rpms/systemd
5
0
Fork 0
Code Issues Pull Requests Releases Activity

systemd-257-3

Browse Source 
Resolves: RHEL-44417, RHEL-71409, RHEL-72798
This commit is contained in:
Jan Macku 2025-01-08 09:25:36 +01:00
parent b2570460aa
commit e20fafc72a
147 changed files with 6443 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
0001-Create-CNAME.patch Normal file
View File

@ -0,0 +1,18 @@
From 217666530e117eafbed9af56e2e7ab467c02a405 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Tue, 10 Dec 2024 19:39:23 +0000
Subject: [PATCH] Create CNAME
---
docs/CNAME | 1 +
1 file changed, 1 insertion(+)
create mode 100644 docs/CNAME
diff --git a/docs/CNAME b/docs/CNAME
new file mode 100644
index 0000000000..cdcf4d9a52
--- /dev/null
+++ b/docs/CNAME
@@ -0,0 +1 @@
+systemd.io
\ No newline at end of file

56
0002-sd-json-sd-varlink-drop-unexported-functions-from-pu.patch Normal file
View File

@ -0,0 +1,56 @@
From d7eeb60cdff19e3b2a69cc14118e65e7bfe96421 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 12 Dec 2024 19:42:48 +0900
Subject: [PATCH] sd-json,sd-varlink: drop unexported functions from public
headers
These functions are exported by e11f5aa7226253bf31b2ed61be8599bb213c1819
and 5fcabde35b8d2592e4ba3f4915839a54d2f246ba in upstream after v257.
Fixes #35554 in v257.
---
src/libsystemd/sd-json/json-util.h | 3 +++
src/systemd/sd-json.h | 3 ---
src/systemd/sd-varlink.h | 1 -
3 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/libsystemd/sd-json/json-util.h b/src/libsystemd/sd-json/json-util.h
index 808df64d98..b3b4941dcc 100644
--- a/src/libsystemd/sd-json/json-util.h
+++ b/src/libsystemd/sd-json/json-util.h
@@ -8,6 +8,9 @@
#include "macro.h"
#include "pidref.h"
+const char* sd_json_variant_type_to_string(sd_json_variant_type_t t);
+sd_json_variant_type_t sd_json_variant_type_from_string(const char *s);
+
#define JSON_VARIANT_REPLACE(v, q) \
do { \
typeof(v)* _v = &(v); \
diff --git a/src/systemd/sd-json.h b/src/systemd/sd-json.h
index 3930d82b0d..33817f2327 100644
--- a/src/systemd/sd-json.h
+++ b/src/systemd/sd-json.h
@@ -339,9 +339,6 @@ int sd_json_variant_strv(sd_json_variant *v, char ***ret);
int sd_json_variant_unbase64(sd_json_variant *v, void **ret, size_t *ret_size);
int sd_json_variant_unhex(sd_json_variant *v, void **ret, size_t *ret_size);
-const char* sd_json_variant_type_to_string(sd_json_variant_type_t t);
-sd_json_variant_type_t sd_json_variant_type_from_string(const char *s);
-
_sd_const_ static __inline__ int sd_json_format_enabled(sd_json_format_flags_t flags) {
return !(flags & SD_JSON_FORMAT_OFF);
}
diff --git a/src/systemd/sd-varlink.h b/src/systemd/sd-varlink.h
index 816b9b0ebf..17cf8b7386 100644
--- a/src/systemd/sd-varlink.h
+++ b/src/systemd/sd-varlink.h
@@ -184,7 +184,6 @@ int sd_varlink_dispatch(sd_varlink *v, sd_json_variant *parameters, const sd_jso
/* Write outgoing fds into the socket (to be associated with the next enqueued message) */
int sd_varlink_push_fd(sd_varlink *v, int fd);
int sd_varlink_push_dup_fd(sd_varlink *v, int fd);
-int sd_varlink_reset_fds(sd_varlink *v);
/* Read incoming fds from the socket (associated with the currently handled message) */
int sd_varlink_peek_fd(sd_varlink *v, size_t i);

61
0003-ci-reconfigure-Packit-for-RHEL-10.patch
View File

@ -1,61 +0,0 @@
From ec05646d8b34762d270ab8d3f703e06828ed0a03 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Fri, 17 May 2024 13:55:40 +0200
Subject: [PATCH] ci: reconfigure Packit for RHEL 10
rhel-only: ci
Related: RHEL-36636
---
.packit.yml | 28 +++++++++-------------------
1 file changed, 9 insertions(+), 19 deletions(-)
diff --git a/.packit.yml b/.packit.yml
index 2dcc9e86ca..340c6992ec 100644
--- a/.packit.yml
+++ b/.packit.yml
@@ -24,14 +24,12 @@ actions:
- "bash -ec 'git describe --tags --abbrev=0 | cut -b 2-'"
post-upstream-clone:
- # Use the Fedora Rawhide specfile
- - "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1"
+ # Use the CentOS Stream 10 specfile
+ - "git clone -b c10s https://gitlab.com/redhat/centos-stream/rpms/systemd.git .packit_rpm --depth=1"
# Drop the "sources" file so rebase-helper doesn't think we're a dist-git
- "rm -fv .packit_rpm/sources"
- # Drop backported patches from the specfile, but keep the downstream-only ones
- # - Patch(0000-0499): backported patches from upstream
- # - Patch0500-9999: downstream-only patches
- - "sed -ri '/^Patch(0[0-4]?[0-9]{0,2})?\\:.+\\.patch/d' .packit_rpm/systemd.spec"
+ # Drop all patches, since they're already included in the tarball
+ - "sed -ri '/^Patch[0-9]+:/d' .packit_rpm/systemd.spec"
# Build the RPM with --werror. Even though --werror doesn't work in all
# cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the
# RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]).
@@ -45,20 +43,12 @@ actions:
# until the change propagates to Rawhide's specfile
- "sed -ri '0,/^BuildRequires: .+$/s//&\\nBuildRequires: libarchive-devel\\nRequires: libarchive/' .packit_rpm/systemd.spec"
+# Available targets can be listed via `copr-cli list-chroots`
jobs:
- job: copr_build
trigger: pull_request
targets:
- - fedora-rawhide-aarch64
- - fedora-rawhide-i386
- - fedora-rawhide-ppc64le
- - fedora-rawhide-s390x
- - fedora-rawhide-x86_64
-
-- job: tests
- trigger: pull_request
- fmf_url: https://src.fedoraproject.org/tests/systemd
- fmf_ref: main
- tmt_plan: ci
- targets:
- - fedora-rawhide-x86_64
+ - centos-stream-10-aarch64
+ - centos-stream-10-ppc64le
+ - centos-stream-10-s390x
+ - centos-stream-10-x86_64

195
0003-test-modernize-generate-sym-test.py.patch Normal file
View File

@ -0,0 +1,195 @@
From e231110a641237817490785bdf3e96df1de524e2 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 12 Dec 2024 10:01:48 +0900
Subject: [PATCH] test: modernize generate-sym-test.py
(cherry picked from commit 6e399ece1fd6dc8cbf5830c263a118b58d36acac)
---
src/test/generate-sym-test.py | 107 +++++++++++++++++++++-------------
1 file changed, 67 insertions(+), 40 deletions(-)
diff --git a/src/test/generate-sym-test.py b/src/test/generate-sym-test.py
index 2e5177c934..24223aa7b0 100755
--- a/src/test/generate-sym-test.py
+++ b/src/test/generate-sym-test.py
@@ -1,78 +1,99 @@
#!/usr/bin/env python3
# SPDX-License-Identifier: LGPL-2.1-or-later
+#
+# ruff: noqa: E501 UP015
import os
import re
import sys
+from typing import IO
-def process_sym_file(file):
+
+def process_sym_file(file: IO[str]) -> None:
for line in file:
m = re.search(r'^ +([a-zA-Z0-9_]+);', line)
if m:
if m[1] == 'sd_bus_object_vtable_format':
- print(' {{"{0}", &{0}}},'.format(m[1]))
+ print(f' {{ "{m[1]}", &{m[1]} }},')
else:
- print(' {{"{0}", {0}}},'.format(m[1]))
+ print(f' {{ "{m[1]}", {m[1]} }},')
+
-def process_source_file(file):
+def process_source_file(file: IO[str]) -> None:
for line in file:
# Functions
m = re.search(r'^_public_\s+(\S+\s+)+\**(\w+)\s*\(', line)
if m:
- print(' {{ "{0}", {0} }},'.format(m[2]))
+ print(f' {{ "{m[2]}", {m[2]} }},')
+ continue
+
# Variables
m = re.search(r'^_public_\s+(\S+\s+)+\**(\w+)\s*=', line)
if m:
- print(' {{ "{0}", &{0} }},'.format(m[2]))
+ print(f' {{ "{m[2]}", &{m[2]} }},')
+ continue
+
# Functions defined through a macro
m = re.search(r'^DEFINE_PUBLIC_TRIVIAL_REF_FUNC\([^,]+,\s*(\w+)\s*\)', line)
if m:
- print(' {{ "{0}_ref", {0}_ref }},'.format(m[1]))
+ print(f' {{ "{m[1]}_ref", {m[1]}_ref }},')
+ continue
+
m = re.search(r'^DEFINE_PUBLIC_TRIVIAL_UNREF_FUNC\([^,]+,\s*(\w+)\s*,', line)
if m:
- print(' {{ "{0}_unref", {0}_unref }},'.format(m[1]))
- m = re.search(r"^DEFINE_PUBLIC_TRIVIAL_REF_UNREF_FUNC\([^,]+,\s*(\w+)\s*,", line)
+ print(f' {{ "{m[1]}_unref", {m[1]}_unref }},')
+ continue
+
+ m = re.search(r'^DEFINE_PUBLIC_TRIVIAL_REF_UNREF_FUNC\([^,]+,\s*(\w+)\s*,', line)
+ if m:
+ print(f' {{ "{m[1]}_ref", {m[1]}_ref }},')
+ print(f' {{ "{m[1]}_unref", {m[1]}_unref }},')
+ continue
+
+ m = re.search(r'^_DEFINE_STRING_TABLE_LOOKUP\((\w+),\s*\w+,\s*_public_\s*\)', line)
if m:
- print(' {{ "{0}_ref", {0}_ref }},'.format(m[1]))
- print(' {{ "{0}_unref", {0}_unref }},'.format(m[1]))
+ print(f' {{ "{m[1]}_from_string", {m[1]}_from_string }},')
+ print(f' {{ "{m[1]}_to_string", {m[1]}_to_string }},')
+ continue
-print('''/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+print("""/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-''')
+""")
for header in sys.argv[3:]:
print('#include "{}"'.format(header.split('/')[-1]))
-print('''
+print("""
/* We want to check deprecated symbols too, without complaining */
#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-''')
+""")
-print('''
+print("""
struct symbol {
const char *name;
const void *symbol;
};
-static struct symbol symbols_from_sym[] = {''')
+static struct symbol symbols_from_sym[] = {""")
-with open(sys.argv[1], "r") as f:
+with open(sys.argv[1], 'r') as f:
process_sym_file(f)
-print(''' {}
-}, symbols_from_source[] = {''')
+print(""" {}
+}, symbols_from_source[] = {""")
for dirpath, _, filenames in sorted(os.walk(sys.argv[2])):
for filename in sorted(filenames):
- if not filename.endswith(".c") and not filename.endswith(".h"):
+ if not filename.endswith('.c') and not filename.endswith('.h'):
continue
- with open(os.path.join(dirpath, filename), "r") as f:
+ with open(os.path.join(dirpath, filename), 'r') as f:
process_source_file(f)
-print(''' {}
+print(""" {}
};
static int sort_callback(const void *a, const void *b) {
@@ -81,34 +102,40 @@ static int sort_callback(const void *a, const void *b) {
}
int main(void) {
- size_t i, j;
+ size_t size = sizeof(symbols_from_sym[0]),
+ n_sym = sizeof(symbols_from_sym)/sizeof(symbols_from_sym[0]) - 1,
+ n_source = sizeof(symbols_from_source)/sizeof(symbols_from_source[0]) - 1;
- qsort(symbols_from_sym, sizeof(symbols_from_sym)/sizeof(symbols_from_sym[0])-1, sizeof(symbols_from_sym[0]), sort_callback);
- qsort(symbols_from_source, sizeof(symbols_from_source)/sizeof(symbols_from_source[0])-1, sizeof(symbols_from_source[0]), sort_callback);
+ qsort(symbols_from_sym, n_sym, size, sort_callback);
+ qsort(symbols_from_source, n_source, size, sort_callback);
puts("From symbol file:");
- for (i = 0; symbols_from_sym[i].name; i++)
+ for (size_t i = 0; i < n_sym; i++)
printf("%p: %s\\n", symbols_from_sym[i].symbol, symbols_from_sym[i].name);
puts("\\nFrom source files:");
- for (j = 0; symbols_from_source[j].name; j++)
- printf("%p: %s\\n", symbols_from_source[j].symbol, symbols_from_source[j].name);
+ for (size_t i = 0; i < n_source; i++)
+ printf("%p: %s\\n", symbols_from_source[i].symbol, symbols_from_source[i].name);
puts("");
- printf("Found %zu symbols from symbol file.\\n", i);
- printf("Found %zu symbols from source files.\\n", j);
+ printf("Found %zu symbols from symbol file.\\n", n_sym);
+ printf("Found %zu symbols from source files.\\n", n_source);
+
+ unsigned n_error = 0;
- for (i = 0; symbols_from_sym[i].name; i++) {
- struct symbol *n = bsearch(symbols_from_sym+i, symbols_from_source, sizeof(symbols_from_source)/sizeof(symbols_from_source[0])-1, sizeof(symbols_from_source[0]), sort_callback);
- if (!n)
+ for (size_t i = 0; i < n_sym; i++) {
+ if (!bsearch(symbols_from_sym+i, symbols_from_source, n_source, size, sort_callback)) {
printf("Found in symbol file, but not in sources: %s\\n", symbols_from_sym[i].name);
+ n_error++;
+ }
}
- for (j = 0; symbols_from_source[j].name; j++) {
- struct symbol *n = bsearch(symbols_from_source+j, symbols_from_sym, sizeof(symbols_from_sym)/sizeof(symbols_from_sym[0])-1, sizeof(symbols_from_sym[0]), sort_callback);
- if (!n)
- printf("Found in sources, but not in symbol file: %s\\n", symbols_from_source[j].name);
+ for (size_t i = 0; i < n_source; i++) {
+ if (!bsearch(symbols_from_source+i, symbols_from_sym, n_sym, size, sort_callback)) {
+ printf("Found in source file, but not in symbol file: %s\\n", symbols_from_source[i].name);
+ n_error++;
+ }
}
- return i == j ? EXIT_SUCCESS : EXIT_FAILURE;
-}''')
+ return n_error == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
+}""")

142
0004-test-also-generate-list-of-symbols-from-header-files.patch Normal file
View File

@ -0,0 +1,142 @@
From 1601149c5b14ed9e6e34b46ddb2ba3006b5f5315 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 12 Dec 2024 13:18:59 +0900
Subject: [PATCH] test: also generate list of symbols from header files
To make the generated tests able to detect issues like #35554.
(cherry picked from commit 0b39dc23ba2d8d3e99f5dc30c3da5d0f6baf10d7)
---
src/test/generate-sym-test.py | 74 +++++++++++++++++++++++++++++++++++
1 file changed, 74 insertions(+)
diff --git a/src/test/generate-sym-test.py b/src/test/generate-sym-test.py
index 24223aa7b0..7b5ded936c 100755
--- a/src/test/generate-sym-test.py
+++ b/src/test/generate-sym-test.py
@@ -19,6 +19,47 @@ def process_sym_file(file: IO[str]) -> None:
print(f' {{ "{m[1]}", {m[1]} }},')
+def process_header_file(file: IO[str]) -> None:
+ for line in file:
+ if (
+ line.startswith('#')
+ or line.startswith('typedef')
+ or line.startswith('extern "C"')
+ or line.startswith('__extension__')
+ or line.startswith('/*')
+ or ' __inline__ ' in line
+ or re.search(r'^\s+', line)
+ ):
+ continue
+
+ m = re.search(r'^(.*)\s*__attribute__', line)
+ if m:
+ line = m[1]
+
+ m = re.search(r'^(.*)\s*_sd_printf_', line)
+ if m:
+ line = m[1]
+
+ # Functions
+ m = re.search(r'^(\S+\s+)+\**(\w+)\s*\(', line)
+ if m:
+ print(f' {{ "{m[2]}", {m[2]} }},')
+ continue
+
+ # Variables
+ m = re.search(r'^extern\s', line)
+ if m:
+ n = line.split()[-1].rstrip(';')
+ print(f' {{ "{n}", &{n} }},')
+ continue
+
+ # Functions defined by macro
+ m = re.search(r'_SD_DEFINE_POINTER_CLEANUP_FUNC\(\w+,\s*(\w+)\)', line)
+ if m:
+ print(f' {{ "{m[1]}", {m[1]} }},')
+ continue
+
+
def process_source_file(file: IO[str]) -> None:
for line in file:
# Functions
@@ -83,6 +124,13 @@ static struct symbol symbols_from_sym[] = {""")
with open(sys.argv[1], 'r') as f:
process_sym_file(f)
+print(""" {}
+}, symbols_from_header[] = {""")
+
+for header in sys.argv[3:]:
+ with open(header, 'r') as f:
+ process_header_file(f)
+
print(""" {}
}, symbols_from_source[] = {""")
@@ -104,37 +152,63 @@ static int sort_callback(const void *a, const void *b) {
int main(void) {
size_t size = sizeof(symbols_from_sym[0]),
n_sym = sizeof(symbols_from_sym)/sizeof(symbols_from_sym[0]) - 1,
+ n_header = sizeof(symbols_from_header)/sizeof(symbols_from_header[0]) - 1,
n_source = sizeof(symbols_from_source)/sizeof(symbols_from_source[0]) - 1;
qsort(symbols_from_sym, n_sym, size, sort_callback);
+ qsort(symbols_from_header, n_header, size, sort_callback);
qsort(symbols_from_source, n_source, size, sort_callback);
puts("From symbol file:");
for (size_t i = 0; i < n_sym; i++)
printf("%p: %s\\n", symbols_from_sym[i].symbol, symbols_from_sym[i].name);
+ puts("\\nFrom header files:");
+ for (size_t i = 0; i < n_header; i++)
+ printf("%p: %s\\n", symbols_from_header[i].symbol, symbols_from_header[i].name);
+
puts("\\nFrom source files:");
for (size_t i = 0; i < n_source; i++)
printf("%p: %s\\n", symbols_from_source[i].symbol, symbols_from_source[i].name);
puts("");
printf("Found %zu symbols from symbol file.\\n", n_sym);
+ printf("Found %zu symbols from header files.\\n", n_header);
printf("Found %zu symbols from source files.\\n", n_source);
unsigned n_error = 0;
for (size_t i = 0; i < n_sym; i++) {
+ if (!bsearch(symbols_from_sym+i, symbols_from_header, n_header, size, sort_callback)) {
+ printf("Found in symbol file, but not in headers: %s\\n", symbols_from_sym[i].name);
+ n_error++;
+ }
if (!bsearch(symbols_from_sym+i, symbols_from_source, n_source, size, sort_callback)) {
printf("Found in symbol file, but not in sources: %s\\n", symbols_from_sym[i].name);
n_error++;
}
}
+ for (size_t i = 0; i < n_header; i++) {
+ if (!bsearch(symbols_from_header+i, symbols_from_sym, n_sym, size, sort_callback)) {
+ printf("Found in header file, but not in symbol file: %s\\n", symbols_from_header[i].name);
+ n_error++;
+ }
+ if (!bsearch(symbols_from_header+i, symbols_from_source, n_source, size, sort_callback)) {
+ printf("Found in header file, but not in sources: %s\\n", symbols_from_header[i].name);
+ n_error++;
+ }
+ }
+
for (size_t i = 0; i < n_source; i++) {
if (!bsearch(symbols_from_source+i, symbols_from_sym, n_sym, size, sort_callback)) {
printf("Found in source file, but not in symbol file: %s\\n", symbols_from_source[i].name);
n_error++;
}
+ if (!bsearch(symbols_from_source+i, symbols_from_header, n_header, size, sort_callback)) {
+ printf("Found in source file, but not in header: %s\\n", symbols_from_source[i].name);
+ n_error++;
+ }
}
return n_error == 0 ? EXIT_SUCCESS : EXIT_FAILURE;

65
0005-man-systemd-cryptenroll-sort-fido2-credential-algori.patch Normal file
View File

@ -0,0 +1,65 @@
From 2f2cd7a8657ebc7cdbddabe1166cbdcb94d66995 Mon Sep 17 00:00:00 2001
From: Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
Date: Wed, 11 Dec 2024 07:32:04 +0100
Subject: [PATCH] man/systemd-cryptenroll: sort --fido2-credential-algorithm
after --fido2-device
And also fix a typo.
(cherry picked from commit 62b7b70bb78f85198509b3327cb29b83ed9218ec)
---
man/systemd-cryptenroll.xml | 32 ++++++++++++++++----------------
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/man/systemd-cryptenroll.xml b/man/systemd-cryptenroll.xml
index 83f8b2d8a1..f3c23adfd0 100644
--- a/man/systemd-cryptenroll.xml
+++ b/man/systemd-cryptenroll.xml
@@ -384,24 +384,9 @@
<refsect1>
<title>FIDO2 Enrollment</title>
- <para>The following options are understood that may be used to enroll PKCS#11 tokens:</para>
+ <para>The following options are understood that may be used to enroll FIDO2 tokens:</para>
<variablelist>
- <varlistentry>
- <term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
- <listitem><para>Specify COSE algorithm used in credential generation. The default value is
- <literal>es256</literal>. Supported values are <literal>es256</literal>, <literal>rs256</literal>
- and <literal>eddsa</literal>.</para>
-
- <para><literal>es256</literal> denotes ECDSA over NIST P-256 with SHA-256. <literal>rs256</literal>
- denotes 2048-bit RSA with PKCS#1.5 padding and SHA-256. <literal>eddsa</literal> denotes
- EDDSA over Curve25519 with SHA-512.</para>
-
- <para>Note that your authenticator may choose not to support some algorithms.</para>
-
- <xi:include href="version-info.xml" xpointer="v251"/></listitem>
- </varlistentry>
-
<varlistentry>
<term><option>--fido2-device=<replaceable>PATH</replaceable></option></term>
@@ -428,6 +413,21 @@
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
+ <listitem><para>Specify COSE algorithm used in credential generation. The default value is
+ <literal>es256</literal>. Supported values are <literal>es256</literal>, <literal>rs256</literal>
+ and <literal>eddsa</literal>.</para>
+
+ <para><literal>es256</literal> denotes ECDSA over NIST P-256 with SHA-256. <literal>rs256</literal>
+ denotes 2048-bit RSA with PKCS#1.5 padding and SHA-256. <literal>eddsa</literal> denotes
+ EDDSA over Curve25519 with SHA-512.</para>
+
+ <para>Note that your authenticator may choose not to support some algorithms.</para>
+
+ <xi:include href="version-info.xml" xpointer="v251"/></listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>--fido2-salt-file=<replaceable>PATH</replaceable></option></term>

23
0006-analyze-tab-fix.patch Normal file
View File

@ -0,0 +1,23 @@
From f4215e7909a74e01f3275c8537d9574924aefa4c Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 11 Dec 2024 10:31:41 +0100
Subject: [PATCH] analyze: tab fix
(cherry picked from commit 7167bee6c672f9a0729631ba1f7459dd5e18f549)
---
src/analyze/analyze-plot.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/analyze/analyze-plot.c b/src/analyze/analyze-plot.c
index c50343d71c..20d6811f9b 100644
--- a/src/analyze/analyze-plot.c
+++ b/src/analyze/analyze-plot.c
@@ -170,7 +170,7 @@ static void plot_tooltip(const UnitTimes *ut) {
svg("%s:\n", ut->name);
svg("Activating: %"PRI_USEC".%.3"PRI_USEC"\n", ut->activating / USEC_PER_SEC, ut->activating % USEC_PER_SEC);
svg("Activated: %"PRI_USEC".%.3"PRI_USEC"\n", ut->activated / USEC_PER_SEC, ut->activated % USEC_PER_SEC);
-
+
UnitDependency i;
FOREACH_ARGUMENT(i, UNIT_AFTER, UNIT_BEFORE, UNIT_REQUIRES, UNIT_REQUISITE, UNIT_WANTS, UNIT_CONFLICTS, UNIT_UPHOLDS)
if (!strv_isempty(ut->deps[i])) {

24
0007-analyze-add-missing-mask-option-to-help-text.patch Normal file
View File

@ -0,0 +1,24 @@
From bbeb07ad24f5a4e2e391dc761fa05f3b39b29077 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 11 Dec 2024 10:31:58 +0100
Subject: [PATCH] analyze: add missing --mask option to --help text
Follow-up for: 3e7a029c2856e7814b930443cc2d4fb089377592
(cherry picked from commit 4d09f976f6c10729619c7f4c87dd121aa34d019b)
---
src/analyze/analyze.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c
index 0db3547a49..e21f12c65e 100644
--- a/src/analyze/analyze.c
+++ b/src/analyze/analyze.c
@@ -284,6 +284,7 @@ static int help(int argc, char *argv[], void *userdata) {
" --root=PATH Operate on an alternate filesystem root\n"
" --image=PATH Operate on disk image as filesystem root\n"
" --image-policy=POLICY Specify disk image dissection policy\n"
+ " -m --mask Parse parameter as numeric capability mask\n"
"\nSee the %2$s for details.\n",
program_invocation_short_name,
link,

29
0008-test-set-nsec3-salt-length-8-in-knot.conf.patch Normal file
View File

@ -0,0 +1,29 @@
From 1b945fb1a727f85be9230e43d2fdaf78d2567946 Mon Sep 17 00:00:00 2001
From: Nick Rosbrook <enr0n@ubuntu.com>
Date: Tue, 10 Dec 2024 16:48:59 -0500
Subject: [PATCH] test: set nsec3-salt-length=8 in knot.conf
TEST-75-RESOLVED fails on Ubuntu autopkgtest due to this warning from
knot:
notice: config, policy 'auto_rollover_nsec3' depends on default nsec3-salt-length=8, since version 3.5 the default becomes 0
Explicitly set nsec3-salt-length=8 to silence.
(cherry picked from commit 59e5108fb4e61957cb40bb15ac7966d085d13af2)
---
test/knot-data/knot.conf | 1 +
1 file changed, 1 insertion(+)
diff --git a/test/knot-data/knot.conf b/test/knot-data/knot.conf
index b8b9e7925d..6d177d7285 100644
--- a/test/knot-data/knot.conf
+++ b/test/knot-data/knot.conf
@@ -60,6 +60,7 @@ policy:
ksk-submission: parent_zone_sbm
nsec3-iterations: 0
nsec3: on
+ nsec3-salt-length: 8
propagation-delay: 1s
signing-threads: 4
zone-max-ttl: 1s

44
0009-test-capability-CAP_LINUX_IMMUTABLE-is-not-available.patch Normal file
View File

@ -0,0 +1,44 @@
From d80ab6aed678ed89327d86ced9fedd24b5baccd3 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Wed, 11 Dec 2024 12:10:13 +0000
Subject: [PATCH] test-capability: CAP_LINUX_IMMUTABLE is not available in
unprivileged containers
have ambient caps: yes
Capabilities:cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
Failed to drop auxiliary groups list: Operation not permitted
Failed to change group ID: Operation not permitted
Capabilities:cap_dac_override,cap_net_raw=ep
Capabilities:cap_dac_override=ep
Successfully forked off '(getambient)' as PID 12505.
Skipping PR_SET_MM, as we don't have privileges.
Ambient capability cap_linux_immutable requested but missing from bounding set, suppressing automatically.
Assertion 'x < 0 || FLAGS_SET(c, UINT64_C(1) << CAP_LINUX_IMMUTABLE)' failed at src/test/test-capability.c:273, function test_capability_get_ambient(). Aborting.
(getambient) terminated by signal ABRT.
src/test/test-capability.c:258: Assertion failed: expected "r" to succeed, but got error: Protocol error
Partially fixes #35552
(cherry picked from commit 058a07635f3ff70cc99943dcf4f2a079bc9c28b9)
---
src/test/test-capability.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/test/test-capability.c b/src/test/test-capability.c
index 51bd806348..127f5e3d87 100644
--- a/src/test/test-capability.c
+++ b/src/test/test-capability.c
@@ -254,6 +254,13 @@ static void test_capability_get_ambient(void) {
ASSERT_OK(capability_get_ambient(&c));
+ r = prctl(PR_CAPBSET_READ, CAP_MKNOD);
+ if (r <= 0)
+ return (void) log_tests_skipped("Lacking CAP_MKNOD, skipping getambient test.");
+ r = prctl(PR_CAPBSET_READ, CAP_LINUX_IMMUTABLE);
+ if (r <= 0)
+ return (void) log_tests_skipped("Lacking CAP_LINUX_IMMUTABLE, skipping getambient test.");
+
r = safe_fork("(getambient)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_WAIT|FORK_LOG, NULL);
ASSERT_OK(r);

38
0010-test-fd-util-skip-test-when-lacking-privileges-to-cr.patch Normal file
View File

@ -0,0 +1,38 @@
From 5573ac7d9c52bed8d38480788b02639ede3881fc Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Wed, 11 Dec 2024 12:01:18 +0000
Subject: [PATCH] test-fd-util: skip test when lacking privileges to create a
new namespace
To reproduce, as an unprivileged user start a docker container and build
and run the unit tests inside it:
$ docker run --rm -ti debian:bookworm bash
...
/* test_close_all_fds */
Successfully forked off '(caf-plain)' as PID 10496.
Skipping PR_SET_MM, as we don't have privileges.
(caf-plain) succeeded.
Failed to fork off '(caf-noproc)': Operation not permitted
Assertion 'r >= 0' failed at src/test/test-fd-util.c:392, function test_close_all_fds(). Aborting.
Partially fixes #35552
(cherry picked from commit 630a2e7ee195ca96e102acac8df67a278a879124)
---
src/test/test-fd-util.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/test/test-fd-util.c b/src/test/test-fd-util.c
index 20cf7b7627..5817d92725 100644
--- a/src/test/test-fd-util.c
+++ b/src/test/test-fd-util.c
@@ -389,6 +389,8 @@ TEST(close_all_fds) {
test_close_all_fds_inner();
_exit(EXIT_SUCCESS);
}
+ if (ERRNO_IS_NEG_PRIVILEGE(r))
+ return (void) log_tests_skipped("Lacking privileges for test in namespace with /proc/ overmounted");
assert_se(r >= 0);
if (!is_seccomp_available())

36
0011-test-fd-util-compare-FDs-to-bin-sh-instead-of-dev-nu.patch Normal file
View File

@ -0,0 +1,36 @@
From c026cecac33c3b19b1a466304058eb0f7f71187b Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Wed, 11 Dec 2024 13:40:10 +0000
Subject: [PATCH] test-fd-util: compare FDs to /bin/sh instead of /dev/null
/dev/null is a character device, so same_fd() in the fallback path
that compares fstat will fail, as that bails out if the fd refers
to a char device. This happens on kernels without F_DUPFD_QUERY and
without kcmp.
/* test_same_fd */
Assertion 'same_fd(d, e) > 0' failed at src/test/test-fd-util.c:111, function test_same_fd(). Aborting.
Fixes #35552
(cherry picked from commit 3b32d333e88f2a66651d58e32e01599fa84c3d19)
---
src/test/test-fd-util.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/test/test-fd-util.c b/src/test/test-fd-util.c
index 5817d92725..a359efa052 100644
--- a/src/test/test-fd-util.c
+++ b/src/test/test-fd-util.c
@@ -76,9 +76,9 @@ TEST(same_fd) {
assert_se(pipe2(p, O_CLOEXEC) >= 0);
assert_se((a = fcntl(p[0], F_DUPFD, 3)) >= 0);
- assert_se((b = open("/dev/null", O_RDONLY|O_CLOEXEC)) >= 0);
+ assert_se((b = open("/bin/sh", O_RDONLY|O_CLOEXEC)) >= 0);
assert_se((c = fcntl(a, F_DUPFD, 3)) >= 0);
- assert_se((d = open("/dev/null", O_RDONLY|O_CLOEXEC|O_PATH)) >= 0); /* O_PATH changes error returns in F_DUPFD_QUERY, let's test explicitly */
+ assert_se((d = open("/bin/sh", O_RDONLY|O_CLOEXEC|O_PATH)) >= 0); /* O_PATH changes error returns in F_DUPFD_QUERY, let's test explicitly */
assert_se((e = fcntl(d, F_DUPFD, 3)) >= 0);
assert_se(same_fd(p[0], p[0]) > 0);

