Compare commits
No commits in common. "a10s" and "c8" have entirely different histories.
@ -1,3 +0,0 @@
|
||||
[suppress_file]
|
||||
# Those shared objects are private to systemd
|
||||
file_name_regexp=libsystemd-(shared|core)-.*.so
|
@ -1 +0,0 @@
|
||||
1
|
10
.gitignore
vendored
10
.gitignore
vendored
@ -1,9 +1 @@
|
||||
*~
|
||||
/.mail.list
|
||||
/systemd-*/
|
||||
/.build-*.log
|
||||
/x86_64/
|
||||
/systemd-*src.rpm
|
||||
/systemd-*.tar.xz
|
||||
/systemd-*.tar.gz
|
||||
/*.rpm
|
||||
SOURCES/systemd-239.tar.gz
|
||||
|
1
.systemd.metadata
Normal file
1
.systemd.metadata
Normal file
@ -0,0 +1 @@
|
||||
8803baa484cbe36680463c8c5e6febeff074b8e7 SOURCES/systemd-239.tar.gz
|
@ -1,7 +0,0 @@
|
||||
- project:
|
||||
vars:
|
||||
install_repo_exclude:
|
||||
- systemd-standalone-repart
|
||||
- systemd-standalone-shutdown
|
||||
- systemd-standalone-sysusers
|
||||
- systemd-standalone-tmpfiles
|
@ -1,18 +0,0 @@
|
||||
From 1c27c902ad8316f490648a0e4415abd51b450b1a Mon Sep 17 00:00:00 2001
|
||||
From: Luca Boccassi <luca.boccassi@gmail.com>
|
||||
Date: Tue, 11 Jun 2024 23:04:12 +0100
|
||||
Subject: [PATCH] Create CNAME
|
||||
|
||||
---
|
||||
docs/CNAME | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
create mode 100644 docs/CNAME
|
||||
|
||||
diff --git a/docs/CNAME b/docs/CNAME
|
||||
new file mode 100644
|
||||
index 0000000000..cdcf4d9a52
|
||||
--- /dev/null
|
||||
+++ b/docs/CNAME
|
||||
@@ -0,0 +1 @@
|
||||
+systemd.io
|
||||
\ No newline at end of file
|
@ -1,103 +0,0 @@
|
||||
From d918804408801bf46a49018e374ebdfbeae08805 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 5 Jun 2024 11:28:21 +0200
|
||||
Subject: [PATCH] man/systemd: reorder content a bit
|
||||
|
||||
Section "Description" didn't actually say what systemd does. And we had a giant
|
||||
"Concepts" section that actually described units types and other details about
|
||||
them. So let's move the basic description of functionality to "Description" and
|
||||
rename the following section to "Units".
|
||||
|
||||
The link to the Original Design Document is moved to "See Also", it is of
|
||||
historical interest mostly at this point.
|
||||
|
||||
The only actual change is that when talking about API filesystems, /dev is also
|
||||
mentioned. (I think /sys+/proc+/dev are the canonical set and should be always
|
||||
listed on one breath.)
|
||||
|
||||
(cherry picked from commit f11aaf7dfb295de429b1567282b19caaba036bba)
|
||||
---
|
||||
man/systemd.xml | 49 ++++++++++++++++++++++++-------------------------
|
||||
1 file changed, 24 insertions(+), 25 deletions(-)
|
||||
|
||||
diff --git a/man/systemd.xml b/man/systemd.xml
|
||||
index 66db5bbf25..f4aa7e06ca 100644
|
||||
--- a/man/systemd.xml
|
||||
+++ b/man/systemd.xml
|
||||
@@ -62,10 +62,29 @@
|
||||
<filename>user.conf.d</filename> directories. See
|
||||
<citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for more information.</para>
|
||||
+
|
||||
+ <para><command>systemd</command> contains native implementations of various tasks that need to be
|
||||
+ executed as part of the boot process. For example, it sets the hostname or configures the loopback
|
||||
+ network device. It also sets up and mounts various API file systems, such as <filename>/sys/</filename>,
|
||||
+ <filename>/proc/</filename>, and <filename>/dev/</filename>.</para>
|
||||
+
|
||||
+ <para>Note that some but not all interfaces provided by systemd are covered by the
|
||||
+ <ulink url="https://systemd.io/PORTABILITY_AND_STABILITY/">Interface Portability and Stability Promise</ulink>.</para>
|
||||
+
|
||||
+ <para>The D-Bus API of <command>systemd</command> is described in
|
||||
+ <citerefentry><refentrytitle>org.freedesktop.systemd1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
+ and
|
||||
+ <citerefentry><refentrytitle>org.freedesktop.LogControl1</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||
+ </para>
|
||||
+
|
||||
+ <para>Systems which invoke systemd in a container or initrd environment should implement the <ulink
|
||||
+ url="https://systemd.io/CONTAINER_INTERFACE">Container Interface</ulink> or
|
||||
+ <ulink url="https://systemd.io/INITRD_INTERFACE/">initrd Interface</ulink>
|
||||
+ specifications, respectively.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
- <title>Concepts</title>
|
||||
+ <title>Units</title>
|
||||
|
||||
<para>systemd provides a dependency system between various
|
||||
entities called "units" of 11 different types. Units encapsulate
|
||||
@@ -261,34 +280,10 @@
|
||||
example, start jobs for any of those inactive units getting queued as
|
||||
well.</para>
|
||||
|
||||
- <para>systemd contains native implementations of various tasks
|
||||
- that need to be executed as part of the boot process. For example,
|
||||
- it sets the hostname or configures the loopback network device. It
|
||||
- also sets up and mounts various API file systems, such as
|
||||
- <filename>/sys/</filename> or <filename>/proc/</filename>.</para>
|
||||
-
|
||||
- <para>For more information about the concepts and
|
||||
- ideas behind systemd, please refer to the
|
||||
- <ulink url="https://0pointer.de/blog/projects/systemd.html">Original Design Document</ulink>.</para>
|
||||
-
|
||||
- <para>Note that some but not all interfaces provided by systemd are covered by the
|
||||
- <ulink url="https://systemd.io/PORTABILITY_AND_STABILITY/">Interface Portability and Stability Promise</ulink>.</para>
|
||||
-
|
||||
<para>Units may be generated dynamically at boot and system
|
||||
manager reload time, for example based on other configuration
|
||||
files or parameters passed on the kernel command line. For details, see
|
||||
<citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
|
||||
-
|
||||
- <para>The D-Bus API of <command>systemd</command> is described in
|
||||
- <citerefentry><refentrytitle>org.freedesktop.systemd1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
- and
|
||||
- <citerefentry><refentrytitle>org.freedesktop.LogControl1</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||
- </para>
|
||||
-
|
||||
- <para>Systems which invoke systemd in a container or initrd environment should implement the <ulink
|
||||
- url="https://systemd.io/CONTAINER_INTERFACE">Container Interface</ulink> or
|
||||
- <ulink url="https://systemd.io/INITRD_INTERFACE/">initrd Interface</ulink>
|
||||
- specifications, respectively.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
@@ -1558,6 +1553,10 @@
|
||||
<member><citerefentry project='man-pages'><refentrytitle>bootup</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
|
||||
</simplelist></para>
|
||||
+
|
||||
+ <para>For more information about the concepts and
|
||||
+ ideas behind systemd, please refer to the
|
||||
+ <ulink url="https://0pointer.de/blog/projects/systemd.html">Original Design Document</ulink>.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -1,43 +0,0 @@
|
||||
From f2b5c1ff51b7c7876036c6c722e2a47b696695d9 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Wed, 8 May 2024 10:38:11 +0200
|
||||
Subject: [PATCH] hostnamed: don't allow hostnamed to exit on idle if varlink
|
||||
connections are still ongoing
|
||||
|
||||
And while we are at it, ongoing PK authorizations are also a reason to
|
||||
block exit on idle.
|
||||
|
||||
(cherry picked from commit ac908152b3b43a49f793d225c075423422cd3e33)
|
||||
---
|
||||
src/hostname/hostnamed.c | 11 +++++++++--
|
||||
1 file changed, 9 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
|
||||
index 82d08803fa..fe1216fc1c 100644
|
||||
--- a/src/hostname/hostnamed.c
|
||||
+++ b/src/hostname/hostnamed.c
|
||||
@@ -1682,6 +1682,13 @@ static int connect_varlink(Context *c) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static bool context_check_idle(void *userdata) {
|
||||
+ Context *c = ASSERT_PTR(userdata);
|
||||
+
|
||||
+ return varlink_server_current_connections(c->varlink_server) == 0 &&
|
||||
+ hashmap_isempty(c->polkit_registry);
|
||||
+}
|
||||
+
|
||||
static int run(int argc, char *argv[]) {
|
||||
_cleanup_(context_destroy) Context context = {
|
||||
.hostname_source = _HOSTNAME_INVALID, /* appropriate value will be set later */
|
||||
@@ -1731,8 +1738,8 @@ static int run(int argc, char *argv[]) {
|
||||
context.bus,
|
||||
"org.freedesktop.hostname1",
|
||||
DEFAULT_EXIT_USEC,
|
||||
- /* check_idle= */ NULL,
|
||||
- /* userdata= */ NULL);
|
||||
+ context_check_idle,
|
||||
+ &context);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to run event loop: %m");
|
||||
|
@ -1,30 +0,0 @@
|
||||
From 0d573787ea1610ba57a359cf437841f62b186e77 Mon Sep 17 00:00:00 2001
|
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||
Date: Wed, 12 Jun 2024 00:48:56 +0900
|
||||
Subject: [PATCH] sd-dhcp-server: clear buffer before receive
|
||||
|
||||
I do not think this is necessary, but all other places in
|
||||
libsystemd-network we clear buffer before receive. Without this,
|
||||
Coverity warns about use-of-uninitialized-values.
|
||||
Let's silence Coverity.
|
||||
|
||||
Closes CID#1469721.
|
||||
|
||||
(cherry picked from commit 40f9fa0af4c3094d93e833e62f7e301cd453da62)
|
||||
---
|
||||
src/libsystemd-network/sd-dhcp-server.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c
|
||||
index c3b0f82dc4..4967f066dc 100644
|
||||
--- a/src/libsystemd-network/sd-dhcp-server.c
|
||||
+++ b/src/libsystemd-network/sd-dhcp-server.c
|
||||
@@ -1252,7 +1252,7 @@ static int server_receive_message(sd_event_source *s, int fd,
|
||||
/* Preallocate the additional size for DHCP Relay Agent Information Option if needed */
|
||||
buflen += relay_agent_information_length(server->agent_circuit_id, server->agent_remote_id) + 2;
|
||||
|
||||
- message = malloc(buflen);
|
||||
+ message = malloc0(buflen);
|
||||
if (!message)
|
||||
return -ENOMEM;
|
||||
|
@ -1,29 +0,0 @@
|
||||
From a3d94332a2b5128697373d3093c1cfa56649ec61 Mon Sep 17 00:00:00 2001
|
||||
From: Daan De Meyer <daan.j.demeyer@gmail.com>
|
||||
Date: Mon, 10 Jun 2024 12:59:58 +0200
|
||||
Subject: [PATCH] rules: Limit the number of device units generated for serial
|
||||
ttys
|
||||
|
||||
As per the suggestion in https://github.com/systemd/systemd/issues/33242.
|
||||
|
||||
This reduces the number of /dev/ttySXX device units generated in
|
||||
mkosi from 32 to 4.
|
||||
|
||||
(cherry picked from commit dc38f9addd04c34d1fd743efc407bdebb3573d05)
|
||||
---
|
||||
rules.d/99-systemd.rules.in | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in
|
||||
index ad0c7e2fb5..8ba6f177f8 100644
|
||||
--- a/rules.d/99-systemd.rules.in
|
||||
+++ b/rules.d/99-systemd.rules.in
|
||||
@@ -10,6 +10,8 @@
|
||||
ACTION=="remove", GOTO="systemd_end"
|
||||
|
||||
SUBSYSTEM=="tty", KERNEL=="tty[a-zA-Z]*|hvc*|xvc*|hvsi*|ttysclp*|sclp_line*|3270/tty[0-9]*", TAG+="systemd"
|
||||
+# Exclude 8250 serial ports with a zero IO port, as they are not usable until "setserial /dev/ttySxxx port …" is invoked.
|
||||
+SUBSYSTEM=="tty", KERNEL=="ttyS*", DRIVERS=="serial8250", ATTR{port}=="0x0", ENV{SYSTEMD_READY}="0"
|
||||
KERNEL=="vport*", TAG+="systemd"
|
||||
|
||||
SUBSYSTEM=="ptp", TAG+="systemd"
|
@ -1,81 +0,0 @@
|
||||
From 514ef0f93b76cbe0ba6b4de07a7b21fd0c2b7bae Mon Sep 17 00:00:00 2001
|
||||
From: q66 <q66@chimera-linux.org>
|
||||
Date: Thu, 6 Jun 2024 13:45:48 +0200
|
||||
Subject: [PATCH] strbuf: use GREEDY_REALLOC to grow the buffer
|
||||
|
||||
This allows us to reserve a bunch of capacity ahead of time,
|
||||
improving the performance of hwdb significantly thanks to not
|
||||
having to reallocate so many times.
|
||||
|
||||
Before:
|
||||
```
|
||||
$ sudo time valgrind --leak-check=full ./systemd-hwdb update
|
||||
==113297== Memcheck, a memory error detector
|
||||
==113297== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
|
||||
==113297== Using Valgrind-3.23.0 and LibVEX; rerun with -h for copyright info
|
||||
==113297== Command: ./systemd-hwdb update
|
||||
==113297==
|
||||
==113297==
|
||||
==113297== HEAP SUMMARY:
|
||||
==113297== in use at exit: 0 bytes in 0 blocks
|
||||
==113297== total heap usage: 1,412,640 allocs, 1,412,640 frees, 117,920,009,195 bytes allocated
|
||||
==113297==
|
||||
==113297== All heap blocks were freed -- no leaks are possible
|
||||
==113297==
|
||||
==113297== For lists of detected and suppressed errors, rerun with: -s
|
||||
==113297== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
|
||||
132.44user 21.15system 2:35.61elapsed 98%CPU (0avgtext+0avgdata 228560maxresident)k
|
||||
0inputs+25296outputs (0major+6886930minor)pagefaults 0swaps
|
||||
```
|
||||
|
||||
After:
|
||||
```
|
||||
$ sudo time valgrind --leak-check=full ./systemd-hwdb update
|
||||
==112572== Memcheck, a memory error detector
|
||||
==112572== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
|
||||
==112572== Using Valgrind-3.23.0 and LibVEX; rerun with -h for copyright info
|
||||
==112572== Command: ./systemd-hwdb update
|
||||
==112572==
|
||||
==112572==
|
||||
==112572== HEAP SUMMARY:
|
||||
==112572== in use at exit: 0 bytes in 0 blocks
|
||||
==112572== total heap usage: 1,320,113 allocs, 1,320,113 frees, 70,614,501 bytes allocated
|
||||
==112572==
|
||||
==112572== All heap blocks were freed -- no leaks are possible
|
||||
==112572==
|
||||
==112572== For lists of detected and suppressed errors, rerun with: -s
|
||||
==112572== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
|
||||
21.94user 0.19system 0:22.23elapsed 99%CPU (0avgtext+0avgdata 229876maxresident)k
|
||||
0inputs+25264outputs (0major+57275minor)pagefaults 0swaps
|
||||
```
|
||||
|
||||
Co-authored-by: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||
(cherry picked from commit 621b10fe2c3203c537996e84c7c89b0ff994ad93)
|
||||
---
|
||||
src/basic/strbuf.c | 5 +----
|
||||
1 file changed, 1 insertion(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/basic/strbuf.c b/src/basic/strbuf.c
|
||||
index 0617acc8d2..6d43955bb1 100644
|
||||
--- a/src/basic/strbuf.c
|
||||
+++ b/src/basic/strbuf.c
|
||||
@@ -107,7 +107,6 @@ static void bubbleinsert(struct strbuf_node *node,
|
||||
/* add string, return the index/offset into the buffer */
|
||||
ssize_t strbuf_add_string(struct strbuf *str, const char *s, size_t len) {
|
||||
uint8_t c;
|
||||
- char *buf_new;
|
||||
struct strbuf_child_entry *child;
|
||||
struct strbuf_node *node;
|
||||
ssize_t off;
|
||||
@@ -147,10 +146,8 @@ ssize_t strbuf_add_string(struct strbuf *str, const char *s, size_t len) {
|
||||
}
|
||||
|
||||
/* add new string */
|
||||
- buf_new = realloc(str->buf, str->len + len+1);
|
||||
- if (!buf_new)
|
||||
+ if (!GREEDY_REALLOC(str->buf, str->len + len + 1))
|
||||
return -ENOMEM;
|
||||
- str->buf = buf_new;
|
||||
off = str->len;
|
||||
memcpy(str->buf + off, s, len);
|
||||
str->len += len;
|
@ -1,132 +0,0 @@
|
||||
From 30df42a9277bbf138d52887c9b79e452db425585 Mon Sep 17 00:00:00 2001
|
||||
From: Daan De Meyer <daan.j.demeyer@gmail.com>
|
||||
Date: Fri, 17 May 2024 16:20:11 +0200
|
||||
Subject: [PATCH] tpm2-setup: Don't fail if we can't access the TPM due to
|
||||
authorization failure
|
||||
|
||||
The TPM might be password/pin protected for various reasons even if
|
||||
there is no SRK yet. Let's handle those cases gracefully instead of
|
||||
failing the unit as it is enabled by default.
|
||||
|
||||
(cherry picked from commit d6518003f8ebbfb6f85dbf227736ae05b0961199)
|
||||
---
|
||||
catalog/systemd.catalog.in | 13 +++++++++++++
|
||||
src/shared/tpm2-util.c | 2 ++
|
||||
src/systemd/sd-messages.h | 3 +++
|
||||
src/tpm2-setup/tpm2-setup.c | 13 ++++++++++++-
|
||||
units/systemd-tpm2-setup-early.service.in | 3 +++
|
||||
units/systemd-tpm2-setup.service.in | 3 +++
|
||||
6 files changed, 36 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/catalog/systemd.catalog.in b/catalog/systemd.catalog.in
|
||||
index 3c9a6860da..2831152763 100644
|
||||
--- a/catalog/systemd.catalog.in
|
||||
+++ b/catalog/systemd.catalog.in
|
||||
@@ -780,3 +780,16 @@ Documentation: https://systemd.io/PORTABLE_SERVICES/
|
||||
A Portable Service @PORTABLE_ROOT@ (with extensions: @PORTABLE_EXTENSION@) has been
|
||||
detached from the system and is no longer available for use. The list of attached
|
||||
Portable Services can be queried with 'portablectl list'.
|
||||
+
|
||||
+-- ad7089f928ac4f7ea00c07457d47ba8a
|
||||
+Subject: Authorization failure while attempting to enroll SRK into TPM
|
||||
+Defined-By: systemd
|
||||
+Support: %SUPPORT_URL%
|
||||
+Documentation: man:systemd-tpm2-setup.service(8)
|
||||
+
|
||||
+An authorization failure occured while attempting to enroll a Storage Root Key (SRK) on the Trusted Platform
|
||||
+Module (TPM). Most likely this means that a PIN/Password (authValue) has been set on the Owner hierarchy of
|
||||
+the TPM.
|
||||
+
|
||||
+Automatic SRK enrollment on TPMs in such scenarios is not supported. In order to unset the PIN/password
|
||||
+protection on the owner hierarchy issue a command like the following: 'tpm2_changeauth -c o -p <OLDPW> ""'.
|
||||
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
|
||||
index 87ce53cf95..9603f1837e 100644
|
||||
--- a/src/shared/tpm2-util.c
|
||||
+++ b/src/shared/tpm2-util.c
|
||||
@@ -2119,6 +2119,8 @@ int tpm2_create_primary(
|
||||
/* creationData= */ NULL,
|
||||
/* creationHash= */ NULL,
|
||||
/* creationTicket= */ NULL);
|
||||
+ if (rc == TPM2_RC_BAD_AUTH)
|
||||
+ return log_debug_errno(SYNTHETIC_ERRNO(EDEADLK), "Authorization failure while attempting to enroll SRK into TPM.");
|
||||
if (rc != TSS2_RC_SUCCESS)
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
|
||||
"Failed to generate primary key in TPM: %s",
|
||||
diff --git a/src/systemd/sd-messages.h b/src/systemd/sd-messages.h
|
||||
index e3f68068a8..16e9986be3 100644
|
||||
--- a/src/systemd/sd-messages.h
|
||||
+++ b/src/systemd/sd-messages.h
|
||||
@@ -272,6 +272,9 @@ _SD_BEGIN_DECLARATIONS;
|
||||
#define SD_MESSAGE_PORTABLE_DETACHED SD_ID128_MAKE(76,c5,c7,54,d6,28,49,0d,8e,cb,a4,c9,d0,42,11,2b)
|
||||
#define SD_MESSAGE_PORTABLE_DETACHED_STR SD_ID128_MAKE_STR(76,c5,c7,54,d6,28,49,0d,8e,cb,a4,c9,d0,42,11,2b)
|
||||
|
||||
+#define SD_MESSAGE_SRK_ENROLLMENT_NEEDS_AUTHORIZATION SD_ID128_MAKE(ad,70,89,f9,28,ac,4f,7e,a0,0c,07,45,7d,47,ba,8a)
|
||||
+#define SD_MESSAGE_SRK_ENROLLMENT_NEEDS_AUTHORIZATION_STR SD_ID128_MAKE_STR(ad,70,89,f9,28,ac,4f,7e,a0,0c,07,45,7d,47,ba,8a)
|
||||
+
|
||||
_SD_END_DECLARATIONS;
|
||||
|
||||
#endif
|
||||
diff --git a/src/tpm2-setup/tpm2-setup.c b/src/tpm2-setup/tpm2-setup.c
|
||||
index 35628fc02a..b95c5e7a58 100644
|
||||
--- a/src/tpm2-setup/tpm2-setup.c
|
||||
+++ b/src/tpm2-setup/tpm2-setup.c
|
||||
@@ -3,6 +3,8 @@
|
||||
#include <getopt.h>
|
||||
#include <unistd.h>
|
||||
|
||||
+#include "sd-messages.h"
|
||||
+
|
||||
#include "build.h"
|
||||
#include "fd-util.h"
|
||||
#include "fileio.h"
|
||||
@@ -223,6 +225,8 @@ static int load_public_key_tpm2(struct public_key_data *ret) {
|
||||
/* ret_name= */ NULL,
|
||||
/* ret_qname= */ NULL,
|
||||
NULL);
|
||||
+ if (r == -EDEADLK)
|
||||
+ return r;
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to get or create SRK: %m");
|
||||
if (r > 0)
|
||||
@@ -289,6 +293,13 @@ static int run(int argc, char *argv[]) {
|
||||
}
|
||||
|
||||
r = load_public_key_tpm2(&tpm2_key);
|
||||
+ if (r == -EDEADLK) {
|
||||
+ log_struct_errno(LOG_INFO, r,
|
||||
+ LOG_MESSAGE("Insufficient permissions to access TPM, not generating SRK."),
|
||||
+ "MESSAGE_ID=" SD_MESSAGE_SRK_ENROLLMENT_NEEDS_AUTHORIZATION_STR);
|
||||
+ return 76; /* Special return value which means "Insufficient permissions to access TPM,
|
||||
+ * cannot generate SRK". This isn't really an error when called at boot. */;
|
||||
+ }
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
@@ -383,4 +394,4 @@ static int run(int argc, char *argv[]) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
-DEFINE_MAIN_FUNCTION(run);
|
||||
+DEFINE_MAIN_FUNCTION_WITH_POSITIVE_FAILURE(run);
|
||||
diff --git a/units/systemd-tpm2-setup-early.service.in b/units/systemd-tpm2-setup-early.service.in
|
||||
index 9982c84aba..7fdb99b53f 100644
|
||||
--- a/units/systemd-tpm2-setup-early.service.in
|
||||
+++ b/units/systemd-tpm2-setup-early.service.in
|
||||
@@ -21,3 +21,6 @@ ConditionPathExists=!/run/systemd/tpm2-srk-public-key.pem
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart={{LIBEXECDIR}}/systemd-tpm2-setup --early=yes --graceful
|
||||
+
|
||||
+# The tool returns 76 if the TPM cannot be accessed due to an authorization failure and we can't generate an SRK.
|
||||
+SuccessExitStatus=76
|
||||
diff --git a/units/systemd-tpm2-setup.service.in b/units/systemd-tpm2-setup.service.in
|
||||
index 0af7292528..ac29a76966 100644
|
||||
--- a/units/systemd-tpm2-setup.service.in
|
||||
+++ b/units/systemd-tpm2-setup.service.in
|
||||
@@ -22,3 +22,6 @@ ConditionPathExists=!/etc/initrd-release
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart={{LIBEXECDIR}}/systemd-tpm2-setup --graceful
|
||||
+
|
||||
+# The tool returns 76 if the TPM cannot be accessed due to an authorization failure and we can't generate an SRK.
