - src/tmpfiles/meson.build | 2 +- - 9 files changed, 13 insertions(+), 13 deletions(-) - -diff --git a/meson.build b/meson.build -index e42151998b..18115cad5e 100644 ---- a/meson.build -+++ b/meson.build -@@ -2078,7 +2078,7 @@ libsystemd = shared_library( - # Make sure our library is never deleted from memory, so that our open logging fds don't leak on dlopen/dlclose cycles. - '-z', 'nodelete', - '-Wl,--version-script=' + libsystemd_sym_path], -- link_with : [libbasic], -+ link_with : [libbasic_static], - link_whole : [libsystemd_static], - dependencies : [librt, - threads, -@@ -2243,7 +2243,7 @@ nss_template = { - 'link_with' : [ - libsystemd_static, - libshared_static, -- libbasic, -+ libbasic_static, - ], - 'dependencies' : [ - librt, -diff --git a/src/basic/meson.build b/src/basic/meson.build -index 9a214575a5..b538775576 100644 ---- a/src/basic/meson.build -+++ b/src/basic/meson.build -@@ -274,7 +274,7 @@ filesystem_switch_case_h = custom_target( - - basic_sources += [filesystem_list_h, filesystem_switch_case_h, filesystems_gperf_h] - --libbasic = static_library( -+libbasic_static = static_library( - 'basic', - basic_sources, - fundamental_sources, -diff --git a/src/libsystemd/meson.build b/src/libsystemd/meson.build -index 6d4337d1a7..243549299f 100644 ---- a/src/libsystemd/meson.build -+++ b/src/libsystemd/meson.build -@@ -118,7 +118,7 @@ libsystemd_static = static_library( - libsystemd_sources, - include_directories : libsystemd_includes, - c_args : libsystemd_c_args, -- link_with : [libbasic], -+ link_with : [libbasic_static], - dependencies : [threads, - librt, - userspace], -diff --git a/src/partition/meson.build b/src/partition/meson.build -index 52e1368116..2cfe43e029 100644 ---- a/src/partition/meson.build -+++ b/src/partition/meson.build -@@ -32,7 +32,7 @@ executables += [ - 'sources' : files('repart.c'), - 'c_args' : '-DSTANDALONE', - 'link_with' : [ -- libbasic, -+ libbasic_static, - libshared_fdisk, - libshared_static, - libsystemd_static, -diff --git a/src/shared/meson.build b/src/shared/meson.build -index c5106d87d5..e513c0ec1c 100644 ---- a/src/shared/meson.build -+++ b/src/shared/meson.build -@@ -358,7 +358,7 @@ libshared = shared_library( - '-Wl,--version-script=' + libshared_sym_path], - link_depends : libshared_sym_path, - link_whole : [libshared_static, -- libbasic, -+ libbasic_static, - libsystemd_static], - dependencies : [libshared_deps, - userspace], -diff --git a/src/shutdown/meson.build b/src/shutdown/meson.build -index 219f9fd308..9bc60f83e5 100644 ---- a/src/shutdown/meson.build -+++ b/src/shutdown/meson.build -@@ -20,7 +20,7 @@ executables += [ - 'sources' : systemd_shutdown_sources, - 'c_args' : '-DSTANDALONE', - 'link_with' : [ -- libbasic, -+ libbasic_static, - libshared_static, - libsystemd_static, - ], -diff --git a/src/sysusers/meson.build b/src/sysusers/meson.build -index 0f9c067d50..403d82a340 100644 ---- a/src/sysusers/meson.build -+++ b/src/sysusers/meson.build -@@ -14,7 +14,7 @@ executables += [ - 'sources' : files('sysusers.c'), - 'c_args' : '-DSTANDALONE', - 'link_with' : [ -- libbasic, -+ libbasic_static, - libshared_static, - libsystemd_static, - ], -diff --git a/src/test/meson.build b/src/test/meson.build -index 3abbb94d9f..9d3c7d675f 100644 ---- a/src/test/meson.build -+++ b/src/test/meson.build -@@ -274,7 +274,7 @@ executables += [ - # only static linking apart from libdl, to make sure that the - # module is linked to all libraries that it uses. - 'sources' : files('test-dlopen.c'), -- 'link_with' : libbasic, -+ 'link_with' : libbasic_static, - 'dependencies' : libdl, - 'install' : false, - 'type' : 'manual', -@@ -410,7 +410,7 @@ executables += [ - }, - test_template + { - 'sources' : files('test-sizeof.c'), -- 'link_with' : libbasic, -+ 'link_with' : libbasic_static, - }, - test_template + { - 'sources' : files('test-time-util.c'), -@@ -590,7 +590,7 @@ executables += [ - test_template + { - 'sources' : files('../libsystemd/sd-device/test-sd-device-thread.c'), - 'link_with' : [ -- libbasic, -+ libbasic_static, - libsystemd, - ], - 'dependencies' : threads, -@@ -598,7 +598,7 @@ executables += [ - test_template + { - 'sources' : files('../libudev/test-udev-device-thread.c'), - 'link_with' : [ -- libbasic, -+ libbasic_static, - libudev, - ], - 'dependencies' : threads, -diff --git a/src/tmpfiles/meson.build b/src/tmpfiles/meson.build -index 2e918509a7..09ad839586 100644 ---- a/src/tmpfiles/meson.build -+++ b/src/tmpfiles/meson.build -@@ -20,7 +20,7 @@ executables += [ - 'sources' : systemd_tmpfiles_sources, - 'c_args' : '-DSTANDALONE', - 'link_with' : [ -- libbasic, -+ libbasic_static, - libshared_static, - libsystemd_static, - ], diff --git a/0061-meson-build-libsystemd-core-via-an-intermediate-stat.patch b/0061-meson-build-libsystemd-core-via-an-intermediate-stat.patch deleted file mode 100644 index d29e276..0000000 --- a/0061-meson-build-libsystemd-core-via-an-intermediate-stat.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 9eccd6c09f06979003eb2ae1f159defc40213fe0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 3 Jul 2024 17:03:26 +0200 -Subject: [PATCH] meson: build libsystemd-core via an intermediate static - library - -By itself, this is not useful. I'm making this a separate commit to -make debugging easier. It turns out that meson does static libraries -using references, so the "static library" a tiny stub stub that refers -to the object files on disk and this has negligible cost: -$ ls -lhd build/src/core/libsystemd-core-257.{a,so} --rw-r--r-- 1 zbyszek zbyszek 36K Jul 3 16:54 build/src/core/libsystemd-core-257.a --rwxr-xr-x 1 zbyszek zbyszek 6.1M Jul 3 16:54 build/src/core/libsystemd-core-257.so - -see currently unmerged https://github.com/systemd/systemd/pull/33599 - -RHEL-only workaround - -Resolves: RHEL-46020 ---- - src/core/meson.build | 16 +++++++++++----- - 1 file changed, 11 insertions(+), 5 deletions(-) - -diff --git a/src/core/meson.build b/src/core/meson.build -index 7a2012a372..1ef31cc529 100644 ---- a/src/core/meson.build -+++ b/src/core/meson.build -@@ -110,17 +110,13 @@ load_fragment_gperf_nulstr_c = custom_target( - - libcore_name = 'systemd-core-@0@'.format(shared_lib_tag) - --libcore = shared_library( -+libcore_static = static_library( - libcore_name, - libcore_sources, - load_fragment_gperf_c, - load_fragment_gperf_nulstr_c, - include_directories : includes, - c_args : ['-fvisibility=default'], -- link_args : ['-shared', -- '-Wl,--version-script=' + libshared_sym_path], -- link_depends : libshared_sym_path, -- link_with : libshared, - dependencies : [libacl, - libapparmor, - libaudit, -@@ -135,6 +131,16 @@ libcore = shared_library( - libselinux, - threads, - userspace], -+ build_by_default : false) -+ -+libcore = shared_library( -+ libcore_name, -+ c_args : ['-fvisibility=default'], -+ link_args : ['-shared', -+ '-Wl,--version-script=' + libshared_sym_path], -+ link_depends : libshared_sym_path, -+ link_whole: libcore_static, -+ link_with : libshared, - install : true, - install_dir : pkglibdir) - diff --git a/0062-meson-add-option-to-build-systemd-executor-staticall.patch b/0062-meson-add-option-to-build-systemd-executor-staticall.patch deleted file mode 100644 index a7464ff..0000000 --- a/0062-meson-add-option-to-build-systemd-executor-staticall.patch +++ /dev/null @@ -1,101 +0,0 @@ -From f3b375da4cd070788b2b8a21fe678c15cb4babe8 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 3 Jul 2024 17:05:31 +0200 -Subject: [PATCH] meson: add option to build systemd-executor "statically" - -The new link-executor-shared option is similar to the existing -link-udev-shared: when set to false, we link to the static versions of our -internal libraries. - -The resulting exuctor binary is fairly large, about as large as libsystemd-core -(14 MB without lto, 8 with lto). - -This is intended as a workaround for the fuckup with the pinned executor -binary: -when an upgrade is performed, the package manager will install new version of -the libraries and new version of the code, and some time later reexecute the -managers. This creates a window when the pinned executor binary will fail to -execute. There are two factors which make the issue easier to hit: - -- when the distribution uses a finely-grained shared-lib-tag. E.g. Fedora - uses version-release as the tag, which means that the issue occurs on - every package upgrade. This is the right thing to do, because the - ABI of our internal libraries is not stable at all, so replacing the - library from a different version in place creates a window where our - programs may crash or misbehave. - -- when the distribution doesn't immediately reexec all the managers after - upgrade. In early versions of systemd, we used to hammer the machine during - upgrade, doing daemon-reexecs repeatedly. This works, but is ugly and - wasteful. Doing the reexecs while the upgrade is in progres also creates a - window where a mix of old and new configs or both is loaded. Users are - particularly annoyed by those reloads if there is some issue in the - configuration causing us to emit warnings on every reexec. Doing the - reexecs once after the new configuration and libraries have been put - in place is nicer. - -The pinning of the executor binary breaks upgrades and in particular -it penalizes the distributions which make use of the features which -were previously added to avoid bugs and inefficiency during upgrades. - -When the executor is linked statically, there