Rebase to current fedora specfile

Related: RHEL-40924
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2024-01-29 11:23:07 +01:00 committed by Lukas Nykryn
parent 76bcdb2924
commit c560bc2e3a
7 changed files with 501 additions and 140 deletions

View File

@ -0,0 +1,217 @@
From c93a24119977a11791aab0f3df5e5cb9973a34de Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 11 May 2024 13:27:12 +0200
Subject: [PATCH] Revert "machined: add varlink interface for registering
machines"
This reverts commit 5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91.
---
man/systemd-machined.service.xml | 6 +--
src/machine/machine-varlink.h | 6 ---
src/machine/machined-varlink.c | 62 ++-----------------------
src/machine/machined.c | 5 +-
src/machine/machined.h | 3 +-
src/machine/meson.build | 1 -
src/shared/meson.build | 1 -
src/shared/varlink-io.systemd.Machine.h | 6 ---
8 files changed, 8 insertions(+), 82 deletions(-)
delete mode 100644 src/machine/machine-varlink.h
delete mode 100644 src/shared/varlink-io.systemd.Machine.h
diff --git a/man/systemd-machined.service.xml b/man/systemd-machined.service.xml
index b2899ff0fd..f3d7755973 100644
--- a/man/systemd-machined.service.xml
+++ b/man/systemd-machined.service.xml
@@ -100,12 +100,10 @@
<para>The daemon provides both a C library interface
(which is shared with <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>)
- as well as a D-Bus interface and a Varlink interface.
+ as well as a D-Bus interface.
The library interface may be used to introspect and watch the state of virtual machines/containers.
The bus interface provides the same but in addition may also be used to register or terminate
- machines. The Varlink interface may be used to register machines with optional extensions, e.g. with an
- SSH key / address; it can be queried with
- <command>varlinkctl introspect /run/systemd/machine/io.systemd.Machine io.systemd.Machine</command>.
+ machines.
For more information please consult
<citerefentry><refentrytitle>sd-login</refentrytitle><manvolnum>3</manvolnum></citerefentry>
and
diff --git a/src/machine/machine-varlink.h b/src/machine/machine-varlink.h
deleted file mode 100644
index ce4ec54dc1..0000000000
--- a/src/machine/machine-varlink.h
+++ /dev/null
@@ -1,6 +0,0 @@
-/* SPDX-License-Identifier: LGPL-2.1-or-later */
-#pragma once
-
-#include "varlink.h"
-
-int vl_method_register(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata);
diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c
index 0d3ae627c1..6ca98e27cf 100644
--- a/src/machine/machined-varlink.c
+++ b/src/machine/machined-varlink.c
@@ -1,12 +1,10 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "format-util.h"
-#include "machine-varlink.h"
#include "machined-varlink.h"
#include "mkdir.h"
#include "user-util.h"
#include "varlink.h"
-#include "varlink-io.systemd.Machine.h"
#include "varlink-io.systemd.UserDatabase.h"
typedef struct LookupParameters {
@@ -380,13 +378,13 @@ static int vl_method_get_memberships(Varlink *link, JsonVariant *parameters, Var
return varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL);
}
-static int manager_varlink_init_userdb(Manager *m) {
+int manager_varlink_init(Manager *m) {
_cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL;
int r;
assert(m);
- if (m->varlink_userdb_server)
+ if (m->varlink_server)
return 0;
r = varlink_server_new(&s, VARLINK_SERVER_ACCOUNT_UID|VARLINK_SERVER_INHERIT_USERDATA);
@@ -417,64 +415,12 @@ static int manager_varlink_init_userdb(Manager *m) {
if (r < 0)
return log_error_errno(r, "Failed to attach varlink connection to event loop: %m");
- m->varlink_userdb_server = TAKE_PTR(s);
- return 0;
-}
-
-static int manager_varlink_init_machine(Manager *m) {
- _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL;
- int r;
-
- assert(m);
-
- if (m->varlink_machine_server)
- return 0;
-
- r = varlink_server_new(&s, VARLINK_SERVER_ROOT_ONLY|VARLINK_SERVER_INHERIT_USERDATA);
- if (r < 0)
- return log_error_errno(r, "Failed to allocate varlink server object: %m");
-
- varlink_server_set_userdata(s, m);
-
- r = varlink_server_add_interface(s, &vl_interface_io_systemd_Machine);
- if (r < 0)