|
||||
+SuccessExitStatus=76
|
@ -1,37 +0,0 @@
|
||||
From ba031f1fe86e36d7adc0340b047de32399c98bf7 Mon Sep 17 00:00:00 2001
|
||||
From: Ronan Pigott <ronan@rjp.ie>
|
||||
Date: Fri, 8 Mar 2024 13:40:08 -0700
|
||||
Subject: [PATCH] resolved: permit dnssec rrtype questions when we aren't
|
||||
validating
|
||||
|
||||
This check introduced in 91adc4db33f6 is intended to spare us from
|
||||
encountering broken resolver behavior we don't want to deal with.
|
||||
However if we aren't validating we more than likely don't know the state
|
||||
of the upstream resolver's support for dnssec. Let's let clients try
|
||||
these queries if they want.
|
||||
|
||||
This brings the behavior of sd-resolved in-line with previouly stated
|
||||
change in the meaning of DNSSEC=no, which now means "don't validate"
|
||||
rather than "don't validate, because the upstream resolver is declared to
|
||||
be dnssec-unaware".
|
||||
|
||||
Fixes: 9c47b334445a ("resolved: enable DNS proxy mode if client wants DNSSEC")
|
||||
(cherry picked from commit 364c948707afa097f6ad177b61c2b51a86c0089a)
|
||||
---
|
||||
src/resolve/resolved-dns-server.c | 3 ---
|
||||
1 file changed, 3 deletions(-)
|
||||
|
||||
diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c
|
||||
index 340f11f4f4..b37f541c7f 100644
|
||||
--- a/src/resolve/resolved-dns-server.c
|
||||
+++ b/src/resolve/resolved-dns-server.c
|
||||
@@ -706,9 +706,6 @@ bool dns_server_dnssec_supported(DnsServer *server) {
|
||||
if (dns_server_get_dnssec_mode(server) == DNSSEC_YES) /* If strict DNSSEC mode is enabled, always assume DNSSEC mode is supported. */
|
||||
return true;
|
||||
|
||||
- if (!DNS_SERVER_FEATURE_LEVEL_IS_DNSSEC(server->possible_feature_level))
|
||||
- return false;
|
||||
-
|
||||
if (server->packet_bad_opt)
|
||||
return false;
|
||||
|
@ -1,123 +0,0 @@
|
||||
From 70f5fb2f7ab585458008b1d3144e4ebaf98db42e Mon Sep 17 00:00:00 2001
|
||||
From: Daan De Meyer <daan.j.demeyer@gmail.com>
|
||||
Date: Sun, 2 Jun 2024 16:24:52 +0200
|
||||
Subject: [PATCH] repart: Use crypt_reencrypt_run() if available
|
||||
|
||||
crypt_reencrypt() is deprecated, so let's look for and prefer
|
||||
crypt_reencrypt_run() if it is available.
|
||||
|
||||
(cherry picked from commit b99b2941276a74878a23470b36c75b0c21dbdd4a)
|
||||
---
|
||||
meson.build | 1 +
|
||||
src/partition/repart.c | 6 +++++-
|
||||
src/shared/cryptsetup-util.c | 19 ++++++++-----------
|
||||
src/shared/cryptsetup-util.h | 6 +++---
|
||||
4 files changed, 17 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/meson.build b/meson.build
|
||||
index ea4e12aa1c..e42151998b 100644
|
||||
--- a/meson.build
|
||||
+++ b/meson.build
|
||||
@@ -1262,6 +1262,7 @@ foreach ident : ['crypt_set_metadata_size',
|
||||
'crypt_token_max',
|
||||
'crypt_reencrypt_init_by_passphrase',
|
||||
'crypt_reencrypt',
|
||||
+ 'crypt_reencrypt_run',
|
||||
'crypt_set_data_offset',
|
||||
'crypt_set_keyring_to_link',
|
||||
'crypt_resume_by_volume_key']
|
||||
diff --git a/src/partition/repart.c b/src/partition/repart.c
|
||||
index 6f67d46025..2ecae4ca03 100644
|
||||
--- a/src/partition/repart.c
|
||||
+++ b/src/partition/repart.c
|
||||
@@ -3913,7 +3913,7 @@ static int partition_target_sync(Context *context, Partition *p, PartitionTarget
|
||||
}
|
||||
|
||||
static int partition_encrypt(Context *context, Partition *p, PartitionTarget *target, bool offline) {
|
||||
-#if HAVE_LIBCRYPTSETUP && HAVE_CRYPT_SET_DATA_OFFSET && HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE && HAVE_CRYPT_REENCRYPT
|
||||
+#if HAVE_LIBCRYPTSETUP && HAVE_CRYPT_SET_DATA_OFFSET && HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE && (HAVE_CRYPT_REENCRYPT_RUN || HAVE_CRYPT_REENCRYPT)
|
||||
const char *node = partition_target_path(target);
|
||||
struct crypt_params_luks2 luks_params = {
|
||||
.label = strempty(ASSERT_PTR(p)->new_label),
|
||||
@@ -4220,7 +4220,11 @@ static int partition_encrypt(Context *context, Partition *p, PartitionTarget *ta
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to load reencryption context: %m");
|
||||
|
||||
+#if HAVE_CRYPT_REENCRYPT_RUN
|
||||
+ r = sym_crypt_reencrypt_run(cd, NULL, NULL);
|
||||
+#else
|
||||
r = sym_crypt_reencrypt(cd, NULL);
|
||||
+#endif
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to encrypt %s: %m", node);
|
||||
} else {
|
||||
diff --git a/src/shared/cryptsetup-util.c b/src/shared/cryptsetup-util.c
|
||||
index 288e6e8942..d0dd434df8 100644
|
||||
--- a/src/shared/cryptsetup-util.c
|
||||
+++ b/src/shared/cryptsetup-util.c
|
||||
@@ -54,10 +54,10 @@ DLSYM_FUNCTION(crypt_volume_key_get);
|
||||
#if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE
|
||||
DLSYM_FUNCTION(crypt_reencrypt_init_by_passphrase);
|
||||
#endif
|
||||
-#if HAVE_CRYPT_REENCRYPT
|
||||
-DISABLE_WARNING_DEPRECATED_DECLARATIONS;
|
||||
+#if HAVE_CRYPT_REENCRYPT_RUN
|
||||
+DLSYM_FUNCTION(crypt_reencrypt_run);
|
||||
+#elif HAVE_CRYPT_REENCRYPT
|
||||
DLSYM_FUNCTION(crypt_reencrypt);
|
||||
-REENABLE_WARNING;
|
||||
#endif
|
||||
DLSYM_FUNCTION(crypt_metadata_locking);
|
||||
#if HAVE_CRYPT_SET_DATA_OFFSET
|
||||
@@ -246,11 +246,8 @@ int dlopen_cryptsetup(void) {
|
||||
|
||||
/* libcryptsetup added crypt_reencrypt() in 2.2.0, and marked it obsolete in 2.4.0, replacing it with
|
||||
* crypt_reencrypt_run(), which takes one extra argument but is otherwise identical. The old call is
|
||||
- * still available though, and given we want to support 2.2.0 for a while longer, we'll stick to the
|
||||
- * old symbol. However, the old symbols now has a GCC deprecation decorator, hence let's turn off
|
||||
- * warnings about this for now. */
|
||||
-
|
||||
- DISABLE_WARNING_DEPRECATED_DECLARATIONS;
|
||||
+ * still available though, and given we want to support 2.2.0 for a while longer, we'll use the old
|
||||
+ * symbol if the new one is not available. */
|
||||
|
||||
ELF_NOTE_DLOPEN("cryptsetup",
|
||||
"Support for disk encryption, integrity, and authentication",
|
||||
@@ -304,7 +301,9 @@ int dlopen_cryptsetup(void) {
|
||||
#if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE
|
||||
DLSYM_ARG(crypt_reencrypt_init_by_passphrase),
|
||||
#endif
|
||||
-#if HAVE_CRYPT_REENCRYPT
|
||||
+#if HAVE_CRYPT_REENCRYPT_RUN
|
||||
+ DLSYM_ARG(crypt_reencrypt_run),
|
||||
+#elif HAVE_CRYPT_REENCRYPT
|
||||
DLSYM_ARG(crypt_reencrypt),
|
||||
#endif
|
||||
DLSYM_ARG(crypt_metadata_locking),
|
||||
@@ -316,8 +315,6 @@ int dlopen_cryptsetup(void) {
|
||||
if (r <= 0)
|
||||
return r;
|
||||
|
||||
- REENABLE_WARNING;
|
||||
-
|
||||
/* Redirect the default logging calls of libcryptsetup to our own logging infra. (Note that
|
||||
* libcryptsetup also maintains per-"struct crypt_device" log functions, which we'll also set
|
||||
* whenever allocating a "struct crypt_device" context. Why set both? To be defensive: maybe some
|
||||
diff --git a/src/shared/cryptsetup-util.h b/src/shared/cryptsetup-util.h
|
||||
index f00ac367b6..d255e59004 100644
|
||||
--- a/src/shared/cryptsetup-util.h
|
||||
+++ b/src/shared/cryptsetup-util.h
|
||||
@@ -70,10 +70,10 @@ DLSYM_PROTOTYPE(crypt_volume_key_get);
|
||||
#if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE
|
||||
DLSYM_PROTOTYPE(crypt_reencrypt_init_by_passphrase);
|
||||
#endif
|
||||
-#if HAVE_CRYPT_REENCRYPT
|
||||
-DISABLE_WARNING_DEPRECATED_DECLARATIONS;
|
||||
+#if HAVE_CRYPT_REENCRYPT_RUN
|
||||
+DLSYM_PROTOTYPE(crypt_reencrypt_run);
|
||||
+#elif HAVE_CRYPT_REENCRYPT
|
||||
DLSYM_PROTOTYPE(crypt_reencrypt);
|
||||
-REENABLE_WARNING;
|
||||
#endif
|
||||
DLSYM_PROTOTYPE(crypt_metadata_locking);
|
||||
#if HAVE_CRYPT_SET_DATA_OFFSET
|
@ -1,136 +0,0 @@
|
||||
From 4a468387acbc8a2bd51bffaeca242e415e55b614 Mon Sep 17 00:00:00 2001
|
||||
From: Frantisek Sumsal <frantisek@sumsal.cz>
|
||||
Date: Wed, 12 Jun 2024 12:09:25 +0200
|
||||
Subject: [PATCH] test: dump a simple summary at the end of TEST-02-UNITTEST
|
||||
|
||||
Let's dump a list of skipped tests and logs from failed tests at the end
|
||||
of TEST-02-UNITTEST to make debugging fails in CI slightly less painful.
|
||||
|
||||
(cherry picked from commit 2ac0e52f29eb5f0040882fc46bcfa369893577f3)
|
||||
---
|
||||
test/TEST-02-UNITTESTS/test.sh | 8 ----
|
||||
test/test-functions | 68 ---------------------------------
|
||||
test/units/TEST-02-UNITTESTS.sh | 14 +++++++
|
||||
3 files changed, 14 insertions(+), 76 deletions(-)
|
||||
|
||||
diff --git a/test/TEST-02-UNITTESTS/test.sh b/test/TEST-02-UNITTESTS/test.sh
|
||||
index f165c99368..2cf9c31096 100755
|
||||
--- a/test/TEST-02-UNITTESTS/test.sh
|
||||
+++ b/test/TEST-02-UNITTESTS/test.sh
|
||||
@@ -37,12 +37,4 @@ test_append_files() {
|
||||
fi
|
||||
}
|
||||
|
||||
-check_result_nspawn() {
|
||||
- check_result_nspawn_unittests "${1}"
|
||||
-}
|
||||
-
|
||||
-check_result_qemu() {
|
||||
- check_result_qemu_unittests
|
||||
-}
|
||||
-
|
||||
do_test "$@"
|
||||
diff --git a/test/test-functions b/test/test-functions
|
||||
index be6eb1d9b2..8b497b2e27 100644
|
||||
--- a/test/test-functions
|
||||
+++ b/test/test-functions
|
||||
@@ -1860,74 +1860,6 @@ check_result_qemu() {
|
||||
return $ret
|
||||
}
|
||||
|
||||
-check_result_nspawn_unittests() {
|
||||
- local workspace="${1:?}"
|
||||
- local ret=1
|
||||
-
|
||||
- [[ -e "$workspace/testok" ]] && ret=0
|
||||
-
|
||||
- if [[ -s "$workspace/failed" ]]; then
|
||||
- ret=$((ret + 1))
|
||||
- echo "=== Failed test log ==="
|
||||
- cat "$workspace/failed"
|
||||
- else
|
||||
- if [[ -s "$workspace/skipped" ]]; then
|
||||
- echo "=== Skipped test log =="
|
||||
- cat "$workspace/skipped"
|
||||
- # We might have only skipped tests - that should not fail the job
|
||||
- ret=0
|
||||
- fi
|
||||
- if [[ -s "$workspace/testok" ]]; then
|
||||
- echo "=== Passed tests ==="
|
||||
- cat "$workspace/testok"
|
||||
- fi
|
||||
- fi
|
||||
-
|
||||
- get_bool "${TIMED_OUT:=}" && ret=1
|
||||
- check_coverage_reports "$workspace" || ret=5
|
||||
-
|
||||
- save_journal "$workspace/var/log/journal" $ret
|
||||
- echo "${JOURNAL_LIST:-"No journals were saved"}"
|
||||
-
|
||||
- _umount_dir "${initdir:?}"
|
||||
-
|
||||
- return $ret
|
||||
-}
|
||||
-
|
||||
-check_result_qemu_unittests() {
|
||||
- local ret=1
|
||||
-
|
||||
- mount_initdir
|
||||
- [[ -e "${initdir:?}/testok" ]] && ret=0
|
||||
-
|
||||
- if [[ -s "$initdir/failed" ]]; then
|
||||
- ret=$((ret + 1))
|
||||
- echo "=== Failed test log ==="
|
||||
- cat "$initdir/failed"
|
||||
- else
|
||||
- if [[ -s "$initdir/skipped" ]]; then
|
||||
- echo "=== Skipped test log =="
|
||||
- cat "$initdir/skipped"
|
||||
- # We might have only skipped tests - that should not fail the job
|
||||
- ret=0
|
||||
- fi
|
||||
- if [[ -s "$initdir/testok" ]]; then
|
||||
- echo "=== Passed tests ==="
|
||||
- cat "$initdir/testok"
|
||||
- fi
|
||||
- fi
|
||||
-
|
||||
- get_bool "${TIMED_OUT:=}" && ret=1
|
||||
- check_coverage_reports "$initdir" || ret=5
|
||||
-
|
||||
- save_journal "$initdir/var/log/journal" $ret
|
||||
- echo "${JOURNAL_LIST:-"No journals were saved"}"
|
||||
-
|
||||
- _umount_dir "$initdir"
|
||||
-
|
||||
- return $ret
|
||||
-}
|
||||
-
|
||||
create_rc_local() {
|
||||
dinfo "Create rc.local"
|
||||
mkdir -p "${initdir:?}/etc/rc.d"
|
||||
diff --git a/test/units/TEST-02-UNITTESTS.sh b/test/units/TEST-02-UNITTESTS.sh
|
||||
index 6392425130..4448643f9a 100755
|
||||
--- a/test/units/TEST-02-UNITTESTS.sh
|
||||
+++ b/test/units/TEST-02-UNITTESTS.sh
|
||||
@@ -95,6 +95,20 @@ export -f run_test
|
||||
find /usr/lib/systemd/tests/unit-tests/ -maxdepth 1 -type f -name "${TESTS_GLOB}" -print0 |
|
||||
xargs -0 -I {} --max-procs="$MAX_QUEUE_SIZE" bash -ec "run_test {}"
|
||||
|
||||
+# Write all pending messages, so they don't get mixed with the summaries below
|
||||
+journalctl --sync
|
||||
+
|
||||
+# No need for full test logs in this case
|
||||
+if [[ -s /skipped-tests ]]; then
|
||||
+ : "=== SKIPPED TESTS ==="
|
||||
+ cat /skipped-tests
|
||||
+fi
|
||||
+
|
||||
+if [[ -s /failed ]]; then
|
||||
+ : "=== FAILED TESTS ==="
|
||||
+ cat /failed
|
||||
+fi
|
||||
+
|
||||
# Test logs are sometimes lost, as the system shuts down immediately after
|
||||
journalctl --sync
|
||||
|
@ -1,29 +0,0 @@
|
||||
From d316aed5d8e15fb5b13b5618f1b2d1d020b1e7bf Mon Sep 17 00:00:00 2001
|
||||
From: Daan De Meyer <daan.j.demeyer@gmail.com>
|
||||
Date: Mon, 3 Jun 2024 12:35:29 +0200
|
||||
Subject: [PATCH] repart: Use CRYPT_ACTIVATE_PRIVATE
|
||||
|
||||
Let's skip udev device scanning when activating a LUKS volume in
|
||||
systemd-repart as we don't depend on any udev symlinks and don't
|
||||
expect anything except repart to access the volume.
|
||||
|
||||
Suggested by https://github.com/systemd/systemd/issues/33129#issuecomment-2143390941.
|
||||
|
||||
(cherry picked from commit 726fc7ae696510b04c24810f691d34f5d20529d6)
|
||||
---
|
||||
src/partition/repart.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/partition/repart.c b/src/partition/repart.c
|
||||
index 2ecae4ca03..78cf60f724 100644
|
||||
--- a/src/partition/repart.c
|
||||
+++ b/src/partition/repart.c
|
||||
@@ -4236,7 +4236,7 @@ static int partition_encrypt(Context *context, Partition *p, PartitionTarget *ta
|
||||
dm_name,
|
||||
NULL,
|
||||
VOLUME_KEY_SIZE,
|
||||
- arg_discard ? CRYPT_ACTIVATE_ALLOW_DISCARDS : 0);
|
||||
+ (arg_discard ? CRYPT_ACTIVATE_ALLOW_DISCARDS : 0) | CRYPT_ACTIVATE_PRIVATE);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to activate LUKS superblock: %m");
|
||||
|
@ -1,26 +0,0 @@
|
||||
From 4ebcdcb1360dbb10444f518bad7f04e10bcb6387 Mon Sep 17 00:00:00 2001
|
||||
From: Luca Boccassi <bluca@debian.org>
|
||||
Date: Tue, 11 Jun 2024 23:09:30 +0100
|
||||
Subject: [PATCH] NEWS: note that new stable releases will be in the main repo
|
||||
|
||||
(cherry picked from commit 40d637bace4041f081088673cb230669c1e34faf)
|
||||
---
|
||||
NEWS | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/NEWS b/NEWS
|
||||
index 02ad8b2c79..bbee0852be 100644
|
||||
--- a/NEWS
|
||||
+++ b/NEWS
|
||||
@@ -81,6 +81,11 @@ CHANGES WITH 256:
|
||||
* systemd.crash_reboot and related settings are deprecated in favor of
|
||||
systemd.crash_action=.
|
||||
|
||||
+ * Stable releases for version v256 and newer will now be pushed in the
|
||||
+ main repository. The systemd-stable repository will be used for existing
|
||||
+ stable branches (v255-stable and lower), and when they reach EOL it will
|
||||
+ be archived.
|
||||
+
|
||||
General Changes and New Features:
|
||||
|
||||
* Various programs will now attempt to load the main configuration file
|
@ -1,29 +0,0 @@
|
||||
From 2034de6157cc0d3e60489cdc16c7a5651f38783c Mon Sep 17 00:00:00 2001
|
||||
From: David Tardon <dtardon@redhat.com>
|
||||
Date: Wed, 12 Jun 2024 14:35:34 +0200
|
||||
Subject: [PATCH] shell-completion: only offer devices for completion
|
||||
|
||||
This skips directories and other stuff like /dev/core, /dev/initctl or
|
||||
/dev/log.
|
||||
|
||||
(cherry picked from commit bde35f4a91663ebb854330f582baeef0f9adcbfb)
|
||||
---
|
||||
shell-completion/bash/udevadm | 5 +----
|
||||
1 file changed, 1 insertion(+), 4 deletions(-)
|
||||
|
||||
diff --git a/shell-completion/bash/udevadm b/shell-completion/bash/udevadm
|
||||
index 05f921cf49..3842d722e7 100644
|
||||
--- a/shell-completion/bash/udevadm
|
||||
+++ b/shell-completion/bash/udevadm
|
||||
@@ -32,10 +32,7 @@ __get_all_sysdevs() {
|
||||
}
|
||||
|
||||
__get_all_device_nodes() {
|
||||
- local i
|
||||
- for i in /dev/* /dev/*/* /dev/*/*/*; do
|
||||
- echo $i
|
||||
- done
|
||||
+ find /dev -xtype b -o -xtype c
|
||||
}
|
||||
|
||||
__get_all_device_units() {
|
@ -1,98 +0,0 @@
|
||||
From a61a83a22b5f464463f9ab9e3ee3950f299c9f43 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Wed, 12 Jun 2024 18:31:56 +0200
|
||||
Subject: [PATCH] CODING_STYLE: document "reterr_" return parameters
|
||||
|
||||
In some recent PRs (e.g. #32628) I started to systematically name return
|
||||
parameters that shall only be initialized on failure (because they carry
|
||||
additional error meta information, such as the line/column number of
|
||||
parse failures or so). Let's make this official in the coding style.
|
||||
|
||||
(cherry picked from commit 7811864b08393eda5ff92145ea2776180d9b28ee)
|
||||
---
|
||||
docs/CODING_STYLE.md | 62 ++++++++++++++++++++++++++++++++++----------
|
||||
1 file changed, 48 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/docs/CODING_STYLE.md b/docs/CODING_STYLE.md
|
||||
index 8f687e6662..309436a397 100644
|
||||
--- a/docs/CODING_STYLE.md
|
||||
+++ b/docs/CODING_STYLE.md
|
||||
@@ -164,30 +164,64 @@ SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
thread. Use `is_main_thread()` to detect whether the calling thread is the
|
||||
main thread.
|
||||
|
||||
-- Do not write functions that clobber call-by-reference variables on
|
||||
- failure. Use temporary variables for these cases and change the passed in
|
||||
- variables only on success. The rule is: never clobber return parameters on
|
||||
- failure, always initialize return parameters on success.
|
||||
-
|
||||
-- Typically, function parameters fit into three categories: input parameters,
|
||||
- mutable objects, and call-by-reference return parameters. Input parameters
|
||||
- should always carry suitable "const" declarators if they are pointers, to
|
||||
- indicate they are input-only and not changed by the function. Return
|
||||
- parameters are best prefixed with "ret_", to clarify they are return
|
||||
- parameters. (Conversely, please do not prefix parameters that aren't
|
||||
- output-only with "ret_", in particular not mutable parameters that are both
|
||||
- input as well as output). Example:
|
||||
+- Typically, function parameters fit into four categories: input parameters,
|
||||
+ mutable objects, call-by-reference return parameters that are initialized on
|
||||
+ success, and call-by-reference return parameters that are initialized on
|
||||
+ failure. Input parameters should always carry suitable `const` declarators if
|
||||
+ they are pointers, to indicate they are input-only and not changed by the
|
||||
+ function. The name of return parameters that are initialized on success
|
||||
+ should be prefixed with `ret_`, to clarify they are return parameters. The
|
||||
+ name of return parameters that are initialized on failure should be prefixed
|
||||
+ with `reterr_`. (Examples of such parameters: those which carry additional
|
||||
+ error information, such as the row/column of parse errors or so). –
|
||||
+ Conversely, please do not prefix parameters that aren't output-only with
|
||||
+ `ret_` or `reterr_`, in particular not mutable parameters that are both input
|
||||
+ as well as output.
|
||||
+
|
||||
+ Example:
|
||||
|
||||
```c
|
||||
static int foobar_frobnicate(
|
||||
Foobar* object, /* the associated mutable object */
|
||||
const char *input, /* immutable input parameter */
|
||||
- char **ret_frobnicated) { /* return parameter */
|
||||
+ char **ret_frobnicated, /* return parameter on success */
|
||||
+ unsigned *reterr_line, /* return parameter on failure */
|
||||
+ unsigned *reterr_column) { /* ditto */
|
||||
…
|
||||
return 0;
|
||||
}
|
||||
```
|
||||
|
||||
+- Do not write functions that clobber call-by-reference success return
|
||||
+ parameters on failure (i.e. `ret_xyz`, see above), or that clobber
|
||||
+ call-by-reference failure return parameters on success
|
||||
+ (i.e. `reterr_xyz`). Use temporary variables for these cases and change the
|
||||
+ passed in variables only in the right condition. The rule is: never clobber
|
||||
+ success return parameters on failure, always initialize success return
|
||||
+ parameters on success (and the reverse for failure return parameters, of
|
||||
+ course).
|
||||
+
|
||||
+- Please put `reterr_` return parameters in the function parameter list last,
|
||||
+ and `ret_` return parameters immediately before that.
|
||||
+
|
||||
+ Good:
|
||||
+
|
||||
+ ```c
|
||||
+ static int do_something(
|
||||
+ const char *input,
|
||||
+ const char *ret_on_success,
|
||||
+ const char *reterr_on_failure);
|
||||
+ ```
|
||||
+
|
||||
+ Not good:
|
||||
+
|
||||
+ ```c
|
||||
+ static int do_something(
|
||||
+ const char *reterr_on_failure,
|
||||
+ const char *ret_on_success,
|
||||
+ const char *input);
|
||||
+ ```
|
||||
+
|
||||
- The order in which header files are included doesn't matter too
|
||||
much. systemd-internal headers must not rely on an include order, so it is
|
||||
safe to include them in any order possible. However, to not clutter global
|
@ -1,27 +0,0 @@
|
||||
From 51390a1f41a762ef96d3c496d8a5d890d722907d Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Tue, 4 Jun 2024 11:02:34 +0200
|
||||
Subject: [PATCH] analyze: show pcrs also in sha384 bank
|
||||
|
||||
SHA384 is pretty much the bank we actually *want* to use, since it's
|
||||
faster to calculate than SHA256, hence at the very least, start
|
||||
considering.
