diff --git a/0011-logind-set-RemoveIPC-to-false-by-default.patch b/0011-logind-set-RemoveIPC-to-false-by-default.patch new file mode 100644 index 0000000..f2a4438 --- /dev/null +++ b/0011-logind-set-RemoveIPC-to-false-by-default.patch @@ -0,0 +1,53 @@ +From 6e4f0c54b24080fb57261a54a4e26b64f806f40d Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 1 Aug 2018 10:58:28 +0200 +Subject: [PATCH] logind: set RemoveIPC to false by default + +RHEL-only: bugfix + +Related: RHEL-40924 +--- + man/logind.conf.xml | 2 +- + src/login/logind-core.c | 2 +- + src/login/logind.conf.in | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/man/logind.conf.xml b/man/logind.conf.xml +index c52431fd41..bb5e13bfd9 100644 +--- a/man/logind.conf.xml ++++ b/man/logind.conf.xml +@@ -374,7 +374,7 @@ + user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the + last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as + well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users +- are excluded from the effect of this setting. Defaults to yes. ++ are excluded from the effect of this setting. Defaults to no. + + + +diff --git a/src/login/logind-core.c b/src/login/logind-core.c +index 71e4247a79..26250c5704 100644 +--- a/src/login/logind-core.c ++++ b/src/login/logind-core.c +@@ -36,7 +36,7 @@ void manager_reset_config(Manager *m) { + + m->n_autovts = 6; + m->reserve_vt = 6; +- m->remove_ipc = true; ++ m->remove_ipc = false; + m->inhibit_delay_max = 5 * USEC_PER_SEC; + m->user_stop_delay = 10 * USEC_PER_SEC; + +diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in +index b62458ec3c..dc798bea2d 100644 +--- a/src/login/logind.conf.in ++++ b/src/login/logind.conf.in +@@ -46,7 +46,7 @@ + #IdleActionSec=30min + #RuntimeDirectorySize=10% + #RuntimeDirectoryInodesMax= +-#RemoveIPC=yes ++#RemoveIPC=no + #InhibitorsMax=8192 + #SessionsMax=8192 + #StopIdleSessionSec=infinity diff --git a/0012-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch b/0012-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch new file mode 100644 index 0000000..beb127b --- /dev/null +++ b/0012-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch @@ -0,0 +1,43 @@ +From ed416f79aac6c1136f5d20a19cfc20c2709ab314 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Thu, 5 Aug 2021 17:11:47 +0200 +Subject: [PATCH] tmpfiles: don't create resolv.conf -> stub-resolv.conf + symlink + +RHEL-only: bugfix + +Related: RHEL-40924 +--- + tmpfiles.d/meson.build | 1 - + tmpfiles.d/systemd-resolve.conf | 10 ---------- + 2 files changed, 11 deletions(-) + delete mode 100644 tmpfiles.d/systemd-resolve.conf + +diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build +index bec24ac7b4..55ce48979d 100644 +--- a/tmpfiles.d/meson.build ++++ b/tmpfiles.d/meson.build +@@ -10,7 +10,6 @@ files = [['README', ''], + ['systemd-nologin.conf', 'HAVE_PAM'], + ['systemd-nspawn.conf', 'ENABLE_MACHINED'], + ['systemd-pstore.conf', 'ENABLE_PSTORE'], +- ['systemd-resolve.conf', 'ENABLE_RESOLVE'], + ['systemd-tmp.conf', ''], + ['tmp.conf', ''], + ['x11.conf', ''], +diff --git a/tmpfiles.d/systemd-resolve.conf b/tmpfiles.d/systemd-resolve.conf +deleted file mode 100644 +index cb1c56d6a6..0000000000 +--- a/tmpfiles.d/systemd-resolve.conf ++++ /dev/null +@@ -1,10 +0,0 @@ +-# This file is part of systemd. +-# +-# systemd is free software; you can redistribute it and/or modify it +-# under the terms of the GNU Lesser General Public License as published by +-# the Free Software Foundation; either version 2.1 of the License, or +-# (at your option) any later version. +- +-# See tmpfiles.d(5) for details +- +-L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf diff --git a/0013-rc-local-order-after-network-online.target.patch b/0013-rc-local-order-after-network-online.target.patch new file mode 100644 index 0000000..d8c1298 --- /dev/null +++ b/0013-rc-local-order-after-network-online.target.patch @@ -0,0 +1,29 @@ +From 49241b42effa3684b485a8b90e5b4256a6223971 