- return log_error_errno(r, "Failed to add UserDatabase interface to varlink server: %m");
-
- r = varlink_server_bind_method(s, "io.systemd.Machine.Register", vl_method_register);
- if (r < 0)
- return log_error_errno(r, "Failed to register varlink methods: %m");
-
- (void) mkdir_p("/run/systemd/machine", 0755);
-
- r = varlink_server_listen_address(s, "/run/systemd/machine/io.systemd.Machine", 0666);
- if (r < 0)
- return log_error_errno(r, "Failed to bind to varlink socket: %m");
-
- r = varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL);
- if (r < 0)
- return log_error_errno(r, "Failed to attach varlink connection to event loop: %m");
-
- m->varlink_machine_server = TAKE_PTR(s);
- return 0;
-}
-
-int manager_varlink_init(Manager *m) {
- int r;
-
- r = manager_varlink_init_userdb(m);
- if (r < 0)
- return r;
-
- r = manager_varlink_init_machine(m);
- if (r < 0)
- return r;
-
+ m->varlink_server = TAKE_PTR(s);
return 0;
}
void manager_varlink_done(Manager *m) {
assert(m);
- m->varlink_userdb_server = varlink_server_unref(m->varlink_userdb_server);
- m->varlink_machine_server = varlink_server_unref(m->varlink_machine_server);
+ m->varlink_server = varlink_server_unref(m->varlink_server);
}
diff --git a/src/machine/machined.c b/src/machine/machined.c
index d7087e4672..2638ed572e 100644
--- a/src/machine/machined.c
+++ b/src/machine/machined.c
@@ -316,10 +316,7 @@ static bool check_idle(void *userdata) {
if (m->operations)
return false;
- if (varlink_server_current_connections(m->varlink_userdb_server) > 0)
- return false;
-
- if (varlink_server_current_connections(m->varlink_machine_server) > 0)
+ if (varlink_server_current_connections(m->varlink_server) > 0)
return false;
manager_gc(m, true);
diff --git a/src/machine/machined.h b/src/machine/machined.h
index 67abed0fd6..280c32bab6 100644
--- a/src/machine/machined.h
+++ b/src/machine/machined.h
@@ -40,8 +40,7 @@ struct Manager {
sd_event_source *nscd_cache_flush_event;
#endif
- VarlinkServer *varlink_userdb_server;
- VarlinkServer *varlink_machine_server;
+ VarlinkServer *varlink_server;
};
int manager_add_machine(Manager *m, const char *name, Machine **_machine);
diff --git a/src/machine/meson.build b/src/machine/meson.build
index 3150b33de5..c82a32589d 100644
--- a/src/machine/meson.build
+++ b/src/machine/meson.build
@@ -3,7 +3,6 @@
libmachine_core_sources = files(
'image-dbus.c',
'machine-dbus.c',
- 'machine-varlink.c',
'machine.c',
'machined-core.c',
'machined-dbus.c',
diff --git a/src/shared/meson.build b/src/shared/meson.build
index d01367a159..17313aefed 100644
--- a/src/shared/meson.build
+++ b/src/shared/meson.build
@@ -180,7 +180,6 @@ shared_sources = files(
'varlink-io.systemd.Credentials.c',
'varlink-io.systemd.Hostname.c',
'varlink-io.systemd.Journal.c',
- 'varlink-io.systemd.Machine.c',
'varlink-io.systemd.ManagedOOM.c',
'varlink-io.systemd.MountFileSystem.c',
'varlink-io.systemd.NamespaceResource.c',
diff --git a/src/shared/varlink-io.systemd.Machine.h b/src/shared/varlink-io.systemd.Machine.h
deleted file mode 100644
index c9fc85f150..0000000000
--- a/src/shared/varlink-io.systemd.Machine.h
+++ /dev/null
@@ -1,6 +0,0 @@
-/* SPDX-License-Identifier: LGPL-2.1-or-later */
-#pragma once
-
-#include "varlink-idl.h"
-
-extern const VarlinkInterface vl_interface_io_systemd_Machine;

View File

@ -0,0 +1,63 @@
From f62d1f6ea55fc0dcccbe60582804c9b033f8ad0e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 18 Jun 2024 20:32:10 +0200
Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use
Follow-up for https://github.com/systemd/systemd/pull/33383.
---
src/tmpfiles/tmpfiles.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 5841db293e..9b0f744ba9 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -4195,6 +4195,7 @@ static int parse_argv(int argc, char *argv[]) {
ARG_IMAGE_POLICY,
ARG_REPLACE,
ARG_DRY_RUN,
+ ARG_DESTROY_DATA,
ARG_NO_PAGER,
};
@@ -4218,10 +4219,18 @@ static int parse_argv(int argc, char *argv[]) {
{ "replace", required_argument, NULL, ARG_REPLACE },
{ "dry-run", no_argument, NULL, ARG_DRY_RUN },
{ "no-pager", no_argument, NULL, ARG_NO_PAGER },
+
+ /* This is not documented on purpose.
