diff --git a/0002-Revert-units-set-NoNewPrivileges-for-all-long-runnin.patch b/0002-Revert-units-set-NoNewPrivileges-for-all-long-runnin.patch index 39c2f50..09a153a 100644 --- a/0002-Revert-units-set-NoNewPrivileges-for-all-long-runnin.patch +++ b/0002-Revert-units-set-NoNewPrivileges-for-all-long-runnin.patch @@ -1,4 +1,4 @@ -From 224a4eaf6701431af907179e313138213b60ce6c Mon Sep 17 00:00:00 2001 +From 69860269011435e30e45713e44ba5adeaea8b546 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 3 Apr 2019 10:56:14 +0200 Subject: [PATCH] Revert "units: set NoNewPrivileges= for all long-running @@ -22,7 +22,7 @@ This reverts commit 64d7f7b4a15f1534fb19fda6b601fec50783bee4. 13 files changed, 13 deletions(-) diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in -index afb2ab9d17..5babc11e4c 100644 +index 951faa62a1..c3997d17d0 100644 --- a/units/systemd-coredump@.service.in +++ b/units/systemd-coredump@.service.in @@ -22,7 +22,6 @@ IPAddressDeny=any @@ -34,7 +34,7 @@ index afb2ab9d17..5babc11e4c 100644 PrivateDevices=yes PrivateNetwork=yes diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in -index b4f606cf78..f7977e1504 100644 +index 1365d749ca..c0d4b02418 100644 --- a/units/systemd-hostnamed.service.in +++ b/units/systemd-hostnamed.service.in @@ -19,7 +19,6 @@ ExecStart=@rootlibexecdir@/systemd-hostnamed @@ -57,7 +57,7 @@ index c276283908..f48d673d58 100644 NotifyAccess=all SystemCallArchitectures=native diff --git a/units/systemd-journal-remote.service.in b/units/systemd-journal-remote.service.in -index dd6322e62c..c867aca104 100644 +index 6181d15d77..11f7aefcce 100644 --- a/units/systemd-journal-remote.service.in +++ b/units/systemd-journal-remote.service.in @@ -17,7 +17,6 @@ ExecStart=@rootlibexecdir@/systemd-journal-remote --listen-https=-3 --output=/va @@ -69,10 +69,10 @@ index dd6322e62c..c867aca104 100644 PrivateNetwork=yes PrivateTmp=yes diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in -index fab405502a..308622e9b3 100644 +index 303d5a4826..f0eb094cf4 100644 --- a/units/systemd-journald.service.in +++ b/units/systemd-journald.service.in -@@ -22,7 +22,6 @@ FileDescriptorStoreMax=4224 +@@ -24,7 +24,6 @@ FileDescriptorStoreMax=4224 IPAddressDeny=any LockPersonality=yes MemoryDenyWriteExecute=yes @@ -81,7 +81,7 @@ index fab405502a..308622e9b3 100644 RestartSec=0 RestrictAddressFamilies=AF_UNIX AF_NETLINK diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in -index 7bca34409a..05fb4f0c80 100644 +index 10ecff5184..f1578bd626 100644 --- a/units/systemd-localed.service.in +++ b/units/systemd-localed.service.in @@ -19,7 +19,6 @@ ExecStart=@rootlibexecdir@/systemd-localed @@ -93,10 +93,10 @@ index 7bca34409a..05fb4f0c80 100644 PrivateNetwork=yes PrivateTmp=yes diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in -index 3eef95c661..53af530aea 100644 +index ccbe631586..81fbee6fb6 100644 --- a/units/systemd-logind.service.in +++ b/units/systemd-logind.service.in -@@ -27,7 +27,6 @@ FileDescriptorStoreMax=512 +@@ -35,7 +35,6 @@ FileDescriptorStoreMax=512 IPAddressDeny=any LockPersonality=yes MemoryDenyWriteExecute=yes @@ -105,7 +105,7 @@ index 3eef95c661..53af530aea 100644 ProtectControlGroups=yes ProtectHome=yes diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in -index d6deefea08..092abc128f 100644 +index fa344d487d..b8ca60ddcc 100644 --- a/units/systemd-machined.service.in +++ b/units/systemd-machined.service.in @@ -22,7 +22,6 @@ ExecStart=@rootlibexecdir@/systemd-machined @@ -114,13 +114,13 @@ index d6deefea08..092abc128f 100644 MemoryDenyWriteExecute=yes -NoNewPrivileges=yes ProtectHostname=yes + ProtectKernelLogs=yes RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 - RestrictRealtime=yes diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in -index 2c74da6f1e..eaabcb9941 100644 +index 01931665a4..0531fcbf12 100644 --- a/units/systemd-networkd.service.in +++ b/units/systemd-networkd.service.in -@@ -24,7 +24,6 @@ CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_N +@@ -25,7 +25,6 @@ DeviceAllow=char-* rw ExecStart=!!