Commit Graph

1075 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
0078f9a102 Really move libcryptsetup plugins to -udev 2022-03-17 21:37:30 +01:00
Michael Catanzaro
28acb3f912 Disable default DNS over TLS (#1889901) 2022-03-14 09:48:35 -05:00
Zbigniew Jędrzejewski-Szmek
5e7fc47a08 Avoid trying to create the symlink if there's a dangling symlink already
'test -e' says 'no' for dangling symlinks.

Let's also ignore the error if this fails. We shouldn't fail the
transaction.
2022-02-24 20:27:09 +01:00
Zbigniew Jędrzejewski-Szmek
a4d136e22a Add workaround for audit breakage 2022-02-24 08:56:56 +01:00
Zbigniew Jędrzejewski-Szmek
c971c5b980 Drop some unnecessary requirements 2022-02-24 08:45:02 +01:00
Zbigniew Jędrzejewski-Szmek
8c4c6daba9 Specify owner of utmp/wtmp/btmp/lastlog as root in the rpm listing
The analysis in 1ba983e0be was wrong.
Both systemd-journal and utmp need to be created. For some reason rpm
reports only the first group which is not available. It was
complaining about systemd-journal, and when that was "fixed", it
started complaining about utmp. Let's apply the same logic here.
Non-root users of files owned by utmp group should only matter after a
reboot, and tmpfiles will adjust the ownership.

Running transaction
  Running scriptlet: filesystem-3.16-2.fc36.x86_64                        1/1
  Preparing        :                                                      1/1
  Installing       : libgcc-12.0.1-0.8.fc37.x86_64                       1/76
  Running scriptlet: libgcc-12.0.1-0.8.fc37.x86_64                       1/76
  Installing       : fedora-release-identity-basic-37-0.2.noarch         2/76
  Installing       : tzdata-2021e-4.fc36.noarch                          3/76
  Installing       : pcre2-syntax-10.39-1.fc36.1.noarch                  4/76
  Installing       : ncurses-base-6.2-9.20210508.fc36.noarch             5/76
  Installing       : fedora-gpg-keys-37-0.1.noarch                       6/76
  Installing       : fedora-release-37-0.2.noarch                        7/76
  Installing       : fedora-release-common-37-0.2.noarch                 8/76
  Installing       : fedora-repos-rawhide-37-0.1.noarch                  9/76
  Installing       : fedora-repos-37-0.1.noarch                         10/76
  Installing       : setup-2.13.9.1-3.fc36.noarch                       11/76
  Running scriptlet: setup-2.13.9.1-3.fc36.noarch                       11/76
  Installing       : filesystem-3.16-2.fc36.x86_64                      12/76
  Installing       : basesystem-11-13.fc36.noarch                       13/76
  Installing       : glibc-minimal-langpack-2.35-2.fc37.x86_64          14/76
  Installing       : glibc-common-2.35-2.fc37.x86_64                    15/76
  Running scriptlet: glibc-2.35-2.fc37.x86_64                           16/76
  Installing       : glibc-2.35-2.fc37.x86_64                           16/76
  Running scriptlet: glibc-2.35-2.fc37.x86_64                           16/76
  Installing       : ncurses-libs-6.2-9.20210508.fc36.x86_64            17/76
  Installing       : bash-5.1.16-2.fc36.x86_64                          18/76
  Running scriptlet: bash-5.1.16-2.fc36.x86_64                          18/76
  Installing       : libuuid-2.38-0.2.fc36.x86_64                       19/76
  Installing       : libcap-2.48-4.fc36.x86_64                          20/76
  Installing       : libattr-2.5.1-4.fc36.x86_64                        21/76
  Installing       : libacl-2.3.1-3.fc36.x86_64                         22/76
  Installing       : libzstd-1.5.2-1.fc36.x86_64                        23/76
  Installing       : xz-libs-5.2.5-8.fc36.x86_64                        24/76
  Installing       : zlib-1.2.11-31.fc36.x86_64                         25/76
  Installing       : bzip2-libs-1.0.8-11.fc36.x86_64                    26/76
  Installing       : libcap-ng-0.8.2-9.fc36.x86_64                      27/76
  Installing       : audit-libs-3.0.7-1.fc36.x86_64                     28/76
  Installing       : libsepol-3.3-3.fc36.x86_64                         29/76
  Installing       : libxcrypt-4.4.28-1.fc37.x86_64                     30/76
  Installing       : lz4-libs-1.9.3-4.fc36.x86_64                       31/76
  Installing       : pcre2-10.39-1.fc36.1.x86_64                        32/76
  Installing       : libselinux-3.3-4.fc36.x86_64                       33/76
  Installing       : libsemanage-3.3-3.fc37.x86_64                      34/76
  Installing       : shadow-utils-2:4.11.1-2.fc37.x86_64                35/76
  Installing       : sed-4.8-10.fc36.x86_64                             36/76
  Installing       : dbus-common-1:1.13.20-3.fc36.noarch                37/76
  Running scriptlet: dbus-common-1:1.13.20-3.fc36.noarch                37/76
  Installing       : alternatives-1.19-2.fc36.x86_64                    38/76
  Installing       : expat-2.4.6-1.fc37.x86_64                          39/76
  Installing       : gmp-1:6.2.1-2.fc36.x86_64                          40/76
  Installing       : json-c-0.15-3.fc36.x86_64                          41/76
  Installing       : libargon2-20171227-8.fc36.x86_64                   42/76
  Installing       : libeconf-0.4.0-3.fc36.x86_64                       43/76
  Installing       : pam-libs-1.5.2-11.fc37.x86_64                      44/76
  Installing       : libffi-3.4.2-8.fc36.x86_64                         45/76
  Installing       : p11-kit-0.24.1-2.fc36.x86_64                       46/76
  Installing       : libgpg-error-1.44-1.fc36.x86_64                    47/76
  Installing       : libgcrypt-1.10.0-1.fc36.x86_64                     48/76
  Installing       : systemd-libs-250.3-4.fc37.x86_64                   49/76
  Running scriptlet: dbus-broker-29-5.fc36.x86_64                       50/76
useradd warning: dbus's uid 81 outside of the SYS_UID_MIN 201 and SYS_UID_MAX 999 range.