66
0012-mkosi-use-inetutils-package-instead-of-hostname-for-.patch Normal file
View File

@ -0,0 +1,66 @@
From e1659133e79d20799a0841f3099f921957743691 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Wed, 11 Dec 2024 11:48:09 +0000
Subject: [PATCH] mkosi: use inetutils package instead of hostname for
Archlinux
In Arch the hostname binary is in a different package
Follow-up for cf48bde7aea52b18ac3fa218d3f60fd3d533ef66
(cherry picked from commit 446d737cba3652a9f3dbd07cea9cb4082350b241)
---
mkosi.conf.d/10-arch/mkosi.conf | 1 +
mkosi.conf.d/10-centos-fedora/mkosi.conf | 1 +
mkosi.conf.d/10-debian-ubuntu/mkosi.conf | 1 +
mkosi.conf.d/10-opensuse/mkosi.conf | 1 +
4 files changed, 4 insertions(+)
diff --git a/mkosi.conf.d/10-arch/mkosi.conf b/mkosi.conf.d/10-arch/mkosi.conf
index 5a4015e4d7..9ceb6ea6f8 100644
--- a/mkosi.conf.d/10-arch/mkosi.conf
+++ b/mkosi.conf.d/10-arch/mkosi.conf
@@ -25,6 +25,7 @@ Packages=
f2fs-tools
git
gnutls
+ inetutils
iproute
iputils
knot
diff --git a/mkosi.conf.d/10-centos-fedora/mkosi.conf b/mkosi.conf.d/10-centos-fedora/mkosi.conf
index 5b1865a253..8004c089ad 100644
--- a/mkosi.conf.d/10-centos-fedora/mkosi.conf
+++ b/mkosi.conf.d/10-centos-fedora/mkosi.conf
@@ -32,6 +32,7 @@ Packages=
glibc-langpack-de
glibc-langpack-en
gnutls-utils
+ hostname
integritysetup
iproute
iproute-tc
diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi.conf b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
index 46dd98828f..c898664f83 100644
--- a/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
+++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
@@ -48,6 +48,7 @@ Packages=
fdisk
git-core
gnutls-bin
+ hostname
iproute2
iputils-ping
isc-dhcp-server
diff --git a/mkosi.conf.d/10-opensuse/mkosi.conf b/mkosi.conf.d/10-opensuse/mkosi.conf
index 8a08b1f8c7..4ee3894c00 100644
--- a/mkosi.conf.d/10-opensuse/mkosi.conf
+++ b/mkosi.conf.d/10-opensuse/mkosi.conf
@@ -47,6 +47,7 @@ Packages=
grep
group(wheel)
gzip
+ hostname
iputils
kernel-default
kmod

55
0013-man-document-unprivileged-is-not-for-reading-propert.patch Normal file
View File

@ -0,0 +1,55 @@
From cd727031a4daafe19f491df360c512433562f469 Mon Sep 17 00:00:00 2001
From: Katariina Lounento <katariina.lounento@vaisala.com>
Date: Mon, 9 Dec 2024 16:09:13 +0200
Subject: [PATCH] man: document unprivileged is not for reading properties
Document the fact that read-only properties may not have the flag
SD_BUS_VTABLE_UNPRIVILEGED as that is not obvious especially given the
flag is accepted for writable properties.
Based on the check in `add_object_vtable_internal` called by
`sd_bus_add_object_vtable` (as of the current tip of the main branch
f7f5ba019206cacd486b0892fec76f70f525e04d):
case _SD_BUS_VTABLE_PROPERTY: {
[...]
if ([...] ||
[...]
(v->flags & SD_BUS_VTABLE_UNPRIVILEGED && v->type == _SD_BUS_VTABLE_PROPERTY)) {
r = -EINVAL;
goto fail;
}
(where `_SD_BUS_VTABLE_PROPERTY` means read-only property whereas
`_SD_BUS_VTABLE_WRITABLE_PROPERTY` maps to writable property).
This was implemented in the commit
adacb9575a09981fcf11279f2f661e3fc21e58ff ("bus: introduce "trusted" bus
concept and encode access control in object vtables") where
`SD_BUS_VTABLE_UNPRIVILEGED` was introduced:
Writable properties are also subject to SD_BUS_VTABLE_UNPRIVILEGED
and SD_BUS_VTABLE_CAPABILITY() for controlling write access to them.
Note however that read access is unrestricted, as PropertiesChanged
messages might send out the values anyway as an unrestricted
broadcast.
(cherry picked from commit 3ca09aa4dd57327989eceb1298754601046ac041)
---
man/sd_bus_add_object.xml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/man/sd_bus_add_object.xml b/man/sd_bus_add_object.xml
index 4d14a7e731..5572f421fb 100644
--- a/man/sd_bus_add_object.xml
+++ b/man/sd_bus_add_object.xml
@@ -589,6 +589,9 @@
<constant>org.freedesktop.systemd1.Privileged</constant> annotation with value
<literal>true</literal> will be shown in introspection data.</para>
+ <para><constant>SD_BUS_VTABLE_UNPRIVILEGED</constant> may not be applied to read-only properties,
+ but read access (to both read-only and writable properties) is always unrestricted.</para>
+
<para>Note that this page describes checks implemented in the D-Bus client. The D-Bus server has an
additional policy that may permit or deny connections, see
"CONFIGURATION FILE" in

56
0014-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch Normal file
View File

@ -0,0 +1,56 @@
From 6b90a137892e18bd3c2cacb4aba2759da7ff3081 Mon Sep 17 00:00:00 2001
From: Tobias Klauser <tklauser@distanz.ch>
Date: Wed, 11 Dec 2024 15:10:39 +0100
Subject: [PATCH] profile.d: don't bail if $SHELL_* variables are unset
If - for whatever reason - a script uses set -u (nounset) and includes
/etc/profile.d/70-systemd-shell-extra.sh (e.g. transitively via
/etc/profile) the script would fail with:
/etc/profile.d/70-systemd-shell-extra.sh: line 15: SHELL_PROMPT_PREFIX: unbound variable
For example:
$ cat > foo.sh <<EOF
#!/bin/sh
set -u
source /etc/profile
EOF
$ chmod 700 foo.sh
$ ./foo.sh
/etc/profile.d/70-systemd-shell-extra.sh: line 15: SHELL_PROMPT_PREFIX: unbound variable
Fix this by using shell parameter substitution[^1] (which is a POSIX
shell concept) to set the $SHELL_* variables to the empty string if
undefined.
[^1]: https://pubs.opengroup.org/onlinepubs/9699919799.2018edition/utilities/V3_chap02.html
(cherry picked from commit 12e33d332b3f8754f4d5d0d21d5d3f0de8adc54c)
---
profile.d/70-systemd-shell-extra.sh | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/profile.d/70-systemd-shell-extra.sh b/profile.d/70-systemd-shell-extra.sh
index 70be3341b9..dae77e4bc7 100644
--- a/profile.d/70-systemd-shell-extra.sh
+++ b/profile.d/70-systemd-shell-extra.sh
@@ -12,14 +12,14 @@
# credentials shell.prompt.prefix, shell.prompt.suffix and shell.welcome, and
# are propagated into these environment variables by pam_systemd(8).
-if [ -n "$SHELL_PROMPT_PREFIX" ]; then
+if [ -n "${SHELL_PROMPT_PREFIX-}" ]; then
PS1="$SHELL_PROMPT_PREFIX$PS1"
fi
-if [ -n "$SHELL_PROMPT_SUFFIX" ]; then
+if [ -n "${SHELL_PROMPT_SUFFIX-}" ]; then
PS1="$PS1$SHELL_PROMPT_SUFFIX"
fi
-if [ -n "$SHELL_WELCOME" ]; then
+if [ -n "${SHELL_WELCOME-}" ]; then
printf '%b\n' "$SHELL_WELCOME"
fi

25
0015-Fixing-VLAN-ranges-in-man-systemd.network.patch Normal file
View File

@ -0,0 +1,25 @@
From 9fad72cc52bdec7f44337b1e48c23ee15fc08d77 Mon Sep 17 00:00:00 2001
From: andrejpodzimek <andrej@podzimek.org>
Date: Wed, 11 Dec 2024 12:46:43 +0000
Subject: [PATCH] Fixing VLAN ranges in man systemd.network.
Otherwise it doesn't hold that VLANs 100-400 are allowed (because 201-299 are disallowed).
(cherry picked from commit ae2f3af63962ba6e2f67cfce07c9fee61722e30e)
---
man/systemd.network.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index 9d8dcba509..32cfb207e0 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -6431,7 +6431,7 @@ PVID=42
EgressUntagged=42
[BridgeVLAN]
-VLAN=100-200
+VLAN=100-299
[BridgeVLAN]
EgressUntagged=300-400</programlisting>

61
0016-test-bpf-restrict-fs-Migrate-to-new-assertion-macros.patch Normal file
View File

@ -0,0 +1,61 @@
From ab99950f1a0ab9401b44357d226a5880b5f262a7 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 11 Dec 2024 12:44:26 +0000
Subject: [PATCH] test-bpf-restrict-fs: Migrate to new assertion macros
(cherry picked from commit 1c658c639db1c902266735754f2e2883fe67d1d9)
---
src/test/test-bpf-restrict-fs.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/src/test/test-bpf-restrict-fs.c b/src/test/test-bpf-restrict-fs.c
index 11e97bf922..349c5a6894 100644
--- a/src/test/test-bpf-restrict-fs.c
+++ b/src/test/test-bpf-restrict-fs.c
@@ -18,9 +18,9 @@ static int test_restrict_filesystems(Manager *m, const char *unit_name, const ch
ExecContext *ec = NULL;
int cld_code, r;
- assert_se(u = unit_new(m, sizeof(Service)));
- assert_se(unit_add_name(u, unit_name) == 0);
- assert_se(ec = unit_get_exec_context(u));
+ ASSERT_NOT_NULL(u = unit_new(m, sizeof(Service)));
+ ASSERT_OK_ZERO(unit_add_name(u, unit_name));
+ ASSERT_NOT_NULL(ec = unit_get_exec_context(u));
STRV_FOREACH(allow_filesystem, allowed_filesystems) {
r = config_parse_restrict_filesystems(
@@ -30,7 +30,7 @@ static int test_restrict_filesystems(Manager *m, const char *unit_name, const ch
return log_unit_error_errno(u, r, "Failed to parse RestrictFileSystems: %m");
}
- assert_se(exec_start = strjoin("cat ", file_path));
+ ASSERT_NOT_NULL(exec_start = strjoin("cat ", file_path));
r = config_parse_exec(u->id, "filename", 1, "Service", 1, "ExecStart",
SERVICE_EXEC_START, exec_start, SERVICE(u)->exec_command, u);
if (r < 0)
@@ -84,19 +84,19 @@ int main(int argc, char *argv[]) {
ASSERT_OK(get_testdata_dir("units", &unit_dir));
ASSERT_OK(setenv_unit_path(unit_dir));
- assert_se(runtime_dir = setup_fake_runtime_dir());
+ ASSERT_NOT_NULL(runtime_dir = setup_fake_runtime_dir());
ASSERT_OK(manager_new(RUNTIME_SCOPE_SYSTEM, MANAGER_TEST_RUN_BASIC, &m));
ASSERT_OK(manager_startup(m, NULL, NULL, NULL));
/* We need to enable access to the filesystem where the binary is so we
* add @common-block and @application */
- ASSERT_LT(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("@common-block", "@application")), 0);
+ ASSERT_FAIL(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("@common-block", "@application")));
ASSERT_OK(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("tracefs", "@common-block", "@application")));
- ASSERT_LT(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("tracefs", "@common-block", "@application", "~tracefs")), 0);
- ASSERT_LT(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("@common-block", "@application")), 0);
+ ASSERT_FAIL(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("tracefs", "@common-block", "@application", "~tracefs")));
+ ASSERT_FAIL(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("@common-block", "@application")));
ASSERT_OK(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("debugfs", "@common-block", "@application")));
- ASSERT_LT(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("~debugfs")), 0);
+ ASSERT_FAIL(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("~debugfs")));
return 0;
}

27
0017-man-update-example-in-systemd-measure.xml-35506.patch Normal file
View File

@ -0,0 +1,27 @@
From 926f5ab6bf0e3541106e6a6f95af4cbdec50582b Mon Sep 17 00:00:00 2001
From: cvlc12 <97767846+cvlc12@users.noreply.github.com>
Date: Wed, 11 Dec 2024 22:09:11 +0100
Subject: [PATCH] man: update example in systemd-measure.xml (#35506)
In the example from systemd-measure(1), do not bind to PCR 7 in
addition to the PCR policy.
As long as this is still done by default, see #35280.
(cherry picked from commit 693038fce47a819c5eebeb4fce39c9ac991acf84)
---
man/systemd-measure.xml | 1 +
1 file changed, 1 insertion(+)
diff --git a/man/systemd-measure.xml b/man/systemd-measure.xml
index 5d697dd62f..368c94f700 100644
--- a/man/systemd-measure.xml
+++ b/man/systemd-measure.xml
@@ -328,6 +328,7 @@ $ ukify build \
<programlisting># systemd-cryptenroll --tpm2-device=auto \
--tpm2-public-key=tpm2-pcr-public-key.pem \
--tpm2-signature=tpm2-pcr-signature.json \
+ --tpm2-pcrs="" \
/dev/sda5</programlisting>
<para>And then unlock the device with the signature:</para>

23
0018-systemd-cryptenroll.xml-fix-typo.patch Normal file
View File

@ -0,0 +1,23 @@
From df38ba869ceaf15ee7d5962660d644403c068f7a Mon Sep 17 00:00:00 2001
From: Carlo Teubner <carlo@cteubner.net>
Date: Wed, 11 Dec 2024 22:40:07 +0000
Subject: [PATCH] systemd-cryptenroll.xml: fix typo
(cherry picked from commit dfbd4d8bc5f18746051929e32f772078d6782e90)
---
man/systemd-cryptenroll.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/man/systemd-cryptenroll.xml b/man/systemd-cryptenroll.xml
index f3c23adfd0..fb36f455ba 100644
--- a/man/systemd-cryptenroll.xml
+++ b/man/systemd-cryptenroll.xml
@@ -634,7 +634,7 @@
<para>Note the difference between <option>--tpm2-pcrs=</option> and
<option>--tpm2-public-key-pcrs=</option>: the former binds decryption to the current, specific PCR
values; the latter binds decryption to any set of PCR values for which a signature by the specified
- public key can be provided. The latter is hence more useful in scenarios where software updates shell
+ public key can be provided. The latter is hence more useful in scenarios where software updates shall
be possible without losing access to all previously encrypted LUKS2 volumes. Like with
<option>--tpm2-pcrs=</option>, names defined in the table above can also be used to specify the
registers, for instance

28
0019-semaphore-skip-some-tests.patch Normal file
View File

@ -0,0 +1,28 @@
From e768cf55b19caec6c8936050b245f398aba8b884 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Wed, 11 Dec 2024 20:44:25 +0000
Subject: [PATCH] semaphore: skip some tests
semaphore CI runs are always very close to the limit of 1hr, and often
time out when it's particularly oversubscribed.
Skip some low-value test cases to shorten the runtime.
(cherry picked from commit e19cae12ff2e832ce7d79aa483e1aa27ed0ea1f4)
---
.semaphore/semaphore-runner.sh | 3 +++
1 file changed, 3 insertions(+)
diff --git a/.semaphore/semaphore-runner.sh b/.semaphore/semaphore-runner.sh
index e903ced70d..b663674652 100755
--- a/.semaphore/semaphore-runner.sh
+++ b/.semaphore/semaphore-runner.sh
@@ -109,6 +109,9 @@ EOF
--env DPKG_DEB_COMPRESSOR_TYPE="none" \
--env DEB_BUILD_PROFILES="pkg.systemd.upstream noudeb nodoc" \
--env TEST_UPSTREAM=1 \
+ --skip-test localed-locale \
+ --skip-test localed-x11-keymap \
+ --skip-test build-with-static-libsystemd \
../systemd_*.dsc \
-o "$ARTIFACTS_DIR" \
-- lxc -s "$CONTAINER" \

215
0020-shell-completion-add-systemd-creds.patch Normal file
View File

@ -0,0 +1,215 @@
From b256e149d4eceb9931fa6b727f3523a8d9fd0198 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Tue, 10 Dec 2024 22:19:09 +0000
Subject: [PATCH] shell completion: add systemd-creds
(cherry picked from commit 783f794e89996ae7f2ae1872d65c515a672437fa)
---
shell-completion/bash/meson.build | 1 +
shell-completion/bash/systemd-creds | 185 ++++++++++++++++++++++++++++
2 files changed, 186 insertions(+)
create mode 100644 shell-completion/bash/systemd-creds
diff --git a/shell-completion/bash/meson.build b/shell-completion/bash/meson.build
index 91635df74a..59c2e2ef40 100644
--- a/shell-completion/bash/meson.build
+++ b/shell-completion/bash/meson.build
@@ -24,6 +24,7 @@ items = [['busctl', ''],
['systemd-cat', ''],
['systemd-cgls', ''],
['systemd-cgtop', ''],
+ ['systemd-creds', ''],
['systemd-delta', ''],
['systemd-detect-virt', ''],
['systemd-id128', ''],
diff --git a/shell-completion/bash/systemd-creds b/shell-completion/bash/systemd-creds
new file mode 100644
index 0000000000..310106b936
--- /dev/null
+++ b/shell-completion/bash/systemd-creds
@@ -0,0 +1,185 @@
+# shellcheck shell=bash
+# systemd-creds(1) completion -*- shell-script -*-
+# SPDX-License-Identifier: LGPL-2.1-or-later
+#
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+#
+# systemd is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with systemd; If not, see <https://www.gnu.org/licenses/>.
+
+__contains_word() {
+ local w word=$1; shift
+ for w in "$@"; do
+ [[ $w = "$word" ]] && return
+ done
+}
+
+__get_tpm2_devices() {
+ local i
+ for i in /dev/tpmrm*; do
+ [ -c "$i" ] && printf '%s\n' "$i"
+ done
+}
+
+__get_creds() {
+ local a b c
+ local mode=$1; shift 1
+ systemd-creds list $mode --no-legend --no-pager $1 2>/dev/null | \
+ { while read -r a b c; do echo " $a"; done }
+}
+
+_systemd_creds() {
+ local verb comps mode i
+ local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
+ local -A OPTS=(
+ [STANDALONE]='-h --help --version --no-pager --no-legend
+ -H -T --system --user -p --pretty --allow-null'
+ [ARG]='--tpm2-device
+ --tpm2-device-key
+ --tpm2-pcrs
+ --tpm2-public-key
+ --tpm2-public-key-pcrs
+ --tpm2-signature
+ --json
+ --transcode
+ --newline
+ --name
+ --timestamp
+ --not-after
+ --with-key
+ --uid'
+ )
+
+ local -A VERBS=(
+ [STANDALONE]='list setup'
+ [CAT]='cat'
+ [ENCRYPT]='encrypt'
+ [DECRYPT]='decrypt'
+ )
+
+ local -A OPTS_FOR_VERB=(
+ [CAT]='--help
+ --version
+ --no-pager
+ --no-legend
+ --user
+ --system'
+ [ENCRYPT]='--help
+ --version
+ --no-pager
+ --no-legend
+ --uid
+ --with-key
+ -H
+ -T
+ --tpm2-device
+ --tpm2-pcrs
+ --tpm2-public-key
+ --tpm2-public-key-pcrs
+ --tpm2-signature
+ --not-after
+ --name
+ --timestamp
+ --pretty'
+ [DECRYPT]='--help
+ --version
+ --no-pager
+ --no-legend
+ --uid
+ --tpm2-device
+ --tpm2-pcrs
+ --tpm2-public-key
+ --tpm2-public-key-pcrs
+ --tpm2-signature
+ --name
+ --timestamp
+ --allow-null'
+ )
+
+ _init_completion || return
+
+ if __contains_word "--user" ${COMP_WORDS[*]}; then
+ mode=--user
+ elif __contains_word "--system" ${COMP_WORDS[*]}; then
+ mode=--system
+ else
+ mode=''
+ fi
+
+ if __contains_word "$prev" ${OPTS[ARG]}; then
+ case $prev in
+ --tpm2-public-key|--tpm2-signature)
+ comps=$(compgen -A file -- "$cur")
+ compopt -o filenames
+ ;;
+ --tpm2-device)
+ comps="auto list $(__get_tpm2_devices)"
+ ;;
+ --json)
+ comps=$( systemd-creds --json=help 2>/dev/null )
+ ;;
+ --transcode)
+ comps='base64 unbase64 hex unhex'
+ ;;
+ --with-key)
+ comps='host tpm2 host+tpm2 null auto auto-initrd'
+ ;;
+ esac
+ COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
+ return 0
+ fi
+
+ if [[ -z ${verb-} && "$cur" = -* ]]; then
+ COMPREPLY=( $(compgen -W '${OPTS[*]}' -- "$cur") )
+ return 0
+ fi
+
+ for ((i=0; i < COMP_CWORD; i++)); do
+ if __contains_word "${COMP_WORDS[i]}" ${VERBS[*]} &&
+ ! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then
+ verb=${COMP_WORDS[i]}
+ break
+ fi
+ done
+
+ if [[ -z ${verb-} ]]; then
+ comps=${VERBS[*]}
+ elif __contains_word "$verb" ${VERBS[STANDALONE]}; then
+ comps=''
+ elif __contains_word "$verb" ${VERBS[CAT]}; then
+ if [[ $cur = -* ]]; then
+ comps=${OPTS_FOR_VERB[CAT]}
+ else
+ comps=$( __get_creds $mode )
+ fi
+ elif __contains_word "$verb" ${VERBS[ENCRYPT]}; then
+ if [[ $cur = -* ]]; then
+ comps=${OPTS_FOR_VERB[ENCRYPT]}
+ else
+ comps=$( compgen -A file -- "$cur" )
+ compopt -o filenames
+ fi
+ elif __contains_word "$verb" ${VERBS[DECRYPT]}; then
+ if [[ $cur = -* ]]; then
+ comps=${OPTS_FOR_VERB[DECRYPT]}
+ else
+ comps=$( compgen -A file -- "$cur" )
+ compopt -o filenames
+ fi
+ fi
+
+ COMPREPLY=( $(compgen -W '${comps-}' -- "$cur") )
+ return 0
+}
+
+complete -F _systemd_creds systemd-creds

64
0021-core-fix-loading-verity-settings-for-MountImages.patch Normal file
View File

@ -0,0 +1,64 @@
From c52f82b8d53c986798480ceaab4a269ca70126b1 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Thu, 12 Dec 2024 00:24:05 +0000
Subject: [PATCH] core: fix loading verity settings for MountImages=
The MountEntry logic was refactored to store the verity
settings, and updated for ExtensionImages=, but not for
MountImages=.
Follow-up for a1a40297dbfa5bcd926d1a19320deb73c033c6f5
(cherry picked from commit 59a83e11887e13a35d88fd7dc71a13b450433715)
---
src/core/namespace.c | 8 ++++++++
test/units/TEST-50-DISSECT.dissect.sh | 3 +++
2 files changed, 11 insertions(+)
diff --git a/src/core/namespace.c b/src/core/namespace.c
index 57dbbc4fc7..10f4c50bcc 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -480,20 +480,28 @@ static int append_bind_mounts(MountList *ml, const BindMount *binds, size_t n) {
}
static int append_mount_images(MountList *ml, const MountImage *mount_images, size_t n) {
+ int r;
+
assert(ml);
assert(mount_images || n == 0);
FOREACH_ARRAY(m, mount_images, n) {
+ _cleanup_(verity_settings_done) VeritySettings verity = VERITY_SETTINGS_DEFAULT;
MountEntry *me = mount_list_extend(ml);
if (!me)
return log_oom_debug();
+ r = verity_settings_load(&verity, m->source, /* root_hash_path= */ NULL, /* root_hash_sig_path= */ NULL);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to check verity root hash of %s: %m", m->source);
+
*me = (MountEntry) {
.path_const = m->destination,
.mode = MOUNT_IMAGE,
.source_const = m->source,
.image_options_const = m->mount_options,
.ignore = m->ignore_enoent,
+ .verity = TAKE_GENERIC(verity, VeritySettings, VERITY_SETTINGS_DEFAULT),
};
}
diff --git a/test/units/TEST-50-DISSECT.dissect.sh b/test/units/TEST-50-DISSECT.dissect.sh
index 6cf1213551..09cb676200 100755
--- a/test/units/TEST-50-DISSECT.dissect.sh
+++ b/test/units/TEST-50-DISSECT.dissect.sh
@@ -281,6 +281,9 @@ systemd-run -P \
-p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
-p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" \
cat /run/img2/usr/lib/os-release | grep -q -F "MARKER=1"
+systemd-run -P \
+ -p MountImages="$MINIMAL_IMAGE.raw:/run/img2" \
+ veritysetup status "${MINIMAL_IMAGE_ROOTHASH}-verity" | grep -q "${MINIMAL_IMAGE_ROOTHASH}"
cat >/run/systemd/system/testservice-50c.service <<EOF
[Service]
MountAPIVFS=yes

48
0022-test-add-more-coverage-for-extensions-and-verity.patch Normal file
View File

@ -0,0 +1,48 @@
From 06467e1dbc0fbf3346a990e6d6a02b1bfc5e8a1c Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Thu, 12 Dec 2024 00:50:45 +0000
Subject: [PATCH] test: add more coverage for extensions and verity
(cherry picked from commit c7fcb08324774c62bd2a786b03a7104a33049db6)
---
test/units/TEST-50-DISSECT.dissect.sh | 6 ++++++
test/units/util.sh | 2 ++
2 files changed, 8 insertions(+)
diff --git a/test/units/TEST-50-DISSECT.dissect.sh b/test/units/TEST-50-DISSECT.dissect.sh
index 09cb676200..f2b4db5133 100755
--- a/test/units/TEST-50-DISSECT.dissect.sh
+++ b/test/units/TEST-50-DISSECT.dissect.sh
@@ -365,6 +365,12 @@ systemd-run -P \
--property ExtensionImages=/etc/service-scoped-test.raw \
--property RootImage="$MINIMAL_IMAGE.raw" \
cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123"
+systemd-run -P \
+ --property ExtensionImages="/tmp/app0.raw /tmp/conf0.raw" \
+ veritysetup status "$(cat /tmp/app0.roothash)-verity" | grep -q "$(cat /tmp/app0.roothash)"
+systemd-run -P \
+ --property ExtensionImages="/tmp/app0.raw /tmp/conf0.raw" \
+ veritysetup status "$(cat /tmp/conf0.roothash)-verity" | grep -q "$(cat /tmp/conf0.roothash)"
# Check that two identical verity images at different paths do not fail with -ELOOP from OverlayFS
mkdir -p /tmp/loop
diff --git a/test/units/util.sh b/test/units/util.sh
index 7a39d4267e..1f903b3293 100755
--- a/test/units/util.sh
+++ b/test/units/util.sh
@@ -284,6 +284,7 @@ EOF
chmod +x "$initdir/opt/script0.sh"
echo MARKER=1 >"$initdir/usr/lib/systemd/system/some_file"
mksquashfs "$initdir" /tmp/app0.raw -noappend
+ veritysetup format /tmp/app0.raw /tmp/app0.verity --root-hash-file /tmp/app0.roothash
initdir="/var/tmp/conf0"
mkdir -p "$initdir/etc/extension-release.d" "$initdir/etc/systemd/system" "$initdir/opt"
@@ -295,6 +296,7 @@ EOF
) >>"$initdir/etc/extension-release.d/extension-release.conf0"
echo MARKER_1 >"$initdir/etc/systemd/system/some_file"
mksquashfs "$initdir" /tmp/conf0.raw -noappend
+ veritysetup format /tmp/conf0.raw /tmp/conf0.verity --root-hash-file /tmp/conf0.roothash
initdir="/var/tmp/app1"
mkdir -p "$initdir/usr/lib/extension-release.d" "$initdir/usr/lib/systemd/system" "$initdir/opt"

26
0023-README-drop-CentOS-CI-badges.patch Normal file
View File

@ -0,0 +1,26 @@
From 3b6b819a289feb76774e7c73654b3f4197181986 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 12 Dec 2024 11:58:24 +0900
Subject: [PATCH] README: drop CentOS CI badges
CentOS CIs are disabled after ead814a0b0f64c572282b9e27a0a995893f10cf0.
(cherry picked from commit 1fe583861feb5796fa0be937dc7f4c2ce07bcde5)
---
README.md | 3 ---
1 file changed, 3 deletions(-)
diff --git a/README.md b/README.md
index 12f1381f08..9e026b287c 100644
--- a/README.md
+++ b/README.md
@@ -7,9 +7,6 @@ System and Service Manager
[![OSS-Fuzz Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/systemd.svg)](https://oss-fuzz-build-logs.storage.googleapis.com/index.html#systemd)<br/>
[![CIFuzz](https://github.com/systemd/systemd/workflows/CIFuzz/badge.svg)](https://github.com/systemd/systemd/actions)<br/>
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1369/badge)](https://bestpractices.coreinfrastructure.org/projects/1369)<br/>
-[![CentOS CI - CentOS 9](https://jenkins-systemd.apps.ocp.cloud.ci.centos.org/buildStatus/icon?subject=CentOS%20CI%20-%20CentOS%209&job=upstream-centos9s)](https://jenkins-systemd.apps.ocp.cloud.ci.centos.org/job/upstream-centos9s/)<br/>
-[![CentOS CI - Arch](https://jenkins-systemd.apps.ocp.cloud.ci.centos.org/buildStatus/icon?subject=CentOS%20CI%20-%20Arch&job=upstream-vagrant-archlinux)](https://jenkins-systemd.apps.ocp.cloud.ci.centos.org/job/upstream-vagrant-archlinux/)<br/>
-[![CentOS CI - Arch (sanitizers)](https://jenkins-systemd.apps.ocp.cloud.ci.centos.org/buildStatus/icon?subject=CentOS%20CI%20-%20Arch%20(sanitizers)&job=upstream-vagrant-archlinux-sanitizers)](https://jenkins-systemd.apps.ocp.cloud.ci.centos.org/job/upstream-vagrant-archlinux-sanitizers/)<br/>
[![Fossies codespell report](https://fossies.org/linux/test/systemd-main.tar.gz/codespell.svg)](https://fossies.org/linux/test/systemd-main.tar.gz/codespell.html)</br>
[![Weblate](https://translate.fedoraproject.org/widgets/systemd/-/master/svg-badge.svg)](https://translate.fedoraproject.org/engage/systemd/)</br>
[![Coverage Status](https://coveralls.io/repos/github/systemd/systemd/badge.svg?branch=main)](https://coveralls.io/github/systemd/systemd?branch=main)</br>

19
0024-meson.version-change-to-257.1.patch Normal file
View File

@ -0,0 +1,19 @@
From 3267661c626bd904395e3dd0f5e24b550f7309fe Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Thu, 12 Dec 2024 13:11:51 +0000
Subject: [PATCH] meson.version: change to 257.1
This is used to detect in various CIs that we are on a stable branch,
so set the new version early, otherwise some scripts will think it's
running in main
---
meson.version | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meson.version b/meson.version
index a700e79997..97fb426c59 100644
--- a/meson.version
+++ b/meson.version
@@ -1 +1 @@
-257
+257.1