is a smaller chance that it'll -fail to load libraries. The issue can still occur because other libraries, not -our own, are linked dynamically. - -see currently unmerged https://github.com/systemd/systemd/pull/33599 - -RHEL-only workaround - -Resolves: RHEL-46020 ---- - meson_options.txt | 2 ++ - src/core/meson.build | 16 ++++++++++++---- - 2 files changed, 14 insertions(+), 4 deletions(-) - -diff --git a/meson_options.txt b/meson_options.txt -index d52ca4e4b5..3cce818392 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -21,6 +21,8 @@ option('rootprefix', type : 'string', deprecated: true, - description : '''This option is deprecated and will be removed in a future release''') - option('link-udev-shared', type : 'boolean', - description : 'link systemd-udevd and its helpers to libsystemd-shared.so') -+option('link-executor-shared', type : 'boolean', -+ description : 'link systemd-executor to libsystemd-shared.so and libsystemd-core.so') - option('link-systemctl-shared', type: 'boolean', - description : 'link systemctl against libsystemd-shared.so') - option('link-networkd-shared', type: 'boolean', -diff --git a/src/core/meson.build b/src/core/meson.build -index 1ef31cc529..dbeb752977 100644 ---- a/src/core/meson.build -+++ b/src/core/meson.build -@@ -156,6 +156,17 @@ systemd_executor_sources = files( - 'exec-invoke.c', - ) - -+executor_libs = get_option('link-executor-shared') ? \ -+ [ -+ libcore, -+ libshared, -+ ] : [ -+ libcore_static, -+ libshared_static, -+ libbasic_static, -+ libsystemd_static, -+ ] -+ - executables += [ - libexec_template + { - 'name' : 'systemd', -@@ -173,10 +184,7 @@ executables += [ - 'public' : true, - 'sources' : systemd_executor_sources, - 'include_directories' : core_includes, -- 'link_with' : [ -- libcore, -- libshared, -- ], -+ 'link_with' : executor_libs, - 'dependencies' : [ - libapparmor, - libpam, diff --git a/0065-doc-add-downstream-CONTRIBUTING-document.patch b/0065-doc-add-downstream-CONTRIBUTING-document.patch deleted file mode 100644 index c28d26d..0000000 --- a/0065-doc-add-downstream-CONTRIBUTING-document.patch +++ /dev/null @@ -1,108 +0,0 @@ -From f7c92899a77656a1bb7586f83c27b00cd5ea0707 Mon Sep 17 00:00:00 2001 -From: Jan Macku -Date: Thu, 27 Jun 2024 10:17:06 +0200 -Subject: [PATCH] doc: add downstream CONTRIBUTING document - -rhel-only: doc - -Related: RHEL-40924 ---- - CONTRIBUTING.md | 75 +++++++++++++++++++++++++++++++++++++++++++++++++ - README.md | 2 +- - 2 files changed, 76 insertions(+), 1 deletion(-) - create mode 100644 CONTRIBUTING.md - -diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md -new file mode 100644 -index 0000000000..28466facac ---- /dev/null -+++ b/CONTRIBUTING.md -@@ -0,0 +1,75 @@ -+# Contributing -+ -+Welcome to systemd source-git for CentOS Stream and RHEL. When contributing, please follow the guide below. -+ -+## Workflow -+ -+```mermaid -+flowchart LR -+ A(Issue) --> B{is fixed\nupstream} -+ B -->|YES| C(backport\nupstream patch) -+ B -->|NO| D(upstream\nsubmit issue or PR) -+ D --> E{accepted\nand fixed} -+ E -->|YES| C -+ E -->|NO| F(rhel-only patch) --> G -+ C --> G(submit PR) -+``` -+ -+## Filing issues -+ -+When you find an issue with systemd used in **CentOS Stream** or **RHEL**, please file an issue in Red Hat [Jira ticket system](https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12332745&issuetype=1&components=12380515). -+ -+GitHub Issues are not supported tracking system. If your issue is reproducible using the latest upstream version of systemd, please consider creating [upstream issue](https://github.com/systemd/systemd/issues/new/choose). -+ -+## Posting Pull Requests -+ -+Every Pull Request has to comply with the following rules: -+ -+- Each commit has to reference [upstream](https://github.com/systemd/systemd) commit. -+- Each commit has to reference the approved issue/tracker. -+- Pull requests have to pass mandatory CI validation and testing -+- Pull requests have to be approved by at least one systemd downstream maintainer -+ -+### Upstream reference -+ -+When doing a back-port of an upstream commit, always use `cherry-pick -x `. Consider proposing a change upstream first when an upstream commit doesn't exist. -+If the change isn't upstream relevant or accepted by upstream, mark the commit with the `rhel-only: ` string, where a `` is: -+ -+- `feature` - for feature-related commits (cross-version) -+- `bugfix` - for bugfix-related commits (cross-version) -+- `doc` - for documentation-related commits (usually version-specific) -+- `workaround` - for workaround-related commits (usually version-specific) -+- `ci` - for CI-related commits (version-specific) -+- `test` - for test-related commits (version-specific) -+- `other` - for commits that do not fit into any of the above categories (version-specific) -+ -+```md -+doc: Fix TYPO -+ -+rhel-only: doc -+ -+Resolves: RHEL-678 -+``` -+ -+### Issue reference -+ -+Each commit has to reference the relevant approved systemd issue (see: [Filling issues section](#filing-issues)). For referencing issues, we use the following keywords: -+ -+- **Resolves** for commits that directly resolve issues described in a referenced tracker -+- **Related** for commits related to the referenced issue, but they don't fix it. Usually, tests and documentation. -+- **Reverts** for commits that reverts previously merged commit -+ -+When referencing issues, use the following structure: `: `. See the example below: -+ -+```md -+doc: Fix TYPO -+ -+(cherry picked from commit c5afbac31bb33e7b1f4d59b253425af991a630a4) -+ -+Resolves: RHEL-678 -+``` -+ -+### Validation and testing -+ -+Each Pull Request has to pass all enabled tests that are automatically run using GitHub Actions, CentOS Stream CI, and others. -+If CI failure is unrelated to the change introduced in Pull Request, the downstream maintainer will set the `ci-waived` label and explain why CI was waived. -diff --git a/README.md b/README.md -index 12f1381f08..421a2e6572 100644 ---- a/README.md -+++ b/README.md -@@ -30,7 +30,7 @@ Please see the [Code Map](docs/ARCHITECTURE.md) for information about this repos - - Please see the [Hacking guide](docs/HACKING.md) for information on how to hack on systemd and test your modifications. - --Please see our [Contribution Guidelines](docs/CONTRIBUTING.md) for more information about filing GitHub Issues and posting GitHub Pull Requests. -+Please see our [Contribution Guidelines](CONTRIBUTING.md) for more information about filing GitHub Issues and posting GitHub Pull Requests. - - When preparing patches for systemd, please follow our [Coding Style Guidelines](docs/CODING_STYLE.md). - diff --git a/0066-ci-allow-policy-as-rhel-only-keyword.patch b/0066-ci-allow-policy-as-rhel-only-keyword.patch deleted file mode 100644 index 76d27f3..0000000 --- a/0066-ci-allow-policy-as-rhel-only-keyword.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 5d244e25b994f1db5988cf6de14fff9058a75bc2 Mon Sep 17 00:00:00 2001 -From: Jan Macku -Date: Mon, 15 Jul 2024 14:13:14 +0200 -Subject: [PATCH] ci: allow `policy` as rhel-only keyword - -rhel-only: ci - -Related: RHEL-40924 ---- - .github/advanced-commit-linter.yml | 4 ++-- - CONTRIBUTING.md | 1 + - 2 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/.github/advanced-commit-linter.yml b/.github/advanced-commit-linter.yml -index 3e3e3fe2bf..4a7e6542b4 100644 ---- a/.github/advanced-commit-linter.yml -+++ b/.github/advanced-commit-linter.yml -@@ -4,8 +4,8 @@ policy: - - github: systemd/systemd - exception: - note: -- - 'rhel-only: (feature|bugfix|doc|workaround|ci|test|other)' -- - 'RHEL-only: (feature|bugfix|doc|workaround|ci|test|other)' -+ - 'rhel-only: (feature|bugfix|policy|doc|workaround|ci|test|other)' -+ - 'RHEL-only: (feature|bugfix|policy|doc|workaround|ci|test|other)' - tracker: - - keyword: - - 'Resolves: ' -diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md -index 28466facac..c2e3a2d4d0 100644 ---- a/CONTRIBUTING.md -+++ b/CONTRIBUTING.md -@@ -37,6 +37,7 @@ If the change isn't upstream relevant or accepted by upstream, mark the commit w - - - `feature` - for feature-related commits (cross-version) - - `bugfix` - for bugfix-related commits (cross-version) -+- `policy` - for policy-related commits (cross-version) - - `doc` - for documentation-related commits (usually version-specific) - - `workaround` - for workaround-related commits (usually version-specific) - - `ci` - for CI-related commits (version-specific) diff --git a/0070-packit-drop-the-dependency-on-python3-zstd.patch b/0070-packit-drop-the-dependency-on-python3-zstd.patch deleted file mode 100644 index 8b52cc0..0000000 --- a/0070-packit-drop-the-dependency-on-python3-zstd.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 43bf3e1a42e2c1a6ecd0ca6fd72c9bc6fe904703 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Wed, 17 Jul 2024 12:22:55 +0200 -Subject: [PATCH] packit: drop the dependency on python3-zstd - -Since it's only in the RHEL buildroot repo. - -rhel-only: ci - -Related: RHEL-40924 ---- - .packit.yml | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/.packit.yml b/.packit.yml -index 03b3aae7d5..48ba210947 100644 ---- a/.packit.yml -+++ b/.packit.yml -@@ -39,6 +39,9 @@ actions: - - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec' - # Ignore unpackaged standalone binaries - - "sed -i 's/assert False,.