  Installing       : dbus-broker-29-5.fc36.x86_64                       50/76
  Running scriptlet: dbus-broker-29-5.fc36.x86_64                       50/76
  Installing       : dbus-1:1.13.20-3.fc36.x86_64                       51/76
  Installing       : libseccomp-2.5.3-2.fc36.x86_64                     52/76
  Installing       : libsmartcols-2.38-0.2.fc36.x86_64                  53/76
  Installing       : libtasn1-4.18.0-2.fc36.x86_64                      54/76
  Installing       : p11-kit-trust-0.24.1-2.fc36.x86_64                 55/76
  Running scriptlet: p11-kit-trust-0.24.1-2.fc36.x86_64                 55/76
  Installing       : libunistring-1.0-1.fc36.x86_64                     56/76
  Installing       : libidn2-2.3.2-4.fc36.x86_64                        57/76
  Installing       : pcre-8.45-1.fc36.1.x86_64                          58/76
  Installing       : grep-3.7-2.fc36.x86_64                             59/76
  Installing       : crypto-policies-20220203-2.git112f859.fc36.noarch  60/76
  Running scriptlet: crypto-policies-20220203-2.git112f859.fc36.noarch  60/76
  Installing       : coreutils-common-9.0-3.fc36.x86_64                 61/76
  Installing       : openssl-libs-1:3.0.0-1.fc36.x86_64                 62/76
  Installing       : coreutils-9.0-3.fc36.x86_64                        63/76
  Running scriptlet: ca-certificates-2021.2.52-3.fc36.noarch            64/76
  Installing       : ca-certificates-2021.2.52-3.fc36.noarch            64/76
  Running scriptlet: ca-certificates-2021.2.52-3.fc36.noarch            64/76
  Installing       : libblkid-2.38-0.2.fc36.x86_64                      65/76
  Running scriptlet: libblkid-2.38-0.2.fc36.x86_64                      65/76
  Installing       : libmount-2.38-0.2.fc36.x86_64                      66/76
  Installing       : util-linux-core-2.38-0.2.fc36.x86_64               67/76
  Running scriptlet: util-linux-core-2.38-0.2.fc36.x86_64               67/76
  Installing       : libfdisk-2.38-0.2.fc36.x86_64                      68/76
  Installing       : kmod-libs-29-7.fc36.x86_64                         69/76
  Installing       : cryptsetup-libs-2.4.3-2.fc36.x86_64                70/76
  Installing       : device-mapper-libs-1.02.175-7.fc36.x86_64          71/76
  Installing       : device-mapper-1.02.175-7.fc36.x86_64               72/76
  Installing       : systemd-pam-250.3-4.fc37.x86_64                    73/76
  Installing       : systemd-resolved-250.3-4.fc37.x86_64               74/76
  Running scriptlet: systemd-resolved-250.3-4.fc37.x86_64               74/76
  Installing       : systemd-networkd-250.3-4.fc37.x86_64               75/76
  Running scriptlet: systemd-networkd-250.3-4.fc37.x86_64               75/76
  Installing       : systemd-250.3-4.fc37.x86_64                        76/76
warning: group utmp does not exist - using root
warning: group utmp does not exist - using root
warning: group utmp does not exist - using root
warning: group utmp does not exist - using root

  Running scriptlet: systemd-250.3-4.fc37.x86_64                        76/76
Creating group 'utmp' with GID 22.
Creating group 'input' with GID 104.
Creating group 'kvm' with GID 36.
Creating group 'render' with GID 105.
Creating group 'sgx' with GID 106.
Creating group 'systemd-journal' with GID 190.
Creating group 'systemd-network' with GID 192.
Creating user 'systemd-network' (systemd Network Management) with UID 192 and GID 192.
Creating group 'systemd-oom' with GID 999.
Creating user 'systemd-oom' (systemd Userspace OOM Killer) with UID 999 and GID 999.
Creating group 'systemd-resolve' with GID 193.
Creating user 'systemd-resolve' (systemd Resolver) with UID 193 and GID 193.

  Running scriptlet: filesystem-3.16-2.fc36.x86_64                      76/76
  Running scriptlet: ca-certificates-2021.2.52-3.fc36.noarch            76/76
  Running scriptlet: systemd-resolved-250.3-4.fc37.x86_64               76/76
'/etc/resolv.conf' -> '../run/systemd/resolve/stub-resolv.conf'