76
0025-journalctl-honor-quiet-with-setup-keys.patch Normal file
View File

@ -0,0 +1,76 @@
From 644f2a02c8befba986ebbc5d58767807fb2999ee Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 10 Dec 2024 09:40:43 +0900
Subject: [PATCH] journalctl: honor --quiet with --setup-keys
Closes #35504.
(cherry picked from commit a5b2973850e5952b9dffdfa3f6a0ef486957cb17)
---
src/journal/journalctl-authenticate.c | 13 ++++++++-----
test/units/TEST-04-JOURNAL.fss.sh | 6 ++++--
2 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/src/journal/journalctl-authenticate.c b/src/journal/journalctl-authenticate.c
index 865814cd03..87374816b4 100644
--- a/src/journal/journalctl-authenticate.c
+++ b/src/journal/journalctl-authenticate.c
@@ -97,17 +97,20 @@ int action_setup_keys(void) {
state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
state = alloca_safe(state_size);
- log_info("Generating seed...");
+ if (!arg_quiet)
+ log_info("Generating seed...");
r = crypto_random_bytes(seed, seed_size);
if (r < 0)
return log_error_errno(r, "Failed to acquire random seed: %m");
- log_info("Generating key pair...");
+ if (!arg_quiet)
+ log_info("Generating key pair...");
r = FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
if (r < 0)
return log_error_errno(r, "Failed to generate key pair: %m");
- log_info("Generating sealing key...");
+ if (!arg_quiet)
+ log_info("Generating sealing key...");
r = FSPRG_GenState0(state, mpk, seed, seed_size);
if (r < 0)
return log_error_errno(r, "Failed to generate sealing key: %m");
@@ -122,7 +125,7 @@ int action_setup_keys(void) {
r = chattr_secret(fd, CHATTR_WARN_UNSUPPORTED_FLAGS);
if (r < 0)
- log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING,
+ log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) || arg_quiet ? LOG_DEBUG : LOG_WARNING,
r, "Failed to set file attributes on a temporary file for '%s', ignoring: %m", path);
struct FSSHeader h = {
@@ -155,7 +158,7 @@ int action_setup_keys(void) {
if (r < 0)
return r;
- if (!on_tty()) {
+ if (!on_tty() || arg_quiet) {
/* If we are not on a TTY, show only the key. */
puts(key);
return 0;
diff --git a/test/units/TEST-04-JOURNAL.fss.sh b/test/units/TEST-04-JOURNAL.fss.sh
index 03351b812f..140bd9fd67 100755
--- a/test/units/TEST-04-JOURNAL.fss.sh
+++ b/test/units/TEST-04-JOURNAL.fss.sh
@@ -10,8 +10,10 @@ if ! journalctl --version | grep -qF +GCRYPT; then
exit 0
fi
-journalctl --force --setup-keys --interval=2 |& tee /tmp/fss
-FSS_VKEY="$(sed -rn '/([a-f0-9]{6}\-){3}[a-f0-9]{6}\/[a-f0-9]+\-[a-f0-9]+/p' /tmp/fss)"
+# without --quiet, should be effectively equivalent to the below, as we are not on tty
+journalctl --force --setup-keys --interval=2
+
+FSS_VKEY=$(journalctl --force --setup-keys --interval=2 --quiet)
[[ -n "$FSS_VKEY" ]]
# Generate some buzz in the journal and wait until the FSS key is changed

35
0026-dbus-log-disconnect-on-api-and-system-busses.patch Normal file
View File

@ -0,0 +1,35 @@
From c189ecc7fe5039d98bbb448ab45ab0fa3842b3a3 Mon Sep 17 00:00:00 2001
From: Ronan Pigott <ronan@rjp.ie>
Date: Thu, 28 Nov 2024 12:51:38 -0700
Subject: [PATCH] dbus: log disconnect on api and system busses
This is an interesting event. Let's log about it.
(cherry picked from commit 11ee1bab60abde67cd0edc470c93c1afe10d975d)
---
src/core/dbus.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/core/dbus.c b/src/core/dbus.c
index 744b97f991..3f0f40e702 100644
--- a/src/core/dbus.c
+++ b/src/core/dbus.c
@@ -131,10 +131,16 @@ static int signal_disconnected(sd_bus_message *message, void *userdata, sd_bus_e
assert(message);
assert_se(bus = sd_bus_message_get_bus(message));
- if (bus == m->api_bus)
+ if (bus == m->api_bus) {
+ log_notice("Got disconnect on API bus.");
bus_done_api(m);
- if (bus == m->system_bus)
+ }
+ if (bus == m->system_bus) {
+ /* If we are the system manager, this is already logged by the API bus. */
+ if (!MANAGER_IS_SYSTEM(m))
+ log_notice("Got disconnect on system bus.");
bus_done_system(m);
+ }
if (set_remove(m->private_buses, bus)) {
log_debug("Got disconnect on private connection.");

26
0027-manager-add-list-of-subscribers-to-dump-info.patch Normal file
View File

@ -0,0 +1,26 @@
From bcf740e4a3caa32b3a920512833b68fc6d530125 Mon Sep 17 00:00:00 2001
From: Ronan Pigott <ronan@rjp.ie>
Date: Thu, 28 Nov 2024 12:52:45 -0700
Subject: [PATCH] manager: add list of subscribers to dump info
This is handy for debugging.
(cherry picked from commit 91713841491d0d4775566ed59f621f0f9a2413b5)
---
src/core/manager-dump.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/core/manager-dump.c b/src/core/manager-dump.c
index a12d50c91e..7e678fa03e 100644
--- a/src/core/manager-dump.c
+++ b/src/core/manager-dump.c
@@ -77,6 +77,9 @@ static void manager_dump_header(Manager *m, FILE *f, const char *prefix) {
timestamp_is_set(t->realtime) ? FORMAT_TIMESTAMP(t->realtime) :
FORMAT_TIMESPAN(t->monotonic, 1));
}
+
+ for (const char *n = sd_bus_track_first(m->subscribed); n; n = sd_bus_track_next(m->subscribed))
+ fprintf(f, "%sSubscribed: %s\n", strempty(prefix), n);
}
void manager_dump(Manager *m, FILE *f, char **patterns, const char *prefix) {

111
0028-exec-util-allow-to-invoke-polkit-ask-password-agent-.patch Normal file
View File

@ -0,0 +1,111 @@
From 070c28a12a3687966d91a633ce9df78b35e0b364 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 1 Dec 2024 17:36:33 +0900
Subject: [PATCH] exec-util: allow to invoke polkit/ask-password agent even if
STDIN is not a tty
Closes #35018.
(cherry picked from commit 0f81c8406f0f47175c699715e84de8291057033c)
---
src/shared/ask-password-agent.c | 8 ++------
src/shared/exec-util.c | 23 ++++++++++++++---------
src/shared/polkit-agent.c | 8 ++------
3 files changed, 18 insertions(+), 21 deletions(-)
diff --git a/src/shared/ask-password-agent.c b/src/shared/ask-password-agent.c
index 62b73503ca..d02d68a4e1 100644
--- a/src/shared/ask-password-agent.c
+++ b/src/shared/ask-password-agent.c
@@ -18,12 +18,8 @@ int ask_password_agent_open(void) {
if (agent_pid > 0)
return 0;
- /* We check STDIN here, not STDOUT, since this is about input, not output */
- if (!isatty_safe(STDIN_FILENO))
- return 0;
-
- /* Also check if we have a controlling terminal. If not (ENXIO here), we aren't actually invoked
- * interactively on a terminal, hence fail */
+ /* Check if we have a controlling terminal. If not (ENXIO here), we aren't actually invoked
+ * interactively on a terminal, hence fail. */
r = get_ctty_devnr(0, NULL);
if (r == -ENXIO)
return 0;
diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c
index 8435c4f118..599b925a99 100644
--- a/src/shared/exec-util.c
+++ b/src/shared/exec-util.c
@@ -544,7 +544,6 @@ int fexecve_or_execve(int executable_fd, const char *executable, char *const arg
}
int _fork_agent(const char *name, const int except[], size_t n_except, pid_t *ret_pid, const char *path, ...) {
- bool stdout_is_tty, stderr_is_tty;
size_t n, i;
va_list ap;
char **l;
@@ -567,17 +566,18 @@ int _fork_agent(const char *name, const int except[], size_t n_except, pid_t *re
/* In the child: */
- stdout_is_tty = isatty_safe(STDOUT_FILENO);
- stderr_is_tty = isatty_safe(STDERR_FILENO);
+ bool stdin_is_tty = isatty_safe(STDIN_FILENO),
+ stdout_is_tty = isatty_safe(STDOUT_FILENO),
+ stderr_is_tty = isatty_safe(STDERR_FILENO);
- if (!stdout_is_tty || !stderr_is_tty) {
+ if (!stdin_is_tty || !stdout_is_tty || !stderr_is_tty) {
int fd;
- /* Detach from stdout/stderr and reopen /dev/tty for them. This is important to ensure that
- * when systemctl is started via popen() or a similar call that expects to read EOF we
+ /* Detach from stdin/stdout/stderr and reopen /dev/tty for them. This is important to ensure
+ * that when systemctl is started via popen() or a similar call that expects to read EOF we
* actually do generate EOF and not delay this indefinitely by keeping an unused copy of
* stdin around. */
- fd = open("/dev/tty", O_WRONLY);
+ fd = open("/dev/tty", stdin_is_tty ? O_WRONLY : (stdout_is_tty && stderr_is_tty) ? O_RDONLY : O_RDWR);
if (fd < 0) {
if (errno != ENXIO) {
log_error_errno(errno, "Failed to open /dev/tty: %m");
@@ -588,13 +588,18 @@ int _fork_agent(const char *name, const int except[], size_t n_except, pid_t *re
* connected to a TTY. That's a weird setup, but let's handle it gracefully: let's
* skip the forking of the agents, given the TTY setup is not in order. */
} else {
+ if (!stdin_is_tty && dup2(fd, STDIN_FILENO) < 0) {
+ log_error_errno(errno, "Failed to dup2 /dev/tty to STDIN: %m");
+ _exit(EXIT_FAILURE);
+ }
+
if (!stdout_is_tty && dup2(fd, STDOUT_FILENO) < 0) {
- log_error_errno(errno, "Failed to dup2 /dev/tty: %m");
+ log_error_errno(errno, "Failed to dup2 /dev/tty to STDOUT: %m");
_exit(EXIT_FAILURE);
}
if (!stderr_is_tty && dup2(fd, STDERR_FILENO) < 0) {
- log_error_errno(errno, "Failed to dup2 /dev/tty: %m");
+ log_error_errno(errno, "Failed to dup2 /dev/tty to STDERR: %m");
_exit(EXIT_FAILURE);
}
diff --git a/src/shared/polkit-agent.c b/src/shared/polkit-agent.c
index 842e41e8db..d87eb56164 100644
--- a/src/shared/polkit-agent.c
+++ b/src/shared/polkit-agent.c
@@ -31,12 +31,8 @@ int polkit_agent_open(void) {
if (geteuid() == 0)
return 0;
- /* We check STDIN here, not STDOUT, since this is about input, not output */
- if (!isatty_safe(STDIN_FILENO))
- return 0;
-
- /* Also check if we have a controlling terminal. If not (ENXIO here), we aren't actually invoked
- * interactively on a terminal, hence fail */
+ /* Check if we have a controlling terminal. If not (ENXIO here), we aren't actually invoked
+ * interactively on a terminal, hence fail. */
r = get_ctty_devnr(0, NULL);
if (r == -ENXIO)
return 0;

27
0029-mkosi-Fix-opensuse-build.patch Normal file
View File

@ -0,0 +1,27 @@
From 4162c331dd4fc6657d1f51c90a7a0223e9f4a30d Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 12 Dec 2024 11:58:42 +0000
Subject: [PATCH] mkosi: Fix opensuse build
The opensuse spec still looks for README.testsuite so hack it to look
for README.md instead now that we changed the name in the repo.
(cherry picked from commit 3aa725732161f11788a51405f9c5204190e7a0e9)
---
mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot | 3 +++
1 file changed, 3 insertions(+)
diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
index 7349038638..c9089b78c4 100755
--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
+++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
@@ -60,6 +60,9 @@ fi
# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream).
sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR/systemd.spec"
+# TODO: Drop when the opensuse spec uses README.md instead of README.testsuite.
+sed --in-place 's/README.testsuite/README.md/' "pkg/$PKG_SUBDIR/systemd.spec"
+
build() {
IFS=
# shellcheck disable=SC2046

71
0030-units-use-PrivateTmp-disconnected-instead-of-yes-if-.patch Normal file
View File

@ -0,0 +1,71 @@
From 1f6e1928488d461d19fd1e4b4d645b0ea5ea8bf5 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Thu, 12 Dec 2024 11:48:52 +0000
Subject: [PATCH] units: use PrivateTmp=disconnected instead of 'yes' if
DefaultDependencies=no
Avoids subtle race conditions such as the one described at
#35582.
Fixes #35582
(cherry picked from commit 1ca315be0097bccc9ff55e09ac339a48fdb9a040)
---
units/systemd-coredump@.service.in | 2 +-
units/systemd-oomd.service.in | 2 +-
units/systemd-resolved.service.in | 2 +-
units/systemd-timesyncd.service.in | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in
index fa3206d07b..c74dc7a5a1 100644
--- a/units/systemd-coredump@.service.in
+++ b/units/systemd-coredump@.service.in
@@ -26,7 +26,7 @@ NoNewPrivileges=yes
OOMScoreAdjust=500
PrivateDevices=yes
PrivateNetwork=yes
-PrivateTmp=yes
+PrivateTmp=disconnected
ProtectControlGroups=yes
ProtectHome=read-only
ProtectHostname=yes
diff --git a/units/systemd-oomd.service.in b/units/systemd-oomd.service.in
index 82bd6245f8..670d5e6140 100644
--- a/units/systemd-oomd.service.in
+++ b/units/systemd-oomd.service.in
@@ -37,7 +37,7 @@ MemoryLow=64M
NoNewPrivileges=yes
OOMScoreAdjust=-900
PrivateDevices=yes
-PrivateTmp=yes
+PrivateTmp=disconnected
ProtectClock=yes
ProtectHome=yes
ProtectHostname=yes
diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in
index 4aa0788ac4..e181b2528a 100644
--- a/units/systemd-resolved.service.in
+++ b/units/systemd-resolved.service.in
@@ -29,7 +29,7 @@ LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
-PrivateTmp=yes
+PrivateTmp=disconnected
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
index cf233fbffd..835d6327e7 100644
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -31,7 +31,7 @@ LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
-PrivateTmp=yes
+PrivateTmp=disconnected
ProtectProc=invisible
ProtectControlGroups=yes
ProtectHome=yes

36
0031-battery-check-parse-options-before-checking-for-kern.patch Normal file
View File

@ -0,0 +1,36 @@
From 29cdad871ea5febb64336b43f08aab5ac15ab4cb Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Fri, 8 Nov 2024 12:23:37 +0000
Subject: [PATCH] battery-check: parse options before checking for kernel
command line
Otherwise --help/--version/etc which exit immediately will do pointless work
(cherry picked from commit 60d23b7f4ae26d934e5748d30bb7ae956f3ad83d)
---
src/battery-check/battery-check.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/battery-check/battery-check.c b/src/battery-check/battery-check.c
index 1563147b7b..a2ed5cbafd 100644
--- a/src/battery-check/battery-check.c
+++ b/src/battery-check/battery-check.c
@@ -123,14 +123,14 @@ static int run(int argc, char *argv[]) {
log_setup();
- r = proc_cmdline_get_bool("systemd.battery_check", PROC_CMDLINE_STRIP_RD_PREFIX|PROC_CMDLINE_TRUE_WHEN_MISSING, &arg_doit);
- if (r < 0)
- log_warning_errno(r, "Failed to parse systemd.battery_check= kernel command line option, ignoring: %m");
-
r = parse_argv(argc, argv);
if (r <= 0)
return r;
+ r = proc_cmdline_get_bool("systemd.battery_check", PROC_CMDLINE_STRIP_RD_PREFIX|PROC_CMDLINE_TRUE_WHEN_MISSING, &arg_doit);
+ if (r < 0)
+ log_warning_errno(r, "Failed to parse systemd.battery_check= kernel command line option, ignoring: %m");
+
if (!arg_doit) {
log_info("Checking battery status and AC power existence is disabled by the kernel command line, skipping execution.");
return 0;

34
0032-test-loop-block-return-77-on-skip-in-more-places.patch Normal file
View File

@ -0,0 +1,34 @@
From 1fb4673a6977c6a694f786dbc6cf2ff1990794ff Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Wed, 13 Nov 2024 14:20:34 +0000
Subject: [PATCH] test-loop-block: return -77 on skip in more places
(cherry picked from commit 81e0693465402d2e72cb3ba1b28e25e3c4c0206a)
---
src/test/test-loop-block.c | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/src/test/test-loop-block.c b/src/test/test-loop-block.c
index e69c0d5caf..921049c3fb 100644
--- a/src/test/test-loop-block.c
+++ b/src/test/test-loop-block.c
@@ -224,15 +224,11 @@ static int run(int argc, char *argv[]) {
dissected = dissected_image_unref(dissected);
#endif
- if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0) {
- log_tests_skipped("not running privileged");
- return 0;
- }
+ if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0)
+ return log_tests_skipped("not running privileged");
- if (detect_container() > 0) {
- log_tests_skipped("Test not supported in a container, requires udev/uevent notifications");
- return 0;
- }
+ if (detect_container() > 0)
+ return log_tests_skipped("Test not supported in a container, requires udev/uevent notifications");
assert_se(loop_device_make(fd, O_RDWR, 0, UINT64_MAX, 0, LO_FLAGS_PARTSCAN, LOCK_EX, &loop) >= 0);

43
0033-mkosi-update-debian-commit-reference.patch Normal file
View File

@ -0,0 +1,43 @@
From 1a259b4e6006a48d5e3a83680f3341e1c68a2ba2 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Thu, 12 Dec 2024 16:46:11 +0000
Subject: [PATCH] mkosi: update debian commit reference
* e8b7c9a4dd Install 81-net-bridge.rules
* 50d2997a07 Install systemd-creds bash completion
* ff0c42823c test: fix flaky boot-and-services test
* 2a19dee4ba test: fix flaky boot-and-services test
* a15a0bfe60 Update changelog for 257-2 release
* c24eafcb7e Backport patches to fix test failures
* 29840f9b68 udev: install dmi_memory_id and its rules on riscv64
* 44893bdb32 Update changelog for 257-1 release
* 7f71d995fb Update symbols file for v257
* 2dd2b80499 Update upstream source from tag 'upstream/257'
* 51a3271a85 Update changelog for 257~rc3-1 release
* 8e687227c5 Update symbols for 257~rc3
* c9bae527d6 Drop patches, merged upstream
* e8cf329870 Update upstream source from tag 'upstream/257_rc3'
* 794457516d autopkgtest: fix one more tzdata dependency
* 16bb143da1 Bump version in tzdata dependency due to p-u upload
* f2ddf70604 sysctl: Add file trigger on /usr/lib/sysctl.d to restart systemd-sysctl
* 79260cb0f4 Increase minimum sections in stub PE header on arm64/armhf/riscv64 to 500
* ed3af24635 systemd-ukfy: recommend systemd-boot-efi for the stub
(cherry picked from commit 8d20606eec236232fb003594b3e6c88131744f6b)
---
mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf
index 5fb7dab758..6914a9ed59 100644
--- a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf
+++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf
@@ -9,7 +9,7 @@ Environment=
GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
GIT_SUBDIR=debian
GIT_BRANCH=debian/master
- GIT_COMMIT=51cd22f3684725a1b199012555e7378f2f468c16
+ GIT_COMMIT=e8b7c9a4dda2888fec41ac020e1194cfdf57eb5d
PKG_SUBDIR=debian
[Content]

58
0033-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch Normal file
View File

@ -0,0 +1,58 @@
From 2a6fbf9da93ad2f76aa5578641e39801a13fd5dd Mon Sep 17 00:00:00 2001
From: Tobias Klauser <tklauser@distanz.ch>
Date: Wed, 11 Dec 2024 15:10:39 +0100
Subject: [PATCH] profile.d: don't bail if $SHELL_* variables are unset
If - for whatever reason - a script uses set -u (nounset) and includes
/etc/profile.d/70-systemd-shell-extra.sh (e.g. transitively via
/etc/profile) the script would fail with:
/etc/profile.d/70-systemd-shell-extra.sh: line 15: SHELL_PROMPT_PREFIX: unbound variable
For example:
$ cat > foo.sh <<EOF
#!/bin/sh
set -u
source /etc/profile
EOF
$ chmod 700 foo.sh
$ ./foo.sh
/etc/profile.d/70-systemd-shell-extra.sh: line 15: SHELL_PROMPT_PREFIX: unbound variable
Fix this by using shell parameter substitution[^1] (which is a POSIX
shell concept) to set the $SHELL_* variables to the empty string if
undefined.
[^1]: https://pubs.opengroup.org/onlinepubs/9699919799.2018edition/utilities/V3_chap02.html
(cherry picked from commit 12e33d332b3f8754f4d5d0d21d5d3f0de8adc54c)
Related: RHEL-71409
---
profile.d/70-systemd-shell-extra.sh | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/profile.d/70-systemd-shell-extra.sh b/profile.d/70-systemd-shell-extra.sh
index 70be3341b9..dae77e4bc7 100644
--- a/profile.d/70-systemd-shell-extra.sh
+++ b/profile.d/70-systemd-shell-extra.sh
@@ -12,14 +12,14 @@
# credentials shell.prompt.prefix, shell.prompt.suffix and shell.welcome, and
# are propagated into these environment variables by pam_systemd(8).
-if [ -n "$SHELL_PROMPT_PREFIX" ]; then
+if [ -n "${SHELL_PROMPT_PREFIX-}" ]; then
PS1="$SHELL_PROMPT_PREFIX$PS1"
fi
-if [ -n "$SHELL_PROMPT_SUFFIX" ]; then
+if [ -n "${SHELL_PROMPT_SUFFIX-}" ]; then
PS1="$PS1$SHELL_PROMPT_SUFFIX"
fi
-if [ -n "$SHELL_WELCOME" ]; then
+if [ -n "${SHELL_WELCOME-}" ]; then
printf '%b\n' "$SHELL_WELCOME"
fi

25
0034-shell-completion-add-smbios11-verb-to-systemd-analyz.patch Normal file
View File

@ -0,0 +1,25 @@
From 63b6d6aab14487ca4581c639b175f2fa5dfcb6e2 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Thu, 12 Dec 2024 12:41:45 +0000
Subject: [PATCH] shell-completion: add smbios11 verb to systemd-analyze
Follow-up for 8c5045f9b2681774e8731dc0d142c207b61aedf6
(cherry picked from commit e7fce6a370894de3a3ded32910e0a4b251d805df)
---
shell-completion/bash/systemd-analyze | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/shell-completion/bash/systemd-analyze b/shell-completion/bash/systemd-analyze
index 7c5cb1c512..caec77e718 100644
--- a/shell-completion/bash/systemd-analyze
+++ b/shell-completion/bash/systemd-analyze
@@ -67,7 +67,7 @@ _systemd_analyze() {
)
local -A VERBS=(
- [STANDALONE]='time blame unit-files unit-paths exit-status compare-versions calendar timestamp timespan pcrs srk has-tpm2'
+ [STANDALONE]='time blame unit-files unit-paths exit-status compare-versions calendar timestamp timespan pcrs srk has-tpm2 smbios11'
[CRITICAL_CHAIN]='critical-chain'
[DOT]='dot'
[DUMP]='dump'

67
0035-logind-let-system-wide-idle-begin-at-the-time-logind.patch Normal file
View File

@ -0,0 +1,67 @@
From 9d36809256c6d92c6d8358769479ad2c2b695664 Mon Sep 17 00:00:00 2001
From: Florian Schmaus <flo@geekplace.eu>
Date: Sat, 16 Nov 2024 10:29:35 +0100
Subject: [PATCH] logind: let system-wide idle begin at the time logind was
initialized
Initialize the start of the system-wide idle time with the time logind was
initialized and not with the start of the Unix epoch. This means that systemd
will not repport a unreasonable long idle time (around 54 years at the time of
writing this), especially at in the early boot, while no login manager session,
e.g,. gdm, had a chance to provide a more accurate start of the idle period.
Fixes #35163
(cherry picked from commit 718b31138b9a93f262259f297ad6b521454decc6)
---
src/login/logind-core.c | 6 +++++-
src/login/logind.c | 2 ++
src/login/logind.h | 2 ++
3 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/login/logind-core.c b/src/login/logind-core.c
index fad276f195..9892285805 100644
--- a/src/login/logind-core.c
+++ b/src/login/logind-core.c
@@ -407,10 +407,14 @@ int manager_get_user_by_pid(Manager *m, pid_t pid, User **ret) {
int manager_get_idle_hint(Manager *m, dual_timestamp *t) {
Session *s;
bool idle_hint;
- dual_timestamp ts = DUAL_TIMESTAMP_NULL;
+ dual_timestamp ts;
assert(m);
+ /* Initialize the baseline timestamp with the time the manager got initialized to avoid reporting
+ * unreasonable large idle periods starting with the Unix epoch. */
+ ts = m->init_ts;
+
idle_hint = !manager_is_inhibited(m, INHIBIT_IDLE, /* block= */ true, t, false, false, 0, NULL);
HASHMAP_FOREACH(s, m->sessions) {
diff --git a/src/login/logind.c b/src/login/logind.c
index f88a2004fd..8dc1781edf 100644
--- a/src/login/logind.c
+++ b/src/login/logind.c
@@ -100,6 +100,8 @@ static int manager_new(Manager **ret) {
(void) sd_event_set_watchdog(m->event, true);
+ dual_timestamp_now(&m->init_ts);
+
manager_reset_config(m);
*ret = TAKE_PTR(m);
diff --git a/src/login/logind.h b/src/login/logind.h
index 1e17b610bc..ce7e76e761 100644
--- a/src/login/logind.h
+++ b/src/login/logind.h
@@ -145,6 +145,8 @@ struct Manager {
struct stat efi_loader_entry_one_shot_stat;
CalendarSpec *maintenance_time;
+
+ dual_timestamp init_ts;
};
void manager_reset_config(Manager *m);

35
0036-tmpfiles-reduce-quoting-in-warning-message.patch Normal file
View File

@ -0,0 +1,35 @@
From 3efa9e717f047bc4e51f6b1130468bdd6e004fdc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 7 Nov 2024 15:45:24 +0100
Subject: [PATCH] tmpfiles: reduce quoting in warning message
We printed:
systemd-tmpfiles[705]: /usr/lib/tmpfiles.d/20-systemd-shell-extra.conf:10: Unknown modifiers in command 'L$'.
systemd-tmpfiles[705]: /usr/lib/tmpfiles.d/systemd-network.conf:10: Unknown modifiers in command 'd$'.
systemd-tmpfiles[705]: /usr/lib/tmpfiles.d/systemd-network.conf:11: Unknown modifiers in command 'd$'.
...
There's a lot of additional characters here make the message harder to parse. We know
that the command is a word without any whitespace, so quoting isn't really necessary.
Change this to:
... unknown modifiers in command: L$
(cherry picked from commit 390bab53923eea822ac525d0e4aa4b7f86d8cd92)
---
src/tmpfiles/tmpfiles.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 86bf16356d..bff05cda6f 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -3684,7 +3684,7 @@ static int parse_line(
else {
*invalid_config = true;
return log_syntax(NULL, LOG_ERR, fname, line, SYNTHETIC_ERRNO(EBADMSG),
- "Unknown modifiers in command '%s'.", action);
+ "Unknown modifiers in command: %s", action);
}
if (boot && !arg_boot) {

26
0037-semaphore-bump-timeout.patch Normal file
View File

@ -0,0 +1,26 @@
From 96b9fe831f888a0e9772a33acc752ebb822357b9 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Fri, 13 Dec 2024 22:08:27 +0000
Subject: [PATCH] semaphore: bump timeout
When semaphore is overloaded tests can take more than 1hr, bump
timeout
(cherry picked from commit 1855064d4eb95abe6909a93f72bee46658dad36b)
---
.semaphore/semaphore.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml
index 07742337e8..42df0f648f 100644
--- a/.semaphore/semaphore.yml
+++ b/.semaphore/semaphore.yml
@@ -15,7 +15,7 @@ auto_cancel:
when: "true"
execution_time_limit:
- hours: 1
+ hours: 2
blocks:
- name: "Setup & test"

26
0038-Revert-semaphore-skip-some-tests.patch Normal file
View File

@ -0,0 +1,26 @@
From 61e321c452309b6686b345ff3be363d37dfb21d6 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Fri, 13 Dec 2024 23:43:28 +0000
Subject: [PATCH] Revert "semaphore: skip some tests"
This reverts commit e19cae12ff2e832ce7d79aa483e1aa27ed0ea1f4.
(cherry picked from commit 7406e0a3afafc1e1c994a88a4e988e94177e5550)
---
.semaphore/semaphore-runner.sh | 3 ---
1 file changed, 3 deletions(-)
diff --git a/.semaphore/semaphore-runner.sh b/.semaphore/semaphore-runner.sh
index b663674652..e903ced70d 100755
--- a/.semaphore/semaphore-runner.sh
+++ b/.semaphore/semaphore-runner.sh
@@ -109,9 +109,6 @@ EOF
--env DPKG_DEB_COMPRESSOR_TYPE="none" \
--env DEB_BUILD_PROFILES="pkg.systemd.upstream noudeb nodoc" \
--env TEST_UPSTREAM=1 \
- --skip-test localed-locale \
- --skip-test localed-x11-keymap \
- --skip-test build-with-static-libsystemd \
../systemd_*.dsc \
-o "$ARTIFACTS_DIR" \
-- lxc -s "$CONTAINER" \

23
0039-mkosi-fix-section-for-WithNetwork.patch Normal file
View File

@ -0,0 +1,23 @@
From 6186c2735bdd922cb5287be8586bdae1a5736c89 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Sat, 14 Dec 2024 10:57:34 +0000
Subject: [PATCH] mkosi: fix section for WithNetwork=
/tmp/autopkgtest.L6NPL0/build.doZ/src/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf: Setting WithNetwork should be configured in [Build], not [Content]
(cherry picked from commit 301c159ce526933d048b9fd02ad7e2adfb4a6c58)
---
mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf
index 4fb4f46075..a535736452 100644
--- a/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf
+++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf
@@ -3,5 +3,5 @@
[Match]
Environment=NO_BUILD=1
-[Content]
+[Build]
WithNetwork=yes

57
0040-test-time-util-fix-truncation-of-usec-to-sec.patch Normal file
View File

@ -0,0 +1,57 @@
From 11d70500171ca6dbbad8ecf9b1cf0d29e1d6d1ed Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 14 Dec 2024 16:49:54 +0900
Subject: [PATCH] test-time-util: fix truncation of usec to sec
Also
- use ASSERT_XYZ() macros,
- log tzname[] on failure.
(cherry picked from commit 3f1d499964abb6a4c0141d7ea8f852829880adff)
---
src/test/test-time-util.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c
index d761261e24..d717ca94d2 100644
--- a/src/test/test-time-util.c
+++ b/src/test/test-time-util.c
@@ -393,27 +393,31 @@ TEST(format_timestamp) {
static void test_format_timestamp_impl(usec_t x) {
bool success, override;
const char *xx, *yy;
- usec_t y;
+ usec_t y, x_sec, y_sec;
xx = FORMAT_TIMESTAMP(x);
- assert_se(xx);
- assert_se(parse_timestamp(xx, &y) >= 0);
+ ASSERT_NOT_NULL(xx);
+ ASSERT_OK(parse_timestamp(xx, &y));
yy = FORMAT_TIMESTAMP(y);
- assert_se(yy);
+ ASSERT_NOT_NULL(yy);
- success = (x / USEC_PER_SEC == y / USEC_PER_SEC) && streq(xx, yy);
+ x_sec = x / USEC_PER_SEC;
+ y_sec = y / USEC_PER_SEC;
+ success = (x_sec == y_sec) && streq(xx, yy);
/* Workaround for https://github.com/systemd/systemd/issues/28472
* and https://github.com/systemd/systemd/pull/35471. */
override = !success &&
(STRPTR_IN_SET(tzname[0], "CAT", "EAT", "WET") ||
STRPTR_IN_SET(tzname[1], "CAT", "EAT", "WET")) &&
- DIV_ROUND_UP(x > y ? x - y : y - x, USEC_PER_SEC) == 3600; /* 1 hour, ignore fractional second */
+ (x_sec > y_sec ? x_sec - y_sec : y_sec - x_sec) == 3600; /* 1 hour, ignore fractional second */
log_full(success ? LOG_DEBUG : override ? LOG_WARNING : LOG_ERR,
"@" USEC_FMT " → %s → @" USEC_FMT " → %s%s",
x, xx, y, yy,
override ? ", ignoring." : "");
if (!override) {
- assert_se(x / USEC_PER_SEC == y / USEC_PER_SEC);
+ if (!success)
+ log_warning("tzname[0]=\"%s\", tzname[1]=\"%s\"", tzname[0], tzname[1]);
+ ASSERT_EQ(x_sec, y_sec);
ASSERT_STREQ(xx, yy);
}
}

