systemd-256-2

spec: build executor statically

Resolves: RHEL-40924,RHEL-46020
This commit is contained in:
Lukas Nykryn 2024-07-04 11:16:56 +02:00
parent c3c36bf304
commit e625cacc26
14 changed files with 779 additions and 1 deletions

View File

@ -0,0 +1,53 @@
From 6e4f0c54b24080fb57261a54a4e26b64f806f40d Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 1 Aug 2018 10:58:28 +0200
Subject: [PATCH] logind: set RemoveIPC to false by default
RHEL-only: bugfix
Related: RHEL-40924
---
man/logind.conf.xml | 2 +-
src/login/logind-core.c | 2 +-
src/login/logind.conf.in | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/logind.conf.xml b/man/logind.conf.xml
index c52431fd41..bb5e13bfd9 100644
--- a/man/logind.conf.xml
+++ b/man/logind.conf.xml
@@ -374,7 +374,7 @@
user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the
last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as
well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users
- are excluded from the effect of this setting. Defaults to <literal>yes</literal>.</para>
+ are excluded from the effect of this setting. Defaults to <literal>no</literal>.</para>
<xi:include href="version-info.xml" xpointer="v212"/></listitem>
</varlistentry>
diff --git a/src/login/logind-core.c b/src/login/logind-core.c
index 71e4247a79..26250c5704 100644
--- a/src/login/logind-core.c
+++ b/src/login/logind-core.c
@@ -36,7 +36,7 @@ void manager_reset_config(Manager *m) {
m->n_autovts = 6;
m->reserve_vt = 6;
- m->remove_ipc = true;
+ m->remove_ipc = false;
m->inhibit_delay_max = 5 * USEC_PER_SEC;
m->user_stop_delay = 10 * USEC_PER_SEC;
diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in
index b62458ec3c..dc798bea2d 100644
--- a/src/login/logind.conf.in
+++ b/src/login/logind.conf.in
@@ -46,7 +46,7 @@
#IdleActionSec=30min
#RuntimeDirectorySize=10%
#RuntimeDirectoryInodesMax=
-#RemoveIPC=yes
+#RemoveIPC=no
#InhibitorsMax=8192
#SessionsMax=8192
#StopIdleSessionSec=infinity

View File

@ -0,0 +1,43 @@
From ed416f79aac6c1136f5d20a19cfc20c2709ab314 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Thu, 5 Aug 2021 17:11:47 +0200
Subject: [PATCH] tmpfiles: don't create resolv.conf -> stub-resolv.conf
symlink
RHEL-only: bugfix
Related: RHEL-40924
---
tmpfiles.d/meson.build | 1 -
tmpfiles.d/systemd-resolve.conf | 10 ----------
2 files changed, 11 deletions(-)
delete mode 100644 tmpfiles.d/systemd-resolve.conf
diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build
index bec24ac7b4..55ce48979d 100644
--- a/tmpfiles.d/meson.build
+++ b/tmpfiles.d/meson.build
@@ -10,7 +10,6 @@ files = [['README', ''],
['systemd-nologin.conf', 'HAVE_PAM'],
['systemd-nspawn.conf', 'ENABLE_MACHINED'],
['systemd-pstore.conf', 'ENABLE_PSTORE'],
- ['systemd-resolve.conf', 'ENABLE_RESOLVE'],
['systemd-tmp.conf', ''],
['tmp.conf', ''],
['x11.conf', ''],
diff --git a/tmpfiles.d/systemd-resolve.conf b/tmpfiles.d/systemd-resolve.conf
deleted file mode 100644
index cb1c56d6a6..0000000000
--- a/tmpfiles.d/systemd-resolve.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-# This file is part of systemd.
-#
-# systemd is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation; either version 2.1 of the License, or
-# (at your option) any later version.
-
-# See tmpfiles.d(5) for details
-
-L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf

View File

@ -0,0 +1,29 @@
From 49241b42effa3684b485a8b90e5b4256a6223971 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 11 Mar 2021 15:48:23 +0100
Subject: [PATCH] rc-local: order after network-online.target
I think this was the intent of commit 91b684c7300879a8d2006038f7d9185d92c3c3bf,
just network-online.target didn't exist back then.
RHEL-only: bugfix
Related: RHEL-40924
---
units/rc-local.service.in | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/units/rc-local.service.in b/units/rc-local.service.in
index 6fb0838cdb..40ffc15c99 100644
--- a/units/rc-local.service.in
+++ b/units/rc-local.service.in
@@ -13,7 +13,8 @@
Description={{RC_LOCAL_PATH}} Compatibility
Documentation=man:systemd-rc-local-generator(8)
ConditionFileIsExecutable={{RC_LOCAL_PATH}}
-After=network.target
+After=network-online.target
+Wants=network-online.target
[Service]
Type=forking

View File

@ -0,0 +1,25 @@
From 9a6ef20bab1411570b3af6f6bbdb1a299ea8e73a Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 15 Jul 2021 11:15:17 +0200
Subject: [PATCH] random-util: increase random seed size to 1024
RHEL-only: feature
Related: RHEL-40924
---
src/basic/random-util.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/basic/random-util.h b/src/basic/random-util.h
index b1a4d10971..08b1a3599a 100644
--- a/src/basic/random-util.h
+++ b/src/basic/random-util.h
@@ -21,7 +21,7 @@ static inline uint32_t random_u32(void) {
}
/* Some limits on the pool sizes when we deal with the kernel random pool */
-#define RANDOM_POOL_SIZE_MIN 32U
+#define RANDOM_POOL_SIZE_MIN 1024U
#define RANDOM_POOL_SIZE_MAX (10U*1024U*1024U)
#define RANDOM_EFI_SEED_SIZE 32U

View File

@ -0,0 +1,25 @@
From 15465a4a302c4379746a21ef7b7fb9a9bfea9297 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Thu, 2 May 2019 14:11:54 +0200
Subject: [PATCH] journal: don't enable systemd-journald-audit.socket by
default
RHEL-only: feature
Related: RHEL-40924
---
presets/90-systemd.preset | 1 -
1 file changed, 1 deletion(-)
diff --git a/presets/90-systemd.preset b/presets/90-systemd.preset
index da6b9805fd..004ea6fe14 100644
--- a/presets/90-systemd.preset
+++ b/presets/90-systemd.preset
@@ -21,7 +21,6 @@ enable systemd-boot-update.service
enable systemd-confext.service
enable systemd-homed.service
enable systemd-homed-activate.service
-enable systemd-journald-audit.socket
enable systemd-mountfsd.socket
enable systemd-network-generator.service
enable systemd-networkd.service

View File

@ -0,0 +1,22 @@
From b340b4c797599aa444f9dbf07c6ef7ea29021604 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 5 Aug 2021 15:26:13 +0200
Subject: [PATCH] journald.conf: don't touch current audit settings
RHEL-only: policy
Related: RHEL-40924
---
src/journal/journald.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/journal/journald.conf b/src/journal/journald.conf
index 13cdd6300f..fc307c53c2 100644
--- a/src/journal/journald.conf
+++ b/src/journal/journald.conf
@@ -47,4 +47,4 @@
#MaxLevelSocket=debug
#LineMax=48K
#ReadKMsg=yes
-#Audit=yes
+Audit=