  Running scriptlet: systemd-250.3-4.fc37.x86_64                        76/76
2022-02-24 00:11:19 +01:00
Zbigniew Jędrzejewski-Szmek
4cc75bbba5 Move part of %post scriptlet for resolved to %posttrans (rhbz#2018913) 2022-02-23 23:52:08 +01:00
Zbigniew Jędrzejewski-Szmek
996c95efaf Bump release 2022-02-16 22:42:27 +01:00
Zbigniew Jędrzejewski-Szmek
4c2d7265ec Add patch for new kernel headers
It's already included in systemd-stable, but v250.4 hasn't been tagged
yet.
2022-02-16 22:33:01 +01:00
Zbigniew Jędrzejewski-Szmek
e48b9066b7 Drop unused dependencies for scriptlets 2022-02-16 22:33:01 +01:00
Zbigniew Jędrzejewski-Szmek
1ba983e0be Specify owner of /var/log/journal as root in the rpm listing
$ rpm -qlv systemd |grep -v 'root     root'
-rw-rw-r--    1 root     utmp         0 Jan 22 03:38 /run/utmp
-rw-rw----    1 root     utmp         0 Jan 22 03:38 /var/log/btmp
-rw-rw-r--    1 root     utmp         0 Jan 22 03:38 /var/log/lastlog
-rw-rw-r--    1 root     utmp         0 Jan 22 03:38 /var/log/wtmp
drwxr-sr-x    2 root     systemd-     0 Jan 22 03:38 /var/log/journal

During installation rpm would log an error that systemd-journal group
is unknown. We create all our users by calling sysusers in the %post
scriptlet, but that is too late. To avoid the warning we could either
add a %pre scriptlet, but that'd require adding a dependency on
shadow-utils for groupadd, since we can't use our own tools before we
are installed. Let's instead create the directory owned by root.root,
and change the group afterwards. The group ownership is for file
ownership, and in the worst case (we don't assign the group or set
mode +s), unprivileged users will not be able to read the logs.

We also use 'utmp' group, but that is provided by setup.rpm and is not
an issue.

https://bugzilla.redhat.com/show_bug.cgi?id=2018913#c24
2022-02-16 22:33:01 +01:00
Zbigniew Jędrzejewski-Szmek
cac0b2a5a7 Drop scriptlet for handling nobody user upgrades from Fedora <28
For https://fedoraproject.org/wiki/Changes/RenameNobodyUser a scriptlet
was introduced with prevents nss-systemd from synthesizing entries for nobody.
Let's remove the scriptlet: very few people upgrade from such old systems,
and even if they do, having a duplicate entry for nobody is annoying
but hardly a big problem.

(The other side of this, support in nss-systemd remains in place.)

This allows deps on the tools used in the scriptlet to be dropped from -libs.

While at it, also drop noop ldconfig scriptlets.
2022-02-16 22:32:56 +01:00
Zbigniew Jędrzejewski-Szmek
2731a22179 Bias the resolver towards libcurl-minimal 2022-02-10 18:14:26 +01:00
Zbigniew Jędrzejewski-Szmek
b54029abba Drop 20-grubby.install plugin for kernel-install 2022-02-10 18:02:31 +01:00
Zbigniew Jędrzejewski-Szmek
f42ae67ed3 Add pam_namespace to systemd-user pam config 2022-02-10 17:42:47 +01:00
Zbigniew Jędrzejewski-Szmek
3ce3375cc6 Remove duplicated pam systemd-user file 2022-02-10 17:37:56 +01:00
Fedora Release Engineering
c763537617 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-22 02:12:42 +00:00
Zbigniew Jędrzejewski-Szmek
238e8e0e64 Fix creation of /var/log/lastlog
I have no idea how I managed to screw that up yesterday…
2022-01-19 08:31:33 +01:00
Zbigniew Jędrzejewski-Szmek
f97cf5817a Take ownership of /var/log/lastlog
https://pagure.io/setup/pull-request/30 and
https://src.fedoraproject.org/rpms/util-linux/pull-request/10 are the
opposite steps for setup and util-linux.
2022-01-18 16:22:31 +01:00
Zbigniew Jędrzejewski-Szmek
3fe8cebea3 Version 250.3 2022-01-18 12:56:37 +01:00
Zbigniew Jędrzejewski-Szmek
d1787ccd07 Version 250.2 2022-01-10 22:04:43 +01:00
Zbigniew Jędrzejewski-Szmek
c1e2f480f7 Disable bpf filters on s390x 2022-01-04 18:27:08 +01:00
Zbigniew Jędrzejewski-Szmek
206f30e9fd Version 250.1 2022-01-04 18:27:08 +01:00
Zbigniew Jędrzejewski-Szmek
620e0cff6b Install only license files relevant to the effective license
We installed all the license files for the licenses used in the sources
(as %doc), but that doesn't seem useful.
2022-01-04 18:27:08 +01:00
Zbigniew Jędrzejewski-Szmek
60d0bbefe2 Disable bpf filters on arm64 2021-12-30 21:42:10 +01:00
Zbigniew Jędrzejewski-Szmek
114f45fe1f Skip bpf filtering on arm32 and ppc64el 2021-12-28 16:10:15 +01:00
Zbigniew Jędrzejewski-Szmek
7993a98ea4 Enable bpf-framework 2021-12-25 15:31:58 +01:00
Zbigniew Jędrzejewski-Szmek
3c872dc5d9 Fix warning about systemd-boot-update.service not existing on arm32 2021-12-25 11:02:05 +01:00
Zbigniew Jędrzejewski-Szmek
2edf38c273 Version 250 2021-12-23 21:15:44 +01:00
Zbigniew Jędrzejewski-Szmek
34a8fa5907 Switch unit status name format to 'combined' 2021-12-23 13:45:31 +01:00
Zbigniew Jędrzejewski-Szmek
b1af825426 Version 250-rc3 2021-12-20 19:48:35 +01:00
Zbigniew Jędrzejewski-Szmek
7f4e198603 Create /etc/resolv.conf symlink if nothing is present yet 2021-12-18 17:40:12 +01:00
Zbigniew Jędrzejewski-Szmek
184bb74091 Move libcryptsetup-token plugins to -udev 2021-12-14 19:09:00 +01:00
Zbigniew Jędrzejewski-Szmek
711d924ba3 Move systemd-boot-update.service to -udev subpackage
It will not be enabled on upgrades, but I think this is OK. sd-boot
is not very widely used anyway.
2021-12-12 13:01:40 +01:00
Pavel Březina
0898a89444 spec: remove nsswitch.conf scriptlet
Related to: https://fedoraproject.org/wiki/Changes/Make_Authselect_Mandatory

Both systemd and resolved nss modules are now enabled by default in
authselect. Users are now expected to use authselect to configure
the system and packages should no longer support non-authselect
configurations.