+ * If you think --purge should be allowed without jumping through hoops,
+ * consider opening a bug report with the description of the use case.
+ */
+ { "destroy-data", no_argument, NULL, ARG_DESTROY_DATA },
+
{}
};
int c, r;
+ bool destroy_data = false;
assert(argc >= 0);
assert(argv);
@@ -4328,6 +4337,10 @@ static int parse_argv(int argc, char *argv[]) {
arg_dry_run = true;
break;
+ case ARG_DESTROY_DATA:
+ destroy_data = true;
+ break;
+
case ARG_NO_PAGER:
arg_pager_flags |= PAGER_DISABLE;
break;
@@ -4347,6 +4360,10 @@ static int parse_argv(int argc, char *argv[]) {
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Refusing --purge without specification of a configuration file.");
+ if (FLAGS_SET(arg_operation, OPERATION_PURGE) && !arg_dry_run && !destroy_data)
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+ "Refusing --purge without --destroy-data.");
+
if (arg_replace && arg_cat_flags != CAT_CONFIG_OFF)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Option --replace= is not supported with --cat-config/--tldr.");

View File

@ -1,4 +1,4 @@
From 07fd822c59e29b4f5e7dab029ea1186c1b862e3e Mon Sep 17 00:00:00 2001
From ca1344d04a9c1804234417dcfbd868524abc7ce6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 9 Jan 2024 11:28:04 +0100
Subject: [PATCH] journal: again create user journals for users with high uids
@ -39,13 +39,13 @@ revert the change to fix user systems.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843.
---
src/basic/uid-alloc-range.c | 2 +-
src/basic/uid-classification.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/basic/uid-alloc-range.c b/src/basic/uid-alloc-range.c
index 669cb6d56f7be..7b724b7959f60 100644
--- a/src/basic/uid-alloc-range.c
+++ b/src/basic/uid-alloc-range.c
diff --git a/src/basic/uid-classification.c b/src/basic/uid-classification.c
index e2d2cebc6d..2c8b06c0d3 100644
--- a/src/basic/uid-classification.c
+++ b/src/basic/uid-classification.c
@@ -127,5 +127,5 @@ bool uid_for_system_journal(uid_t uid) {
/* Returns true if the specified UID shall get its data stored in the system journal. */

View File

@ -7,7 +7,7 @@ and his [talk during ASG2019](https://www.youtube.com/watch?v=fVM1kJrymRM).
git clone https://github.com/systemd/systemd
fedpkg clone systemd fedora-systemd
cd systemd
rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with inplace ../fedora-systemd/systemd.spec
rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with upstream ../fedora-systemd/systemd.spec
sudo dnf upgrade --setopt install_weak_deps=False rpms/*/*.rpm
```

View File

@ -1 +1 @@
SHA512 (systemd-255.3.tar.gz) = c2868a53df2176649b0d0c94e5d451c46ba783bcdbc89ce12434ed2d11dba44b4854ffe4c2430f3f64eef2e214cbb51d5f740170afbd9edd66761a8851157453
SHA512 (systemd-256.1.tar.gz) = 5441f634f43b726c13fe57d1ba0030f1b91427d7c2d4f4f32e4add8ff93aeb5139e9337422653df3b897c241e0a8760dafcd441dc622d1e2c1230bbe27dd1a1c

View File

@ -1,4 +1,4 @@
#global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa
#global commit 1781de18ab8ebc3e42a607851d8effb3b0355c87
%{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})}
# We ship a .pc file but don't want to have a dep on pkg-config. We
@ -27,19 +27,27 @@
%bcond bootstrap 0
%bcond tests 1
%bcond lto 1
%bcond docs 1
# Support for quick builds with rpmbuild --build-in-place.
# See README.build-in-place.
%bcond inplace 0
# Build from git main
%bcond upstream 0
# When bootstrap, libcryptsetup is disabled
# but auto-features causes many options to be turned on
# that depend on libcryptsetup (e.g. libcryptsetup-plugins, homed)
%if %{with bootstrap}
%global __meson_auto_features disabled
%endif
# Override %%autorelease. This is ugly, but rpmautospec doesn't implement
# autorelease correctly if the macro is conditionalized in the Release field.
%{?release_override:%global autorelease %{release_override}%{?dist}}
Name: systemd
Url: https://systemd.io
%if %{without inplace}
Version: 255.3
%else
# determine the build information from local checkout
Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')
%endif
# Allow users to specify the version and release when building the rpm by
# setting the %%version_override and %%release_override macros.
Version: %{?version_override}%{!?version_override:256.1}
Release: %autorelease
%global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?)