View File

@ -0,0 +1,56 @@
From 3847259c117fd511043a60400233ca9d1af1b5ce Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Tue, 12 Feb 2019 16:58:16 +0100
Subject: [PATCH] rules: add elevator= kernel command line parameter
Kernel removed the elevator= option, so let's reintroduce
it for rhel8 via udev rule.
RHEL-only: feature
Related: RHEL-40924
---
rules.d/40-elevator.rules | 20 ++++++++++++++++++++
rules.d/meson.build | 1 +
2 files changed, 21 insertions(+)
create mode 100644 rules.d/40-elevator.rules
diff --git a/rules.d/40-elevator.rules b/rules.d/40-elevator.rules
new file mode 100644
index 0000000000..dbe8fc81a4
--- /dev/null
+++ b/rules.d/40-elevator.rules
@@ -0,0 +1,20 @@
+# We aren't adding devices skip the elevator check
+ACTION!="add", GOTO="sched_out"
+
+SUBSYSTEM!="block", GOTO="sched_out"
+ENV{DEVTYPE}!="disk", GOTO="sched_out"
+
+# Technically, dm-multipath can be configured to use an I/O scheduler.
+# However, there are races between the 'add' uevent and the linking in
+# of the queue/scheduler sysfs file. For now, just skip dm- devices.
+KERNEL=="dm-*|md*", GOTO="sched_out"
+
+# Skip bio-based devices, which don't support an I/O scheduler.
+ATTR{queue/scheduler}=="none", GOTO="sched_out"
+
+# If elevator= is specified on the kernel command line, change the
+# scheduler to the one specified.
+IMPORT{cmdline}="elevator"
+ENV{elevator}!="", ATTR{queue/scheduler}="$env{elevator}"
+
+LABEL="sched_out"
\ No newline at end of file
diff --git a/rules.d/meson.build b/rules.d/meson.build
index edf419f449..2b57322a12 100644
--- a/rules.d/meson.build
+++ b/rules.d/meson.build
@@ -8,6 +8,7 @@ rules = [
[files('40-redhat-hotplug.rules',
'40-redhat-s390.rules',
'40-redhat.rules',
+ '40-elevator.rules',
'60-autosuspend.rules',
'60-block.rules',
'60-cdrom_id.rules',

View File

@ -0,0 +1,59 @@
From 5725d315940804ba80468e6e3b6ea4653587f109 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 1 Aug 2018 13:19:39 +0200
Subject: [PATCH] pid1: bump DefaultTasksMax to 80% of the kernel pid.max value
This should be hopefully high enough even for the very big deployments.
RHEL-only: feature
Related: RHEL-40924
---
man/systemd-system.conf.xml | 4 ++--
src/core/manager.c | 2 +-
src/core/system.conf.in | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
index ae5b61b149..22919842f5 100644
--- a/man/systemd-system.conf.xml
+++ b/man/systemd-system.conf.xml
@@ -520,10 +520,10 @@
<listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for details. This setting applies to all unit types that support resource control settings, with the exception
- of slice units. Defaults to 15% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
+ of slice units. Defaults to 80% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
and root cgroup <varname>pids.max</varname>.
Kernel has a default value for <varname>kernel.pid_max=</varname> and an algorithm of counting in case of more than 32 cores.
- For example, with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 4915,
+ For example, with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 26214,
but might be greater in other systems or smaller in OS containers.</para>
<xi:include href="version-info.xml" xpointer="v228"/></listitem>
diff --git a/src/core/manager.c b/src/core/manager.c
index 90e72b0c02..8ddf37fdad 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -117,7 +117,7 @@
/* How many units and jobs to process of the bus queue before returning to the event loop. */
#define MANAGER_BUS_MESSAGE_BUDGET 100U
-#define DEFAULT_TASKS_MAX ((CGroupTasksMax) { 15U, 100U }) /* 15% */
+#define DEFAULT_TASKS_MAX ((CGroupTasksMax) { 80U, 100U }) /* 80% */
static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
index 1c08aa4d22..4fe420c344 100644
--- a/src/core/system.conf.in
+++ b/src/core/system.conf.in
@@ -59,7 +59,7 @@
#DefaultIPAccounting=no
#DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }}
#DefaultTasksAccounting=yes
-#DefaultTasksMax=15%
+#DefaultTasksMax=80%
#DefaultLimitCPU=
#DefaultLimitFSIZE=
#DefaultLimitDATA=