40
0041-network-don-t-warn-with-no-NSID-assigned.patch Normal file
View File

@ -0,0 +1,40 @@
From 0cddbebfbeedd3f71037d988dc91b6fb9f9b281f Mon Sep 17 00:00:00 2001
From: Ronan Pigott <ronan@rjp.ie>
Date: Sat, 14 Dec 2024 14:39:26 -0700
Subject: [PATCH] network: don't warn with no NSID assigned
This is nothing interesting to warn about. Also use the symbolic
constant name when testing for this condition.
(cherry picked from commit e803e95760be87588533f9affd76db6ad0b5fac8)
---
src/network/networkd-manager-bus.c | 2 +-
src/shared/socket-netlink.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/network/networkd-manager-bus.c b/src/network/networkd-manager-bus.c
index 04a986a38d..29e5895255 100644
--- a/src/network/networkd-manager-bus.c
+++ b/src/network/networkd-manager-bus.c
@@ -304,7 +304,7 @@ static int property_get_namespace_nsid(
* number. */
r = netns_get_nsid(/* netnsfd= */ -EBADF, &nsid);
- if (r < 0)
+ if (r < 0 && r != -ENODATA)
log_warning_errno(r, "Failed to query network nsid, ignoring: %m");
return sd_bus_message_append(reply, "u", nsid);
diff --git a/src/shared/socket-netlink.c b/src/shared/socket-netlink.c
index 09477449b9..b0500abd8b 100644
--- a/src/shared/socket-netlink.c
+++ b/src/shared/socket-netlink.c
@@ -475,7 +475,7 @@ int netns_get_nsid(int netnsfd, uint32_t *ret) {
if (r < 0)
return r;
- if (u == UINT32_MAX) /* no NSID assigned yet */
+ if (u == (uint32_t) NETNSA_NSID_NOT_ASSIGNED) /* no NSID assigned yet */
return -ENODATA;
if (ret)

56
0042-TEST-35-LOGIN-check-only-tty-session.patch Normal file
View File

@ -0,0 +1,56 @@
From d23133ef7914a63df4a79864d0b2170a790ddd60 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 15 Dec 2024 17:42:10 +0900
Subject: [PATCH] TEST-35-LOGIN: check only tty session
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
For some reasons, another session logind-test-user may be started.
===
Dec 13 07:04:16 systemd-logind[2140]: Got message type=method_call ... member=CreateSessionWithPIDFD ...
(snip)
Dec 13 07:04:16 systemd-logind[2140]: New session 15 of user logind-test-user.
Dec 13 07:04:16 systemd-logind[2140]: VT changed to 2
Dec 13 07:04:16 systemd-logind[2140]: rfkill: Found udev node /dev/rfkill for seat seat0
Dec 13 07:04:16 systemd-logind[2140]: udmabuf: Found udev node /dev/udmabuf for seat seat0
Dec 13 07:04:16 systemd-logind[2140]: Found static node /dev/snd/timer for seat seat0
Dec 13 07:04:16 systemd-logind[2140]: Found static node /dev/snd/seq for seat seat0
Dec 13 07:04:16 systemd-logind[2140]: Changing ACLs at /dev/snd/timer for seat seat0 (uid 0→4712 add)
Dec 13 07:04:16 systemd-logind[2140]: Changing ACLs at /dev/rfkill for seat seat0 (uid 0→4712 add)
Dec 13 07:04:16 systemd-logind[2140]: Changing ACLs at /dev/udmabuf for seat seat0 (uid 0→4712 add)
Dec 13 07:04:16 systemd-logind[2140]: Changing ACLs at /dev/snd/seq for seat seat0 (uid 0→4712 add)
Dec 13 07:04:16 systemd[1]: user-4712.slice: Changed dead -> active
Dec 13 07:04:16 systemd[1]: user-4712.slice: Job 5951 user-4712.slice/start finished, result=done
Dec 13 07:04:16 systemd[1]: Created slice user-4712.slice.
Dec 13 07:04:16 systemd-logind[2140]: Electing new display for user logind-test-user
Dec 13 07:04:16 systemd-logind[2140]: Choosing session 15 in preference to -
(snip)
Dec 13 07:04:16 systemd-logind[2140]: Got message type=method_call ... member=CreateSessionWithPIDFD ...
(snip)
Dec 13 07:04:16 systemd-logind[2140]: New session 16 of user logind-test-user.
Dec 13 07:04:16 systemd-logind[2140]: Electing new display for user logind-test-user
Dec 13 07:04:16 systemd-logind[2140]: Ignoring session 16
===
Let's track only session for the user with tty, which we explicitly created.
Fixes #35597.
(cherry picked from commit 26f65dc0c76f59eb3896014346652885c493ae71)
---
test/units/TEST-35-LOGIN.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/units/TEST-35-LOGIN.sh b/test/units/TEST-35-LOGIN.sh
index ac3836b816..80320e32e1 100755
--- a/test/units/TEST-35-LOGIN.sh
+++ b/test/units/TEST-35-LOGIN.sh
@@ -639,7 +639,7 @@ EOF
journalctl --sync
assert_eq "$(journalctl -b -u systemd-logind.service --since="$ts" --grep "Session \"$id\" of user \"logind-test-user\" is idle, stopping." | wc -l)" 1
- assert_eq "$(loginctl --no-legend | grep -v manager | grep -c "logind-test-user")" 0
+ assert_eq "$(loginctl --no-legend | grep -v manager | grep tty | grep -c "logind-test-user")" 0
}
testcase_ambient_caps() {

28
0043-test-README-Environment-setting-for-mkosi-should-be-.patch Normal file
View File

@ -0,0 +1,28 @@
From ddda27b8c449150ad2d6c07bc569d85a88809d06 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 16 Dec 2024 02:02:30 +0900
Subject: [PATCH] test/README: Environment= setting for mkosi should be in
[Build] section
Otherwise, we get the following warning:
mkosi.local.conf: Setting Environment should be configured in [Build], not [Content].
(cherry picked from commit 78ef3959474a760679e50eb57b52563cb6f9b66d)
---
test/README.testsuite | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/README.testsuite b/test/README.testsuite
index 5546fcf8b1..fc1c9f136d 100644
--- a/test/README.testsuite
+++ b/test/README.testsuite
@@ -18,7 +18,7 @@ To make sure `mkosi` doesn't try to build systemd from source during the image b
process, you can add the following to `mkosi.local.conf`:
```
-[Content]
+[Build]
Environment=NO_BUILD=1
```

31
0044-mkosi-temporarily-disable-panic_on_warn.patch Normal file
View File

@ -0,0 +1,31 @@
From 72ef5ac211b1d578dfd7630301d8c2bb73439819 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Mon, 16 Dec 2024 17:13:08 +0000
Subject: [PATCH] mkosi: temporarily disable panic_on_warn
Due to a BTRFS issue in kernel 6.12 (and backported in Ubuntu to 6.8)
there's a warning triggered by some tests, and it then causes a panic.
The BTRFS issue has a patch but it is not available in any distro yet,
so disable panic_on_warn until it reaches Arch and Ubuntu Noble. Bugs
have been filed.
(cherry picked from commit 930d65ccca8193a8cb635099c55852b677f5d58a)
---
mkosi.conf | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/mkosi.conf b/mkosi.conf
index a5d4eab23b..5622667078 100644
--- a/mkosi.conf
+++ b/mkosi.conf
@@ -74,7 +74,8 @@ KernelCommandLine=
oops=panic
panic=-1
softlockup_panic=1
- panic_on_warn=1
+ # Disabled due to BTRFS issue, waiting for the fix to become available
+ panic_on_warn=0
psi=1
KernelModulesInitrdExclude=.*

25
0045-networkd-show-wireguard-private-key-read-error-numbe.patch Normal file
View File

@ -0,0 +1,25 @@
From b5dc1922f9bd0a64cf17be8c503baba58bf5ba82 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 16 Dec 2024 17:19:59 +0100
Subject: [PATCH] networkd: show wireguard private key read error number
Noticed while looking at #35641
(cherry picked from commit 0543b02cf8211353c0bb1065e09614f551944a41)
---
src/network/netdev/wireguard.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c
index 8d1dddf828..5a58e1082c 100644
--- a/src/network/netdev/wireguard.c
+++ b/src/network/netdev/wireguard.c
@@ -1198,7 +1198,7 @@ static int wireguard_verify(NetDev *netdev, const char *filename) {
r = wireguard_read_key_file(w->private_key_file, w->private_key);
if (r < 0)
return log_netdev_error_errno(netdev, r,
- "Failed to read private key from %s. Ignoring network device.",
+ "Failed to read private key from '%s', ignoring network device: %m",
w->private_key_file);
if (eqzero(w->private_key)) {

59
0046-systemctl-edit-ignore-ENOENT-from-unit_is_masked.patch Normal file
View File

@ -0,0 +1,59 @@
From 48b404d546e6cb6d32d9cb346bbd43760311790b Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 16 Dec 2024 12:37:17 +0900
Subject: [PATCH] systemctl-edit: ignore ENOENT from unit_is_masked()
If a specified unit does not exist, then it is definitely not masked.
Fixes #35632.
(cherry picked from commit b58b00e4c33474505009c8118d6cfdf29a2c6cb1)
---
src/systemctl/systemctl-edit.c | 4 ++--
test/units/TEST-26-SYSTEMCTL.sh | 11 +++++++++++
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/src/systemctl/systemctl-edit.c b/src/systemctl/systemctl-edit.c
index c42a31153d..7165fa1cf7 100644
--- a/src/systemctl/systemctl-edit.c
+++ b/src/systemctl/systemctl-edit.c
@@ -349,8 +349,8 @@ int verb_edit(int argc, char *argv[], void *userdata) {
STRV_FOREACH(tmp, names) {
r = unit_is_masked(bus, *tmp);
- if (r < 0)
- return r;
+ if (r < 0 && r != -ENOENT)
+ return log_error_errno(r, "Failed to check if unit %s is masked: %m", *tmp);
if (r > 0)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot edit %s: unit is masked.", *tmp);
}
diff --git a/test/units/TEST-26-SYSTEMCTL.sh b/test/units/TEST-26-SYSTEMCTL.sh
index ed7b9f64bf..8e895aa9ae 100755
--- a/test/units/TEST-26-SYSTEMCTL.sh
+++ b/test/units/TEST-26-SYSTEMCTL.sh
@@ -21,6 +21,7 @@ at_exit() {
# the 'revert' verb as well
export UNIT_NAME="systemctl-test-$RANDOM.service"
export UNIT_NAME2="systemctl-test-$RANDOM.service"
+export UNIT_NAME_TEMPLATE="systemctl-test-${RANDOM}@.service"
cat >"/usr/lib/systemd/system/$UNIT_NAME" <<\EOF
[Unit]
@@ -65,6 +66,16 @@ EOF
printf '%s\n' '[Unit]' 'Description=spectacular' '# this comment should remain' | \
cmp - "/etc/systemd/system/$UNIT_NAME.d/override2.conf"
+# Edit nonexistent template unit, see issue #35632.
+systemctl edit "$UNIT_NAME_TEMPLATE" --stdin --runtime --force --full <<EOF
+[Unit]
+Description=template unit test
+# this comment should remain
+
+EOF
+printf '%s\n' '[Unit]' 'Description=template unit test' '# this comment should remain' | \
+ cmp - "/run/systemd/system/$UNIT_NAME_TEMPLATE"
+
# Test simultaneous editing of two units and creation of drop-in for a nonexistent unit
systemctl edit "$UNIT_NAME" "$UNIT_NAME2" --stdin --force --drop-in=override2.conf <<<'[X-Section]'
printf '%s\n' '[X-Section]' | cmp - "/etc/systemd/system/$UNIT_NAME.d/override2.conf"

23
0047-test-skip-TEST-69-SHUTDOWN-on-ubuntu-too.patch Normal file
View File

@ -0,0 +1,23 @@
From d3b3c83b27f372987b68ea3ec029eb37869cb07f Mon Sep 17 00:00:00 2001
From: Nick Rosbrook <enr0n@ubuntu.com>
Date: Tue, 17 Dec 2024 11:10:42 -0500
Subject: [PATCH] test: skip TEST-69-SHUTDOWN on ubuntu too
(cherry picked from commit 96c4d9d94d06c6c0a8b68be376505f8d8b5eba2b)
---
test/units/TEST-69-SHUTDOWN.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/units/TEST-69-SHUTDOWN.py b/test/units/TEST-69-SHUTDOWN.py
index d044164135..4e554702ab 100755
--- a/test/units/TEST-69-SHUTDOWN.py
+++ b/test/units/TEST-69-SHUTDOWN.py
@@ -13,7 +13,7 @@ def main():
with open("/usr/lib/os-release") as f:
for line in f:
if line.startswith("ID="):
- if "debian" in line:
+ if "debian" in line or "ubuntu" in line:
sys.exit(77)
logger = logging.getLogger("test-shutdown")

23
0048-mkosi-Fix-tools-image-package-name.patch Normal file
View File

@ -0,0 +1,23 @@
From 7ce53569dfe00f22d3da397be7b9f0f858cd9f4f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com>
Date: Wed, 18 Dec 2024 10:36:55 +0100
Subject: [PATCH] mkosi: Fix tools image package name
(cherry picked from commit 4c9f242a54ced16897857a80867758557829f0c3)
---
mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
index 9c56164f32..c065a52cf3 100644
--- a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
+++ b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
@@ -15,7 +15,7 @@ ToolsTreePackages=
pkgconfig(libmicrohttpd)
pkgconfig(mount)
python3-ruff
- tss2-devel
+ tpm2-0-tss-devel
python3-jinja2
python3-pytest
ShellCheck

42
0049-tpm2-util-Also-retry-unsealing-after-policy_pcr-retu.patch Normal file
View File

@ -0,0 +1,42 @@
From 9258e27f4a1ddf2834d0cadd66770ad65e55e066 Mon Sep 17 00:00:00 2001
From: Fabian Vogt <fvogt@suse.de>
Date: Mon, 16 Dec 2024 19:08:13 +0100
Subject: [PATCH] tpm2-util: Also retry unsealing after policy_pcr returns
PCR_CHANGED
It's not just Esys_Unseal that may fail due to PCR changes during the
session, but also Esys_PolicyPCR. Perform a retry in that case as well.
Fixes #35490
(cherry picked from commit e61032bf47e6a7e572643a0060c6dd610635c854)
---
src/shared/tpm2-util.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 36a0f906da..5b6b3ea93c 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -4015,6 +4015,9 @@ int tpm2_policy_pcr(
ESYS_TR_NONE,
NULL,
pcr_selection);
+ if (rc == TPM2_RC_PCR_CHANGED)
+ return log_debug_errno(SYNTHETIC_ERRNO(EUCLEAN),
+ "Failed to add PCR policy to TPM: %s", sym_Tss2_RC_Decode(rc));
if (rc != TSS2_RC_SUCCESS)
return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
"Failed to add PCR policy to TPM: %s", sym_Tss2_RC_Decode(rc));
@@ -5810,6 +5813,11 @@ int tpm2_unseal(Tpm2Context *c,
!!pin,
(shard == 1 || !iovec_is_set(pubkey)) ? pcrlock_policy : NULL,
&policy_digest);
+ if (r == -EUCLEAN && i > 0) {
+ log_debug("A PCR value changed during the TPM2 policy session, restarting HMAC key unsealing (%u tries left).", i);
+ retry = true;
+ break;
+ }
if (r < 0)
return r;

261
0050-resolved-if-one-transaction-completes-expect-other-t.patch Normal file
View File

@ -0,0 +1,261 @@
From 1748265915e09120d75766baaa4516b2779140eb Mon Sep 17 00:00:00 2001
From: Morten Hauke Solvang <mhs@emlogic.no>
Date: Thu, 12 Dec 2024 14:26:31 +0100
Subject: [PATCH] resolved: if one transaction completes, expect other
transactions within candidate to succeed quickly
Fixes #22575, as suggested by poettering in #35514.
Intended as a workaround for some buggy routers, which refuse to send empty
replies. If systemd-resolved starts two DnsTransactions, one for A and one
for AAAA, and the domain in question has no AAAA entry, then the server will
send a reply for A and no reply for AAAA. Correct behavior for the server would
be to send an empty reply for AAAA.
systemd-resolved would previously keep retrying the AAAA transaction, and
eventually timeout the whole query, returning an error to the caller.
Now, if the server replies to one query and not another, we cut short the
timeout and return the partial result. Returning the partial result allows
the rest of the system to keep working. It matches how e.g. glibc libnss_dns
behaves.
(cherry picked from commit 0da73fab56506ff1e4f8e59c167d27961f0fbf33)
---
src/resolve/resolved-dns-query.c | 46 +++++++++++++++++++++++++-
src/resolve/resolved-dns-query.h | 1 +
src/resolve/resolved-dns-scope.c | 1 +
src/resolve/resolved-dns-transaction.c | 10 ++----
src/resolve/resolved-dns-transaction.h | 21 ------------
src/resolve/resolved-timeouts.h | 39 ++++++++++++++++++++++
6 files changed, 88 insertions(+), 30 deletions(-)
create mode 100644 src/resolve/resolved-timeouts.h
diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c
index 47788e3216..700c40a8ae 100644
--- a/src/resolve/resolved-dns-query.c
+++ b/src/resolve/resolved-dns-query.c
@@ -10,6 +10,7 @@
#include "resolved-dns-query.h"
#include "resolved-dns-synthesize.h"
#include "resolved-etc-hosts.h"
+#include "resolved-timeouts.h"
#include "string-util.h"
#define QUERIES_MAX 2048
@@ -48,6 +49,8 @@ static void dns_query_candidate_stop(DnsQueryCandidate *c) {
assert(c);
+ (void) event_source_disable(c->timeout_event_source);
+
/* Detach all the DnsTransactions attached to this query */
while ((t = set_steal_first(c->transactions))) {
@@ -62,6 +65,8 @@ static void dns_query_candidate_abandon(DnsQueryCandidate *c) {
assert(c);
+ (void) event_source_disable(c->timeout_event_source);
+
/* Abandon all the DnsTransactions attached to this query */
while ((t = set_steal_first(c->transactions))) {
@@ -94,6 +99,8 @@ static DnsQueryCandidate* dns_query_candidate_free(DnsQueryCandidate *c) {
if (!c)
return NULL;
+ c->timeout_event_source = sd_event_source_disable_unref(c->timeout_event_source);
+
dns_query_candidate_stop(c);
dns_query_candidate_unlink(c);
@@ -312,6 +319,30 @@ fail:
return r;
}
+static void dns_query_accept(DnsQuery *q, DnsQueryCandidate *c);
+
+static int on_candidate_timeout(sd_event_source *s, usec_t usec, void *userdata) {
+ DnsQueryCandidate *c = userdata;
+
+ assert(s);
+ assert(c);
+
+ log_debug("Accepting incomplete query candidate after expedited timeout on partial success.");
+ dns_query_accept(c->query, c);
+
+ return 0;
+}
+
+static bool dns_query_candidate_has_partially_succeeded(DnsQueryCandidate *c) {
+ DnsTransaction *t;
+
+ SET_FOREACH(t, c->transactions)
+ if (t->state == DNS_TRANSACTION_SUCCESS)
+ return true;
+
+ return false;
+}
+
void dns_query_candidate_notify(DnsQueryCandidate *c) {
DnsTransactionState state;
int r;
@@ -323,11 +354,24 @@ void dns_query_candidate_notify(DnsQueryCandidate *c) {
state = dns_query_candidate_state(c);
- if (DNS_TRANSACTION_IS_LIVE(state))
+ if (DNS_TRANSACTION_IS_LIVE(state)) {
+ if (dns_query_candidate_has_partially_succeeded(c))
+ (void) event_reset_time_relative(
+ c->query->manager->event,
+ &c->timeout_event_source,
+ CLOCK_BOOTTIME,
+ CANDIDATE_EXPEDITED_TIMEOUT_USEC, /* accuracy_usec= */ 0,
+ on_candidate_timeout, c,
+ /* priority= */ 0, "candidate-timeout",
+ /* force_reset= */ false);
+
return;
+ }
if (state != DNS_TRANSACTION_SUCCESS && c->search_domain) {
+ (void) event_source_disable(c->timeout_event_source);
+
r = dns_query_candidate_next_search_domain(c);
if (r < 0)
goto fail;
diff --git a/src/resolve/resolved-dns-query.h b/src/resolve/resolved-dns-query.h
index 6bbebcac93..1097e90dc0 100644
--- a/src/resolve/resolved-dns-query.h
+++ b/src/resolve/resolved-dns-query.h
@@ -25,6 +25,7 @@ struct DnsQueryCandidate {
DnsSearchDomain *search_domain;
Set *transactions;
+ sd_event_source *timeout_event_source;
LIST_FIELDS(DnsQueryCandidate, candidates_by_query);
LIST_FIELDS(DnsQueryCandidate, candidates_by_scope);
diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
index cd16d2475e..3f137468cc 100644
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@@ -16,6 +16,7 @@
#include "resolved-dns-zone.h"
#include "resolved-llmnr.h"
#include "resolved-mdns.h"
+#include "resolved-timeouts.h"
#include "socket-util.h"
#include "strv.h"
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index a162a91a03..9e539a54f3 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -14,13 +14,10 @@
#include "resolved-dns-transaction.h"
#include "resolved-dnstls.h"
#include "resolved-llmnr.h"
+#include "resolved-timeouts.h"
#include "string-table.h"
#define TRANSACTIONS_MAX 4096
-#define TRANSACTION_TCP_TIMEOUT_USEC (10U*USEC_PER_SEC)
-
-/* After how much time to repeat classic DNS requests */
-#define DNS_TIMEOUT_USEC (SD_RESOLVED_QUERY_TIMEOUT_USEC / DNS_TRANSACTION_ATTEMPTS_MAX)
static void dns_transaction_reset_answer(DnsTransaction *t) {
assert(t);
@@ -1632,13 +1629,10 @@ static usec_t transaction_get_resend_timeout(DnsTransaction *t) {
case DNS_PROTOCOL_DNS:
- /* When we do TCP, grant a much longer timeout, as in this case there's no need for us to quickly
- * resend, as the kernel does that anyway for us, and we really don't want to interrupt it in that
- * needlessly. */
if (t->stream)
return TRANSACTION_TCP_TIMEOUT_USEC;
- return DNS_TIMEOUT_USEC;
+ return TRANSACTION_UDP_TIMEOUT_USEC;
case DNS_PROTOCOL_MDNS:
if (t->probing)
diff --git a/src/resolve/resolved-dns-transaction.h b/src/resolve/resolved-dns-transaction.h
index 30d2167d64..cea0a890db 100644
--- a/src/resolve/resolved-dns-transaction.h
+++ b/src/resolve/resolved-dns-transaction.h
@@ -203,24 +203,3 @@ DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_;
const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_;
DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_;
-
-/* LLMNR Jitter interval, see RFC 4795 Section 7 */
-#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)
-
-/* mDNS probing interval, see RFC 6762 Section 8.1 */
-#define MDNS_PROBING_INTERVAL_USEC (250 * USEC_PER_MSEC)
-
-/* Maximum attempts to send DNS requests, across all DNS servers */
-#define DNS_TRANSACTION_ATTEMPTS_MAX 24
-
-/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
-#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3
-
-/* Maximum attempts to send MDNS requests, see RFC 6762 Section 8.1 */
-#define MDNS_TRANSACTION_ATTEMPTS_MAX 3
-
-#define TRANSACTION_ATTEMPTS_MAX(p) ((p) == DNS_PROTOCOL_LLMNR ? \
- LLMNR_TRANSACTION_ATTEMPTS_MAX : \
- (p) == DNS_PROTOCOL_MDNS ? \
- MDNS_TRANSACTION_ATTEMPTS_MAX : \
- DNS_TRANSACTION_ATTEMPTS_MAX)
diff --git a/src/resolve/resolved-timeouts.h b/src/resolve/resolved-timeouts.h
new file mode 100644
index 0000000000..e17fe30175
--- /dev/null
+++ b/src/resolve/resolved-timeouts.h
@@ -0,0 +1,39 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#include "time-util.h"
+#include "resolved-def.h"
+
+/* LLMNR Jitter interval, see RFC 4795 Section 7 */
+#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)
+
+/* mDNS probing interval, see RFC 6762 Section 8.1 */
+#define MDNS_PROBING_INTERVAL_USEC (250 * USEC_PER_MSEC)
+
+/* Maximum attempts to send DNS requests, across all DNS servers */
+#define DNS_TRANSACTION_ATTEMPTS_MAX 24
+
+/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
+#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3
+
+/* Maximum attempts to send MDNS requests, see RFC 6762 Section 8.1 */
+#define MDNS_TRANSACTION_ATTEMPTS_MAX 3
+
+#define TRANSACTION_ATTEMPTS_MAX(p) (\
+ (p) == DNS_PROTOCOL_LLMNR ? \
+ LLMNR_TRANSACTION_ATTEMPTS_MAX : \
+ (p) == DNS_PROTOCOL_MDNS ? \
+ MDNS_TRANSACTION_ATTEMPTS_MAX : \
+ DNS_TRANSACTION_ATTEMPTS_MAX)
+
+/* After how much time to repeat classic DNS requests */
+#define TRANSACTION_UDP_TIMEOUT_USEC (SD_RESOLVED_QUERY_TIMEOUT_USEC / DNS_TRANSACTION_ATTEMPTS_MAX)
+
+/* When we do TCP, grant a much longer timeout, as in this case there's no need for us to quickly
+ * resend, as the kernel does that anyway for us, and we really don't want to interrupt it in that
+ * needlessly. */
+#define TRANSACTION_TCP_TIMEOUT_USEC (10 * USEC_PER_SEC)
+
+/* Should be longer than transaction timeout for a single UDP transaction, so we get at least
+ * one transaction retry before timeouting the whole candidate */
+#define CANDIDATE_EXPEDITED_TIMEOUT_USEC (TRANSACTION_UDP_TIMEOUT_USEC + 1 * USEC_PER_SEC)

25
0051-man-Document-generator-sandbox-environment.patch Normal file
View File

@ -0,0 +1,25 @@
From 0acc4cd05efab53c1d25b2dff47ed6103b0ddf0e Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 18 Dec 2024 12:32:59 +0100
Subject: [PATCH] man: Document generator sandbox environment
(cherry picked from commit a48803fd8464e56747f0e145af61bd746351c7d6)
---
man/systemd.generator.xml | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/man/systemd.generator.xml b/man/systemd.generator.xml
index 1a9b5d1653..ce09a6648f 100644
--- a/man/systemd.generator.xml
+++ b/man/systemd.generator.xml
@@ -64,6 +64,10 @@
override existing definitions. For tests, generators may be called with just one argument; the generator
should assume that all three paths are the same in that case.</para>
+ <para>Generators executed by the system manager are invoked in a sandbox with a private writable
+ <filename>/tmp/</filename> directory and where most of the file system is read-only except for the
+ generator output directories.</para>
+
<para>Directory paths for generator output differ by priority: <filename>…/generator.early</filename> has
priority higher than the admin configuration in <filename>/etc/</filename>, while
<filename>…/generator</filename> has lower priority than <filename>/etc/</filename> but higher than

46
0052-ukify-Fix-regression-in-no-sign-kernel-flag.patch Normal file
View File

@ -0,0 +1,46 @@
From 82d97eb8fa19a6753dafcb2b623cb8277213804f Mon Sep 17 00:00:00 2001
From: Thomas Hebb <tommyhebb@gmail.com>
Date: Wed, 18 Dec 2024 11:08:17 -0500
Subject: [PATCH] ukify: Fix regression in --no-sign-kernel flag
The man page says that --sign-kernel and --no-sign-kernel "override the
detection of whether to sign the Linux binary", so we should only
autodetect if neither are specified. But as of commit 02eabaffe98c
("ukify: Add a unified interface for signing tools"), we autodetect even
when --no-sign-kernel is passed, which makes the flag useless.
The sign_kernel option is parsed using argparse.BooleanOptionalAction,
which sets it to either True, False, or None. commit 02eabaffe98c
replaced `sign_kernel is None` with `not sign_kernel`. These are not the
same in Python, as the latter accepts False as well as None.
Restore the original check and fix type annotations accordingly.
Fixes: 02eabaffe98c ("ukify: Add a unified interface for signing tools")
(cherry picked from commit 32c3e1379dce563a7e686c99045549ac74cce142)
---
src/ukify/ukify.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py
index e661dfe548..3f36aa7af6 100755
--- a/src/ukify/ukify.py
+++ b/src/ukify/ukify.py
@@ -264,7 +264,7 @@ class UkifyConfig:
sbat: Optional[list[str]]
sections: list['Section']
sections_by_name: dict[str, 'Section']
- sign_kernel: bool
+ sign_kernel: Optional[bool]
signing_engine: Optional[str]
signing_provider: Optional[str]
certificate_provider: Optional[str]
@@ -1108,7 +1108,7 @@ def make_uki(opts: UkifyConfig) -> None:
assert opts.signtool is not None
signtool = SignTool.from_string(opts.signtool)
- if not sign_kernel:
+ if sign_kernel is None:
# figure out if we should sign the kernel
sign_kernel = signtool.verify(opts)

25
0053-mkosi-switch-debian-ubuntu-to-ci-v257-stable-branch.patch Normal file
View File

@ -0,0 +1,25 @@
From 7eba6cdd2f1cf507c3308d4ea9f6d89e67faf35f Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Thu, 19 Dec 2024 11:45:43 +0000
Subject: [PATCH] mkosi: switch debian/ubuntu to ci/v257-stable branch
Packaging has diverged from main due to new files
---
mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf
index 6914a9ed59..321dc5422f 100644
--- a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf
+++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf
@@ -8,8 +8,8 @@ Distribution=|ubuntu
Environment=
GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
GIT_SUBDIR=debian
- GIT_BRANCH=debian/master
- GIT_COMMIT=e8b7c9a4dda2888fec41ac020e1194cfdf57eb5d
+ GIT_BRANCH=ci/v257-stable
+ GIT_COMMIT=20150867b7123aa825e3320227aed642e6cc9a08
PKG_SUBDIR=debian
[Content]

23
0054-semaphore-switch-debian-ubuntu-to-ci-v257-stable-bra.patch Normal file
View File

@ -0,0 +1,23 @@
From 9c8559bccfe266b7f1a36f337cbd868121e0c372 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Thu, 19 Dec 2024 11:46:50 +0000
Subject: [PATCH] semaphore: switch debian/ubuntu to ci/v257-stable branch
Packaging has diverged from main due to new files
---
.semaphore/semaphore-runner.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.semaphore/semaphore-runner.sh b/.semaphore/semaphore-runner.sh
index e903ced70d..74fc0ab36c 100755
--- a/.semaphore/semaphore-runner.sh
+++ b/.semaphore/semaphore-runner.sh
@@ -8,7 +8,7 @@ set -o pipefail
DISTRO="${DISTRO:-debian}"
RELEASE="${RELEASE:-bookworm}"
SALSA_URL="${SALSA_URL:-https://salsa.debian.org/systemd-team/systemd.git}"
-BRANCH="${BRANCH:-debian/master}"
+BRANCH="${BRANCH:-ci/v257-stable}"
ARCH="${ARCH:-amd64}"
CONTAINER="${RELEASE}-${ARCH}"
CACHE_DIR=/var/tmp