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Thu, 11 Mar 2021 15:48:23 +0100 +Subject: [PATCH] rc-local: order after network-online.target + +I think this was the intent of commit 91b684c7300879a8d2006038f7d9185d92c3c3bf, +just network-online.target didn't exist back then. + +RHEL-only: bugfix + +Related: RHEL-40924 +--- + units/rc-local.service.in | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/units/rc-local.service.in b/units/rc-local.service.in +index 6fb0838cdb..40ffc15c99 100644 +--- a/units/rc-local.service.in ++++ b/units/rc-local.service.in +@@ -13,7 +13,8 @@ + Description={{RC_LOCAL_PATH}} Compatibility + Documentation=man:systemd-rc-local-generator(8) + ConditionFileIsExecutable={{RC_LOCAL_PATH}} +-After=network.target ++After=network-online.target ++Wants=network-online.target + + [Service] + Type=forking diff --git a/0014-random-util-increase-random-seed-size-to-1024.patch b/0014-random-util-increase-random-seed-size-to-1024.patch new file mode 100644 index 0000000..f1710ba --- /dev/null +++ b/0014-random-util-increase-random-seed-size-to-1024.patch @@ -0,0 +1,25 @@ +From 9a6ef20bab1411570b3af6f6bbdb1a299ea8e73a Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Thu, 15 Jul 2021 11:15:17 +0200 +Subject: [PATCH] random-util: increase random seed size to 1024 + +RHEL-only: feature + +Related: RHEL-40924 +--- + src/basic/random-util.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/random-util.h b/src/basic/random-util.h +index b1a4d10971..08b1a3599a 100644 +--- a/src/basic/random-util.h ++++ b/src/basic/random-util.h +@@ -21,7 +21,7 @@ static inline uint32_t random_u32(void) { + } + + /* Some limits on the pool sizes when we deal with the kernel random pool */ +-#define RANDOM_POOL_SIZE_MIN 32U ++#define RANDOM_POOL_SIZE_MIN 1024U + #define RANDOM_POOL_SIZE_MAX (10U*1024U*1024U) + #define RANDOM_EFI_SEED_SIZE 32U + diff --git a/0015-journal-don-t-enable-systemd-journald-audit.socket-b.patch b/0015-journal-don-t-enable-systemd-journald-audit.socket-b.patch new file mode 100644 index 0000000..3d95209 --- /dev/null +++ b/0015-journal-don-t-enable-systemd-journald-audit.socket-b.patch @@ -0,0 +1,25 @@ +From 15465a4a302c4379746a21ef7b7fb9a9bfea9297 Mon Sep 17 00:00:00 2001 +From: Jan Synacek +Date: Thu, 2 May 2019 14:11:54 +0200 +Subject: [PATCH] journal: don't enable systemd-journald-audit.socket by + default + +RHEL-only: feature + +Related: RHEL-40924 +--- + presets/90-systemd.preset | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/presets/90-systemd.preset b/presets/90-systemd.preset +index da6b9805fd..004ea6fe14 100644 +--- a/presets/90-systemd.preset ++++ b/presets/90-systemd.preset +@@ -21,7 +21,6 @@ enable systemd-boot-update.service + enable systemd-confext.service + enable systemd-homed.service + enable systemd-homed-activate.service +-enable systemd-journald-audit.socket + enable systemd-mountfsd.socket + enable systemd-network-generator.service + enable systemd-networkd.service diff --git a/0016-journald.conf-don-t-touch-current-audit-settings.patch b/0016-journald.conf-don-t-touch-current-audit-settings.patch new file mode 100644 index 0000000..fe1a827 --- /dev/null +++ b/0016-journald.conf-don-t-touch-current-audit-settings.patch @@ -0,0 +1,22 @@ +From b340b4c797599aa444f9dbf07c6ef7ea29021604 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Thu, 5 Aug 2021 15:26:13 +0200 +Subject: [PATCH] journald.conf: don't touch current audit settings + +RHEL-only: policy + +Related: RHEL-40924 +--- + src/journal/journald.