*/pass/' .packit_rpm/split-files.py" -+ # Drop the python3dist(zstd) dependency, as it's only in the RHEL buildroot -+ # repo -+ - "sed -i '/python3dist(zstd)/d' .packit_rpm/systemd.spec" - - # Available targets can be listed via `copr-cli list-chroots` - jobs: diff --git a/0077-udev-builtin-net_id-use-firmware_node-sun-for-ID_NET.patch b/0077-udev-builtin-net_id-use-firmware_node-sun-for-ID_NET.patch deleted file mode 100644 index ff6c617..0000000 --- a/0077-udev-builtin-net_id-use-firmware_node-sun-for-ID_NET.patch +++ /dev/null @@ -1,197 +0,0 @@ -From 45fe2e91e4f73c998ff4d29c316cc4fca9d25942 Mon Sep 17 00:00:00 2001 -From: Etienne Champetier -Date: Tue, 9 Jul 2024 11:53:50 -0400 -Subject: [PATCH] udev-builtin-net_id: use firmware_node/sun for - ID_NET_NAME_SLOT - -pci_get_hotplug_slot() has the following limitations: -- if slots are not hotpluggable, they are not in /sys/bus/pci/slots. -- the address at /sys/bus/pci/slots/X/addr doesn't contains the function part, - so on some system, 2 different slots with different _SUN end up with the same - hotplug_slot, leading to naming conflicts. -- it tries all parent devices until it finds a slot number, which is incorrect, - and what led to NAMING_BRIDGE_MULTIFUNCTION_SLOT being disabled. - -The use of PCI hotplug to find the slot (ACPI _SUN) was introduced in -https://github.com/systemd/systemd/commit/0035597a30d120f70df2dd7da3d6128fb8ba6051 -"udev: net_id - export PCI hotplug slot names" on 2012/11/26. -At the same time on the kernel side we got -https://github.com/torvalds/linux/commit/bb74ac23b10820d8722c3e1f4add9ef59e703f63 -"ACPI: create _SUN sysfs file" on 2012/11/16. - -Using PCI hotplug was the only way at the time, but now 12 years later we can use -firmware_node/sun sysfs file. -Looking at a small selection of server HW, for HPE (Gen10 DL325), the _SUN is attached -to the NIC device, whereas for Dell (R640/R6515/R6615) and Cisco (UCSC-C220-M5SX), -the _SUN is on the first parent pcieport. - -We still fallback to pci_get_hotplug_slot() to handle the s390 case and -maybe some other coner cases (_SUN on grand parent device that is not a -bridge ?). - -(cherry picked from commit 0a4ecc54cb9f2d3418b970c51bfadb69c34ae9eb) - -Related: RHEL-44416 ---- - man/systemd.net-naming-scheme.xml | 6 ++- - src/shared/netif-naming-scheme.h | 5 ++- - src/udev/udev-builtin-net_id.c | 72 ++++++++++++++++++++++++++----- - 3 files changed, 69 insertions(+), 14 deletions(-) - -diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml -index b2d78c95ab..ea9a9c8d3c 100644 ---- a/man/systemd.net-naming-scheme.xml -+++ b/man/systemd.net-naming-scheme.xml -@@ -528,7 +528,7 @@ - - rhel-10.0 - -- Same as naming scheme v255. -+ PCI slot number is now read from firmware_node/sun sysfs file - - - -@@ -604,6 +604,8 @@ - children of the same PCI bridge, e.g. there are multiple PCI bridges in the same slot. - - -+ PCI slot number is now read from firmware_node/sun sysfs file -+ - - - -@@ -798,7 +800,7 @@ ID_NET_NAME_ONBOARD_LABEL=Ethernet Port 1 - - - -- PCI Ethernet card in hotplug slot with firmware index number -+ PCI Ethernet card in slot with firmware index number - - # /sys/devices/pci0000:00/0000:00:1c.3/0000:05:00.0/net/ens1 - ID_NET_NAME_MAC=enx000000000466 -diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h -index a55bb0b1cb..229232d452 100644 ---- a/src/shared/netif-naming-scheme.h -+++ b/src/shared/netif-naming-scheme.h -@@ -43,6 +43,7 @@ typedef enum NamingSchemeFlags { - NAMING_DEVICETREE_ALIASES = 1 << 15, /* Generate names from devicetree aliases */ - NAMING_USB_HOST = 1 << 16, /* Generate names for usb host */ - NAMING_SR_IOV_R = 1 << 17, /* Use "r" suffix for SR-IOV VF representors */ -+ NAMING_FIRMWARE_NODE_SUN = 1 << 18, /* Use firmware_node/sun to get PCI slot number */ - - /* And now the masks that combine the features above */ - NAMING_V238 = 0, -@@ -80,9 +81,9 @@ typedef enum NamingSchemeFlags { - NAMING_RHEL_9_2 = NAMING_RHEL_9_0, - NAMING_RHEL_9_3 = NAMING_RHEL_9_0 | NAMING_SR_IOV_R, - NAMING_RHEL_9_4 = NAMING_RHEL_9_3, -- NAMING_RHEL_9_5 = NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT, -+ NAMING_RHEL_9_5 = (NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT) | NAMING_FIRMWARE_NODE_SUN, - -- NAMING_RHEL_10_0 = NAMING_V255, -+ NAMING_RHEL_10_0 = NAMING_V255 | NAMING_FIRMWARE_NODE_SUN, - - EXTRA_NET_NAMING_SCHEMES - -diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c -index 384a1f31cb..d34357fdb2 100644 ---- a/src/udev/udev-builtin-net_id.c -+++ b/src/udev/udev-builtin-net_id.c -@@ -566,6 +566,51 @@ static int pci_get_hotplug_slot(sd_device *dev, uint32_t *ret) { - return -ENOENT; - } - -+static int get_device_firmware_node_sun(sd_device *dev, uint32_t *ret) { -+ const char *attr; -+ int r; -+ -+ assert(dev); -+ assert(ret); -+ -+ r = device_get_sysattr_value_filtered(dev, "firmware_node/sun", &attr); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to read firmware_node/sun, ignoring: %m"); -+ -+ r = safe_atou32(attr, ret); -+ if (r < 0) -+ return log_device_warning_errno(dev, r, "Failed to parse firmware_node/sun '%s', ignoring: %m", attr); -+ -+ return 0; -+} -+ -+static int pci_get_slot_from_firmware_node_sun(sd_device *dev, uint32_t *ret) { -+ int r; -+ sd_device *slot_dev; -+ -+ assert(dev); -+ assert(ret); -+ -+ /* Try getting the ACPI _SUN for the device */ -+ if (get_device_firmware_node_sun(dev, ret) >= 0) -+ return 0; -+ -+ r = sd_device_get_parent_with_subsystem_devtype(dev, "pci", NULL, &slot_dev); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to find pci parent, ignoring: %m"); -+ -+ if (is_pci_bridge(slot_dev) && is_pci_multifunction(dev) <= 0) -+ return log_device_debug_errno(dev, SYNTHETIC_ERRNO(ESTALE), -+ "Not using slot information because the parent pcieport " -+ "is a bridge and the PCI device is not multifunction."); -+ -+ /* Try getting the ACPI _SUN from the parent pcieport */ -+ if (get_device_firmware_node_sun(slot_dev, ret) >= 0) -+ return 0; -+ -+ return -ENOENT; -+} -+ - static int get_pci_slot_specifiers( - sd_device *dev, - char **ret_domain, -@@ -616,7 +661,7 @@ static int get_pci_slot_specifiers( - - static int names_pci_slot(sd_device *dev, sd_device *pci_dev, const char *prefix, const char *suffix, EventMode mode) { - _cleanup_free_ char *domain = NULL, *bus_and_slot = NULL, *func = NULL, *port = NULL; -- uint32_t hotplug_slot = 0; /* avoid false maybe-uninitialized warning */ -+ uint32_t slot = 0; /* avoid false maybe-uninitialized warning */ - char str[ALTIFNAMSIZ]; - int r; - -@@ -641,20 +686,27 @@ static int names_pci_slot(sd_device *dev, sd_device *pci_dev, const char *prefix - strna(domain), bus_and_slot, strna(func), strna(port), - special_glyph(SPECIAL_GLYPH_ARROW_RIGHT), empty_to_na(str)); - -- r = pci_get_hotplug_slot(pci_dev, &hotplug_slot); -- if (r < 0) -- return r; -- if (r > 0) -- /* If the hotplug slot is found through the function ID, then drop the domain from the name. -- * See comments in parse_hotplug_slot_from_function_id(). */ -- domain = mfree(domain); -+ if (naming_scheme_has(NAMING_FIRMWARE_NODE_SUN)) -+ r = pci_get_slot_from_firmware_node_sun(pci_dev, &slot); -+ else -+ r = -1; -+ /* If we don't find a slot using firmware_node/sun, fallback to hotplug_slot */ -+ if (r < 0) { -+ r = pci_get_hotplug_slot(pci_dev, &slot); -+ if (r < 0) -+ return r; -+ if (r > 0) -+ /* If the hotplug slot is found through the function ID, then drop the domain from the name. -+ * See comments in parse_hotplug_slot_from_function_id(). */ -+ domain = mfree(domain); -+ } - - if (snprintf_ok(str, sizeof str, "%s%ss%"PRIu32"%s%s%s", -- prefix, strempty(domain), hotplug_slot, strempty(func), strempty(port), strempty(suffix))) -+ prefix, strempty(domain), slot, strempty(func), strempty(port), strempty(suffix))) - udev_builtin_add_property(dev, mode, "ID_NET_NAME_SLOT", str); - - log_device_debug(dev, "Slot identifier: domain=%s slot=%"PRIu32" func=%s port=%s %s %s", -- strna(domain), hotplug_slot, strna(func), strna(port), -+ strna(domain), slot, strna(func), strna(port), - special_glyph(SPECIAL_GLYPH_ARROW_RIGHT), empty_to_na(str)); - - return 0; diff --git a/0078-man-net-naming-scheme-add-missing-period.patch b/0078-man-net-naming-scheme-add-missing-period.patch deleted file mode 100644 index 5a04788..0000000 --- a/0078-man-net-naming-scheme-add-missing-period.patch +++ /dev/null @@ -1,36 +0,0 @@ -From f5470e9076138ccf69fb6576e950a75da4b89717 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 2 Aug 2024 16:51:15 +0900 -Subject: [PATCH] man/net-naming-scheme: add missing period - -Follow-up for 0a4ecc54cb9f2d3418b970c51bfadb69c34ae9eb. - -(cherry picked from commit 2bb72aadb8169c9310c8ca0d586d277a4a71e2f8) - -Related: RHEL-44416 ---- - man/systemd.net-naming-scheme.xml | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml -index ea9a9c8d3c..e458b5dd6b 100644 ---- a/man/systemd.net-naming-scheme.xml -+++ b/man/systemd.net-naming-scheme.xml -@@ -528,7 +528,7 @@ - - rhel-10.0 - -- PCI slot number is now read from firmware_node/sun sysfs file -+ PCI slot number is now read from firmware_node/sun sysfs file. - - - -@@ -604,7 +604,7 @@ - children of the same PCI bridge, e.g. there are multiple PCI bridges in the same slot. - - -- PCI slot number is now read from firmware_node/sun sysfs file -+ PCI slot number is now read from firmware_node/sun sysfs file. - - - diff --git a/0079-Revert-packit-drop-the-dependency-on-python3-zstd.patch b/0079-Revert-packit-drop-the-dependency-on-python3-zstd.patch deleted file mode 100644 index c3f26af..0000000 --- a/0079-Revert-packit-drop-the-dependency-on-python3-zstd.