172
0055-Revert-terminal-util-unify-code-that-resets-dev-cons.patch Normal file
View File

@ -0,0 +1,172 @@
From 2b379aa0cbce5c4ddee5ca118387503023b5474c Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Thu, 19 Dec 2024 12:26:36 +0000
Subject: [PATCH] Revert "terminal-util: unify code that resets /dev/console in
common helper"
This reverts commit 2736295ddb78a457796f24805e7b98c3f5304848.
---
src/basic/terminal-util.c | 53 ++++++++++++++++-----------------------
src/basic/terminal-util.h | 3 ++-
src/core/main.c | 30 ++++++++++++++++------
3 files changed, 45 insertions(+), 41 deletions(-)
diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c
index 878c1ec06a..409f2abb45 100644
--- a/src/basic/terminal-util.c
+++ b/src/basic/terminal-util.c
@@ -577,7 +577,7 @@ static int vt_reset_keyboard(int fd) {
return RET_NERRNO(ioctl(fd, KDSKBMODE, kb));
}
-static int terminal_reset_ioctl(int fd, bool switch_to_text) {
+int terminal_reset_ioctl(int fd, bool switch_to_text) {
struct termios termios;
int r;
@@ -645,7 +645,7 @@ finish:
return r;
}
-static int terminal_reset_ansi_seq(int fd) {
+int terminal_reset_ansi_seq(int fd) {
int r, k;
assert(fd >= 0);
@@ -675,35 +675,6 @@ static int terminal_reset_ansi_seq(int fd) {
return k < 0 ? k : r;
}
-void reset_dev_console_fd(int fd, bool switch_to_text) {
- int r;
-
- assert(fd >= 0);
-
- _cleanup_close_ int lock_fd = lock_dev_console();
- if (lock_fd < 0)
- log_debug_errno(lock_fd, "Failed to lock /dev/console, ignoring: %m");
-
- r = terminal_reset_ioctl(fd, switch_to_text);
- if (r < 0)
- log_warning_errno(r, "Failed to reset /dev/console, ignoring: %m");
-
- unsigned rows, cols;
- r = proc_cmdline_tty_size("/dev/console", &rows, &cols);
- if (r < 0)
- log_warning_errno(r, "Failed to get /dev/console size, ignoring: %m");
- else if (r > 0) {
- r = terminal_set_size_fd(fd, NULL, rows, cols);
- if (r < 0)
- log_warning_errno(r, "Failed to set configured terminal size on /dev/console, ignoring: %m");
- } else
- (void) terminal_fix_size(fd, fd);
-
- r = terminal_reset_ansi_seq(fd);
- if (r < 0)
- log_warning_errno(r, "Failed to reset /dev/console using ANSI sequences, ignoring: %m");
-}
-
int lock_dev_console(void) {
_cleanup_close_ int fd = -EBADF;
int r;
@@ -737,7 +708,25 @@ int make_console_stdio(void) {
return log_error_errno(r, "Failed to make /dev/null stdin/stdout/stderr: %m");
} else {
- reset_dev_console_fd(fd, /* switch_to_text= */ true);
+ unsigned rows, cols;
+
+ r = terminal_reset_ioctl(fd, /* switch_to_text= */ true);
+ if (r < 0)
+ log_warning_errno(r, "Failed to reset terminal, ignoring: %m");
+
+ r = proc_cmdline_tty_size("/dev/console", &rows, &cols);
+ if (r < 0)
+ log_warning_errno(r, "Failed to get terminal size, ignoring: %m");
+ else if (r > 0) {
+ r = terminal_set_size_fd(fd, NULL, rows, cols);
+ if (r < 0)
+ log_warning_errno(r, "Failed to set configured terminal size, ignoring: %m");
+ } else
+ (void) terminal_fix_size(fd, fd);
+
+ r = terminal_reset_ansi_seq(fd);
+ if (r < 0)
+ log_warning_errno(r, "Failed to reset terminal using ANSI sequences, ignoring: %m");
r = rearrange_stdio(fd, fd, fd); /* This invalidates 'fd' both on success and on failure. */
if (r < 0)
diff --git a/src/basic/terminal-util.h b/src/basic/terminal-util.h
index c30faf168c..90662e2e66 100644
--- a/src/basic/terminal-util.h
+++ b/src/basic/terminal-util.h
@@ -39,6 +39,8 @@
bool isatty_safe(int fd);
+int terminal_reset_ioctl(int fd, bool switch_to_text);
+int terminal_reset_ansi_seq(int fd);
int terminal_reset_defensive(int fd, bool switch_to_text);
int terminal_reset_defensive_locked(int fd, bool switch_to_text);
@@ -101,7 +103,6 @@ bool tty_is_console(const char *tty) _pure_;
int vtnr_from_tty(const char *tty);
const char* default_term_for_tty(const char *tty);
-void reset_dev_console_fd(int fd, bool switch_to_text);
int lock_dev_console(void);
int make_console_stdio(void);
diff --git a/src/core/main.c b/src/core/main.c
index 172742c769..4bd2d8df75 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -245,18 +245,32 @@ unset:
}
static int console_setup(void) {
-
- if (getpid_cached() != 1)
- return 0;
-
_cleanup_close_ int tty_fd = -EBADF;
+ unsigned rows, cols;
+ int r;
- tty_fd = open_terminal("/dev/console", O_RDWR|O_NOCTTY|O_CLOEXEC);
+ tty_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
if (tty_fd < 0)
return log_error_errno(tty_fd, "Failed to open /dev/console: %m");
- /* We don't want to force text mode. Plymouth may be showing pictures already from initrd. */
- reset_dev_console_fd(tty_fd, /* switch_to_text= */ false);
+ /* We don't want to force text mode. plymouth may be showing
+ * pictures already from initrd. */
+ r = terminal_reset_ioctl(tty_fd, false);
+ if (r < 0)
+ return log_error_errno(r, "Failed to reset /dev/console: %m");
+
+ r = proc_cmdline_tty_size("/dev/console", &rows, &cols);
+ if (r < 0)
+ log_warning_errno(r, "Failed to get /dev/console size, ignoring: %m");
+ else {
+ r = terminal_set_size_fd(tty_fd, NULL, rows, cols);
+ if (r < 0)
+ log_warning_errno(r, "Failed to set /dev/console size, ignoring: %m");
+ }
+
+ r = terminal_reset_ansi_seq(tty_fd);
+ if (r < 0)
+ log_warning_errno(r, "Failed to reset /dev/console using ANSI sequences, ignoring: %m");
save_console_winsize_in_environment(tty_fd);
@@ -2977,7 +2991,7 @@ static void setup_console_terminal(bool skip_setup) {
(void) release_terminal();
/* Reset the console, but only if this is really init and we are freshly booted */
- if (!skip_setup)
+ if (getpid_cached() == 1 && !skip_setup)
(void) console_setup();
}

80
0056-mkosi-move-config-options.patch Normal file
View File

@ -0,0 +1,80 @@
From b90f896880817da5ef41a08681426090edf2f25d Mon Sep 17 00:00:00 2001
From: Matteo Croce <teknoraver@meta.com>
Date: Thu, 19 Dec 2024 19:51:42 +0100
Subject: [PATCH] mkosi: move config options
Move some config option in the right section, fixes the following warning:
```
mkosi.conf: Setting Credentials should be configured in [Runtime], not [Host].
mkosi.conf: Setting RuntimeBuildSources should be configured in [Runtime], not [Host].
mkosi.conf: Setting RuntimeScratch should be configured in [Runtime], not [Host].
mkosi.conf: Setting QemuSmp should be configured in [Runtime], not [Host].
mkosi.conf: Setting QemuSwtpm should be configured in [Runtime], not [Host].
mkosi.conf: Setting QemuVsock should be configured in [Runtime], not [Host].
mkosi.conf: Setting QemuKvm should be configured in [Runtime], not [Host].
```
(cherry picked from commit 77d4a263c14ffbb6133382bc18319b6a54a8eaae)
---
.github/workflows/coverage.yml | 4 ++--
.github/workflows/mkosi.yml | 4 ++--
mkosi.conf | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 73409e53ef..410f77dc5e 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -16,7 +16,7 @@ jobs:
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- - uses: systemd/mkosi@07ef37c4c0dad5dfc6cec86c967a7600df1cd88c
+ - uses: systemd/mkosi@7d45366395f29fdb2b534a850c09d23d29b78fa9
# Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
# immediately, we remove the files in the background. However, we first move them to a different location
@@ -64,7 +64,7 @@ jobs:
MESON_OPTIONS=--werror
COVERAGE=1
- [Host]
+ [Runtime]
QemuMem=4G
EOF
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index e7575fb6bb..3a10d116eb 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -113,7 +113,7 @@ jobs:
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- - uses: systemd/mkosi@c4bbf3b71a3e2cf947995caedf10f69da3c4957a
+ - uses: systemd/mkosi@7d45366395f29fdb2b534a850c09d23d29b78fa9
# Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
# immediately, we remove the files in the background. However, we first move them to a different location
@@ -171,7 +171,7 @@ jobs:
[Content]
SELinuxRelabel=${{ matrix.relabel }}
- [Host]
+ [Runtime]
QemuMem=4G
EOF
diff --git a/mkosi.conf b/mkosi.conf
index 5622667078..3da4e07a87 100644
--- a/mkosi.conf
+++ b/mkosi.conf
@@ -130,7 +130,7 @@ Packages=
zsh
zstd
-[Host]
+[Runtime]
Credentials=
journal.storage=persistent
tty.serial.hvc0.agetty.autologin=root

37
0057-mkosi-Update-to-latest.patch Normal file
View File

@ -0,0 +1,37 @@
From e48a63bf774bd184093c2279c62f299fe69cdf18 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 19 Dec 2024 13:54:13 +0100
Subject: [PATCH] mkosi: Update to latest
(cherry picked from commit 1dd345b00d3c0e29abd661094f1cc58173a266e0)
---
.github/workflows/coverage.yml | 2 +-
.github/workflows/mkosi.yml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 410f77dc5e..7850c2c514 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -16,7 +16,7 @@ jobs:
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- - uses: systemd/mkosi@7d45366395f29fdb2b534a850c09d23d29b78fa9
+ - uses: systemd/mkosi@ba07d53000b6c560ad0b9f07550aca93c0284e88
# Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
# immediately, we remove the files in the background. However, we first move them to a different location
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index 3a10d116eb..c9d4b012a2 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -113,7 +113,7 @@ jobs:
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- - uses: systemd/mkosi@7d45366395f29fdb2b534a850c09d23d29b78fa9
+ - uses: systemd/mkosi@ba07d53000b6c560ad0b9f07550aca93c0284e88
# Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
# immediately, we remove the files in the background. However, we first move them to a different location

22
0058-mkosi-Add-gdb-to-tools-tree.patch Normal file
View File

@ -0,0 +1,22 @@
From f91dab598b7b897c90868eecb308820c60e2d663 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 19 Dec 2024 11:32:51 +0100
Subject: [PATCH] mkosi: Add gdb to tools tree
(cherry picked from commit 7337f4b1972a099714d596a5d0e7e26f7f2dab48)
---
mkosi.conf.d/05-tools/mkosi.conf | 1 +
1 file changed, 1 insertion(+)
diff --git a/mkosi.conf.d/05-tools/mkosi.conf b/mkosi.conf.d/05-tools/mkosi.conf
index 15c336a304..322851b627 100644
--- a/mkosi.conf.d/05-tools/mkosi.conf
+++ b/mkosi.conf.d/05-tools/mkosi.conf
@@ -3,6 +3,7 @@
[Build]
ToolsTreePackages=
gcc
+ gdb
gperf
lcov
llvm

24
0059-mkosi-Add-libz1-to-opensuse-tools-tree.patch Normal file
View File

@ -0,0 +1,24 @@
From 0257f4ba228582112e1c38dc79d8ac3887f023c1 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 19 Dec 2024 14:43:48 +0100
Subject: [PATCH] mkosi: Add libz1 to opensuse tools tree
Without meson fails to configure properly.
(cherry picked from commit d4dda34854c3bcb44ab5929ad32d0793e4debb9f)
---
mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf | 1 +
1 file changed, 1 insertion(+)
diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
index c065a52cf3..468f56856f 100644
--- a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
+++ b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
@@ -5,6 +5,7 @@ ToolsTreeDistribution=opensuse
[Build]
ToolsTreePackages=
+ libz1
gh
mypy
pkgconfig(blkid)

30
0060-mkosi-Enable-EPEL-for-CentOS-Stream-tools-tree.patch Normal file
View File

@ -0,0 +1,30 @@
From a3cf3df23a71d8497287f4ef23ca19332d0b77bb Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 19 Dec 2024 16:49:59 +0100
Subject: [PATCH] mkosi: Enable EPEL for CentOS Stream tools tree
We need packages from EPEL to be able to build CentOS Stream images
with a CentOS Stream tools tree so enable it. This is broken on CentOS
Stream 10 but given using a CentOS Stream tools tree is broken without
EPEL as well, we might as well enable it and just wait until the packages
are added to EPEL 10.
(cherry picked from commit ac1a711d9a237eea36b053d43c0c35af7ac40b1f)
---
mkosi.conf.d/05-tools/mkosi.conf.d/centos.conf | 7 +++++++
1 file changed, 7 insertions(+)
create mode 100644 mkosi.conf.d/05-tools/mkosi.conf.d/centos.conf
diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/centos.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/centos.conf
new file mode 100644
index 0000000000..737fec3a3d
--- /dev/null
+++ b/mkosi.conf.d/05-tools/mkosi.conf.d/centos.conf
@@ -0,0 +1,7 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+ToolsTreeDistribution=centos
+
+[Build]
+ToolsTreeRepositories=epel,epel-next

52
0061-mkosi-Use-tools-tree-by-default.patch Normal file
View File

@ -0,0 +1,52 @@
From e0bc5a219af218b8d201d93bc5369a9b361d6312 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 19 Dec 2024 11:41:40 +0100
Subject: [PATCH] mkosi: Use tools tree by default
Let's enable usage of a tools tree by default to simplify the setup
for new contributors and save them from having to install or upgrade
a bunch of extra tools to get mkosi working as expected.
(cherry picked from commit 1995084a9e01b53cf012a54fe69e35016c235151)
---
.github/workflows/coverage.yml | 1 -
.github/workflows/mkosi.yml | 1 -
mkosi.conf | 1 +
3 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 7850c2c514..a1587e62e9 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -49,7 +49,6 @@ jobs:
Distribution=arch
[Build]
- ToolsTree=default
ToolsTreeDistribution=arch
UseSubvolumes=yes
WithTests=no
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index c9d4b012a2..4d128822fb 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -152,7 +152,6 @@ jobs:
[Build]
UseSubvolumes=yes
- ToolsTree=default
ToolsTreeDistribution=fedora
ToolsTreeRelease=rawhide
diff --git a/mkosi.conf b/mkosi.conf
index 3da4e07a87..ab8a6a1372 100644
--- a/mkosi.conf
+++ b/mkosi.conf
@@ -29,6 +29,7 @@ RepartDirectories=mkosi.repart
OutputDirectory=build/mkosi.output
[Build]
+ToolsTree=default
BuildDirectory=build/mkosi.builddir
CacheDirectory=build/mkosi.cache
BuildSourcesEphemeral=yes

30
0062-mkosi-Use-build-as-extra-search-path-by-default.patch Normal file
View File

@ -0,0 +1,30 @@
From b24ade737cbc163b5b11b45ee81498b01db32688 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 19 Dec 2024 11:43:01 +0100
Subject: [PATCH] mkosi: Use build/ as extra search path by default
Building systemd with mkosi generally requires a very recent version
of systemd which might not be installed on the host. Let's configure
mkosi to look for extra executables in the build/ directory by default
so that we prefer systemd executables from the build directory over those
on the host as those on the host are likely to be too old.
(cherry picked from commit 8c5b4df5435ff9e49421ef8db0ca6de06c856b04)
---
mkosi.conf.d/20-extra-search-path.conf | 7 +++++++
1 file changed, 7 insertions(+)
create mode 100644 mkosi.conf.d/20-extra-search-path.conf
diff --git a/mkosi.conf.d/20-extra-search-path.conf b/mkosi.conf.d/20-extra-search-path.conf
new file mode 100644
index 0000000000..b7308f7f21
--- /dev/null
+++ b/mkosi.conf.d/20-extra-search-path.conf
@@ -0,0 +1,7 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+PathExists=build/
+
+[Build]
+ExtraSearchPaths=build/

24
0063-mkosi.clangd-Don-t-pass-host-if-we-re-not-using-flat.patch Normal file
View File

@ -0,0 +1,24 @@
From debe1f7f56d8123c9953cd2ca068d39156a4b964 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 19 Dec 2024 15:05:33 +0100
Subject: [PATCH] mkosi.clangd: Don't pass --host if we're not using
flatpak-spawn
(cherry picked from commit b133f57544cb6cce244bb8566fbacc952db76d73)
---
mkosi.clangd | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mkosi.clangd b/mkosi.clangd
index 7cd447c4ee..10c44a70d8 100755
--- a/mkosi.clangd
+++ b/mkosi.clangd
@@ -7,7 +7,7 @@ else
SPAWN=()
fi
-MKOSI_CONFIG="$("${SPAWN[@]}" --host mkosi --json summary | jq -r .Images[-1])"
+MKOSI_CONFIG="$("${SPAWN[@]}" mkosi --json summary | jq -r .Images[-1])"
DISTRIBUTION="$(jq -r .Distribution <<< "$MKOSI_CONFIG")"
RELEASE="$(jq -r .Release <<< "$MKOSI_CONFIG")"
ARCH="$(jq -r .Architecture <<< "$MKOSI_CONFIG")"

21
0064-mkosi.clangd-Fail-on-command-errors.patch Normal file
View File

@ -0,0 +1,21 @@
From 51a31ac6e5fbc00066f669aa410d8b5ebb893faf Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 19 Dec 2024 15:05:51 +0100
Subject: [PATCH] mkosi.clangd: Fail on command errors
(cherry picked from commit ba3f148307e551d1be3e92383c8d37a9cc5b7a95)
---
mkosi.clangd | 1 +
1 file changed, 1 insertion(+)
diff --git a/mkosi.clangd b/mkosi.clangd
index 10c44a70d8..23251baf63 100755
--- a/mkosi.clangd
+++ b/mkosi.clangd
@@ -1,5 +1,6 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
if command -v flatpak-spawn >/dev/null; then
SPAWN=(flatpak-spawn --host)

210
0065-docs-Simplify-hacking-documentation.patch Normal file
View File

@ -0,0 +1,210 @@
From c96a642764e3ceb23c43eff0a49d132caf58bee7 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 19 Dec 2024 11:45:01 +0100
Subject: [PATCH] docs: Simplify hacking documentation
Let's use "mkosi sandbox" in the docs so that users can build systemd
without having to install anything except mkosi. Using mkosi sandbox
will use tools and dependencies from the tools tree which is also used
in CI and thus has a higher chance of working from the first try compared
to whatever tools might be installed on the host system of a new contributor.
(cherry picked from commit 34b5a27b0bfd1b0b35bf67c70d1f8bf5c6795b7d)
---
docs/HACKING.md | 153 +++++++++++++++++++++---------------------------
1 file changed, 68 insertions(+), 85 deletions(-)
diff --git a/docs/HACKING.md b/docs/HACKING.md
index cedf35fef0..2203c32640 100644
--- a/docs/HACKING.md
+++ b/docs/HACKING.md
@@ -7,94 +7,97 @@ SPDX-License-Identifier: LGPL-2.1-or-later
# Hacking on systemd
-We welcome all contributions to systemd.
-If you notice a bug or a missing feature, please feel invited to fix it, and submit your work as a
+We welcome all contributions to systemd. If you notice a bug or a missing
+feature, please feel invited to fix it, and submit your work as a
[GitHub Pull Request (PR)](https://github.com/systemd/systemd/pull/new).
-Please make sure to follow our [Coding Style](/CODING_STYLE) when submitting patches.
-Also have a look at our [Contribution Guidelines](/CONTRIBUTING).
-
-When adding new functionality, tests should be added.
-For shared functionality (in `src/basic/` and `src/shared/`) unit tests should be sufficient.
-The general policy is to keep tests in matching files underneath `src/test/`,
-e.g. `src/test/test-path-util.c` contains tests for any functions in `src/basic/path-util.c`.
-If adding a new source file, consider adding a matching test executable.
-For features at a higher level, tests in `src/test/` are very strongly recommended.
-If that is not possible, integration tests in `test/` are encouraged.
-
-Please always test your work before submitting a PR.
-For many of the components of systemd testing is straightforward as you can simply compile systemd and run the relevant tool from the build directory.
-
-For some components (most importantly, systemd/PID 1 itself) this is not possible, however.
-In order to simplify testing for cases like this we provide a set of `mkosi` config files directly in the source tree.
-[mkosi](https://mkosi.systemd.io/)
-is a tool for building clean OS images from an upstream distribution in combination with a fresh build of the project in the local working directory.
-To make use of this, please install `mkosi` from the [GitHub repository](https://github.com/systemd/mkosi#running-mkosi-from-the-repository).
-`mkosi` will build an image for the host distro by default.
-First, run `mkosi genkey` to generate a key and certificate to be used for secure boot and verity signing.
-After that is done, it is sufficient to type `mkosi` in the systemd project directory to generate a disk image you can boot either in `systemd-nspawn` or in a UEFI-capable VM:
+Please make sure to follow our [Coding Style](/CODING_STYLE) when submitting
+patches. Also have a look at our [Contribution Guidelines](/CONTRIBUTING).
+
+When adding new functionality, tests should be added. For shared functionality
+(in `src/basic/` and `src/shared/`) unit tests should be sufficient. The general
+policy is to keep tests in matching files underneath `src/test/`, e.g.
+`src/test/test-path-util.c` contains tests for any functions in
+`src/basic/path-util.c`. If adding a new source file, consider adding a matching
+test executable. For features at a higher level, tests in `src/test/` are very
+strongly recommended. If that is not possible, integration tests in `test/` are
+encouraged. Please always test your work before submitting a PR.
+
+## Hacking on systemd with mkosi
+
+[mkosi](https://mkosi.systemd.io/) is our swiss army knife for hacking on
+systemd. It makes sure all necessary dependencies are available to build systemd
+and allows building and booting an OS image with the latest systemd installed
+for testing purposes.
+
+First, install `mkosi` from the
+[GitHub repository](https://github.com/systemd/mkosi#running-mkosi-from-the-repository).
+Note that it's not possible to use your distribution's packaged version of mkosi
+as mkosi has to be installed outside of `/usr` for the following steps to work.
+
+Then, you can build and run systemd executables as follows:
```sh
-$ sudo mkosi boot # nspawn still needs sudo for now
+$ mkosi -f sandbox meson setup build
+$ mkosi -f sandbox ninja -C build
+$ mkosi -f sandbox build/systemctl --version
```
-or:
+To build and boot an OS image with the latest systemd installed:
```sh
-$ mkosi qemu
+$ mkosi -f genkey # Generate signing keys once.
+$ mkosi -f sandbox ninja -C build mkosi # (re-)build the OS image
+$ sudo mkosi boot # Boot the image with systemd-nspawn.
+$ mkosi qemu # Boot the image with qemu.
```
-By default, the tools from your host system are used to build the image.
-Sometimes we start using mkosi features that rely on functionality in systemd
-tools that's not in an official release yet. In that case, you'll need to build
-systemd from source on the host and configure mkosi to use the tools from the
-systemd build directory.
-
-To do a local build, most distributions provide very simple and convenient ways
-to install most development packages necessary to build systemd:
+Putting this all together, here's a series of commands for preparing a patch for
+systemd:
```sh
-# Fedora
-$ sudo dnf builddep systemd
-# Debian/Ubuntu
-$ sudo apt-get build-dep systemd
-# Arch
-$ sudo pacman -S devtools
-$ pkgctl repo clone --protocol=https systemd
+$ git clone https://github.com/systemd/mkosi.git
+$ ln -s $PWD/mkosi/bin/mkosi ~/.local/bin/mkosi # Make sure ~/.local/bin is in $PATH.
+$ git clone https://github.com/systemd/systemd.git
$ cd systemd
-$ makepkg -seoc
+$ git checkout -b <BRANCH> # where BRANCH is the name of the branch
+$ $EDITOR src/core/main.c # or wherever you'd like to make your changes
+$ mkosi -f sandbox meson setup build # Set up meson
+$ mkosi -f genkey # Generate signing keys once.
+$ mkosi -f sandbox ninja -C build mkosi # (re-)build the test image
+$ mkosi qemu # Boot the image in qemu
+$ git add -p # interactively put together your patch
+$ git commit # commit it
+$ git push -u <REMOTE> # where REMOTE is your "fork" on GitHub
```
-After installing the development packages, systemd can be built from source as follows:
+And after that, head over to your repo on GitHub and click "Compare & pull
+request"
-```sh
-$ meson setup build <options>
-$ ninja -C build
-$ meson test -C build
-```
+Happy hacking!
-To have `mkosi` use the systemd tools from the `build/` directory, add the
-following to `mkosi.local.conf`:
+The following sections contain advanced topics on how to speed up development or
+streamline debugging. Feel free to read them if you're interested but they're
+not required to write basic patches.
-```conf
-[Host]
-ExtraSearchPaths=build/
-```
+## Building the OS image without a tools tree
-And if you want `mkosi` to build a tools image and use the tools from there
-instead of looking for tools on the host, add the following to
-`mkosi.local.conf`:
+By default, `mkosi` will first build a tools tree and use it build the image and
+provide the environment for `mkosi sandbox`. To disable the tools tree and use
+binaries from your host instead, write the following to `mkosi.local.conf`:
```conf
-[Host]
-ToolsTree=default
+[Build]
+ToolsTree=
```
-Every time you rerun the `mkosi` command a fresh image is built, incorporating
-all current changes you made to the project tree. To build the latest changes
-and re-install after booting the image, run one of the following commands in
-another terminal on your host (choose the right one depending on the
-distribution of the container or virtual machine):
+## Rebuilding systemd without rebuilding the OS image
+
+Every time the `mkosi` target is built, a fresh image is built. To build the
+latest changes and re-install systemd without rebuilding the image, run one of
+the following commands in another terminal on your host after booting the image
+(choose the right one depending on the distribution of the container or virtual
+machine):
```sh
mkosi -t none && mkosi ssh dnf upgrade --disablerepo="*" --assumeyes "/work/build/*.rpm" # CentOS/Fedora
@@ -107,26 +110,6 @@ and optionally restart the daemon(s) you're working on using
`systemctl restart <units>` or `systemctl daemon-reexec` if you're working on
pid1 or `systemctl soft-reboot` to restart everything.
-Putting this all together, here's a series of commands for preparing a patch for systemd:
-
-```sh
-$ git clone https://github.com/systemd/mkosi.git
-$ ln -s $PWD/mkosi/bin/mkosi /usr/local/bin/mkosi
-$ git clone https://github.com/systemd/systemd.git
-$ cd systemd
-$ git checkout -b <BRANCH> # where BRANCH is the name of the branch
-$ vim src/core/main.c # or wherever you'd like to make your changes
-$ mkosi -f qemu # (re-)build and boot up the test image in qemu
-$ mkosi -t none # Build new packages without rebuilding the image
-$ git add -p # interactively put together your patch
-$ git commit # commit it
-$ git push -u <REMOTE> # where REMOTE is your "fork" on GitHub
-```
-
-And after that, head over to your repo on GitHub and click "Compare & pull request"
-
-Happy hacking!
-
## Building distribution packages with mkosi
To build distribution packages for a specific distribution and release without

27
0066-mkosi-Fix-authselect-systemd-homed-feature-name.patch Normal file
View File

@ -0,0 +1,27 @@
From 586b56f2fe741303af241f00c00c088dd2acadca Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Sat, 21 Dec 2024 19:10:42 +0100
Subject: [PATCH] mkosi: Fix authselect systemd-homed feature name
The feature name is with-systemd-homed, not with-homed.
(cherry picked from commit 5495b11360d649dc8810d59b096231ba596e9436)
---
mkosi.postinst.chroot | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/mkosi.postinst.chroot b/mkosi.postinst.chroot
index 0f9e361488..310a26fa14 100755
--- a/mkosi.postinst.chroot
+++ b/mkosi.postinst.chroot
@@ -24,8 +24,8 @@ if command -v authselect >/dev/null; then
authselect select "$PROFILE"
- if authselect list-features "$PROFILE" | grep -q "with-homed"; then
- authselect enable-feature with-homed
+ if authselect list-features "$PROFILE" | grep -q "with-systemd-homed"; then
+ authselect enable-feature with-systemd-homed
fi
fi

68
0067-docs-Use-meson-compile-instead-of-ninja.patch Normal file
View File

@ -0,0 +1,68 @@
From 5f0d736f448973e8a8e68d6bbf9625061dfbc2ab Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 24 Dec 2024 09:53:53 +0100
Subject: [PATCH] docs: Use meson compile instead of ninja
"ninja -C build mkosi" doesn't actually work and fails because ninja
thinks the mkosi target does not exist. "meson compile -C build mkosi"
dpes work so let's use that instead.
Fixes #35741
(cherry picked from commit ece81f339ff41113876bf7a9a2c1ad317c2eb258)
---
docs/HACKING.md | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/docs/HACKING.md b/docs/HACKING.md
index 2203c32640..d1202dee4e 100644
--- a/docs/HACKING.md
+++ b/docs/HACKING.md
@@ -39,17 +39,17 @@ Then, you can build and run systemd executables as follows:
```sh
$ mkosi -f sandbox meson setup build
-$ mkosi -f sandbox ninja -C build
+$ mkosi -f sandbox meson compile -C build
$ mkosi -f sandbox build/systemctl --version
```
To build and boot an OS image with the latest systemd installed:
```sh
-$ mkosi -f genkey # Generate signing keys once.
-$ mkosi -f sandbox ninja -C build mkosi # (re-)build the OS image
-$ sudo mkosi boot # Boot the image with systemd-nspawn.
-$ mkosi qemu # Boot the image with qemu.
+$ mkosi -f genkey # Generate signing keys once.
+$ mkosi -f sandbox meson compile -C build mkosi # (re-)build the OS image
+$ sudo mkosi boot # Boot the image with systemd-nspawn.
+$ mkosi qemu # Boot the image with qemu.
```
Putting this all together, here's a series of commands for preparing a patch for
@@ -60,15 +60,15 @@ $ git clone https://github.com/systemd/mkosi.git
$ ln -s $PWD/mkosi/bin/mkosi ~/.local/bin/mkosi # Make sure ~/.local/bin is in $PATH.
$ git clone https://github.com/systemd/systemd.git
$ cd systemd
-$ git checkout -b <BRANCH> # where BRANCH is the name of the branch
-$ $EDITOR src/core/main.c # or wherever you'd like to make your changes
-$ mkosi -f sandbox meson setup build # Set up meson
-$ mkosi -f genkey # Generate signing keys once.
-$ mkosi -f sandbox ninja -C build mkosi # (re-)build the test image
-$ mkosi qemu # Boot the image in qemu
-$ git add -p # interactively put together your patch
-$ git commit # commit it
-$ git push -u <REMOTE> # where REMOTE is your "fork" on GitHub
+$ git checkout -b <BRANCH> # where BRANCH is the name of the branch
+$ $EDITOR src/core/main.c # or wherever you'd like to make your changes
+$ mkosi -f sandbox meson setup build # Set up meson
+$ mkosi -f genkey # Generate signing keys once.
+$ mkosi -f sandbox meson compile -C build mkosi # (re-)build the test image
+$ mkosi qemu # Boot the image in qemu
+$ git add -p # interactively put together your patch
+$ git commit # commit it
+$ git push -u <REMOTE> # where REMOTE is your "fork" on GitHub
```
And after that, head over to your repo on GitHub and click "Compare & pull

26
0068-docs-Explicitly-mention-.local-bin-in-section-on-ins.patch Normal file
View File