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/journal/journald.conf b/src/journal/journald.conf +index 13cdd6300f..fc307c53c2 100644 +--- a/src/journal/journald.conf ++++ b/src/journal/journald.conf +@@ -47,4 +47,4 @@ + #MaxLevelSocket=debug + #LineMax=48K + #ReadKMsg=yes +-#Audit=yes ++Audit= diff --git a/0017-rules-add-elevator-kernel-command-line-parameter.patch b/0017-rules-add-elevator-kernel-command-line-parameter.patch new file mode 100644 index 0000000..58c8c31 --- /dev/null +++ b/0017-rules-add-elevator-kernel-command-line-parameter.patch @@ -0,0 +1,56 @@ +From 3847259c117fd511043a60400233ca9d1af1b5ce Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn +Date: Tue, 12 Feb 2019 16:58:16 +0100 +Subject: [PATCH] rules: add elevator= kernel command line parameter + +Kernel removed the elevator= option, so let's reintroduce +it for rhel8 via udev rule. + +RHEL-only: feature + +Related: RHEL-40924 +--- + rules.d/40-elevator.rules | 20 ++++++++++++++++++++ + rules.d/meson.build | 1 + + 2 files changed, 21 insertions(+) + create mode 100644 rules.d/40-elevator.rules + +diff --git a/rules.d/40-elevator.rules b/rules.d/40-elevator.rules +new file mode 100644 +index 0000000000..dbe8fc81a4 +--- /dev/null ++++ b/rules.d/40-elevator.rules +@@ -0,0 +1,20 @@ ++# We aren't adding devices skip the elevator check ++ACTION!="add", GOTO="sched_out" ++ ++SUBSYSTEM!="block", GOTO="sched_out" ++ENV{DEVTYPE}!="disk", GOTO="sched_out" ++ ++# Technically, dm-multipath can be configured to use an I/O scheduler. ++# However, there are races between the 'add' uevent and the linking in ++# of the queue/scheduler sysfs file. For now, just skip dm- devices. ++KERNEL=="dm-*|md*", GOTO="sched_out" ++ ++# Skip bio-based devices, which don't support an I/O scheduler. ++ATTR{queue/scheduler}=="none", GOTO="sched_out" ++ ++# If elevator= is specified on the kernel command line, change the ++# scheduler to the one specified. ++IMPORT{cmdline}="elevator" ++ENV{elevator}!="", ATTR{queue/scheduler}="$env{elevator}" ++ ++LABEL="sched_out" +\ No newline at end of file +diff --git a/rules.d/meson.build b/rules.d/meson.build +index edf419f449..2b57322a12 100644 +--- a/rules.d/meson.build ++++ b/rules.d/meson.build +@@ -8,6 +8,7 @@ rules = [ + [files('40-redhat-hotplug.rules', + '40-redhat-s390.rules', + '40-redhat.rules', ++ '40-elevator.rules', + '60-autosuspend.rules', + '60-block.rules', + '60-cdrom_id.rules', diff --git a/0018-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch b/0018-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch new file mode 100644 index 0000000..a10993c --- /dev/null +++ b/0018-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch @@ -0,0 +1,59 @@ +From 5725d315940804ba80468e6e3b6ea4653587f109 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 1 Aug 2018 13:19:39 +0200 +Subject: [PATCH] pid1: bump DefaultTasksMax to 80% of the kernel pid.max value + +This should be hopefully high enough even for the very big deployments. + +RHEL-only: feature + +Related: RHEL-40924 +--- + man/systemd-system.conf.xml | 4 ++-- + src/core/manager.c | 2 +- + src/core/system.conf.in | 2 +- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml +index ae5b61b149..22919842f5 100644 +--- a/man/systemd-system.conf.xml ++++ b/man/systemd-system.conf.xml +@@ -520,10 +520,10 @@ + Configure the default value for the per-unit TasksMax= setting. See + systemd.resource-control5 + for details. This setting applies to all unit types that support resource control settings, with the exception +- of slice units. Defaults to 15% of the minimum of kernel.pid_max=, kernel.threads-max= ++ of slice units. Defaults to 80% of the minimum of kernel.pid_max=, kernel.threads-max= + and root cgroup pids.max. + Kernel has a default value for kernel.pid_max= and an algorithm of counting in case of more than 32 cores. +- For example, with the default kernel.pid_max=, DefaultTasksMax= defaults to 4915, ++ For example, with the default kernel.pid_max=, DefaultTasksMax= defaults to 26214, + but might be greater in other systems or smaller in OS containers. + + +diff --git a/src/core/manager.c b/src/core/manager.c +index 90e72b0c02..8ddf37fdad 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -117,7 +117,7 @@ + /* How many units and jobs to process of the bus queue before returning to the event loop. */ + #define MANAGER_BUS_MESSAGE_BUDGET 100U + +-#define DEFAULT_TASKS_MAX ((CGroupTasksMax) { 15U, 100U }) /* 15% */ ++#define DEFAULT_TASKS_MAX ((CGroupTasksMax) { 80U, 100U }) /* 80% */ + + static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata); + static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata); +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index 1c08aa4d22..4fe420c344 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -59,7 +59,7 @@ + #DefaultIPAccounting=no + #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }} + #DefaultTasksAccounting=yes +-#DefaultTasksMax=15% ++#DefaultTasksMax=80% + #DefaultLimitCPU= + #DefaultLimitFSIZE= + #DefaultLimitDATA= diff --git a/0019-udev-net-setup-link-change-the-default-MACAddressPol.patch b/0019-udev-net-setup-link-change-the-default-MACAddressPol.patch new file mode 100644 index 0000000..4929912 --- /dev/null +++ b/0019-udev-net-setup-link-change-the-default-MACAddressPol.patch @@ -0,0 +1,53 @@ +From 2b9b38af0bd6f15d316869022ad296f5927f2d2b Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Tue, 21 Sep 2021 15:01:19 +0200 +Subject: [PATCH] udev/net-setup-link: change the default MACAddressPolicy to + "none" + +While stable MAC address for interface types that don't have the +address provided by HW could be useful it also breaks LACP based bonds. +Let's err on the side of caution and don't change the MAC address from +udev. + +RHEL-only: policy + +Related: RHEL-40924 +--- + man/systemd.link.xml | 2 +- + network/99-default.link | 2 +- + test/fuzz/fuzz-link-parser/99-default.link | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/man/systemd.link.xml b/man/systemd.link.xml +index 3991d91881..0002eb3617 100644 +--- a/man/systemd.link.xml ++++ b/man/systemd.link.xml +@@ -1386,7 +1386,7 @@ OriginalName=* + [Link] + NamePolicy=keep kernel database onboard slot path + AlternativeNamesPolicy=database onboard slot path +-MACAddressPolicy=persistent ++MACAddressPolicy=none + + + +diff --git a/network/99-default.link b/network/99-default.link +index 56030b62be..5628dcf845 100644 +--- a/network/99-default.link ++++ b/network/99-default.link +@@ -12,4 +12,4 @@ OriginalName=* + [Link] + NamePolicy=keep kernel database onboard slot path + AlternativeNamesPolicy=database onboard slot path +-MACAddressPolicy=persistent ++MACAddressPolicy=none +diff --git a/test/fuzz/fuzz-link-parser/99-default.link b/test/fuzz/fuzz-link-parser/99-default.link +index feb5b1fbb0..3d755898b4 100644 +--- a/test/fuzz/fuzz-link-parser/99-default.link ++++ b/test/fuzz/fuzz-link-parser/99-default.link +@@ -9,4 +9,4 @@ + + [Link] + NamePolicy=keep kernel database onboard slot path +-MACAddressPolicy=persistent ++MACAddressPolicy=none diff --git a/0020-core-decrease-log-level-of-messages-about-use-of-Kil.patch b/0020-core-decrease-log-level-of-messages-about-use-of-Kil.patch new file mode 100644 index 0000000..6422fc2 --- /dev/null +++ b/0020-core-decrease-log-level-of-messages-about-use-of-Kil.patch @@ -0,0 +1,40 @@ +From 74151c1fd19cbd73f2a6d1c2f84eac9bb73eac7e Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Tue, 22 Feb 2022 13:24:11 +0100 +Subject: [PATCH] core: decrease log level of messages about use of + KillMode=none + +RHEL-only: bugfix + +Related: RHEL-40924 +--- + src/core/load-fragment.c | 2 +- + src/core/unit.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index 5ae68886af..d4c006eb87 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -868,7 +868,7 @@ int config_parse_kill_mode( + } + + if (m == KILL_NONE) +- log_syntax(unit, LOG_WARNING, filename, line, 0, ++ log_syntax(unit, LOG_DEBUG, filename, line, 0, + "Unit uses KillMode=none. " + "This is unsafe, as it disables systemd's process lifecycle management for the service. " + "Please update the service to use a safer KillMode=, such as 'mixed' or 'control-group'. " +diff --git a/src/core/unit.c b/src/core/unit.c +index 2d40618fcb..0ec5dcaf75 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -5867,7 +5867,7 @@ int unit_log_leftover_process_start(const PidRef *pid, int sig, void *userdata) + + /* During start we print a warning */ + +- log_unit_warning(userdata, ++ log_unit_debug(userdata, + "Found left-over process " PID_FMT " (%s) in control group while starting unit. Ignoring.