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 6bec94d825960a39bed6429531e722fd1571664b Mon Sep 17 00:00:00 2001 -From: Jan Macku -Date: Wed, 14 Aug 2024 12:21:59 +0200 -Subject: [PATCH] Revert "packit: drop the dependency on python3-zstd" - -This reverts commit 43bf3e1a42e2c1a6ecd0ca6fd72c9bc6fe904703. - -rhel-only: ci - -Related: RHEL-36636 ---- - .packit.yml | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/.packit.yml b/.packit.yml -index 48ba210947..03b3aae7d5 100644 ---- a/.packit.yml -+++ b/.packit.yml -@@ -39,9 +39,6 @@ actions: - - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec' - # Ignore unpackaged standalone binaries - - "sed -i 's/assert False,.*/pass/' .packit_rpm/split-files.py" -- # Drop the python3dist(zstd) dependency, as it's only in the RHEL buildroot -- # repo -- - "sed -i '/python3dist(zstd)/d' .packit_rpm/systemd.spec" - - # Available targets can be listed via `copr-cli list-chroots` - jobs: diff --git a/0080-systemctl-do-not-try-to-acquire-triggering-units-for.patch b/0080-systemctl-do-not-try-to-acquire-triggering-units-for.patch deleted file mode 100644 index 8ab3b20..0000000 --- a/0080-systemctl-do-not-try-to-acquire-triggering-units-for.patch +++ /dev/null @@ -1,48 +0,0 @@ -From a81dc0cad9c24df7c005378fe2c438a98054a7d3 Mon Sep 17 00:00:00 2001 -From: Mike Yuan -Date: Sun, 30 Jun 2024 13:12:45 +0200 -Subject: [PATCH] systemctl: do not try to acquire triggering units for - template units - -(cherry picked from commit 09d6038d833468ba7c24c658597387ef699ca4fd) - -Resolves: RHEL-55132 ---- - src/systemctl/systemctl-util.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/src/systemctl/systemctl-util.c b/src/systemctl/systemctl-util.c -index 2482b7ccb2..08a3ebe128 100644 ---- a/src/systemctl/systemctl-util.c -+++ b/src/systemctl/systemctl-util.c -@@ -327,14 +327,15 @@ int get_active_triggering_units(sd_bus *bus, const char *unit, bool ignore_maske - if (r < 0) - return r; - -+ if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) -+ goto skip; -+ - if (ignore_masked) { - r = unit_is_masked(bus, name); - if (r < 0) - return r; -- if (r > 0) { -- *ret = NULL; -- return 0; -- } -+ if (r > 0) -+ goto skip; - } - - dbus_path = unit_dbus_path_from_name(name); -@@ -370,6 +371,10 @@ int get_active_triggering_units(sd_bus *bus, const char *unit, bool ignore_maske - - *ret = TAKE_PTR(active); - return 0; -+ -+skip: -+ *ret = NULL; -+ return 0; - } - - void warn_triggering_units(sd_bus *bus, const char *unit, const char *operation, bool ignore_masked) { diff --git a/0081-core-unit-add-one-assertion-for-u-manager.patch b/0081-core-unit-add-one-assertion-for-u-manager.patch deleted file mode 100644 index 9986235..0000000 --- a/0081-core-unit-add-one-assertion-for-u-manager.patch +++ /dev/null @@ -1,24 +0,0 @@ -From dee8164e2d136efb7bac04775c8bef255f659766 Mon Sep 17 00:00:00 2001 -From: Mike Yuan -Date: Sat, 22 Jun 2024 12:08:39 +0200 -Subject: [PATCH] core/unit: add one assertion for u->manager - -(cherry picked from commit 8b17371b6185c9829bb21a813aadb2225ccfc4de) - -Resolves: RHEL-55734 ---- - src/core/unit.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/core/unit.c b/src/core/unit.c -index a5556ba462..c668c45ee9 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -6103,6 +6103,7 @@ int unit_test_trigger_loaded(Unit *u) { - - void unit_destroy_runtime_data(Unit *u, const ExecContext *context) { - assert(u); -+ assert(u->manager); - assert(context); - - /* EXEC_PRESERVE_RESTART is handled via unit_release_resources()! */ diff --git a/0082-core-service-destroy-runtime-data-when-Type-oneshot-.patch b/0082-core-service-destroy-runtime-data-when-Type-oneshot-.patch deleted file mode 100644 index 1529c48..0000000 --- a/0082-core-service-destroy-runtime-data-when-Type-oneshot-.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 45d326633b32f4dee739ca38a67347c828c1c136 Mon Sep 17 00:00:00 2001 -From: Mike Yuan -Date: Sat, 22 Jun 2024 12:03:50 +0200 -Subject: [PATCH] core/service: destroy runtime data when Type=oneshot services - exit - -Currently, we have a bunch of Type=oneshot + RemainAfterExit=yes -services that make use of credentials. When those exits, the cred mounts -remain established, which is pointless and quite annoying. Let's -instead destroy the runtime data on SERVICE_EXITED, if no process -will be spawned for the unit again. - -(cherry picked from commit c26948c6dae1d2ca13499b36f193b13a0760834c) - -Resolves: RHEL-55734 ---- - src/core/service.c | 37 ++++++++++++++++++++++++++----------- - 1 file changed, 26 insertions(+), 11 deletions(-) - -diff --git a/src/core/service.c b/src/core/service.c -index 6e81460ad0..60cc902745 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -1206,13 +1206,12 @@ static void service_search_main_pid(Service *s) { - } - - static void service_set_state(Service *s, ServiceState state) { -+ Unit *u = UNIT(ASSERT_PTR(s)); - ServiceState old_state; - const UnitActiveState *table; - -- assert(s); -- - if (s->state != state) -- bus_unit_send_pending_change_signal(UNIT(s), false); -+ bus_unit_send_pending_change_signal(u, false); - - table = s->type == SERVICE_IDLE ? state_translation_table_idle : state_translation_table; - -@@ -1246,8 +1245,8 @@ static void service_set_state(Service *s, ServiceState state) { - SERVICE_DEAD, SERVICE_FAILED, - SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_FAILED_BEFORE_AUTO_RESTART, SERVICE_AUTO_RESTART, SERVICE_AUTO_RESTART_QUEUED, - SERVICE_DEAD_RESOURCES_PINNED)) { -- unit_unwatch_all_pids(UNIT(s)); -- unit_dequeue_rewatch_pids(UNIT(s)); -+ unit_unwatch_all_pids(u); -+ unit_dequeue_rewatch_pids(u); - } - - if (state != SERVICE_START) -@@ -1256,15 +1255,31 @@ static void service_set_state(Service *s, ServiceState state) { - if (!IN_SET(state, SERVICE_START_POST, SERVICE_RUNNING, SERVICE_RELOAD, SERVICE_RELOAD_SIGNAL, SERVICE_RELOAD_NOTIFY)) - service_stop_watchdog(s); - -- /* For the inactive states unit_notify() will trim the cgroup, -- * but for exit we have to do that ourselves... */ -- if (state == SERVICE_EXITED && !MANAGER_IS_RELOADING(UNIT(s)->manager)) -- unit_prune_cgroup(UNIT(s)); -+ if (state == SERVICE_EXITED && !MANAGER_IS_RELOADING(u->manager)) { -+ /* For the inactive states unit_notify() will trim the cgroup. But for exit we have to -+ * do that ourselves... */ -+ unit_prune_cgroup(u); -+ -+ /* If none of ExecReload= and ExecStop*= is used, we can safely destroy runtime data -+ * as soon as the service enters SERVICE_EXITED. This saves us from keeping the credential mount -+ * for the whole duration of the oneshot service while no processes are actually running, -+ * among other things. */ -+ -+ bool start_only = true; -+ for (ServiceExecCommand c = SERVICE_EXEC_RELOAD; c < _SERVICE_EXEC_COMMAND_MAX; c++) -+ if (s->exec_command[c]) { -+ start_only = false; -+ break; -+ } -+ -+ if (start_only) -+ unit_destroy_runtime_data(u, &s->exec_context); -+ } - - if (old_state != state) -- log_unit_debug(UNIT(s), "Changed %s -> %s", service_state_to_string(old_state), service_state_to_string(state)); -+ log_unit_debug(u, "Changed %s -> %s", service_state_to_string(old_state), service_state_to_string(state)); - -- unit_notify(UNIT(s), table[old_state], table[state], s->reload_result == SERVICE_SUCCESS); -+ unit_notify(u, table[old_state], table[state], s->reload_result == SERVICE_SUCCESS); - } - - static usec_t service_coldplug_timeout(Service *s) { diff --git a/0083-cgroup-util-Ignore-kernel-threads-in-cg_kill_items.patch b/0083-cgroup-util-Ignore-kernel-threads-in-cg_kill_items.patch deleted file mode 100644 index a0ad409..0000000 --- a/0083-cgroup-util-Ignore-kernel-threads-in-cg_kill_items.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 05c29b1e58784c87ecb4ae7b56425af786e1cd05 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Tue, 30 Jul 2024 11:53:32 +0200 -Subject: [PATCH] cgroup-util: Ignore kernel threads in cg_kill_items() - -Similar to the implementation of cgroup.kill in the kernel, let's -skip kernel threads in cg_kill_items() as trying to kill kernel -threads as an unprivileged process will fail with EPERM and doesn't -do anything when running privileged. - -(cherry picked from commit 0fbb569de1dcc06118dba006cf7a40caf6cd94d0) - -Resolves: RHEL-55746 ---- - src/basic/cgroup-util.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c -index 553ee6075a..1fc83a656a 100644 ---- a/src/basic/cgroup-util.c -+++ b/src/basic/cgroup-util.c -@@ -369,6 +369,12 @@ static int cg_kill_items( - if (set_get(s, PID_TO_PTR(pidref.pid)) == PID_TO_PTR(pidref.pid)) - continue; - -+ /* Ignore kernel threads to mimick the behavior of cgroup.kill. */ -+ if (pidref_is_kernel_thread(&pidref) > 0) { -+ log_debug("Ignoring kernel thread with pid " PID_FMT " in cgroup '%s'", pidref.pid, path); -+ continue; -+ } -+ - if (log_kill) - ret_log_kill = log_kill(&pidref, sig, userdata); - diff --git a/0084-cgroup-util-Don-t-try-to-open-pidfd-for-kernel-threa.patch b/0084-cgroup-util-Don-t-try-to-open-pidfd-for-kernel-threa.patch deleted file mode 100644 index f89482c..0000000 --- a/0084-cgroup-util-Don-t-try-to-open-pidfd-for-kernel-threa.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 418d2192e0e2bcdc7fe10f4f331231a2ad5a5c00 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 31 Jul 2024 13:38:50 +0200 -Subject: [PATCH] cgroup-util: Don't try to open pidfd for kernel threads - -The kernel might start returning -EINVAL when trying to open pidfd's -for kernel threads so let's not try to open pidfd's for kernel threads. - -(cherry picked from commit ead48ec35c863650944352a3455f26ce3b393058) - -Resolves: RHEL-55746 ---- - src/basic/cgroup-util.