Resolves: rhbz#2023743
2021-12-10 17:09:21 +01:00
Zbigniew Jędrzejewski-Szmek
b24b99d669 Add Recommends for dlopened libs and move files into subpackages 2021-12-09 23:23:39 +01:00
Zbigniew Jędrzejewski-Szmek
1634b1b16a Revert "spec: remove nsswitch.conf scriptlet"
This reverts commit 2afe364ac4.

Unfortunately the build failed on dependencies:
DEBUG util.py:444:  Error:
DEBUG util.py:444:   Problem: package authselect-libs-1.3.0-1.fc36.x86_64 conflicts with glibc < 2.34.9000-27 provided by glibc-2.34.9000-26.fc36.x86_64
DEBUG util.py:444:    - package util-linux-2.37.2-1.fc36.x86_64 requires /etc/pam.d/system-auth, but none of the providers can be installed
DEBUG util.py:444:    - package gawk-5.1.1-1.fc36.x86_64 requires libm.so.6()(64bit), but none of the providers can be installed
DEBUG util.py:444:    - package gawk-5.1.1-1.fc36.x86_64 requires libm.so.6(GLIBC_2.2.5)(64bit), but none of the providers can be installed
DEBUG util.py:444:    - package gawk-5.1.1-1.fc36.x86_64 requires libm.so.6(GLIBC_2.29)(64bit), but none of the providers can be installed
DEBUG util.py:444:    - package gawk-5.1.1-1.fc36.x86_64 requires rtld(GNU_HASH), but none of the providers can be installed
DEBUG util.py:444:    - package gawk-5.1.1-1.fc36.x86_64 requires libc.so.6(GLIBC_2.34)(64bit), but none of the providers can be installed
DEBUG util.py:444:    - conflicting requests

I need to build the package again in rawhide, so this needs to be reverted
for now.
2021-12-09 18:49:59 +01:00
Pavel Březina
2afe364ac4 spec: remove nsswitch.conf scriptlet
Related to: https://fedoraproject.org/wiki/Changes/Make_Authselect_Mandatory

Both systemd and resolved nss modules are now enabled by default in
authselect. Users are now expected to use authselect to configure
the system and packages should no longer support non-authselect
configurations.

Resolves: rhbz#2023743
2021-12-09 18:27:16 +01:00
Zbigniew Jędrzejewski-Szmek
11bf124056 Fix memleak 2021-12-09 16:02:25 +01:00
Zbigniew Jędrzejewski-Szmek
ce4156b3dd Version 250-rc1
The crypto backend is switched to openssl.
gcrypt is still used for FSS in libsystemd.so.
2021-12-09 16:02:25 +01:00
Zbigniew Jędrzejewski-Szmek
e19aaa4604 Drop comments about already-merged pull request 2021-12-03 15:48:22 +01:00
Zbigniew Jędrzejewski-Szmek
d1ad6b189d %ghost /var/lib/{machines,portables} 2021-11-24 10:00:32 +01:00
Davide Cavalca
b7c95ddd9e Disable legacy iptables support 2021-11-19 08:29:38 -08:00
Zbigniew Jędrzejewski-Szmek
2d54326a8c Bump release
Oh, no autorelease here!
2021-11-15 14:09:32 +01:00
Zbigniew Jędrzejewski-Szmek
87e1ce3317 Version 249.7 2021-11-14 16:12:23 +01:00
Petr Menšík
27cc5e08c2 Switch to NM resolver on systemd-resolved uninstall
If /etc/resolv.conf pointed to systemd-resolved stub configuration, it
is obvious it would stop working. Compensate it by deleting the link, it
would be created again on installation. Try to pass ownership to NM,
which also provides similar file. Keep it missing otherwise, might be
created by unknown tool on reboot.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2021-11-14 09:38:52 +00:00
Kir Kolyshkin
9309bd3038 Fix scope activation from a user instance
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2021-11-11 15:36:06 -08:00
Zbigniew Jędrzejewski-Szmek
89ea50d07a Fix helper to restart user units with older systemd 2021-11-08 10:27:00 +01:00
Zbigniew Jędrzejewski-Szmek
ebeb76453a Version 249.6 2021-11-04 14:33:29 +01:00
Adam Williamson
6a6e2b723e Backport PR #133 to fix boot 2021-10-29 14:25:29 -07:00
Zbigniew Jędrzejewski-Szmek
837a32b7cd Version 249.5 2021-10-13 09:13:06 +02:00
Zbigniew Jędrzejewski-Szmek
013143c94e Wrap package descriptions at 80 columns 2021-09-29 17:19:21 +02:00
Zbigniew Jędrzejewski-Szmek
9802d8ce77 Fix build with the latest kernels 2021-09-15 16:59:31 +02:00
Sahana Prasad
46a408102a Rebuilt with OpenSSL 3.0.0 2021-09-14 19:16:25 +02:00
Zbigniew Jędrzejewski-Szmek
7a99d80faa Version 249.4 2021-08-24 14:51:54 +02:00
Zbigniew Jędrzejewski-Szmek
b0031ef378 Version 294.3 2021-08-06 16:11:50 +02:00
Zbigniew Jędrzejewski-Szmek
4d6b947613 Version 249.2 2021-07-23 17:05:52 +02:00
Michael Catanzaro
e78d9b34cb Build with -Ddefault-dns-over-tls=opportunistic 2021-07-23 12:45:59 +02:00
Zbigniew Jędrzejewski-Szmek
c61b9c5d29 Version 249.1 2021-07-20 15:18:39 +02:00
Zbigniew Jędrzejewski-Szmek
a6bdda479d Add sfdisk to BuildRequires
https://bugzilla.redhat.com/show_bug.cgi?id=1983450
2021-07-20 09:40:39 +02:00
a0d61b955d Use correct NEWS URLs for systemd 249 releases in changelog entries 2021-07-07 20:54:55 -04:00
a54f704deb Make local checkout builds use Release: 0
This ensures that local checkout builds always have a lower Release
than officially built snapshot releases.
2021-07-07 20:54:21 -04:00
Zbigniew Jędrzejewski-Szmek
6dd3849ca6 Version 249 2021-07-07 21:47:57 +02:00
Zbigniew Jędrzejewski-Szmek
d0f46326ec Version 249-rc3 2021-07-01 20:17:16 +02:00
Zbigniew Jędrzejewski-Szmek
c323a213de Adjust check for outdated triggers file
With the switch to jinja2, the file is generated during normal build, so
we need to move the check later.
2021-06-25 18:30:40 +02:00
Zbigniew Jędrzejewski-Szmek
379f157396 Version 249-rc2 2021-06-25 17:25:07 +02:00
Adam Williamson
2383d1a974 top systemd providing systemd-resolved, now the subpackage exists 2021-06-17 14:28:18 -07:00
Zbigniew Jędrzejewski-Szmek
b764a2387b resolved: fix skipping of scriptlet on upgrades
We don't want to preset and we don't want to create the symlink either.
2021-06-16 22:37:47 +02:00
Petr Menšík
be0f563352 Create separate systemd-resolved package
Move systemd-resolved daemon and related tools to its own subpackage.
Keep only nss-resolve in systemd, the service itself is moved to
subpackage. It has quite different functionality than systemd package
and deserves own package.

