Instead, add systemd-pam to pungi-fedora's multilib whitelist:
https://pagure.io/pungi-fedora/pull-request/1113
This should help with flatpak runtime packaging so that we can avoid
having to ship systemd-pam in the flatpak container.
It turns out that with the Obsoletes, dnf will just install the normal
systemd package if systemd-standalone-* is requested. The commit message
for b36512ad8f which added this says I tested
with local package builds (where it works), but not when going through the
full repo with all packages.
I'm adding the Provides instead, so that it's possible to request on or
the other more easily.
I asked on fedora-devel@, and the lone reply was from Matthew Miller
who tried it once when it was introduced and hasn't used it since.
Dropping this removes the last dependency on libgcrypt and libgpg-error
in libsystemd, significantly reducing our installation footprint.
Right now libmicrohttpd is still linked to libgcrypt, so
libsystemd-journal-remote subpackage will pull libgcrypt in.
When -Dversion-tag was initially added in edaa157918,
I used "v" without any comment. But upstream does not use "v", so we have
versions which don't compare directly:
$ build/systemctl --version|head -n1
systemd 251 (251-66-g7e46a5c+)
$ systemctl --version|head -n1
systemd 251 (v251-1.fc37)
And in 3c4f9413a7, when -Dshared-lib-tag= was
introduced, %{version} was replaced by %{version_no_tilde}, again without any
specific comment. For the shared-lib-tag, it makes sense to use _no_tilde,
because it's enough to have non-conflicting file names, and we don't compare
the tags. I guess I wanted both uses to be consistent. But if we substitute
the tilde, we can't do proper comparisons.
I noticed the following issue: with sd-boot installed from git and a
package, upgrades wouldn't work:
Comparing versions: "systemd-boot v251-1.fc37" < "systemd-boot 251-rc1-390-g3603f15
Skipping "/boot/efi/EFI/systemd/systemd-bootx64.efi", since newer boot loader version in place already.
The two changes should make those comparisons work properly in most
cases.
I tested this with 'sudo dnf --installroot=…', with both
systemd+system-udev installed in one transaction, and in two separate
transactions. Users are created as expected in both cases.
$ rpm -qlv systemd |grep -v 'root root'
-rw-rw-r-- 1 root utmp 0 Jan 22 03:38 /run/utmp
-rw-rw---- 1 root utmp 0 Jan 22 03:38 /var/log/btmp
-rw-rw-r-- 1 root utmp 0 Jan 22 03:38 /var/log/lastlog
-rw-rw-r-- 1 root utmp 0 Jan 22 03:38 /var/log/wtmp
drwxr-sr-x 2 root systemd- 0 Jan 22 03:38 /var/log/journal
During installation rpm would log an error that systemd-journal group
is unknown. We create all our users by calling sysusers in the %post
scriptlet, but that is too late. To avoid the warning we could either
add a %pre scriptlet, but that'd require adding a dependency on
shadow-utils for groupadd, since we can't use our own tools before we
are installed. Let's instead create the directory owned by root.root,
and change the group afterwards. The group ownership is for file
ownership, and in the worst case (we don't assign the group or set
mode +s), unprivileged users will not be able to read the logs.
We also use 'utmp' group, but that is provided by setup.rpm and is not
an issue.
https://bugzilla.redhat.com/show_bug.cgi?id=2018913#c24
For https://fedoraproject.org/wiki/Changes/RenameNobodyUser a scriptlet
was introduced with prevents nss-systemd from synthesizing entries for nobody.
Let's remove the scriptlet: very few people upgrade from such old systems,
and even if they do, having a duplicate entry for nobody is annoying
but hardly a big problem.
(The other side of this, support in nss-systemd remains in place.)
This allows deps on the tools used in the scriptlet to be dropped from -libs.
While at it, also drop noop ldconfig scriptlets.
Related to: https://fedoraproject.org/wiki/Changes/Make_Authselect_Mandatory
Both systemd and resolved nss modules are now enabled by default in
authselect. Users are now expected to use authselect to configure
the system and packages should no longer support non-authselect
configurations.
Resolves: rhbz#2023743
This reverts commit 2afe364ac4.