View File

@ -0,0 +1,53 @@
From 2b9b38af0bd6f15d316869022ad296f5927f2d2b Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Tue, 21 Sep 2021 15:01:19 +0200
Subject: [PATCH] udev/net-setup-link: change the default MACAddressPolicy to
"none"
While stable MAC address for interface types that don't have the
address provided by HW could be useful it also breaks LACP based bonds.
Let's err on the side of caution and don't change the MAC address from
udev.
RHEL-only: policy
Related: RHEL-40924
---
man/systemd.link.xml | 2 +-
network/99-default.link | 2 +-
test/fuzz/fuzz-link-parser/99-default.link | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/systemd.link.xml b/man/systemd.link.xml
index 3991d91881..0002eb3617 100644
--- a/man/systemd.link.xml
+++ b/man/systemd.link.xml
@@ -1386,7 +1386,7 @@ OriginalName=*
[Link]
NamePolicy=keep kernel database onboard slot path
AlternativeNamesPolicy=database onboard slot path
-MACAddressPolicy=persistent</programlisting>
+MACAddressPolicy=none</programlisting>
</example>
<example>
diff --git a/network/99-default.link b/network/99-default.link
index 56030b62be..5628dcf845 100644
--- a/network/99-default.link
+++ b/network/99-default.link
@@ -12,4 +12,4 @@ OriginalName=*
[Link]
NamePolicy=keep kernel database onboard slot path
AlternativeNamesPolicy=database onboard slot path
-MACAddressPolicy=persistent
+MACAddressPolicy=none
diff --git a/test/fuzz/fuzz-link-parser/99-default.link b/test/fuzz/fuzz-link-parser/99-default.link
index feb5b1fbb0..3d755898b4 100644
--- a/test/fuzz/fuzz-link-parser/99-default.link
+++ b/test/fuzz/fuzz-link-parser/99-default.link
@@ -9,4 +9,4 @@
[Link]
NamePolicy=keep kernel database onboard slot path
-MACAddressPolicy=persistent
+MACAddressPolicy=none

View File

@ -0,0 +1,40 @@
From 74151c1fd19cbd73f2a6d1c2f84eac9bb73eac7e Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Tue, 22 Feb 2022 13:24:11 +0100
Subject: [PATCH] core: decrease log level of messages about use of
KillMode=none
RHEL-only: bugfix
Related: RHEL-40924
---
src/core/load-fragment.c | 2 +-
src/core/unit.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 5ae68886af..d4c006eb87 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -868,7 +868,7 @@ int config_parse_kill_mode(
}
if (m == KILL_NONE)
- log_syntax(unit, LOG_WARNING, filename, line, 0,
+ log_syntax(unit, LOG_DEBUG, filename, line, 0,
"Unit uses KillMode=none. "
"This is unsafe, as it disables systemd's process lifecycle management for the service. "
"Please update the service to use a safer KillMode=, such as 'mixed' or 'control-group'. "
diff --git a/src/core/unit.c b/src/core/unit.c
index 2d40618fcb..0ec5dcaf75 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -5867,7 +5867,7 @@ int unit_log_leftover_process_start(const PidRef *pid, int sig, void *userdata)
/* During start we print a warning */
- log_unit_warning(userdata,
+ log_unit_debug(userdata,
"Found left-over process " PID_FMT " (%s) in control group while starting unit. Ignoring.\n"
"This usually indicates unclean termination of a previous run, or service implementation deficiencies.",
pid->pid, strna(comm));

