Commit Graph

1014 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
387db8643f Make lto opt-out work again 2021-01-13 13:52:14 +01:00
Jonathan G. Underwood
5b6dfac2cc Add patch to allow crypttab to support workqueue disablement
This patch enables support of the following options in
/etc/crypttab:

    - no-read-workqueue
    - no-write-workqueue

This patch corresponds to the upstream pull request that has been
merged and will be in systemd 248:

    https://github.com/systemd/systemd/pull/18062/
2020-12-23 20:09:35 +00:00
Zbigniew Jędrzejewski-Szmek
3e123da08e Version 247.2 2020-12-16 16:32:59 +01:00
Zbigniew Jędrzejewski-Szmek
0a51c274d6 Revert the fallback hostname revert
Sadly, this does not work.

It seems NM queries resolved for the local IP address and gets "linux"
and sets that as the transient hostname. Resolved has a "fallback hostname"
(that will now again be "fedora"), but it also has a fallback fallback hostname
that is "linux" that it used in reverse dns queries and such. NM gets
the "linux" name and tells hostnamed to use that as the transient hostname.
I don't think this is an improvement, since "linux" is a problematic
as "fedora". So let's revert this for now to avoid pointless churn,
until we figure out a real solution.
2020-12-08 20:11:57 +01:00
Bastien Nocera
a91e823771 + systemd-247.1-2
Unset fallback-hostname as plenty of applications expected localhost
  to mean "default hostname" without ever standardising it (#1892235)

This reverts commit 6eb8bcde28.
2020-12-04 10:51:13 +01:00
Zbigniew Jędrzejewski-Szmek
97a6085912 Version 247.1 2020-12-01 10:55:58 +01:00
Zbigniew Jędrzejewski-Szmek
9bf9a317b6 Move container networkd config to -networkd subpackage
-container subpackage is for container *management*. Those files are
used *in* the container.
2020-12-01 10:31:51 +01:00
Zbigniew Jędrzejewski-Szmek
8bb6dc993a Version 247 2020-11-26 19:53:39 +01:00
Zbigniew Jędrzejewski-Szmek
afdd35ec48 Really ignore test failure 2020-11-12 15:07:11 +01:00
Zbigniew Jędrzejewski-Szmek
d9fc59f9a9 Ignore one test failure 2020-11-12 14:31:27 +01:00
Zbigniew Jędrzejewski-Szmek
bca98cfc50 Compile with oomd 2020-11-12 13:08:11 +01:00
Zbigniew Jędrzejewski-Szmek
39bdda8d19 Pull in perl for tests 2020-11-12 12:56:08 +01:00
Zbigniew Jędrzejewski-Szmek
f28a96e50a Version 247-rc2 2020-11-12 12:56:08 +01:00
Zbigniew Jędrzejewski-Szmek
5bf2aac8b4 Stop creating resolv.conf symlink in more circumstances 2020-11-12 12:56:08 +01:00
Zbigniew Jędrzejewski-Szmek
a734fa3ff3 Add workaround for selinux preventing use of selinux status page 2020-11-12 12:56:08 +01:00
Zbigniew Jędrzejewski-Szmek
b6a8363c43 Use normal scriptlets for systemd-networkd 2020-11-12 12:56:08 +01:00
Zbigniew Jędrzejewski-Szmek
550422fe1b Version 247-rc1 2020-11-12 12:56:08 +01:00
Robert Scheck
5acb5c4c08 Harmonize networkd description/summary with other sub-packages 2020-10-20 17:15:42 +00:00
Zbigniew Jędrzejewski-Szmek
96b7895b99 Do not touch resolv.conf if it is a mountpoint
https://bugzilla.redhat.com/show_bug.cgi?id=1885101
2020-10-08 11:52:07 +02:00
Zbigniew Jędrzejewski-Szmek
14b2fafb36 resolve: remove the fallback dns server list
DNS questions (which necessarilly include IP addresses) are personally
indentifying information in the sense of GDPR
(https://gdpr.eu/eu-gdpr-personal-data/ explicitly lists IP address as
PII). Sending those packets to Google or Cloudflare is "forwarding"
this PII to them. GDPR says that information which is not enough to
identify individuals still needs to be protected because it may be
combined with other information or processed with improved technology
later. So even though the information in DNS alone it not very big, it
may be interpreted as protected information in various scenarios.

