Commit Graph

896 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
afdd35ec48 Really ignore test failure 2020-11-12 15:07:11 +01:00
Zbigniew Jędrzejewski-Szmek
d9fc59f9a9 Ignore one test failure 2020-11-12 14:31:27 +01:00
Zbigniew Jędrzejewski-Szmek
bca98cfc50 Compile with oomd 2020-11-12 13:08:11 +01:00
Zbigniew Jędrzejewski-Szmek
39bdda8d19 Pull in perl for tests 2020-11-12 12:56:08 +01:00
Zbigniew Jędrzejewski-Szmek
f28a96e50a Version 247-rc2 2020-11-12 12:56:08 +01:00
Zbigniew Jędrzejewski-Szmek
5bf2aac8b4 Stop creating resolv.conf symlink in more circumstances 2020-11-12 12:56:08 +01:00
Zbigniew Jędrzejewski-Szmek
a734fa3ff3 Add workaround for selinux preventing use of selinux status page 2020-11-12 12:56:08 +01:00
Zbigniew Jędrzejewski-Szmek
b6a8363c43 Use normal scriptlets for systemd-networkd 2020-11-12 12:56:08 +01:00
Zbigniew Jędrzejewski-Szmek
550422fe1b Version 247-rc1 2020-11-12 12:56:08 +01:00
Robert Scheck
5acb5c4c08 Harmonize networkd description/summary with other sub-packages 2020-10-20 17:15:42 +00:00
Zbigniew Jędrzejewski-Szmek
96b7895b99 Do not touch resolv.conf if it is a mountpoint
https://bugzilla.redhat.com/show_bug.cgi?id=1885101
2020-10-08 11:52:07 +02:00
Zbigniew Jędrzejewski-Szmek
14b2fafb36 resolve: remove the fallback dns server list
DNS questions (which necessarilly include IP addresses) are personally
indentifying information in the sense of GDPR
(https://gdpr.eu/eu-gdpr-personal-data/ explicitly lists IP address as
PII). Sending those packets to Google or Cloudflare is "forwarding"
this PII to them. GDPR says that information which is not enough to
identify individuals still needs to be protected because it may be
combined with other information or processed with improved technology
later. So even though the information in DNS alone it not very big, it
may be interpreted as protected information in various scenarios.

When Fedora is installed by an end-user, they must have the reasonable
expectation that Fedora will contant Fedora servers for updates and
status checks and such. But the case of DNS packets is different,
because the dns servers are not under our control. While most of the
time the information leak through DNS is negligible, we can't rule out
scenarios where it could be considered more important.

Another thing to consider is that ISP and other local internet access
mechanisms are probably worse overall for privacy compared to google and
cloudflare dns servers. Nevertheless, they are more obvious to users and
fit better in the regulatory framework, because there are local laws
that govern them and implicitic or explicit agreements for their use.
Whereas US-based servers are foreign and are covered by different rules.

The fallback DNS servers don't matter most of the time because
NetworkManager will include the servers from a DHCP lease. So
hopefully users will not see any effect from the change done in this
patch. Right now I think it is better to avoid the legal and privacy
risk. If it turns out this change causes noticable problems, we might
want to reconsider. In particular we could use the fallback servers
only in containers and such which are not "personal" machines and there
is no particular person attached to them.

https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/3C4KESHIMZDB6XCFO4EOBEDV4Q2AVVQ5/

I think we could provide a default dns server list more reasonably if
there was some kind of privacy policy published by Fedora and users
could at least learn about those defaults. Sadly, we don't have any
relevant privacy policy (https://pagure.io/Fedora-Council/tickets/issue/53).
2020-10-06 14:09:53 +02:00
Dusty Mabe
283a994776 split-files: break out more files into networkd subpackage
There were some things left in the main package that should have
been in the sub package (including networkd.conf). This is an attempt
to make the list of files in the networkd package more correct.