Still recommend resolved from main package

Keep backward compatibility and still recommend systemd-resolved. Allow
removal, but would be installed by default.
2021-06-16 22:37:44 +02:00
Davide Cavalca
1627707067 Switch systemd-oomd-defaults to noarch 2021-06-16 22:22:24 +02:00
Zbigniew Jędrzejewski-Szmek
807d245ab1 Use ternarny operators 2021-06-16 22:22:12 +02:00
Zbigniew Jędrzejewski-Szmek
a49146325a Use systemd-sysusers to create users
This allows a fairly big dependency chain to be pruned in the future,
now other packages pull in setup:

  /usr/bin/groupadd → shadow-utils → setup.

It seems we don't need the setup rpm for anything in minimal installations.

There should be no functional change. Testing will be prudent.
2021-06-16 22:21:39 +02:00
Zbigniew Jędrzejewski-Szmek
33320dcf58 Version 249-rc1 2021-06-16 22:21:12 +02:00
Zbigniew Jędrzejewski-Szmek
535a8b5b98 Pull in util-linux-core in preference over util-linux
I hope that ( … or … ) does the right thing here.

See b50e3f3a07.
2021-06-16 22:17:30 +02:00
Zbigniew Jędrzejewski-Szmek
a82ca9b3d8 Only pull in systemd-rpm-macros if rpm-build is installed
systemd-rpm-macros is small, but it pulls in bash and is always one more package.
It is only useful if the rpm building utilities are there, so let's conditionalize
on that.
2021-06-16 22:17:26 +02:00
Zbigniew Jędrzejewski-Szmek
05f788e704 Add support and directions for doing builds with --build-in-place 2021-06-01 09:01:14 +02:00
David Tardon
b5ae705da9 Fix ELF dependencies on 32-bit architectures 2021-05-20 17:08:36 +02:00
Zbigniew Jędrzejewski-Szmek
d58c95a2fe Add Provides:systemd-resolved
This is in preparation for https://src.fedoraproject.org/rpms/systemd/pull-request/52,
splitting out systemd-resolved subpackage. The new package should
be pulled in by comps, but this would create a "flag day", because
the systemd-resolved name is currently unknown. So let's add the
virtual Provides now. Even if the package is never split out, it doesn't
cause any harm.
2021-05-19 11:28:14 +02:00
David Tardon
0806bb5b1d Drop superfluous Recommends: libcryptsetup
systemd-cryptsetup and systemd-veritysetup link with libcryptsetup, so
this dependency is already in Requires. (Well, not in bootstrap mode,
but I'm pretty sure we don't want to publish rpms built in bootstrap
mode, so it shouldn't matter.)
2021-05-18 14:11:41 +02:00
Zbigniew Jędrzejewski-Szmek
ec9ca01d16 Adjust BuildRequires
python3-devel hasn't been needed since we split out the python module,
a few years ago.