\n" + "This usually indicates unclean termination of a previous run, or service implementation deficiencies.", + pid->pid, strna(comm)); diff --git a/0021-meson-rename-libbasic-to-libbasic_static.patch b/0021-meson-rename-libbasic-to-libbasic_static.patch new file mode 100644 index 0000000..5f3a54b --- /dev/null +++ b/0021-meson-rename-libbasic-to-libbasic_static.patch @@ -0,0 +1,180 @@ +From 40527d91d2fb1d987473bb4bcf1c929a85ffe9a0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 3 Jul 2024 16:51:05 +0200 +Subject: [PATCH] meson: rename libbasic to libbasic_static + +Our variables for internal libraries are named 'libfoo' for the shared lib +variant, and 'libfoo_static' for the static lib variant. The only exception was +libbasic, because we didn't have a shared variant for it. But let's rename it +for consitency. This makes the build config easier to understand. + +see currently unmerged https://github.com/systemd/systemd/pull/33599 + +RHEL-only workaround + +Resolves: RHEL-46020 +--- + meson.build | 4 ++-- + src/basic/meson.build | 2 +- + src/libsystemd/meson.build | 2 +- + src/partition/meson.build | 2 +- + src/shared/meson.build | 2 +- + src/shutdown/meson.build | 2 +- + src/sysusers/meson.build | 2 +- + src/test/meson.build | 8 ++++---- + src/tmpfiles/meson.build | 2 +- + 9 files changed, 13 insertions(+), 13 deletions(-) + +diff --git a/meson.build b/meson.build +index e42151998b..18115cad5e 100644 +--- a/meson.build ++++ b/meson.build +@@ -2078,7 +2078,7 @@ libsystemd = shared_library( + # Make sure our library is never deleted from memory, so that our open logging fds don't leak on dlopen/dlclose cycles. + '-z', 'nodelete', + '-Wl,--version-script=' + libsystemd_sym_path], +- link_with : [libbasic], ++ link_with : [libbasic_static], + link_whole : [libsystemd_static], + dependencies : [librt, + threads, +@@ -2243,7 +2243,7 @@ nss_template = { + 'link_with' : [ + libsystemd_static, + libshared_static, +- libbasic, ++ libbasic_static, + ], + 'dependencies' : [ + librt, +diff --git a/src/basic/meson.build b/src/basic/meson.build +index 9a214575a5..b538775576 100644 +--- a/src/basic/meson.build ++++ b/src/basic/meson.build +@@ -274,7 +274,7 @@ filesystem_switch_case_h = custom_target( + + basic_sources += [filesystem_list_h, filesystem_switch_case_h, filesystems_gperf_h] + +-libbasic = static_library( ++libbasic_static = static_library( + 'basic', + basic_sources, + fundamental_sources, +diff --git a/src/libsystemd/meson.build b/src/libsystemd/meson.build +index 6d4337d1a7..243549299f 100644 +--- a/src/libsystemd/meson.build ++++ b/src/libsystemd/meson.build +@@ -118,7 +118,7 @@ libsystemd_static = static_library( + libsystemd_sources, + include_directories : libsystemd_includes, + c_args : libsystemd_c_args, +- link_with : [libbasic], ++ link_with : [libbasic_static], + dependencies : [threads, + librt, + userspace], +diff --git a/src/partition/meson.build b/src/partition/meson.build +index 52e1368116..2cfe43e029 100644 +--- a/src/partition/meson.build ++++ b/src/partition/meson.build +@@ -32,7 +32,7 @@ executables += [ + 'sources' : files('repart.c'), + 'c_args' : '-DSTANDALONE', + 'link_with' : [ +- libbasic, ++ libbasic_static, + libshared_fdisk, + libshared_static, + libsystemd_static, +diff --git a/src/shared/meson.build b/src/shared/meson.build +index c5106d87d5..e513c0ec1c 100644 +--- a/src/shared/meson.build ++++ b/src/shared/meson.build +@@ -358,7 +358,7 @@ libshared = shared_library( + '-Wl,--version-script=' + libshared_sym_path], + link_depends : libshared_sym_path, + link_whole : [libshared_static, +- libbasic, ++ libbasic_static, + libsystemd_static], + dependencies : [libshared_deps, + userspace], +diff --git a/src/shutdown/meson.build