|
||||
|
||||
(cherry picked from commit acaca5ab250a51be6ba07768bee80bf0f7b462fa)
|
||||
---
|
||||
src/analyze/analyze-pcrs.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/analyze/analyze-pcrs.c b/src/analyze/analyze-pcrs.c
|
||||
index 43e415fc6d..1c3da3fd84 100644
|
||||
--- a/src/analyze/analyze-pcrs.c
|
||||
+++ b/src/analyze/analyze-pcrs.c
|
||||
@@ -11,7 +11,7 @@
|
||||
static int get_pcr_alg(const char **ret) {
|
||||
assert(ret);
|
||||
|
||||
- FOREACH_STRING(alg, "sha256", "sha1") {
|
||||
+ FOREACH_STRING(alg, "sha256", "sha384", "sha1") {
|
||||
_cleanup_free_ char *p = NULL;
|
||||
|
||||
if (asprintf(&p, "/sys/class/tpm/tpm0/pcr-%s/0", alg) < 0)
|
@ -1,41 +0,0 @@
|
||||
From 3706b5e8e92fe6a4ff21cefe66f2eb27953a3fdf Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <cristian@rodriguez.im>
|
||||
Date: Thu, 13 Jun 2024 11:59:28 -0400
|
||||
Subject: [PATCH] fundamental: declare flex array updated for gcc15 and clang
|
||||
19
|
||||
|
||||
Silly workaround that:
|
||||
- allowed flexible arrays in unions
|
||||
- allowed flexible arrays in otherwise empty structs
|
||||
|
||||
Is no longer needed since https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=adb1c8a0f167c3a1f7593d75f5a10eb07a5d741a
|
||||
(GCC15) or clang 19 https://github.com/llvm/llvm-project/commit/14ba782a87e16e9e15460a51f50e67e2744c26d9
|
||||
|
||||
(cherry picked from commit 3c2f2146f50c75662987541719bedc4aee9df939)
|
||||
---
|
||||
src/fundamental/macro-fundamental.h | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/fundamental/macro-fundamental.h b/src/fundamental/macro-fundamental.h
|
||||
index 5ccbda5186..8aca5f784a 100644
|
||||
--- a/src/fundamental/macro-fundamental.h
|
||||
+++ b/src/fundamental/macro-fundamental.h
|
||||
@@ -517,6 +517,10 @@ static inline uint64_t ALIGN_OFFSET_U64(uint64_t l, uint64_t ali) {
|
||||
} \
|
||||
}
|
||||
|
||||
+/* Restriction/bug (see above) was fixed in GCC 15 and clang 19.*/
|
||||
+#if __GNUC__ >= 15 || (defined(__clang__) && __clang_major__ >= 19)
|
||||
+#define DECLARE_FLEX_ARRAY(type, name) type name[];
|
||||
+#else
|
||||
/* Declare a flexible array usable in a union.
|
||||
* This is essentially a work-around for a pointless constraint in C99
|
||||
* and might go away in some future version of the standard.
|
||||
@@ -528,6 +532,7 @@ static inline uint64_t ALIGN_OFFSET_U64(uint64_t l, uint64_t ali) {
|
||||
dummy_t __empty__ ## name; \
|
||||
type name[]; \
|
||||
}
|
||||
+#endif
|
||||
|
||||
/* Declares an ELF read-only string section that does not occupy memory at runtime. */
|
||||
#define DECLARE_NOALLOC_SECTION(name, text) \
|
@ -1,31 +0,0 @@
|
||||
From aedeaf745028a463150fd6d2b1aca778797735ac Mon Sep 17 00:00:00 2001
|
||||
From: Nick Rosbrook <enr0n@ubuntu.com>
|
||||
Date: Fri, 14 Jun 2024 17:31:22 -0400
|
||||
Subject: [PATCH] man: add a bit of a warning to systemd-tmpfiles --purge
|
||||
|
||||
Mention that by default, /home is managed by tmpfiles.d/home.conf, and
|
||||
recommend that users run systemd-tmpfiles --dry-run --purge first to
|
||||
see exactly what will be removed.
|
||||
|
||||
(cherry picked from commit 9ebcac3b5125a8b0b11f371731ea167cd4684adc)
|
||||
---
|
||||
man/systemd-tmpfiles.xml | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml
|
||||
index 008bff62da..6f3ec66611 100644
|
||||
--- a/man/systemd-tmpfiles.xml
|
||||
+++ b/man/systemd-tmpfiles.xml
|
||||
@@ -150,7 +150,11 @@
|
||||
<varlistentry>
|
||||
<term><option>--purge</option></term>
|
||||
<listitem><para>If this option is passed, all files and directories created by a
|
||||
- <filename>tmpfiles.d/</filename> entry will be deleted.</para>
|
||||
+ <filename>tmpfiles.d/</filename> entry will be deleted. Keep in mind that by default,
|
||||
+ <filename>/home</filename> is created by <command>systemd-tmpfiles</command>
|
||||
+ (see <filename>/usr/lib/tmpfiles.d/home.conf</filename>). Therefore it is recommended
|
||||
+ to first run <command>systemd-tmpfiles --dry-run --purge</command> to be certain which files
|
||||
+ and directories will be deleted.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||
</varlistentry>
|
@ -1,65 +0,0 @@
|
||||
From 1a0e6961cfaed42bda542e111738c136f7b4d73f Mon Sep 17 00:00:00 2001
|
||||
From: Mike Yuan <me@yhndnzj.com>
|
||||
Date: Sat, 15 Jun 2024 17:27:33 +0200
|
||||
Subject: [PATCH] man,units: drop "temporary" from description of
|
||||
systemd-tmpfiles
|
||||
|
||||
Historically, systemd-tmpfiles was designed to manager temporary
|
||||
files, but nowadays it has become a generic tool for managing
|
||||
all kinds of files. To avoid user confusion, let's remove "temporary"
|
||||
from the tool's description.
|
||||
|
||||
As discussed in #33349
|
||||
|
||||
(cherry picked from commit b5c8cc0a3b8e4e2fea0539d6420a76b524ea5735)
|
||||
---
|
||||
man/systemd-tmpfiles.xml | 8 +++++---
|
||||
units/systemd-tmpfiles-setup.service | 2 +-
|
||||
units/user/systemd-tmpfiles-setup.service | 2 +-
|
||||
3 files changed, 7 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml
|
||||
index 6f3ec66611..9767aead85 100644
|
||||
--- a/man/systemd-tmpfiles.xml
|
||||
+++ b/man/systemd-tmpfiles.xml
|
||||
@@ -55,9 +55,11 @@
|
||||
<refsect1>
|
||||
<title>Description</title>
|
||||
|
||||
- <para><command>systemd-tmpfiles</command> creates, deletes, and cleans up volatile and temporary files
|
||||
- and directories, using the configuration file format and location specified in
|
||||
- <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>. It must
|
||||
+ <para><command>systemd-tmpfiles</command> creates, deletes, and cleans up files and directories, using
|
||||
+ the configuration file format and location specified in
|
||||
+ <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||
+ Historically, it was designed to manage volatile and temporary files, as the name suggests, but it provides
|
||||
+ generic file management functionality and can be used to manage any kind of files. It must
|
||||
be invoked with one or more commands <option>--create</option>, <option>--remove</option>, and
|
||||
<option>--clean</option>, to select the respective subset of operations.</para>
|
||||
|
||||
diff --git a/units/systemd-tmpfiles-setup.service b/units/systemd-tmpfiles-setup.service
|
||||
index 6cae32850f..b92beb7314 100644
|
||||
--- a/units/systemd-tmpfiles-setup.service
|
||||
+++ b/units/systemd-tmpfiles-setup.service
|
||||
@@ -8,7 +8,7 @@
|
||||
# (at your option) any later version.
|
||||
|
||||
[Unit]
|
||||
-Description=Create Volatile Files and Directories
|
||||
+Description=Create System Files and Directories
|
||||
Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8)
|
||||
|
||||
DefaultDependencies=no
|
||||
diff --git a/units/user/systemd-tmpfiles-setup.service b/units/user/systemd-tmpfiles-setup.service
|
||||
index 156689edcd..54e453c4fc 100644
|
||||
--- a/units/user/systemd-tmpfiles-setup.service
|
||||
+++ b/units/user/systemd-tmpfiles-setup.service
|
||||
@@ -8,7 +8,7 @@
|
||||
# (at your option) any later version.
|
||||
|
||||
[Unit]
|
||||
-Description=Create User's Volatile Files and Directories
|
||||
+Description=Create User Files and Directories
|
||||
Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8)
|
||||
DefaultDependencies=no
|
||||
Conflicts=shutdown.target
|
@ -1,24 +0,0 @@
|
||||
From 9f5f3c2f8bc2c3d82678672f3e700c1eb4e52d61 Mon Sep 17 00:00:00 2001
|
||||
From: Luca Boccassi <bluca@debian.org>
|
||||
Date: Sun, 16 Jun 2024 11:16:21 +0100
|
||||
Subject: [PATCH] mkosi: enable unprivileged user ns for integration tests
|
||||
|
||||
Ubuntu disables them by default in Noble, ship a sysctl to turn them back on
|
||||
so that tests can use them
|
||||
|
||||
(cherry picked from commit 4cfcde024f34b3e5f682364d4e0c6185ef07d467)
|
||||
---
|
||||
.../usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
create mode 100644 mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf
|
||||
|
||||
diff --git a/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf b/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf
|
||||
new file mode 100644
|
||||
index 0000000000..657ac72f8d
|
||||
--- /dev/null
|
||||
+++ b/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf
|
||||
@@ -0,0 +1,4 @@
|
||||
+# Ubuntu since Noble disables unprivileged user namespaces by default, re-enable them as they are needed
|
||||
+# for integration tests
|
||||
+kernel.apparmor_restrict_unprivileged_unconfined = 0
|
||||
+kernel.apparmor_restrict_unprivileged_userns = 0
|
@ -1,74 +0,0 @@
|
||||
From 21feae324e812580062c36aa14cc5e68a37aa151 Mon Sep 17 00:00:00 2001
|
||||
From: Luca Boccassi <bluca@debian.org>
|
||||
Date: Sun, 16 Jun 2024 15:28:56 +0100
|
||||
Subject: [PATCH] mkosi: use ports.ubuntu.com for non-x86 backports
|
||||
|
||||
Follow-up for 46368556afee7a1f3a1685609942438ef2d9d6c1
|
||||
|
||||
(cherry picked from commit c01cb8cbff8512b65b7903b55f78c8d12661b8d7)
|
||||
---
|
||||
mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf | 3 ---
|
||||
.../mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf | 9 +++++++++
|
||||
.../system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf | 9 +++++++++
|
||||
.../mkosi.conf.d/10-ubuntu/noble-backports-ports.sources | 6 ++++++
|
||||
4 files changed, 24 insertions(+), 3 deletions(-)
|
||||
create mode 100644 mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf
|
||||
create mode 100644 mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf
|
||||
create mode 100644 mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources
|
||||
|
||||
diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf
|
||||
index 25957b1e92..86f9736ed9 100644
|
||||
--- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf
|
||||
+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf
|
||||
@@ -3,9 +3,6 @@
|
||||
[Match]
|
||||
Distribution=ubuntu
|
||||
|
||||
-[Distribution]
|
||||
-PackageManagerTrees=noble-backports.sources:/etc/apt/sources.list.d/noble-backports.sources
|
||||
-
|
||||
[Content]
|
||||
Packages=
|
||||
linux-image-generic
|
||||
diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf
|
||||
new file mode 100644
|
||||
index 0000000000..0ec4807822
|
||||
--- /dev/null
|
||||
+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf
|
||||
@@ -0,0 +1,9 @@
|
||||
+# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
+# The ports Ubuntu archive is for non i386/amd64 repositories
|
||||
+
|
||||
+[Match]
|
||||
+Architecture=!x86-64
|
||||
+Architecture=!x86
|
||||
+
|
||||
+[Distribution]
|
||||
+PackageManagerTrees=noble-backports-ports.sources:/etc/apt/sources.list.d/noble-backports-ports.sources
|
||||
diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf
|
||||
new file mode 100644
|
||||
index 0000000000..c08eeac337
|
||||
--- /dev/null
|
||||
+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf
|
||||
@@ -0,0 +1,9 @@
|
||||
+# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
+# The main Ubuntu archive is only for i386/amd64 repositories
|
||||
+
|
||||
+[Match]
|
||||
+Architecture=|x86-64
|
||||
+Architecture=|x86
|
||||
+
|
||||
+[Distribution]
|
||||
+PackageManagerTrees=noble-backports.sources:/etc/apt/sources.list.d/noble-backports.sources
|
||||
diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources b/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources
|
||||
new file mode 100644
|
||||
index 0000000000..5b96dc544d
|
||||
--- /dev/null
|
||||
+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources
|
||||
@@ -0,0 +1,6 @@
|
||||
+# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
+Types: deb
|
||||
+URIs: http://ports.ubuntu.com
|
||||
+Suites: noble-backports
|
||||
+Components: main universe
|
||||
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
|
@ -1,58 +0,0 @@
|
||||
From 9802a28b367b3d403c41b570949e3c91f505ede5 Mon Sep 17 00:00:00 2001
|
||||
From: Luca Boccassi <bluca@debian.org>
|
||||
Date: Sun, 16 Jun 2024 20:42:12 +0100
|
||||
Subject: [PATCH] mkosi: install EFI packages only on EFI architectures
|
||||
|
||||
sbsigntool, systemd-boot and systemd-boot-efi do not exist on other
|
||||
architectures
|
||||
|
||||
(cherry picked from commit 47fe3f29b4ba1b44ae71a7e67c579c4883731dd4)
|
||||
---
|
||||
.../mkosi.conf.d/10-debian-ubuntu/mkosi.conf | 3 ---
|
||||
.../10-debian-ubuntu/mkosi.conf.d/efi.conf | 16 ++++++++++++++++
|
||||
2 files changed, 16 insertions(+), 3 deletions(-)
|
||||
create mode 100644 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf
|
||||
|
||||
diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
|
||||
index ae014fa966..ecac78049d 100644
|
||||
--- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
|
||||
+++ b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
|
||||
@@ -20,8 +20,6 @@ VolatilePackages=
|
||||
libsystemd-dev
|
||||
libudev-dev
|
||||
systemd
|
||||
- systemd-boot
|
||||
- systemd-boot-efi
|
||||
systemd-container
|
||||
systemd-coredump
|
||||
systemd-dev
|
||||
@@ -74,7 +72,6 @@ Packages=
|
||||
python3-pexpect
|
||||
python3-psutil
|
||||
quota
|
||||
- sbsigntool
|
||||
softhsm2
|
||||
squashfs-tools
|
||||
stress
|
||||
diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf
|
||||
new file mode 100644
|
||||
index 0000000000..781670a775
|
||||
--- /dev/null
|
||||
+++ b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf
|
||||
@@ -0,0 +1,16 @@
|
||||
+# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
+# sbsigntool exists only on UEFI architectures
|
||||
+
|
||||
+[Match]
|
||||
+Architecture=|x86
|
||||
+Architecture=|x86-64
|
||||
+Architecture=|arm
|
||||
+Architecture=|arm64
|
||||
+Architecture=|riscv32
|
||||
+Architecture=|riscv64
|
||||
+
|
||||
+[Content]
|
||||
+Packages=
|
||||
+ sbsigntool
|
||||
+ systemd-boot
|
||||
+ systemd-boot-efi
|
@ -1,31 +0,0 @@
|
||||
From 50b53b8221aa9d5e8fa3269b73d13b8a304728a8 Mon Sep 17 00:00:00 2001
|
||||
From: Luca Boccassi <bluca@debian.org>
|
||||
Date: Sun, 16 Jun 2024 13:41:50 +0100
|
||||
Subject: [PATCH] test: check the skip condition before installing additional
|
||||
files
|
||||
|
||||
(cherry picked from commit e1daedb4be6d8180790e0b303872fb1c87ddc7fc)
|
||||
---
|
||||
test/units/TEST-43-PRIVATEUSER-UNPRIV.sh | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/test/units/TEST-43-PRIVATEUSER-UNPRIV.sh b/test/units/TEST-43-PRIVATEUSER-UNPRIV.sh
|
||||
index 165af47f15..f8a2a62467 100755
|
||||
--- a/test/units/TEST-43-PRIVATEUSER-UNPRIV.sh
|
||||
+++ b/test/units/TEST-43-PRIVATEUSER-UNPRIV.sh
|
||||
@@ -6,13 +6,13 @@ set -o pipefail
|
||||
# shellcheck source=test/units/util.sh
|
||||
. "$(dirname "$0")"/util.sh
|
||||
|
||||
-install_extension_images
|
||||
-
|
||||
if [[ "$(sysctl -ne kernel.apparmor_restrict_unprivileged_userns)" -eq 1 ]]; then
|
||||
echo "Cannot create unprivileged user namespaces" >/skipped
|
||||
exit 77
|
||||
fi
|
||||
|
||||
+install_extension_images
|
||||
+
|
||||
systemd-analyze log-level debug
|
||||
|
||||
runas testuser systemd-run --wait --user --unit=test-private-users \
|
@ -1,37 +0,0 @@
|
||||
From 51a2e7be5ec1a28be11d309897671c8dd4511ae8 Mon Sep 17 00:00:00 2001
|
||||
From: Luca Boccassi <bluca@debian.org>
|
||||
Date: Sun, 16 Jun 2024 16:08:57 +0100
|
||||
Subject: [PATCH] test: drop unneeded firmware: uefi setting
|
||||
|
||||
These tests no longer need this, as they are running in nspawn, drop it
|
||||
|
||||
(cherry picked from commit f44fc531c95e37c83203375c411189009a01b482)
|
||||
---
|
||||
test/TEST-09-REBOOT/meson.build | 2 --
|
||||
test/TEST-18-FAILUREACTION/meson.build | 2 --
|
||||
2 files changed, 4 deletions(-)
|
||||
|
||||
diff --git a/test/TEST-09-REBOOT/meson.build b/test/TEST-09-REBOOT/meson.build
|
||||
index c4b41bc97b..b7556189f5 100644
|
||||
--- a/test/TEST-09-REBOOT/meson.build
|
||||
+++ b/test/TEST-09-REBOOT/meson.build
|
||||
@@ -4,7 +4,5 @@ integration_tests += [
|
||||
integration_test_template + {
|
||||
'name' : fs.name(meson.current_source_dir()),
|
||||
'storage' : 'persistent',
|
||||
- # FIXME; Figure out why reboot sometimes hangs with 'linux' firmware.
|
||||
- 'firmware' : 'uefi',
|
||||
},
|
||||
]
|
||||
diff --git a/test/TEST-18-FAILUREACTION/meson.build b/test/TEST-18-FAILUREACTION/meson.build
|
||||
index 5edfbcad1f..8dec5f37e7 100644
|
||||
--- a/test/TEST-18-FAILUREACTION/meson.build
|
||||
+++ b/test/TEST-18-FAILUREACTION/meson.build
|
||||
@@ -3,7 +3,5 @@
|
||||
integration_tests += [
|
||||
integration_test_template + {
|
||||
'name' : fs.name(meson.current_source_dir()),
|
||||
- # FIXME; Figure out why reboot sometimes hangs with 'linux' firmware.
|
||||
- 'firmware' : 'uefi',
|
||||
},
|
||||
]
|
@ -1,28 +0,0 @@
|
||||
From df1e7d9572fab94209989f341bb1e1a86d88223b Mon Sep 17 00:00:00 2001
|
||||
From: Luca Boccassi <bluca@debian.org>
|
||||
Date: Sun, 16 Jun 2024 19:21:32 +0100
|
||||
Subject: [PATCH] test: drop obsolete comment
|
||||
|
||||
We want to keep various logic here instead of mkosi, so drop the
|
||||
temporary comment
|
||||
|
||||
(cherry picked from commit 626518ecd5e7b0c0c708ba53d7eb62934506ed54)
|
||||
---
|
||||
test/integration-test-wrapper.py | 4 ----
|
||||
1 file changed, 4 deletions(-)
|
||||
|
||||
diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py
|
||||
index 5b098a3e01..1e015e7d47 100755
|
||||
--- a/test/integration-test-wrapper.py
|
||||
+++ b/test/integration-test-wrapper.py
|
||||
@@ -2,10 +2,6 @@
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
'''Test wrapper command for driving integration tests.
|
||||
-
|
||||
-Note: This is deliberately rough and only intended to drive existing tests
|
||||
-with the expectation that as part of formally defining the API it will be tidy.
|
||||
-
|
||||
'''
|
||||
|
||||
import argparse
|
@ -1,25 +0,0 @@
|
||||
From a36cb5660e4d84c16242c1d70b99d9a2e389f191 Mon Sep 17 00:00:00 2001
|
||||
From: Luca Boccassi <bluca@debian.org>
|
||||
Date: Sun, 16 Jun 2024 19:15:24 +0100
|
||||
Subject: [PATCH] test: support TEST_NO_KVM
|
||||
|
||||
The shell integration suite allows to manually deselect KVM, so
|
||||
suppor the same env var for the same purpose in python.
|
||||
|
||||
(cherry picked from commit 7d2701e7d1d0a7194026dd371071df6e63f59a82)
|
||||
---
|
||||
test/integration-test-wrapper.py | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py
|
||||
index 1e015e7d47..15b1ce1055 100755
|
||||
--- a/test/integration-test-wrapper.py
|
||||
+++ b/test/integration-test-wrapper.py
|
||||
@@ -124,6 +124,7 @@ def main():
|
||||
*args.mkosi_args,
|
||||
'--append',
|
||||
'--qemu-firmware', args.firmware,
|
||||
+ '--qemu-kvm', "auto" if not bool(int(os.getenv("TEST_NO_KVM", "0"))) else "no",
|
||||
'--kernel-command-line-extra',
|
||||
' '.join([
|
||||
'systemd.hostname=H',
|
@ -1,30 +0,0 @@
|
||||
From 6178aa4bbcc6b0531314c1a2e9df61e45e6c9ad4 Mon Sep 17 00:00:00 2001
|
||||
From: Luca Boccassi <bluca@debian.org>
|
||||
Date: Mon, 17 Jun 2024 14:09:40 +0100
|
||||
Subject: [PATCH] test: support TEST_NO_QEMU in mkosi integration wrapper
|
||||
|
||||
Same as the old integration test suite, allow skipping tests that
|
||||
require qemu.
|
||||
ppc64el's vsock support doesn't appear to work, so we'll skip it,
|
||||
as it is already done in the legacy framework.
|
||||
|
||||
(cherry picked from commit 464d182b3e470e4163ca376145539a537a6e43a2)
|
||||
---
|
||||
test/integration-test-wrapper.py | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py
|
||||
index 15b1ce1055..b6a16aa3ef 100755
|
||||
--- a/test/integration-test-wrapper.py
|
||||
+++ b/test/integration-test-wrapper.py
|
||||
@@ -57,6 +57,10 @@ def main():
|
||||
print(f"SYSTEMD_SLOW_TESTS=1 not found in environment, skipping {args.name}", file=sys.stderr)
|
||||
exit(77)
|
||||
|
||||
+ if args.vm and bool(int(os.getenv("TEST_NO_QEMU", "0"))):
|
||||
+ print(f"TEST_NO_QEMU=1, skipping {args.name}", file=sys.stderr)
|
||||
+ exit(77)
|
||||
+
|
||||
name = args.name + (f"-{i}" if (i := os.getenv("MESON_TEST_ITERATION")) else "")
|
||||
|
||||
dropin = textwrap.dedent(
|
@ -1,27 +0,0 @@
|
||||
From 7d65709901cb3fc746639398776cfdb7cb750a03 Mon Sep 17 00:00:00 2001
|
||||
From: Luca Boccassi <bluca@debian.org>
|
||||
Date: Mon, 17 Jun 2024 15:37:43 +0100
|
||||
Subject: [PATCH] test: use 'auto' instead of 'uefi' for automated fallback
|
||||
|
||||
mkosi will prefer UEFI if the architecture supports it, but fallback
|
||||
to 'linux' if it doesn't.
|
||||
|
||||
(cherry picked from commit 80468db8fa21ffd07dc2f28c656eeaf8f0292367)
|
||||
---
|
||||
test/TEST-06-SELINUX/meson.build | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/test/TEST-06-SELINUX/meson.build b/test/TEST-06-SELINUX/meson.build
|
||||
index 7a850beb81..9261a49c49 100644
|
||||
--- a/test/TEST-06-SELINUX/meson.build
|
||||
+++ b/test/TEST-06-SELINUX/meson.build
|
||||
@@ -5,7 +5,8 @@ integration_tests += [
|
||||
'name' : fs.name(meson.current_source_dir()),
|
||||
'cmdline' : integration_test_template['cmdline'] + ['selinux=1', 'lsm=selinux'],
|
||||
# FIXME; Figure out why reboot sometimes hangs with 'linux' firmware.
|
||||
- 'firmware' : 'uefi',
|
||||
+ # Use 'auto' to automatically fallback on non-uefi architectures.