@ -0,0 +1,26 @@
From bcda7cc1b1121594ea34e3ccf7074a4386407f7b Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 23 Dec 2024 21:30:32 +0100
Subject: [PATCH] docs: Explicitly mention ~/.local/bin in section on
installing mkosi
(cherry picked from commit 54b4ec887066b12fe97ac28d7ed5108a23f262de)
---
docs/HACKING.md | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/docs/HACKING.md b/docs/HACKING.md
index d1202dee4e..de3f66dd55 100644
--- a/docs/HACKING.md
+++ b/docs/HACKING.md
@@ -33,7 +33,9 @@ for testing purposes.
First, install `mkosi` from the
[GitHub repository](https://github.com/systemd/mkosi#running-mkosi-from-the-repository).
Note that it's not possible to use your distribution's packaged version of mkosi
-as mkosi has to be installed outside of `/usr` for the following steps to work.
+as mkosi has to be installed outside of `/usr` for the following steps to work. When
+installing mkosi from the github repository, make sure to symlink it to `~/.local/bin`
+instead of `/usr/local/bin` if you want to add it to your `$PATH`.
Then, you can build and run systemd executables as follows:

23
0069-mkosi-update-opensuse-spec-repo-commit.patch Normal file
View File

@ -0,0 +1,23 @@
From 3e998a517ebc4b3fca069ada0f0adb35b3158a75 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Thu, 26 Dec 2024 12:08:34 +0000
Subject: [PATCH] mkosi: update opensuse spec repo commit
(cherry picked from commit 4db0252c7fd53dc5388db458ad93ce7ef433e704)
---
mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf
index 991d610bb8..972b12c56f 100644
--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf
+++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf
@@ -7,7 +7,7 @@ Distribution=opensuse
Environment=
GIT_URL=https://src.opensuse.org/pool/systemd
GIT_BRANCH=devel
- GIT_COMMIT=35e7ce86d092dd1f4a85c51b0c6dc07769235f0fafc0b7072cffbbe79976d6ec
+ GIT_COMMIT=34e937066081c33841b53ff69130ac843100b68f2dc5bca5e21b30699385998e
PKG_SUBDIR=opensuse
[Content]

25
0070-mkosi-update-openSUSE-commit-reference.patch Normal file
View File

@ -0,0 +1,25 @@
From 869964c1eecad09dfe38cff5a6b7b25343cbc8f4 Mon Sep 17 00:00:00 2001
From: Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
Date: Mon, 30 Dec 2024 11:00:07 +0100
Subject: [PATCH] mkosi: update openSUSE commit reference
Force-pushed as usual, now HEAD is v257.1.
(cherry picked from commit 37c2be73e7238a99bc114f85c7af5c4702f15046)
---
mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf
index 972b12c56f..4e83002c91 100644
--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf
+++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf
@@ -7,7 +7,7 @@ Distribution=opensuse
Environment=
GIT_URL=https://src.opensuse.org/pool/systemd
GIT_BRANCH=devel
- GIT_COMMIT=34e937066081c33841b53ff69130ac843100b68f2dc5bca5e21b30699385998e
+ GIT_COMMIT=cfdec97b3a3d459b1a74a6be33372fed9558fe6d5bef4ece4d7fb94905057c75
PKG_SUBDIR=opensuse
[Content]

53
0071-mkosi-add-libopenssl-devel-package-to-openSUSE-tools.patch Normal file
View File

@ -0,0 +1,53 @@
From e28aa452ce82ff34d2bf29d1f00ee7aa3df780ae Mon Sep 17 00:00:00 2001
From: Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
Date: Mon, 30 Dec 2024 17:38:36 +0100
Subject: [PATCH] mkosi: add libopenssl devel package to openSUSE tools tree
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Otherwise, the build fails with:
```
INFO: autodetecting backend as ninja
INFO: calculating backend command to run: /usr/bin/ninja -C /mnt/work/src/systemd/upstream-fork/main/build-mkosi
ninja: Entering directory `/mnt/work/src/systemd/upstream-fork/main/build-mkosi'
[463/2561] Compiling C object src/shared/libsystemd-shared-258.a.p/openssl-util.c.o
FAILED: src/shared/libsystemd-shared-258.a.p/openssl-util.c.o
cc -Isrc/shared/libsystemd-shared-258.a.p -Isrc/shared -I../src/shared -Isrc/basic -I../src/basic -Isrc/fundamental -I../src/fundamental -Isrc/systemd -I../src/systemd -I. -I.. -I../src/libsystemd/sd-bus -I../src/libsystemd/sd-device -I../src/libsystemd/sd-event -I../src/libsystemd/sd-hwdb -I../src/libsystemd/sd-id128 -I../src/libsystemd/sd-journal -I../src/libsystemd/sd-json -I../src/libsystemd/sd-netlink -I../src/libsystemd/sd-network -I../src/libsystemd/sd-path -I../src/libsystemd/sd-resolve -I../src/libsystemd/sd-varlink -I/usr/include/blkid -I/usr/include/libmount -I/usr/include/p11-kit-1 -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -std=gnu11 -O0 -g -Wno-missing-field-initializers -Wno-unused-parameter -Wno-nonnull-compare -Warray-bounds -Warray-bounds=2 -Wdate-time -Wendif-labels -Werror=format=2 -Werror=format-signedness -Werror=implicit-function-declaration -Werror=implicit-int -Werror=incompatible-pointer-types -Werror=int-conversion -Werror=missing-declarations -Werror=missing-prototypes -Werror=overflow -Werror=override-init -Werror=return-type -Werror=shift-count-overflow -Werror=shift-overflow=2 -Werror=strict-flex-arrays -Werror=undef -Wfloat-equal -Wimplicit-fallthrough=5 -Winit-self -Wlogical-op -Wmissing-include-dirs -Wmissing-noreturn -Wnested-externs -Wold-style-definition -Wpointer-arith -Wredundant-decls -Wshadow -Wstrict-aliasing=2 -Wstrict-prototypes -Wsuggest-attribute=noreturn -Wunused-function -Wwrite-strings -Wzero-length-bounds -fdiagnostics-show-option -fno-common -fstack-protector -fstack-protector-strong -fstrict-flex-arrays=3 --param=ssp-buffer-size=4 -Wno-unused-result -Werror=shadow -fPIC -fno-strict-aliasing -fstrict-flex-arrays=1 -fvisibility=hidden -fno-omit-frame-pointer -include config.h -pthread -fvisibility=default -MD -MQ src/shared/libsystemd-shared-258.a.p/openssl-util.c.o -MF src/shared/libsystemd-shared-258.a.p/openssl-util.c.o.d -o src/shared/libsystemd-shared-258.a.p/openssl-util.c.o -c ../src/shared/openssl-util.c
../src/shared/openssl-util.c: In function openssl_ask_password_ui_read:
../src/shared/openssl-util.c:1395:65: error: implicit declaration of function UI_method_get_ex_data; did you mean UI_method_get_reader? [-Wimplicit-function-declaration]
1395 | AskPasswordRequest *req = (AskPasswordRequest*) UI_method_get_ex_data(UI_get_method(ui), 0);
| ^~~~~~~~~~~~~~~~~~~~~
| UI_method_get_reader
../src/shared/openssl-util.c:1395:65: warning: nested extern declaration of UI_method_get_ex_data [-Wnested-externs]
../src/shared/openssl-util.c:1395:43: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
1395 | AskPasswordRequest *req = (AskPasswordRequest*) UI_method_get_ex_data(UI_get_method(ui), 0);
| ^
../src/shared/openssl-util.c: In function openssl_ask_password_ui_new:
../src/shared/openssl-util.c:1479:13: error: implicit declaration of function UI_method_set_ex_data; did you mean UI_method_set_reader? [-Wimplicit-function-declaration]
1479 | if (UI_method_set_ex_data(ui->method, 0, &ui->request) == 0)
| ^~~~~~~~~~~~~~~~~~~~~
| UI_method_set_reader
../src/shared/openssl-util.c:1479:13: warning: nested extern declaration of UI_method_set_ex_data [-Wnested-externs]
[480/2561] Compiling C object src/shared/libsystemd-shared-258.a.p/pkcs11-util.c.o
ninja: build stopped: subcommand failed.
```
(cherry picked from commit 8a6ad7c8376b5dab1d3502a39cead9c63152293d)
---
mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf | 1 +
1 file changed, 1 insertion(+)
diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
index 468f56856f..d486875fab 100644
--- a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
+++ b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
@@ -15,6 +15,7 @@ ToolsTreePackages=
pkgconfig(fdisk)
pkgconfig(libmicrohttpd)
pkgconfig(mount)
+ pkgconfig(libopenssl)
python3-ruff
tpm2-0-tss-devel
python3-jinja2

144
0072-mkosi-switch-to-github-mirror-of-openSUSE-sources-fr.patch Normal file
View File

@ -0,0 +1,144 @@
From dd5c8cacbdc9ce7e5f678a963c92d68e9fe88879 Mon Sep 17 00:00:00 2001
From: Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
Date: Mon, 30 Dec 2024 17:39:16 +0100
Subject: [PATCH] mkosi: switch to github mirror of openSUSE sources from
build.opensuse.org
The current src.opensuse.org is very unstable and commit hashes are reset (or
even removed) every now and then. While the official repo is not fixed, let's
move to a more stable source, the github mirror of code.opensuse.org, maintained
since 2019.
(cherry picked from commit 07638ce2a46c99300e21d7b54e9404fdce488d53)
---
.../mkosi.conf.d/opensuse/mkosi.build.chroot | 16 ++++++++--------
.../build/mkosi.conf.d/opensuse/mkosi.conf | 7 ++++---
.../build/mkosi.conf.d/opensuse/mkosi.prepare | 14 +++++++-------
3 files changed, 19 insertions(+), 18 deletions(-)
diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
index c9089b78c4..8c4fb9bd6f 100755
--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
+++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
@@ -4,8 +4,8 @@ set -e
. mkosi.functions
-if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then
- echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
+if [[ ! -f "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec" ]]; then
+ echo "spec not found at pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
exit 1
fi
@@ -14,7 +14,7 @@ TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
# The openSUSE filelists hardcode the manpage compression extension. This causes rpmbuild errors since we
# disable manpage compression as the files cannot be found. Fix the issue by removing the compression
# extension.
-find "pkg/$PKG_SUBDIR" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \;
+find "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \;
if [[ "$(rpm --eval "%{lua:print(rpm.vercmp('$(rpm --version | cut -d ' ' -f3)', '4.20'))}")" == "-1" ]]; then
# Fix the %install override so debuginfo packages are generated.
@@ -58,10 +58,10 @@ if ((COVERAGE)); then
fi
# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream).
-sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR/systemd.spec"
+sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec"
# TODO: Drop when the opensuse spec uses README.md instead of README.testsuite.
-sed --in-place 's/README.testsuite/README.md/' "pkg/$PKG_SUBDIR/systemd.spec"
+sed --in-place 's/README.testsuite/README.md/' "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec"
build() {
IFS=
@@ -81,7 +81,7 @@ build() {
--with upstream \
$( ((WITH_TESTS)) || echo "--nocheck") \
--define "_topdir /var/tmp" \
- --define "_sourcedir $PWD/pkg/$PKG_SUBDIR" \
+ --define "_sourcedir $PWD/pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}" \
--define "_rpmdir $BUILDDIR" \
${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \
--define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
@@ -103,7 +103,7 @@ build() {
--define "_find_debuginfo_opts --unique-debug-src-base \"%{name}\"" \
--noclean \
"$@" \
- "pkg/$PKG_SUBDIR/systemd.spec"
+ "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec"
EXIT_STATUS=$?
@@ -127,7 +127,7 @@ if ! build; then
# warnings.
rm systemd.lang
- grep -v ".debug" /tmp/unpackaged-files >>"pkg/$PKG_SUBDIR/files.systemd"
+ grep -v ".debug" /tmp/unpackaged-files >>"pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/files.systemd"
build --noprep --nocheck
fi
diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf
index 4e83002c91..a374207e4d 100644
--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf
+++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf
@@ -5,9 +5,10 @@ Distribution=opensuse
[Build]
Environment=
- GIT_URL=https://src.opensuse.org/pool/systemd
- GIT_BRANCH=devel
- GIT_COMMIT=cfdec97b3a3d459b1a74a6be33372fed9558fe6d5bef4ece4d7fb94905057c75
+ GIT_URL=https://github.com/bmwiedemann/openSUSE
+ GIT_SUBDIR=packages/s/systemd
+ GIT_BRANCH=master
+ GIT_COMMIT=1477f2646dd26ee3b166f26bd380a173fb649939
PKG_SUBDIR=opensuse
[Content]
diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare
index c4a9580715..de736a570f 100755
--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare
+++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare
@@ -6,13 +6,13 @@ if [[ "$1" == "build" ]]; then
exit 0
fi
-if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then
- echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
+if [[ ! -f "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec" ]]; then
+ echo "spec not found at pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
exit 1
fi
# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream).
-sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR/systemd.spec"
+sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec"
mkosi-chroot \
rpmspec \
@@ -20,8 +20,8 @@ mkosi-chroot \
--query \
--buildrequires \
--define "_topdir /var/tmp" \
- --define "_sourcedir $PWD/pkg/$PKG_SUBDIR" \
- "pkg/$PKG_SUBDIR/systemd.spec" |
+ --define "_sourcedir $PWD/pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}" \
+ "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec" |
grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev |
sort --unique |
tee /tmp/buildrequires |
@@ -34,9 +34,9 @@ until mkosi-chroot \
--build-in-place \
--with upstream \
--define "_topdir /var/tmp" \
- --define "_sourcedir $PWD/pkg/$PKG_SUBDIR" \
+ --define "_sourcedir $PWD/pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}" \
--define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
- "pkg/$PKG_SUBDIR/systemd.spec"
+ "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec"
do
EXIT_STATUS=$?
if [[ $EXIT_STATUS -ne 11 ]]; then

65
0073-mkosi-Allow-disabling-vcs-tag-via-environment-variab.patch Normal file
View File

@ -0,0 +1,65 @@
From 04dc2fab4c1aa8cc1cf54c61d73f38185f8074f6 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 2 Jan 2025 13:11:48 +0100
Subject: [PATCH] mkosi: Allow disabling vcs-tag via environment variable
(cherry picked from commit 76d80cc34331b0cefd354ea9de70e9bbb46550a0)
---
mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot | 2 +-
.../build/mkosi.conf.d/centos-fedora/mkosi.build.chroot | 2 +-
.../build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot | 2 +-
mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot
index 83c4960ac8..202646f0ad 100755
--- a/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot
+++ b/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot
@@ -28,7 +28,7 @@ if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then
MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")"
fi
-MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}"
+MKOSI_MESON_OPTIONS="-D mode=developer -D vcs-tag=${VCS_TAG:-true} -D b_sanitize=${SANITIZERS:-none}"
if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then
MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe"
fi
diff --git a/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot
index 1de1578e20..e41b9b1189 100755
--- a/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot
+++ b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot
@@ -48,7 +48,7 @@ if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then
MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")"
fi
-MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}"
+MKOSI_MESON_OPTIONS="-D mode=developer -D vcs-tag=${VCS_TAG:-true} -D b_sanitize=${SANITIZERS:-none}"
if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then
MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe"
fi
diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot
index 5f3e53ff53..b17483a03f 100755
--- a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot
+++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot
@@ -44,7 +44,7 @@ if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then
MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")"
fi
-MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}"
+MKOSI_MESON_OPTIONS="-D mode=developer -D vcs-tag=${VCS_TAG:-true} -D b_sanitize=${SANITIZERS:-none}"
if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then
MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe"
fi
diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
index 8c4fb9bd6f..72115c2c5b 100755
--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
+++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
@@ -48,7 +48,7 @@ if [[ -z "${MKOSI_LDFLAGS// }" ]]; then
MKOSI_LDFLAGS="%{nil}"
fi
-MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}"
+MKOSI_MESON_OPTIONS="-D mode=developer -D vcs-tag=${VCS_TAG:-true} -D b_sanitize=${SANITIZERS:-none}"
if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then
MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe"
fi

81
0074-docs-Use-mkosi-sandbox-in-test-documentation-as-well.patch Normal file
View File

@ -0,0 +1,81 @@
From 194f7bbe9a12051f19dcff16eaa297261b657e86 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 2 Jan 2025 16:17:53 +0100
Subject: [PATCH] docs: Use mkosi sandbox in test documentation as well
Same change as in HACKING.md, but for running the integration tests.
(cherry picked from commit 8a652636503ee99dd484e2ae051cc1f1bdfc18ab)
---
test/README.testsuite | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/test/README.testsuite b/test/README.testsuite
index fc1c9f136d..25b44912e9 100644
--- a/test/README.testsuite
+++ b/test/README.testsuite
@@ -11,7 +11,7 @@ reconfiguring meson to make sure it is picked up properly.
We also need to make sure the required meson options are enabled:
```shell
-$ meson setup --reconfigure build -Dremote=enabled
+$ mkosi -f sandbox meson setup --reconfigure build -Dremote=enabled
```
To make sure `mkosi` doesn't try to build systemd from source during the image build
@@ -31,7 +31,7 @@ to /etc which is used when building the image instead.
Next, we can build the integration test image with meson:
```shell
-$ meson compile -C build mkosi
+$ mkosi -f sandbox meson compile -C build mkosi
```
By default, the `mkosi` meson target which builds the integration test image depends on
@@ -52,24 +52,24 @@ directory (`OutputDirectory=`) to point to the other directory using `mkosi.loca
After the image has been built, the integration tests can be run with:
```shell
-$ env SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild --suite integration-tests --num-processes "$(($(nproc) / 4))"
+$ env SYSTEMD_INTEGRATION_TESTS=1 mkosi -f sandbox meson test -C build --no-rebuild --suite integration-tests --num-processes "$(($(nproc) / 4))"
```
As usual, specific tests can be run in meson by appending the name of the test
which is usually the name of the directory e.g.
```shell
-$ env SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -v TEST-01-BASIC
+$ env SYSTEMD_INTEGRATION_TESTS=1 mkosi -f sandbox meson test -C build --no-rebuild -v TEST-01-BASIC
```
-See `meson introspect build --tests` for a list of tests.
+See `mkosi -f sandbox meson introspect build --tests` for a list of tests.
To interactively debug a failing integration test, the `--interactive` option
(`-i`) for `meson test` can be used. Note that this requires meson v1.5.0 or
newer:
```shell
-$ env SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -i TEST-01-BASIC
+$ env SYSTEMD_INTEGRATION_TESTS=1 mkosi -f sandbox meson test -C build --no-rebuild -i TEST-01-BASIC
```
Due to limitations in meson, the integration tests do not yet depend on the
@@ -78,7 +78,7 @@ running the integration tests. To rebuild the image and rerun a test, the
following command can be used:
```shell
-$ meson compile -C build mkosi && env SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -v TEST-01-BASIC
+$ mkosi -f sandbox meson compile -C build mkosi && env SYSTEMD_INTEGRATION_TESTS=1 mkosi -f sandbox meson test -C build --no-rebuild -v TEST-01-BASIC
```
The integration tests use the same mkosi configuration that's used when you run
@@ -92,7 +92,7 @@ To iterate on an integration test, let's first get a shell in the integration te
the following:
```shell
-$ meson compile -C build mkosi && env SYSTEMD_INTEGRATION_TESTS=1 TEST_SHELL=1 meson test -C build --no-rebuild -i TEST-01-BASIC
+$ mkosi -f sandbox meson compile -C build mkosi && env SYSTEMD_INTEGRATION_TESTS=1 TEST_SHELL=1 mkosi -f sandbox meson test -C build --no-rebuild -i TEST-01-BASIC
```
This will get us a shell in the integration test environment after booting the machine without running the

83
0075-test-update-README-s-Ubuntu-CI-section-for-mkosi-cha.patch Normal file
View File

@ -0,0 +1,83 @@
From 20b0b2d7973049d918a69025c5d6b6cbe00f5f41 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Thu, 2 Jan 2025 16:21:42 +0000
Subject: [PATCH] test: update README's Ubuntu CI section for mkosi changes
(cherry picked from commit 01829580471eb1958bc5c43caa871b243edb1055)
---
test/README.testsuite | 30 ++++++------------------------
1 file changed, 6 insertions(+), 24 deletions(-)
diff --git a/test/README.testsuite b/test/README.testsuite
index 25b44912e9..da2d17a6db 100644
--- a/test/README.testsuite
+++ b/test/README.testsuite
@@ -155,23 +155,7 @@ that make use of `run_testcases`.
New PRs submitted to the project are run through regression tests, and one set
of those is the 'autopkgtest' runs for several different architectures, called
-'Ubuntu CI'. Part of that testing is to run all these tests. Sometimes these
-tests are temporarily deny-listed from running in the 'autopkgtest' tests while
-debugging a flaky test; that is done by creating a file in the test directory
-named 'deny-list-ubuntu-ci', for example to prevent the TEST-01-BASIC test from
-running in the 'autopkgtest' runs, create the file
-'TEST-01-BASIC/deny-list-ubuntu-ci'.
-
-The tests may be disabled only for specific archs, by creating a deny-list file
-with the arch name at the end, e.g.
-'TEST-01-BASIC/deny-list-ubuntu-ci-arm64' to disable the TEST-01-BASIC test
-only on test runs for the 'arm64' architecture.
-
-Note the arch naming is not from 'uname -m', it is Debian arch names:
-https://wiki.debian.org/ArchitectureSpecificsMemo
-
-For PRs that fix a currently deny-listed test, the PR should include removal
-of the deny-list file.
+'Ubuntu CI'. Part of that testing is to run all these tests.
In case a test fails, the full set of artifacts, including the journal of the
failed run, can be downloaded from the artifacts.tar.gz archive which will be
@@ -268,7 +252,7 @@ the PR (set by the `$UPSTREAM_PULL_REQUEST` env variable) you'd like to debug:
```shell
$ git clone https://salsa.debian.org/systemd-team/systemd.git
$ cd systemd
-$ git checkout upstream-ci
+$ git checkout ci/v<XYZ>-stable
$ TEST_UPSTREAM=1 UPSTREAM_PULL_REQUEST=12345 ./debian/extra/checkout-upstream
```
@@ -278,22 +262,20 @@ Now install necessary build & test dependencies:
# PPA with some newer Ubuntu packages required by upstream systemd
$ add-apt-repository -y --enable-source ppa:upstream-systemd-ci/systemd-ci
$ apt build-dep -y systemd
-$ apt install -y autopkgtest debhelper genisoimage git qemu-system-x86 \
- libcurl4-openssl-dev libfdisk-dev libtss2-dev libfido2-dev \
- libssl-dev python3-pefile
+$ apt install -y autopkgtest fakemachine qemu-system-x86
```
Build systemd deb packages with debug info:
```shell
-$ TEST_UPSTREAM=1 DEB_BUILD_OPTIONS="nocheck nostrip noopt" dpkg-buildpackage -us -uc
+$ TEST_UPSTREAM=1 DEB_BUILD_OPTIONS="nocheck nostrip noopt pkg.systemd.upstream" dpkg-buildpackage -us -uc -b
$ cd ..
```
Prepare a testbed image for autopkgtest (tweak the release as necessary):
```shell
-$ autopkgtest-buildvm-ubuntu-cloud --ram-size 1024 -v -a amd64 -r jammy
+$ autopkgtest-buildvm-ubuntu-cloud --ram-size 1024 -v -a amd64 -r noble
```
And finally run the autopkgtest itself:
@@ -304,7 +286,7 @@ $ autopkgtest -o logs *.deb systemd/ \
--timeout-factor=3 \
--test-name=boot-and-services \
--shell-fail \
- -- autopkgtest-virt-qemu --cpus 4 --ram-size 2048 autopkgtest-jammy-amd64.img
+ -- autopkgtest-virt-qemu --cpus 4 --ram-size 2048 autopkgtest-noble-amd64.img
```
where `--test-name=` is the name of the test you want to run/debug. The

67
0076-mkosi-Add-docbook-tools.patch Normal file
View File

@ -0,0 +1,67 @@
From 3bf84a14d22f7e259b4adf4cc88895af0cdd1ccc Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 2 Jan 2025 15:48:54 +0100
Subject: [PATCH] mkosi: Add docbook tools
(cherry picked from commit fd3ee47d8d1cac09acf034cdbe53071ee6fdde74)
---
mkosi.conf.d/05-tools/mkosi.conf.d/arch.conf | 2 ++
mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf | 3 +++
mkosi.conf.d/05-tools/mkosi.conf.d/debian-ubuntu.conf | 2 ++
mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf | 2 ++
4 files changed, 9 insertions(+)
diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/arch.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/arch.conf
index 5787aa8f44..c6ec83a6b0 100644
--- a/mkosi.conf.d/05-tools/mkosi.conf.d/arch.conf
+++ b/mkosi.conf.d/05-tools/mkosi.conf.d/arch.conf
@@ -9,9 +9,11 @@ ToolsTreePackages=
github-cli
libcap
libmicrohttpd
+ libxslt
mypy
perl-json-xs
python-jinja
+ python-lxml
python-pytest
ruff
shellcheck
diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf
index 23731f7376..21d3741504 100644
--- a/mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf
+++ b/mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf
@@ -15,6 +15,9 @@ ToolsTreePackages=
pkgconfig(mount)
tpm2-tss-devel
python3-jinja2
+ python3-lxml
python3-mypy
python3-pytest
shellcheck
+ xsltproc
+ docbook-style-xsl
diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/debian-ubuntu.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/debian-ubuntu.conf
index 46204fe8f6..106072f541 100644
--- a/mkosi.conf.d/05-tools/mkosi.conf.d/debian-ubuntu.conf
+++ b/mkosi.conf.d/05-tools/mkosi.conf.d/debian-ubuntu.conf
@@ -17,5 +17,7 @@ ToolsTreePackages=
libtss2-dev
mypy
python3-jinja2
+ python3-lxml
python3-pytest
shellcheck
+ xsltproc
diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
index d486875fab..8a659360fa 100644
--- a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
+++ b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
@@ -19,5 +19,7 @@ ToolsTreePackages=
python3-ruff
tpm2-0-tss-devel
python3-jinja2
+ python3-lxml
python3-pytest
+ xsltproc
ShellCheck

31
0077-mkosi-Handle-directories-in-debian-not-installed-cor.patch Normal file
View File

@ -0,0 +1,31 @@
From 472239d4301d25eb3c7c69eb7e8f13542ef2769f Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 3 Jan 2025 10:20:45 +0100
Subject: [PATCH] mkosi: Handle directories in debian/not-installed correctly
If a directory is specified without a glob pattern, we have to exclude
all files in that directory, so add a recursive glob to every directory
and enable the bash globstar feature when globbing to '**/*' matches all
files and directories beneath the given directory.
(cherry picked from commit d304b95beb76fd62ea249357df526fb211426edc)
---
.../build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot
index b17483a03f..569bf64499 100755
--- a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot
+++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot
@@ -111,8 +111,9 @@ if ! build; then
if [[ -f debian/not-installed ]]; then
pushd debian/tmp
grep --invert-match "^#" ../not-installed |
- xargs -I {} bash -O nullglob -c "printf '%s\n' {}" |
- sed "/^$/d" |
+ xargs -I {} sh -c "test -d '{}' && echo '{}/**/*' || echo '{}'" |
+ xargs -I {} bash -O nullglob -O globstar -c "printf '%s\n' {}" |
+ sed --expression "/^$/d" --expression "s#//*#/#g" |
xargs -I {} sh -c "test -f '{}' && echo '{}' || true" >>/tmp/packaged-files
popd
fi

23
0078-mkosi-Warn-on-unpackaged-files-in-the-debian-package.patch Normal file
View File

@ -0,0 +1,23 @@
From 4bc36b7d57b0210bdaf765fce3d8f9e23444c957 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 3 Jan 2025 11:42:47 +0100
Subject: [PATCH] mkosi: Warn on unpackaged files in the debian package build
(cherry picked from commit e965430f57834d641b0b1327617622c20aa23b70)
---
.../build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot | 2 ++
1 file changed, 2 insertions(+)
diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot
index 569bf64499..9717286586 100755
--- a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot
+++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot
@@ -128,6 +128,8 @@ if ! build; then
exit 1
fi
+ echo -e "::warning title=UNPACKAGED-FILES::The following files were not picked up by the package, please update the packaging recipe to include: $(tr '\n' ' ' </tmp/unpackaged-files)"
+
# Otherwise, we append the unpackaged files to the filelist for the systemd package and retry the build.
cat /tmp/unpackaged-files >>debian/systemd.install
build

