Our config files in /etc/ were marked as %config(noreplace). This means that the
would not be replaced on upgraded if local modifications have been made. But
when we moved them to /usr/lib, they would be be renamed to .rpmsave, if they
had local modifications. This is not what I expected, but what rpm apparently
does. So we need to add them as %ghost to prevent the removal. This is probably
for the better anyway.
... (e.g. /etc/systemd/system.conf → /usr/lib/systemd/systemd.conf).
Both config file locations were already supported, and the files
installed in /etc/ were "empty" (i.e. they had only comments and section
headers). The move does not change the configuration, but just makes
/etc more empty by default. See
https://github.com/systemd/systemd/commit/6495361c7d for more
discussion and details.
The idea was that it's nicer to keep that config in .spec where it's subject
to syntax highlighting. split-files.py was supposed to a stand-alone program.
But in practice this split is confusing, because file rules are listed in two
places and we need to modify split-files.py quite often. This will be easier if
everything is in one file.
[skip changelog]
The LICENSE.LGPL2.1 file is installed into the same systemd license
directory for both the base systemd and -libs. Because the base
systemd requires the -libs sub package it's a duplicate and will
always be there, it shouldn't cause an issue but it seems in some
cases the duplication into the same directory causes issues with
ostree so remove it from the base systemd package as it will always
be there due to the hard dep on the -libs subpackage.
... (rhbz#2240828)
We currently have grubby-8.40-72.fc39 and sdubby-1.0-3.fc39.
systemd had 'Conflicts: grubby < 8.40-72', which is satisfied by grubby.
But sdubby has 'Provides: grubby' (with no version), which prevented
installation:
$ sudo rpm -i ./sdubby-1.0-3.fc39.noarch.rpm
error: Failed dependencies:
grubby < 8.40-72 conflicts with (installed) systemd-udev-254.2-7.fc39.x86_64
The rpm docs don't actually say what the meaning of the 'if' is:
is it only satisfied by actual package names, or also by Provides. But
experiments suggest that Provides are not used. The rich dependency seems
to avoid the issue.
This reverts commit 8eea43e714.
Fedora already ships 'disable systemd-boot-update.service' in
/usr/lib/systemd/system-preset/90-default.preset, so we don't need
this.
[skip changelog]
The macro expansions would only work when compiled with a recent version of
systemd. We don't want to create a dependency loop like this, let's just expand
the string manually.
Also backport the patch adding %systemd_postun_with_reload and
%systemd_user_postun_with_reload so a FPC documentation change can be filed.
Let's make sure we clean up after ourselves. We have to remove
the generated timeout user config file, the file list files and the
generated .lang file.
... (rhbz#2217997)
systemd-homed.service and systemd-portabled.service are in
systemd-udev but the scriptlet was attached to main subpackage, so it
wouldn't work because the unit file wasn't installed yet when it was
invoked. systemd-pstore.service and remote-cryptsetup.target were
forgotten, so they wouldn't get enabled on installation.
Rpm >= 4.19 has native sysusers integration and generates similar
user() and group() provides but encodes additional information into
them, information that is required for the rpm integration to work.
Besides additional data, one noteworthy difference in the rpm generated
provides is there are no provides generated for m(ember) directives.
This is because users and groups possibly created by that directive are
a too implicit for dependency resolution and install ordering purposes
in the case where the user/group is actually owned by some other package.
... (rhbz#2177722)
Oomd was killing a login session (user-*.slice/session-*.scope).
Quoting https://bugzilla.redhat.com/show_bug.cgi?id=2177722#c21:
> In F37 and prior the config was killing based on swap and pressure
> on user-*.slice/user@.service. In 7665e1796f
> it was changed to pressure only on system.slice and all slices under
> user.slice. The relevant point here is that this change now includes
> user-*.slice/session-*.scope which is the critical session bits
> you're seeing killed here.
>
> That session scope should be omitted. The config that I intended
> with the initial PR was for all slices under
> user.slice/user-*.slice/user@.service to be monitored, not for all
> slices under user.slice.
With the file removed:
$ oomctl | rg Path | sort
Path: /system.slice
Path: /user.slice/user-1000.slice/user@1000.service/app.slice
Path: /user.slice/user-1000.slice/user@1000.service/session.slice
See https://github.com/systemd/systemd/pull/26641.
This will allow upstream pull request (and the main branch after the pull
request has been merged) to be built with the new code. This doesn't do
anything for official rpm builds until the new code is part of the sources.
[skip changelog]
... (rhbz#2164594)
The socket exists and is enabled in the initrd. After switch-root, the system
goes into an infinite loop trying to stop the socket while incoming audit
messages trigger start jobs for the socket. This is a bug in the transaction
logic, that'll need to be fixed separately.
We need to preset the socket after the upgrade so that it remains enabled
by default. This should fix the boot issue, though it's not a complete fix,
because we actually want to allow people to disable the socket.
On initial install, the socket is covered by preset-all and gets enabled.
gcc has a new warning which caught a bug of int/enum mismatches.
And we would crash on some architectures when built with -D_FORTIFY_SOURCE=3
because of our malloc_usable_size() use.
This should resolve the build failure in F38 mass build.
- Fixes a few different issues (systemd-timesyncd connectivity problems, broken
emoji output on the console, crashes in pid1 unit dependency logic)
- CVE-2022-4415: systemd: coredump not respecting fs.suid_dumpable kernel
setting
As requested in https://github.com/rhinstaller/anaconda/pull/4368#discussion_r1043839809,
so that it's easier to depend on the appropriate package. Once we have the
signed version built, this provides might be dropped. But let's add it at least
for now so that there's a stable name to depend on.
While at it, let's drop ? from %{_isa}. Systemd is always archful.
This file changes rarely, but it does every one in a while. And since we have an
independent copy, we forget to adjust it. We have had already two bugs because
of this. I submitted a PR upstream to include pam_namespace (because that makes
sense for all distros), so the diff between upstream and us now is just the
inclusion of system-auth (which is not upstreamable).
Effectively, the only difference right now is that 'pam_keyinit force revoke'
is included. It was added upstream with the comment:
We want that systemd --user gets its own keyring as usual, even if the
barebones PAM snippet we ship upstream is used. If we don't do this we get
the basic keyring systemd --system sets up for us.
4047e4fb7b got things very wrong.
The trick with "[ $1 -eq 1 ]" doesn't work for transaction triggers
because the argument is not provided by rpm. We need to use a state
file to propagate the information from %post to %posttrans.
... (for details see https://raw.githubusercontent.com/systemd/systemd/v252-rc1/NEWS)
systemd-pcrphase and systemd-measure and initrd-* units are moved to systemd-udev.
systemd-udev should be part of the initrd, and those tools don't make much sense
in systems without hardware (i.e. containers). (systemd-measure could possibly be
useful, but we can always move it back if there's a good reason.)