View File

@ -0,0 +1,180 @@
From 40527d91d2fb1d987473bb4bcf1c929a85ffe9a0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 3 Jul 2024 16:51:05 +0200
Subject: [PATCH] meson: rename libbasic to libbasic_static
Our variables for internal libraries are named 'libfoo' for the shared lib
variant, and 'libfoo_static' for the static lib variant. The only exception was
libbasic, because we didn't have a shared variant for it. But let's rename it
for consitency. This makes the build config easier to understand.
see currently unmerged https://github.com/systemd/systemd/pull/33599
RHEL-only workaround
Resolves: RHEL-46020
---
meson.build | 4 ++--
src/basic/meson.build | 2 +-
src/libsystemd/meson.build | 2 +-
src/partition/meson.build | 2 +-
src/shared/meson.build | 2 +-
src/shutdown/meson.build | 2 +-
src/sysusers/meson.build | 2 +-
src/test/meson.build | 8 ++++----
src/tmpfiles/meson.build | 2 +-
9 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/meson.build b/meson.build
index e42151998b..18115cad5e 100644
--- a/meson.build
+++ b/meson.build
@@ -2078,7 +2078,7 @@ libsystemd = shared_library(
# Make sure our library is never deleted from memory, so that our open logging fds don't leak on dlopen/dlclose cycles.
'-z', 'nodelete',
'-Wl,--version-script=' + libsystemd_sym_path],
- link_with : [libbasic],
+ link_with : [libbasic_static],
link_whole : [libsystemd_static],
dependencies : [librt,
threads,
@@ -2243,7 +2243,7 @@ nss_template = {
'link_with' : [
libsystemd_static,
libshared_static,
- libbasic,
+ libbasic_static,
],
'dependencies' : [
librt,
diff --git a/src/basic/meson.build b/src/basic/meson.build
index 9a214575a5..b538775576 100644
--- a/src/basic/meson.build
+++ b/src/basic/meson.build
@@ -274,7 +274,7 @@ filesystem_switch_case_h = custom_target(
basic_sources += [filesystem_list_h, filesystem_switch_case_h, filesystems_gperf_h]
-libbasic = static_library(
+libbasic_static = static_library(
'basic',
basic_sources,
fundamental_sources,
diff --git a/src/libsystemd/meson.build b/src/libsystemd/meson.build
index 6d4337d1a7..243549299f 100644
--- a/src/libsystemd/meson.build
+++ b/src/libsystemd/meson.build
@@ -118,7 +118,7 @@ libsystemd_static = static_library(
libsystemd_sources,
include_directories : libsystemd_includes,
c_args : libsystemd_c_args,
- link_with : [libbasic],
+ link_with : [libbasic_static],
dependencies : [threads,
librt,
userspace],
diff --git a/src/partition/meson.build b/src/partition/meson.build
index 52e1368116..2cfe43e029 100644
--- a/src/partition/meson.build
+++ b/src/partition/meson.build
@@ -32,7 +32,7 @@ executables += [
'sources' : files('repart.c'),
'c_args' : '-DSTANDALONE',
'link_with' : [
- libbasic,
+ libbasic_static,
libshared_fdisk,
libshared_static,
libsystemd_static,
diff --git a/src/shared/meson.build b/src/shared/meson.build
index c5106d87d5..e513c0ec1c 100644
--- a/src/shared/meson.build
+++ b/src/shared/meson.build
@@ -358,7 +358,7 @@ libshared = shared_library(
'-Wl,--version-script=' + libshared_sym_path],
link_depends : libshared_sym_path,
link_whole : [libshared_static,
- libbasic,
+ libbasic_static,
libsystemd_static],
dependencies : [libshared_deps,
userspace],
diff --git a/src/shutdown/meson.build b/src/shutdown/meson.build
index 219f9fd308..9bc60f83e5 100644
--- a/src/shutdown/meson.build
+++ b/src/shutdown/meson.build
@@ -20,7 +20,7 @@ executables += [
'sources' : systemd_shutdown_sources,
'c_args' : '-DSTANDALONE',
'link_with' : [
- libbasic,
+ libbasic_static,
libshared_static,
libsystemd_static,
],
diff --git a/src/sysusers/meson.build b/src/sysusers/meson.build
index 0f9c067d50..403d82a340 100644
--- a/src/sysusers/meson.build
+++ b/src/sysusers/meson.build
@@ -14,7 +14,7 @@ executables += [
'sources' : files('sysusers.c'),
'c_args' : '-DSTANDALONE',
'link_with' : [
- libbasic,
+ libbasic_static,
libshared_static,
libsystemd_static,
],
diff --git a/src/test/meson.build b/src/test/meson.build
index 3abbb94d9f..9d3c7d675f 100644
--- a/src/test/meson.build
+++ b/src/test/meson.build
@@ -274,7 +274,7 @@ executables += [
# only static linking apart from libdl, to make sure that the
# module is linked to all libraries that it uses.
'sources' : files('test-dlopen.c'),
- 'link_with' : libbasic,
+ 'link_with' : libbasic_static,
'dependencies' : libdl,
'install' : false,
'type' : 'manual',
@@ -410,7 +410,7 @@ executables += [
},
test_template + {
'sources' : files('test-sizeof.c'),
- 'link_with' : libbasic,
+ 'link_with' : libbasic_static,
},
test_template + {
'sources' : files('test-time-util.c'),
@@ -590,7 +590,7 @@ executables += [
test_template + {
'sources' : files('../libsystemd/sd-device/test-sd-device-thread.c'),
'link_with' : [
- libbasic,
+ libbasic_static,
libsystemd,
],
'dependencies' : threads,
@@ -598,7 +598,7 @@ executables += [
test_template + {
'sources' : files('../libudev/test-udev-device-thread.c'),
'link_with' : [
- libbasic,
+ libbasic_static,
libudev,
],
'dependencies' : threads,
diff --git a/src/tmpfiles/meson.build b/src/tmpfiles/meson.build
index 2e918509a7..09ad839586 100644
--- a/src/tmpfiles/meson.build
+++ b/src/tmpfiles/meson.build
@@ -20,7 +20,7 @@ executables += [
'sources' : systemd_tmpfiles_sources,
'c_args' : '-DSTANDALONE',
'link_with' : [
- libbasic,
+ libbasic_static,
libshared_static,
libsystemd_static,
],