Pull in jinja2 for https://github.com/systemd/systemd/pull/19630.
2021-05-17 08:04:52 +02:00
Zbigniew Jędrzejewski-Szmek
67ce438bf3 Version 248.3 2021-05-15 18:59:15 +02:00
Zbigniew Jędrzejewski-Szmek
bc53b30e4d Version 248.2 2021-05-07 16:25:27 +02:00
Zbigniew Jędrzejewski-Szmek
db26d980dd Correct file modes for %ghosted files
/var/log/btmp was changed in https://github.com/systemd/systemd/commit/f6e64b78cc,
but never adjusted here.
2021-05-07 16:25:27 +02:00
Zbigniew Jędrzejewski-Szmek
141af483cc Pull in tpm2-tss dependency 2021-05-06 15:31:15 +02:00
Zbigniew Jędrzejewski-Szmek
42c305ce28 Version 248.1 2021-05-06 15:31:14 +02:00
Adam Williamson
58e2c63a03 Re-enable resolved caching, hope all major bugs are fixed
Signed-off-by: Adam Williamson <awilliam@redhat.com>
2021-04-06 13:40:25 -07:00
Zbigniew Jędrzejewski-Szmek
f0032c4da6 Version 248 2021-03-31 10:02:07 +02:00
Anita Zhang
a62a7c17cc Increase oomd user memory pressure limit to 50% for 20s (#1941170)
There isn't really a one size fits all policy since pressure can change
a lot based on whether you have flash or spinning disks (and your swap
configuration as well). But let's be a bit more conservative here.
2021-03-30 12:11:37 +02:00
Zbigniew Jędrzejewski-Szmek
310b8e6c95 Move nss-myhostname before nss-mdns4 2021-03-26 17:51:05 +01:00
Zbigniew Jędrzejewski-Szmek
d6a1608082 Make sure not to lose systemd-networkd enablement when upgrading from F32 2021-03-26 17:49:04 +01:00
Zbigniew Jędrzejewski-Szmek
65248cc181 Revert patch that seems to cause problems with dns resolution 2021-03-24 11:46:41 +01:00
Zbigniew Jędrzejewski-Szmek
6384abb1d1 A few more patches 2021-03-23 01:08:51 +01:00
Adam Williamson
58e51a6f6e Disable resolved cache via config snippet (#1940715) 2021-03-19 18:33:30 -07:00
Yu Watanabe
98c9d9f8c5 Disable epoll_pwait2() in sd-event 2021-03-19 04:34:25 +09:00
Yu Watanabe
a602ccade1 Drop #pragma message from patch 2021-03-19 02:10:21 +09:00
Yu Watanabe
f7802408f9 Disable epoll2_pwait2() for 32bit archs 2021-03-19 01:27:13 +09:00
Yu Watanabe
45fafe9791 Version 248-rc4 2021-03-18 23:41:25 +09:00
Adam Williamson
22e7d02418 Backport PR #19009 to fix CNAME redirect resolving some more (#1933433) 2021-03-16 14:58:01 -07:00
Zbigniew Jędrzejewski-Szmek
4fcd500d9b Patch to fix tests on i686 and arm32 2021-03-11 20:45:51 +01:00
Zbigniew Jędrzejewski-Szmek
0a7c16de28 Version 248-rc3 2021-03-11 15:26:42 +01:00
Zbigniew Jędrzejewski-Szmek
274df24b64 Add work-around for crash during upgrades 2021-03-11 13:23:45 +01:00
Zbigniew Jędrzejewski-Szmek
4b2af1ee0f Backport one patch for beta freeze exception 2021-03-11 12:37:25 +01:00
Adam Williamson
e5f70dadb2 Backport PR #18892 to fix stub resolver CNAME chain resolving (#1933433) 2021-03-06 11:08:13 -08:00
Josh Boyer
13d1341b10 Don't set the fallback hostname to "fedora" on non-Fedora OSes
From a branding perspective, having the fallback hostname be "fedora" for an OS that is not Fedora Linux is incorrect.  Go back to using "localhost" in those cases.
2021-03-01 14:10:02 +00:00
Zbigniew Jędrzejewski-Szmek
4d3f7b560d Version 248-rc2 2021-02-23 19:08:11 +01:00
Zbigniew Jędrzejewski-Szmek
729e28aae5 Bump release 2021-02-23 09:46:02 +01:00
Zbigniew Jędrzejewski-Szmek
e0b3ead233 Restore trigger freshness check
This reverts commit db19323db2.
Paths are adjusted. The condition is inverted to actually check the
right thing.

The test is moved before build to make it easier to see. Meson does
the .in substitutions immediately after configuration, so this should
be easier to see.
2021-02-23 09:33:34 +01:00
Zbigniew Jędrzejewski-Szmek
1992c5552f Version 248-rc1 2021-02-23 02:15:45 +01:00
Zbigniew Jędrzejewski-Szmek
3ba8081e77 Use %version_no_tilde instead of custom macro 2021-02-23 01:48:03 +01:00
Michel Alexandre Salim
2d2d8b7165 Increase oomd user memory pressure limit to 10% (#1929856)
Signed-off-by: Michel Alexandre Salim <salimma@fedoraproject.org>
2021-02-17 16:19:16 -08:00
Zbigniew Jędrzejewski-Szmek
0257583091 Rename trigger to appease rpm 2021-02-16 18:59:45 +01:00
Michel Alexandre Salim
9a909cfdf6 Add %triggerun to call systemctl preset for systemd-oomd
Signed-off-by: Michel Alexandre Salim <salimma@fedoraproject.org>
2021-02-16 08:39:32 -08:00
Zbigniew Jędrzejewski-Szmek
c4675f57dd Rework %post/%postun scriptlets
All scriptlets to disable services upon final package removal are
removed. Removing rpm from a running system is not allowed by dnf and
would generally result in mayhem. Trying to clean up our enablement
symlinks is not useful. Nobody tests this and it almost certainly was
incomplete.

Only do 'journalctl --update-catalog' if /var is writeable, and remove
suppression of errors from 'journalctl --update-catalog'. It shouldn't
fail, and it it does, we should figure out why.