It explicitly tries to leave sytemd-network-generator and the network
targets in the main package.
2020-10-01 09:14:06 +02:00
Zbigniew Jędrzejewski-Szmek
7d7120d566 Only create resolv.conf symlink if sd-resolved.service is enabled
This way, if one wants to opt-out of resolved, installing a preset
that disables the service is enough. Previously that would only disable
the service, but a dangling symlink would be created.
2020-09-30 23:12:12 +02:00
Zbigniew Jędrzejewski-Szmek
3905512117 Upgrades: only replace NM /etc/resolv.conf if NM is enabled 2020-09-29 18:30:47 +02:00
Zbigniew Jędrzejewski-Szmek
ce6da66f61 Pull in libfido2-devel
fido2 support in homed was actually unavailable.
2020-09-27 14:03:41 +02:00
Zbigniew Jędrzejewski-Szmek
147b753f29 Fix permissions on libsystemd-shared.abignore 2020-09-27 14:03:41 +02:00
Zbigniew Jędrzejewski-Szmek
f10da8ae84 Add option to disable lto
This makes the build noticably faster.
2020-09-27 14:03:41 +02:00
Zbigniew Jędrzejewski-Szmek
b36512ad8f Make main package Conflicts+Obsoletes with -standalone- subpackages
I'm not entirely sure if this is the right form...
Is Conflicts? useful when we have Obsoletes?

Seem to work OK. I tested:
dnf --installroot=... install x86_64/systemd-standalone-sysusers-246.6-2.fc34.x86_64.rpm  x86_64/systemd-standalone-tmpfiles-246.6-2.fc34.x86_64.rpm
→ succeeds with a new installation
→ fails if the installroot already had systemd installed
dnf --installroot=... install x86_64/systemd{,-libs,-pam}-246.6-2.fc34.x86_64.rpm noarch/systemd-noarch-246.6-2.fc34.noarch.rpm
→ uninstalls the two standalone packages
2020-09-27 14:01:34 +02:00
Filipe Brandenburger
b50e9d7f29 Create separate standalone packages for tmpfiles and sysusers
These packages include binaries that link to a static version of
libsystemd-shared, so they don't depend on the systemd-libs package at
runtime.

These packages are intended to expose systemd-tmpfiles and systemd-sysusers
to non-systemd systems, such as container images.

Note that static linking only pulls in the small subset of functions from
libsystemd-shared that are actually used by the binaries, so the total size of
a statically linked binary is much smaller than the sum of the shared binary
with the shared library. The resulting binaries on an x86_64 build have 272KB
(tmpfiles) and 180KB (sysusers).

This commit relies on the -Dstandalone-binaries=true build configuration that
was pushed upstream in PR 16061 and released in systemd v246.
2020-09-26 21:00:25 +02:00
Christian Glombek
f455b2249a Split out networkd sub-package
And add it to main package as recommended dependency.
2020-09-26 20:43:40 +02:00
Zbigniew Jędrzejewski-Szmek
043ff2e2f0 Add patch for kernel bug 2020-09-20 13:11:35 +02:00
Zbigniew Jędrzejewski-Szmek
f74b957328 Version 246.6 2020-09-20 13:10:31 +02:00
Zbigniew Jędrzejewski-Szmek
de06d8e22c Rework patches for test-path 2020-09-14 10:03:26 +02:00
Zbigniew Jędrzejewski-Szmek
81cd8d4bcf Fix patch numbering 2020-09-14 09:26:12 +02:00
Zbigniew Jędrzejewski-Szmek
269358bd5e One more debugging patch 2020-09-14 09:19:02 +02:00
Zbigniew Jędrzejewski-Szmek
04b6e059f7 Force creation of /etc/resolv.conf symlink during installation
https://bugzilla.redhat.com/show_bug.cgi?id=1873856#c14
2020-09-13 11:03:33 +02:00
Zbigniew Jędrzejewski-Szmek
0345c83b50 Version 246.5 2020-09-13 11:02:40 +02:00
Zbigniew Jędrzejewski-Szmek
764adb18da Don't complain if /dev/urandom is unavailable 2020-09-02 12:35:56 +02:00
Zbigniew Jędrzejewski-Szmek
1ebf8dd816 Version 246.4 2020-09-02 12:12:42 +02:00
Zbigniew Jędrzejewski-Szmek
5a70c03b7f Let avahi handle mdns requests
We need to disable it by default in resolved so that it doesn't fight
with avahi for the port when both are started up in parallel.