|
||||
+ 'firmware' : 'auto',
|
||||
'vm' : true,
|
||||
},
|
||||
]
|
@ -1,45 +0,0 @@
|
||||
From f7d55cc801611781fbff2817f2fd4a16ec96ca85 Mon Sep 17 00:00:00 2001
|
||||
From: Mike Yuan <me@yhndnzj.com>
|
||||
Date: Mon, 17 Jun 2024 07:47:20 +0200
|
||||
Subject: [PATCH] core/service: fix accept-socket deserialization
|
||||
|
||||
Follow-up for 45b1017488cef2a5bacdf82028ce900a311c9a1c
|
||||
|
||||
(cherry picked from commit 9f5d8c3da4f505346bd1edfae907a2abcdbdc578)
|
||||
---
|
||||
src/core/service.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/core/service.c b/src/core/service.c
|
||||
index 8ec27c463a..6e81460ad0 100644
|
||||
--- a/src/core/service.c
|
||||
+++ b/src/core/service.c
|
||||
@@ -1351,7 +1351,7 @@ static int service_coldplug(Unit *u) {
|
||||
service_start_watchdog(s);
|
||||
|
||||
if (UNIT_ISSET(s->accept_socket)) {
|
||||
- Socket* socket = SOCKET(UNIT_DEREF(s->accept_socket));
|
||||
+ Socket *socket = SOCKET(UNIT_DEREF(s->accept_socket));
|
||||
|
||||
if (socket->max_connections_per_source > 0) {
|
||||
SocketPeer *peer;
|
||||
@@ -3220,8 +3220,8 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
|
||||
} else if (streq(key, "accept-socket")) {
|
||||
Unit *socket;
|
||||
|
||||
- if (u->type != UNIT_SOCKET) {
|
||||
- log_unit_debug(u, "Failed to deserialize accept-socket: unit is not a socket");
|
||||
+ if (unit_name_to_type(value) != UNIT_SOCKET) {
|
||||
+ log_unit_debug(u, "Deserialized accept-socket is not a socket unit, ignoring: %s", value);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -3230,7 +3230,7 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
|
||||
log_unit_debug_errno(u, r, "Failed to load accept-socket unit '%s': %m", value);
|
||||
else {
|
||||
unit_ref_set(&s->accept_socket, u, socket);
|
||||
- SOCKET(socket)->n_connections++;
|
||||
+ ASSERT_PTR(SOCKET(socket))->n_connections++;
|
||||
}
|
||||
|
||||
} else if (streq(key, "socket-fd")) {
|
@ -1,26 +0,0 @@
|
||||
From 4cc6da9a5dfb69f149404d5a784c57bca2a21237 Mon Sep 17 00:00:00 2001
|
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||
Date: Tue, 18 Jun 2024 00:09:03 +0900
|
||||
Subject: [PATCH] test-network: mention that the captive portal option is
|
||||
supported since v2.20
|
||||
|
||||
The current latest release is v2.19, hence the test is typically skipped now.
|
||||
|
||||
(cherry picked from commit 4f6d8ab0767e534553bfa130f39dbb07ebb804a4)
|
||||
---
|
||||
test/test-network/systemd-networkd-tests.py | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py
|
||||
index 92cb07f11c..0355c7aca1 100755
|
||||
--- a/test/test-network/systemd-networkd-tests.py
|
||||
+++ b/test/test-network/systemd-networkd-tests.py
|
||||
@@ -5824,6 +5824,8 @@ class NetworkdRATests(unittest.TestCase, Utilities):
|
||||
self.assertIn('pref high', output)
|
||||
self.assertNotIn('pref low', output)
|
||||
|
||||
+ # radvd supports captive portal since v2.20.
|
||||
+ # https://github.com/radvd-project/radvd/commit/791179a7f730decbddb2290ef0e34aa85d71b1bc
|
||||
@unittest.skipUnless(radvd_check_config('captive-portal.conf'), "Installed radvd doesn't support captive portals")
|
||||
def test_captive_portal(self):
|
||||
copy_network_unit('25-veth-client.netdev',
|
@ -1,27 +0,0 @@
|
||||
From b455006ae189d4ceef4214d8d4ab2027781d37e0 Mon Sep 17 00:00:00 2001
|
||||
From: Luca Boccassi <bluca@debian.org>
|
||||
Date: Mon, 17 Jun 2024 17:40:28 +0100
|
||||
Subject: [PATCH] CI: disable secure boot in mkosi GHA runs
|
||||
|
||||
Booting a guest with secure boot is broken in Azure due to a hypervisor
|
||||
bug. Disable it for now. Given there's no option, need to edit
|
||||
the configuration on the fly.
|
||||
|
||||
(cherry picked from commit bdd0b45bfd7190bb8eb50c71ff6f50a80d6e6e52)
|
||||
---
|
||||
.github/workflows/mkosi.yml | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
|
||||
index 425d737b62..62efd367cb 100644
|
||||
--- a/.github/workflows/mkosi.yml
|
||||
+++ b/.github/workflows/mkosi.yml
|
||||
@@ -117,6 +117,8 @@ jobs:
|
||||
|
||||
- name: Configure
|
||||
run: |
|
||||
+ # XXX: drop after the HyperV bug that breaks secure boot KVM guests is solved
|
||||
+ sed -i "s/'firmware'\s*:\s*'auto'/'firmware' : 'uefi'/g" test/*/meson.build
|
||||
tee mkosi.local.conf <<EOF
|
||||
[Distribution]
|
||||
Distribution=${{ matrix.distro }}
|
@ -1,23 +0,0 @@
|
||||
From d89c99c7ad165fa2471e1c5c1a3bdedab0818da9 Mon Sep 17 00:00:00 2001
|
||||
From: Luca Boccassi <bluca@debian.org>
|
||||
Date: Mon, 17 Jun 2024 15:40:10 +0100
|
||||
Subject: [PATCH] mkosi: bump to latest
|
||||
|
||||
(cherry picked from commit 3001339dc5b3faf8f8edee4c07b14a4abdf3d66f)
|
||||
---
|
||||
.github/workflows/mkosi.yml | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
|
||||
index 62efd367cb..3a8dabd95c 100644
|
||||
--- a/.github/workflows/mkosi.yml
|
||||
+++ b/.github/workflows/mkosi.yml
|
||||
@@ -92,7 +92,7 @@ jobs:
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
|
||||
- - uses: systemd/mkosi@0081ea66faf56a35353d6aeadfe42f9679c7d1cf
|
||||
+ - uses: systemd/mkosi@6972f9efba5c8472d990be3783b7e7dbf76e109e
|
||||
|
||||
# Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
|
||||
# immediately, we remove the files in the background. However, we first move them to a different location
|
@ -1,23 +0,0 @@
|
||||
From a776dcf7af3b189f4f9616d174dbfc53a9bd6db6 Mon Sep 17 00:00:00 2001
|
||||
From: Carlo Teubner <carlo@cteubner.net>
|
||||
Date: Tue, 18 Jun 2024 09:41:59 +0100
|
||||
Subject: [PATCH] NEWS: fix typo
|
||||
|
||||
(cherry picked from commit f6d517f8478bdd83b7d149b242a47d7686235c7e)
|
||||
---
|
||||
NEWS | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/NEWS b/NEWS
|
||||
index bbee0852be..da81fe3c5d 100644
|
||||
--- a/NEWS
|
||||
+++ b/NEWS
|
||||
@@ -195,7 +195,7 @@ CHANGES WITH 256:
|
||||
additional per-user service managers, whose users are transient and
|
||||
are only defined as long as the service manager is running. (This is
|
||||
implemented via DynamicUser=1), allowing a user manager to be used to
|
||||
- manager a group of processes without needing to create an actual user
|
||||
+ manage a group of processes without needing to create an actual user
|
||||
account. These service managers run with home directories of
|
||||
/var/lib/capsules/<capsule-name> and can contain regular services and
|
||||
other units. A capsule is started via a simple "systemctl start
|
@ -1,69 +0,0 @@
|
||||
From c26e56d08f30a2946dfa1d03781c63bfa9f56c1d Mon Sep 17 00:00:00 2001
|
||||
From: Luca Boccassi <bluca@debian.org>
|
||||
Date: Fri, 7 Jun 2024 21:39:45 +0100
|
||||
Subject: [PATCH] install: allow removing symlinks even for units that are gone
|
||||
|
||||
If a symlink is leftover, still allow cleaning it up via 'disable'. This
|
||||
happens when a unit is stopped and removed, but not disabled, and a reload
|
||||
has already happened. At that point, cleaning up the old symlinks becomes
|
||||
impossible through the APIs, and needs to be done manually. Always allow
|
||||
cleaning up symlinks, if they exist, by only erroring out if there is an
|
||||
OOM.
|
||||
|
||||
Follow-up for f31f10a6207efc9ae9e0b1f73975b5b610914017
|
||||
|
||||
(cherry picked from commit 5163c9b1e56293b1bb2803420613c5b374570892)
|
||||
---
|
||||
src/shared/install.c | 14 ++++++++++----
|
||||
test/units/TEST-26-SYSTEMCTL.sh | 6 ++++++
|
||||
2 files changed, 16 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/shared/install.c b/src/shared/install.c
|
||||
index dd2bd5c948..c94b456c21 100644
|
||||
--- a/src/shared/install.c
|
||||
+++ b/src/shared/install.c
|
||||
@@ -2282,7 +2282,9 @@ static int install_context_mark_for_removal(
|
||||
else {
|
||||
log_debug_errno(r, "Unit %s not found, removing name.", i->name);
|
||||
r = install_changes_add(changes, n_changes, r, i->path ?: i->name, NULL);
|
||||
- if (r < 0)
|
||||
+ /* In case there's no unit, we still want to remove any leftover symlink, even if
|
||||
+ * the unit might have been removed already, hence treating ENOENT as non-fatal. */
|
||||
+ if (r != -ENOENT)
|
||||
return r;
|
||||
}
|
||||
} else if (r < 0) {
|
||||
@@ -2874,9 +2876,13 @@ static int do_unit_file_disable(
|
||||
r = install_info_add(&ctx, *name, NULL, lp->root_dir, /* auxiliary= */ false, &info);
|
||||
if (r >= 0)
|
||||
r = install_info_traverse(&ctx, lp, info, SEARCH_LOAD|SEARCH_FOLLOW_CONFIG_SYMLINKS, NULL);
|
||||
-
|
||||
- if (r < 0)
|
||||
- return install_changes_add(changes, n_changes, r, *name, NULL);
|
||||
+ if (r < 0) {
|
||||
+ r = install_changes_add(changes, n_changes, r, *name, NULL);
|
||||
+ /* In case there's no unit, we still want to remove any leftover symlink, even if
|
||||
+ * the unit might have been removed already, hence treating ENOENT as non-fatal. */
|
||||
+ if (r != -ENOENT)
|
||||
+ return r;
|
||||
+ }
|
||||
|
||||
/* If we enable multiple units, some with install info and others without,
|
||||
* the "empty [Install] section" warning is not shown. Let's make the behavior
|
||||
diff --git a/test/units/TEST-26-SYSTEMCTL.sh b/test/units/TEST-26-SYSTEMCTL.sh
|
||||
index ae7a5d6eb6..1471f3fd9e 100755
|
||||
--- a/test/units/TEST-26-SYSTEMCTL.sh
|
||||
+++ b/test/units/TEST-26-SYSTEMCTL.sh
|
||||
@@ -343,6 +343,12 @@ systemctl cat "$UNIT_NAME"
|
||||
systemctl help "$UNIT_NAME"
|
||||
systemctl service-watchdogs
|
||||
systemctl service-watchdogs "$(systemctl service-watchdogs)"
|
||||
+# Ensure that the enablement symlinks can still be removed after the user is gone, to avoid having leftovers
|
||||
+systemctl enable "$UNIT_NAME"
|
||||
+systemctl stop "$UNIT_NAME"
|
||||
+rm -f "/usr/lib/systemd/system/$UNIT_NAME"
|
||||
+systemctl daemon-reload
|
||||
+systemctl disable "$UNIT_NAME"
|
||||
|
||||
# show/set-environment
|
||||
# Make sure PATH is set
|
@ -1,35 +0,0 @@
|
||||
From 90ec0265707d381ed8cc77de475cd963686eaba3 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Tue, 18 Jun 2024 09:54:33 +0200
|
||||
Subject: [PATCH] tmpfiles: honour --dry-run when removing directories
|
||||
|
||||
(cherry picked from commit edeceb80a91e8400e8c22f08a41045a2ba270fe6)
|
||||
---
|
||||
src/tmpfiles/tmpfiles.c | 14 ++++++++++----
|
||||
1 file changed, 10 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
|
||||
index 807925f199..283be21d16 100644
|
||||
--- a/src/tmpfiles/tmpfiles.c
|
||||
+++ b/src/tmpfiles/tmpfiles.c
|
||||
@@ -3024,10 +3024,16 @@ static int remove_recursive(
|
||||
return r;
|
||||
|
||||
if (remove_instance) {
|
||||
- log_debug("Removing directory \"%s\".", instance);
|
||||
- r = RET_NERRNO(rmdir(instance));
|
||||
- if (r < 0 && !IN_SET(r, -ENOENT, -ENOTEMPTY))
|
||||
- return log_error_errno(r, "Failed to remove %s: %m", instance);
|
||||
+ log_action("Would remove", "Removing", "%s directory \"%s\".", instance);
|
||||
+ if (!arg_dry_run) {
|
||||
+ r = RET_NERRNO(rmdir(instance));
|
||||
+ if (r < 0) {
|
||||
+ bool fatal = !IN_SET(r, -ENOENT, -ENOTEMPTY);
|
||||
+ log_full_errno(fatal ? LOG_ERR : LOG_DEBUG, r, "Failed to remove %s: %m", instance);
|
||||
+ if (fatal)
|
||||
+ return r;
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
return 0;
|
||||
}
|
@ -1,68 +0,0 @@
|
||||
From e76015738942246db70f444b3567afd1b132f824 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Tue, 18 Jun 2024 09:55:20 +0200
|
||||
Subject: [PATCH] tmpfiles: insist on at least one configuration file being
|
||||
specified on --purge
|
||||
|
||||
Also, extend the man page explanation substantially, matching more
|
||||
closely what --create says.
|
||||
|
||||
Fixes: #33349
|
||||
(cherry picked from commit 41064a3c97c9a53c97bbe8a1de799a82c4374a2d)
|
||||
---
|
||||
man/systemd-tmpfiles.xml | 26 ++++++++++++++++++++------
|
||||
src/tmpfiles/tmpfiles.c | 4 ++++
|
||||
2 files changed, 24 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml
|
||||
index 9767aead85..2a494b9c5c 100644
|
||||
--- a/man/systemd-tmpfiles.xml
|
||||
+++ b/man/systemd-tmpfiles.xml
|
||||
@@ -151,12 +151,26 @@
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--purge</option></term>
|
||||
- <listitem><para>If this option is passed, all files and directories created by a
|
||||
- <filename>tmpfiles.d/</filename> entry will be deleted. Keep in mind that by default,
|
||||
- <filename>/home</filename> is created by <command>systemd-tmpfiles</command>
|
||||
- (see <filename>/usr/lib/tmpfiles.d/home.conf</filename>). Therefore it is recommended
|
||||
- to first run <command>systemd-tmpfiles --dry-run --purge</command> to be certain which files
|
||||
- and directories will be deleted.</para>
|
||||
+
|
||||
+ <listitem><para>If this option is passed, all files and directories marked for
|
||||
+ <emphasis>creation</emphasis> by the <filename>tmpfiles.d/</filename> files specified on the command
|
||||
+ line will be <emphasis>deleted</emphasis>. Specifically, this acts on all files and directories
|
||||
+ marked with <varname>f</varname>, <varname>F</varname>, <varname>d</varname>, <varname>D</varname>,
|
||||
+ <varname>v</varname>, <varname>q</varname>, <varname>Q</varname>, <varname>p</varname>,
|
||||
+ <varname>L</varname>, <varname>c</varname>, <varname>b</varname>, <varname>C</varname>,
|
||||
+ <varname>w</varname>, <varname>e</varname>. If this switch is used at least one
|
||||
+ <filename>tmpfiles.d/</filename> file (or <filename>-</filename> for standard input) must be
|
||||
+ specified on the command line or the invocation will be refused, for safety reasons (as otherwise
|
||||
+ much of the installed system files might be removed).</para>
|
||||
+
|
||||
+ <para>The primary usecase for this option is to automatically remove files and directories that
|
||||
+ originally have been created on behalf of an installed packaged at package removal time.</para>
|
||||
+
|
||||
+ <para>It is recommended to first run this command in combination with <option>--dry-run</option>
|
||||
+ (see below) to verify which files and directories will be deleted.</para>
|
||||
+
|
||||
+ <para><emphasis>Warning!</emphasis> This is is usually not the command you want! In most cases
|
||||
+ <option>--remove</option> is what you are looking for.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||
</varlistentry>
|
||||
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
|
||||
index 283be21d16..1704197207 100644
|
||||
--- a/src/tmpfiles/tmpfiles.c
|
||||
+++ b/src/tmpfiles/tmpfiles.c
|
||||
@@ -4344,6 +4344,10 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
"You need to specify at least one of --clean, --create, --remove, or --purge.");
|
||||
|
||||
+ if (FLAGS_SET(arg_operation, OPERATION_PURGE) && optind >= argc)
|
||||
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
+ "Refusing --purge without specification of a configuration file.");
|
||||
+
|
||||
if (arg_replace && arg_cat_flags != CAT_CONFIG_OFF)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
"Option --replace= is not supported with --cat-config/--tldr.");
|
@ -1,37 +0,0 @@
|
||||
From 08b8237303efdf072a0f61615b7f1633eafc8e0a Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Tue, 18 Jun 2024 09:56:15 +0200
|
||||
Subject: [PATCH] tmpfiles: move --purge to command section in --help text
|
||||
where it belongs
|
||||
|
||||
Also, make contrast between --remove and --purge clearer: one deletes
|
||||
files marked for deletion, the other deletes files marked for creation.
|
||||
|
||||
(cherry picked from commit 69d76823ce6e9c307184946ed55b207eb728e625)
|
||||
---
|
||||
src/tmpfiles/tmpfiles.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
|
||||
index 1704197207..8cc8c1ccd6 100644
|
||||
--- a/src/tmpfiles/tmpfiles.c
|
||||
+++ b/src/tmpfiles/tmpfiles.c
|
||||
@@ -4148,7 +4148,9 @@ static int help(void) {
|
||||
"\n%3$sCommands:%4$s\n"
|
||||
" --create Create files and directories\n"
|
||||
" --clean Clean up files and directories\n"
|
||||
- " --remove Remove files and directories\n"
|
||||
+ " --remove Remove files and directories marked for removal\n"
|
||||
+ " --purge Delete files and directories marked for creation in\n"
|
||||
+ " specified configuration files (careful!)\n"
|
||||
" -h --help Show this help\n"
|
||||
" --version Show package version\n"
|
||||
"\n%3$sOptions:%4$s\n"
|
||||
@@ -4157,7 +4159,6 @@ static int help(void) {
|
||||
" --tldr Show non-comment parts of configuration\n"
|
||||
" --boot Execute actions only safe at boot\n"
|
||||
" --graceful Quietly ignore unknown users or groups\n"
|
||||
- " --purge Delete all files owned by the configuration files\n"
|
||||
" --prefix=PATH Only apply rules with the specified prefix\n"
|
||||
" --exclude-prefix=PATH Ignore rules with the specified prefix\n"
|
||||
" -E Ignore rules prefixed with /dev, /proc, /run, /sys\n"
|
@ -1,37 +0,0 @@
|
||||
From 7b18adadde58798a895366105c6c1517231029d9 Mon Sep 17 00:00:00 2001
|
||||
From: Luca Boccassi <bluca@debian.org>
|
||||
Date: Tue, 18 Jun 2024 13:35:32 +0100
|
||||
Subject: [PATCH] mkosi: restrict noble-backports to noble builds
|
||||
|
||||
Follow-up for c01cb8cbff8512b65b7903b55f78c8d12661b8d7
|
||||
|
||||
(cherry picked from commit f97b243edfcae211aade6ceb2fd89ae9d9209fac)
|
||||
---
|
||||
.../system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf | 1 +
|
||||
mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf | 1 +
|
||||
2 files changed, 2 insertions(+)
|
||||
|
||||
diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf
|
||||
index 0ec4807822..582f038b5f 100644
|
||||
--- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf
|
||||
+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf
|
||||
@@ -4,6 +4,7 @@
|
||||
[Match]
|
||||
Architecture=!x86-64
|
||||
Architecture=!x86
|
||||
+Release=noble
|
||||
|
||||
[Distribution]
|
||||
PackageManagerTrees=noble-backports-ports.sources:/etc/apt/sources.list.d/noble-backports-ports.sources
|
||||
diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf
|
||||
index c08eeac337..7347be9069 100644
|
||||
--- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf
|
||||
+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf
|
||||
@@ -4,6 +4,7 @@
|
||||
[Match]
|
||||
Architecture=|x86-64
|
||||
Architecture=|x86
|
||||
+Release=noble
|
||||
|
||||
[Distribution]
|
||||
PackageManagerTrees=noble-backports.sources:/etc/apt/sources.list.d/noble-backports.sources
|
@ -1,22 +0,0 @@
|
||||
From f8f669fd69bf15f386308ef8f4cbbbd5a7ad69cd Mon Sep 17 00:00:00 2001
|
||||
From: Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
|
||||
Date: Tue, 18 Jun 2024 14:07:50 +0200
|
||||
Subject: [PATCH] repart: fix memory leak
|
||||
|
||||
(cherry picked from commit a81f5ffd40081441dafc678fe83d185436dde35a)
|
||||
---
|
||||
src/partition/repart.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/partition/repart.c b/src/partition/repart.c
|
||||
index 78cf60f724..8f64520ee7 100644
|
||||
--- a/src/partition/repart.c
|
||||
+++ b/src/partition/repart.c
|
||||
@@ -187,6 +187,7 @@ STATIC_DESTRUCTOR_REGISTER(arg_tpm2_hash_pcr_values, freep);
|
||||
STATIC_DESTRUCTOR_REGISTER(arg_tpm2_public_key, freep);
|
||||
STATIC_DESTRUCTOR_REGISTER(arg_tpm2_pcrlock, freep);
|
||||
STATIC_DESTRUCTOR_REGISTER(arg_filter_partitions, freep);
|
||||
+STATIC_DESTRUCTOR_REGISTER(arg_defer_partitions, freep);
|
||||
STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep);
|
||||
STATIC_DESTRUCTOR_REGISTER(arg_copy_from, strv_freep);
|
||||
STATIC_DESTRUCTOR_REGISTER(arg_copy_source, freep);
|
@ -1,42 +0,0 @@
|
||||
From 34ba18b0124407403690738b46fbd6236fe65c92 Mon Sep 17 00:00:00 2001
|
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||
Date: Tue, 18 Jun 2024 17:55:31 +0900
|
||||
Subject: [PATCH] logs-show: do not use _SOURCE_MONOTONIC_TIMESTAMP field
|
||||
|
||||
The timestamp is not in CLOCK_MONOTONIC, but CLOCK_BOOTTIME,
|
||||
while header monotonic timestamp is in CLOCK_MONOTONIC. Hence, we cannot
|
||||
adjust timestamp by comparing with header monotonic timestamp and
|
||||
_SOURCE_MONOTONIC_TIMESTAMP field.
|
||||
|
||||
Fixes a regression caused by affde1d7e79a634ee6053dbd4a57b3b51b74c170.
|
||||
Fixes #33293.
|
||||
|
||||
(cherry picked from commit 144498e7e6efe2d90981cb14e3ed462a70a955c6)
|
||||
---
|
||||
src/shared/logs-show.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c
|
||||
index c71c868889..153a4110ce 100644
|
||||
--- a/src/shared/logs-show.c
|
||||
+++ b/src/shared/logs-show.c
|
||||
@@ -450,6 +450,9 @@ static void parse_display_realtime(
|
||||
assert(j);
|
||||
assert(ret);
|
||||
|
||||
+ // FIXME: _SOURCE_MONOTONIC_TIMESTAMP is in CLOCK_BOOTTIME, hence we cannot use it for adjusting realtime.
|
||||
+ source_monotonic = NULL;
|
||||
+
|
||||
/* First, try _SOURCE_REALTIME_TIMESTAMP. */
|
||||
if (source_realtime && safe_atou64(source_realtime, &t) >= 0 && VALID_REALTIME(t)) {
|
||||
*ret = t;
|
||||
@@ -488,6 +491,9 @@ static void parse_display_timestamp(
|
||||
assert(ret_display_ts);
|
||||
assert(ret_boot_id);
|
||||
|
||||
+ // FIXME: _SOURCE_MONOTONIC_TIMESTAMP is in CLOCK_BOOTTIME, hence we cannot use it for adjusting realtime.
