Commit Graph

1199 Commits

Author SHA1 Message Date
David Tardon
4a979feb16 Move systemd-cryptenroll to systemd-udev 2022-03-17 17:35:55 +00:00
Michael Catanzaro
28acb3f912 Disable default DNS over TLS (#1889901) 2022-03-14 09:48:35 -05:00
Zbigniew Jędrzejewski-Szmek
d906ff0238 Rebase the bfq patch 2022-03-04 17:33:36 +01:00
Zbigniew Jędrzejewski-Szmek
5e7fc47a08 Avoid trying to create the symlink if there's a dangling symlink already
'test -e' says 'no' for dangling symlinks.

Let's also ignore the error if this fails. We shouldn't fail the
transaction.
2022-02-24 20:27:09 +01:00
Zbigniew Jędrzejewski-Szmek
a4d136e22a Add workaround for audit breakage 2022-02-24 08:56:56 +01:00
Zbigniew Jędrzejewski-Szmek
c971c5b980 Drop some unnecessary requirements 2022-02-24 08:45:02 +01:00
Zbigniew Jędrzejewski-Szmek
8c4c6daba9 Specify owner of utmp/wtmp/btmp/lastlog as root in the rpm listing
The analysis in 1ba983e0be was wrong.
Both systemd-journal and utmp need to be created. For some reason rpm
reports only the first group which is not available. It was
complaining about systemd-journal, and when that was "fixed", it
started complaining about utmp. Let's apply the same logic here.
Non-root users of files owned by utmp group should only matter after a
reboot, and tmpfiles will adjust the ownership.

Running transaction
  Running scriptlet: filesystem-3.16-2.fc36.x86_64                        1/1
  Preparing        :                                                      1/1
  Installing       : libgcc-12.0.1-0.8.fc37.x86_64                       1/76
  Running scriptlet: libgcc-12.0.1-0.8.fc37.x86_64                       1/76
  Installing       : fedora-release-identity-basic-37-0.2.noarch         2/76
  Installing       : tzdata-2021e-4.fc36.noarch                          3/76
  Installing       : pcre2-syntax-10.39-1.fc36.1.noarch                  4/76
  Installing       : ncurses-base-6.2-9.20210508.fc36.noarch             5/76
  Installing       : fedora-gpg-keys-37-0.1.noarch                       6/76
  Installing       : fedora-release-37-0.2.noarch                        7/76
  Installing       : fedora-release-common-37-0.2.noarch                 8/76
  Installing       : fedora-repos-rawhide-37-0.1.noarch                  9/76
  Installing       : fedora-repos-37-0.1.noarch                         10/76
  Installing       : setup-2.13.9.1-3.fc36.noarch                       11/76
  Running scriptlet: setup-2.13.9.1-3.fc36.noarch                       11/76
  Installing       : filesystem-3.16-2.fc36.x86_64                      12/76
  Installing       : basesystem-11-13.fc36.noarch                       13/76
  Installing       : glibc-minimal-langpack-2.35-2.fc37.x86_64          14/76
  Installing       : glibc-common-2.35-2.fc37.x86_64                    15/76
  Running scriptlet: glibc-2.35-2.fc37.x86_64                           16/76
  Installing       : glibc-2.35-2.fc37.x86_64                           16/76
  Running scriptlet: glibc-2.35-2.fc37.x86_64                           16/76
  Installing       : ncurses-libs-6.2-9.20210508.fc36.x86_64            17/76
  Installing       : bash-5.1.16-2.fc36.x86_64                          18/76
  Running scriptlet: bash-5.1.16-2.fc36.x86_64                          18/76
  Installing       : libuuid-2.38-0.2.fc36.x86_64                       19/76
  Installing       : libcap-2.48-4.fc36.x86_64                          20/76
  Installing       : libattr-2.5.1-4.fc36.x86_64                        21/76
  Installing       : libacl-2.3.1-3.fc36.x86_64                         22/76
  Installing       : libzstd-1.5.2-1.fc36.x86_64                        23/76
  Installing       : xz-libs-5.2.5-8.fc36.x86_64                        24/76
  Installing       : zlib-1.2.11-31.fc36.x86_64                         25/76
  Installing       : bzip2-libs-1.0.8-11.fc36.x86_64                    26/76
  Installing       : libcap-ng-0.8.2-9.fc36.x86_64                      27/76
  Installing       : audit-libs-3.0.7-1.fc36.x86_64                     28/76
  Installing       : libsepol-3.3-3.fc36.x86_64                         29/76
  Installing       : libxcrypt-4.4.28-1.fc37.x86_64                     30/76
  Installing       : lz4-libs-1.9.3-4.fc36.x86_64                       31/76
  Installing       : pcre2-10.39-1.fc36.1.x86_64                        32/76
  Installing       : libselinux-3.3-4.fc36.x86_64                       33/76
  Installing       : libsemanage-3.3-3.fc37.x86_64                      34/76
  Installing       : shadow-utils-2:4.11.1-2.fc37.x86_64                35/76
  Installing       : sed-4.8-10.fc36.x86_64                             36/76
  Installing       : dbus-common-1:1.13.20-3.fc36.noarch                37/76
  Running scriptlet: dbus-common-1:1.13.20-3.fc36.noarch                37/76
  Installing       : alternatives-1.19-2.fc36.x86_64                    38/76
  Installing       : expat-2.4.6-1.fc37.x86_64                          39/76
  Installing       : gmp-1:6.2.1-2.fc36.x86_64                          40/76
  Installing       : json-c-0.15-3.fc36.x86_64                          41/76
  Installing       : libargon2-20171227-8.fc36.x86_64                   42/76
  Installing       : libeconf-0.4.0-3.fc36.x86_64                       43/76
  Installing       : pam-libs-1.5.2-11.fc37.x86_64                      44/76
  Installing       : libffi-3.4.2-8.fc36.x86_64                         45/76
  Installing       : p11-kit-0.24.1-2.fc36.x86_64                       46/76
  Installing       : libgpg-error-1.44-1.fc36.x86_64                    47/76
  Installing       : libgcrypt-1.10.0-1.fc36.x86_64                     48/76
  Installing       : systemd-libs-250.3-4.fc37.x86_64                   49/76
  Running scriptlet: dbus-broker-29-5.fc36.x86_64                       50/76
useradd warning: dbus's uid 81 outside of the SYS_UID_MIN 201 and SYS_UID_MAX 999 range.