I also moved nss-files before nss-resolve. This is unfortunate because
resolved cached files and with the move, the file will be re-read on each
query. Nevertheless, we want nss-files to have higher priority than nss-mdns
to honour local config. Fortunately, only some people put lots of entries
in /etc/hosts, so the inefficiency incurred by this isn't important for
most users.

nss-myhostname is moved after nss-files, following the change in
upstream recommendations.
2020-09-02 10:52:43 +02:00
Zbigniew Jędrzejewski-Szmek
d01d537e93 Create /etc/resolv.conf symlink upon installation 2020-09-02 10:22:03 +02:00
Zbigniew Jędrzejewski-Szmek
98b9113655 Version 246.3 2020-08-26 14:50:44 +02:00
Zbigniew Jędrzejewski-Szmek
d5c1247285 Version 246.2 2020-08-17 19:15:12 +02:00
Zbigniew Jędrzejewski-Szmek
27ec459b7b Add patch to ingnore test failure on s390x 2020-08-08 09:27:46 +02:00
Zbigniew Jędrzejewski-Szmek
eee99e6ccc Add patch to debug test failure on s390x 2020-08-07 18:56:37 +02:00
Zbigniew Jędrzejewski-Szmek
84fad5038a Let's not try to define to triggers
error: line 639: Trigger fired by the same package is already defined in spec file: %post libs
It's not clear what rpm is complaining about here, but the two %triggerun's
for the same package seem to be the most likely offender.

I wanted to avoid applying to preset reset twice, alas.
2020-08-07 17:40:27 +02:00
Zbigniew Jędrzejewski-Szmek
c8f86d89ba Version 246.1 2020-08-07 17:33:19 +02:00
Zbigniew Jędrzejewski-Szmek
0eabb3de75 Two more patches for a test that randomly fails in koji 2020-07-31 11:01:07 +02:00
Zbigniew Jędrzejewski-Szmek
7445a298df Actually update version :) 2020-07-30 21:21:06 +02:00
Zbigniew Jędrzejewski-Szmek
30273d3292 Release v246 2020-07-30 21:19:54 +02:00
Zbigniew Jędrzejewski-Szmek
65221f861e Increase timeout in another test 2020-07-27 16:11:20 +02:00
Zbigniew Jędrzejewski-Szmek
35e6dd7b1a Increase timeout in test 2020-07-27 15:18:39 +02:00
Zbigniew Jędrzejewski-Szmek
437a7b8c4f Add patch for failing test 2020-07-27 13:54:40 +02:00
Zbigniew Jędrzejewski-Szmek
abd738eddc Pull in coreutils during build
/bin/true is used by test-path ;)
2020-07-27 12:10:55 +02:00
Zbigniew Jędrzejewski-Szmek
a5acceb904 Force preset of systemd-resolved on package upgrade
Just changing /etc/nsswitch.conf is pointless without this.
2020-07-26 16:27:03 +02:00
Zbigniew Jędrzejewski-Szmek
11b1c53b97 Make /tmp large again 2020-07-26 15:50:33 +02:00
Zbigniew Jędrzejewski-Szmek
5bf170b999 Update to v246-rc2 2020-07-24 09:28:35 +02:00
Zbigniew Jędrzejewski-Szmek
5eb772cfb3 Add scriptlet to enable nss-resolve
The default line is
> hosts: files dns myhostname
Some people might insert mymachines, most likely as:
> hosts: mymachines files dns myhostname
The scriptlet for nss-mdns inserts mdns before dns:
> hosts: ... files mdns4_minimal [NOTFOUND=return] dns ...

The scriptlet replaces 'files dns myhostname' with
> resolve [!UNAVAIL=return] myhostname files dns
This follows the upstream recommendation. myhostname is ordered earlier
because
a) it's more trustworthy than files or especially dns
b) resolve synthetizes the same answers as myhostname, so it doesn't
   make much sense to have myhostname at any other place than directly
   after resolve, so that if resolve is not available, we get answers for
   the names that myhostname is able to synthesize with the same priority.