@ -50,29 +58,26 @@ Summary: System and Service Manager
# download tarballs with "spectool -g systemd.spec"
%if %{defined commit}
Source0: https://github.com/systemd/systemd%{?stable:-stable}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
%else
%if 0%{?stable}
Source0: https://github.com/systemd/systemd-stable/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz
Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
%else
Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz
%endif
%endif
# This file must be available before %%prep.
# It is generated during systemd build and can be found in build/src/core/.
Source1: triggers.systemd
Source2: split-files.py
Source3: purge-nobody-user
Source4: test_sysusers_defined.py
# Prevent accidental removal of the systemd package
Source4: yum-protect-systemd.conf
Source5: yum-protect-systemd.conf
Source5: inittab
Source6: sysctl.conf.README
Source7: systemd-journal-remote.xml
Source8: systemd-journal-gatewayd.xml
Source9: 20-yama-ptrace.conf
Source10: systemd-udev-trigger-no-reload.conf
Source6: inittab
Source7: sysctl.conf.README
Source8: systemd-journal-remote.xml
Source9: systemd-journal-gatewayd.xml
Source10: 20-yama-ptrace.conf
Source11: systemd-udev-trigger-no-reload.conf
# https://fedoraproject.org/wiki/How_to_filter_libabigail_reports
Source13: .abignore
@ -100,11 +105,19 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[
# than in the next section. Packit CI will drop any patches in this range before
# applying upstream pull requests.
%if %{without upstream}
# Drop varlink method call until selinux policy is updated,
# see https://bodhi.fedoraproject.org/updates/FEDORA-2024-d5c99f5063,
# https://bugzilla.redhat.com/show_bug.cgi?id=2279923.
# Reverts https://github.com/systemd/systemd/commit/5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91.
Patch0001: 0001-Revert-machined-add-varlink-interface-for-registerin.patch
%if 0%{?fedora} < 41
# Work-around for dracut issue: run generators directly when we are in initrd
# https://bugzilla.redhat.com/show_bug.cgi?id=2164404
# Drop when dracut-060 is available.
Patch0001: https://github.com/systemd/systemd/pull/26494.patch
Patch0010: https://github.com/systemd/systemd/pull/26494.patch
%endif
# Those are downstream-only patches, but we don't want them in packit builds:
# https://bugzilla.redhat.com/show_bug.cgi?id=1738828
@ -112,10 +125,14 @@ Patch0490: use-bfq-scheduler.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2251843
Patch0491: https://github.com/systemd/systemd/pull/30846.patch
# Soft-disable tmpfiles --purge until a good use case comes up.
Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch
%endif
# Adjust upstream config to use our shared stack
Patch0499: fedora-use-system-auth-in-pam-systemd-user.patch
%ifarch %{ix86} x86_64 aarch64
%ifarch %{ix86} x86_64 aarch64 riscv64
%global want_bootloader 1
%endif
@ -134,9 +151,9 @@ BuildRequires: audit-libs-devel
BuildRequires: cryptsetup-devel
%endif
BuildRequires: dbus-devel
BuildRequires: /usr/sbin/sfdisk
BuildRequires: util-linux
# /usr/bin/getfacl is needed by test-acl-util
BuildRequires: /usr/bin/getfacl
BuildRequires: acl
BuildRequires: libacl-devel
BuildRequires: gobject-introspection-devel
BuildRequires: libblkid-devel
@ -168,14 +185,18 @@ BuildRequires: qrencode-devel
BuildRequires: libmicrohttpd-devel
BuildRequires: libxkbcommon-devel
BuildRequires: iptables-devel
BuildRequires: pkgconfig(bash-completion)
BuildRequires: pkgconfig(libarchive)
BuildRequires: pkgconfig(libfido2)
BuildRequires: pkgconfig(tss2-esys)
BuildRequires: pkgconfig(tss2-rc)
BuildRequires: pkgconfig(tss2-mu)
BuildRequires: pkgconfig(libbpf)
BuildRequires: systemtap-sdt-devel
%if %{with docs}
BuildRequires: libxslt
BuildRequires: docbook-style-xsl
%endif
BuildRequires: pkgconfig
BuildRequires: gperf
BuildRequires: gawk
@ -201,10 +222,9 @@ BuildRequires: libseccomp-devel
BuildRequires: meson >= 0.43
BuildRequires: gettext
# We use RUNNING_ON_VALGRIND in tests, so the headers need to be available
%ifarch %{valgrind_arches}
BuildRequires: valgrind-devel
BuildRequires: pkgconfig(bash-completion)
BuildRequires: perl
BuildRequires: perl(IPC::SysV)