  Installing       : dbus-broker-29-5.fc36.x86_64                       50/76
  Running scriptlet: dbus-broker-29-5.fc36.x86_64                       50/76
  Installing       : dbus-1:1.13.20-3.fc36.x86_64                       51/76
  Installing       : libseccomp-2.5.3-2.fc36.x86_64                     52/76
  Installing       : libsmartcols-2.38-0.2.fc36.x86_64                  53/76
  Installing       : libtasn1-4.18.0-2.fc36.x86_64                      54/76
  Installing       : p11-kit-trust-0.24.1-2.fc36.x86_64                 55/76
  Running scriptlet: p11-kit-trust-0.24.1-2.fc36.x86_64                 55/76
  Installing       : libunistring-1.0-1.fc36.x86_64                     56/76
  Installing       : libidn2-2.3.2-4.fc36.x86_64                        57/76
  Installing       : pcre-8.45-1.fc36.1.x86_64                          58/76
  Installing       : grep-3.7-2.fc36.x86_64                             59/76
  Installing       : crypto-policies-20220203-2.git112f859.fc36.noarch  60/76
  Running scriptlet: crypto-policies-20220203-2.git112f859.fc36.noarch  60/76
  Installing       : coreutils-common-9.0-3.fc36.x86_64                 61/76
  Installing       : openssl-libs-1:3.0.0-1.fc36.x86_64                 62/76
  Installing       : coreutils-9.0-3.fc36.x86_64                        63/76
  Running scriptlet: ca-certificates-2021.2.52-3.fc36.noarch            64/76
  Installing       : ca-certificates-2021.2.52-3.fc36.noarch            64/76
  Running scriptlet: ca-certificates-2021.2.52-3.fc36.noarch            64/76
  Installing       : libblkid-2.38-0.2.fc36.x86_64                      65/76
  Running scriptlet: libblkid-2.38-0.2.fc36.x86_64                      65/76
  Installing       : libmount-2.38-0.2.fc36.x86_64                      66/76
  Installing       : util-linux-core-2.38-0.2.fc36.x86_64               67/76
  Running scriptlet: util-linux-core-2.38-0.2.fc36.x86_64               67/76
  Installing       : libfdisk-2.38-0.2.fc36.x86_64                      68/76
  Installing       : kmod-libs-29-7.fc36.x86_64                         69/76
  Installing       : cryptsetup-libs-2.4.3-2.fc36.x86_64                70/76
  Installing       : device-mapper-libs-1.02.175-7.fc36.x86_64          71/76
  Installing       : device-mapper-1.02.175-7.fc36.x86_64               72/76
  Installing       : systemd-pam-250.3-4.fc37.x86_64                    73/76
  Installing       : systemd-resolved-250.3-4.fc37.x86_64               74/76
  Running scriptlet: systemd-resolved-250.3-4.fc37.x86_64               74/76
  Installing       : systemd-networkd-250.3-4.fc37.x86_64               75/76
  Running scriptlet: systemd-networkd-250.3-4.fc37.x86_64               75/76
  Installing       : systemd-250.3-4.fc37.x86_64                        76/76
warning: group utmp does not exist - using root
warning: group utmp does not exist - using root
warning: group utmp does not exist - using root
warning: group utmp does not exist - using root

