Also only execute the fallback when we're upgrading the RPM package.
Add a comment to indicate the actual bug in systemd v239 we're trying to
fix with this fallback.
Tested: Upgraded from v239 on a machine and confirmed that running
`sudo systemctl status` was working as expected after the upgrade, rather
than failing with "Access denied."
This might be more reliable when upgrading from an older systemd package. The
systemctl call to reexec will occasionally fail with "Access denied" when we
upgrade from a much older version (like 2-3 versions older). However, sending
PID 1 a SIGTERM is documented to be mostly the same and fixes it 100% of the
times.
Signed-off-by: Anita Zhang <the.anitazha@gmail.com>
Signed-off-by: Filipe Brandenburger <filbranden@gmail.com>
0002-Revert-units-set-NoNewPrivileges-for-all-long-runnin.patch was added exactly
a year ago because selinux policy needed to be updated. I think we can drop the
patch now.
Also drop part of 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch:
the service runs as unprivileged user, so the creation cannot succeed. The other
part of the patch is kept.
systemd package numbering is completely different than
u2f-hidraw-policy, so I'm using a fixed number. "-40" is supposed to
be sufficiently high so that we stay higher and preserve the upgrade
path even if the package is updated in older releases.
In principle systemd supports building without assertions for production,
but we want the assertions to be enabled to catch as many errors early as possible.
Also, let's remove the obsolete work-around for meson not showing logs. This
is already reverted upstream, but apparently not in the version of macros that
Fedora has.
This makes the package smaller:
-rw-rw-r--. 3840040 Feb 9 14:53 x86_64/systemd-241~rc2-1.fc30.x86_64.rpm
-rw-rw-r--. 3794532 Feb 9 15:58 x86_64/systemd-241~rc2-2.fc30.x86_64.rpm
Important binaries like systemd and libsystemd-shared.so are about
10% smaller.
With input from Pavel Březina.
The guard in install scriptlet was borked. The grep call was supposed
to skip the sed call if the file already had correct contents. But the
condition was always true. Added by me in back in 37de5dfe28 ;(
This was added in da15385b06, November 2016, after
nss-resolve was modified to return a special value. When nss-resolve is added to
new installations, it should be configured in this way already, and we shouldn't
modify configuration. Let's drop this too.
The scriptlet to *add* it was removed in 38d93ea79f,
November 2015. We only care about upgrades from previous two releases, so it is
long overdue to remove this.
We tried this back in 2016 and it didn't go so well, because at
that time, preset-all was badly broken. See
https://bugzilla.redhat.com/show_bug.cgi?id=1363858 for the
history there. It seems that the bugs in preset-all were fixed
quite soon after that, but for whatever reason, the change to
%post was not re-applied (probably it just got forgotten).
We've now run into a bug in Rawhide where dbus-daemon is getting
installed before systemd despite having a dependency that should
make that not happen:
https://bugzilla.redhat.com/show_bug.cgi?id=1647172
this is apparently because there are very complex dependency
loops during initial install that rpm cannot find a single
clearly correct 'answer' for, so it does not always choose to
honor this dependency. We can take a look at breaking up those
loops, but we also figured it can't hurt to resurrect this change
to help with such cases: this way if some service with a preset
*does* happen to get installed before systemd, and so its attempt
to apply the preset in its own %post fails, that will be fixed up
here.
This makes it possible to build RPMs from a git tree using
`rpmbuild --build-in-place --noprep` and have resulting RPMs
that will preserve the override of the PAM config file.
This needs to commit to HAVE_SELINUX being defined (since there
is no longer an m4 step to make that stanza conditional), but
that should be acceptable since the %build step calls Meson
with -Dselinux=true.
Tested:
- Chdir into a checkout of github.com/systemd/systemd tree and run:
$ rpmbuild -bb --build-in-place --noprep \
--define "gitcommit $(git rev-parse HEAD)" \
--define "_sourcedir $HOME/fedorarpms/systemd" \
~/fedorarpms/systemd/systemd.spec
- Inspect the contents of systemd-user in the generated RPM package:
$ rpm2cpio ~/rpmbuild/RPMS/x86_64/systemd-239-3.git99352de.fc29.x86_64.rpm \
| cpio -i --to-stdout --quiet ./etc/pam.d/systemd-user
...
account include system-auth
...
session include system-auth
Existing patches moved to the systemd-stable tarball, with the exception
of 0991-core-fix-resetting-of-Delegate-and-properly-ignore-i.patch,
which was partially reverted upstream and is just removed.