%endif
%ifnarch %ix86
# bpftool is not built for i368
@ -248,13 +268,24 @@ Conflicts: initscripts < 9.56.1
%if 0%{?fedora}
Conflicts: fedora-release < 23-0.12
%endif
# Make sure that dracut supports systemd-executor and the renames done for v255
%if 0%{?fedora} >= 41
BuildRequires: setup >= 2.15.0-3
BuildRequires: python3
Conflicts: setup < 2.15.0-3
Conflicts: selinux-policy-any < 41.1
%endif
%if 0%{?fedora} >= 41
# Make sure that dracut supports systemd-executor and the renames done for v255,
# and dlopen libraries and read-only fs in initrd.
Conflicts: dracut < 060-2
%else
# Make sure that dracut supports systemd-executor and the renames done for v255.
Conflicts: dracut < 059-16
%endif
Obsoletes: timedatex < 0.6-3
Provides: timedatex = 0.6-3
Conflicts: %{name}-standalone-repart < %{version}-%{release}^
Provides: %{name}-repart = %{version}-%{release}
Conflicts: %{name}-standalone-tmpfiles < %{version}-%{release}^
Provides: %{name}-tmpfiles = %{version}-%{release}
Conflicts: %{name}-standalone-sysusers < %{version}-%{release}^
@ -262,6 +293,19 @@ Provides: %{name}-sysusers = %{version}-%{release}
Conflicts: %{name}-standalone-shutdown < %{version}-%{release}^
Provides: %{name}-shutdown = %{version}-%{release}
%if "%{_sbindir}" == "%{_bindir}"
# Compat symlinks for Requires in other packages.
# We rely on filesystem to create the symlinks for us.
Requires: filesystem(unmerged-sbin-symlinks)
Provides: /usr/sbin/halt
Provides: /usr/sbin/init
Provides: /usr/sbin/poweroff
Provides: /usr/sbin/reboot
Provides: /usr/sbin/runlevel
Provides: /usr/sbin/shutdown
Provides: /usr/sbin/telinit
%endif
# Recommends to replace normal Requires deps for stuff that is dlopen()ed
Recommends: libidn2.so.0%{?elf_suffix}
Recommends: libidn2.so.0(IDN2_0.0.0)%{?elf_bits}
@ -284,6 +328,17 @@ Recommends: libelf.so.1(ELFUTILS_1.7)%{?elf_bits}
Recommends: libcryptsetup.so.12%{?elf_suffix}
Recommends: libcryptsetup.so.12(CRYPTSETUP_2.4)%{?elf_bits}
# Libkmod is used to load modules.
Recommends: libkmod.so.2%{?elf_suffix}
# kmod_list_next, kmod_load_resources, kmod_module_get_initstate,
# kmod_module_get_module, kmod_module_get_name, kmod_module_new_from_lookup,
# kmod_module_probe_insert_module, kmod_module_unref, kmod_module_unref_list,
# kmod_new, kmod_set_log_fn, kmod_unref, kmod_validate_resources
# are part of LIBKMOD_5.
Recommends: libkmod.so.2(LIBKMOD_5)%{?elf_bits}
Recommends: libarchive.so.13%{?elf_suffix}
%description
systemd is a system and service manager that runs as PID 1 and starts the rest
of the system. It provides aggressive parallelization capabilities, uses socket
@ -349,9 +404,9 @@ Summary: Rule-based device node and kernel event manager
License: LGPL-2.1-or-later
Requires: systemd%{_isa} = %{version}-%{release}
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
Requires(post): systemd%{_isa} = %{version}-%{release}
Requires(preun): systemd%{_isa} = %{version}-%{release}
Requires(postun): systemd%{_isa} = %{version}-%{release}
Requires(post): grep
Requires: kmod >= 18-4
# https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1
@ -362,6 +417,11 @@ Obsoletes: udev < 183
Requires: (grubby > 8.40-72 if grubby)
Requires: (sdubby > 1.0-3 if sdubby)
# Libkmod is used to load modules. Assume that if we need udevd, we certainly
# want to load modules, so make this into a hard dependency here.
Requires: libkmod.so.2%{?elf_suffix}
Requires: libkmod.so.2(LIBKMOD_5)%{?elf_bits}
# Recommends to replace normal Requires deps for stuff that is dlopen()ed
# used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home
Recommends: libcryptsetup.so.12%{?elf_suffix}
@ -392,6 +452,16 @@ Obsoletes: u2f-hidraw-policy < 1.0.2-40
# self-obsoletes to install both packages after split of systemd-boot
Obsoletes: systemd-udev < 252.2^
Conflicts: %{name}-standalone-repart < %{version}-%{release}^
Provides: %{name}-repart = %{version}-%{release}
%if "%{_sbindir}" == "%{_bindir}"
# Compat symlinks for Requires in other packages.
# We rely on filesystem to create the symlinks for us.
Requires: filesystem(unmerged-sbin-symlinks)
Provides: /usr/sbin/udevadm
%endif
%description udev
This package contains systemd-udev and the rules and hardware database needed to
manage device nodes. This package is necessary on physical machines and in
@ -407,11 +477,19 @@ machine, and to create or grow partitions and make file systems automatically.