|
||||
+ source_monotonic = NULL;
|
||||
+
|
||||
if (source_realtime && safe_atou64(source_realtime, &t) >= 0 && VALID_REALTIME(t))
|
||||
source_ts.realtime = t;
|
||||
|
@ -1,98 +0,0 @@
|
||||
From 67ff61b054e8d4d4d3923c3b81586b2d4e286d6b Mon Sep 17 00:00:00 2001
|
||||
From: Jan Macku <jamacku@redhat.com>
|
||||
Date: Thu, 16 May 2024 14:24:38 +0200
|
||||
Subject: [PATCH] ci: update workflows to run on source-git setup
|
||||
|
||||
rhel-only: ci
|
||||
|
||||
Related: RHEL-36636
|
||||
---
|
||||
.github/workflows/cflite_pr.yml | 3 ---
|
||||
.github/workflows/codeql.yml | 6 ------
|
||||
.github/workflows/differential-shellcheck.yml | 4 ----
|
||||
.github/workflows/linter.yml | 3 ---
|
||||
.github/workflows/unit_tests.yml | 3 ---
|
||||
5 files changed, 19 deletions(-)
|
||||
|
||||
diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml
|
||||
index f0d321794a..87dcd3c478 100644
|
||||
--- a/.github/workflows/cflite_pr.yml
|
||||
+++ b/.github/workflows/cflite_pr.yml
|
||||
@@ -5,9 +5,6 @@
|
||||
name: ClusterFuzzLite PR fuzzing
|
||||
on:
|
||||
pull_request:
|
||||
- branches:
|
||||
- - main
|
||||
- - v[0-9]+-stable
|
||||
|
||||
permissions: read-all
|
||||
|
||||
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
|
||||
index 0d284f75f1..daf34486d2 100644
|
||||
--- a/.github/workflows/codeql.yml
|
||||
+++ b/.github/workflows/codeql.yml
|
||||
@@ -6,9 +6,6 @@ name: "CodeQL"
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
- branches:
|
||||
- - main
|
||||
- - v[0-9]+-stable
|
||||
paths:
|
||||
- '**/meson.build'
|
||||
- '.github/**/codeql*'
|
||||
@@ -16,9 +13,6 @@ on:
|
||||
- 'test/**'
|
||||
- 'tools/**'
|
||||
push:
|
||||
- branches:
|
||||
- - main
|
||||
- - v[0-9]+-stable
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml
|
||||
index 244f5d503b..403b5cfc58 100644
|
||||
--- a/.github/workflows/differential-shellcheck.yml
|
||||
+++ b/.github/workflows/differential-shellcheck.yml
|
||||
@@ -4,11 +4,7 @@
|
||||
name: Differential ShellCheck
|
||||
on:
|
||||
push:
|
||||
- branches:
|
||||
- - main
|
||||
pull_request:
|
||||
- branches:
|
||||
- - main
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
|
||||
index cf0bc09453..e7fb70f2f5 100644
|
||||
--- a/.github/workflows/linter.yml
|
||||
+++ b/.github/workflows/linter.yml
|
||||
@@ -6,9 +6,6 @@ name: Lint Code Base
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
- branches:
|
||||
- - main
|
||||
- - v[0-9]+-stable
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
|
||||
index 895068c2a2..bf6c820092 100644
|
||||
--- a/.github/workflows/unit_tests.yml
|
||||
+++ b/.github/workflows/unit_tests.yml
|
||||
@@ -5,9 +5,6 @@
|
||||
name: Unit tests
|
||||
on:
|
||||
pull_request:
|
||||
- branches:
|
||||
- - main
|
||||
- - v[0-9]+-stable
|
||||
|
||||
permissions:
|
||||
contents: read
|
@ -1,282 +0,0 @@
|
||||
From 67b16d23396d9837f878850e890f90228d59d49e Mon Sep 17 00:00:00 2001
|
||||
From: Jan Macku <jamacku@redhat.com>
|
||||
Date: Thu, 16 May 2024 14:36:04 +0200
|
||||
Subject: [PATCH] ci: setup source-git automation
|
||||
|
||||
rhel-only: ci
|
||||
|
||||
Related: RHEL-36636
|
||||
---
|
||||
.github/advanced-commit-linter.yml | 17 +++++
|
||||
.github/auto-merge.yml | 4 ++
|
||||
.github/pull-request-validator.yml | 4 ++
|
||||
.github/regression-sniffer.yml | 1 +
|
||||
.github/tracker-validator.yml | 31 ++++++++
|
||||
.github/workflows/gather-pr-metadata.yml | 12 ++--
|
||||
.../source-git-automation-on-demand.yml | 72 +++++++++++++++++++
|
||||
.github/workflows/source-git-automation.yml | 45 ++++++++++++
|
||||
8 files changed, 179 insertions(+), 7 deletions(-)
|
||||
create mode 100644 .github/advanced-commit-linter.yml
|
||||
create mode 100644 .github/auto-merge.yml
|
||||
create mode 100644 .github/pull-request-validator.yml
|
||||
create mode 100644 .github/regression-sniffer.yml
|
||||
create mode 100644 .github/tracker-validator.yml
|
||||
create mode 100644 .github/workflows/source-git-automation-on-demand.yml
|
||||
create mode 100644 .github/workflows/source-git-automation.yml
|
||||
|
||||
diff --git a/.github/advanced-commit-linter.yml b/.github/advanced-commit-linter.yml
|
||||
new file mode 100644
|
||||
index 0000000000..3609fe4612
|
||||
--- /dev/null
|
||||
+++ b/.github/advanced-commit-linter.yml
|
||||
@@ -0,0 +1,17 @@
|
||||
+policy:
|
||||
+ cherry-pick:
|
||||
+ upstream:
|
||||
+ - github: systemd/systemd
|
||||
+ exception:
|
||||
+ note:
|
||||
+ - rhel-only
|
||||
+ - RHEL-only
|
||||
+ tracker:
|
||||
+ - keyword:
|
||||
+ - 'Resolves: '
|
||||
+ - 'Related: '
|
||||
+ - 'Reverts: '
|
||||
+ type: jira
|
||||
+ issue-format:
|
||||
+ - 'RHEL-\d+$'
|
||||
+ url: 'https://issues.redhat.com/browse/'
|
||||
diff --git a/.github/auto-merge.yml b/.github/auto-merge.yml
|
||||
new file mode 100644
|
||||
index 0000000000..35c2539295
|
||||
--- /dev/null
|
||||
+++ b/.github/auto-merge.yml
|
||||
@@ -0,0 +1,4 @@
|
||||
+labels:
|
||||
+ dont-merge: dont-merge
|
||||
+ manual-merge: pr/needs-manual-merge
|
||||
+target-branch': ['main']
|
||||
diff --git a/.github/pull-request-validator.yml b/.github/pull-request-validator.yml
|
||||
new file mode 100644
|
||||
index 0000000000..4bb5bbec12
|
||||
--- /dev/null
|
||||
+++ b/.github/pull-request-validator.yml
|
||||
@@ -0,0 +1,4 @@
|
||||
+labels:
|
||||
+ missing-review: pr/needs-review
|
||||
+ changes-requested: pr/changes-requested
|
||||
+ missing-failing-ci: pr/needs-ci
|
||||
diff --git a/.github/regression-sniffer.yml b/.github/regression-sniffer.yml
|
||||
new file mode 100644
|
||||
index 0000000000..3824028e92
|
||||
--- /dev/null
|
||||
+++ b/.github/regression-sniffer.yml
|
||||
@@ -0,0 +1 @@
|
||||
+upstream: systemd/systemd
|
||||
diff --git a/.github/tracker-validator.yml b/.github/tracker-validator.yml
|
||||
new file mode 100644
|
||||
index 0000000000..2e858606ff
|
||||
--- /dev/null
|
||||
+++ b/.github/tracker-validator.yml
|
||||
@@ -0,0 +1,31 @@
|
||||
+labels:
|
||||
+ missing-tracker: tracker/missing
|
||||
+ invalid-product: tracker/invalid-product
|
||||
+ invalid-component: tracker/invalid-component
|
||||
+ unapproved: tracker/unapproved
|
||||
+products:
|
||||
+ - Red Hat Enterprise Linux 10
|
||||
+ - CentOS Stream 10
|
||||
+ - rhel-10.0.beta
|
||||
+ - rhel-10.0
|
||||
+ - rhel-10.0.z
|
||||
+ - rhel-10.1
|
||||
+ - rhel-10.1.z
|
||||
+ - rhel-10.2
|
||||
+ - rhel-10.2.z
|
||||
+ - rhel-10.3
|
||||
+ - rhel-10.3.z
|
||||
+ - rhel-10.4
|
||||
+ - rhel-10.4.z
|
||||
+ - rhel-10.5
|
||||
+ - rhel-10.5.z
|
||||
+ - rhel-10.6
|
||||
+ - rhel-10.6.z
|
||||
+ - rhel-10.7
|
||||
+ - rhel-10.7.z
|
||||
+ - rhel-10.8
|
||||
+ - rhel-10.8.z
|
||||
+ - rhel-10.9
|
||||
+ - rhel-10.9.z
|
||||
+ - rhel-10.10
|
||||
+ - rhel-10.10.z
|
||||
diff --git a/.github/workflows/gather-pr-metadata.yml b/.github/workflows/gather-pr-metadata.yml
|
||||
index e4a0caff03..857689a37b 100644
|
||||
--- a/.github/workflows/gather-pr-metadata.yml
|
||||
+++ b/.github/workflows/gather-pr-metadata.yml
|
||||
@@ -1,18 +1,17 @@
|
||||
---
|
||||
-
|
||||
name: Gather Pull Request Metadata
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
- branches: [ main ]
|
||||
+ types: [ opened, reopened, synchronize ]
|
||||
+ branches: [ main, rhel-10.0.beta, rhel-10.* ]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
gather-metadata:
|
||||
- if: github.repository == 'systemd/systemd'
|
||||
- runs-on: ubuntu-24.04
|
||||
+ runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Repository checkout
|
||||
@@ -20,11 +19,10 @@ jobs:
|
||||
|
||||
- id: metadata
|
||||
name: Gather Pull Request Metadata
|
||||
- uses: redhat-plumbers-in-action/gather-pull-request-metadata@17821d3bc27c1efed339595898c2e622accc5a1b
|
||||
+ uses: redhat-plumbers-in-action/gather-pull-request-metadata@v1
|
||||
|
||||
- name: Upload Pull Request Metadata artifact
|
||||
- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
|
||||
+ uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: Pull Request Metadata
|
||||
path: ${{ steps.metadata.outputs.metadata-file }}
|
||||
- retention-days: 1
|
||||
diff --git a/.github/workflows/source-git-automation-on-demand.yml b/.github/workflows/source-git-automation-on-demand.yml
|
||||
new file mode 100644
|
||||
index 0000000000..af9ea781f6
|
||||
--- /dev/null
|
||||
+++ b/.github/workflows/source-git-automation-on-demand.yml
|
||||
@@ -0,0 +1,72 @@
|
||||
+name: Source git Automation Scheduled/On Demand
|
||||
+on:
|
||||
+ schedule:
|
||||
+ # Workflow runs every 45 minutes
|
||||
+ - cron: '*/45 * * * *'
|
||||
+ workflow_dispatch:
|
||||
+ inputs:
|
||||
+ pr-number:
|
||||
+ description: 'Pull Request number/s ; when not provided, the workflow will run for all open PRs'
|
||||
+ required: true
|
||||
+ default: '0'
|
||||
+
|
||||
+permissions:
|
||||
+ contents: read
|
||||
+
|
||||
+jobs:
|
||||
+ # Get all open PRs
|
||||
+ gather-pull-requests:
|
||||
+ if: github.repository == 'redhat-plumbers/systemd-rhel10'
|
||||
+ runs-on: ubuntu-latest
|
||||
+
|
||||
+ outputs:
|
||||
+ pr-numbers: ${{ steps.get-pr-numbers.outputs.result }}
|
||||
+ pr-numbers-manual: ${{ steps.parse-manual-input.outputs.result }}
|
||||
+
|
||||
+ steps:
|
||||
+ - id: get-pr-numbers
|
||||
+ if: inputs.pr-number == '0'
|
||||
+ name: Get all open PRs
|
||||
+ uses: actions/github-script@v6
|
||||
+ with:
|
||||
+ # !FIXME: this is not working if there is more than 100 PRs opened
|
||||
+ script: |
|
||||
+ const { data: pullRequests } = await github.rest.pulls.list({
|
||||
+ owner: context.repo.owner,
|
||||
+ repo: context.repo.repo,
|
||||
+ state: 'open',
|
||||
+ per_page: 100
|
||||
+ });
|
||||
+ return pullRequests.map(pr => pr.number);
|
||||
+
|
||||
+ - id: parse-manual-input
|
||||
+ if: inputs.pr-number != '0'
|
||||
+ name: Parse manual input
|
||||
+ run: |
|
||||
+ # shellcheck disable=SC2086
|
||||
+ echo "result="[ ${{ inputs.pr-number }} ]"" >> $GITHUB_OUTPUT
|
||||
+ shell: bash
|
||||
+
|
||||
+ validate-pr:
|
||||
+ name: 'Validation of Pull Request #${{ matrix.pr-number }}'
|
||||
+ needs: [ gather-pull-requests ]
|
||||
+ runs-on: ubuntu-latest
|
||||
+
|
||||
+ strategy:
|
||||
+ fail-fast: false
|
||||
+ matrix:
|
||||
+ pr-number: ${{ inputs.pr-number == 0 && fromJSON(needs.gather-pull-requests.outputs.pr-numbers) || fromJSON(needs.gather-pull-requests.outputs.pr-numbers-manual) }}
|
||||
+
|
||||
+ permissions:
|
||||
+ # required for merging PRs
|
||||
+ contents: write
|
||||
+ # required for PR comments and setting labels
|
||||
+ pull-requests: write
|
||||
+
|
||||
+ steps:
|
||||
+ - name: Source-git Automation
|
||||
+ uses: redhat-plumbers-in-action/source-git-automation@v1
|
||||
+ with:
|
||||
+ pr-number: ${{ matrix.pr-number }}
|
||||
+ jira-api-token: ${{ secrets.JIRA_API_TOKEN }}
|
||||
+ token: ${{ secrets.GITHUB_TOKEN }}
|
||||
diff --git a/.github/workflows/source-git-automation.yml b/.github/workflows/source-git-automation.yml
|
||||
new file mode 100644
|
||||
index 0000000000..d58242efa7
|
||||
--- /dev/null
|
||||
+++ b/.github/workflows/source-git-automation.yml
|
||||
@@ -0,0 +1,45 @@
|
||||
+name: Source git Automation
|
||||
+on:
|
||||
+ workflow_run:
|
||||
+ workflows: [ Gather Pull Request Metadata ]
|
||||
+ types:
|
||||
+ - completed
|
||||
+
|
||||
+permissions:
|
||||
+ contents: read
|
||||
+
|
||||
+jobs:
|
||||
+ download-metadata:
|
||||
+ if: >
|
||||
+ github.event.workflow_run.event == 'pull_request' &&
|
||||
+ github.event.workflow_run.conclusion == 'success' &&
|
||||
+ github.repository == 'redhat-plumbers/systemd-rhel10'
|
||||
+ runs-on: ubuntu-latest
|
||||
+
|
||||
+ outputs:
|
||||
+ pr-metadata: ${{ steps.Artifact.outputs.pr-metadata-json }}
|
||||
+
|
||||
+ steps:
|
||||
+ - id: Artifact
|
||||
+ name: Download Artifact
|
||||
+ uses: redhat-plumbers-in-action/download-artifact@v1
|
||||
+ with:
|
||||
+ name: Pull Request Metadata
|
||||
+
|
||||
+ source-git-automation:
|
||||
+ needs: [ download-metadata ]
|
||||
+ runs-on: ubuntu-latest
|
||||
+
|
||||
+ permissions:
|
||||
+ # required for merging PRs
|
||||
+ contents: write
|
||||
+ # required for PR comments and setting labels
|
||||
+ pull-requests: write
|
||||
+
|
||||
+ steps:
|
||||
+ - name: Source-git Automation
|
||||
+ uses: redhat-plumbers-in-action/source-git-automation@v1
|
||||
+ with:
|
||||
+ pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }}
|
||||
+ jira-api-token: ${{ secrets.JIRA_API_TOKEN }}
|
||||
+ token: ${{ secrets.GITHUB_TOKEN }}
|
@ -1,61 +0,0 @@
|
||||
From 970ac707323ce1b50c6f45184df4373d651e669c Mon Sep 17 00:00:00 2001
|
||||
From: Jan Macku <jamacku@redhat.com>
|
||||
Date: Fri, 17 May 2024 13:55:40 +0200
|
||||
Subject: [PATCH] ci: reconfigure Packit for RHEL 10
|
||||
|
||||
rhel-only: ci
|
||||
|
||||
Related: RHEL-36636
|
||||
---
|
||||
.packit.yml | 28 +++++++++-------------------
|
||||
1 file changed, 9 insertions(+), 19 deletions(-)
|
||||
|
||||
diff --git a/.packit.yml b/.packit.yml
|
||||
index 2dcc9e86ca..340c6992ec 100644
|
||||
--- a/.packit.yml
|
||||
+++ b/.packit.yml
|
||||
@@ -24,14 +24,12 @@ actions:
|
||||
- "bash -ec 'git describe --tags --abbrev=0 | cut -b 2-'"
|
||||
|
||||
post-upstream-clone:
|
||||
- # Use the Fedora Rawhide specfile
|
||||
- - "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1"
|
||||
+ # Use the CentOS Stream 10 specfile
|
||||
+ - "git clone -b c10s https://gitlab.com/redhat/centos-stream/rpms/systemd.git .packit_rpm --depth=1"
|
||||
# Drop the "sources" file so rebase-helper doesn't think we're a dist-git
|
||||
- "rm -fv .packit_rpm/sources"
|
||||
- # Drop backported patches from the specfile, but keep the downstream-only ones
|
||||
- # - Patch(0000-0499): backported patches from upstream
|
||||
- # - Patch0500-9999: downstream-only patches
|
||||
- - "sed -ri '/^Patch(0[0-4]?[0-9]{0,2})?\\:.+\\.patch/d' .packit_rpm/systemd.spec"
|
||||
+ # Drop all patches, since they're already included in the tarball
|
||||
+ - "sed -ri '/^Patch[0-9]+:/d' .packit_rpm/systemd.spec"
|
||||
# Build the RPM with --werror. Even though --werror doesn't work in all
|
||||
# cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the
|
||||
# RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]).
|
||||
@@ -45,20 +43,12 @@ actions:
|
||||
# until the change propagates to Rawhide's specfile
|
||||
- "sed -ri '0,/^BuildRequires: .+$/s//&\\nBuildRequires: libarchive-devel\\nRequires: libarchive/' .packit_rpm/systemd.spec"
|
||||
|
||||
+# Available targets can be listed via `copr-cli list-chroots`
|
||||
jobs:
|
||||
- job: copr_build
|
||||
trigger: pull_request
|
||||
targets:
|
||||
- - fedora-rawhide-aarch64
|
||||
- - fedora-rawhide-i386
|
||||
- - fedora-rawhide-ppc64le
|
||||
- - fedora-rawhide-s390x
|
||||
- - fedora-rawhide-x86_64
|
||||
-
|
||||
-- job: tests
|
||||
- trigger: pull_request
|
||||
- fmf_url: https://src.fedoraproject.org/tests/systemd
|
||||
- fmf_ref: main
|
||||
- tmt_plan: ci
|
||||
- targets:
|
||||
- - fedora-rawhide-x86_64
|
||||
+ - centos-stream-10-aarch64
|
||||
+ - centos-stream-10-ppc64le
|
||||
+ - centos-stream-10-s390x
|
||||
+ - centos-stream-10-x86_64
|
@ -1,37 +0,0 @@
|
||||
From 517bf132e5508a2ac140dbea3650e89205dee052 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Macku <jamacku@redhat.com>
|
||||
Date: Fri, 21 Jun 2024 16:15:24 +0200
|
||||
Subject: [PATCH] ci: allow to pass parameters together with rhel-only note
|
||||
|
||||
Supported parameters:
|
||||
|
||||
* feature - for feature related commits (cross-version)
|
||||
* bugfix - for bugfix related commits (cross-version)
|
||||
* doc - for documentation related commits (usually version specific)
|
||||
* workaround - for workaround related commits (usually version specific)
|
||||
* ci - for CI related commits (version specific)
|
||||
* test - for test related commits (version specific)
|
||||
* other - for commits that do not fit into any of the above categories or use just `rhel-only`
|
||||
|
||||
rhel-only: ci
|
||||
|
||||
Related: RHEL-36636
|
||||
---
|
||||
.github/advanced-commit-linter.yml | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/.github/advanced-commit-linter.yml b/.github/advanced-commit-linter.yml
|
||||
index 3609fe4612..3e3e3fe2bf 100644
|
||||
--- a/.github/advanced-commit-linter.yml
|
||||
+++ b/.github/advanced-commit-linter.yml
|
||||
@@ -4,8 +4,8 @@ policy:
|
||||
- github: systemd/systemd
|
||||
exception:
|
||||
note:
|
||||
- - rhel-only
|
||||
- - RHEL-only
|
||||
+ - 'rhel-only: (feature|bugfix|doc|workaround|ci|test|other)'
|
||||
+ - 'RHEL-only: (feature|bugfix|doc|workaround|ci|test|other)'
|
||||
tracker:
|
||||
- keyword:
|
||||
- 'Resolves: '
|
@ -1,59 +0,0 @@
|
||||
From 8ca92aa84573b47bb6ee6a5853ecd08463b97af8 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Tue, 9 Jan 2024 11:28:04 +0100
|
||||
Subject: [PATCH] journal: again create user journals for users with high uids
|
||||
|
||||
This effectively reverts a change in 115d5145a257c1a27330acf9f063b5f4d910ca4d
|
||||
'journald: move uid_for_system_journal() to uid-alloc-range.h', which slipped
|
||||
in an additional check of uid_is_container(uid). The problem is that that change
|
||||
is not backwards-compatible at all and very hard for users to handle.
|
||||
There is no common agreement on mappings of high-range uids. Systemd declares
|
||||
ownership of a large range for container uids in https://systemd.io/UIDS-GIDS/,
|
||||
but this is only a recent change and various sites allocated those ranges
|
||||
in a different way, in particular FreeIPA uses (used?) uids from this range
|
||||
for human users. On big sites with lots of users changing uids is obviously a
|
||||
hard problem. We generally assume that uids cannot be "freed" and/or changed
|
||||
and/or reused safely, so we shouldn't demand the same from others.
|
||||
|
||||
This is somewhat similar to the situation with SYSTEM_ALLOC_UID_MIN /
|
||||
SYSTEM_UID_MAX, which we tried to define to a fixed value in our code, causing
|
||||
huge problems for existing systems with were created with a different
|
||||
definition and couldn't be easily updated. For that case, we added a
|
||||
configuration time switch and we now parse /etc/login.defs to actually use the
|
||||
value that is appropriate for the local system.
|
||||
|
||||
Unfortunately, login.defs doesn't have a concept of container allocation ranges
|
||||
(and we don't have code to parse and use those nonexistent names either), so we
|
||||
can't tell users to adjust logind.defs to work around the changed definition.
|
||||
|
||||
login.defs has SUB_UID_{MIN,MAX}, but those aren't really the same thing,
|
||||
because they are used to define where the add allocations for subuids, which is
|
||||
generally a much smaller range. Maybe we should talk with other folks about
|
||||
the appropriate allocation ranges and define some new settings in login.defs.
|
||||
But this would require discussion and coordination with other projects first.
|
||||
|
||||
Actualy, it seems that this change was needed at all. The code in the container
|
||||
does not log to the outside journal. It talks to its own journald, which does
|
||||
journal splitting using its internal logic based on shifted uids. So let's
|
||||
revert the change to fix user systems.
|
||||
|
||||
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843.
|
||||
|
||||
rhel-only: bugfix
|
||||
|
||||
Related: RHEL-40924
|
||||
---
|
||||
src/basic/uid-classification.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/basic/uid-classification.c b/src/basic/uid-classification.c
|
||||
index e2d2cebc6d..2c8b06c0d3 100644
|
||||
--- a/src/basic/uid-classification.c
|
||||
+++ b/src/basic/uid-classification.c
|
||||
@@ -127,5 +127,5 @@ bool uid_for_system_journal(uid_t uid) {
|
||||
|
||||
/* Returns true if the specified UID shall get its data stored in the system journal. */
|
||||
|
||||
- return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY || uid_is_container(uid);
|
||||
+ return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY;
|
||||
}
|
@ -1,67 +0,0 @@
|
||||
From 6ad266a125eabbf27dfbe64aae9a0d9060c2bd08 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Tue, 18 Jun 2024 20:32:10 +0200
|
||||
Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use
|
||||
|
||||
Follow-up for https://github.com/systemd/systemd/pull/33383.
|
||||
|
||||
rhel-only: bugfix
|
||||
|
||||
Related: RHEL-40924
|
||||
---
|
||||
src/tmpfiles/tmpfiles.c | 17 +++++++++++++++++
|
||||
1 file changed, 17 insertions(+)
|
||||
|
||||
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
|
||||
index 8cc8c1ccd6..14048545db 100644
|
||||
--- a/src/tmpfiles/tmpfiles.c
|
||||
+++ b/src/tmpfiles/tmpfiles.c
|
||||
@@ -4197,6 +4197,7 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
ARG_IMAGE_POLICY,
|
||||
ARG_REPLACE,
|
||||
ARG_DRY_RUN,
|
||||
+ ARG_DESTROY_DATA,
|
||||
ARG_NO_PAGER,
|
||||
};
|
||||
|
||||
@@ -4220,10 +4221,18 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
{ "replace", required_argument, NULL, ARG_REPLACE },
|
||||
{ "dry-run", no_argument, NULL, ARG_DRY_RUN },
|
||||
{ "no-pager", no_argument, NULL, ARG_NO_PAGER },
|
||||
+
|
||||
+ /* This is not documented on purpose.