2018-03-06 23:21:31,835 INFO pylorax.dnfhelper: Performing post-installation setup tasks
2018-03-06 23:22:41,901 WARNING pylorax.dnfhelper: Non-fatal POSTTRANS scriptlet failure in rpm package kernel-core
warning: %posttrans(kernel-core-4.16.0-0.rc4.git0.1.fc29.x86_6 scriptlet failed, exit status 1
Please specify the kernel command line in /etc/kernel/cmdline!
Could not determine the kernel command line parameters
/usr/lib/kernel/install.d/90-loaderentry.install: line 53: /proc/cmdline: No such file or directory
GRUB now has BootLoaderSpec support, the user can choose to use this by
setting GRUB_ENABLE_BLSCFG to true in /etc/default/grub. On this setup,
grubby isn't used to generate the kernel modules dependencies, instead
the depmod install script could be used.
But the BLS support in GRUB uses the config snippets that are generated
at build time and included in the kernel package, so the loaderentry
install script shouldn't be executed when using GRUB.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
If the directory does not exist in %buildroot, rpm very usefully defaults
to access mask of 0. When the directory is created in the file system, of
course it has some other mode, and rpm -V reports the directory as changed.
The directory /var/lib/systemd/journal-upload must not exist.
If both private and non-private directory exist, then
systemd cannot create link to private directory, and
the service fails to start.
This makes the script try to remove the non-private directory.
Previous method was untenable, because rpm doesn't have a concept of
put those files here, and the rest in there. So for every positive
pattern that was added, we had to add an %exclude line somewhere else.
So let's generate the lists using pattern matching. This is a bit messy
too, but should not require updates when files are added or removed.
(Sometimes it'll be necessary to add a new pattern if the new files
should not land in the main binary package.)
There's some intentional changes:
- man pages are more consistently included with the files they describe
- shell completion scripts similarly
- various kernel-install and modules-load related files are moved
to -udev subpackage
This reverts commits 3fb4a15096
and 0e8350ca14.
Either building with meson or other upstream changes was causing
issues with booting, and I didn't have time to debug this properly.
This is needed because an additional property was added and the
tests fail otherwise. I think adding of the property is OK, it's
fully backwards compatible.
Also use %if 0 syntax to make it easy to copy&paste the commands.
Error: Transaction check error:
file /usr/share/polkit-1/rules.d from install of systemd-233-1.fc27.x86_64 conflicts with file from package polkit-0.113-7.fc26.x86_64
What is included:
- .wants directories
- for our own targets listed in systemd.special(7)
This is not supposed to cover all possible .wants and .requires and .d
dirs for all units, or even targets, or even just our targets, but only
the reasonably common ones that we provide.
It still fails in koji, and I'd have to download each package from
koji by hand to find out what is the issue (or wait until tomorrow for
a compose). Let's just nuke the whole thing, all deps should be installed.
Build failed with the following:
Traceback (most recent call last):
File "./hwdb/parse_hwdb.py", line 195, in <module>
groups = parse(fname)
File "./hwdb/parse_hwdb.py", line 136, in parse
parsed = grammar.parseFile(fname)
File "/usr/lib/python3.6/site-packages/pyparsing.py", line 2142, in parseFile
file_contents = f.read()
File "/usr/lib64/python3.6/encodings/ascii.py", line 26, in decode
return codecs.ascii_decode(input, self.errors)[0]
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position 15765: ordinal not in range(128)
In mock, LC_CTYPE is unset, so python3 defaults to ascii, uselessly.
I think "ID_VENDOR_FROM_DATABASE=VENGIT Korlátolt Felelősségű Társaság"
is the issue here.
The header on the patch is fake. git am does not deal well with just
diff output, mumbling the following:
Applying: seccomp: rework seccomp code, to improve compat with some archs
Applying:
fatal: empty ident name (for <>) not allowed
We should really move away from mucking around with text patches.