When Fedora is installed by an end-user, they must have the reasonable
expectation that Fedora will contant Fedora servers for updates and
status checks and such. But the case of DNS packets is different,
because the dns servers are not under our control. While most of the
time the information leak through DNS is negligible, we can't rule out
scenarios where it could be considered more important.

Another thing to consider is that ISP and other local internet access
mechanisms are probably worse overall for privacy compared to google and
cloudflare dns servers. Nevertheless, they are more obvious to users and
fit better in the regulatory framework, because there are local laws
that govern them and implicitic or explicit agreements for their use.
Whereas US-based servers are foreign and are covered by different rules.

The fallback DNS servers don't matter most of the time because
NetworkManager will include the servers from a DHCP lease. So
hopefully users will not see any effect from the change done in this
patch. Right now I think it is better to avoid the legal and privacy
risk. If it turns out this change causes noticable problems, we might
want to reconsider. In particular we could use the fallback servers
only in containers and such which are not "personal" machines and there
is no particular person attached to them.

https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/3C4KESHIMZDB6XCFO4EOBEDV4Q2AVVQ5/

I think we could provide a default dns server list more reasonably if
there was some kind of privacy policy published by Fedora and users
could at least learn about those defaults. Sadly, we don't have any
relevant privacy policy (https://pagure.io/Fedora-Council/tickets/issue/53).
2020-10-06 14:09:53 +02:00
Dusty Mabe
283a994776 split-files: break out more files into networkd subpackage
There were some things left in the main package that should have
been in the sub package (including networkd.conf). This is an attempt
to make the list of files in the networkd package more correct.

It explicitly tries to leave sytemd-network-generator and the network
targets in the main package.
2020-10-01 09:14:06 +02:00
Zbigniew Jędrzejewski-Szmek
7d7120d566 Only create resolv.conf symlink if sd-resolved.service is enabled
This way, if one wants to opt-out of resolved, installing a preset
that disables the service is enough. Previously that would only disable
the service, but a dangling symlink would be created.
2020-09-30 23:12:12 +02:00
Zbigniew Jędrzejewski-Szmek
3905512117 Upgrades: only replace NM /etc/resolv.conf if NM is enabled 2020-09-29 18:30:47 +02:00
Zbigniew Jędrzejewski-Szmek
ce6da66f61 Pull in libfido2-devel
fido2 support in homed was actually unavailable.
2020-09-27 14:03:41 +02:00
Zbigniew Jędrzejewski-Szmek
147b753f29 Fix permissions on libsystemd-shared.abignore 2020-09-27 14:03:41 +02:00
Zbigniew Jędrzejewski-Szmek
f10da8ae84 Add option to disable lto
This makes the build noticably faster.
2020-09-27 14:03:41 +02:00
Zbigniew Jędrzejewski-Szmek
b36512ad8f Make main package Conflicts+Obsoletes with -standalone- subpackages
I'm not entirely sure if this is the right form...
Is Conflicts? useful when we have Obsoletes?

Seem to work OK. I tested:
dnf --installroot=... install x86_64/systemd-standalone-sysusers-246.6-2.fc34.x86_64.rpm  x86_64/systemd-standalone-tmpfiles-246.6-2.fc34.x86_64.rpm
→ succeeds with a new installation
→ fails if the installroot already had systemd installed
dnf --installroot=... install x86_64/systemd{,-libs,-pam}-246.6-2.fc34.x86_64.rpm noarch/systemd-noarch-246.6-2.fc34.noarch.rpm
→ uninstalls the two standalone packages
2020-09-27 14:01:34 +02:00
Filipe Brandenburger
b50e9d7f29 Create separate standalone packages for tmpfiles and sysusers
These packages include binaries that link to a static version of
libsystemd-shared, so they don't depend on the systemd-libs package at
runtime.

These packages are intended to expose systemd-tmpfiles and systemd-sysusers
to non-systemd systems, such as container images.

Note that static linking only pulls in the small subset of functions from
libsystemd-shared that are actually used by the binaries, so the total size of
a statically linked binary is much smaller than the sum of the shared binary
with the shared library. The resulting binaries on an x86_64 build have 272KB
(tmpfiles) and 180KB (sysusers).