  Running scriptlet: systemd-250.3-4.fc37.x86_64                        76/76
Creating group 'utmp' with GID 22.
Creating group 'input' with GID 104.
Creating group 'kvm' with GID 36.
Creating group 'render' with GID 105.
Creating group 'sgx' with GID 106.
Creating group 'systemd-journal' with GID 190.
Creating group 'systemd-network' with GID 192.
Creating user 'systemd-network' (systemd Network Management) with UID 192 and GID 192.
Creating group 'systemd-oom' with GID 999.
Creating user 'systemd-oom' (systemd Userspace OOM Killer) with UID 999 and GID 999.
Creating group 'systemd-resolve' with GID 193.
Creating user 'systemd-resolve' (systemd Resolver) with UID 193 and GID 193.

  Running scriptlet: filesystem-3.16-2.fc36.x86_64                      76/76
  Running scriptlet: ca-certificates-2021.2.52-3.fc36.noarch            76/76
  Running scriptlet: systemd-resolved-250.3-4.fc37.x86_64               76/76
'/etc/resolv.conf' -> '../run/systemd/resolve/stub-resolv.conf'

  Running scriptlet: systemd-250.3-4.fc37.x86_64                        76/76
2022-02-24 00:11:19 +01:00
Zbigniew Jędrzejewski-Szmek
4cc75bbba5 Move part of %post scriptlet for resolved to %posttrans (rhbz#2018913) 2022-02-23 23:52:08 +01:00
Zbigniew Jędrzejewski-Szmek
996c95efaf Bump release 2022-02-16 22:42:27 +01:00
Zbigniew Jędrzejewski-Szmek
4c2d7265ec Add patch for new kernel headers
It's already included in systemd-stable, but v250.4 hasn't been tagged
yet.
2022-02-16 22:33:01 +01:00
Zbigniew Jędrzejewski-Szmek
e48b9066b7 Drop unused dependencies for scriptlets 2022-02-16 22:33:01 +01:00
Zbigniew Jędrzejewski-Szmek
1ba983e0be Specify owner of /var/log/journal as root in the rpm listing
$ rpm -qlv systemd |grep -v 'root     root'
-rw-rw-r--    1 root     utmp         0 Jan 22 03:38 /run/utmp
-rw-rw----    1 root     utmp         0 Jan 22 03:38 /var/log/btmp
-rw-rw-r--    1 root     utmp         0 Jan 22 03:38 /var/log/lastlog
-rw-rw-r--    1 root     utmp         0 Jan 22 03:38 /var/log/wtmp
drwxr-sr-x    2 root     systemd-     0 Jan 22 03:38 /var/log/journal

During installation rpm would log an error that systemd-journal group
is unknown. We create all our users by calling sysusers in the %post
scriptlet, but that is too late. To avoid the warning we could either
add a %pre scriptlet, but that'd require adding a dependency on
shadow-utils for groupadd, since we can't use our own tools before we
are installed. Let's instead create the directory owned by root.root,
and change the group afterwards. The group ownership is for file
ownership, and in the worst case (we don't assign the group or set
mode +s), unprivileged users will not be able to read the logs.

We also use 'utmp' group, but that is provided by setup.rpm and is not
an issue.

https://bugzilla.redhat.com/show_bug.cgi?id=2018913#c24
2022-02-16 22:33:01 +01:00
Zbigniew Jędrzejewski-Szmek
cac0b2a5a7 Drop scriptlet for handling nobody user upgrades from Fedora <28
For https://fedoraproject.org/wiki/Changes/RenameNobodyUser a scriptlet
was introduced with prevents nss-systemd from synthesizing entries for nobody.
Let's remove the scriptlet: very few people upgrade from such old systems,
and even if they do, having a duplicate entry for nobody is annoying
but hardly a big problem.