Summary: Tool to build Unified Kernel Images
Requires: %{name} = %{version}-%{release}
Requires: systemd-boot
Requires: python3dist(pefile)
Requires: python3dist(zstd)
Requires: python3dist(cryptography)
Recommends: python3dist(pillow)
# for tests
%ifarch riscv64
# 2.42 received support for riscv64 + efi targets
%global binutils_version_req >= 2.42
%endif
BuildRequires: binutils %{?binutils_version_req}
BuildArch: noarch
%description ukify
@ -445,9 +523,9 @@ the version that works with Secure Boot.
# Name is the same as in Debian
Summary: Tools for containers and VMs
Requires: %{name}%{_isa} = %{version}-%{release}
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
Requires(post): systemd%{_isa} = %{version}-%{release}
Requires(preun): systemd%{_isa} = %{version}-%{release}
Requires(postun): systemd%{_isa} = %{version}-%{release}
# obsolete parent package so that dnf will install new subpackage on upgrade (#1260394)
Obsoletes: %{name} < 229-5
# Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040)
@ -482,6 +560,7 @@ systemd-journal-upload.
%package networkd
Summary: System daemon that manages network configurations
Requires: %{name}%{_isa} = %{version}-%{release}
%{?fedora:Recommends: %{name}-udev = %{version}-%{release}}
License: LGPL-2.1-or-later
# https://src.fedoraproject.org/rpms/systemd/pull-request/34
Obsoletes: systemd < 246.6-2
@ -531,6 +610,7 @@ Requires: %{name}%{_isa} = %{version}-%{release}
# This dependency is provided transitively. Also add it explicitly to
# appease rpminspect, https://github.com/rpminspect/rpminspect/issues/1231:
Requires: %{name}-libs%{_isa} = %{version}-%{release}
Requires: python3dist(psutil)
License: LGPL-2.1-or-later
@ -579,14 +659,14 @@ other libraries from systemd-libs. This package conflicts with the main systemd
package and is meant for use in exitrds.
%prep
%autosetup -n %{?commit:%{name}%[%stable?"-stable":""]-%{commit}}%{!?commit:%{name}%[%stable?"-stable":""]-%{version_no_tilde}} -p1
%autosetup -n %{?commit:%{name}-%{commit}}%{!?commit:%{name}-%{version_no_tilde}} -p1
%build
%global ntpvendor %(source /etc/os-release; echo ${ID})
%{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1}
CONFIGURE_OPTS=(
-Dmode=release
-Dmode=%[%{with upstream}?"developer":"release"]
-Dsysvinit-path=/etc/rc.d/init.d
-Drc-local=/etc/rc.d/rc.local
-Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org'
@ -620,6 +700,7 @@ CONFIGURE_OPTS=(
-Delfutils=enabled
-Dlibcryptsetup=%[%{with bootstrap}?"disabled":"enabled"]
-Delfutils=enabled
-Drepart=enabled
-Dpwquality=enabled
-Dqrencode=%[%{defined rhel}?"disabled":"enabled"]
-Dgnutls=%[%{with gnutls}?"enabled":"disabled"]
@ -641,18 +722,15 @@ CONFIGURE_OPTS=(
-Ddefault-network=true
-Dtests=unsafe
-Dinstall-tests=true
-Dtty-gid=5
-Dusers-gid=100
-Dnobody-user=nobody
-Dnobody-group=nobody
-Dcompat-mutable-uid-boundaries=true
-Dsplit-bin=true
-Db_lto=%[%{with lto}?"true":"false"]
-Db_ndebug=false
-Dman=enabled
-Dversion-tag=%{version}-%{release}
-Dman=%[%{with docs}?"enabled":"disabled"]
-Dversion-tag=%{version}%[%{without upstream}?"-%{release}":""]
# https://bugzilla.redhat.com/show_bug.cgi?id=1906010
-Dshared-lib-tag=%{version_no_tilde}-%{release}
-Dshared-lib-tag=%{version_no_tilde}%[%{without upstream}?"-%{release}":""]
-Dfallback-hostname="localhost"