View File

@ -0,0 +1,63 @@
From 9eccd6c09f06979003eb2ae1f159defc40213fe0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 3 Jul 2024 17:03:26 +0200
Subject: [PATCH] meson: build libsystemd-core via an intermediate static
library
By itself, this is not useful. I'm making this a separate commit to
make debugging easier. It turns out that meson does static libraries
using references, so the "static library" a tiny stub stub that refers
to the object files on disk and this has negligible cost:
$ ls -lhd build/src/core/libsystemd-core-257.{a,so}
-rw-r--r-- 1 zbyszek zbyszek 36K Jul 3 16:54 build/src/core/libsystemd-core-257.a
-rwxr-xr-x 1 zbyszek zbyszek 6.1M Jul 3 16:54 build/src/core/libsystemd-core-257.so
see currently unmerged https://github.com/systemd/systemd/pull/33599
RHEL-only workaround
Resolves: RHEL-46020
---
src/core/meson.build | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/src/core/meson.build b/src/core/meson.build
index 7a2012a372..1ef31cc529 100644
--- a/src/core/meson.build
+++ b/src/core/meson.build
@@ -110,17 +110,13 @@ load_fragment_gperf_nulstr_c = custom_target(
libcore_name = 'systemd-core-@0@'.format(shared_lib_tag)
-libcore = shared_library(
+libcore_static = static_library(
libcore_name,
libcore_sources,
load_fragment_gperf_c,
load_fragment_gperf_nulstr_c,
include_directories : includes,
c_args : ['-fvisibility=default'],
- link_args : ['-shared',
- '-Wl,--version-script=' + libshared_sym_path],
- link_depends : libshared_sym_path,
- link_with : libshared,
dependencies : [libacl,
libapparmor,
libaudit,
@@ -135,6 +131,16 @@ libcore = shared_library(
libselinux,
threads,
userspace],
+ build_by_default : false)
+
+libcore = shared_library(
+ libcore_name,
+ c_args : ['-fvisibility=default'],
+ link_args : ['-shared',
+ '-Wl,--version-script=' + libshared_sym_path],
+ link_depends : libshared_sym_path,
+ link_whole: libcore_static,
+ link_with : libshared,
install : true,
install_dir : pkglibdir)