(The other side of this, support in nss-systemd remains in place.)

This allows deps on the tools used in the scriptlet to be dropped from -libs.

While at it, also drop noop ldconfig scriptlets.
2022-02-16 22:32:56 +01:00
Zbigniew Jędrzejewski-Szmek
2731a22179 Bias the resolver towards libcurl-minimal 2022-02-10 18:14:26 +01:00
Zbigniew Jędrzejewski-Szmek
b54029abba Drop 20-grubby.install plugin for kernel-install 2022-02-10 18:02:31 +01:00
Zbigniew Jędrzejewski-Szmek
f42ae67ed3 Add pam_namespace to systemd-user pam config 2022-02-10 17:42:47 +01:00
Zbigniew Jędrzejewski-Szmek
3ce3375cc6 Remove duplicated pam systemd-user file 2022-02-10 17:37:56 +01:00
Fedora Release Engineering
c763537617 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-22 02:12:42 +00:00
Zbigniew Jędrzejewski-Szmek
238e8e0e64 Fix creation of /var/log/lastlog
I have no idea how I managed to screw that up yesterday…
2022-01-19 08:31:33 +01:00
Zbigniew Jędrzejewski-Szmek
f97cf5817a Take ownership of /var/log/lastlog
https://pagure.io/setup/pull-request/30 and
https://src.fedoraproject.org/rpms/util-linux/pull-request/10 are the
opposite steps for setup and util-linux.
2022-01-18 16:22:31 +01:00
Zbigniew Jędrzejewski-Szmek
3fe8cebea3 Version 250.3 2022-01-18 12:56:37 +01:00
Zbigniew Jędrzejewski-Szmek
d1787ccd07 Version 250.2 2022-01-10 22:04:43 +01:00
Zbigniew Jędrzejewski-Szmek
c1e2f480f7 Disable bpf filters on s390x 2022-01-04 18:27:08 +01:00
Zbigniew Jędrzejewski-Szmek
206f30e9fd Version 250.1 2022-01-04 18:27:08 +01:00
Zbigniew Jędrzejewski-Szmek
620e0cff6b Install only license files relevant to the effective license
We installed all the license files for the licenses used in the sources
(as %doc), but that doesn't seem useful.
2022-01-04 18:27:08 +01:00
Zbigniew Jędrzejewski-Szmek
60d0bbefe2 Disable bpf filters on arm64 2021-12-30 21:42:10 +01:00
Zbigniew Jędrzejewski-Szmek
114f45fe1f Skip bpf filtering on arm32 and ppc64el 2021-12-28 16:10:15 +01:00
Zbigniew Jędrzejewski-Szmek
7993a98ea4 Enable bpf-framework 2021-12-25 15:31:58 +01:00
Zbigniew Jędrzejewski-Szmek
3c872dc5d9 Fix warning about systemd-boot-update.service not existing on arm32 2021-12-25 11:02:05 +01:00
Zbigniew Jędrzejewski-Szmek
2edf38c273 Version 250 2021-12-23 21:15:44 +01:00
Zbigniew Jędrzejewski-Szmek
34a8fa5907 Switch unit status name format to 'combined' 2021-12-23 13:45:31 +01:00
Zbigniew Jędrzejewski-Szmek
b1af825426 Version 250-rc3 2021-12-20 19:48:35 +01:00
Zbigniew Jędrzejewski-Szmek
7f4e198603 Create /etc/resolv.conf symlink if nothing is present yet 2021-12-18 17:40:12 +01:00
Zbigniew Jędrzejewski-Szmek
184bb74091 Move libcryptsetup-token plugins to -udev 2021-12-14 19:09:00 +01:00
Zbigniew Jędrzejewski-Szmek
711d924ba3 Move systemd-boot-update.service to -udev subpackage
It will not be enabled on upgrades, but I think this is OK. sd-boot
is not very widely used anyway.
2021-12-12 13:01:40 +01:00
Pavel Březina
0898a89444 spec: remove nsswitch.conf scriptlet
Related to: https://fedoraproject.org/wiki/Changes/Make_Authselect_Mandatory

Both systemd and resolved nss modules are now enabled by default in
authselect. Users are now expected to use authselect to configure
the system and packages should no longer support non-authselect
configurations.

Resolves: rhbz#2023743
2021-12-10 17:09:21 +01:00
Zbigniew Jędrzejewski-Szmek
b24b99d669 Add Recommends for dlopened libs and move files into subpackages 2021-12-09 23:23:39 +01:00
Zbigniew Jędrzejewski-Szmek
1634b1b16a Revert "spec: remove nsswitch.conf scriptlet"
This reverts commit 2afe364ac4.