|
||||
+ * If you think --purge should be allowed without jumping through hoops,
|
||||
+ * consider opening a bug report with the description of the use case.
|
||||
+ */
|
||||
+ { "destroy-data", no_argument, NULL, ARG_DESTROY_DATA },
|
||||
+
|
||||
{}
|
||||
};
|
||||
|
||||
int c, r;
|
||||
+ bool destroy_data = false;
|
||||
|
||||
assert(argc >= 0);
|
||||
assert(argv);
|
||||
@@ -4330,6 +4339,10 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
arg_dry_run = true;
|
||||
break;
|
||||
|
||||
+ case ARG_DESTROY_DATA:
|
||||
+ destroy_data = true;
|
||||
+ break;
|
||||
+
|
||||
case ARG_NO_PAGER:
|
||||
arg_pager_flags |= PAGER_DISABLE;
|
||||
break;
|
||||
@@ -4349,6 +4362,10 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
"Refusing --purge without specification of a configuration file.");
|
||||
|
||||
+ if (FLAGS_SET(arg_operation, OPERATION_PURGE) && !arg_dry_run && !destroy_data)
|
||||
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
+ "Refusing --purge without --destroy-data.");
|
||||
+
|
||||
if (arg_replace && arg_cat_flags != CAT_CONFIG_OFF)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
"Option --replace= is not supported with --cat-config/--tldr.");
|
@ -1,33 +0,0 @@
|
||||
From 79519b922b59c2282223742327cc8d75c7b219d0 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 14 Dec 2022 22:24:53 +0100
|
||||
Subject: [PATCH] fedora: use system-auth in pam systemd-user
|
||||
|
||||
Adjust upstream config to use our shared stack
|
||||
|
||||
rhel-only: feature
|
||||
|
||||
Related: RHEL-40924
|
||||
---
|
||||
src/login/systemd-user.in | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in
|
||||
index 8a3c9e0165..74ef5f2552 100644
|
||||
--- a/src/login/systemd-user.in
|
||||
+++ b/src/login/systemd-user.in
|
||||
@@ -7,7 +7,7 @@
|
||||
-account sufficient pam_systemd_home.so
|
||||
{% endif %}
|
||||
account sufficient pam_unix.so no_pass_expiry
|
||||
-account required pam_permit.so
|
||||
+account include system-auth
|
||||
|
||||
{% if HAVE_SELINUX %}
|
||||
session required pam_selinux.so close
|
||||
@@ -20,4 +20,4 @@ session required pam_namespace.so
|
||||
-session optional pam_systemd_home.so
|
||||
{% endif %}
|
||||
session optional pam_umask.so silent
|
||||
-session optional pam_systemd.so
|
||||
+session include system-auth
|
@ -1,317 +0,0 @@
|
||||
From b91be007c4172b50e5ca570c3c3cd64fecbf377b Mon Sep 17 00:00:00 2001
|
||||
From: Jan Macku <jamacku@redhat.com>
|
||||
Date: Tue, 25 Jun 2024 14:00:45 +0200
|
||||
Subject: [PATCH] net-naming-scheme: start rhel10 naming and include rhel8 and
|
||||
rhel9 ones
|
||||
|
||||
Also add RHEL8,9,10 versions to version-info.xml file
|
||||
|
||||
rhel-only: feature
|
||||
|
||||
Resolves: RHEL-22621
|
||||
---
|
||||
man/systemd.net-naming-scheme.xml | 186 ++++++++++++++++++++++++++++++
|
||||
man/version-info.xml | 33 ++++++
|
||||
src/shared/netif-naming-scheme.c | 17 +++
|
||||
src/shared/netif-naming-scheme.h | 20 ++++
|
||||
4 files changed, 256 insertions(+)
|
||||
|
||||
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
|
||||
index ff811c2bd7..690e3d2c27 100644
|
||||
--- a/man/systemd.net-naming-scheme.xml
|
||||
+++ b/man/systemd.net-naming-scheme.xml
|
||||
@@ -525,7 +525,193 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
+ <varlistentry>
|
||||
+ <term><constant>rhel-10.0</constant></term>
|
||||
+
|
||||
+ <listitem><para>Same as naming scheme <constant>v255</constant>.</para>
|
||||
+
|
||||
+ <xi:include href="version-info.xml" xpointer="rhel-10.0"/>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+ </variablelist>
|
||||
+ <para>By default <constant>rhel-10.0</constant> is used.</para>
|
||||
+
|
||||
+ <refsect2>
|
||||
+ <title>RHEL-9 schemes</title>
|
||||
+ <para>It is also possible to pick a scheme from RHEL-9</para>
|
||||
+ <variablelist>
|
||||
+ <varlistentry>
|
||||
+ <term><constant>rhel-9.0</constant></term>
|
||||
+
|
||||
+ <listitem><para>Since version <constant>v247</constant> we no longer set
|
||||
+ <varname>ID_NET_NAME_SLOT</varname> if we detect that a PCI device associated with a slot is a PCI
|
||||
+ bridge as that would create naming conflict when there are more child devices on that bridge. Now,
|
||||
+ this is relaxed and we will use slot information to generate the name based on it but only if
|
||||
+ the PCI device has multiple functions. This is safe because distinct function number is a part of
|
||||
+ the device name for multifunction devices.</para>
|
||||
+
|
||||
+ <xi:include href="version-info.xml" xpointer="rhel-9.0"/>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term><constant>rhel-9.1</constant></term>
|
||||
+
|
||||
+ <listitem><para>Same as naming scheme <constant>rhel-9.0</constant>.</para>
|
||||
+
|
||||
+ <xi:include href="version-info.xml" xpointer="rhel-9.1"/>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term><constant>rhel-9.2</constant></term>
|
||||
+
|
||||
+ <listitem><para>Same as naming scheme <constant>rhel-9.0</constant>.</para>
|
||||
+
|
||||
+ <xi:include href="version-info.xml" xpointer="rhel-9.2"/>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term><constant>rhel-9.3</constant></term>
|
||||
+
|
||||
+ <listitem><para>Naming was changed for SR-IOV virtual device representors.</para>
|
||||
+
|
||||
+ <para>The <literal>r<replaceable>slot</replaceable></literal> suffix was added to differentiate SR-IOV
|
||||
+ virtual device representors attached to a single physical device interface.</para>
|
||||
+
|
||||
+ <xi:include href="version-info.xml" xpointer="rhel-9.3"/>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term><constant>rhel-9.4</constant></term>
|
||||
+
|
||||
+ <listitem><para>Same as naming scheme <constant>rhel-9.3</constant>.</para>
|
||||
+
|
||||
+ <xi:include href="version-info.xml" xpointer="rhel-9.4"/>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+ </variablelist>
|
||||
+ </refsect2>
|
||||
+
|
||||
+ <refsect2>
|
||||
+ <title>RHEL-8 schemes</title>
|
||||
+ <para>It is also possible to pick a scheme from RHEL-8</para>
|
||||
+ <variablelist>
|
||||
+ <varlistentry>
|
||||
+ <term><constant>rhel-8.0</constant></term>
|
||||
+
|
||||
+ <listitem><para>Same as naming scheme <constant>v239</constant>.</para>
|
||||
+
|
||||
+ <xi:include href="version-info.xml" xpointer="rhel-8.0"/>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term><constant>rhel-8.1</constant></term>
|
||||
+
|
||||
+ <listitem><para>Same as naming scheme <constant>rhel-8.0</constant>.</para>
|
||||
+
|
||||
+ <xi:include href="version-info.xml" xpointer="rhel-8.1"/>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term><constant>rhel-8.2</constant></term>
|
||||
+
|
||||
+ <listitem><para>Same as naming scheme <constant>rhel-8.0</constant>.</para>
|
||||
+
|
||||
+ <xi:include href="version-info.xml" xpointer="rhel-8.2"/>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term><constant>rhel-8.3</constant></term>
|
||||
+
|
||||
+ <listitem><para>Same as naming scheme <constant>rhel-8.0</constant>.</para>
|
||||
+
|
||||
+ <xi:include href="version-info.xml" xpointer="rhel-8.3"/>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term><constant>rhel-8.4</constant></term>
|
||||
+
|
||||
+ <listitem><para>If the PCI slot is assocated with PCI bridge and that has multiple child network
|
||||
+ controllers then all of them might derive the same value of <varname>ID_NET_NAME_SLOT</varname>
|
||||
+ property. That could cause naming conflict if the property is selected as a device name. Now, we detect the
|
||||
+ situation, slot - bridge relation, and we don't produce the <varname>ID_NET_NAME_SLOT</varname> property to
|
||||
+ avoid possible naming conflict.</para>
|
||||
+
|
||||
+ <xi:include href="version-info.xml" xpointer="rhel-8.4"/>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term><constant>rhel-8.5</constant></term>
|
||||
+
|
||||
+ <listitem><para>Same as naming scheme <constant>rhel-8.4</constant>.</para>
|
||||
+
|
||||
+ <xi:include href="version-info.xml" xpointer="rhel-8.5"/>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term><constant>rhel-8.6</constant></term>
|
||||
+
|
||||
+ <listitem><para>Same as naming scheme <constant>rhel-8.4</constant>.</para>
|
||||
+
|
||||
+ <xi:include href="version-info.xml" xpointer="rhel-8.6"/>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term><constant>rhel-8.7</constant></term>
|
||||
+
|
||||
+ <listitem><para>PCI hotplug slot names for the s390 PCI driver are a hexadecimal representation
|
||||
+ of the <filename>function_id</filename> device attribute. This attribute is now used to build the
|
||||
+ <varname>ID_NET_NAME_SLOT</varname>. Before that, all slot names were parsed as decimal
|
||||
+ numbers, which could either result in an incorrect value of the <varname>ID_NET_NAME_SLOT</varname>
|
||||
+ property or none at all.</para>
|
||||
+
|
||||
+ <para>Some firmware and hypervisor implementations report unreasonable high numbers for the onboard
|
||||
+ index. To prevent the generation of bogus onbard interface names, index numbers greater than 16381
|
||||
+ (2^14-1) were ignored. For s390 PCI devices index values up to 65535 (2^16-1) are valid. To account
|
||||
+ for that, the limit is increased to now 65535.</para>
|
||||
+
|
||||
+ <xi:include href="version-info.xml" xpointer="rhel-8.7"/>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term><constant>rhel-8.8</constant></term>
|
||||
+
|
||||
+ <listitem><para>Same as naming scheme <constant>rhel-8.7</constant>.</para>
|
||||
+
|
||||
+ <xi:include href="version-info.xml" xpointer="rhel-8.8"/>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term><constant>rhel-8.9</constant></term>
|
||||
+
|
||||
+ <listitem><para>Same as naming scheme <constant>rhel-8.7</constant>.</para>
|
||||
+
|
||||
+ <xi:include href="version-info.xml" xpointer="rhel-8.9"/>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term><constant>rhel-8.10</constant></term>
|
||||
+
|
||||
+ <listitem><para>Same as naming scheme <constant>rhel-8.7</constant>.</para>
|
||||
+
|
||||
+ <xi:include href="version-info.xml" xpointer="rhel-8.10"/>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
</variablelist>
|
||||
+ </refsect2>
|
||||
|
||||
<para>Note that <constant>latest</constant> may be used to denote the latest scheme known (to this
|
||||
particular version of systemd).</para>
|
||||
diff --git a/man/version-info.xml b/man/version-info.xml
|
||||
index bd210b20d3..274450d408 100644
|
||||
--- a/man/version-info.xml
|
||||
+++ b/man/version-info.xml
|
||||
@@ -81,4 +81,37 @@
|
||||
<para id="v255">Added in version 255.</para>
|
||||
<para id="v256">Added in version 256.</para>
|
||||
<para id="v257">Added in version 257.</para>
|
||||
+ <para id="rhel-8.0">Added in rhel-8.0.</para>
|
||||
+ <para id="rhel-8.1">Added in rhel-8.1.</para>
|
||||
+ <para id="rhel-8.2">Added in rhel-8.2.</para>
|
||||
+ <para id="rhel-8.3">Added in rhel-8.3.</para>
|
||||
+ <para id="rhel-8.4">Added in rhel-8.4.</para>
|
||||
+ <para id="rhel-8.5">Added in rhel-8.5.</para>
|
||||
+ <para id="rhel-8.6">Added in rhel-8.6.</para>
|
||||
+ <para id="rhel-8.7">Added in rhel-8.7.</para>
|
||||
+ <para id="rhel-8.8">Added in rhel-8.8.</para>
|
||||
+ <para id="rhel-8.9">Added in rhel-8.9.</para>
|
||||
+ <para id="rhel-8.10">Added in rhel-8.10.</para>
|
||||
+ <para id="rhel-9.0">Added in rhel-9.0.</para>
|
||||
+ <para id="rhel-9.1">Added in rhel-9.1.</para>
|
||||
+ <para id="rhel-9.2">Added in rhel-9.2.</para>
|
||||
+ <para id="rhel-9.3">Added in rhel-9.3.</para>
|
||||
+ <para id="rhel-9.4">Added in rhel-9.4.</para>
|
||||
+ <para id="rhel-9.5">Added in rhel-9.5.</para>
|
||||
+ <para id="rhel-9.6">Added in rhel-9.6.</para>
|
||||
+ <para id="rhel-9.7">Added in rhel-9.7.</para>
|
||||
+ <para id="rhel-9.8">Added in rhel-9.8.</para>
|
||||
+ <para id="rhel-9.9">Added in rhel-9.9.</para>
|
||||
+ <para id="rhel-9.10">Added in rhel-9.10.</para>
|
||||
+ <para id="rhel-10.0">Added in rhel-10.0.</para>
|
||||
+ <para id="rhel-10.1">Added in rhel-10.1.</para>
|
||||
+ <para id="rhel-10.2">Added in rhel-10.2.</para>
|
||||
+ <para id="rhel-10.3">Added in rhel-10.3.</para>
|
||||
+ <para id="rhel-10.4">Added in rhel-10.4.</para>
|
||||
+ <para id="rhel-10.5">Added in rhel-10.5.</para>
|
||||
+ <para id="rhel-10.6">Added in rhel-10.6.</para>
|
||||
+ <para id="rhel-10.7">Added in rhel-10.7.</para>
|
||||
+ <para id="rhel-10.8">Added in rhel-10.8.</para>
|
||||
+ <para id="rhel-10.9">Added in rhel-10.9.</para>
|
||||
+ <para id="rhel-10.10">Added in rhel-10.10.</para>
|
||||
</refsect1>
|
||||
diff --git a/src/shared/netif-naming-scheme.c b/src/shared/netif-naming-scheme.c
|
||||
index 2955b6e8d5..e4d4c0ba88 100644
|
||||
--- a/src/shared/netif-naming-scheme.c
|
||||
+++ b/src/shared/netif-naming-scheme.c
|
||||
@@ -24,6 +24,23 @@ static const NamingScheme naming_schemes[] = {
|
||||
{ "v253", NAMING_V253 },
|
||||
{ "v254", NAMING_V254 },
|
||||
{ "v255", NAMING_V255 },
|
||||
+ { "rhel-8.0", NAMING_RHEL_8_0 },
|
||||
+ { "rhel-8.1", NAMING_RHEL_8_1 },
|
||||
+ { "rhel-8.2", NAMING_RHEL_8_2 },
|
||||
+ { "rhel-8.3", NAMING_RHEL_8_3 },
|
||||
+ { "rhel-8.4", NAMING_RHEL_8_4 },
|
||||
+ { "rhel-8.5", NAMING_RHEL_8_5 },
|
||||
+ { "rhel-8.6", NAMING_RHEL_8_6 },
|
||||
+ { "rhel-8.7", NAMING_RHEL_8_7 },
|
||||
+ { "rhel-8.8", NAMING_RHEL_8_8 },
|
||||
+ { "rhel-8.9", NAMING_RHEL_8_9 },
|
||||
+ { "rhel-8.10", NAMING_RHEL_8_10 },
|
||||
+ { "rhel-9.0", NAMING_RHEL_9_0 },
|
||||
+ { "rhel-9.1", NAMING_RHEL_9_1 },
|
||||
+ { "rhel-9.2", NAMING_RHEL_9_2 },
|
||||
+ { "rhel-9.3", NAMING_RHEL_9_3 },
|
||||
+ { "rhel-9.4", NAMING_RHEL_9_4 },
|
||||
+ { "rhel-10.0", NAMING_RHEL_10_0 },
|
||||
/* … add more schemes here, as the logic to name devices is updated … */
|
||||
|
||||
EXTRA_NET_NAMING_MAP
|
||||
diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h
|
||||
index 62afdc514a..b0697c141e 100644
|
||||
--- a/src/shared/netif-naming-scheme.h
|
||||
+++ b/src/shared/netif-naming-scheme.h
|
||||
@@ -63,6 +63,26 @@ typedef enum NamingSchemeFlags {
|
||||
* systemd version 255, naming scheme "v255". */
|
||||
NAMING_V255 = NAMING_V254 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT,
|
||||
|
||||
+ NAMING_RHEL_8_0 = NAMING_V239,
|
||||
+ NAMING_RHEL_8_1 = NAMING_V239,
|
||||
+ NAMING_RHEL_8_2 = NAMING_V239,
|
||||
+ NAMING_RHEL_8_3 = NAMING_V239,
|
||||
+ NAMING_RHEL_8_4 = NAMING_V239 | NAMING_BRIDGE_NO_SLOT,
|
||||
+ NAMING_RHEL_8_5 = NAMING_RHEL_8_4,
|
||||
+ NAMING_RHEL_8_6 = NAMING_RHEL_8_4,
|
||||
+ NAMING_RHEL_8_7 = NAMING_RHEL_8_4 | NAMING_SLOT_FUNCTION_ID | NAMING_16BIT_INDEX,
|
||||
+ NAMING_RHEL_8_8 = NAMING_RHEL_8_7,
|
||||
+ NAMING_RHEL_8_9 = NAMING_RHEL_8_7,
|
||||
+ NAMING_RHEL_8_10 = NAMING_RHEL_8_7,
|
||||
+
|
||||
+ NAMING_RHEL_9_0 = NAMING_V250 | NAMING_BRIDGE_MULTIFUNCTION_SLOT,
|
||||
+ NAMING_RHEL_9_1 = NAMING_RHEL_9_0,
|
||||
+ NAMING_RHEL_9_2 = NAMING_RHEL_9_0,
|
||||
+ NAMING_RHEL_9_3 = NAMING_RHEL_9_0 | NAMING_SR_IOV_R,
|
||||
+ NAMING_RHEL_9_4 = NAMING_RHEL_9_3,
|
||||
+
|
||||
+ NAMING_RHEL_10_0 = NAMING_V255,
|
||||
+
|
||||
EXTRA_NET_NAMING_SCHEMES
|
||||
|
||||
_NAMING_SCHEME_FLAGS_INVALID = -EINVAL,
|
@ -1,109 +0,0 @@
|
||||
From ee9a767142ec66b1ca93af9401dc8f723ae59881 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Macku <jamacku@redhat.com>
|
||||
Date: Wed, 12 Jun 2024 14:23:30 +0200
|
||||
Subject: [PATCH] rules: copy 40-redhat.rules from RHEL 9
|
||||
|
||||
Also split rules into 40-redhat-hotplug.rules, 40-redhat-s390.rules and 40-redhat.rules.
|
||||
|
||||
rhel-only: feature
|
||||
|
||||
Resolves: RHEL-40360
|
||||
---
|
||||
rules.d/40-redhat-hotplug.rules | 23 +++++++++++++++++++++++
|
||||
rules.d/40-redhat-s390.rules | 24 ++++++++++++++++++++++++
|
||||
rules.d/40-redhat.rules | 8 ++++++++
|
||||
rules.d/meson.build | 5 ++++-
|
||||
4 files changed, 59 insertions(+), 1 deletion(-)
|
||||
create mode 100644 rules.d/40-redhat-hotplug.rules
|
||||
create mode 100644 rules.d/40-redhat-s390.rules
|
||||
create mode 100644 rules.d/40-redhat.rules
|
||||
|
||||
diff --git a/rules.d/40-redhat-hotplug.rules b/rules.d/40-redhat-hotplug.rules
|
||||
new file mode 100644
|
||||
index 0000000000..5555eeac75
|
||||
--- /dev/null
|
||||
+++ b/rules.d/40-redhat-hotplug.rules
|
||||
@@ -0,0 +1,23 @@
|
||||
+# do not edit this file, it will be overwritten on update
|
||||
+
|
||||
+# CPU hotadd request
|
||||
+SUBSYSTEM!="cpu", GOTO="cpu_online_end"
|
||||
+ACTION!="add", GOTO="cpu_online_end"
|
||||
+CONST{arch}=="ppc64*", GOTO="cpu_online_end"
|
||||
+CONST{arch}=="s390*", ATTR{configure}=="0", GOTO="cpu_online_end"
|
||||
+
|
||||
+TEST=="online", ATTR{online}=="0", ATTR{online}="1"
|
||||
+
|
||||
+LABEL="cpu_online_end"
|
||||
+
|
||||
+# Memory hotadd request
|
||||
+SUBSYSTEM!="memory", GOTO="memory_hotplug_end"
|
||||
+ACTION!="add", GOTO="memory_hotplug_end"
|
||||
+CONST{arch}=="s390*", GOTO="memory_hotplug_end"
|
||||
+CONST{arch}=="ppc64*", GOTO="memory_hotplug_end"
|
||||
+
|
||||
+ENV{.state}="online"
|
||||
+CONST{virt}=="none", ENV{.state}="online_movable"
|
||||
+ATTR{state}=="offline", ATTR{state}="$env{.state}"
|
||||
+
|
||||
+LABEL="memory_hotplug_end"
|
||||
diff --git a/rules.d/40-redhat-s390.rules b/rules.d/40-redhat-s390.rules
|
||||
new file mode 100644
|
||||
index 0000000000..64698b90e8
|
||||
--- /dev/null
|
||||
+++ b/rules.d/40-redhat-s390.rules
|
||||
@@ -0,0 +1,24 @@
|
||||
+# do not edit this file, it will be overwritten on update
|
||||
+
|
||||
+# Rule for prandom character device node permissions
|
||||
+KERNEL=="prandom", MODE="0644"
|
||||
+
|
||||
+# Rules for creating the ID_PATH for SCSI devices based on the CCW bus
|
||||
+# using the form: ccw-<BUS_ID>-zfcp-<WWPN>:<LUN>
|
||||
+#
|
||||
+ACTION=="remove", GOTO="zfcp_scsi_device_end"
|
||||
+
|
||||
+#
|
||||
+# Set environment variable "ID_ZFCP_BUS" to "1" if the devices
|
||||
+# (both disk and partition) are SCSI devices based on FCP devices
|
||||
+#
|
||||
+KERNEL=="sd*", SUBSYSTEMS=="ccw", DRIVERS=="zfcp", ENV{.ID_ZFCP_BUS}="1"
|
||||
+
|
||||
+# For SCSI disks
|
||||
+KERNEL=="sd*[!0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="disk", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}"
|
||||
+
|
||||
+
|
||||
+# For partitions on a SCSI disk
|
||||
+KERNEL=="sd*[0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="partition", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}-part%n"
|
||||
+
|
||||
+LABEL="zfcp_scsi_device_end"
|
||||
diff --git a/rules.d/40-redhat.rules b/rules.d/40-redhat.rules
|
||||
new file mode 100644
|
||||
index 0000000000..975d56fdfd
|
||||
--- /dev/null
|
||||
+++ b/rules.d/40-redhat.rules
|
||||
@@ -0,0 +1,8 @@
|
||||
+# do not edit this file, it will be overwritten on update
|
||||
+
|
||||
+# reload sysctl.conf / sysctl.conf.d settings when the bridge module is loaded
|
||||
+ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge"
|
||||
+
|
||||
+# load SCSI generic (sg) driver
|
||||
+SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg"
|
||||
+SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_target", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg"
|
||||
diff --git a/rules.d/meson.build b/rules.d/meson.build
|
||||
index 3040fae8a4..edf419f449 100644
|
||||
--- a/rules.d/meson.build
|
||||
+++ b/rules.d/meson.build
|
||||
@@ -5,7 +5,10 @@ install_data(
|
||||
install_dir : udevrulesdir)
|
||||
|
||||
rules = [
|
||||
- [files('60-autosuspend.rules',
|
||||
+ [files('40-redhat-hotplug.rules',
|
||||
+ '40-redhat-s390.rules',
|
||||
+ '40-redhat.rules',
|
||||
+ '60-autosuspend.rules',
|
||||
'60-block.rules',
|
||||
'60-cdrom_id.rules',
|
||||
'60-dmi-id.rules',
|
@ -1,43 +0,0 @@
|
||||
From ed416f79aac6c1136f5d20a19cfc20c2709ab314 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Thu, 5 Aug 2021 17:11:47 +0200
|
||||
Subject: [PATCH] tmpfiles: don't create resolv.conf -> stub-resolv.conf
|
||||
symlink
|
||||
|
||||
RHEL-only: bugfix
|
||||
|
||||
Related: RHEL-40924
|
||||
---
|
||||
tmpfiles.d/meson.build | 1 -
|
||||
tmpfiles.d/systemd-resolve.conf | 10 ----------
|
||||
2 files changed, 11 deletions(-)
|
||||
delete mode 100644 tmpfiles.d/systemd-resolve.conf
|
||||
|
||||
diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build
|
||||
index bec24ac7b4..55ce48979d 100644
|
||||
--- a/tmpfiles.d/meson.build
|
||||
+++ b/tmpfiles.d/meson.build
|
||||
@@ -10,7 +10,6 @@ files = [['README', ''],
|
||||
['systemd-nologin.conf', 'HAVE_PAM'],
|
||||
['systemd-nspawn.conf', 'ENABLE_MACHINED'],
|
||||
['systemd-pstore.conf', 'ENABLE_PSTORE'],
|
||||
- ['systemd-resolve.conf', 'ENABLE_RESOLVE'],
|
||||
['systemd-tmp.conf', ''],
|
||||
['tmp.conf', ''],
|
||||
['x11.conf', ''],
|
||||
diff --git a/tmpfiles.d/systemd-resolve.conf b/tmpfiles.d/systemd-resolve.conf
|
||||
deleted file mode 100644
|
||||
index cb1c56d6a6..0000000000
|
||||
--- a/tmpfiles.d/systemd-resolve.conf
|
||||
+++ /dev/null
|
||||
@@ -1,10 +0,0 @@
|
||||
-# This file is part of systemd.