On upgrades, execute 'journalctl --update-catalog' and
'systemd-tmpfiles --create' in %postun, not %post. This way we won't
look at possibly-about-to-be-removed configuration.

Restart various services upon upgrade: systemd-timedated.service
systemd-timesyncd.service systemd-portabled.service
systemd-homed.service systemd-hostnamed.service
systemd-journald.service systemd-localed.service systemd-userdbd.service.
Not doing this was a bug.

user@.service and systemd-logind.service will need special handling
and are not done in this patch.
2021-02-11 14:46:01 +01:00
Anita Zhang
834f04c00b Bump to 247.3-2 for systemd-oomd finishes and systemd-oomd-defaults subpackage
Changes for https://fedoraproject.org/wiki/Changes/EnableSystemdOomd.
Backports primarily PR #18361, #18444, and #18401 (#18401 is not merged
at the time of writing this commit) + some minor PRs to handle conflicts.
Creates systemd-oomd-defaults subpackage to install unit drop-ins that
will configure systemd-oomd to monitor and act.
2021-02-11 13:09:33 +01:00
Anita Zhang
0175bb7014 Create systemd-oom user in %pre 2021-02-11 12:03:41 +00:00
Zbigniew Jędrzejewski-Szmek
8a86f313c7 Version 247.3 2021-02-02 18:06:07 +01:00
Zbigniew Jędrzejewski-Szmek
5baa3097f2 Merge repeated systemctl invocations in scriptlets 2021-02-02 15:22:45 +01:00
Zbigniew Jędrzejewski-Szmek
54b5e90428 Restore patches that were removed by mistake
Reverses one chunk of 88c9300a60.
2021-02-01 19:28:03 +01:00
Zbigniew Jędrzejewski-Szmek
88c9300a60 Reorder patch to separate downstream-only patches
For https://github.com/systemd-ci-incubator/systemd/pull/5:
we want to drop any upstream patches when building from upstream git.
2021-01-28 12:00:51 +01:00
Fedora Release Engineering
3f3c4bc8c8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-27 21:31:58 +00:00
Zbigniew Jędrzejewski-Szmek
2de2f66739 Remove systemd-networkd recommendation in eln builds
Apparently the Recommends causes the networkd subpackage to be
pulled into eln by default, which is unwanted.
2021-01-26 11:53:14 +01:00
Zbigniew Jędrzejewski-Szmek
45c8a69a1e Fix bfq patch again
https://bugzilla.redhat.com/show_bug.cgi?id=1813219#c3
2021-01-13 16:41:37 +01:00
Zbigniew Jędrzejewski-Szmek
387db8643f Make lto opt-out work again 2021-01-13 13:52:14 +01:00
Jonathan G. Underwood
5b6dfac2cc Add patch to allow crypttab to support workqueue disablement
This patch enables support of the following options in
/etc/crypttab:

    - no-read-workqueue
    - no-write-workqueue

This patch corresponds to the upstream pull request that has been
merged and will be in systemd 248:

    https://github.com/systemd/systemd/pull/18062/
2020-12-23 20:09:35 +00:00
Zbigniew Jędrzejewski-Szmek
3e123da08e Version 247.2 2020-12-16 16:32:59 +01:00
Zbigniew Jędrzejewski-Szmek
0a51c274d6 Revert the fallback hostname revert
Sadly, this does not work.

It seems NM queries resolved for the local IP address and gets "linux"
and sets that as the transient hostname. Resolved has a "fallback hostname"
(that will now again be "fedora"), but it also has a fallback fallback hostname
that is "linux" that it used in reverse dns queries and such. NM gets
the "linux" name and tells hostnamed to use that as the transient hostname.
I don't think this is an improvement, since "linux" is a problematic
as "fedora". So let's revert this for now to avoid pointless churn,
until we figure out a real solution.
2020-12-08 20:11:57 +01:00
Bastien Nocera
a91e823771 + systemd-247.1-2
Unset fallback-hostname as plenty of applications expected localhost
  to mean "default hostname" without ever standardising it (#1892235)

This reverts commit 6eb8bcde28.
2020-12-04 10:51:13 +01:00
Zbigniew Jędrzejewski-Szmek
97a6085912 Version 247.1 2020-12-01 10:55:58 +01:00
Zbigniew Jędrzejewski-Szmek
8bb6dc993a Version 247 2020-11-26 19:53:39 +01:00
Zbigniew Jędrzejewski-Szmek
afdd35ec48 Really ignore test failure 2020-11-12 15:07:11 +01:00
Zbigniew Jędrzejewski-Szmek
d9fc59f9a9 Ignore one test failure 2020-11-12 14:31:27 +01:00
Zbigniew Jędrzejewski-Szmek
bca98cfc50 Compile with oomd 2020-11-12 13:08:11 +01:00
Zbigniew Jędrzejewski-Szmek
39bdda8d19 Pull in perl for tests 2020-11-12 12:56:08 +01:00
Zbigniew Jędrzejewski-Szmek
f28a96e50a Version 247-rc2 2020-11-12 12:56:08 +01:00
Zbigniew Jędrzejewski-Szmek
5bf2aac8b4 Stop creating resolv.conf symlink in more circumstances 2020-11-12 12:56:08 +01:00
Zbigniew Jędrzejewski-Szmek
a734fa3ff3 Add workaround for selinux preventing use of selinux status page 2020-11-12 12:56:08 +01:00
Zbigniew Jędrzejewski-Szmek
b6a8363c43 Use normal scriptlets for systemd-networkd 2020-11-12 12:56:08 +01:00
Zbigniew Jędrzejewski-Szmek
550422fe1b Version 247-rc1 2020-11-12 12:56:08 +01:00
Robert Scheck
5acb5c4c08 Harmonize networkd description/summary with other sub-packages 2020-10-20 17:15:42 +00:00
Zbigniew Jędrzejewski-Szmek
96b7895b99 Do not touch resolv.conf if it is a mountpoint
https://bugzilla.redhat.com/show_bug.cgi?id=1885101
2020-10-08 11:52:07 +02:00
Zbigniew Jędrzejewski-Szmek
14b2fafb36 resolve: remove the fallback dns server list
DNS questions (which necessarilly include IP addresses) are personally
indentifying information in the sense of GDPR
(https://gdpr.eu/eu-gdpr-personal-data/ explicitly lists IP address as
PII). Sending those packets to Google or Cloudflare is "forwarding"
this PII to them. GDPR says that information which is not enough to
identify individuals still needs to be protected because it may be
combined with other information or processed with improved technology
later. So even though the information in DNS alone it not very big, it
may be interpreted as protected information in various scenarios.