Unfortunately the build failed on dependencies:
DEBUG util.py:444:  Error:
DEBUG util.py:444:   Problem: package authselect-libs-1.3.0-1.fc36.x86_64 conflicts with glibc < 2.34.9000-27 provided by glibc-2.34.9000-26.fc36.x86_64
DEBUG util.py:444:    - package util-linux-2.37.2-1.fc36.x86_64 requires /etc/pam.d/system-auth, but none of the providers can be installed
DEBUG util.py:444:    - package gawk-5.1.1-1.fc36.x86_64 requires libm.so.6()(64bit), but none of the providers can be installed
DEBUG util.py:444:    - package gawk-5.1.1-1.fc36.x86_64 requires libm.so.6(GLIBC_2.2.5)(64bit), but none of the providers can be installed
DEBUG util.py:444:    - package gawk-5.1.1-1.fc36.x86_64 requires libm.so.6(GLIBC_2.29)(64bit), but none of the providers can be installed
DEBUG util.py:444:    - package gawk-5.1.1-1.fc36.x86_64 requires rtld(GNU_HASH), but none of the providers can be installed
DEBUG util.py:444:    - package gawk-5.1.1-1.fc36.x86_64 requires libc.so.6(GLIBC_2.34)(64bit), but none of the providers can be installed
DEBUG util.py:444:    - conflicting requests

I need to build the package again in rawhide, so this needs to be reverted
for now.
2021-12-09 18:49:59 +01:00
Pavel Březina
2afe364ac4 spec: remove nsswitch.conf scriptlet
Related to: https://fedoraproject.org/wiki/Changes/Make_Authselect_Mandatory

Both systemd and resolved nss modules are now enabled by default in
authselect. Users are now expected to use authselect to configure
the system and packages should no longer support non-authselect
configurations.

Resolves: rhbz#2023743
2021-12-09 18:27:16 +01:00
Zbigniew Jędrzejewski-Szmek
11bf124056 Fix memleak 2021-12-09 16:02:25 +01:00
Zbigniew Jędrzejewski-Szmek
ce4156b3dd Version 250-rc1
The crypto backend is switched to openssl.
gcrypt is still used for FSS in libsystemd.so.
2021-12-09 16:02:25 +01:00
Zbigniew Jędrzejewski-Szmek
e19aaa4604 Drop comments about already-merged pull request 2021-12-03 15:48:22 +01:00
Ludwig Nussel
6ffa8d89d6 Fix video link 2021-12-02 16:28:17 +00:00
Zbigniew Jędrzejewski-Szmek
d1ad6b189d %ghost /var/lib/{machines,portables} 2021-11-24 10:00:32 +01:00
Davide Cavalca
b7c95ddd9e Disable legacy iptables support 2021-11-19 08:29:38 -08:00
Luca BRUNO
21ca64d8e0
sysusers/provides: parse and output static IDs
This adds support for parsing static UIDs and GIDs from sysusers.d
fragments, and automatically forwarding them to the generated
'Provides' entries.
It will allow inspecting users/groups with static IDs directly
from package metadata:
```
$ rpm --query --provides --package gdm-41.0-3.fc36.x86_64.rpm
[...]
group(gdm) = 42
user(gdm) = 42
```
2021-11-16 16:36:58 +00:00
Zbigniew Jędrzejewski-Szmek
2d54326a8c Bump release
Oh, no autorelease here!
2021-11-15 14:09:32 +01:00
Zbigniew Jędrzejewski-Szmek
1d712f8acf Supress errors on selinux systems
See https://bugzilla.redhat.com/show_bug.cgi?id=2023332.
https://bugzilla.redhat.com/show_bug.cgi?id=2023332 is also related.
2021-11-15 13:47:07 +01:00
Zbigniew Jędrzejewski-Szmek
87e1ce3317 Version 249.7 2021-11-14 16:12:23 +01:00
Petr Menšík
27cc5e08c2 Switch to NM resolver on systemd-resolved uninstall
If /etc/resolv.conf pointed to systemd-resolved stub configuration, it
is obvious it would stop working. Compensate it by deleting the link, it
would be created again on installation. Try to pass ownership to NM,
which also provides similar file. Keep it missing otherwise, might be
created by unknown tool on reboot.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2021-11-14 09:38:52 +00:00