View File

@ -0,0 +1,101 @@
From f3b375da4cd070788b2b8a21fe678c15cb4babe8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 3 Jul 2024 17:05:31 +0200
Subject: [PATCH] meson: add option to build systemd-executor "statically"
The new link-executor-shared option is similar to the existing
link-udev-shared: when set to false, we link to the static versions of our
internal libraries.
The resulting exuctor binary is fairly large, about as large as libsystemd-core
(14 MB without lto, 8 with lto).
This is intended as a workaround for the fuckup with the pinned executor
binary:
when an upgrade is performed, the package manager will install new version of
the libraries and new version of the code, and some time later reexecute the
managers. This creates a window when the pinned executor binary will fail to
execute. There are two factors which make the issue easier to hit:
- when the distribution uses a finely-grained shared-lib-tag. E.g. Fedora
uses version-release as the tag, which means that the issue occurs on
every package upgrade. This is the right thing to do, because the
ABI of our internal libraries is not stable at all, so replacing the
library from a different version in place creates a window where our
programs may crash or misbehave.
- when the distribution doesn't immediately reexec all the managers after
upgrade. In early versions of systemd, we used to hammer the machine during
upgrade, doing daemon-reexecs repeatedly. This works, but is ugly and
wasteful. Doing the reexecs while the upgrade is in progres also creates a
window where a mix of old and new configs or both is loaded. Users are
particularly annoyed by those reloads if there is some issue in the
configuration causing us to emit warnings on every reexec. Doing the
reexecs once after the new configuration and libraries have been put
in place is nicer.
The pinning of the executor binary breaks upgrades and in particular
it penalizes the distributions which make use of the features which
were previously added to avoid bugs and inefficiency during upgrades.
When the executor is linked statically, there is a smaller chance that it'll
fail to load libraries. The issue can still occur because other libraries, not
our own, are linked dynamically.
see currently unmerged https://github.com/systemd/systemd/pull/33599
RHEL-only workaround
Resolves: RHEL-46020
---
meson_options.txt | 2 ++
src/core/meson.build | 16 ++++++++++++----
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/meson_options.txt b/meson_options.txt
index d52ca4e4b5..3cce818392 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -21,6 +21,8 @@ option('rootprefix', type : 'string', deprecated: true,
description : '''This option is deprecated and will be removed in a future release''')
option('link-udev-shared', type : 'boolean',
description : 'link systemd-udevd and its helpers to libsystemd-shared.so')
+option('link-executor-shared', type : 'boolean',
+ description : 'link systemd-executor to libsystemd-shared.so and libsystemd-core.so')
option('link-systemctl-shared', type: 'boolean',
description : 'link systemctl against libsystemd-shared.so')
option('link-networkd-shared', type: 'boolean',
diff --git a/src/core/meson.build b/src/core/meson.build
index 1ef31cc529..dbeb752977 100644
--- a/src/core/meson.build
+++ b/src/core/meson.build
@@ -156,6 +156,17 @@ systemd_executor_sources = files(
'exec-invoke.c',
)
+executor_libs = get_option('link-executor-shared') ? \
+ [
+ libcore,
+ libshared,
+ ] : [
+ libcore_static,
+ libshared_static,
+ libbasic_static,
+ libsystemd_static,
+ ]
+
executables += [
libexec_template + {
'name' : 'systemd',
@@ -173,10 +184,7 @@ executables += [
'public' : true,
'sources' : systemd_executor_sources,
'include_directories' : core_includes,
- 'link_with' : [
- libcore,
- libshared,
- ],
+ 'link_with' : executor_libs,
'dependencies' : [
libapparmor,
libpam,