This commit relies on the -Dstandalone-binaries=true build configuration that
was pushed upstream in PR 16061 and released in systemd v246.
2020-09-26 21:00:25 +02:00
Christian Glombek
f455b2249a Split out networkd sub-package
And add it to main package as recommended dependency.
2020-09-26 20:43:40 +02:00
Zbigniew Jędrzejewski-Szmek
043ff2e2f0 Add patch for kernel bug 2020-09-20 13:11:35 +02:00
Zbigniew Jędrzejewski-Szmek
f74b957328 Version 246.6 2020-09-20 13:10:31 +02:00
Zbigniew Jędrzejewski-Szmek
de06d8e22c Rework patches for test-path 2020-09-14 10:03:26 +02:00
Zbigniew Jędrzejewski-Szmek
81cd8d4bcf Fix patch numbering 2020-09-14 09:26:12 +02:00
Zbigniew Jędrzejewski-Szmek
269358bd5e One more debugging patch 2020-09-14 09:19:02 +02:00
Zbigniew Jędrzejewski-Szmek
04b6e059f7 Force creation of /etc/resolv.conf symlink during installation
https://bugzilla.redhat.com/show_bug.cgi?id=1873856#c14
2020-09-13 11:03:33 +02:00
Zbigniew Jędrzejewski-Szmek
0345c83b50 Version 246.5 2020-09-13 11:02:40 +02:00
Zbigniew Jędrzejewski-Szmek
764adb18da Don't complain if /dev/urandom is unavailable 2020-09-02 12:35:56 +02:00
Zbigniew Jędrzejewski-Szmek
1ebf8dd816 Version 246.4 2020-09-02 12:12:42 +02:00
Zbigniew Jędrzejewski-Szmek
5a70c03b7f Let avahi handle mdns requests
We need to disable it by default in resolved so that it doesn't fight
with avahi for the port when both are started up in parallel.

I also moved nss-files before nss-resolve. This is unfortunate because
resolved cached files and with the move, the file will be re-read on each
query. Nevertheless, we want nss-files to have higher priority than nss-mdns
to honour local config. Fortunately, only some people put lots of entries
in /etc/hosts, so the inefficiency incurred by this isn't important for
most users.

nss-myhostname is moved after nss-files, following the change in
upstream recommendations.
2020-09-02 10:52:43 +02:00
Zbigniew Jędrzejewski-Szmek
d01d537e93 Create /etc/resolv.conf symlink upon installation 2020-09-02 10:22:03 +02:00
Petr Lautrbach
16c37db4fd Improve tests structure
- rename test-reboot.yml to tests-reboot.yml so that it's run by CI directly
- drop unnecessary tests.yml
- add mandatory test.log, see
  https://docs.fedoraproject.org/en-US/ci/standard-test-interface/#_invocation
- improve results.yml format
- drop avc.err.log and log everything AVC related to avc.log
2020-08-27 08:13:25 +02:00
Zbigniew Jędrzejewski-Szmek
98b9113655 Version 246.3 2020-08-26 14:50:44 +02:00
Zbigniew Jędrzejewski-Szmek
d5c1247285 Version 246.2 2020-08-17 19:15:12 +02:00
Zbigniew Jędrzejewski-Szmek
27ec459b7b Add patch to ingnore test failure on s390x 2020-08-08 09:27:46 +02:00
Zbigniew Jędrzejewski-Szmek
eee99e6ccc Add patch to debug test failure on s390x 2020-08-07 18:56:37 +02:00
Zbigniew Jędrzejewski-Szmek
84fad5038a Let's not try to define to triggers
error: line 639: Trigger fired by the same package is already defined in spec file: %post libs
It's not clear what rpm is complaining about here, but the two %triggerun's
for the same package seem to be the most likely offender.

I wanted to avoid applying to preset reset twice, alas.
2020-08-07 17:40:27 +02:00
Zbigniew Jędrzejewski-Szmek
c8f86d89ba Version 246.1 2020-08-07 17:33:19 +02:00
Zbigniew Jędrzejewski-Szmek
0eabb3de75 Two more patches for a test that randomly fails in koji 2020-07-31 11:01:07 +02:00
Zbigniew Jędrzejewski-Szmek
7445a298df Actually update version :) 2020-07-30 21:21:06 +02:00
Zbigniew Jędrzejewski-Szmek
30273d3292 Release v246 2020-07-30 21:19:54 +02:00