205
0079-mkosi-Update-to-latest.patch Normal file
View File

@ -0,0 +1,205 @@
From 3484ab94b94216de0db23ad1f1567641d21a8ad7 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 3 Jan 2025 23:25:23 +0100
Subject: [PATCH] mkosi: Update to latest
(cherry picked from commit c008b703701e676a88e16de4c867b9fc4818070d)
---
.github/workflows/coverage.yml | 2 +-
.github/workflows/mkosi.yml | 2 +-
test/TEST-64-UDEV-STORAGE/btrfs_basic.configure | 2 +-
test/TEST-64-UDEV-STORAGE/iscsi_lvm.configure | 2 +-
test/TEST-64-UDEV-STORAGE/long_sysfs_path.configure | 2 +-
test/TEST-64-UDEV-STORAGE/lvm_basic.configure | 2 +-
test/TEST-64-UDEV-STORAGE/mdadm_basic.configure | 2 +-
test/TEST-64-UDEV-STORAGE/mdadm_lvm.configure | 2 +-
test/TEST-64-UDEV-STORAGE/multipath_basic_failover.configure | 2 +-
test/TEST-64-UDEV-STORAGE/nvme_basic.configure | 2 +-
test/TEST-64-UDEV-STORAGE/nvme_subsystem.configure | 2 +-
test/TEST-64-UDEV-STORAGE/simultaneous_events.configure | 2 +-
test/TEST-64-UDEV-STORAGE/virtio_scsi_basic.configure | 2 +-
.../virtio_scsi_identically_named_partitions.configure | 2 +-
14 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index a1587e62e9..cea1e84af2 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -16,7 +16,7 @@ jobs:
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- - uses: systemd/mkosi@ba07d53000b6c560ad0b9f07550aca93c0284e88
+ - uses: systemd/mkosi@7051715d8541d4d077a218f7445976225ec74d78
# Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
# immediately, we remove the files in the background. However, we first move them to a different location
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index 4d128822fb..873ed589b6 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -113,7 +113,7 @@ jobs:
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- - uses: systemd/mkosi@ba07d53000b6c560ad0b9f07550aca93c0284e88
+ - uses: systemd/mkosi@7051715d8541d4d077a218f7445976225ec74d78
# Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
# immediately, we remove the files in the background. However, we first move them to a different location
diff --git a/test/TEST-64-UDEV-STORAGE/btrfs_basic.configure b/test/TEST-64-UDEV-STORAGE/btrfs_basic.configure
index 8ef58a9fdd..85ec983fc3 100755
--- a/test/TEST-64-UDEV-STORAGE/btrfs_basic.configure
+++ b/test/TEST-64-UDEV-STORAGE/btrfs_basic.configure
@@ -11,7 +11,7 @@ config["QemuArgs"] += ["-device", "virtio-scsi-pci,id=scsi0"]
for i in range(4):
id = f"drivebtrfsbasic{i}"
- config["QemuDrives"] += [
+ config["Drives"] += [
{
"Id": id,
"Size": "350M" if i == 0 else "128M",
diff --git a/test/TEST-64-UDEV-STORAGE/iscsi_lvm.configure b/test/TEST-64-UDEV-STORAGE/iscsi_lvm.configure
index ca23e33858..1d7a0c5b9a 100755
--- a/test/TEST-64-UDEV-STORAGE/iscsi_lvm.configure
+++ b/test/TEST-64-UDEV-STORAGE/iscsi_lvm.configure
@@ -11,7 +11,7 @@ config["QemuArgs"] += ["-device", "virtio-scsi-pci,id=scsi0"]
for i in range(4):
id = f"driveiscsibasic{i}"
- config["QemuDrives"] += [
+ config["Drives"] += [
{
"Id": id,
"Size": "150M" if i == 0 else "70M",
diff --git a/test/TEST-64-UDEV-STORAGE/long_sysfs_path.configure b/test/TEST-64-UDEV-STORAGE/long_sysfs_path.configure
index 02e2ac4daa..a920171add 100755
--- a/test/TEST-64-UDEV-STORAGE/long_sysfs_path.configure
+++ b/test/TEST-64-UDEV-STORAGE/long_sysfs_path.configure
@@ -7,7 +7,7 @@ import sys
config = json.load(sys.stdin)
-config["QemuDrives"] += [
+config["Drives"] += [
{
"Id": "drive0",
"Size": "64M",
diff --git a/test/TEST-64-UDEV-STORAGE/lvm_basic.configure b/test/TEST-64-UDEV-STORAGE/lvm_basic.configure
index 9387b8377c..c4074becb4 100755
--- a/test/TEST-64-UDEV-STORAGE/lvm_basic.configure
+++ b/test/TEST-64-UDEV-STORAGE/lvm_basic.configure
@@ -11,7 +11,7 @@ config["QemuArgs"] += ["-device", "virtio-scsi-pci,id=scsi0"]
for i in range(4):
id = f"drivelvmbasic{i}"
- config["QemuDrives"] += [
+ config["Drives"] += [
{
"Id": id,
"Size": "32M",
diff --git a/test/TEST-64-UDEV-STORAGE/mdadm_basic.configure b/test/TEST-64-UDEV-STORAGE/mdadm_basic.configure
index 3f00afa955..d722e081e2 100755
--- a/test/TEST-64-UDEV-STORAGE/mdadm_basic.configure
+++ b/test/TEST-64-UDEV-STORAGE/mdadm_basic.configure
@@ -11,7 +11,7 @@ config["QemuArgs"] += ["-device", "virtio-scsi-pci,id=scsi0"]
for i in range(5):
id = f"drivemdadmbasic{i}"
- config["QemuDrives"] += [
+ config["Drives"] += [
{
"Id": id,
"Size": "64M",
diff --git a/test/TEST-64-UDEV-STORAGE/mdadm_lvm.configure b/test/TEST-64-UDEV-STORAGE/mdadm_lvm.configure
index b7661d9e81..d669895925 100755
--- a/test/TEST-64-UDEV-STORAGE/mdadm_lvm.configure
+++ b/test/TEST-64-UDEV-STORAGE/mdadm_lvm.configure
@@ -11,7 +11,7 @@ config["QemuArgs"] += ["-device", "virtio-scsi-pci,id=scsi0"]
for i in range(5):
id = f"drivemdadmlvm{i}"
- config["QemuDrives"] += [
+ config["Drives"] += [
{
"Id": id,
"Size": "64M",
diff --git a/test/TEST-64-UDEV-STORAGE/multipath_basic_failover.configure b/test/TEST-64-UDEV-STORAGE/multipath_basic_failover.configure
index 5f323b8a8b..a59927c3b7 100755
--- a/test/TEST-64-UDEV-STORAGE/multipath_basic_failover.configure
+++ b/test/TEST-64-UDEV-STORAGE/multipath_basic_failover.configure
@@ -18,7 +18,7 @@ for ndisk in range(16):
for nback in range(4):
id = f"drive{ndisk}x{nback}"
- config["QemuDrives"] += [
+ config["Drives"] += [
{
"Id": id,
"Size": size,
diff --git a/test/TEST-64-UDEV-STORAGE/nvme_basic.configure b/test/TEST-64-UDEV-STORAGE/nvme_basic.configure
index b740c096c4..948003e4de 100755
--- a/test/TEST-64-UDEV-STORAGE/nvme_basic.configure
+++ b/test/TEST-64-UDEV-STORAGE/nvme_basic.configure
@@ -18,7 +18,7 @@ if 'name "nvme"' not in result.stdout:
def add_drive(i: int, serial: str) -> None:
global config
id = f"nvme{i}"
- config["QemuDrives"] += [
+ config["Drives"] += [
{
"Id": id,
"Size": "1M",
diff --git a/test/TEST-64-UDEV-STORAGE/nvme_subsystem.configure b/test/TEST-64-UDEV-STORAGE/nvme_subsystem.configure
index 3d7900773c..029d4360ba 100755
--- a/test/TEST-64-UDEV-STORAGE/nvme_subsystem.configure
+++ b/test/TEST-64-UDEV-STORAGE/nvme_subsystem.configure
@@ -16,7 +16,7 @@ if 'name "nvme"' not in result.stdout:
exit(77)
for id in ("nvme0", "nvme1"):
- config["QemuDrives"] += [
+ config["Drives"] += [
{
"Id": id,
"Size": "1M",
diff --git a/test/TEST-64-UDEV-STORAGE/simultaneous_events.configure b/test/TEST-64-UDEV-STORAGE/simultaneous_events.configure
index a0edb01cc1..668f3e2aa0 100755
--- a/test/TEST-64-UDEV-STORAGE/simultaneous_events.configure
+++ b/test/TEST-64-UDEV-STORAGE/simultaneous_events.configure
@@ -9,7 +9,7 @@ config = json.load(sys.stdin)
for i in range(10):
id = f"drivesimultaneousevents{i}"
- config["QemuDrives"] += [
+ config["Drives"] += [
{
"Id": id,
"Size": "128M",
diff --git a/test/TEST-64-UDEV-STORAGE/virtio_scsi_basic.configure b/test/TEST-64-UDEV-STORAGE/virtio_scsi_basic.configure
index ab8d530a3e..91e1fe14e5 100755
--- a/test/TEST-64-UDEV-STORAGE/virtio_scsi_basic.configure
+++ b/test/TEST-64-UDEV-STORAGE/virtio_scsi_basic.configure
@@ -12,7 +12,7 @@ for i in range(4):
for i in range(128):
id = f"drive{i}"
- config["QemuDrives"] += [
+ config["Drives"] += [
{
"Id": id,
"Size": "1M",
diff --git a/test/TEST-64-UDEV-STORAGE/virtio_scsi_identically_named_partitions.configure b/test/TEST-64-UDEV-STORAGE/virtio_scsi_identically_named_partitions.configure
index edc5138ce8..dce6b1503f 100755
--- a/test/TEST-64-UDEV-STORAGE/virtio_scsi_identically_named_partitions.configure
+++ b/test/TEST-64-UDEV-STORAGE/virtio_scsi_identically_named_partitions.configure
@@ -21,7 +21,7 @@ config["QemuArgs"] += ["-device", "virtio-scsi-pci,id=scsi0,num_queues=4"]
for i in range(0, num_disk):
id = f"drive{i}"
- config["QemuDrives"] += [
+ config["Drives"] += [
{
"Id": id,
"Size": "40M",

33
0080-mkosi-Make-path-exclude-more-generic.patch Normal file
View File

@ -0,0 +1,33 @@
From ef6f0afb544c38e71824412012f657aeb5780d1a Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Sun, 5 Jan 2025 23:19:44 +0100
Subject: [PATCH] mkosi: Make path exclude more generic
The systemd rpms we try to install in packit have /usr/bin/bash and
/usr/bin/python3 as dependencies which breaks dnf5 because mkosi
doesn't download filelists metadata and
https://bugzilla.redhat.com/show_bug.cgi?id=2263771 is still not fixed
almost a year after being reported.
(cherry picked from commit 8a9b989cba75810406b0c881bcabe03c27fa47e5)
---
mkosi.conf.d/10-centos-fedora/mkosi.prepare | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/mkosi.conf.d/10-centos-fedora/mkosi.prepare b/mkosi.conf.d/10-centos-fedora/mkosi.prepare
index 9aca0096d5..1e5bd21995 100755
--- a/mkosi.conf.d/10-centos-fedora/mkosi.prepare
+++ b/mkosi.conf.d/10-centos-fedora/mkosi.prepare
@@ -12,8 +12,11 @@ for DEPS in --requires --recommends --suggests; do
# We need --latest-limit=1 to only consider the newest version of the packages.
# --latest-limit=1 is per <name>.<arch> so we have to pass --arch= explicitly to make sure i686 packages
# are not considered on x86-64.
+ # Because mkosi does not download the filelists repository metadata, we have to exclude all path based
+ # dependencies, (even those within /usr and /bin because of
+ # https://bugzilla.redhat.com/show_bug.cgi?id=2263771).
dnf repoquery --arch="$DISTRIBUTION_ARCHITECTURE,noarch" --latest-limit=1 --quiet "$DEPS" "${PACKAGES[@]}" |
- grep --extended-regexp --invert-match --regexp "$(IFS=\| ; echo "${PACKAGES[*]}")" --regexp /bin/sh --regexp grubby --regexp sdubby --regexp libcurl-minimal |
+ grep --extended-regexp --invert-match --regexp "$(IFS=\| ; echo "${PACKAGES[*]}")" --regexp /bin --regexp /usr --regexp grubby --regexp sdubby --regexp libcurl-minimal |
sort --unique |
xargs --delimiter '\n' --no-run-if-empty mkosi-install
done

183
0081-packit-Move-fmf-metadata-into-upstream.patch Normal file
View File

@ -0,0 +1,183 @@
From 3fd7ff599719852113fee64b2dc124493c3b53dc Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 20 Dec 2024 15:34:13 +0100
Subject: [PATCH] packit: Move fmf metadata into upstream
This moves https://src.fedoraproject.org/tests/systemd into upstream
so it's one less moving piece that we need to remember. While we're at
it, do various cleanups as well:
- Remove non-packit logic
- Set NO_BUILD in mkosi.local.conf as it's not picked up from the
process environment
- Don't set unused environment variables
- Remove workdir logic as we run in an ephemeral VM already
- Drop --verbose from meson test to reduce noise
from passed tests
- Use mkosi sandbox and drop duplicated deps from metadata file
- Stop running the unit tests as they already run as part of the rpm
build and as part of the integration tests.
- Various style fixes
(cherry picked from commit b0b88f18b3237704d1f6d5b3dcb533367816ce23)
---
.packit.yml | 3 +-
test/fmf/.fmf/version | 1 +
test/fmf/integration-tests/main.fmf | 10 ++++
test/fmf/integration-tests/test.sh | 88 +++++++++++++++++++++++++++++
test/fmf/plans/ci.fmf | 12 ++++
5 files changed, 112 insertions(+), 2 deletions(-)
create mode 100644 test/fmf/.fmf/version
create mode 100644 test/fmf/integration-tests/main.fmf
create mode 100755 test/fmf/integration-tests/test.sh
create mode 100644 test/fmf/plans/ci.fmf
diff --git a/.packit.yml b/.packit.yml
index 2dcc9e86ca..eef6e48fcf 100644
--- a/.packit.yml
+++ b/.packit.yml
@@ -57,8 +57,7 @@ jobs:
- job: tests
trigger: pull_request
- fmf_url: https://src.fedoraproject.org/tests/systemd
- fmf_ref: main
+ fmf_path: test/fmf
tmt_plan: ci
targets:
- fedora-rawhide-x86_64
diff --git a/test/fmf/.fmf/version b/test/fmf/.fmf/version
new file mode 100644
index 0000000000..d00491fd7e
--- /dev/null
+++ b/test/fmf/.fmf/version
@@ -0,0 +1 @@
+1
diff --git a/test/fmf/integration-tests/main.fmf b/test/fmf/integration-tests/main.fmf
new file mode 100644
index 0000000000..a1686c09c3
--- /dev/null
+++ b/test/fmf/integration-tests/main.fmf
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+summary: Run the upstream integration test suite
+test: ./test.sh
+duration: 2h
+require:
+ - coreutils
+ - distribution-gpg-keys
+ - dnf
+ - git-core
diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh
new file mode 100755
index 0000000000..51cbab6ec9
--- /dev/null
+++ b/test/fmf/integration-tests/test.sh
@@ -0,0 +1,88 @@
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+set -eux
+set -o pipefail
+
+# Switch SELinux to permissive, since the tests don't set proper contexts
+setenforce 0
+
+# Prepare systemd source tree
+git clone "$PACKIT_TARGET_URL" systemd
+pushd systemd
+# If we're running in a pull request job, merge the remote branch into the current main
+if [[ -n "${PACKIT_SOURCE_URL:-}" ]]; then
+ git remote add pr "${PACKIT_SOURCE_URL:?}"
+ git fetch pr "${PACKIT_SOURCE_BRANCH:?}"
+ git merge "pr/$PACKIT_SOURCE_BRANCH"
+fi
+git log --oneline -5
+popd
+
+# Now prepare mkosi, possibly at the same version required by the systemd repo
+git clone https://github.com/systemd/mkosi
+# If we have it, pin the mkosi version to the same one used by Github Actions, to ensure consistency
+if [ -f .github/workflows/mkosi.yml ]; then
+ mkosi_hash="$(grep systemd/mkosi@ .github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")"
+ git -C mkosi checkout "$mkosi_hash"
+fi
+
+export PATH="$PWD/mkosi/bin:$PATH"
+
+pushd systemd
+
+# shellcheck source=/dev/null
+. /etc/os-release || . /usr/lib/os-release
+
+tee mkosi.local.conf <<EOF
+[Distribution]
+Release=${VERSION_ID:-rawhide}
+
+[Build]
+ToolsTreeDistribution=$ID
+ToolsTreeRelease=${VERSION_ID:-rawhide}
+ToolsTreeSandboxTrees=
+ /etc/yum.repos.d/:/etc/yum.repos.d/
+ /var/share/test-artifacts/:/var/share/test-artifacts/
+SandboxTrees=
+ /etc/yum.repos.d/:/etc/yum.repos.d/
+ /var/share/test-artifacts/:/var/share/test-artifacts/
+Environment=NO_BUILD=1
+EOF
+
+cat /etc/dnf/dnf.conf
+cat /etc/yum.repos.d/*
+
+# Ensure packages built for this test have highest priority
+echo -e "\npriority=1" >> /etc/yum.repos.d/copr_build*
+
+# Disable mkosi's own repository logic
+touch /etc/yum.repos.d/mkosi.repo
+
+# TODO: drop once BTRFS regression is fixed in kernel 6.13
+sed -i "s/Format=btrfs/Format=ext4/" mkosi.repart/10-root.conf
+
+# If we don't have KVM, skip running in qemu, as it's too slow. But try to load the module first.
+modprobe kvm || true
+if [[ ! -e /dev/kvm ]]; then
+ export TEST_NO_QEMU=1
+fi
+
+# Create missing mountpoint for mkosi sandbox.
+mkdir -p /etc/pacman.d/gnupg
+
+mkosi summary
+mkosi -f sandbox true
+mkosi -f sandbox meson setup --buildtype=debugoptimized -Dintegration-tests=true build
+mkosi genkey
+mkosi -f sandbox meson compile -C build mkosi
+mkosi -f sandbox \
+ meson test \
+ -C build \
+ --no-rebuild \
+ --suite integration-tests \
+ --print-errorlogs \
+ --no-stdsplit \
+ --num-processes "$(($(nproc) - 1))"
+
+popd
diff --git a/test/fmf/plans/ci.fmf b/test/fmf/plans/ci.fmf
new file mode 100644
index 0000000000..3e2a16bc89
--- /dev/null
+++ b/test/fmf/plans/ci.fmf
@@ -0,0 +1,12 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+summary: systemd Fedora test suite
+discover:
+ how: fmf
+prepare:
+ - name: systemd
+ how: install
+ exclude:
+ - systemd-standalone-.*
+execute:
+ how: tmt

66
0082-mkosi-replace-deprecated-settings-and-command-with-n.patch Normal file
View File