|
||||
-#
|
||||
-# systemd is free software; you can redistribute it and/or modify it
|
||||
-# under the terms of the GNU Lesser General Public License as published by
|
||||
-# the Free Software Foundation; either version 2.1 of the License, or
|
||||
-# (at your option) any later version.
|
||||
-
|
||||
-# See tmpfiles.d(5) for details
|
||||
-
|
||||
-L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf
|
@ -1,25 +0,0 @@
|
||||
From 9a6ef20bab1411570b3af6f6bbdb1a299ea8e73a Mon Sep 17 00:00:00 2001
|
||||
From: David Tardon <dtardon@redhat.com>
|
||||
Date: Thu, 15 Jul 2021 11:15:17 +0200
|
||||
Subject: [PATCH] random-util: increase random seed size to 1024
|
||||
|
||||
RHEL-only: feature
|
||||
|
||||
Related: RHEL-40924
|
||||
---
|
||||
src/basic/random-util.h | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/basic/random-util.h b/src/basic/random-util.h
|
||||
index b1a4d10971..08b1a3599a 100644
|
||||
--- a/src/basic/random-util.h
|
||||
+++ b/src/basic/random-util.h
|
||||
@@ -21,7 +21,7 @@ static inline uint32_t random_u32(void) {
|
||||
}
|
||||
|
||||
/* Some limits on the pool sizes when we deal with the kernel random pool */
|
||||
-#define RANDOM_POOL_SIZE_MIN 32U
|
||||
+#define RANDOM_POOL_SIZE_MIN 1024U
|
||||
#define RANDOM_POOL_SIZE_MAX (10U*1024U*1024U)
|
||||
#define RANDOM_EFI_SEED_SIZE 32U
|
||||
|
@ -1,25 +0,0 @@
|
||||
From 15465a4a302c4379746a21ef7b7fb9a9bfea9297 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Synacek <jsynacek@redhat.com>
|
||||
Date: Thu, 2 May 2019 14:11:54 +0200
|
||||
Subject: [PATCH] journal: don't enable systemd-journald-audit.socket by
|
||||
default
|
||||
|
||||
RHEL-only: feature
|
||||
|
||||
Related: RHEL-40924
|
||||
---
|
||||
presets/90-systemd.preset | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/presets/90-systemd.preset b/presets/90-systemd.preset
|
||||
index da6b9805fd..004ea6fe14 100644
|
||||
--- a/presets/90-systemd.preset
|
||||
+++ b/presets/90-systemd.preset
|
||||
@@ -21,7 +21,6 @@ enable systemd-boot-update.service
|
||||
enable systemd-confext.service
|
||||
enable systemd-homed.service
|
||||
enable systemd-homed-activate.service
|
||||
-enable systemd-journald-audit.socket
|
||||
enable systemd-mountfsd.socket
|
||||
enable systemd-network-generator.service
|
||||
enable systemd-networkd.service
|
@ -1,22 +0,0 @@
|
||||
From b340b4c797599aa444f9dbf07c6ef7ea29021604 Mon Sep 17 00:00:00 2001
|
||||
From: David Tardon <dtardon@redhat.com>
|
||||
Date: Thu, 5 Aug 2021 15:26:13 +0200
|
||||
Subject: [PATCH] journald.conf: don't touch current audit settings
|
||||
|
||||
RHEL-only: policy
|
||||
|
||||
Related: RHEL-40924
|
||||
---
|
||||
src/journal/journald.conf | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/journal/journald.conf b/src/journal/journald.conf
|
||||
index 13cdd6300f..fc307c53c2 100644
|
||||
--- a/src/journal/journald.conf
|
||||
+++ b/src/journal/journald.conf
|
||||
@@ -47,4 +47,4 @@
|
||||
#MaxLevelSocket=debug
|
||||
#LineMax=48K
|
||||
#ReadKMsg=yes
|
||||
-#Audit=yes
|
||||
+Audit=
|
@ -1,59 +0,0 @@
|
||||
From 5725d315940804ba80468e6e3b6ea4653587f109 Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Wed, 1 Aug 2018 13:19:39 +0200
|
||||
Subject: [PATCH] pid1: bump DefaultTasksMax to 80% of the kernel pid.max value
|
||||
|
||||
This should be hopefully high enough even for the very big deployments.
|
||||
|
||||
RHEL-only: feature
|
||||
|
||||
Related: RHEL-40924
|
||||
---
|
||||
man/systemd-system.conf.xml | 4 ++--
|
||||
src/core/manager.c | 2 +-
|
||||
src/core/system.conf.in | 2 +-
|
||||
3 files changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
|
||||
index ae5b61b149..22919842f5 100644
|
||||
--- a/man/systemd-system.conf.xml
|
||||
+++ b/man/systemd-system.conf.xml
|
||||
@@ -520,10 +520,10 @@
|
||||
<listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
|
||||
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for details. This setting applies to all unit types that support resource control settings, with the exception
|
||||
- of slice units. Defaults to 15% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
|
||||
+ of slice units. Defaults to 80% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
|
||||
and root cgroup <varname>pids.max</varname>.
|
||||
Kernel has a default value for <varname>kernel.pid_max=</varname> and an algorithm of counting in case of more than 32 cores.
|
||||
- For example, with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 4915,
|
||||
+ For example, with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 26214,
|
||||
but might be greater in other systems or smaller in OS containers.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v228"/></listitem>
|
||||
diff --git a/src/core/manager.c b/src/core/manager.c
|
||||
index 90e72b0c02..8ddf37fdad 100644
|
||||
--- a/src/core/manager.c
|
||||
+++ b/src/core/manager.c
|
||||
@@ -117,7 +117,7 @@
|
||||
/* How many units and jobs to process of the bus queue before returning to the event loop. */
|
||||
#define MANAGER_BUS_MESSAGE_BUDGET 100U
|
||||
|
||||
-#define DEFAULT_TASKS_MAX ((CGroupTasksMax) { 15U, 100U }) /* 15% */
|
||||
+#define DEFAULT_TASKS_MAX ((CGroupTasksMax) { 80U, 100U }) /* 80% */
|
||||
|
||||
static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
|
||||
static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
|
||||
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
|
||||
index 1c08aa4d22..4fe420c344 100644
|
||||
--- a/src/core/system.conf.in
|
||||
+++ b/src/core/system.conf.in
|
||||
@@ -59,7 +59,7 @@
|
||||
#DefaultIPAccounting=no
|
||||
#DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }}
|
||||
#DefaultTasksAccounting=yes
|
||||
-#DefaultTasksMax=15%
|
||||
+#DefaultTasksMax=80%
|
||||
#DefaultLimitCPU=
|
||||
#DefaultLimitFSIZE=
|
||||
#DefaultLimitDATA=
|
@ -1,53 +0,0 @@
|
||||
From 2b9b38af0bd6f15d316869022ad296f5927f2d2b Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Tue, 21 Sep 2021 15:01:19 +0200
|
||||
Subject: [PATCH] udev/net-setup-link: change the default MACAddressPolicy to
|
||||
"none"
|
||||
|
||||
While stable MAC address for interface types that don't have the
|
||||
address provided by HW could be useful it also breaks LACP based bonds.
|
||||
Let's err on the side of caution and don't change the MAC address from
|
||||
udev.
|
||||
|
||||
RHEL-only: policy
|
||||
|
||||
Related: RHEL-40924
|
||||
---
|
||||
man/systemd.link.xml | 2 +-
|
||||
network/99-default.link | 2 +-
|
||||
test/fuzz/fuzz-link-parser/99-default.link | 2 +-
|
||||
3 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/man/systemd.link.xml b/man/systemd.link.xml
|
||||
index 3991d91881..0002eb3617 100644
|
||||
--- a/man/systemd.link.xml
|
||||
+++ b/man/systemd.link.xml
|
||||
@@ -1386,7 +1386,7 @@ OriginalName=*
|
||||
[Link]
|
||||
NamePolicy=keep kernel database onboard slot path
|
||||
AlternativeNamesPolicy=database onboard slot path
|
||||
-MACAddressPolicy=persistent</programlisting>
|
||||
+MACAddressPolicy=none</programlisting>
|
||||
</example>
|
||||
|
||||
<example>
|
||||
diff --git a/network/99-default.link b/network/99-default.link
|
||||
index 56030b62be..5628dcf845 100644
|
||||
--- a/network/99-default.link
|
||||
+++ b/network/99-default.link
|
||||
@@ -12,4 +12,4 @@ OriginalName=*
|
||||
[Link]
|
||||
NamePolicy=keep kernel database onboard slot path
|
||||
AlternativeNamesPolicy=database onboard slot path
|
||||
-MACAddressPolicy=persistent
|
||||
+MACAddressPolicy=none
|
||||
diff --git a/test/fuzz/fuzz-link-parser/99-default.link b/test/fuzz/fuzz-link-parser/99-default.link
|
||||
index feb5b1fbb0..3d755898b4 100644
|
||||
--- a/test/fuzz/fuzz-link-parser/99-default.link
|
||||
+++ b/test/fuzz/fuzz-link-parser/99-default.link
|
||||
@@ -9,4 +9,4 @@
|
||||
|
||||
[Link]
|
||||
NamePolicy=keep kernel database onboard slot path
|
||||
-MACAddressPolicy=persistent
|
||||
+MACAddressPolicy=none
|
@ -1,40 +0,0 @@
|
||||
From 74151c1fd19cbd73f2a6d1c2f84eac9bb73eac7e Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Tue, 22 Feb 2022 13:24:11 +0100
|
||||
Subject: [PATCH] core: decrease log level of messages about use of
|
||||
KillMode=none
|
||||
|
||||
RHEL-only: bugfix
|
||||
|
||||
Related: RHEL-40924
|
||||
---
|
||||
src/core/load-fragment.c | 2 +-
|
||||
src/core/unit.c | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
|
||||
index 5ae68886af..d4c006eb87 100644
|
||||
--- a/src/core/load-fragment.c
|
||||
+++ b/src/core/load-fragment.c
|
||||
@@ -868,7 +868,7 @@ int config_parse_kill_mode(
|
||||
}
|
||||
|
||||
if (m == KILL_NONE)
|
||||
- log_syntax(unit, LOG_WARNING, filename, line, 0,
|
||||
+ log_syntax(unit, LOG_DEBUG, filename, line, 0,
|
||||
"Unit uses KillMode=none. "
|
||||
"This is unsafe, as it disables systemd's process lifecycle management for the service. "
|
||||
"Please update the service to use a safer KillMode=, such as 'mixed' or 'control-group'. "
|
||||
diff --git a/src/core/unit.c b/src/core/unit.c
|
||||
index 2d40618fcb..0ec5dcaf75 100644
|
||||
--- a/src/core/unit.c
|
||||
+++ b/src/core/unit.c
|
||||
@@ -5867,7 +5867,7 @@ int unit_log_leftover_process_start(const PidRef *pid, int sig, void *userdata)
|
||||
|
||||
/* During start we print a warning */
|
||||
|
||||
- log_unit_warning(userdata,
|
||||
+ log_unit_debug(userdata,
|
||||
"Found left-over process " PID_FMT " (%s) in control group while starting unit. Ignoring.\n"
|
||||
"This usually indicates unclean termination of a previous run, or service implementation deficiencies.",
|
||||
pid->pid, strna(comm));
|
@ -1,180 +0,0 @@
|
||||
From 40527d91d2fb1d987473bb4bcf1c929a85ffe9a0 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 3 Jul 2024 16:51:05 +0200
|
||||
Subject: [PATCH] meson: rename libbasic to libbasic_static
|
||||
|
||||
Our variables for internal libraries are named 'libfoo' for the shared lib
|
||||
variant, and 'libfoo_static' for the static lib variant. The only exception was
|
||||
libbasic, because we didn't have a shared variant for it. But let's rename it
|
||||
for consitency. This makes the build config easier to understand.
|
||||
|
||||
see currently unmerged https://github.com/systemd/systemd/pull/33599
|
||||
|
||||
RHEL-only workaround
|
||||
|
||||
Resolves: RHEL-46020
|
||||
---
|
||||
meson.build | 4 ++--
|
||||
src/basic/meson.build | 2 +-
|
||||
src/libsystemd/meson.build | 2 +-
|
||||
src/partition/meson.build | 2 +-
|
||||
src/shared/meson.build | 2 +-
|
||||
src/shutdown/meson.build | 2 +-
|
||||
src/sysusers/meson.build | 2 +-
|
||||
src/test/meson.build | 8 ++++----
|
||||
src/tmpfiles/meson.build | 2 +-
|
||||
9 files changed, 13 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/meson.build b/meson.build
|
||||
index e42151998b..18115cad5e 100644
|
||||
--- a/meson.build
|
||||
+++ b/meson.build
|
||||
@@ -2078,7 +2078,7 @@ libsystemd = shared_library(
|
||||
# Make sure our library is never deleted from memory, so that our open logging fds don't leak on dlopen/dlclose cycles.
|
||||
'-z', 'nodelete',
|
||||
'-Wl,--version-script=' + libsystemd_sym_path],
|
||||
- link_with : [libbasic],
|
||||
+ link_with : [libbasic_static],
|
||||
link_whole : [libsystemd_static],
|
||||
dependencies : [librt,
|
||||
threads,
|
||||
@@ -2243,7 +2243,7 @@ nss_template = {
|
||||
'link_with' : [
|
||||
libsystemd_static,
|
||||
libshared_static,
|
||||
- libbasic,
|
||||
+ libbasic_static,
|
||||
],
|
||||
'dependencies' : [
|
||||
librt,
|
||||
diff --git a/src/basic/meson.build b/src/basic/meson.build
|
||||
index 9a214575a5..b538775576 100644
|
||||
--- a/src/basic/meson.build
|
||||
+++ b/src/basic/meson.build
|
||||
@@ -274,7 +274,7 @@ filesystem_switch_case_h = custom_target(
|
||||
|
||||
basic_sources += [filesystem_list_h, filesystem_switch_case_h, filesystems_gperf_h]
|
||||
|
||||
-libbasic = static_library(
|
||||
+libbasic_static = static_library(
|
||||
'basic',
|
||||
basic_sources,
|
||||
fundamental_sources,
|
||||
diff --git a/src/libsystemd/meson.build b/src/libsystemd/meson.build
|
||||
index 6d4337d1a7..243549299f 100644
|
||||
--- a/src/libsystemd/meson.build
|
||||
+++ b/src/libsystemd/meson.build
|
||||
@@ -118,7 +118,7 @@ libsystemd_static = static_library(
|
||||
libsystemd_sources,
|
||||
include_directories : libsystemd_includes,
|
||||
c_args : libsystemd_c_args,
|
||||
- link_with : [libbasic],
|
||||
+ link_with : [libbasic_static],
|
||||
dependencies : [threads,
|
||||
librt,
|
||||
userspace],
|
||||
diff --git a/src/partition/meson.build b/src/partition/meson.build
|
||||
index 52e1368116..2cfe43e029 100644
|
||||
--- a/src/partition/meson.build
|
||||
+++ b/src/partition/meson.build
|
||||
@@ -32,7 +32,7 @@ executables += [
|
||||
'sources' : files('repart.c'),
|
||||
'c_args' : '-DSTANDALONE',
|
||||
'link_with' : [
|
||||
- libbasic,
|
||||
+ libbasic_static,
|
||||
libshared_fdisk,
|
||||
libshared_static,
|
||||
libsystemd_static,
|
||||
diff --git a/src/shared/meson.build b/src/shared/meson.build
|
||||
index c5106d87d5..e513c0ec1c 100644
|
||||
--- a/src/shared/meson.build
|
||||
+++ b/src/shared/meson.build
|
||||
@@ -358,7 +358,7 @@ libshared = shared_library(
|
||||
'-Wl,--version-script=' + libshared_sym_path],
|
||||
link_depends : libshared_sym_path,
|
||||
link_whole : [libshared_static,
|
||||
- libbasic,
|
||||
+ libbasic_static,
|
||||
libsystemd_static],
|
||||
dependencies : [libshared_deps,
|
||||
userspace],
|
||||
diff --git a/src/shutdown/meson.build b/src/shutdown/meson.build
|
||||
index 219f9fd308..9bc60f83e5 100644
|
||||
--- a/src/shutdown/meson.build
|
||||
+++ b/src/shutdown/meson.build
|
||||
@@ -20,7 +20,7 @@ executables += [
|
||||
'sources' : systemd_shutdown_sources,
|
||||
'c_args' : '-DSTANDALONE',
|
||||
'link_with' : [
|
||||
- libbasic,
|
||||
+ libbasic_static,
|
||||
libshared_static,
|
||||
libsystemd_static,
|
||||
],
|
||||
diff --git a/src/sysusers/meson.build b/src/sysusers/meson.build
|
||||
index 0f9c067d50..403d82a340 100644
|
||||
--- a/src/sysusers/meson.build
|
||||
+++ b/src/sysusers/meson.build
|
||||
@@ -14,7 +14,7 @@ executables += [
|
||||
'sources' : files('sysusers.c'),
|
||||
'c_args' : '-DSTANDALONE',
|
||||
'link_with' : [
|
||||
- libbasic,
|
||||
+ libbasic_static,
|
||||
libshared_static,
|
||||
libsystemd_static,
|
||||
],
|
||||
diff --git a/src/test/meson.build b/src/test/meson.build
|
||||
index 3abbb94d9f..9d3c7d675f 100644
|
||||
--- a/src/test/meson.build
|
||||
+++ b/src/test/meson.build
|
||||
@@ -274,7 +274,7 @@ executables += [
|
||||
# only static linking apart from libdl, to make sure that the
|
||||
# module is linked to all libraries that it uses.
|
||||
'sources' : files('test-dlopen.c'),
|
||||
- 'link_with' : libbasic,
|
||||
+ 'link_with' : libbasic_static,
|
||||
'dependencies' : libdl,
|
||||
'install' : false,
|
||||
'type' : 'manual',
|
||||
@@ -410,7 +410,7 @@ executables += [
|
||||
},
|
||||
test_template + {
|
||||
'sources' : files('test-sizeof.c'),
|
||||
- 'link_with' : libbasic,
|
||||
+ 'link_with' : libbasic_static,
|
||||
},
|
||||
test_template + {
|
||||
'sources' : files('test-time-util.c'),
|
||||
@@ -590,7 +590,7 @@ executables += [
|
||||
test_template + {
|
||||
'sources' : files('../libsystemd/sd-device/test-sd-device-thread.c'),
|
||||
'link_with' : [
|
||||
- libbasic,
|
||||
+ libbasic_static,
|
||||
libsystemd,
|
||||
],
|
||||
'dependencies' : threads,
|
||||
@@ -598,7 +598,7 @@ executables += [
|
||||
test_template + {
|
||||
'sources' : files('../libudev/test-udev-device-thread.c'),
|
||||
'link_with' : [
|
||||
- libbasic,
|
||||
+ libbasic_static,
|
||||
libudev,
|
||||
],
|
||||
'dependencies' : threads,
|
||||
diff --git a/src/tmpfiles/meson.build b/src/tmpfiles/meson.build
|
||||
index 2e918509a7..09ad839586 100644
|
||||
--- a/src/tmpfiles/meson.build
|
||||
+++ b/src/tmpfiles/meson.build
|
||||
@@ -20,7 +20,7 @@ executables += [
|
||||
'sources' : systemd_tmpfiles_sources,
|
||||
'c_args' : '-DSTANDALONE',
|
||||
'link_with' : [
|
||||
- libbasic,
|
||||
+ libbasic_static,
|
||||
libshared_static,
|
||||
libsystemd_static,
|
||||
],
|
@ -1,63 +0,0 @@
|
||||
From 9eccd6c09f06979003eb2ae1f159defc40213fe0 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 3 Jul 2024 17:03:26 +0200
|
||||
Subject: [PATCH] meson: build libsystemd-core via an intermediate static
|
||||
library
|
||||
|
||||
By itself, this is not useful. I'm making this a separate commit to
|
||||
make debugging easier. It turns out that meson does static libraries
|
||||
using references, so the "static library" a tiny stub stub that refers
|
||||
to the object files on disk and this has negligible cost:
|
||||
$ ls -lhd build/src/core/libsystemd-core-257.{a,so}
|
||||
-rw-r--r-- 1 zbyszek zbyszek 36K Jul 3 16:54 build/src/core/libsystemd-core-257.a
|
||||
-rwxr-xr-x 1 zbyszek zbyszek 6.1M Jul 3 16:54 build/src/core/libsystemd-core-257.so
|
||||
|
||||
see currently unmerged https://github.com/systemd/systemd/pull/33599
|
||||
|
||||
RHEL-only workaround
|
||||
|
||||
Resolves: RHEL-46020
|
||||
---
|
||||
src/core/meson.build | 16 +++++++++++-----
|
||||
1 file changed, 11 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/core/meson.build b/src/core/meson.build
|
||||
index 7a2012a372..1ef31cc529 100644
|
||||
--- a/src/core/meson.build
|
||||
+++ b/src/core/meson.build
|
||||
@@ -110,17 +110,13 @@ load_fragment_gperf_nulstr_c = custom_target(
|
||||
|
||||
libcore_name = 'systemd-core-@0@'.format(shared_lib_tag)
|
||||
|
||||
-libcore = shared_library(
|
||||
+libcore_static = static_library(
|
||||
libcore_name,
|
||||
libcore_sources,
|
||||
load_fragment_gperf_c,
|
||||
load_fragment_gperf_nulstr_c,
|
||||
include_directories : includes,
|
||||
c_args : ['-fvisibility=default'],
|
||||
- link_args : ['-shared',
|
||||
- '-Wl,--version-script=' + libshared_sym_path],
|
||||
- link_depends : libshared_sym_path,
|
||||
- link_with : libshared,
|
||||
dependencies : [libacl,
|
||||
libapparmor,
|
||||
libaudit,
|
||||
@@ -135,6 +131,16 @@ libcore = shared_library(
|
||||
libselinux,
|
||||
threads,
|
||||
userspace],
|
||||
+ build_by_default : false)
|
||||
+
|
||||
+libcore = shared_library(
|
||||
+ libcore_name,
|
||||
+ c_args : ['-fvisibility=default'],
|
||||
+ link_args : ['-shared',
|
||||
+ '-Wl,--version-script=' + libshared_sym_path],
|
||||
+ link_depends : libshared_sym_path,
|
||||
+ link_whole: libcore_static,
|
||||
+ link_with : libshared,
|
||||
install : true,
|
||||
install_dir : pkglibdir)
|
||||
|
@ -1,101 +0,0 @@
|
||||
From f3b375da4cd070788b2b8a21fe678c15cb4babe8 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 3 Jul 2024 17:05:31 +0200
|
||||
Subject: [PATCH] meson: add option to build systemd-executor "statically"
|
||||
|
||||
The new link-executor-shared option is similar to the existing
|
||||
link-udev-shared: when set to false, we link to the static versions of our
|
||||
internal libraries.
|
||||
|
||||
The resulting exuctor binary is fairly large, about as large as libsystemd-core
|
||||
(14 MB without lto, 8 with lto).
|
||||
|
||||
This is intended as a workaround for the fuckup with the pinned executor
|
||||
binary:
|
||||
when an upgrade is performed, the package manager will install new version of
|
||||
the libraries and new version of the code, and some time later reexecute the
|
||||
managers. This creates a window when the pinned executor binary will fail to
|
||||
execute. There are two factors which make the issue easier to hit:
|
||||
|
||||
- when the distribution uses a finely-grained shared-lib-tag. E.g. Fedora
|
||||
uses version-release as the tag, which means that the issue occurs on
|
||||
every package upgrade. This is the right thing to do, because the
|
||||
ABI of our internal libraries is not stable at all, so replacing the
|
||||
library from a different version in place creates a window where our
|
||||
programs may crash or misbehave.