-Ddefault-dnssec=no
-Ddefault-dns-over-tls=no
@ -666,23 +744,24 @@ CONFIGURE_OPTS=(
-Ddefault-user-timeout-sec=45
-Dconfigfiledir=/usr/lib
-Doomd=true
-Dadm-gid=4
-Daudio-gid=63
-Dtty-gid=5
-Ddisk-gid=6
-Dlp-gid=7
-Dkmem-gid=9
-Dwheel-gid=10
-Dcdrom-gid=11
-Ddialout-gid=18
-Ddisk-gid=6
-Dinput-gid=104
-Dkmem-gid=9
-Dutmp-gid=22
-Dtape-gid=33
-Dkvm-gid=36
-Dlp-gid=7
-Dvideo-gid=39
-Daudio-gid=63
-Dusers-gid=100
-Dinput-gid=104
-Drender-gid=105
-Dsgx-gid=106
-Dtape-gid=33
-Dtty-gid=5
-Dusers-gid=100
-Dutmp-gid=22
-Dvideo-gid=39
-Dwheel-gid=10
-Dsystemd-journal-gid=190
-Dsystemd-network-uid=192
-Dsystemd-resolve-uid=193
@ -701,15 +780,7 @@ CONFIGURE_OPTS=(
%global _lto_cflags %nil
%endif
# Do configuration. If doing an inplace build, try to do
# reconfiguration to pick up new options.
%if %{with inplace}
command -v ccache 2>/dev/null && { CC="${CC:-ccache %__cc}"; CXX="${CXX:-ccache %__cxx}"; }
[ -e %{_vpath_builddir}/build.ninja ] &&
%__meson configure %{_vpath_builddir} "${CONFIGURE_OPTS[@]}" ||
%endif
{ %meson "${CONFIGURE_OPTS[@]}"; }
{ %meson "${CONFIGURE_OPTS[@]}" %{?meson_extra_configure_options} ; }
%meson_build
@ -726,8 +797,10 @@ sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user
%meson_install
# udev links
%if "%{_sbindir}" != "%{_bindir}"
mkdir -p %{buildroot}/%{_sbindir}
ln -sf ../bin/udevadm %{buildroot}%{_sbindir}/udevadm
%endif
# Compatiblity and documentation files
touch %{buildroot}/etc/crypttab
@ -752,11 +825,13 @@ touch %{buildroot}/etc/systemd/coredump.conf \
%{buildroot}/etc/udev/udev.conf \
%{buildroot}/etc/udev/iocost.conf
install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3}
# /etc/initab
install -Dm0644 -t %{buildroot}/etc/ %{SOURCE5}
install -Dm0644 -t %{buildroot}/etc/ %{SOURCE6}
# /etc/sysctl.conf compat
install -Dm0644 %{SOURCE6} %{buildroot}/etc/sysctl.conf
install -Dm0644 %{SOURCE7} %{buildroot}/etc/sysctl.conf
ln -s ../sysctl.conf %{buildroot}/etc/sysctl.d/99-sysctl.conf
# Make sure these directories are properly owned
@ -809,21 +884,19 @@ touch %{buildroot}%{_localstatedir}/lib/systemd/timesync/clock
touch %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload/state
# Install yum protection fragment
install -Dm0644 %{SOURCE4} %{buildroot}/etc/dnf/protected.d/systemd.conf
install -Dm0644 %{SOURCE5} %{buildroot}/etc/dnf/protected.d/systemd.conf
install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE7} %{SOURCE8}
install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE8} %{SOURCE9}
# Install additional docs
# https://bugzilla.redhat.com/show_bug.cgi?id=1234951
install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE9}
install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE10}
# https://bugzilla.redhat.com/show_bug.cgi?id=1378974
install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE10}
install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE11}
install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/ %{SOURCE13}
install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3}
# systemd-oomd default configuration
install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14}
install -Dm0644 -t %{buildroot}%{system_unit_dir}/system.slice.d/ %{SOURCE15}
@ -850,6 +923,20 @@ install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25}
ln -s --relative %{buildroot}%{_bindir}/kernel-install %{buildroot}%{_sbindir}/installkernel
%if "%{_sbindir}" == "%{_bindir}"