@ -0,0 +1,66 @@
From a1f6747606484c47581172b36aa70aa73a13ab6a Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 6 Jan 2025 16:30:26 +0900
Subject: [PATCH] mkosi: replace deprecated settings and command with new ones
Follow-up for c008b703701e676a88e16de4c867b9fc4818070d.
These settings and command were deprecated by the following commit.
https://github.com/systemd/mkosi/commit/ebcd2efa03af5c04de91434634f2e4a956f7e53c
(cherry picked from commit d5cdcba928823faf5ddcca267e3866ab5d5fc729)
---
docs/HACKING.md | 6 +++---
mkosi.conf | 8 ++++----
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/docs/HACKING.md b/docs/HACKING.md
index de3f66dd55..b6aeff11c3 100644
--- a/docs/HACKING.md
+++ b/docs/HACKING.md
@@ -51,7 +51,7 @@ To build and boot an OS image with the latest systemd installed:
$ mkosi -f genkey # Generate signing keys once.
$ mkosi -f sandbox meson compile -C build mkosi # (re-)build the OS image
$ sudo mkosi boot # Boot the image with systemd-nspawn.
-$ mkosi qemu # Boot the image with qemu.
+$ mkosi vm # Boot the image with qemu.
```
Putting this all together, here's a series of commands for preparing a patch for
@@ -67,7 +67,7 @@ $ $EDITOR src/core/main.c # or wherever you'd like to make
$ mkosi -f sandbox meson setup build # Set up meson
$ mkosi -f genkey # Generate signing keys once.
$ mkosi -f sandbox meson compile -C build mkosi # (re-)build the test image
-$ mkosi qemu # Boot the image in qemu
+$ mkosi vm # Boot the image in qemu
$ git add -p # interactively put together your patch
$ git commit # commit it
$ git push -u <REMOTE> # where REMOTE is your "fork" on GitHub
@@ -275,7 +275,7 @@ To simplify debugging systemd when testing changes using mkosi, we're going to s
To allow VSCode's debugger to attach to systemd running in a mkosi image,
we have to make sure it can access the virtual machine spawned by mkosi where systemd is running.
-After booting the image with `mkosi qemu`,
+After booting the image with `mkosi vm`,
you should now be able to connect to it by running `mkosi ssh` from the same directory in another terminal window.
Now we need to configure VSCode.
diff --git a/mkosi.conf b/mkosi.conf
index ab8a6a1372..2517aba518 100644
--- a/mkosi.conf
+++ b/mkosi.conf
@@ -140,10 +140,10 @@ Credentials=
tty.console.login.noauth=yes
RuntimeBuildSources=yes
RuntimeScratch=no
-QemuSmp=2
-QemuSwtpm=yes
-QemuVsock=yes
-QemuKvm=yes
+CPUs=2
+TPM=yes
+VSock=yes
+KVM=yes
[Include]
Include=%D/mkosi.sanitizers

63
0083-mkosi-Migrate-more-deprecated-options.patch Normal file
View File

@ -0,0 +1,63 @@
From d9bf9ede93027aaeb2726b359b12838e0b617528 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 6 Jan 2025 12:07:53 +0100
Subject: [PATCH] mkosi: Migrate more deprecated options
(cherry picked from commit 28baef47a3098bd82b27c0a629df6c5f885693e7)
---
.github/workflows/coverage.yml | 2 +-
.github/workflows/mkosi.yml | 2 +-
test/integration-test-wrapper.py | 7 +++----
3 files changed, 5 insertions(+), 6 deletions(-)
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index cea1e84af2..e678283143 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -64,7 +64,7 @@ jobs:
COVERAGE=1
[Runtime]
- QemuMem=4G
+ RAM=4G
EOF
- name: Generate secure boot key
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index 873ed589b6..d4b37f72b0 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -171,7 +171,7 @@ jobs:
SELinuxRelabel=${{ matrix.relabel }}
[Runtime]
- QemuMem=4G
+ RAM=4G
EOF
- name: Generate secure boot key
diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py
index d44e8f8bd6..ef6df8840f 100755
--- a/test/integration-test-wrapper.py
+++ b/test/integration-test-wrapper.py
@@ -479,9 +479,8 @@ def main() -> None:
'--runtime-network=none',
'--runtime-scratch=no',
*args.mkosi_args,
- '--qemu-firmware',
- args.firmware,
- *(['--qemu-kvm', 'no'] if int(os.getenv('TEST_NO_KVM', '0')) else []),
+ '--firmware', args.firmware,
+ *(['--kvm', 'no'] if int(os.getenv('TEST_NO_KVM', '0')) else []),
'--kernel-command-line-extra',
' '.join(
[
@@ -504,7 +503,7 @@ def main() -> None:
),
'--credential', f"journal.storage={'persistent' if sys.stderr.isatty() else args.storage}",
*(['--runtime-build-sources=no'] if not sys.stderr.isatty() else []),
- 'qemu' if args.vm or os.getuid() != 0 or os.getenv('TEST_PREFER_QEMU', '0') == '1' else 'boot',
+ 'vm' if args.vm or os.getuid() != 0 or os.getenv('TEST_PREFER_QEMU', '0') == '1' else 'boot',
] # fmt: skip
result = subprocess.run(cmd)

88
0084-ci-Rename-qemu-variable-to-vm.patch Normal file
View File

@ -0,0 +1,88 @@
From 9db018d9baf17460b9105915b2b92bee63f48912 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 6 Jan 2025 12:08:33 +0100
Subject: [PATCH] ci: Rename qemu variable to vm
(cherry picked from commit c5981510e9744b9646088717aeef1ea71f74b1a6)
---
.github/workflows/mkosi.yml | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index d4b37f72b0..a043022ce0 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -60,56 +60,56 @@ jobs:
llvm: 0
cflags: "-O2 -D_FORTIFY_SOURCE=3"
relabel: no
- qemu: 1
+ vm: 1
- distro: debian
release: testing
sanitizers: ""
llvm: 0
cflags: "-Og"
relabel: no
- qemu: 0
+ vm: 0
- distro: ubuntu
release: noble
sanitizers: ""
llvm: 0
cflags: "-Og"
relabel: no
- qemu: 0
+ vm: 0
- distro: fedora
release: "41"
sanitizers: ""
llvm: 0
cflags: "-Og"
relabel: yes
- qemu: 0
+ vm: 0
- distro: fedora
release: rawhide
sanitizers: address,undefined
llvm: 1
cflags: "-Og"
relabel: yes
- qemu: 0
+ vm: 0
- distro: opensuse
release: tumbleweed
sanitizers: ""
llvm: 0
cflags: "-Og"
relabel: no
- qemu: 0
+ vm: 0
- distro: centos
release: "9"
sanitizers: ""
llvm: 0
cflags: "-Og"
relabel: yes
- qemu: 0
+ vm: 0
- distro: centos
release: "10"
sanitizers: ""
llvm: 0
cflags: "-Og"
relabel: yes
- qemu: 0
+ vm: 0
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
@@ -194,7 +194,7 @@ jobs:
sudo --preserve-env \
mkosi sandbox \
env \
- TEST_PREFER_QEMU=${{ matrix.qemu }} \
+ TEST_PREFER_QEMU=${{ matrix.vm }} \
meson test \
-C build \
--no-rebuild \

43
0085-fmf-Insist-on-mkosi-sha-being-available.patch Normal file
View File

@ -0,0 +1,43 @@
From 80b0e03a8e38618a59ba36a4e96ea572613e6b62 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 6 Jan 2025 16:28:39 +0100
Subject: [PATCH] fmf: Insist on mkosi sha being available
Let's assume the workflow file containing the mkosi always being
available.
Also fix the detection while we're at it by not leaving the systemd
directory.
(cherry picked from commit 9e76e9c9dc211440e79a7e27600593169597cc41)
---
test/fmf/integration-tests/test.sh | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh
index 51cbab6ec9..f16bd84cba 100755
--- a/test/fmf/integration-tests/test.sh
+++ b/test/fmf/integration-tests/test.sh
@@ -17,20 +17,14 @@ if [[ -n "${PACKIT_SOURCE_URL:-}" ]]; then
git merge "pr/$PACKIT_SOURCE_BRANCH"
fi
git log --oneline -5
-popd
# Now prepare mkosi, possibly at the same version required by the systemd repo
git clone https://github.com/systemd/mkosi
-# If we have it, pin the mkosi version to the same one used by Github Actions, to ensure consistency
-if [ -f .github/workflows/mkosi.yml ]; then
- mkosi_hash="$(grep systemd/mkosi@ .github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")"
- git -C mkosi checkout "$mkosi_hash"
-fi
+mkosi_hash="$(grep systemd/mkosi@ .github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")"
+git -C mkosi checkout "$mkosi_hash"
export PATH="$PWD/mkosi/bin:$PATH"
-pushd systemd
-
# shellcheck source=/dev/null
. /etc/os-release || . /usr/lib/os-release

75
0086-fmf-Support-being-used-downstream-in-dist-git-tests.patch Normal file
View File

@ -0,0 +1,75 @@
From 54b90f783d45303c91a91300c2ef46c5dbd93220 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 6 Jan 2025 16:30:23 +0100
Subject: [PATCH] fmf: Support being used downstream in dist-git tests
We can use our upstream fmf definitions to run downstream tests in
the Fedora systemd dist-git repository
(https://src.fedoraproject.org/rpms/systemd). To have access to the
dist-git sources when running the tests, we enable dist-git-source: true
downstream which makes the sources available in $TMT_SOURCE_DIR so
let's make sure we use those sources if they're available.
(cherry picked from commit 0eb7e29dfb388f746797675cef1ebd7bc3568b6e)
---
test/fmf/integration-tests/test.sh | 46 ++++++++++++++++++++++++------
1 file changed, 37 insertions(+), 9 deletions(-)
diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh
index f16bd84cba..690e07aa56 100755
--- a/test/fmf/integration-tests/test.sh
+++ b/test/fmf/integration-tests/test.sh
@@ -7,16 +7,44 @@ set -o pipefail
# Switch SELinux to permissive, since the tests don't set proper contexts
setenforce 0
-# Prepare systemd source tree
-git clone "$PACKIT_TARGET_URL" systemd
-pushd systemd
-# If we're running in a pull request job, merge the remote branch into the current main
-if [[ -n "${PACKIT_SOURCE_URL:-}" ]]; then
- git remote add pr "${PACKIT_SOURCE_URL:?}"
- git fetch pr "${PACKIT_SOURCE_BRANCH:?}"
- git merge "pr/$PACKIT_SOURCE_BRANCH"
+# Allow running the integration tests downstream in dist-git with something like
+# the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR:
+#
+# summary: systemd Fedora test suite
+# discover:
+# how: fmf
+# url: https://github.com/systemd/systemd
+# ref: main
+# path: test/fmf
+# dist-git-source: true
+# dist-git-install-builddeps: false
+# prepare:
+# - name: systemd
+# how: install
+# exclude:
+# - systemd-standalone-.*
+# execute:
+# how: tmt
+
+if [[ -n "${TMT_SOURCE_DIR:-}" ]]; then
+ pushd "$TMT_SOURCE_DIR/*/"
+elif [[ -n "${PACKIT_TARGET_URL:-}" ]]; then
+ # Prepare systemd source tree
+ git clone "$PACKIT_TARGET_URL" systemd
+ pushd systemd
+
+ # If we're running in a pull request job, merge the remote branch into the current main
+ if [[ -n "${PACKIT_SOURCE_URL:-}" ]]; then
+ git remote add pr "${PACKIT_SOURCE_URL:?}"
+ git fetch pr "${PACKIT_SOURCE_BRANCH:?}"
+ git merge "pr/$PACKIT_SOURCE_BRANCH"
+ fi
+
+ git log --oneline -5
+else
+ echo "Not running within packit or Fedora CI"
+ exit 1
fi
-git log --oneline -5
# Now prepare mkosi, possibly at the same version required by the systemd repo
git clone https://github.com/systemd/mkosi

35
0087-core-fix-assert-when-AddDependencyUnitFiles-is-calle.patch Normal file
View File

@ -0,0 +1,35 @@
From b6792202f31c4e83d23a944b845e1f17fc14f619 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Mon, 6 Jan 2025 18:16:29 +0000
Subject: [PATCH] core: fix assert when AddDependencyUnitFiles is called with
invalid parameter
unit_file_add_dependency() asserts, so check before calling it that the
type is expected, or return EINVAL to the caller.
root@localhost:~# busctl call org.freedesktop.systemd1 /org/freedesktop/systemd1 org.freedesktop.systemd1.Manager AddDependencyUnitFiles "asssbb" 0 uwhatm8 After 1 1
Broadcast message from systemd-journald@localhost (Mon 2025-01-06 18:12:14 UTC):
systemd[1]: Caught <ABRT>, from our own process.
Fixes https://github.com/systemd/systemd/issues/35882
(cherry picked from commit d87dc74e8f1a30d72a0f202e411400bab34ab55a)
---
src/core/dbus-manager.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
index 20b05446b6..c4a7e2a20b 100644
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@@ -2760,7 +2760,7 @@ static int method_add_dependency_unit_files(sd_bus_message *message, void *userd
flags = unit_file_bools_to_flags(runtime, force);
dep = unit_dependency_from_string(type);
- if (dep < 0)
+ if (dep < 0 || !IN_SET(dep, UNIT_WANTS, UNIT_REQUIRES))
return -EINVAL;
r = unit_file_add_dependency(m->runtime_scope, flags, NULL, l, target, dep, &changes, &n_changes);

25
0088-repart-Use-streq_ptr.patch Normal file
View File

@ -0,0 +1,25 @@
From 85a9b7cfd1d9fc6d2a82ee9585eccbef543c520f Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 6 Jan 2025 23:02:30 +0100
Subject: [PATCH] repart: Use streq_ptr()
p->format is not guaranteed to be initialized.
(cherry picked from commit ffcdaec632d8b96b63499054ff3492b03b33e233)
---
src/repart/repart.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/repart/repart.c b/src/repart/repart.c
index 7e6fd2a29a..2ddff313fc 100644
--- a/src/repart/repart.c
+++ b/src/repart/repart.c
@@ -2311,7 +2311,7 @@ static int partition_finalize_fstype(Partition *p, const char *path) {
return log_oom();
const char *v = secure_getenv(e);
- if (!v || streq(p->format, v))
+ if (!v || streq_ptr(p->format, v))
return 0;
log_syntax(NULL, LOG_NOTICE, path, 1, 0,

25
0089-sd-device-add-missing-debugging-log.patch Normal file
View File

@ -0,0 +1,25 @@
From b3951fb0a8e1d0b1158602567dfc1cfb4ef50f49 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 5 Jan 2025 03:09:29 +0900
Subject: [PATCH] sd-device: add missing debugging log
It was unexpectedly dropped by 660087dc9c4a5c610da99e7b6b1772e371eb0a80.
(cherry picked from commit 7e5238625ed4a879c2fe8ff7e457021d174bf083)
---
src/libsystemd/sd-device/sd-device.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
index 01fa90b1ff..94dfd2ef13 100644
--- a/src/libsystemd/sd-device/sd-device.c
+++ b/src/libsystemd/sd-device/sd-device.c
@@ -234,7 +234,7 @@ int device_set_syspath(sd_device *device, const char *_syspath, bool verify) {
r = path_simplify_alloc(_syspath, &syspath);
if (r < 0)
- return r;
+ return log_oom_debug();
}
assert_se(devpath = startswith(syspath, "/sys"));

67
0090-sd-device-fix-validation-for-devices-under-sys-firmw.patch Normal file
View File

@ -0,0 +1,67 @@
From 47f9a9879a075505c03b394ed532f225689ec570 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 5 Jan 2025 03:52:05 +0900
Subject: [PATCH] sd-device: fix validation for devices under /sys/firmware/ in
sd_device_new_from_subsystem_sysname()
Devices under /sys/firmware/ do not have subsystems. Hence, the
validation in sd_device_new_from_subsystem_sysname() ->
device_new_from_path_join() always failed.
Fixes a bug introduced by cd7c71154cd62d3f50c07ce387edd9c20aebd7bc (v257).
Fixes #35861.
(cherry picked from commit 3328d1e1816f408e6516c35991a89a8d21fd60b4)
---
src/libsystemd/sd-device/sd-device.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
index 94dfd2ef13..9e28159779 100644
--- a/src/libsystemd/sd-device/sd-device.c
+++ b/src/libsystemd/sd-device/sd-device.c
@@ -401,7 +401,6 @@ static int device_new_from_path_join(
int r;
assert(device);
- assert(subsystem);
assert(sysname);
p = path_join(a, b, c, d);
@@ -486,13 +485,13 @@ _public_ int sd_device_new_from_subsystem_sysname(
if (streq(subsystem, "subsystem")) {
FOREACH_STRING(s, "/sys/bus/", "/sys/class/") {
- r = device_new_from_path_join(&device, subsystem, NULL, sysname, s, name, NULL, NULL);
+ r = device_new_from_path_join(&device, subsystem, /* driver_subsystem = */ NULL, sysname, s, name, NULL, NULL);
if (r < 0)
return r;
}
} else if (streq(subsystem, "module")) {
- r = device_new_from_path_join(&device, subsystem, NULL, sysname, "/sys/module/", name, NULL, NULL);
+ r = device_new_from_path_join(&device, subsystem, /* driver_subsystem = */ NULL, sysname, "/sys/module/", name, NULL, NULL);
if (r < 0)
return r;
@@ -514,15 +513,17 @@ _public_ int sd_device_new_from_subsystem_sysname(
}
}
- r = device_new_from_path_join(&device, subsystem, NULL, sysname, "/sys/bus/", subsystem, "/devices/", name);
+ r = device_new_from_path_join(&device, subsystem, /* driver_subsystem = */ NULL, sysname, "/sys/bus/", subsystem, "/devices/", name);
if (r < 0)
return r;
- r = device_new_from_path_join(&device, subsystem, NULL, sysname, "/sys/class/", subsystem, name, NULL);
+ r = device_new_from_path_join(&device, subsystem, /* driver_subsystem = */ NULL, sysname, "/sys/class/", subsystem, name, NULL);
if (r < 0)
return r;
- r = device_new_from_path_join(&device, subsystem, NULL, sysname, "/sys/firmware/", subsystem, name, NULL);
+ /* Note that devices under /sys/firmware/ (e.g. /sys/firmware/devicetree/base/) do not have
+ * subsystem. Hence, pass NULL for subsystem. See issue #35861. */
+ r = device_new_from_path_join(&device, /* subsystem = */ NULL, /* driver_subsystem = */ NULL, sysname, "/sys/firmware/", subsystem, name, NULL);
if (r < 0)
return r;

73
0091-resolved-stop-mdns-lnrr-when-config-changes-to-disab.patch Normal file
View File

@ -0,0 +1,73 @@
From 331888d165b6c4171db4fac318e773248db2218a Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Thu, 2 Jan 2025 17:30:21 +0000
Subject: [PATCH] resolved: stop mdns/lnrr when config changes to disabled on
reload
Currently on reload mdns/lnrr are enabled if they were disabled,
but not viceversa. Fix it.
Follow-up for 14a52176798bc2d013297b503ac6fa49a64e2725
(cherry picked from commit 2976730a4d34749bfb7a88da341464f1834ab1c6)
---
mkosi.conf | 1 +
src/resolve/resolved-link.c | 7 +++++--
test/units/TEST-75-RESOLVED.sh | 2 ++
3 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/mkosi.conf b/mkosi.conf
index 2517aba518..559901dfff 100644
--- a/mkosi.conf
+++ b/mkosi.conf
@@ -103,6 +103,7 @@ Packages=
kmod
less
llvm
+ lsof
lvm2
man
mdadm
diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c
index 928137b967..067a0813ec 100644
--- a/src/resolve/resolved-link.c
+++ b/src/resolve/resolved-link.c
@@ -651,13 +651,16 @@ int link_update(Link *l) {
r = manager_llmnr_start(l->manager);
if (r < 0)
return r;
- }
+ } else
+ manager_llmnr_stop(l->manager);
+
if (link_get_mdns_support(l) != RESOLVE_SUPPORT_NO) {
r = manager_mdns_start(l->manager);
if (r < 0)
return r;
- }
+ } else
+ manager_mdns_stop(l->manager);
link_allocate_scopes(l);
link_add_rrs(l, false);
diff --git a/test/units/TEST-75-RESOLVED.sh b/test/units/TEST-75-RESOLVED.sh
index 576c04f87a..fd07fd898a 100755
--- a/test/units/TEST-75-RESOLVED.sh
+++ b/test/units/TEST-75-RESOLVED.sh
@@ -339,6 +339,7 @@ manual_testcase_02_mdns_llmnr() {
# defaults to yes (both the global and per-link settings are yes)
assert_in 'yes' "$(resolvectl mdns hoge)"
assert_in 'yes' "$(resolvectl llmnr hoge)"
+ lsof -p "$(systemctl show --property MainPID --value systemd-resolved.service)" | grep -q ":mdns\|:5353"
# set per-link setting
resolvectl mdns hoge yes
resolvectl llmnr hoge yes
@@ -379,6 +380,7 @@ manual_testcase_02_mdns_llmnr() {
echo "LLMNR=no"
} >/run/systemd/resolved.conf.d/mdns-llmnr.conf
systemctl reload systemd-resolved.service
+ (! lsof -p "$(systemctl show --property MainPID --value systemd-resolved.service)" | grep -q ":mdns\|:5353")
# set per-link setting
resolvectl mdns hoge yes
resolvectl llmnr hoge yes

48
0092-shared-hibernate-util-don-t-attempt-to-fiemap-fd-if-.patch Normal file
View File

@ -0,0 +1,48 @@
From 74d673d7ae13e561e4f72d0f16a35fb8f5f3f5be Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Thu, 2 Jan 2025 04:13:23 +0100
Subject: [PATCH] shared/hibernate-util: don't attempt to fiemap fd if no
backing dev available
Prompted by #35798
Co-authored-by: Yu Watanabe <watanabe.yu+github@gmail.com>
(cherry picked from commit 6d3b2273b1e14d79548a018674ad6e5a5b8b8009)
---
src/shared/hibernate-util.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/shared/hibernate-util.c b/src/shared/hibernate-util.c
index 1213fdc2c7..49ce787d02 100644
--- a/src/shared/hibernate-util.c
+++ b/src/shared/hibernate-util.c
@@ -235,6 +235,8 @@ static int swap_entry_get_resume_config(SwapEntry *swap) {
r = get_block_device_fd(fd, &swap->devno);
if (r < 0)
return r;
+ if (r == 0)
+ return -EMEDIUMTYPE;
r = fd_is_fs_type(fd, BTRFS_SUPER_MAGIC);
if (r < 0)
@@ -362,14 +364,16 @@ int find_suitable_hibernation_device_full(HibernationDevice *ret_device, uint64_
FOREACH_ARRAY(swap, entries.swaps, entries.n_swaps) {
r = swap_entry_get_resume_config(swap);
- if (r < 0)
- return log_debug_errno(r, "Failed to get devno and offset for swap '%s': %m", swap->path);
- if (swap->devno == 0) {
+ if (r == -EMEDIUMTYPE) {
assert(swap->swapfile);
- log_debug("Swap file '%s' is not backed by block device, ignoring: %m", swap->path);
+ log_debug_errno(r, "Unable to acquire backing block device for swap file '%s' (maybe on a RAID btrfs?), ignoring.",
+ swap->path);
continue;
}
+ if (r < 0)
+ return log_debug_errno(r, "Failed to get devno and offset for swap '%s': %m", swap->path);
+ assert(swap->devno > 0);
if (resume_config_devno > 0) {
if (swap->devno == resume_config_devno &&

45
0093-shared-hibernate-util-handle-the-case-where-no-swap-.patch Normal file
View File

@ -0,0 +1,45 @@
From 01686c36cd564f8fd77386ae69808f498c32be83 Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Thu, 2 Jan 2025 04:17:47 +0100
Subject: [PATCH] shared/hibernate-util: handle the case where no swap has
available backing dev
This also makes find_suitable_hibernation_device() report
more accurate error (ENOSPC -> ESTALE) if there's
no swap space on the system at all but resume= is set.
Fixes #35798
Replaces #35801
(cherry picked from commit bd3d361580715c7a6204c74df9185cc81d67f0c2)
---
src/shared/hibernate-util.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/src/shared/hibernate-util.c b/src/shared/hibernate-util.c
index 49ce787d02..25d742ed1f 100644
--- a/src/shared/hibernate-util.c
+++ b/src/shared/hibernate-util.c
@@ -359,8 +359,6 @@ int find_suitable_hibernation_device_full(HibernationDevice *ret_device, uint64_
r = read_swap_entries(&entries);
if (r < 0)
return r;
- if (entries.n_swaps == 0)
- return log_debug_errno(SYNTHETIC_ERRNO(ENOSPC), "No swap space available for hibernation.");
FOREACH_ARRAY(swap, entries.swaps, entries.n_swaps) {
r = swap_entry_get_resume_config(swap);
@@ -396,9 +394,10 @@ int find_suitable_hibernation_device_full(HibernationDevice *ret_device, uint64_
}
if (!entry) {
- /* No need to check n_swaps == 0, since it's rejected early */
- assert(resume_config_devno > 0);
- return log_debug_errno(SYNTHETIC_ERRNO(ESTALE), "Cannot find swap entry corresponding to /sys/power/resume.");
+ if (resume_config_devno > 0)
+ return log_debug_errno(SYNTHETIC_ERRNO(ESTALE), "Cannot find swap entry corresponding to /sys/power/resume.");
+
+ return log_debug_errno(SYNTHETIC_ERRNO(ENOSPC), "No swap space available for hibernation.");
}
if (ret_device) {

30
0094-locale-setup-do-not-load-locale-from-environemnt-whe.patch Normal file
View File

@ -0,0 +1,30 @@
From d00cc09bf0c23c9bb376e1280773f7996ab7820e Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 28 Dec 2024 15:07:31 +0900
Subject: [PATCH] locale-setup: do not load locale from environemnt when
/etc/locale.conf is unchanged
Previously, when /etc/locale.conf is unchanged, locales were loaded from
possibly outdated environment variable.
Fixes a bug introduced by 018befcff6b51f8a50ca232e1984d34526037241 (v253).
Fixes #35717.
(cherry picked from commit 80797bbb919b3ccde4e51b349f3ca70c1157053e)
---
src/shared/locale-setup.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/locale-setup.c b/src/shared/locale-setup.c
index 4e7f486a23..5c4580cfff 100644
--- a/src/shared/locale-setup.c
+++ b/src/shared/locale-setup.c
@@ -75,7 +75,7 @@ static int locale_context_load_conf(LocaleContext *c, LocaleLoadFlag flag) {
/* If the file is not changed, then we do not need to re-read the file. */
if (stat_inode_unmodified(&c->st, &st))
- return 0;
+ return 1; /* (already) loaded */
c->st = st;
locale_context_clear(c);

36
0095-machine-GC-machine-when-no-leader-PID-is-set.patch Normal file
View File

@ -0,0 +1,36 @@
From 962bdd1d02df80a6e846a6426709624009c7d9d8 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 28 Dec 2024 11:38:24 +0900
Subject: [PATCH] machine: GC machine when no leader PID is set
After d8854ff1aca4434db0d7d6dcaf9fcf2f38105fb4, if a serialized
leader PID of a machine is already dead when deserialized, then the
leader PID and PIDFD are unset for the machine, and subsequent
machine_start() -> machine_watch_pidfd() will trigger an assertion.
This makes a Machine object without leader PID GCed.
Fixes a bug introduced by the combination of
d8854ff1aca4434db0d7d6dcaf9fcf2f38105fb4 (v255) and
1762c2c045d3a78d3cad54c6b1e5ee9624b32b00 (v257).
Fixes #35602.
(cherry picked from commit 51a0a3b0494d01c1622f6d0c3e2c31e01c18612f)
---
src/machine/machine.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/machine/machine.c b/src/machine/machine.c
index 587c2267b6..26ce1556a5 100644
--- a/src/machine/machine.c
+++ b/src/machine/machine.c
@@ -610,6 +610,9 @@ bool machine_may_gc(Machine *m, bool drop_not_started) {
if (m->class == MACHINE_HOST)
return false;
+ if (!pidref_is_set(&m->leader))
+ return true;
+
if (drop_not_started && !m->started)
return true;

131
0096-creds-fix-use-after-free-in-varlink-interface.patch Normal file
View File

@ -0,0 +1,131 @@
From b342fb52b09f9e6b2e027460831f9bc139c8b27e Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Fri, 27 Dec 2024 15:06:39 +0000
Subject: [PATCH] creds: fix use-after-free in varlink interface
All other usages of sd_varlink_call* do not free the json return parameter,
and it is owned by the varlink object instead. Do the same here.
TEST-54-CREDS.sh[1074]: ==1074==ERROR: AddressSanitizer: heap-use-after-free on address 0x50c00000095a at pc 0x55cf8cd18a0f bp 0x7ffd7b9d4f10 sp 0x7ffd7b9d4f08
TEST-54-CREDS.sh[1074]: READ of size 2 at 0x50c00000095a thread T0 ((sd-mkdcreds))
TEST-54-CREDS.sh[1074]: #0 0x55cf8cd18a0e in sd_json_variant_unref /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:887:16
TEST-54-CREDS.sh[1074]: #1 0x55cf8cd4cecb in varlink_clear_current /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:593:22
TEST-54-CREDS.sh[1074]: #2 0x55cf8cd4975e in varlink_clear /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:614:9
TEST-54-CREDS.sh[1074]: #3 0x55cf8cd3dc3c in varlink_destroy /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:651:9
TEST-54-CREDS.sh[1074]: #4 0x55cf8cd3dc3c in sd_varlink_unref /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:657:1
TEST-54-CREDS.sh[1074]: #5 0x55cf8cb47a82 in sd_varlink_unrefp /usr/src/debug/systemd/src/systemd/sd-varlink.h:279:1
TEST-54-CREDS.sh[1074]: #6 0x55cf8cb47a82 in ipc_decrypt_credential /usr/src/debug/systemd/src/shared/creds-util.c:1660:1
TEST-54-CREDS.sh[1074]: #7 0x55cf8caca99a in maybe_decrypt_and_write_credential /usr/src/debug/systemd/src/core/exec-credential.c:486:29
TEST-54-CREDS.sh[1074]: #8 0x55cf8cac790b in load_credential /usr/src/debug/systemd/src/core/exec-credential.c:713:16
TEST-54-CREDS.sh[1074]: #9 0x55cf8cac5403 in acquire_credentials /usr/src/debug/systemd/src/core/exec-credential.c:819:29
TEST-54-CREDS.sh[1074]: #10 0x55cf8cac5403 in setup_credentials_internal /usr/src/debug/systemd/src/core/exec-credential.c:1023:13
TEST-54-CREDS.sh[1074]: #11 0x55cf8cac42d4 in exec_setup_credentials /usr/src/debug/systemd/src/core/exec-credential.c:1168:21
TEST-54-CREDS.sh[1074]: #12 0x55cf8ca59569 in exec_invoke /usr/src/debug/systemd/src/core/exec-invoke.c:4866:13
TEST-54-CREDS.sh[1074]: #13 0x55cf8ca428d8 in run /usr/src/debug/systemd/src/core/executor.c:244:13
TEST-54-CREDS.sh[1074]: #14 0x55cf8ca428d8 in main /usr/src/debug/systemd/src/core/executor.c:275:13
TEST-54-CREDS.sh[1074]: #15 0x7f64b40110c7 in __libc_start_call_main (/lib64/libc.so.6+0x40c7) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05)
TEST-54-CREDS.sh[1074]: #16 0x7f64b401118a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x418a) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05)
TEST-54-CREDS.sh[1074]: #17 0x55cf8ca41cb4 (/usr/lib/systemd/systemd-executor+0x124cb4) (BuildId: 24f2b1608c3aaee3226cdd14fa2b6e6741156222)
TEST-54-CREDS.sh[1074]: 0x50c00000095a is located 26 bytes inside of 120-byte region [0x50c000000940,0x50c0000009b8)
TEST-54-CREDS.sh[1074]: freed by thread T0 ((sd-mkdcreds)) here:
TEST-54-CREDS.sh[1074]: #0 0x7f64b48d57ea in free (/usr/lib/clang/19/lib/x86_64-redhat-linux-gnu/libclang_rt.asan.so+0xd57ea) (BuildId: c59bbd28ceb74038a60373d4a8cd4c258bcf0b4e)
TEST-54-CREDS.sh[1074]: #1 0x55cf8cd188ab in sd_json_variant_unref /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:895:25
TEST-54-CREDS.sh[1074]: #2 0x55cf8cb47a4c in sd_json_variant_unrefp /usr/src/debug/systemd/src/systemd/sd-json.h:98:1
TEST-54-CREDS.sh[1074]: #3 0x55cf8cb47a4c in ipc_decrypt_credential /usr/src/debug/systemd/src/shared/creds-util.c:1660:1
TEST-54-CREDS.sh[1074]: #4 0x55cf8caca99a in maybe_decrypt_and_write_credential /usr/src/debug/systemd/src/core/exec-credential.c:486:29
TEST-54-CREDS.sh[1074]: #5 0x55cf8cac790b in load_credential /usr/src/debug/systemd/src/core/exec-credential.c:713:16
TEST-54-CREDS.sh[1074]: #6 0x55cf8cac5403 in acquire_credentials /usr/src/debug/systemd/src/core/exec-credential.c:819:29
TEST-54-CREDS.sh[1074]: #7 0x55cf8cac5403 in setup_credentials_internal /usr/src/debug/systemd/src/core/exec-credential.c:1023:13
TEST-54-CREDS.sh[1074]: #8 0x55cf8cac42d4 in exec_setup_credentials /usr/src/debug/systemd/src/core/exec-credential.c:1168:21
TEST-54-CREDS.sh[1074]: #9 0x55cf8ca59569 in exec_invoke /usr/src/debug/systemd/src/core/exec-invoke.c:4866:13
TEST-54-CREDS.sh[1074]: #10 0x55cf8ca428d8 in run /usr/src/debug/systemd/src/core/executor.c:244:13
TEST-54-CREDS.sh[1074]: #11 0x55cf8ca428d8 in main /usr/src/debug/systemd/src/core/executor.c:275:13
TEST-54-CREDS.sh[1074]: #12 0x7f64b40110c7 in __libc_start_call_main (/lib64/libc.so.6+0x40c7) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05)
TEST-54-CREDS.sh[1074]: #13 0x7f64b401118a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x418a) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05)
TEST-54-CREDS.sh[1074]: #14 0x55cf8ca41cb4 (/usr/lib/systemd/systemd-executor+0x124cb4) (BuildId: 24f2b1608c3aaee3226cdd14fa2b6e6741156222)
TEST-54-CREDS.sh[1074]: previously allocated by thread T0 ((sd-mkdcreds)) here:
TEST-54-CREDS.sh[1074]: #0 0x7f64b48d5a83 in malloc (/usr/lib/clang/19/lib/x86_64-redhat-linux-gnu/libclang_rt.asan.so+0xd5a83) (BuildId: c59bbd28ceb74038a60373d4a8cd4c258bcf0b4e)
TEST-54-CREDS.sh[1074]: #1 0x55cf8cd16bb7 in malloc_multiply /usr/src/debug/systemd/src/basic/alloc-util.h:119:16
TEST-54-CREDS.sh[1074]: #2 0x55cf8cd16bb7 in sd_json_variant_new_object /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:737:13
TEST-54-CREDS.sh[1074]: #3 0x55cf8cd32e58 in json_parse_internal /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:3161:29
TEST-54-CREDS.sh[1074]: #4 0x55cf8cd37326 in sd_json_parse_with_source /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:3408:16
TEST-54-CREDS.sh[1074]: #5 0x55cf8cd37326 in sd_json_parse /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:3437:16
TEST-54-CREDS.sh[1074]: #6 0x55cf8cd3f753 in varlink_parse_message /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:962:13
TEST-54-CREDS.sh[1074]: #7 0x55cf8cd3f753 in sd_varlink_process /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:1466:13
TEST-54-CREDS.sh[1074]: #8 0x55cf8cd4c0a9 in sd_varlink_call_full /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:2160:21
TEST-54-CREDS.sh[1074]: #9 0x55cf8cd4d617 in sd_varlink_callb_ap /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:2237:16
TEST-54-CREDS.sh[1074]: #10 0x55cf8cd4da3c in sd_varlink_callb /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:2251:13
TEST-54-CREDS.sh[1074]: #11 0x55cf8cb47686 in ipc_decrypt_credential /usr/src/debug/systemd/src/shared/creds-util.c:1623:13
TEST-54-CREDS.sh[1074]: #12 0x55cf8caca99a in maybe_decrypt_and_write_credential /usr/src/debug/systemd/src/core/exec-credential.c:486:29
TEST-54-CREDS.sh[1074]: #13 0x55cf8cac790b in load_credential /usr/src/debug/systemd/src/core/exec-credential.c:713:16
TEST-54-CREDS.sh[1074]: #14 0x55cf8cac5403 in acquire_credentials /usr/src/debug/systemd/src/core/exec-credential.c:819:29
TEST-54-CREDS.sh[1074]: #15 0x55cf8cac5403 in setup_credentials_internal /usr/src/debug/systemd/src/core/exec-credential.c:1023:13
TEST-54-CREDS.sh[1074]: #16 0x55cf8cac42d4 in exec_setup_credentials /usr/src/debug/systemd/src/core/exec-credential.c:1168:21
TEST-54-CREDS.sh[1074]: #17 0x55cf8ca59569 in exec_invoke /usr/src/debug/systemd/src/core/exec-invoke.c:4866:13
TEST-54-CREDS.sh[1074]: #18 0x55cf8ca428d8 in run /usr/src/debug/systemd/src/core/executor.c:244:13
TEST-54-CREDS.sh[1074]: #19 0x55cf8ca428d8 in main /usr/src/debug/systemd/src/core/executor.c:275:13
TEST-54-CREDS.sh[1074]: #20 0x7f64b40110c7 in __libc_start_call_main (/lib64/libc.so.6+0x40c7) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05)
TEST-54-CREDS.sh[1074]: #21 0x7f64b401118a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x418a) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05)
TEST-54-CREDS.sh[1074]: #22 0x55cf8ca41cb4 (/usr/lib/systemd/systemd-executor+0x124cb4) (BuildId: 24f2b1608c3aaee3226cdd14fa2b6e6741156222)
TEST-54-CREDS.sh[1074]: SUMMARY: AddressSanitizer: heap-use-after-free /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:887:16 in sd_json_variant_unref
TEST-54-CREDS.sh[1074]: Shadow bytes around the buggy address:
TEST-54-CREDS.sh[1074]: 0x50c000000680: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
TEST-54-CREDS.sh[1074]: 0x50c000000700: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
TEST-54-CREDS.sh[1074]: 0x50c000000780: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
TEST-54-CREDS.sh[1074]: 0x50c000000800: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
TEST-54-CREDS.sh[1074]: 0x50c000000880: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
TEST-54-CREDS.sh[1074]: =>0x50c000000900: fa fa fa fa fa fa fa fa fd fd fd[fd]fd fd fd fd
TEST-54-CREDS.sh[1074]: 0x50c000000980: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
TEST-54-CREDS.sh[1074]: 0x50c000000a00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
TEST-54-CREDS.sh[1074]: 0x50c000000a80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
TEST-54-CREDS.sh[1074]: 0x50c000000b00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
TEST-54-CREDS.sh[1074]: 0x50c000000b80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
TEST-54-CREDS.sh[1074]: Shadow byte legend (one shadow byte represents 8 application bytes):
TEST-54-CREDS.sh[1074]: Addressable: 00
TEST-54-CREDS.sh[1074]: Partially addressable: 01 02 03 04 05 06 07
TEST-54-CREDS.sh[1074]: Heap left redzone: fa
TEST-54-CREDS.sh[1074]: Freed heap region: fd
TEST-54-CREDS.sh[1074]: Stack left redzone: f1
TEST-54-CREDS.sh[1074]: Stack mid redzone: f2
TEST-54-CREDS.sh[1074]: Stack right redzone: f3
TEST-54-CREDS.sh[1074]: Stack after return: f5
TEST-54-CREDS.sh[1074]: Stack use after scope: f8
TEST-54-CREDS.sh[1074]: Global redzone: f9
TEST-54-CREDS.sh[1074]: Global init order: f6
TEST-54-CREDS.sh[1074]: Poisoned by user: f7
TEST-54-CREDS.sh[1074]: Container overflow: fc
TEST-54-CREDS.sh[1074]: Array cookie: ac
TEST-54-CREDS.sh[1074]: Intra object redzone: bb
TEST-54-CREDS.sh[1074]: ASan internal: fe
TEST-54-CREDS.sh[1074]: Left alloca redzone: ca
TEST-54-CREDS.sh[1074]: Right alloca redzone: cb
Follow-up for 2c3cbc5c018e05b3a3e5ec6c6a2da6f3c6c3fb09
(cherry picked from commit 842a674d4f7fb69af28e67f447c1250383e50f41)
---
src/shared/creds-util.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c
index 6ee18838cc..5156c63fd3 100644
--- a/src/shared/creds-util.c
+++ b/src/shared/creds-util.c
@@ -1560,7 +1560,7 @@ int ipc_encrypt_credential(const char *name, usec_t timestamp, usec_t not_after,
sd_json_variant_sensitive(jinput);
- _cleanup_(sd_json_variant_unrefp) sd_json_variant *reply = NULL;
+ sd_json_variant *reply = NULL;
const char *error_id = NULL;
r = sd_varlink_callbo(
vl,
@@ -1618,7 +1618,7 @@ int ipc_decrypt_credential(const char *validate_name, usec_t validate_timestamp,
sd_json_variant_sensitive(jinput);
- _cleanup_(sd_json_variant_unrefp) sd_json_variant *reply = NULL;
+ sd_json_variant *reply = NULL;
const char *error_id = NULL;
r = sd_varlink_callbo(
vl,

30
0097-core-unit-serialize-fix-serialization-of-markers.patch Normal file
View File

@ -0,0 +1,30 @@
From 6f30e56bf3e5272e83cff11d153ae70c3ffb7624 Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Thu, 26 Dec 2024 21:15:44 +0100
Subject: [PATCH] core/unit-serialize: fix serialization of markers
Follow-up for ff68472a20c208121b69ea13586f3105a219bc14
(cherry picked from commit 5ce8d7d83902e920a34488c4193d9bc4b5bb70ae)
---
src/core/unit-serialize.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c
index f196242eaf..82102c0c32 100644
--- a/src/core/unit-serialize.c
+++ b/src/core/unit-serialize.c
@@ -21,10 +21,12 @@ static int serialize_markers(FILE *f, unsigned markers) {
if (markers == 0)
return 0;
+ bool space = false;
+
fputs("markers=", f);
for (UnitMarker m = 0; m < _UNIT_MARKER_MAX; m++)
if (FLAGS_SET(markers, 1u << m))
- fputs(unit_marker_to_string(m), f);
+ fputs_with_separator(f, unit_marker_to_string(m), /* separator = */ NULL, &space);
fputc('\n', f);
return 0;
}

84
0098-test-answer-2nd-mdadm-create-question-for-compat-wit.patch Normal file
View File

@ -0,0 +1,84 @@
From b2320ced3873981f1215eddb597cfa4aad5bd1b6 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Sun, 22 Dec 2024 13:31:36 +0000
Subject: [PATCH] test: answer 2nd mdadm --create question for compat with new
version
New version of mdadm now asks a second question, so send 'y' twice
to it in the test scripts
[ 5.253483] TEST-64-UDEV-STORAGE.sh[684]: + echo y
[ 5.254412] TEST-64-UDEV-STORAGE.sh[685]: + mdadm --create /dev/md/mdmirror --name mdmirror --uuid aaaaaaaa:bbbbbbbb:cccccccc:00000001 /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm0 /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm1 -v -f --level=1 --raid-devices=2
[ 5.254759] TEST-64-UDEV-STORAGE.sh[685]: To optimalize recovery speed, it is recommended to enable write-indent bitmap, do you want to enable it now? [y/N]? mdadm: Note: this array has metadata at the start and
[ 5.255085] TEST-64-UDEV-STORAGE.sh[685]: may not be suitable as a boot device. If you plan to
[ 5.255418] TEST-64-UDEV-STORAGE.sh[685]: store '/boot' on this device please ensure that
[ 5.255745] TEST-64-UDEV-STORAGE.sh[685]: your boot-loader understands md/v1.x metadata, or use
[ 5.256285] TEST-64-UDEV-STORAGE.sh[685]: --metadata=0.90
[ 5.256672] TEST-64-UDEV-STORAGE.sh[685]: mdadm: size set to 64512K
[ 5.257063] TEST-64-UDEV-STORAGE.sh[685]: Continue creating array [y/N]? mdadm: create aborted.
This is backward compatible with the older version that asks just one
question
(cherry picked from commit 16406420ea449b75e70a7dced05d7b98bc0f5376)
---
test/units/TEST-64-UDEV-STORAGE.sh | 8 ++++----
test/units/TEST-74-AUX-UTILS.bootctl.sh | 4 ++--
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/test/units/TEST-64-UDEV-STORAGE.sh b/test/units/TEST-64-UDEV-STORAGE.sh
index 24c1adaeda..01c3dd68ea 100755
--- a/test/units/TEST-64-UDEV-STORAGE.sh
+++ b/test/units/TEST-64-UDEV-STORAGE.sh
@@ -1080,7 +1080,7 @@ testcase_mdadm_basic() {
"/dev/disk/by-label/$part_name" # ext4 partition
)
# Create a simple RAID 1 with an ext4 filesystem
- echo y | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm{0..1} -v -f --level=1 --raid-devices=2
+ printf 'y\ny\n' | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm{0..1} -v -f --level=1 --raid-devices=2
udevadm wait --settle --timeout=30 "$raid_dev"
# udevd does not lock md devices, hence we need to trigger uevent after creating filesystem.
mkfs.ext4 -L "$part_name" "$raid_dev"
@@ -1111,7 +1111,7 @@ testcase_mdadm_basic() {
"/dev/disk/by-label/$part_name" # ext4 partition
)
# Create a simple RAID 5 with an ext4 filesystem
- echo y | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm{0..2} -v -f --level=5 --raid-devices=3
+ printf 'y\ny\n' | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm{0..2} -v -f --level=5 --raid-devices=3
udevadm wait --settle --timeout=30 "$raid_dev"
mkfs.ext4 -L "$part_name" "$raid_dev"
udevadm trigger --settle "$raid_dev"
@@ -1152,7 +1152,7 @@ testcase_mdadm_basic() {
"/dev/disk/by-id/md-uuid-$uuid-part3"
)
# Create a simple RAID 10 with an ext4 filesystem
- echo y | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm{0..3} -v -f --level=10 --raid-devices=4
+ printf 'y\ny\n' | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm{0..3} -v -f --level=10 --raid-devices=4
udevadm wait --settle --timeout=30 "$raid_dev"
# Partition the raid device
# Here, 'udevadm lock' is meaningless, as udevd does not lock MD devices.
@@ -1208,7 +1208,7 @@ testcase_mdadm_lvm() {
"/dev/disk/by-label/$part_name" # ext4 partition
)
# Create a RAID 10 with LVM + ext4
- echo y | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadmlvm{0..3} -v -f --level=10 --raid-devices=4
+ printf 'y\ny\n' | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadmlvm{0..3} -v -f --level=10 --raid-devices=4
udevadm wait --settle --timeout=30 "$raid_dev"
# Create an LVM on the MD
lvm pvcreate -y "$raid_dev"
diff --git a/test/units/TEST-74-AUX-UTILS.bootctl.sh b/test/units/TEST-74-AUX-UTILS.bootctl.sh
index 46fd5d1f2d..650c289aca 100755
--- a/test/units/TEST-74-AUX-UTILS.bootctl.sh
+++ b/test/units/TEST-74-AUX-UTILS.bootctl.sh
@@ -215,9 +215,9 @@ EOF
udevadm settle
- echo y | mdadm --create /dev/md/raid-esp --name "raid-esp" "${LOOPDEV1}p1" "${LOOPDEV2}p1" -v -f --level=1 --raid-devices=2
+ printf 'y\ny\n' | mdadm --create /dev/md/raid-esp --name "raid-esp" "${LOOPDEV1}p1" "${LOOPDEV2}p1" -v -f --level=1 --raid-devices=2
mkfs.vfat /dev/md/raid-esp
- echo y | mdadm --create /dev/md/raid-root --name "raid-root" "${LOOPDEV1}p2" "${LOOPDEV2}p2" -v -f --level=1 --raid-devices=2
+ printf 'y\ny\n' | mdadm --create /dev/md/raid-root --name "raid-root" "${LOOPDEV1}p2" "${LOOPDEV2}p2" -v -f --level=1 --raid-devices=2
mkfs.ext4 /dev/md/raid-root
mkfs.btrfs -f -M -d raid1 -m raid1 -L "raid-boot" "${LOOPDEV1}p3" "${LOOPDEV2}p3"

Some files were not shown because too many files have changed in this diff Show More