Unfortunately the build failed on dependencies:
DEBUG util.py:444: Error:
DEBUG util.py:444: Problem: package authselect-libs-1.3.0-1.fc36.x86_64 conflicts with glibc < 2.34.9000-27 provided by glibc-2.34.9000-26.fc36.x86_64
DEBUG util.py:444: - package util-linux-2.37.2-1.fc36.x86_64 requires /etc/pam.d/system-auth, but none of the providers can be installed
DEBUG util.py:444: - package gawk-5.1.1-1.fc36.x86_64 requires libm.so.6()(64bit), but none of the providers can be installed
DEBUG util.py:444: - package gawk-5.1.1-1.fc36.x86_64 requires libm.so.6(GLIBC_2.2.5)(64bit), but none of the providers can be installed
DEBUG util.py:444: - package gawk-5.1.1-1.fc36.x86_64 requires libm.so.6(GLIBC_2.29)(64bit), but none of the providers can be installed
DEBUG util.py:444: - package gawk-5.1.1-1.fc36.x86_64 requires rtld(GNU_HASH), but none of the providers can be installed
DEBUG util.py:444: - package gawk-5.1.1-1.fc36.x86_64 requires libc.so.6(GLIBC_2.34)(64bit), but none of the providers can be installed
DEBUG util.py:444: - conflicting requests
I need to build the package again in rawhide, so this needs to be reverted
for now.
Related to: https://fedoraproject.org/wiki/Changes/Make_Authselect_Mandatory
Both systemd and resolved nss modules are now enabled by default in
authselect. Users are now expected to use authselect to configure
the system and packages should no longer support non-authselect
configurations.
Resolves: rhbz#2023743
If /etc/resolv.conf pointed to systemd-resolved stub configuration, it
is obvious it would stop working. Compensate it by deleting the link, it
would be created again on installation. Try to pass ownership to NM,
which also provides similar file. Keep it missing otherwise, might be
created by unknown tool on reboot.
Signed-off-by: Petr Menšík <pemensik@redhat.com>
Move systemd-resolved daemon and related tools to its own subpackage.
Keep only nss-resolve in systemd, the service itself is moved to
subpackage. It has quite different functionality than systemd package
and deserves own package.
Still recommend resolved from main package
Keep backward compatibility and still recommend systemd-resolved. Allow
removal, but would be installed by default.
This allows a fairly big dependency chain to be pruned in the future,
now other packages pull in setup:
/usr/bin/groupadd → shadow-utils → setup.
It seems we don't need the setup rpm for anything in minimal installations.
There should be no functional change. Testing will be prudent.
systemd-rpm-macros is small, but it pulls in bash and is always one more package.
It is only useful if the rpm building utilities are there, so let's conditionalize
on that.
This is in preparation for https://src.fedoraproject.org/rpms/systemd/pull-request/52,
splitting out systemd-resolved subpackage. The new package should
be pulled in by comps, but this would create a "flag day", because
the systemd-resolved name is currently unknown. So let's add the
virtual Provides now. Even if the package is never split out, it doesn't
cause any harm.
systemd-cryptsetup and systemd-veritysetup link with libcryptsetup, so
this dependency is already in Requires. (Well, not in bootstrap mode,
but I'm pretty sure we don't want to publish rpms built in bootstrap
mode, so it shouldn't matter.)
There isn't really a one size fits all policy since pressure can change
a lot based on whether you have flash or spinning disks (and your swap
configuration as well). But let's be a bit more conservative here.
From a branding perspective, having the fallback hostname be "fedora" for an OS that is not Fedora Linux is incorrect. Go back to using "localhost" in those cases.
This reverts commit db19323db2.
Paths are adjusted. The condition is inverted to actually check the
right thing.
The test is moved before build to make it easier to see. Meson does
the .in substitutions immediately after configuration, so this should
be easier to see.
All scriptlets to disable services upon final package removal are
removed. Removing rpm from a running system is not allowed by dnf and
would generally result in mayhem. Trying to clean up our enablement
symlinks is not useful. Nobody tests this and it almost certainly was
incomplete.
Only do 'journalctl --update-catalog' if /var is writeable, and remove
suppression of errors from 'journalctl --update-catalog'. It shouldn't
fail, and it it does, we should figure out why.
On upgrades, execute 'journalctl --update-catalog' and
'systemd-tmpfiles --create' in %postun, not %post. This way we won't
look at possibly-about-to-be-removed configuration.
Restart various services upon upgrade: systemd-timedated.service
systemd-timesyncd.service systemd-portabled.service
systemd-homed.service systemd-hostnamed.service
systemd-journald.service systemd-localed.service systemd-userdbd.service.
Not doing this was a bug.
user@.service and systemd-logind.service will need special handling
and are not done in this patch.