View File

@ -48,7 +48,7 @@ Url: https://systemd.io
# Allow users to specify the version and release when building the rpm by # Allow users to specify the version and release when building the rpm by
# setting the %%version_override and %%release_override macros. # setting the %%version_override and %%release_override macros.
Version: %{?version_override}%{!?version_override:256} Version: %{?version_override}%{!?version_override:256}
Release: 1%{?dist} Release: 2%{?dist}
%global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?)
@ -116,6 +116,19 @@ Patch0007: 0007-tmpfiles-make-purge-hard-to-mis-use.patch
Patch0008: 0008-fedora-use-system-auth-in-pam-systemd-user.patch Patch0008: 0008-fedora-use-system-auth-in-pam-systemd-user.patch
Patch0009: 0009-net-naming-scheme-start-rhel10-naming-and-include-rh.patch Patch0009: 0009-net-naming-scheme-start-rhel10-naming-and-include-rh.patch
Patch0010: 0010-rules-copy-40-redhat.rules-from-RHEL-9.patch Patch0010: 0010-rules-copy-40-redhat.rules-from-RHEL-9.patch
Patch0011: 0011-logind-set-RemoveIPC-to-false-by-default.patch
Patch0012: 0012-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch
Patch0013: 0013-rc-local-order-after-network-online.target.patch
Patch0014: 0014-random-util-increase-random-seed-size-to-1024.patch
Patch0015: 0015-journal-don-t-enable-systemd-journald-audit.socket-b.patch
Patch0016: 0016-journald.conf-don-t-touch-current-audit-settings.patch
Patch0017: 0017-rules-add-elevator-kernel-command-line-parameter.patch
Patch0018: 0018-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
Patch0019: 0019-udev-net-setup-link-change-the-default-MACAddressPol.patch
Patch0020: 0020-core-decrease-log-level-of-messages-about-use-of-Kil.patch
Patch0021: 0021-meson-rename-libbasic-to-libbasic_static.patch
Patch0022: 0022-meson-build-libsystemd-core-via-an-intermediate-stat.patch
Patch0023: 0023-meson-add-option-to-build-systemd-executor-staticall.patch
# Downstream-only patches (90009999) # Downstream-only patches (90009999)
@ -611,6 +624,7 @@ CONFIGURE_OPTS=(
-Dversion-tag=%{version}%[%{without upstream}?"-%{release}":""] -Dversion-tag=%{version}%[%{without upstream}?"-%{release}":""]
# https://bugzilla.redhat.com/show_bug.cgi?id=1906010 # https://bugzilla.redhat.com/show_bug.cgi?id=1906010
-Dshared-lib-tag=%{version_no_tilde}%[%{without upstream}?"-%{release}":""] -Dshared-lib-tag=%{version_no_tilde}%[%{without upstream}?"-%{release}":""]
-Dlink-executor-shared=false
-Dfallback-hostname="localhost" -Dfallback-hostname="localhost"
-Ddefault-dnssec=no -Ddefault-dnssec=no
-Ddefault-dns-over-tls=no -Ddefault-dns-over-tls=no
@ -1087,6 +1101,21 @@ rm -f .file-list-*
rm -f %{name}.lang rm -f %{name}.lang
%changelog %changelog
* Thu Jul 04 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-2
- logind: set RemoveIPC to false by default (RHEL-40924)
- tmpfiles: don't create resolv.conf -> stub-resolv.conf symlink (RHEL-40924)
- rc-local: order after network-online.target (RHEL-40924)
- random-util: increase random seed size to 1024 (RHEL-40924)
- journal: don't enable systemd-journald-audit.socket by default (RHEL-40924)
- journald.conf: don't touch current audit settings (RHEL-40924)
- rules: add elevator= kernel command line parameter (RHEL-40924)
- pid1: bump DefaultTasksMax to 80% of the kernel pid.max value (RHEL-40924)
- udev/net-setup-link: change the default MACAddressPolicy to "none" (RHEL-40924)
- core: decrease log level of messages about use of KillMode=none (RHEL-40924)
- meson: rename libbasic to libbasic_static (RHEL-46020)
- meson: build libsystemd-core via an intermediate static library (RHEL-46020)
- meson: add option to build systemd-executor "statically" (RHEL-46020)
* Wed Jun 26 2024 Jan Macku <jamacku@redhat.com> - 256-1 * Wed Jun 26 2024 Jan Macku <jamacku@redhat.com> - 256-1
- Initial import and bootsprap from Fedora - Initial import and bootsprap from Fedora
* remove standalone packages * remove standalone packages