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c -index 1fc83a656a..b0fe0ecbe8 100644 ---- a/src/basic/cgroup-util.c -+++ b/src/basic/cgroup-util.c -@@ -149,7 +149,9 @@ int cg_read_pidref(FILE *f, PidRef *ret, CGroupFlags flags) { - if (pid == 0) - return -EREMOTE; - -- if (FLAGS_SET(flags, CGROUP_NO_PIDFD)) { -+ /* We might read kernel thread pids from cgroup.procs for which we cannot create a pidfd so -+ * catch those and don't try to create a pidfd for them. */ -+ if (FLAGS_SET(flags, CGROUP_NO_PIDFD) || pid_is_kernel_thread(pid) > 0) { - *ret = PIDREF_MAKE_FROM_PID(pid); - return 1; - } diff --git a/0085-cgroup-util-fix-typo.patch b/0085-cgroup-util-fix-typo.patch deleted file mode 100644 index e98aa10..0000000 --- a/0085-cgroup-util-fix-typo.patch +++ /dev/null @@ -1,27 +0,0 @@ -From d41b2bdf876e0d46486c1800d5ee12a6f641a9d4 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 3 Aug 2024 05:48:51 +0900 -Subject: [PATCH] cgroup-util: fix typo - -Follow-up for 0fbb569de1dcc06118dba006cf7a40caf6cd94d0. - -(cherry picked from commit ec4964692ae0e080c596610adee2ddb83008c839) - -Resolves: RHEL-55746 ---- - src/basic/cgroup-util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c -index b0fe0ecbe8..2c64a54906 100644 ---- a/src/basic/cgroup-util.c -+++ b/src/basic/cgroup-util.c -@@ -371,7 +371,7 @@ static int cg_kill_items( - if (set_get(s, PID_TO_PTR(pidref.pid)) == PID_TO_PTR(pidref.pid)) - continue; - -- /* Ignore kernel threads to mimick the behavior of cgroup.kill. */ -+ /* Ignore kernel threads to mimic the behavior of cgroup.kill. */ - if (pidref_is_kernel_thread(&pidref) > 0) { - log_debug("Ignoring kernel thread with pid " PID_FMT " in cgroup '%s'", pidref.pid, path); - continue; diff --git a/0087-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch b/0087-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch deleted file mode 100644 index 2fa6969..0000000 --- a/0087-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 8da695b27c2620e6410e0b1a4d8dda4747d89b5f Mon Sep 17 00:00:00 2001 -From: Lukas Nykryn -Date: Thu, 22 Aug 2024 13:47:56 +0200 -Subject: [PATCH] net-naming-scheme: disable NAMING_FIRMWARE_NODE_SUN - -It seems that virtio devices always have "0" in -the firmware_node/sun. And because of that, udev will -always name the device ens0, which leads to collisions. -So let's disable it for now. - -rhel-only: policy -Resolves: RHEL-55728 ---- - man/systemd.net-naming-scheme.xml | 2 +- - src/shared/netif-naming-scheme.h | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml -index 610a05485b..8be24e4243 100644 ---- a/man/systemd.net-naming-scheme.xml -+++ b/man/systemd.net-naming-scheme.xml -@@ -528,7 +528,7 @@ - - rhel-10.0-beta - -- PCI slot number is now read from firmware_node/sun sysfs file. -+ Same as naming scheme v255. - - - -diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h -index 2e2023ba5b..fb733ba768 100644 ---- a/src/shared/netif-naming-scheme.h -+++ b/src/shared/netif-naming-scheme.h -@@ -83,7 +83,7 @@ typedef enum NamingSchemeFlags { - NAMING_RHEL_9_4 = NAMING_RHEL_9_3, - NAMING_RHEL_9_5 = (NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT) | NAMING_FIRMWARE_NODE_SUN, - -- NAMING_RHEL_10_0_BETA = NAMING_V255 | NAMING_FIRMWARE_NODE_SUN, -+ NAMING_RHEL_10_0_BETA = NAMING_V255, - - EXTRA_NET_NAMING_SCHEMES - diff --git a/0088-net-naming-scheme-remove-NAMING_FIRMWARE_NODE_SUN-fr.patch b/0088-net-naming-scheme-remove-NAMING_FIRMWARE_NODE_SUN-fr.patch deleted file mode 100644 index 8096f5d..0000000 --- a/0088-net-naming-scheme-remove-NAMING_FIRMWARE_NODE_SUN-fr.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 6a8e030c0a8481e42ee60a52e7a91f736537f5e3 Mon Sep 17 00:00:00 2001 -From: Lukas Nykryn -Date: Thu, 22 Aug 2024 14:31:54 +0200 -Subject: [PATCH] net-naming-scheme: remove NAMING_FIRMWARE_NODE_SUN from 9.5 - -rhel-only: policy -Resolves: RHEL-55728 ---- - man/systemd.net-naming-scheme.xml | 2 -- - src/shared/netif-naming-scheme.h | 2 +- - 2 files changed, 1 insertion(+), 3 deletions(-) - -diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml -index 8be24e4243..246c6509e3 100644 ---- a/man/systemd.net-naming-scheme.xml -+++ b/man/systemd.net-naming-scheme.xml -@@ -604,8 +604,6 @@ - children of the same PCI bridge, e.g. there are multiple PCI bridges in the same slot. - - -- PCI slot number is now read from firmware_node/sun sysfs file. -- - - - -diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h -index fb733ba768..b2b2ee648f 100644 ---- a/src/shared/netif-naming-scheme.h -+++ b/src/shared/netif-naming-scheme.h -@@ -81,7 +81,7 @@ typedef enum NamingSchemeFlags { - NAMING_RHEL_9_2 = NAMING_RHEL_9_0, - NAMING_RHEL_9_3 = NAMING_RHEL_9_0 | NAMING_SR_IOV_R, - NAMING_RHEL_9_4 = NAMING_RHEL_9_3, -- NAMING_RHEL_9_5 = (NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT) | NAMING_FIRMWARE_NODE_SUN, -+ NAMING_RHEL_9_5 = NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT, - - NAMING_RHEL_10_0_BETA = NAMING_V255, - diff --git a/0089-Revert-cgroup-util-Don-t-try-to-open-pidfd-for-kerne.patch b/0089-Revert-cgroup-util-Don-t-try-to-open-pidfd-for-kerne.patch deleted file mode 100644 index 2b96897..0000000 --- a/0089-Revert-cgroup-util-Don-t-try-to-open-pidfd-for-kerne.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 38623336fb84eb0df1f72ef8d472a36bb5d60822 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 21 Aug 2024 11:25:46 +0200 -Subject: [PATCH] Revert "cgroup-util: Don't try to open pidfd for kernel - threads" - -The kernel patch was reverted so let's try again to open pidfds -for kernel threads. - -This reverts commit ead48ec35c863650944352a3455f26ce3b393058. - -(cherry picked from commit 1ce69e06615e69692a6d02d447acfd77f5d44631) - -Related: RHEL-52634 ---- - src/basic/cgroup-util.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c -index 2c64a54906..a6ad711ac0 100644 ---- a/src/basic/cgroup-util.c -+++ b/src/basic/cgroup-util.c -@@ -149,9 +149,7 @@ int cg_read_pidref(FILE *f, PidRef *ret, CGroupFlags flags) { - if (pid == 0) - return -EREMOTE; - -- /* We might read kernel thread pids from cgroup.procs for which we cannot create a pidfd so -- * catch those and don't try to create a pidfd for them. */ -- if (FLAGS_SET(flags, CGROUP_NO_PIDFD) || pid_is_kernel_thread(pid) > 0) { -+ if (FLAGS_SET(flags, CGROUP_NO_PIDFD)) { - *ret = PIDREF_MAKE_FROM_PID(pid); - return 1; - } diff --git a/0090-ukify-Skip-test-on-architectures-without-UEFI.patch b/0090-ukify-Skip-test-on-architectures-without-UEFI.patch deleted file mode 100644 index e502a96..0000000 --- a/0090-ukify-Skip-test-on-architectures-without-UEFI.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 65dbacdb67ae94f7481a413dfea651b2d8a74d13 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 28 Aug 2024 14:08:30 +0200 -Subject: [PATCH] ukify: Skip test on architectures without UEFI - -(cherry picked from commit 5121f7c45b37afca53c89f42123b1dd6a04fa80f) - -Related: RHEL-52634 ---- - src/ukify/test/test_ukify.py | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/ukify/test/test_ukify.py b/src/ukify/test/test_ukify.py -index 0e3f932890..15d1578695 100755 ---- a/src/ukify/test/test_ukify.py -+++ b/src/ukify/test/test_ukify.py -@@ -35,6 +35,13 @@ except ImportError as e: - sys.path.append(os.path.dirname(__file__) + '/..') - import ukify - -+# Skip if we're running on an architecture that does not use UEFI. -+try: -+ ukify.guess_efi_arch() -+except ValueError as e: -+ print(str(e), file=sys.stderr) -+ sys.exit(77) -+ - build_root = os.getenv('PROJECT_BUILD_ROOT') - try: - slow_tests = bool(int(os.getenv('SYSTEMD_SLOW_TESTS', '1'))) diff --git a/0091-ci-rename-beta-branch-to-match-dist-git-name.patch b/0091-ci-rename-beta-branch-to-match-dist-git-name.patch deleted file mode 100644 index 10eeca5..0000000 --- a/0091-ci-rename-beta-branch-to-match-dist-git-name.patch +++ /dev/null @@ -1,25 +0,0 @@ -From d6ed92f6f6bffbf98700002eeed231af3336b40e Mon Sep 17 00:00:00 2001 -From: Jan Macku -Date: Thu, 5 Sep 2024 12:36:01 +0200 -Subject: [PATCH] ci: rename beta branch to match dist-git name - -rhel-only: ci - -Related: RHEL-57603 ---- - .github/tracker-validator.yml | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/.github/tracker-validator.yml b/.github/tracker-validator.yml -index 2e858606ff..1226b8a92a 100644 ---- a/.github/tracker-validator.yml -+++ b/.github/tracker-validator.yml -@@ -6,7 +6,7 @@ labels: - products: - - Red Hat Enterprise Linux 10 - - CentOS Stream 10 -- - rhel-10.0.beta -+ - rhel-10.0-beta - - rhel-10.0 - - rhel-10.0.z - - rhel-10.1 diff --git a/0092-udev-Handle-PTP-device-symlink-properly-on-udev-acti.patch b/0092-udev-Handle-PTP-device-symlink-properly-on-udev-acti.patch deleted file mode 100644 index 3fa0ed7..0000000 --- a/0092-udev-Handle-PTP-device-symlink-properly-on-udev-acti.patch +++ /dev/null @@ -1,41 +0,0 @@ -From ab07d071227dd878a7376296ab4baaca4522e4fb Mon Sep 17 00:00:00 2001 -From: Chengen Du -Date: Mon, 12 Aug 2024 11:41:52 +0800 -Subject: [PATCH] udev: Handle PTP device symlink properly on udev action - 'change' - -PTP device symlink creation rules are currently executed only when the -udev action is 'add'. If a user reloads the rules and runs the udevadm -trigger command to reapply changes, the symlink may be deleted, which -can prevent the chronyd service from restarting properly. - -Signed-off-by: Chengen Du -(cherry picked from commit 6bd12be3fa7761f190e17efdbdbff4440da7528b) - -Resolves: RHEL-59871 ---- - rules.d/50-udev-default.rules.in | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/rules.d/50-udev-default.rules.in b/rules.d/50-udev-default.rules.in -index 9b00c7037e..6f80feeecf 100644 ---- a/rules.d/50-udev-default.rules.in -+++ b/rules.d/50-udev-default.rules.in -@@ -30,6 +30,9 @@ SUBSYSTEM=="pci|usb|platform", IMPORT{builtin}="path_id" - - SUBSYSTEM=="net", IMPORT{builtin}="net_driver" - -+SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK+="ptp_kvm" -+SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK+="ptp_hyperv" -+ - ACTION!