See https://fedoraproject.org/wiki/Changes/systemd-resolved.
2020-07-14 21:16:00 +02:00
Zbigniew Jędrzejewski-Szmek
0a6ab0825d Update defaults to dnssec=no, mdns,llmnr=resolve 2020-07-14 21:16:00 +02:00
Zbigniew Jędrzejewski-Szmek
778a3758dd Drop patch to avoid creation of /etc/resolv.conf symlink 2020-07-12 22:55:01 +02:00
Zbigniew Jędrzejewski-Szmek
6fd99c397b Drop scriptlet for nss-myhostname
The glibc default has nss-myhostname since mid-2018, bug #1581809.
2020-07-12 22:55:00 +02:00
Zbigniew Jędrzejewski-Szmek
65984c876a Make sure zstd is enabled during configuration
Let's not rely on autodetection.
2020-07-12 22:55:00 +02:00
Zbigniew Jędrzejewski-Szmek
9488c31cc1 changelog: add bug numbers 2020-07-09 10:48:24 +02:00
Zbigniew Jędrzejewski-Szmek
4f458499a5 Print error logs if tests fail 2020-07-09 09:54:04 +02:00
Zbigniew Jędrzejewski-Szmek
c432921859 Enable zstd compression 2020-07-09 08:56:03 +02:00
Zbigniew Jędrzejewski-Szmek
ca9af1e8a8 We don't really need git nowadays
Buildroot is broken, let's try without git.
2020-07-09 08:56:03 +02:00
Zbigniew Jędrzejewski-Szmek
0688d7a091 Also include systemd-homed.service in the uninstall scriptlets 2020-07-09 08:56:03 +02:00
Zbigniew Jędrzejewski-Szmek
55abe5f0ba Update to 246-rc1 2020-07-09 08:56:03 +02:00
Bastien Nocera
6eb8bcde28 + systemd-245.6-3
Set fallback-hostname to fedora so that unset hostnames are still
  recognisable (#1392925)
2020-06-24 15:50:16 +02:00
Zbigniew Jędrzejewski-Szmek
ec562b2272 Add self-obsoletes to fix upgrades from F31
Debugged and fixed by adamw!

$ rpmdiff systemd-udev-245.6-[12]*
removed     OBSOLETES systemd < 229-5
added       OBSOLETES systemd < 245.6-1
...
2020-06-02 09:29:56 +02:00
Zbigniew Jędrzejewski-Szmek
6dead14ceb Add two bug numbers 2020-05-31 12:45:44 +02:00
Zbigniew Jędrzejewski-Szmek
fb22f2a640 Update to v245.6 2020-05-31 11:45:46 +02:00
Björn Esser
265d91aff5 Disable bootstrap build 2020-04-21 19:51:17 +02:00
Björn Esser
282e088f13 Bootstrapping for json-c SONAME bump 2020-04-21 19:47:09 +02:00
Björn Esser
f983169655 Bump release and update %changelog 2020-04-21 19:46:02 +02:00
Björn Esser
b5c68a76ce Add explicit BuildRequires: acl
The acl package is not present in the buildroots when building
in bootstrap mode, but test-acl-util needs /usr/bin/getfacl.