b/src/shutdown/meson.build +index 219f9fd308..9bc60f83e5 100644 +--- a/src/shutdown/meson.build ++++ b/src/shutdown/meson.build +@@ -20,7 +20,7 @@ executables += [ + 'sources' : systemd_shutdown_sources, + 'c_args' : '-DSTANDALONE', + 'link_with' : [ +- libbasic, ++ libbasic_static, + libshared_static, + libsystemd_static, + ], +diff --git a/src/sysusers/meson.build b/src/sysusers/meson.build +index 0f9c067d50..403d82a340 100644 +--- a/src/sysusers/meson.build ++++ b/src/sysusers/meson.build +@@ -14,7 +14,7 @@ executables += [ + 'sources' : files('sysusers.c'), + 'c_args' : '-DSTANDALONE', + 'link_with' : [ +- libbasic, ++ libbasic_static, + libshared_static, + libsystemd_static, + ], +diff --git a/src/test/meson.build b/src/test/meson.build +index 3abbb94d9f..9d3c7d675f 100644 +--- a/src/test/meson.build ++++ b/src/test/meson.build +@@ -274,7 +274,7 @@ executables += [ + # only static linking apart from libdl, to make sure that the + # module is linked to all libraries that it uses. + 'sources' : files('test-dlopen.c'), +- 'link_with' : libbasic, ++ 'link_with' : libbasic_static, + 'dependencies' : libdl, + 'install' : false, + 'type' : 'manual', +@@ -410,7 +410,7 @@ executables += [ + }, + test_template + { + 'sources' : files('test-sizeof.c'), +- 'link_with' : libbasic, ++ 'link_with' : libbasic_static, + }, + test_template + { + 'sources' : files('test-time-util.c'), +@@ -590,7 +590,7 @@ executables += [ + test_template + { + 'sources' : files('../libsystemd/sd-device/test-sd-device-thread.c'), + 'link_with' : [ +- libbasic, ++ libbasic_static, + libsystemd, + ], + 'dependencies' : threads, +@@ -598,7 +598,7 @@ executables += [ + test_template + { + 'sources' : files('../libudev/test-udev-device-thread.c'), + 'link_with' : [ +- libbasic, ++ libbasic_static, + libudev, + ], + 'dependencies' : threads, +diff --git a/src/tmpfiles/meson.build b/src/tmpfiles/meson.build +index 2e918509a7..09ad839586 100644 +--- a/src/tmpfiles/meson.build ++++ b/src/tmpfiles/meson.build +@@ -20,7 +20,7 @@ executables += [ + 'sources' : systemd_tmpfiles_sources, + 'c_args' : '-DSTANDALONE', + 'link_with' : [ +- libbasic, ++ libbasic_static, + libshared_static, + libsystemd_static, + ], diff --git a/0022-meson-build-libsystemd-core-via-an-intermediate-stat.patch b/0022-meson-build-libsystemd-core-via-an-intermediate-stat.patch new file mode 100644 index 0000000..d29e276 --- /dev/null +++ b/0022-meson-build-libsystemd-core-via-an-intermediate-stat.patch @@ -0,0 +1,63 @@ +From 9eccd6c09f06979003eb2ae1f159defc40213fe0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 3 Jul 2024 17:03:26 +0200 +Subject: [PATCH] meson: build libsystemd-core via an intermediate static + library + +By itself, this is not useful. I'm making this a separate commit to +make debugging easier. It turns out that meson does static libraries +using references, so the "static library" a tiny stub stub that refers +to the object files on disk and this has negligible cost: +$ ls -lhd build/src/core/libsystemd-core-257.{a,so} +-rw-r--r-- 1 zbyszek zbyszek 36K Jul 3 16:54 build/src/core/libsystemd-core-257.a +-rwxr-xr-x 1 zbyszek zbyszek 6.1M Jul 3 16:54 build/src/core/libsystemd-core-257.so + +see currently unmerged https://github.com/systemd/systemd/pull/33599 + +RHEL-only workaround + +Resolves: RHEL-46020 +--- + src/core/meson.build | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/src/core/meson.build b/src/core/meson.build +index 7a2012a372..1ef31cc529 100644 +--- a/src/core/meson.build ++++ b/src/core/meson.build +@@ -110,17 +110,13 @@ load_fragment_gperf_nulstr_c = custom_target( + + libcore_name = 'systemd-core-@0@'.format(shared_lib_tag) + +-libcore = shared_library( ++libcore_static = static_library( + libcore_name, + libcore_sources, + load_fragment_gperf_c, + load_fragment_gperf_nulstr_c, + include_directories : includes, + c_args : ['-fvisibility=default'], +- link_args : ['-shared', +- '-Wl,--version-script=' + libshared_sym_path], +- link_depends : libshared_sym_path, +- link_with : libshared, + dependencies : [libacl, + libapparmor, + libaudit, +@@ -135,6 +131,16 @@ libcore = shared_library( + libselinux, + threads, + userspace], ++ build_by_default : false) ++ ++libcore = shared_library( ++ libcore_name, ++ c_args : ['-fvisibility=default'], ++ link_args : ['-shared', ++ '-Wl,--version-script=' + libshared_sym_path], ++ link_depends : libshared_sym_path, ++ link_whole: libcore_static, ++ link_with : libshared, + install : true, + install_dir : pkglibdir) + diff --git a/0023-meson-add-option-to-build-systemd-executor-staticall.patch b/0023-meson-add-option-to-build-systemd-executor-staticall.patch new file mode 100644 index 0000000..a7464ff --- /dev/null +++ b/0023-meson-add-option-to-build-systemd-executor-staticall.patch @@ -0,0 +1,101 @@ +From f3b375da4cd070788b2b8a21fe678c15cb4babe8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 3 Jul 2024 17:05:31 +0200 +Subject: [PATCH] meson: add option to build systemd-executor "statically" + +The new link-executor-shared option is similar to the existing +link-udev-shared: when set to false, we link to the static versions of our +internal libraries. + +The resulting exuctor binary is fairly large, about as large as libsystemd-core +(14 MB without lto, 8 with lto). + +This is intended as a workaround for the fuckup with the pinned executor +binary: +when an upgrade is performed, the package manager will install new version of +the libraries and new version of the code, and some time later reexecute the +managers. This creates a window when the pinned executor binary will fail to +execute. There are two factors which make the issue easier to hit: + +- when the distribution uses a finely-grained shared-lib-tag. E.g. Fedora + uses version-release as the tag, which means that the issue occurs on + every package upgrade. This is the right thing to do, because the + ABI of our internal libraries is not stable at all, so replacing the + library from a different version in place creates a window where our + programs may crash or misbehave. + +- when the distribution doesn't immediately reexec all the managers after + upgrade. In early versions of systemd, we used to hammer the machine during + upgrade, doing daemon-reexecs repeatedly. This works, but is ugly and + wasteful. Doing the reexecs while the upgrade is in progres also creates a + window where a mix of old and new configs or both is loaded. Users are + particularly annoyed by those reloads if there is some issue in the + configuration causing us to emit warnings on every reexec. Doing the + reexecs once after the new configuration and libraries have been put + in place is nicer. + +The pinning of the executor binary breaks upgrades and in particular +it penalizes the distributions which make use of the features which +were previously added to avoid bugs and inefficiency during upgrades. + +When the executor is linked statically, there is a smaller chance that it'll +fail to load libraries. The issue can still occur because other libraries, not +our own, are linked dynamically. + +see currently unmerged https://github.com/systemd/systemd/pull/33599 + +RHEL-only workaround + +Resolves: RHEL-46020 +--- + meson_options.txt | 2 ++ + src/core/meson.build | 16 ++++++++++++---- + 2 files changed, 14 insertions(+), 4 deletions(-) + +diff --git a/meson_options.txt b/meson_options.txt +index d52ca4e4b5..3cce818392 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -21,6 +21,8 @@ option('rootprefix', type : 'string', deprecated: true, + description : '''This option is deprecated and will be removed in a future release''') + option('link-udev-shared', type : 'boolean', + description : 'link systemd-udevd and its helpers to libsystemd-shared.so') ++option('link-executor-shared', type : 'boolean', ++ description : 'link systemd-executor to libsystemd-shared.so and libsystemd-core.so') + option('link-systemctl-shared', type: 