# Systemd has the split-sbin option which is also used to select the directory
# for alias symlinks. We need to keep split-sbin=true for now, to support
# unmerged systems. Move the symlinks here instead.
mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/
%endif
%if 0%{?fedora} >= 41
# This requires https://pagure.io/setup/pull-request/50
# and https://src.fedoraproject.org/rpms/setup/pull-request/10.
%{python3} %{SOURCE4} /usr/lib/sysusers.d/20-setup-{users,groups}.conf %{buildroot}/usr/lib/sysusers.d/basic.conf
rm %{buildroot}/usr/lib/sysusers.d/basic.conf
%endif
%find_lang %{name}
# Split files in build root into rpms
@ -867,33 +954,6 @@ meson test -C %{_vpath_builddir} -t 6 --print-errorlogs
%post
systemd-machine-id-setup &>/dev/null || :
# FIXME: move to %postun. We want to restart systemd *after* removing
# files from the old rpm. Right now we may still have bits the old
# setup if the files are not present in the new version. But before
# implement restarting of *other* services after the transaction, moving
# this would make things worse, increasing the number of warnings we get
# about needed daemon-reload.
systemctl daemon-reexec &>/dev/null || {
# systemd v239 had bug #9553 in D-Bus authentication of the private socket,
# which was later fixed in v240 by #9625.
#
# The end result is that a `systemctl daemon-reexec` call as root will fail
# when upgrading from systemd v239, which means the system will not start
# running the new version of systemd after this post install script runs.
#
# To work around this issue, let's fall back to using a `kill -TERM 1` to
# re-execute the daemon when the `systemctl daemon-reexec` call fails.
#
# In order to prevent issues when the reason why the daemon-reexec failed is
# not the aforementioned bug, let's only use this fallback when:
# - we're upgrading this RPM package; and
# - we confirm that systemd is running as PID1 on this system.
if [ $1 -gt 1 ] && [ -d /run/systemd/system ] ; then
kill -TERM 1 &>/dev/null || :
fi
}
[ $1 -eq 1 ] || exit 0
# create /var/log/journal only on initial installation,
@ -915,8 +975,11 @@ systemctl preset-all &>/dev/null || :
systemctl --global preset-all &>/dev/null || :
%postun
if [ $1 -eq 1 ]; then
if [ $1 -ge 1 ]; then
[ -w %{_localstatedir} ] && journalctl --update-catalog || :
systemctl daemon-reexec || :
systemd-tmpfiles --create &>/dev/null || :
fi
@ -924,32 +987,16 @@ fi
# FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558)
# This is the explanded form of %%systemd_user_daemon_reexec. We
# This is the expanded form of %%systemd_user_daemon_reexec. We
# can't use the macro because we define it ourselves.
if [ $1 -ge 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then
# Package upgrade, not uninstall
/usr/lib/systemd/systemd-update-helper user-reexec || :
fi
%triggerun resolved -- systemd < 246.1-1
# This is for upgrades from previous versions before systemd-resolved became the default.
systemctl --no-reload preset systemd-resolved.service &>/dev/null || :
if systemctl -q is-enabled systemd-resolved.service &>/dev/null; then
systemctl -q is-enabled NetworkManager.service 2>/dev/null && \
! test -L /etc/resolv.conf 2>/dev/null && \
! mountpoint /etc/resolv.conf &>/dev/null && \
grep -q 'Generated by NetworkManager' /etc/resolv.conf 2>/dev/null && \
echo -e '/etc/resolv.conf was generated by NetworkManager.\nRemoving it to let systemd-resolved manage this file.' && \
mv -v /etc/resolv.conf /etc/resolv.conf.orig-with-nm && \
ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf 2>/dev/null || :
systemctl start systemd-resolved.service &>/dev/null || :
fi
%triggerun -- systemd < 247.3-2
# This is for upgrades from previous versions before oomd-defaults is available.
systemctl --no-reload preset systemd-oomd.service &>/dev/null || :
%triggerun -- systemd < 256
# This is for upgrades from previous versions before systemd restart was moved to %%postun
systemctl daemon-reexec || :
%triggerpostun -- systemd < 253~rc1-2
# This is for upgrades from previous versions where systemd-journald-audit.socket

34
test_sysusers_defined.py Executable file
View File

@ -0,0 +1,34 @@
#!/usr/bin/python
import sys
def parse_sysusers_file(filename):
users, groups = set(), set()
for line in open(filename):
line = line.strip()
if not line or line.startswith('#'):
continue
words = line.split()
match words[0]:
case 'u':
users.add(words[1])
case 'g':
groups.add(words[1])
case 'm'|'r':
continue
case _:
assert False
return users, groups
setup_users, setup_groups = parse_sysusers_file(sys.argv[1])
setup_users2, setup_groups2 = parse_sysusers_file(sys.argv[2])
setup_users |= setup_users2
setup_groups |= setup_groups2
basic_users, basic_groups = parse_sysusers_file(sys.argv[3])
if d := basic_users - setup_users:
exit(f'We have new users: {d}')
if d := basic_groups - setup_groups:
exit(f'We have new groups: {d}')