@rootlibexecdir@/systemd-networkd LockPersonality=yes MemoryDenyWriteExecute=yes @@ -129,7 +129,7 @@ index 2c74da6f1e..eaabcb9941 100644 ProtectHome=yes ProtectKernelModules=yes diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in -index eee5d5ea8f..a8f442ef6f 100644 +index f73697832c..4b8aa68f07 100644 --- a/units/systemd-resolved.service.in +++ b/units/systemd-resolved.service.in @@ -25,7 +25,6 @@ CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE @@ -153,10 +153,10 @@ index 3abb958310..7447ed5b5b 100644 TimeoutSec=30s Type=notify diff --git a/units/systemd-timedated.service.in b/units/systemd-timedated.service.in -index df546f471f..4d50999a22 100644 +index 87859f4aef..337067244e 100644 --- a/units/systemd-timedated.service.in +++ b/units/systemd-timedated.service.in -@@ -19,7 +19,6 @@ ExecStart=@rootlibexecdir@/systemd-timedated +@@ -20,7 +20,6 @@ ExecStart=@rootlibexecdir@/systemd-timedated IPAddressDeny=any LockPersonality=yes MemoryDenyWriteExecute=yes @@ -165,7 +165,7 @@ index df546f471f..4d50999a22 100644 ProtectControlGroups=yes ProtectHome=yes diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in -index 6512531e1c..2b2e1d73d2 100644 +index f0486a70ab..bb1ce55977 100644 --- a/units/systemd-timesyncd.service.in +++ b/units/systemd-timesyncd.service.in @@ -24,7 +24,6 @@ CapabilityBoundingSet=CAP_SYS_TIME diff --git a/464a73411c13596a130a7a8f0ac00ca728e5f69e.patch b/464a73411c13596a130a7a8f0ac00ca728e5f69e.patch index 4de01c4..5714b53 100644 --- a/464a73411c13596a130a7a8f0ac00ca728e5f69e.patch +++ b/464a73411c13596a130a7a8f0ac00ca728e5f69e.patch @@ -15,21 +15,21 @@ See the bug for more discussion and links. 2 files changed, 6 insertions(+) create mode 100644 rules/60-block-scheduler.rules -diff --git a/rules/60-block-scheduler.rules b/rules/60-block-scheduler.rules +diff --git a/rules.d/60-block-scheduler.rules b/rules.d/60-block-scheduler.rules new file mode 100644 index 00000000000..480b941761f --- /dev/null -+++ b/rules/60-block-scheduler.rules ++++ b/rules.d/60-block-scheduler.rules @@ -0,0 +1,5 @@ +# do not edit this file, it will be overwritten on update + +ACTION=="add", SUBSYSTEM=="block", \ + KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \ + ATTR{queue/scheduler}="bfq" -diff --git a/rules/meson.build b/rules/meson.build +diff --git a/rules.d/meson.build b/rules.d/meson.build index b6a32ba77e2..1da958b4d46 100644 ---- a/rules/meson.build -+++ b/rules/meson.build +--- a/rules.d/meson.build ++++ b/rules.d/meson.build @@ -2,6 +2,7 @@ rules = files(''' diff --git a/sources b/sources index 8de697a..bd572d1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-243.4.tar.gz) = f121e4ea0c65050e3cd2dcbb3d3e8aa24f728548976ba72d6da26c61fb80c4352f1ba259be4310081acde901c13b1e812cf7df4d84d6cd2bd3c4f8acf72300fb +SHA512 (systemd-244-rc1.tar.gz) = 1b61c0d3fc908c747f2cdad1a14790a100df75d99b44b54bcdde1857426b53b87ef9449b298dbeacb857081f742738a2413506dba22e8fc7f0fc191ac0e3c67e diff --git a/systemd.spec b/systemd.spec index 4db4312..cd86558 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,7 +1,7 @@ #global commit ef677436aa203c24816021dd698b57f219f0ff64 %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} -%global stable 1 +#global stable 0 # We ship a .pc file but don't want to have a dep on pkg-config. We # strip the automatically generated dep here and instead co-own the @@ -14,7 +14,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd -Version: 243.4 +Version: 244~rc1 Release: 1%{?commit:.git%{shortcommit}}%{?dist} # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ @@ -26,7 +26,7 @@ Summary: System and Service Manager %if %{defined commit} Source0: https://github.com/systemd/systemd%{?stable:-stable}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz %else -%if 0%{stable} +%if 0%{?stable} Source0: https://github.com/systemd/systemd-stable/archive/v%{github_version}/%{name}-%{github_version}.tar.gz %else Source0: https://github.com/systemd/systemd/archive/v%{github_version}/%{name}-%{github_version}.tar.gz @@ -300,6 +300,7 @@ CONFIGURE_OPTS=( -Dsysvinit-path=/etc/rc.d/init.d -Drc-local=/etc/rc.d/rc.local -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org' + -Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin -Ddev-kvm-mode=0666 -Dkmod=true -Dxkbcommon=true @@ -706,6 +707,15 @@ fi %files tests -f .file-list-tests %changelog +* Fri Nov 22 2019 Zbigniew Jędrzejewski-Szmek - 244~rc1-1 +- Update to latest pre-release version, + see https://github.com/systemd/systemd/blob/master/NEWS#L3. + Biggest items: cgroups v2 cpuset controller, fido_id builtin in udev, + systemd-networkd does not create a default route for link local addressing, + systemd-networkd supports dynamic reconfiguration and a bunch of new settings. + Network files support matching on WLAN SSID and BSSID. +- Better error messages when preset/enable/disable are used with a glob (#1763488) + * Tue Nov 19 2019 Zbigniew Jędrzejewski-Szmek - 243.4 - Latest bugfix release. Systemd-stable snapshots will now be numbered. - Fix broken PrivateDevices filter on big-endian, s390x in particular (#1769148)