'boolean', + description : 'link systemctl against libsystemd-shared.so') + option('link-networkd-shared', type: 'boolean', +diff --git a/src/core/meson.build b/src/core/meson.build +index 1ef31cc529..dbeb752977 100644 +--- a/src/core/meson.build ++++ b/src/core/meson.build +@@ -156,6 +156,17 @@ systemd_executor_sources = files( + 'exec-invoke.c', + ) + ++executor_libs = get_option('link-executor-shared') ? \ ++ [ ++ libcore, ++ libshared, ++ ] : [ ++ libcore_static, ++ libshared_static, ++ libbasic_static, ++ libsystemd_static, ++ ] ++ + executables += [ + libexec_template + { + 'name' : 'systemd', +@@ -173,10 +184,7 @@ executables += [ + 'public' : true, + 'sources' : systemd_executor_sources, + 'include_directories' : core_includes, +- 'link_with' : [ +- libcore, +- libshared, +- ], ++ 'link_with' : executor_libs, + 'dependencies' : [ + libapparmor, + libpam, diff --git a/systemd.spec b/systemd.spec index 8550266..dc4561c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -48,7 +48,7 @@ Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. Version: %{?version_override}%{!?version_override:256} -Release: 1%{?dist} +Release: 2%{?dist} %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -116,6 +116,19 @@ Patch0007: 0007-tmpfiles-make-purge-hard-to-mis-use.patch Patch0008: 0008-fedora-use-system-auth-in-pam-systemd-user.patch Patch0009: 0009-net-naming-scheme-start-rhel10-naming-and-include-rh.patch Patch0010: 0010-rules-copy-40-redhat.rules-from-RHEL-9.patch +Patch0011: 0011-logind-set-RemoveIPC-to-false-by-default.patch +Patch0012: 0012-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch +Patch0013: 0013-rc-local-order-after-network-online.target.patch +Patch0014: 0014-random-util-increase-random-seed-size-to-1024.patch +Patch0015: 0015-journal-don-t-enable-systemd-journald-audit.socket-b.patch +Patch0016: 0016-journald.conf-don-t-touch-current-audit-settings.patch +Patch0017: 0017-rules-add-elevator-kernel-command-line-parameter.patch +Patch0018: 0018-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch +Patch0019: 0019-udev-net-setup-link-change-the-default-MACAddressPol.patch +Patch0020: 0020-core-decrease-log-level-of-messages-about-use-of-Kil.patch +Patch0021: 0021-meson-rename-libbasic-to-libbasic_static.patch +Patch0022: 0022-meson-build-libsystemd-core-via-an-intermediate-stat.patch +Patch0023: 0023-meson-add-option-to-build-systemd-executor-staticall.patch # Downstream-only patches (9000–9999) @@ -611,6 +624,7 @@ CONFIGURE_OPTS=( -Dversion-tag=%{version}%[%{without upstream}?"-%{release}":""] # https://bugzilla.redhat.com/show_bug.cgi?id=1906010 -Dshared-lib-tag=%{version_no_tilde}%[%{without upstream}?"-%{release}":""] + -Dlink-executor-shared=false -Dfallback-hostname="localhost" -Ddefault-dnssec=no -Ddefault-dns-over-tls=no @@ -1087,6 +1101,21 @@ rm -f .file-list-* rm -f %{name}.lang %changelog +* Thu Jul 04 2024 systemd maintenance team - 256-2 +- logind: set RemoveIPC to false by default (RHEL-40924) +- tmpfiles: don't create resolv.conf -> stub-resolv.conf symlink (RHEL-40924) +- rc-local: order after network-online.target (RHEL-40924) +- random-util: increase random seed size to 1024 (RHEL-40924) +- journal: don't enable systemd-journald-audit.socket by default (RHEL-40924) +- journald.conf: don't touch current audit settings (RHEL-40924) +- rules: add elevator= kernel command line parameter (RHEL-40924) +- pid1: bump DefaultTasksMax to 80% of the kernel pid.max value (RHEL-40924) +- udev/net-setup-link: change the default MACAddressPolicy to "none" (RHEL-40924) +- core: decrease log level of messages about use of KillMode=none (RHEL-40924) +- meson: rename libbasic to libbasic_static (RHEL-46020) +- meson: build libsystemd-core via an intermediate static library (RHEL-46020) +- meson: add option to build systemd-executor "statically" (RHEL-46020) + * Wed Jun 26 2024 Jan Macku - 256-1 - Initial import and bootsprap from Fedora * remove standalone packages