Thus it should be an explicit build-time dependency.
2020-04-19 17:05:54 +02:00
Zbigniew Jędrzejewski-Szmek
b80d007386 Update to v245.5 2020-04-17 15:22:25 +02:00
Björn Esser
63698f5ea0 Add bootstrap option to break circular deps on cryptsetup 2020-04-16 13:17:47 +02:00
Zbigniew Jędrzejewski-Szmek
80532792aa Move Provides:u2f-hidraw-policy to -udev subpackage
https://bugzilla.redhat.com/show_bug.cgi?id=1823002#c2
2020-04-11 11:06:07 +02:00
Zbigniew Jędrzejewski-Szmek
8a34ce7dca Add abignore file to make abigail happy 2020-04-11 10:37:42 +02:00
Zbigniew Jędrzejewski-Szmek
be4317e8bf Fix some rpmlint issues and add filter for others 2020-04-01 23:39:32 +02:00
Zbigniew Jędrzejewski-Szmek
91fd7acc9e Update to v245.4 2020-04-01 22:06:48 +02:00
Zbigniew Jędrzejewski-Szmek
24d7f17342 Remove %{shortcommit} reference in %description
Nowadays most builds happen from stable releases, so %shortcommit is not defined,
which rpmlint justly warns about.
2020-04-01 22:06:48 +02:00
Zbigniew Jędrzejewski-Szmek
bb79fb7387 Update to v245.3 2020-03-26 14:52:00 +01:00
Zbigniew Jędrzejewski-Szmek
7ceda13192 Update to v245.2 2020-03-18 20:41:58 +01:00
Zbigniew Jędrzejewski-Szmek
86b1777f9b Remove tab use 2020-03-08 12:12:39 +01:00
Zbigniew Jędrzejewski-Szmek
8f2e234d97 Update to v245 2020-03-06 14:25:45 +01:00
Zbigniew Jędrzejewski-Szmek
a4507efa4e systemd-udev: downgrade Recommends→Suggests for systemd-bootchart
It gets installed on Fedora workstation, and I don't think we want
it there.
2020-03-06 13:47:09 +01:00
Zbigniew Jędrzejewski-Szmek
788f973eab Bump test timeout once more
The tests fail on s390x with timeouts.
2020-03-03 13:52:44 +01:00
Zbigniew Jędrzejewski-Szmek
111b3c5a31 Don't require /proc to be mounted for systemd-sysusers to work 2020-03-03 13:51:43 +01:00
Zbigniew Jędrzejewski-Szmek
ab2423caa9 Update to 245-rc2 2020-03-03 09:11:51 +01:00
Zbigniew Jędrzejewski-Szmek
61de05c228 Add forgotten bug number 2020-03-02 21:26:47 +01:00
Zbigniew Jędrzejewski-Szmek
db1cfc0955 Move a bunch more stuff to systemd-udev.rpm 2020-03-02 21:26:47 +01:00
Zbigniew Jędrzejewski-Szmek
aed5718c3a Move boot-related files to -udev subpackage 2020-03-02 21:26:47 +01:00
Zbigniew Jędrzejewski-Szmek
933c039e04 Add --without tests option for quicker builds 2020-03-02 21:26:47 +01:00
Zbigniew Jędrzejewski-Szmek
01e2d8a982 "Upgrade" dependency on kbd package from Recommends to Requires 2020-03-02 21:26:47 +01:00
Filipe Brandenburger
529ae77811 Fix spurious if line in fallback for upgrade from v239 2020-02-28 09:54:59 -08:00
Filipe Brandenburger
5c5a95ecb4 Update kill -TERM fallback to check that systemd is PID 1
Also only execute the fallback when we're upgrading the RPM package.

Add a comment to indicate the actual bug in systemd v239 we're trying to
fix with this fallback.

Tested: Upgraded from v239 on a machine and confirmed that running
`sudo systemctl status` was working as expected after the upgrade, rather
than failing with "Access denied."
2020-02-28 12:16:24 +01:00
Zbigniew Jędrzejewski-Szmek
437cd52f28 Modify the downstream udev rule to use bfq to only apply to disks 2020-02-26 22:33:08 +01:00
Zbigniew Jędrzejewski-Szmek
a8129e0964 Fix scriptlet to not kill non-systemd pid1 (#1803240) 2020-02-26 16:12:36 +01:00
Adam Williamson
3620ae5f58 Fix plymouth etc. running when they shouldn't (#1803293) 2020-02-18 09:02:08 -08:00
Zbigniew Jędrzejewski-Szmek
3666983037 Run tests with a timeout multiplier
Tests fail to pass on s390x, and this seems to be just a timeout.
2020-02-11 14:16:34 +01:00
Zbigniew Jędrzejewski-Szmek
6aa6d755fb Revert patch to udev rules causing regression with usb hubs 2020-02-10 17:23:40 +01:00
Zbigniew Jędrzejewski-Szmek
ced9237a14 Add the sysusers compat parts 2020-02-10 17:19:18 +01:00
Zbigniew Jędrzejewski-Szmek
9434e617a6 Add default 'disable *' preset for user units 2020-02-07 13:41:19 +01:00
Zbigniew Jędrzejewski-Szmek
d1a1f09895 #1798414 already fixed in v243 2020-02-05 18:24:23 +01:00
Zbigniew Jędrzejewski-Szmek
513853f320 Update to v245-rc1 2020-02-05 13:21:04 +01:00
Fedora Release Engineering
d9b9454de8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-31 00:58:58 +00:00
Anita Zhang
58b22cf334 Resort to kill -TERM 1 to re-exec the daemon
This might be more reliable when upgrading from an older systemd package. The
systemctl call to reexec will occasionally fail with "Access denied" when we
upgrade from a much older version (like 2-3 versions older). However, sending
PID 1 a SIGTERM is documented to be mostly the same and fixes it 100% of the
times.

Signed-off-by: Anita Zhang <the.anitazha@gmail.com>
Signed-off-by: Filipe Brandenburger <filbranden@gmail.com>
2020-01-29 15:24:36 -08:00