="add", GOTO="default_end" - - SUBSYSTEM=="tty", KERNEL=="ptmx", GROUP="tty", MODE="0666" -@@ -116,7 +119,4 @@ KERNEL=="vhost-net", GROUP="kvm", MODE="{{DEV_KVM_MODE}}", OPTIONS+="static_node - - KERNEL=="udmabuf", GROUP="kvm" - --SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK+="ptp_kvm" --SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK+="ptp_hyperv" -- - LABEL="default_end" diff --git a/0093-Fix-detection-of-TDX-confidential-VM-on-Azure-platfo.patch b/0093-Fix-detection-of-TDX-confidential-VM-on-Azure-platfo.patch deleted file mode 100644 index a4616df..0000000 --- a/0093-Fix-detection-of-TDX-confidential-VM-on-Azure-platfo.patch +++ /dev/null @@ -1,121 +0,0 @@ -From 1fbfcb7d98c95e80e9332770b78613a803c15c20 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= -Date: Tue, 30 Jul 2024 10:51:21 +0100 -Subject: [PATCH] Fix detection of TDX confidential VM on Azure platform -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The original CVM detection logic for TDX assumes that the guest can see -the standard TDX CPUID leaf. This was true in Azure when this code was -originally written, however, current Azure now blocks that leaf in the -paravisor. Instead it is required to use the same Azure specific CPUID -leaf that is used for SEV-SNP detection, which reports the VM isolation -type. - -Signed-off-by: Daniel P. Berrangé -(cherry picked from commit 9d7be044cad1ae54e344daf8f2ec37da46faf0fd) - -Related: RHEL-56144 ---- - src/basic/confidential-virt.c | 11 ++++++++--- - src/boot/efi/vmm.c | 9 ++++++--- - src/fundamental/confidential-virt-fundamental.h | 1 + - 3 files changed, 15 insertions(+), 6 deletions(-) - -diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c -index b6521cf5bf..8a88a3eb83 100644 ---- a/src/basic/confidential-virt.c -+++ b/src/basic/confidential-virt.c -@@ -76,7 +76,7 @@ static uint64_t msr(uint64_t index) { - return ret; - } - --static bool detect_hyperv_sev(void) { -+static bool detect_hyperv_cvm(uint32_t isoltype) { - uint32_t eax, ebx, ecx, edx, feat; - char sig[13] = {}; - -@@ -100,7 +100,7 @@ static bool detect_hyperv_sev(void) { - ebx = ecx = edx = 0; - cpuid(&eax, &ebx, &ecx, &edx); - -- if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == CPUID_HYPERV_ISOLATION_TYPE_SNP) -+ if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == isoltype) - return true; - } - -@@ -133,7 +133,7 @@ static ConfidentialVirtualization detect_sev(void) { - if (!(eax & EAX_SEV)) { - log_debug("No sev in CPUID, trying hyperv CPUID"); - -- if (detect_hyperv_sev()) -+ if (detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_SNP)) - return CONFIDENTIAL_VIRTUALIZATION_SEV_SNP; - - log_debug("No hyperv CPUID"); -@@ -171,6 +171,11 @@ static ConfidentialVirtualization detect_tdx(void) { - if (memcmp(sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0) - return CONFIDENTIAL_VIRTUALIZATION_TDX; - -+ log_debug("No tdx in CPUID, trying hyperv CPUID"); -+ -+ if (detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_TDX)) -+ return CONFIDENTIAL_VIRTUALIZATION_TDX; -+ - return CONFIDENTIAL_VIRTUALIZATION_NONE; - } - -diff --git a/src/boot/efi/vmm.c b/src/boot/efi/vmm.c -index 60e216d54c..3459461390 100644 ---- a/src/boot/efi/vmm.c -+++ b/src/boot/efi/vmm.c -@@ -337,7 +337,7 @@ static uint64_t msr(uint32_t index) { - return val; - } - --static bool detect_hyperv_sev(void) { -+static bool detect_hyperv_cvm(uint32_t isoltype) { - uint32_t eax, ebx, ecx, edx, feat; - char sig[13] = {}; - -@@ -354,7 +354,7 @@ static bool detect_hyperv_sev(void) { - if (ebx & CPUID_HYPERV_ISOLATION && !(ebx & CPUID_HYPERV_CPU_MANAGEMENT)) { - __cpuid(CPUID_HYPERV_ISOLATION_CONFIG, eax, ebx, ecx, edx); - -- if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == CPUID_HYPERV_ISOLATION_TYPE_SNP) -+ if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == isoltype) - return true; - } - -@@ -379,7 +379,7 @@ static bool detect_sev(void) { - * specific CPUID checks. - */ - if (!(eax & EAX_SEV)) -- return detect_hyperv_sev(); -+ return detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_SNP); - - msrval = msr(MSR_AMD64_SEV); - -@@ -403,6 +403,9 @@ static bool detect_tdx(void) { - if (memcmp(sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0) - return true; - -+ if (detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_TDX)) -+ return true; -+ - return false; - } - #endif /* ! __i386__ && ! __x86_64__ */ -diff --git a/src/fundamental/confidential-virt-fundamental.h b/src/fundamental/confidential-virt-fundamental.h -index 986923e1c2..618b5800ea 100644 ---- a/src/fundamental/confidential-virt-fundamental.h -+++ b/src/fundamental/confidential-virt-fundamental.h -@@ -65,6 +65,7 @@ - - #define CPUID_HYPERV_ISOLATION_TYPE_MASK UINT32_C(0xf) - #define CPUID_HYPERV_ISOLATION_TYPE_SNP 2 -+#define CPUID_HYPERV_ISOLATION_TYPE_TDX 3 - - #define EAX_SEV (UINT32_C(1) << 1) - #define MSR_SEV (UINT64_C(1) << 0) diff --git a/0094-confidential-virt-split-caching-of-CVM-detection-int.patch b/0094-confidential-virt-split-caching-of-CVM-detection-int.patch deleted file mode 100644 index 7dafb36..0000000 --- a/0094-confidential-virt-split-caching-of-CVM-detection-int.patch +++ /dev/null @@ -1,76 +0,0 @@ -From d697ad145aa564aff3ac5cb9b6a63667ce2b391c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= -Date: Fri, 2 Aug 2024 16:26:00 +0100 -Subject: [PATCH] confidential-virt: split caching of CVM detection into - separate method -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We have different impls of detect_confidential_virtualization per -architecture. The detection is cached in the x86_64 impl, and as we -add support for more targets, we want to use caching for all. It thus -makes sense to split caching out into an architecture independent -method. - -Signed-off-by: Daniel P. Berrangé -(cherry picked from commit 1c4bd7adcc281af2a2dd40867f64f2ac54a43c7a) - -Related: RHEL-56144 ---- - src/basic/confidential-virt.c | 25 ++++++++++++++----------- - 1 file changed, 14 insertions(+), 11 deletions(-) - -diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c -index 8a88a3eb83..0e05ecffbf 100644 ---- a/src/basic/confidential-virt.c -+++ b/src/basic/confidential-virt.c -@@ -194,34 +194,37 @@ static bool detect_hypervisor(void) { - return is_hv; - } - --ConfidentialVirtualization detect_confidential_virtualization(void) { -- static thread_local ConfidentialVirtualization cached_found = _CONFIDENTIAL_VIRTUALIZATION_INVALID; -+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) { - char sig[13] = {}; -- ConfidentialVirtualization cv = CONFIDENTIAL_VIRTUALIZATION_NONE; -- -- if (cached_found >= 0) -- return cached_found; - - /* Skip everything on bare metal */ - if (detect_hypervisor()) { - cpuid_leaf(0, sig, true); - - if (memcmp(sig, CPUID_SIG_AMD, sizeof(sig)) == 0) -- cv = detect_sev(); -+ return detect_sev(); - else if (memcmp(sig, CPUID_SIG_INTEL, sizeof(sig)) == 0) -- cv = detect_tdx(); -+ return detect_tdx(); - } - -- cached_found = cv; -- return cv; -+ return CONFIDENTIAL_VIRTUALIZATION_NONE; - } - #else /* ! x86_64 */ --ConfidentialVirtualization detect_confidential_virtualization(void) { -+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) { - log_debug("No confidential virtualization detection on this architecture"); - return CONFIDENTIAL_VIRTUALIZATION_NONE; - } - #endif /* ! x86_64 */ - -+ConfidentialVirtualization detect_confidential_virtualization(void) { -+ static thread_local ConfidentialVirtualization cached_found = _CONFIDENTIAL_VIRTUALIZATION_INVALID; -+ -+ if (cached_found == _CONFIDENTIAL_VIRTUALIZATION_INVALID) -+ cached_found = detect_confidential_virtualization_impl(); -+ -+ return cached_found; -+} -+ - static const char *const confidential_virtualization_table[_CONFIDENTIAL_VIRTUALIZATION_MAX] = { - [CONFIDENTIAL_VIRTUALIZATION_NONE] = "none", - [CONFIDENTIAL_VIRTUALIZATION_SEV] = "sev", diff --git a/0095-confidential-virt-add-detection-for-s390x-target.patch b/0095-confidential-virt-add-detection-for-s390x-target.patch deleted file mode 100644 index bd6a577..0000000 --- a/0095-confidential-virt-add-detection-for-s390x-target.patch +++ /dev/null @@ -1,90 +0,0 @@ -From a9da2854f199bb3729b29ea4175858067313659e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= -Date: Fri, 2 Aug 2024 11:03:10 +0100 -Subject: [PATCH] confidential-virt: add detection for s390x target -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The s390x platform provides confidential VMs using the "Secure Execution" -technology, which is also referred to as "Protected Virtualization" or -just "prot virt" in Linux / QEMU. - -This can be detected through a simple sysfs attribute. - -Signed-off-by: Daniel P. Berrangé -(cherry picked from commit 6c35e0a51cc6a852ce239ea46cd75c133212a68e) - -Resolves: RHEL-56144 ---- - src/basic/confidential-virt.c | 30 +++++++++++++++++++++++++----- - src/basic/confidential-virt.h | 1 + - 2 files changed, 26 insertions(+), 5 deletions(-) - -diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c -index 0e05ecffbf..c246636c7c 100644 ---- a/src/basic/confidential-virt.c -+++ b/src/basic/confidential-virt.c -@@ -11,6 +11,7 @@ - #include "confidential-virt-fundamental.h" - #include "confidential-virt.h" - #include "fd-util.h" -+#include "fileio.h" - #include "missing_threads.h" - #include "string-table.h" - #include "utf8.h" -@@ -209,6 +210,24 @@ static ConfidentialVirtualization detect_confidential_virtualization_impl(void) - - return CONFIDENTIAL_VIRTUALIZATION_NONE; - } -+#elif defined(__s390x__) -+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) { -+ _cleanup_free_ char *s = NULL; -+ size_t readsize; -+ int r; -+ -+ r = read_full_virtual_file("/sys/firmware/uv/prot_virt_guest", &s, &readsize); -+ if (r < 0) { -+ log_debug_errno(r, "Unable to read /sys/firmware/uv/prot_virt_guest: %m"); -+ return CONFIDENTIAL_VIRTUALIZATION_NONE; -+ } -+ -+ if (readsize >= 1 && s[0] == '1') -+ return CONFIDENTIAL_VIRTUALIZATION_PROTVIRT; -+ -+ return CONFIDENTIAL_VIRTUALIZATION_NONE; -+} -+ - #else /* ! x86_64 */ - static ConfidentialVirtualization detect_confidential_virtualization_impl(void) { - log_debug("No confidential virtualization detection on this architecture"); -@@ -226,11 +245,12 @@ ConfidentialVirtualization detect_confidential_virtualization(void) { - } - - static const char *const confidential_virtualization_table[_CONFIDENTIAL_VIRTUALIZATION_MAX] = { -- [CONFIDENTIAL_VIRTUALIZATION_NONE] = "none", -- [CONFIDENTIAL_VIRTUALIZATION_SEV] = "sev", -- [CONFIDENTIAL_VIRTUALIZATION_SEV_ES] = "sev-es", -- [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP] = "sev-snp", -- [CONFIDENTIAL_VIRTUALIZATION_TDX] = "tdx", -+ [CONFIDENTIAL_VIRTUALIZATION_NONE] = "none", -+ [CONFIDENTIAL_VIRTUALIZATION_SEV] = "sev", -+ [CONFIDENTIAL_VIRTUALIZATION_SEV_ES] = "sev-es", -+ [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP] = "sev-snp", -+ [CONFIDENTIAL_VIRTUALIZATION_TDX] = "tdx", -+ [CONFIDENTIAL_VIRTUALIZATION_PROTVIRT] = "protvirt", - }; - - DEFINE_STRING_TABLE_LOOKUP(confidential_virtualization, ConfidentialVirtualization); -diff --git a/src/basic/confidential-virt.h b/src/basic/confidential-virt.h -index c02f3b2321..f92e3e883d 100644 ---- a/src/basic/confidential-virt.h -+++ b/src/basic/confidential-virt.h -@@ -13,6 +13,7 @@ typedef enum ConfidentialVirtualization { - CONFIDENTIAL_VIRTUALIZATION_SEV_ES, - CONFIDENTIAL_VIRTUALIZATION_SEV_SNP, - CONFIDENTIAL_VIRTUALIZATION_TDX, -+ CONFIDENTIAL_VIRTUALIZATION_PROTVIRT, - - _CONFIDENTIAL_VIRTUALIZATION_MAX, - _CONFIDENTIAL_VIRTUALIZATION_INVALID = -EINVAL, diff --git a/0096-man-systemd-detect-virt-fix-row-spanning-for-VM-head.patch b/0096-man-systemd-detect-virt-fix-row-spanning-for-VM-head.patch deleted file mode 100644 index 06fdc49..0000000 --- a/0096-man-systemd-detect-virt-fix-row-spanning-for-VM-head.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 776706c0b675a52ea83d1790e3598253592dd6a6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= -Date: Fri, 2 Aug 2024 13:07:13 +0100 -Subject: [PATCH] man/systemd-detect-virt: fix row spanning for VM header -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This fixes - - commit 9b0688f491674b53ef7a52bdf561a430c53673d6 - Author: Yu Watanabe - Date: Tue Jan 9 10:52:49 2024 +0900 - - virt: add Google Compute Engine support - -Signed-off-by: Daniel P. Berrangé -(cherry picked from commit 9ffdfc67c6aedcb66c2b18c2c61bc32e585e6d6e) - -Related: RHEL-56144 ---- - man/systemd-detect-virt.xml | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml -index 2239294145..6b49e3a519 100644 ---- a/man/systemd-detect-virt.xml -+++ b/man/systemd-detect-virt.xml -@@ -62,7 +62,7 @@ - - - -- VM -+ VM - qemu - QEMU software virtualization, without KVM - diff --git a/0097-man-systemd-detect-virt-list-known-CVM-technologies.patch b/0097-man-systemd-detect-virt-list-known-CVM-technologies.patch deleted file mode 100644 index 092c06e..0000000 --- a/0097-man-systemd-detect-virt-list-known-CVM-technologies.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 390217689905f0e12f080ddf8bd4fdefefcd38df Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= -Date: Fri, 2 Aug 2024 13:17:56 +0100 -Subject: [PATCH] man/systemd-detect-virt: list known CVM technologies -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Add a section which lists the known confidential virtual machine -technologies. - -Signed-off-by: Daniel P. Berrangé -(cherry picked from commit a8fb5d21fd6127a6d05757c793cc9ba47f65c893) - -Related: RHEL-56144 ---- - man/systemd-detect-virt.xml | 44 +++++++++++++++++++++++++++++++++++++ - 1 file changed, 44 insertions(+) - -diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml -index 6b49e3a519..a4fcdfbc9d 100644 ---- a/man/systemd-detect-virt.xml -+++ b/man/systemd-detect-virt.xml -@@ -217,6 +217,50 @@ - WSL is categorized as a container for practical purposes. - Multiple WSL environments share the same kernel and services - should generally behave like when being run in a container. -+ -+ When executed with , instead of -+ printing the virtualization technology, it will display the -+ confidential virtual machine technology, if any. The -+ following technologies are currently identified: -+ -+ -+ Known confidential virtualization technologies -+ -+ -+ -+ -+ -+ Arch -+ ID -+ Technology -+ -+ -+ -+ -+ x86_64 -+ sev -+ AMD Secure Encrypted Virtualization -+ -+ -+ sev-es -+ AMD Secure Encrypted Virtualization - Encrypted State -+ -+ -+ sev-snp -+ AMD Secure Encrypted Virtualization - Secure Nested Paging -+ -+ -+ tdx -+ Intel Trust Domain Extensions -+ -+ -+ s390x -+ protvirt -+ IBM Protected Virtualization (Secure Execution) -+ -+ -+ -+
- - - diff --git a/0098-socket-fix-socket-activation-of-stopped-services-wit.patch b/0098-socket-fix-socket-activation-of-stopped-services-wit.patch deleted file mode 100644 index ddc86c5..0000000 --- a/0098-socket-fix-socket-activation-of-stopped-services-wit.patch +++ /dev/null @@ -1,53 +0,0 @@ -From e20fddc3c5769ad1babb24392500264de6db59b6 Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Tue, 30 Jul 2024 16:22:03 +0200 -Subject: [PATCH] socket: fix socket activation of stopped services with pinned - FD store - -(cherry picked from commit 941a12dcba57f6673230a9c413738c51374d2998) - -Resolves: RHEL-60896 ---- - src/core/socket.c | 4 ++-- - .../units/TEST-04-JOURNAL.stopped-socket-activation.sh | 10 ++++++++++ - 2 files changed, 12 insertions(+), 2 deletions(-) - create mode 100755 test/units/TEST-04-JOURNAL.stopped-socket-activation.sh - -diff --git a/src/core/socket.c b/src/core/socket.c -index 41147d4bf7..0694fe7aad 100644 ---- a/src/core/socket.c -+++ b/src/core/socket.c -@@ -2481,7 +2481,7 @@ static int socket_start(Unit *u) { - /* If the service is already active we cannot start the - * socket */ - if (!IN_SET(service->state, -- SERVICE_DEAD, SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_FAILED, SERVICE_FAILED_BEFORE_AUTO_RESTART, -+ SERVICE_DEAD, SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_DEAD_RESOURCES_PINNED, SERVICE_FAILED, SERVICE_FAILED_BEFORE_AUTO_RESTART, - SERVICE_AUTO_RESTART, SERVICE_AUTO_RESTART_QUEUED)) - return log_unit_error_errno(u, SYNTHETIC_ERRNO(EBUSY), - "Socket service %s already active, refusing.", UNIT(service)->id); -@@ -3369,7 +3369,7 @@ static void socket_trigger_notify(Unit *u, Unit *other) { - return; - - if (IN_SET(SERVICE(other)->state, -- SERVICE_DEAD, SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_FAILED, SERVICE_FAILED_BEFORE_AUTO_RESTART, -+ SERVICE_DEAD, SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_DEAD_RESOURCES_PINNED, SERVICE_FAILED, SERVICE_FAILED_BEFORE_AUTO_RESTART, - SERVICE_FINAL_SIGTERM, SERVICE_FINAL_SIGKILL, - SERVICE_AUTO_RESTART, SERVICE_AUTO_RESTART_QUEUED)) - socket_enter_listening(s); -diff --git a/test/units/TEST-04-JOURNAL.stopped-socket-activation.sh b/test/units/TEST-04-JOURNAL.stopped-socket-activation.sh -new file mode 100755 -index 0000000000..083f5fa055 ---- /dev/null -+++ b/test/units/TEST-04-JOURNAL.stopped-socket-activation.sh -@@ -0,0 +1,10 @@ -+#!