When Fedora is installed by an end-user, they must have the reasonable
expectation that Fedora will contant Fedora servers for updates and
status checks and such. But the case of DNS packets is different,
because the dns servers are not under our control. While most of the
time the information leak through DNS is negligible, we can't rule out
scenarios where it could be considered more important.

Another thing to consider is that ISP and other local internet access
mechanisms are probably worse overall for privacy compared to google and
cloudflare dns servers. Nevertheless, they are more obvious to users and
fit better in the regulatory framework, because there are local laws
that govern them and implicitic or explicit agreements for their use.
Whereas US-based servers are foreign and are covered by different rules.

The fallback DNS servers don't matter most of the time because
NetworkManager will include the servers from a DHCP lease. So
hopefully users will not see any effect from the change done in this
patch. Right now I think it is better to avoid the legal and privacy
risk. If it turns out this change causes noticable problems, we might
want to reconsider. In particular we could use the fallback servers
only in containers and such which are not "personal" machines and there
is no particular person attached to them.

https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/3C4KESHIMZDB6XCFO4EOBEDV4Q2AVVQ5/

I think we could provide a default dns server list more reasonably if
there was some kind of privacy policy published by Fedora and users
could at least learn about those defaults. Sadly, we don't have any
relevant privacy policy (https://pagure.io/Fedora-Council/tickets/issue/53).
2020-10-06 14:09:53 +02:00
Dusty Mabe
283a994776 split-files: break out more files into networkd subpackage
There were some things left in the main package that should have
been in the sub package (including networkd.conf). This is an attempt
to make the list of files in the networkd package more correct.

It explicitly tries to leave sytemd-network-generator and the network
targets in the main package.
2020-10-01 09:14:06 +02:00
Zbigniew Jędrzejewski-Szmek
7d7120d566 Only create resolv.conf symlink if sd-resolved.service is enabled
This way, if one wants to opt-out of resolved, installing a preset
that disables the service is enough. Previously that would only disable
the service, but a dangling symlink would be created.
2020-09-30 23:12:12 +02:00
Zbigniew Jędrzejewski-Szmek
3905512117 Upgrades: only replace NM /etc/resolv.conf if NM is enabled 2020-09-29 18:30:47 +02:00
Zbigniew Jędrzejewski-Szmek
ce6da66f61 Pull in libfido2-devel
fido2 support in homed was actually unavailable.
2020-09-27 14:03:41 +02:00
Zbigniew Jędrzejewski-Szmek
147b753f29 Fix permissions on libsystemd-shared.abignore 2020-09-27 14:03:41 +02:00
Zbigniew Jędrzejewski-Szmek
f10da8ae84 Add option to disable lto
This makes the build noticably faster.
2020-09-27 14:03:41 +02:00
Zbigniew Jędrzejewski-Szmek
b36512ad8f Make main package Conflicts+Obsoletes with -standalone- subpackages
I'm not entirely sure if this is the right form...
Is Conflicts? useful when we have Obsoletes?

Seem to work OK. I tested:
dnf --installroot=... install x86_64/systemd-standalone-sysusers-246.6-2.fc34.x86_64.rpm  x86_64/systemd-standalone-tmpfiles-246.6-2.fc34.x86_64.rpm
→ succeeds with a new installation
→ fails if the installroot already had systemd installed
dnf --installroot=... install x86_64/systemd{,-libs,-pam}-246.6-2.fc34.x86_64.rpm noarch/systemd-noarch-246.6-2.fc34.noarch.rpm
→ uninstalls the two standalone packages
2020-09-27 14:01:34 +02:00
Filipe Brandenburger
b50e9d7f29 Create separate standalone packages for tmpfiles and sysusers
These packages include binaries that link to a static version of
libsystemd-shared, so they don't depend on the systemd-libs package at
runtime.

These packages are intended to expose systemd-tmpfiles and systemd-sysusers
to non-systemd systems, such as container images.

Note that static linking only pulls in the small subset of functions from
libsystemd-shared that are actually used by the binaries, so the total size of
a statically linked binary is much smaller than the sum of the shared binary
with the shared library. The resulting binaries on an x86_64 build have 272KB
(tmpfiles) and 180KB (sysusers).

This commit relies on the -Dstandalone-binaries=true build configuration that
was pushed upstream in PR 16061 and released in systemd v246.
2020-09-26 21:00:25 +02:00
Christian Glombek
f455b2249a Split out networkd sub-package
And add it to main package as recommended dependency.
2020-09-26 20:43:40 +02:00