/usr/bin/env bash -+# SPDX-License-Identifier: LGPL-2.1-or-later -+set -eux -+set -o pipefail -+ -+systemctl stop systemd-journald.service -+systemd-cat date -+ -+# shellcheck disable=SC2016 -+timeout 30 bash -xec 'until test "$(systemctl show -p SubState --value systemd-journald.service)" = "running"; do sleep 1; done' diff --git a/sources b/sources index bc2cd5b..10b97c7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256.tar.gz) = cfb2bff8d9937245e65581253bba9278533b76ae0f0275fdad59471d8c6089bba2bcd3f0655b34f4b8d7d82fa037c4e6fe18c2227e9f93d62494a2a6cb2db4ec +SHA512 (systemd-257.tar.gz) = b8cd23ed1a5dff1894f33a831413f9805b2b7bafe93046f163aa4c1c8b929365785d0c04a4c758823624a7536d2a47c8fafae659dd41d4440ddace3d88bb1ff7 diff --git a/systemd.spec b/systemd.spec index 4990d18..8e3cfee 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,8 +47,8 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256} -Release: 18%{?dist} +Version: %{?version_override}%{!?version_override:257} +Release: 1%{?dist} %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -109,104 +109,39 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # applying upstream pull requests. # RHEL-specific -Patch0001: 0001-Create-CNAME.patch -Patch0002: 0002-man-systemd-reorder-content-a-bit.patch -Patch0003: 0003-hostnamed-don-t-allow-hostnamed-to-exit-on-idle-if-v.patch -Patch0004: 0004-sd-dhcp-server-clear-buffer-before-receive.patch -Patch0005: 0005-rules-Limit-the-number-of-device-units-generated-for.patch -Patch0006: 0006-strbuf-use-GREEDY_REALLOC-to-grow-the-buffer.patch -Patch0007: 0007-tpm2-setup-Don-t-fail-if-we-can-t-access-the-TPM-due.patch -Patch0008: 0008-resolved-permit-dnssec-rrtype-questions-when-we-aren.patch -Patch0009: 0009-repart-Use-crypt_reencrypt_run-if-available.patch -Patch0010: 0010-test-dump-a-simple-summary-at-the-end-of-TEST-02-UNI.patch -Patch0011: 0011-repart-Use-CRYPT_ACTIVATE_PRIVATE.patch -Patch0012: 0012-NEWS-note-that-new-stable-releases-will-be-in-the-ma.patch -Patch0013: 0013-shell-completion-only-offer-devices-for-completion.patch -Patch0014: 0014-CODING_STYLE-document-reterr_-return-parameters.patch -Patch0015: 0015-analyze-show-pcrs-also-in-sha384-bank.patch -Patch0016: 0016-fundamental-declare-flex-array-updated-for-gcc15-and.patch -Patch0017: 0017-man-add-a-bit-of-a-warning-to-systemd-tmpfiles-purge.patch -Patch0018: 0018-man-units-drop-temporary-from-description-of-systemd.patch -Patch0019: 0019-mkosi-enable-unprivileged-user-ns-for-integration-te.patch -Patch0020: 0020-mkosi-use-ports.ubuntu.com-for-non-x86-backports.patch -Patch0021: 0021-mkosi-install-EFI-packages-only-on-EFI-architectures.patch -Patch0022: 0022-test-check-the-skip-condition-before-installing-addi.patch -Patch0023: 0023-test-drop-unneeded-firmware-uefi-setting.patch -Patch0024: 0024-test-drop-obsolete-comment.patch -Patch0025: 0025-test-support-TEST_NO_KVM.patch -Patch0026: 0026-test-support-TEST_NO_QEMU-in-mkosi-integration-wrapp.patch -Patch0027: 0027-test-use-auto-instead-of-uefi-for-automated-fallback.patch -Patch0028: 0028-core-service-fix-accept-socket-deserialization.patch -Patch0029: 0029-test-network-mention-that-the-captive-portal-option-.patch -Patch0030: 0030-CI-disable-secure-boot-in-mkosi-GHA-runs.patch -Patch0031: 0031-mkosi-bump-to-latest.patch -Patch0032: 0032-NEWS-fix-typo.patch -Patch0033: 0033-install-allow-removing-symlinks-even-for-units-that-.patch -Patch0034: 0034-tmpfiles-honour-dry-run-when-removing-directories.patch -Patch0035: 0035-tmpfiles-insist-on-at-least-one-configuration-file-b.patch -Patch0036: 0036-tmpfiles-move-purge-to-command-section-in-help-text-.patch -Patch0037: 0037-mkosi-restrict-noble-backports-to-noble-builds.patch -Patch0038: 0038-repart-fix-memory-leak.patch -Patch0039: 0039-logs-show-do-not-use-_SOURCE_MONOTONIC_TIMESTAMP-fie.patch -Patch0040: 0040-ci-update-workflows-to-run-on-source-git-setup.patch -Patch0041: 0041-ci-setup-source-git-automation.patch -Patch0042: 0042-ci-deploy-systemd-man-to-GitHub-Pages.patch -Patch0043: 0043-ci-reconfigure-Packit-for-RHEL-10.patch -Patch0044: 0044-ci-allow-to-pass-parameters-together-with-rhel-only-.patch -Patch0045: 0045-journal-again-create-user-journals-for-users-with-hi.patch -Patch0046: 0046-tmpfiles-make-purge-hard-to-mis-use.patch -Patch0047: 0047-fedora-use-system-auth-in-pam-systemd-user.patch -Patch0048: 0048-net-naming-scheme-start-rhel10-naming-and-include-rh.patch -Patch0049: 0049-rules-copy-40-redhat.rules-from-RHEL-9.patch -Patch0050: 0050-logind-set-RemoveIPC-to-false-by-default.patch -Patch0051: 0051-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch -Patch0052: 0052-rc-local-order-after-network-online.target.patch -Patch0053: 0053-random-util-increase-random-seed-size-to-1024.patch -Patch0054: 0054-journal-don-t-enable-systemd-journald-audit.socket-b.patch -Patch0055: 0055-journald.conf-don-t-touch-current-audit-settings.patch -Patch0056: 0056-rules-add-elevator-kernel-command-line-parameter.patch -Patch0057: 0057-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch -Patch0058: 0058-udev-net-setup-link-change-the-default-MACAddressPol.patch -Patch0059: 0059-core-decrease-log-level-of-messages-about-use-of-Kil.patch -Patch0060: 0060-meson-rename-libbasic-to-libbasic_static.patch -Patch0061: 0061-meson-build-libsystemd-core-via-an-intermediate-stat.patch -Patch0062: 0062-meson-add-option-to-build-systemd-executor-staticall.patch -Patch0063: 0063-taint-remove-unmerged-bin.patch -Patch0064: 0064-presets-remove-resolved.patch -Patch0065: 0065-doc-add-downstream-CONTRIBUTING-document.patch -Patch0066: 0066-ci-allow-policy-as-rhel-only-keyword.patch -Patch0067: 0067-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch -Patch0068: 0068-taint-remove-unused-variable-usr_sbin.patch -Patch0069: 0069-packit-drop-the-libarchive-workaround.patch -Patch0070: 0070-packit-drop-the-dependency-on-python3-zstd.patch -Patch0071: 0071-coredump-by-default-process-and-store-core-files-up-.patch -Patch0072: 0072-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch -Patch0073: 0073-unit-don-t-add-Requires-for-tmp.mount.patch -Patch0074: 0074-units-add-Install-section-to-tmp.mount.patch -Patch0075: 0075-units-don-t-enable-tmp.mount-statically-in-local-fs..patch -Patch0076: 0076-netif-naming-scheme-add-rhel-9.5-scheme.patch -Patch0077: 0077-udev-builtin-net_id-use-firmware_node-sun-for-ID_NET.patch -Patch0078: 0078-man-net-naming-scheme-add-missing-period.patch -Patch0079: 0079-Revert-packit-drop-the-dependency-on-python3-zstd.patch -Patch0080: 0080-systemctl-do-not-try-to-acquire-triggering-units-for.patch -Patch0081: 0081-core-unit-add-one-assertion-for-u-manager.patch -Patch0082: 0082-core-service-destroy-runtime-data-when-Type-oneshot-.patch -Patch0083: 0083-cgroup-util-Ignore-kernel-threads-in-cg_kill_items.patch -Patch0084: 0084-cgroup-util-Don-t-try-to-open-pidfd-for-kernel-threa.patch -Patch0085: 0085-cgroup-util-fix-typo.patch -Patch0086: 0086-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch -Patch0087: 0087-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch -Patch0088: 0088-net-naming-scheme-remove-NAMING_FIRMWARE_NODE_SUN-fr.patch -Patch0089: 0089-Revert-cgroup-util-Don-t-try-to-open-pidfd-for-kerne.patch -Patch0090: 0090-ukify-Skip-test-on-architectures-without-UEFI.patch -Patch0091: 0091-ci-rename-beta-branch-to-match-dist-git-name.patch -Patch0092: 0092-udev-Handle-PTP-device-symlink-properly-on-udev-acti.patch -Patch0093: 0093-Fix-detection-of-TDX-confidential-VM-on-Azure-platfo.patch -Patch0094: 0094-confidential-virt-split-caching-of-CVM-detection-int.patch -Patch0095: 0095-confidential-virt-add-detection-for-s390x-target.patch -Patch0096: 0096-man-systemd-detect-virt-fix-row-spanning-for-VM-head.patch -Patch0097: 0097-man-systemd-detect-virt-list-known-CVM-technologies.patch -Patch0098: 0098-socket-fix-socket-activation-of-stopped-services-wit.patch +Patch0001: 0001-ci-update-workflows-to-run-on-source-git-setup.patch +Patch0002: 0002-ci-setup-source-git-automation.patch +Patch0003: 0003-ci-reconfigure-Packit-for-RHEL-10.patch +Patch0004: 0004-journal-again-create-user-journals-for-users-with-hi.patch +Patch0005: 0005-tmpfiles-make-purge-hard-to-mis-use.patch +Patch0006: 0006-fedora-use-system-auth-in-pam-systemd-user.patch +Patch0007: 0007-net-naming-scheme-start-rhel10-naming-and-include-rh.patch +Patch0008: 0008-rules-copy-40-redhat.rules-from-RHEL-9.patch +Patch0009: 0009-logind-set-RemoveIPC-to-false-by-default.patch +Patch0010: 0010-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch +Patch0011: 0011-rc-local-order-after-network-online.target.patch +Patch0012: 0012-random-util-increase-random-seed-size-to-1024.patch +Patch0013: 0013-journal-don-t-enable-systemd-journald-audit.socket-b.patch +Patch0014: 0014-journald.conf-don-t-touch-current-audit-settings.patch +Patch0015: 0015-rules-add-elevator-kernel-command-line-parameter.patch +Patch0016: 0016-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch +Patch0017: 0017-udev-net-setup-link-change-the-default-MACAddressPol.patch +Patch0018: 0018-core-decrease-log-level-of-messages-about-use-of-Kil.patch +Patch0019: 0019-taint-remove-unmerged-bin.patch +Patch0020: 0020-presets-remove-resolved.patch +Patch0021: 0021-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch +Patch0022: 0022-taint-remove-unused-variable-usr_sbin.patch +Patch0023: 0023-packit-drop-the-libarchive-workaround.patch +Patch0024: 0024-coredump-by-default-process-and-store-core-files-up-.patch +Patch0025: 0025-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch +Patch0026: 0026-unit-don-t-add-Requires-for-tmp.mount.patch +Patch0027: 0027-units-add-Install-section-to-tmp.mount.patch +Patch0028: 0028-units-don-t-enable-tmp.mount-statically-in-local-fs..patch +Patch0029: 0029-netif-naming-scheme-add-rhel-9.5-scheme.patch +Patch0030: 0030-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch +Patch0031: 0031-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch +Patch0032: 0032-netif-naming-scheme-introduce-rhel-10.0-scheme.patch +Patch0033: 0033-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch # Downstream-only patches (9000–9999) @@ -1137,6 +1072,10 @@ rm -f .file-list-* rm -f %{name}.lang %changelog +* Tue Dec 17 2024 Jan Macku - 257-1 +- Rebase to new upstream release v257 (RHEL-71409) +- netif-naming-scheme: introduce rhel-10.0 scheme (RHEL-44417) + * Tue Nov 19 2024 systemd maintenance team - 256-18 - add %%pre sysuser scriptlet for resolved subpackage (RHEL-50564)