|
||||
|
||||
- when the distribution doesn't immediately reexec all the managers after
|
||||
upgrade. In early versions of systemd, we used to hammer the machine during
|
||||
upgrade, doing daemon-reexecs repeatedly. This works, but is ugly and
|
||||
wasteful. Doing the reexecs while the upgrade is in progres also creates a
|
||||
window where a mix of old and new configs or both is loaded. Users are
|
||||
particularly annoyed by those reloads if there is some issue in the
|
||||
configuration causing us to emit warnings on every reexec. Doing the
|
||||
reexecs once after the new configuration and libraries have been put
|
||||
in place is nicer.
|
||||
|
||||
The pinning of the executor binary breaks upgrades and in particular
|
||||
it penalizes the distributions which make use of the features which
|
||||
were previously added to avoid bugs and inefficiency during upgrades.
|
||||
|
||||
When the executor is linked statically, there is a smaller chance that it'll
|
||||
fail to load libraries. The issue can still occur because other libraries, not
|
||||
our own, are linked dynamically.
|
||||
|
||||
see currently unmerged https://github.com/systemd/systemd/pull/33599
|
||||
|
||||
RHEL-only workaround
|
||||
|
||||
Resolves: RHEL-46020
|
||||
---
|
||||
meson_options.txt | 2 ++
|
||||
src/core/meson.build | 16 ++++++++++++----
|
||||
2 files changed, 14 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/meson_options.txt b/meson_options.txt
|
||||
index d52ca4e4b5..3cce818392 100644
|
||||
--- a/meson_options.txt
|
||||
+++ b/meson_options.txt
|
||||
@@ -21,6 +21,8 @@ option('rootprefix', type : 'string', deprecated: true,
|
||||
description : '''This option is deprecated and will be removed in a future release''')
|
||||
option('link-udev-shared', type : 'boolean',
|
||||
description : 'link systemd-udevd and its helpers to libsystemd-shared.so')
|
||||
+option('link-executor-shared', type : 'boolean',
|
||||
+ description : 'link systemd-executor to libsystemd-shared.so and libsystemd-core.so')
|
||||
option('link-systemctl-shared', type: 'boolean',
|
||||
description : 'link systemctl against libsystemd-shared.so')
|
||||
option('link-networkd-shared', type: 'boolean',
|
||||
diff --git a/src/core/meson.build b/src/core/meson.build
|
||||
index 1ef31cc529..dbeb752977 100644
|
||||
--- a/src/core/meson.build
|
||||
+++ b/src/core/meson.build
|
||||
@@ -156,6 +156,17 @@ systemd_executor_sources = files(
|
||||
'exec-invoke.c',
|
||||
)
|
||||
|
||||
+executor_libs = get_option('link-executor-shared') ? \
|
||||
+ [
|
||||
+ libcore,
|
||||
+ libshared,
|
||||
+ ] : [
|
||||
+ libcore_static,
|
||||
+ libshared_static,
|
||||
+ libbasic_static,
|
||||
+ libsystemd_static,
|
||||
+ ]
|
||||
+
|
||||
executables += [
|
||||
libexec_template + {
|
||||
'name' : 'systemd',
|
||||
@@ -173,10 +184,7 @@ executables += [
|
||||
'public' : true,
|
||||
'sources' : systemd_executor_sources,
|
||||
'include_directories' : core_includes,
|
||||
- 'link_with' : [
|
||||
- libcore,
|
||||
- libshared,
|
||||
- ],
|
||||
+ 'link_with' : executor_libs,
|
||||
'dependencies' : [
|
||||
libapparmor,
|
||||
libpam,
|
@ -1,86 +0,0 @@
|
||||
From 13a07024f674e770844de29cd3d01cb7117f56d9 Mon Sep 17 00:00:00 2001
|
||||
From: Lukas Nykryn <lnykryn@redhat.com>
|
||||
Date: Mon, 8 Jul 2024 14:44:45 +0200
|
||||
Subject: [PATCH] taint: remove unmerged-bin
|
||||
|
||||
In rhel10 we will have separate bin and sbin
|
||||
|
||||
RHEL-only: policy
|
||||
|
||||
Resolves: RHEL-46277
|
||||
---
|
||||
catalog/systemd.catalog.in | 1 -
|
||||
catalog/systemd.pl.catalog.in | 1 -
|
||||
man/org.freedesktop.systemd1.xml | 9 ---------
|
||||
src/core/taint.c | 7 +------
|
||||
4 files changed, 1 insertion(+), 17 deletions(-)
|
||||
|
||||
diff --git a/catalog/systemd.catalog.in b/catalog/systemd.catalog.in
|
||||
index 2831152763..66ffefd1c8 100644
|
||||
--- a/catalog/systemd.catalog.in
|
||||
+++ b/catalog/systemd.catalog.in
|
||||
@@ -560,7 +560,6 @@ Support: %SUPPORT_URL%
|
||||
The following "tags" are possible:
|
||||
- "unmerged-usr" - /bin, /sbin, /lib* are not symlinks to their counterparts
|
||||
under /usr/
|
||||
-- "unmerged-bin" - /usr/sbin is not a symlink to /usr/bin/
|
||||
- "var-run-bad" — /var/run is not a symlink to /run/
|
||||
- "cgroupsv1" - the system is using the deprecated cgroup v1 hierarchy
|
||||
- "local-hwclock" - the local hardware clock (RTC) is configured to be in
|
||||
diff --git a/catalog/systemd.pl.catalog.in b/catalog/systemd.pl.catalog.in
|
||||
index 75039e9fcd..fcba4b500a 100644
|
||||
--- a/catalog/systemd.pl.catalog.in
|
||||
+++ b/catalog/systemd.pl.catalog.in
|
||||
@@ -566,7 +566,6 @@ Support: %SUPPORT_URL%
|
||||
Możliwe są następujące „etykiety”:
|
||||
• „unmerged-usr” — /bin, /sbin, /lib* nie są dowiązaniami symbolicznymi
|
||||
do swoich odpowiedników pod /usr/,
|
||||
-• „unmerged-bin” — /usr/sbin nie jest dowiązaniem symbolicznym do /usr/bin/,
|
||||
• „var-run-bad” — /var/run nie jest dowiązaniem symbolicznym do /run/,
|
||||
• „cgroupsv1” — system używa przestarzałej hierarchii cgroup v1,
|
||||
• „local-hwclock” — lokalny zegar sprzętowy (RTC) jest skonfigurowany
|
||||
diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml
|
||||
index b0b45097e3..f2b5ca39e7 100644
|
||||
--- a/man/org.freedesktop.systemd1.xml
|
||||
+++ b/man/org.freedesktop.systemd1.xml
|
||||
@@ -1666,15 +1666,6 @@ node /org/freedesktop/systemd1 {
|
||||
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
|
||||
</varlistentry>
|
||||
|
||||
- <varlistentry>
|
||||
- <term><literal>unmerged-bin</literal></term>
|
||||
-
|
||||
- <listitem><para><filename>/usr/sbin</filename> is not a symlink to <filename>/usr/bin/</filename>.
|
||||
- </para>
|
||||
-
|
||||
- <xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||
- </varlistentry>
|
||||
-
|
||||
<varlistentry>
|
||||
<term><literal>var-run-bad</literal></term>
|
||||
|
||||
diff --git a/src/core/taint.c b/src/core/taint.c
|
||||
index 969b37f209..4c98312f54 100644
|
||||
--- a/src/core/taint.c
|
||||
+++ b/src/core/taint.c
|
||||
@@ -32,7 +32,7 @@ static int short_uid_gid_range(UIDRangeUsernsMode mode) {
|
||||
}
|
||||
|
||||
char* taint_string(void) {
|
||||
- const char *stage[12] = {};
|
||||
+ const char *stage[11] = {};
|
||||
size_t n = 0;
|
||||
|
||||
/* Returns a "taint string", e.g. "local-hwclock:var-run-bad". Only things that are detected at
|
||||
@@ -44,11 +44,6 @@ char* taint_string(void) {
|
||||
if (readlink_malloc("/bin", &bin) < 0 || !PATH_IN_SET(bin, "usr/bin", "/usr/bin"))
|
||||
stage[n++] = "unmerged-usr";
|
||||
|
||||
- /* Note that the check is different from default_PATH(), as we want to taint on uncanonical symlinks
|
||||
- * too. */
|
||||
- if (readlink_malloc("/usr/sbin", &usr_sbin) < 0 || !PATH_IN_SET(usr_sbin, "bin", "/usr/bin"))
|
||||
- stage[n++] = "unmerged-bin";
|
||||
-
|
||||
if (readlink_malloc("/var/run", &var_run) < 0 || !PATH_IN_SET(var_run, "../run", "/run"))
|
||||
stage[n++] = "var-run-bad";
|
||||
|
@ -1,28 +0,0 @@
|
||||
From c2f507732264038dbef44b7652c8f5dee148e1e2 Mon Sep 17 00:00:00 2001
|
||||
From: Lukas Nykryn <lnykryn@redhat.com>
|
||||
Date: Mon, 8 Jul 2024 13:13:10 +0200
|
||||
Subject: [PATCH] presets: remove resolved
|
||||
|
||||
We noticed that some people are installing systemd* and then
|
||||
have daemons they don't need running. So let's remove resolved
|
||||
from presets so its usage is a bit more deliberate
|
||||
|
||||
RHEL-only: policy
|
||||
|
||||
Resolves: RHEL-46576
|
||||
---
|
||||
presets/90-systemd.preset | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/presets/90-systemd.preset b/presets/90-systemd.preset
|
||||
index 004ea6fe14..676f14f0d3 100644
|
||||
--- a/presets/90-systemd.preset
|
||||
+++ b/presets/90-systemd.preset
|
||||
@@ -27,7 +27,6 @@ enable systemd-networkd.service
|
||||
enable systemd-networkd-wait-online.service
|
||||
enable systemd-nsresourced.socket
|
||||
enable systemd-pstore.service
|
||||
-enable systemd-resolved.service
|
||||
enable systemd-sysext.service
|
||||
enable systemd-timesyncd.service
|
||||
enable systemd-userdbd.socket
|
@ -1,40 +0,0 @@
|
||||
From 5d244e25b994f1db5988cf6de14fff9058a75bc2 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Macku <jamacku@redhat.com>
|
||||
Date: Mon, 15 Jul 2024 14:13:14 +0200
|
||||
Subject: [PATCH] ci: allow `policy` as rhel-only keyword
|
||||
|
||||
rhel-only: ci
|
||||
|
||||
Related: RHEL-40924
|
||||
---
|
||||
.github/advanced-commit-linter.yml | 4 ++--
|
||||
CONTRIBUTING.md | 1 +
|
||||
2 files changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/.github/advanced-commit-linter.yml b/.github/advanced-commit-linter.yml
|
||||
index 3e3e3fe2bf..4a7e6542b4 100644
|
||||
--- a/.github/advanced-commit-linter.yml
|
||||
+++ b/.github/advanced-commit-linter.yml
|
||||
@@ -4,8 +4,8 @@ policy:
|
||||
- github: systemd/systemd
|
||||
exception:
|
||||
note:
|
||||
- - 'rhel-only: (feature|bugfix|doc|workaround|ci|test|other)'
|
||||
- - 'RHEL-only: (feature|bugfix|doc|workaround|ci|test|other)'
|
||||
+ - 'rhel-only: (feature|bugfix|policy|doc|workaround|ci|test|other)'
|
||||
+ - 'RHEL-only: (feature|bugfix|policy|doc|workaround|ci|test|other)'
|
||||
tracker:
|
||||
- keyword:
|
||||
- 'Resolves: '
|
||||
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
|
||||
index 28466facac..c2e3a2d4d0 100644
|
||||
--- a/CONTRIBUTING.md
|
||||
+++ b/CONTRIBUTING.md
|
||||
@@ -37,6 +37,7 @@ If the change isn't upstream relevant or accepted by upstream, mark the commit w
|
||||
|
||||
- `feature` - for feature-related commits (cross-version)
|
||||
- `bugfix` - for bugfix-related commits (cross-version)
|
||||
+- `policy` - for policy-related commits (cross-version)
|
||||
- `doc` - for documentation-related commits (usually version-specific)
|
||||
- `workaround` - for workaround-related commits (usually version-specific)
|
||||
- `ci` - for CI-related commits (version-specific)
|
@ -1,68 +0,0 @@
|
||||
From 1a643a20c5e772fc15a921ed81c7b010fa6bd4a7 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Macku <jamacku@redhat.com>
|
||||
Date: Tue, 16 Jul 2024 10:08:06 +0200
|
||||
Subject: [PATCH] ci: run mkosi test only for Fedora and CentOS Stream
|
||||
|
||||
rhel-only: ci
|
||||
|
||||
Related: RHEL-40924
|
||||
---
|
||||
.github/workflows/mkosi.yml | 24 ++----------------------
|
||||
1 file changed, 2 insertions(+), 22 deletions(-)
|
||||
|
||||
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
|
||||
index 3a8dabd95c..9add22c2ea 100644
|
||||
--- a/.github/workflows/mkosi.yml
|
||||
+++ b/.github/workflows/mkosi.yml
|
||||
@@ -8,7 +8,7 @@ on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
- - v[0-9]+-stable
|
||||
+ - rhel-10.*
|
||||
paths:
|
||||
- '**'
|
||||
- '!README*'
|
||||
@@ -26,7 +26,7 @@ on:
|
||||
pull_request:
|
||||
branches:
|
||||
- main
|
||||
- - v[0-9]+-stable
|
||||
+ - rhel-10.*
|
||||
paths:
|
||||
- '**'
|
||||
- '!README*'
|
||||
@@ -54,21 +54,6 @@ jobs:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
include:
|
||||
- - distro: arch
|
||||
- release: rolling
|
||||
- sanitizers: ""
|
||||
- llvm: 0
|
||||
- cflags: "-O2 -D_FORTIFY_SOURCE=3"
|
||||
- - distro: debian
|
||||
- release: testing
|
||||
- sanitizers: ""
|
||||
- llvm: 0
|
||||
- cflags: "-Og"
|
||||
- - distro: ubuntu
|
||||
- release: noble
|
||||
- sanitizers: ""
|
||||
- llvm: 0
|
||||
- cflags: "-Og"
|
||||
- distro: fedora
|
||||
release: "40"
|
||||
sanitizers: ""
|
||||
@@ -79,11 +64,6 @@ jobs:
|
||||
sanitizers: address,undefined
|
||||
llvm: 1
|
||||
cflags: "-Og"
|
||||
- - distro: opensuse
|
||||
- release: tumbleweed
|
||||
- sanitizers: ""
|
||||
- llvm: 0
|
||||
- cflags: "-Og"
|
||||
- distro: centos
|
||||
release: "9"
|
||||
sanitizers: ""
|
@ -1,27 +0,0 @@
|
||||
From 423af3467e66fd07a3a739b40af97b265bd4e45e Mon Sep 17 00:00:00 2001
|
||||
From: Jan Macku <jamacku@redhat.com>
|
||||
Date: Tue, 16 Jul 2024 10:09:23 +0200
|
||||
Subject: [PATCH] taint: remove unused variable `usr_sbin`
|
||||
|
||||
follow-up to https://github.com/redhat-plumbers/systemd-rhel10/commit/13a07024f674e770844de29cd3d01cb7117f56d9
|
||||
|
||||
rhel-only: policy
|
||||
|
||||
Related: RHEL-40924
|
||||
---
|
||||
src/core/taint.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/core/taint.c b/src/core/taint.c
|
||||
index 4c98312f54..370f0297e3 100644
|
||||
--- a/src/core/taint.c
|
||||
+++ b/src/core/taint.c
|
||||
@@ -39,7 +39,7 @@ char* taint_string(void) {
|
||||
* runtime should be tagged here. For stuff that is known during compilation, emit a warning in the
|
||||
* configuration phase. */
|
||||
|
||||
- _cleanup_free_ char *bin = NULL, *usr_sbin = NULL, *var_run = NULL;
|
||||
+ _cleanup_free_ char *bin = NULL, *var_run = NULL;
|
||||
|
||||
if (readlink_malloc("/bin", &bin) < 0 || !PATH_IN_SET(bin, "usr/bin", "/usr/bin"))
|
||||
stage[n++] = "unmerged-usr";
|
@ -1,28 +0,0 @@
|
||||
From fb422df08369fd10a4d3543697f09a7bd2f4c288 Mon Sep 17 00:00:00 2001
|
||||
From: Frantisek Sumsal <frantisek@sumsal.cz>
|
||||
Date: Wed, 17 Jul 2024 12:19:03 +0200
|
||||
Subject: [PATCH] packit: drop the libarchive workaround
|
||||
|
||||
As it's not needed anymore.
|
||||
|
||||
rhel-only: ci
|
||||
|
||||
Related: RHEL-40924
|
||||
---
|
||||
.packit.yml | 3 ---
|
||||
1 file changed, 3 deletions(-)
|
||||
|
||||
diff --git a/.packit.yml b/.packit.yml
|
||||
index 340c6992ec..03b3aae7d5 100644
|
||||
--- a/.packit.yml
|
||||
+++ b/.packit.yml
|
||||
@@ -39,9 +39,6 @@ actions:
|
||||
- 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec'
|
||||
# Ignore unpackaged standalone binaries
|
||||
- "sed -i 's/assert False,.*/pass/' .packit_rpm/split-files.py"
|
||||
- # Temporarily add libarchive-devel build dep and libarchive runtime dep
|
||||
- # until the change propagates to Rawhide's specfile
|
||||
- - "sed -ri '0,/^BuildRequires: .+$/s//&\\nBuildRequires: libarchive-devel\\nRequires: libarchive/' .packit_rpm/systemd.spec"
|
||||
|
||||
# Available targets can be listed via `copr-cli list-chroots`
|
||||
jobs:
|
@ -1,28 +0,0 @@
|
||||
From 43bf3e1a42e2c1a6ecd0ca6fd72c9bc6fe904703 Mon Sep 17 00:00:00 2001
|
||||
From: Frantisek Sumsal <frantisek@sumsal.cz>
|
||||
Date: Wed, 17 Jul 2024 12:22:55 +0200
|
||||
Subject: [PATCH] packit: drop the dependency on python3-zstd
|
||||
|
||||
Since it's only in the RHEL buildroot repo.
|
||||
|
||||
rhel-only: ci
|
||||
|
||||
Related: RHEL-40924
|
||||
---
|
||||
.packit.yml | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/.packit.yml b/.packit.yml
|
||||
index 03b3aae7d5..48ba210947 100644
|
||||
--- a/.packit.yml
|
||||
+++ b/.packit.yml
|
||||
@@ -39,6 +39,9 @@ actions:
|
||||
- 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec'
|
||||
# Ignore unpackaged standalone binaries
|
||||
- "sed -i 's/assert False,.*/pass/' .packit_rpm/split-files.py"
|
||||
+ # Drop the python3dist(zstd) dependency, as it's only in the RHEL buildroot
|
||||
+ # repo
|
||||
+ - "sed -i '/python3dist(zstd)/d' .packit_rpm/systemd.spec"
|
||||
|
||||
# Available targets can be listed via `copr-cli list-chroots`
|
||||
jobs:
|
@ -1,30 +0,0 @@
|
||||
From 612afd332a5e647faed3c3acba03ca653bace41b Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Fri, 5 Apr 2024 15:56:58 +0200
|
||||
Subject: [PATCH] coredump: by default process and store core files up to 1GiB
|
||||
|
||||
This brings policy inline with RHEL-9.
|
||||
|
||||
rhel-only: policy
|
||||
|
||||
Related: RHEL-46778
|
||||
---
|
||||
src/coredump/coredump.conf | 5 ++---
|
||||
1 file changed, 2 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/coredump/coredump.conf b/src/coredump/coredump.conf
|
||||
index ae341e40d7..3603edb782 100644
|
||||
--- a/src/coredump/coredump.conf
|
||||
+++ b/src/coredump/coredump.conf
|
||||
@@ -19,9 +19,8 @@
|
||||
[Coredump]
|
||||
#Storage=external
|
||||
#Compress=yes
|
||||
-# On 32-bit, the default is 1G instead of 32G.
|
||||
-#ProcessSizeMax=32G
|
||||
-#ExternalSizeMax=32G
|
||||
+ProcessSizeMax=1G
|
||||
+ExternalSizeMax=1G
|
||||
#JournalSizeMax=767M
|
||||
#MaxUse=
|
||||
#KeepFree=
|
@ -1,23 +0,0 @@
|
||||
From 352f8ad0bfdd8a41f6aa34e3e43038ae75eedf73 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Synacek <jsynacek@redhat.com>
|
||||
Date: Tue, 15 May 2018 09:24:20 +0200
|
||||
Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's will
|
||||
|
||||
rhel-only: policy
|
||||
|
||||
Related: RHEL-40924
|
||||
---
|
||||
units/basic.target | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/units/basic.target b/units/basic.target
|
||||
index d8cdd5ac14..9eae0782a2 100644
|
||||
--- a/units/basic.target
|
||||
+++ b/units/basic.target
|
||||
@@ -19,4 +19,5 @@ After=sysinit.target sockets.target paths.target slices.target tmp.mount
|
||||
# require /var and /var/tmp, but only add a Wants= type dependency on /tmp, as
|
||||
# we support that unit being masked, and this should not be considered an error.
|
||||
RequiresMountsFor=/var /var/tmp
|
||||
-Wants=tmp.mount
|
||||
+# RHEL-only: Disable /tmp on tmpfs.
|
||||
+#Wants=tmp.mount
|
@ -1,39 +0,0 @@
|
||||
From e794e570a50392b503549befb65bc8cac0a29869 Mon Sep 17 00:00:00 2001
|
||||
From: Lukas Nykryn <lnykryn@redhat.com>
|
||||
Date: Mon, 5 Sep 2016 12:47:09 +0200
|
||||
Subject: [PATCH] unit: don't add Requires for tmp.mount
|
||||
|
||||
rhel-only: policy
|
||||
|
||||
Related: RHEL-40924
|
||||
---
|
||||
src/core/mount.c | 2 +-
|
||||
src/core/unit.c | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/core/mount.c b/src/core/mount.c
|
||||
index ebafcafa92..9edb2d47eb 100644
|
||||
--- a/src/core/mount.c
|
||||
+++ b/src/core/mount.c
|
||||
@@ -313,7 +313,7 @@ static int mount_add_mount_dependencies(Mount *m) {
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
- if (UNIT(m)->fragment_path) {
|
||||
+ if (UNIT(m)->fragment_path && !streq(UNIT(m)->id, "tmp.mount")) {
|
||||
/* If we have fragment configuration, then make this dependency required/wanted */
|
||||
r = unit_add_dependency(
|
||||
other,
|
||||
diff --git a/src/core/unit.c b/src/core/unit.c
|
||||
index 0ec5dcaf75..a5556ba462 100644
|
||||
--- a/src/core/unit.c
|
||||
+++ b/src/core/unit.c
|
||||
@@ -1544,7 +1544,7 @@ static int unit_add_mount_dependencies(Unit *u) {
|
||||
return r;
|
||||
changed = changed || r > 0;
|
||||
|
||||
- if (m->fragment_path) {
|
||||
+ if (m->fragment_path && !streq(m->id, "tmp.mount")) {
|
||||
r = unit_add_dependency(
|
||||
u,
|
||||
unit_mount_dependency_type_to_dependency_type(t),
|
@ -1,28 +0,0 @@
|
||||
From 571c902adb894bfff481de4591a56a16add2670b Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Wed, 22 Sep 2021 14:38:00 +0200
|
||||
Subject: [PATCH] units: don't enable tmp.mount statically in local-fs.target
|
||||
|
||||
rhel-only: policy
|
||||
|
||||
Related: RHEL-40924
|
||||
---
|
||||
units/meson.build | 5 +----
|
||||
1 file changed, 1 insertion(+), 4 deletions(-)
|
||||
|
||||
diff --git a/units/meson.build b/units/meson.build
|
||||
index b231341a1f..39fa6f42c0 100644
|
||||
--- a/units/meson.build
|
||||
+++ b/units/meson.build
|
||||
@@ -761,10 +761,7 @@ units = [
|
||||
{ 'file' : 'time-set.target' },
|
||||
{ 'file' : 'time-sync.target' },
|
||||
{ 'file' : 'timers.target' },
|
||||
- {
|
||||
- 'file' : 'tmp.mount',
|
||||
- 'symlinks' : ['local-fs.target.wants/'],
|
||||
- },
|
||||
+ { 'file' : 'tmp.mount' },
|
||||
{ 'file' : 'tpm2.target' },
|
||||
{ 'file' : 'umount.target' },
|
||||
{ 'file' : 'usb-gadget.target' },
|
@ -1,64 +0,0 @@
|
||||
From fefc4bc15fe28d8f7def8bd75ada13ede21663cb Mon Sep 17 00:00:00 2001
|
||||
From: Jan Macku <jamacku@redhat.com>
|
||||
Date: Thu, 8 Aug 2024 13:12:58 +0200
|
||||
Subject: [PATCH] netif-naming-scheme: add rhel-9.5 scheme
|
||||
|
||||
rhel-only: policy
|
||||
|
||||
Resolves: RHEL-44416
|
||||
---
|
||||
man/systemd.net-naming-scheme.xml | 15 +++++++++++++++
|
||||
src/shared/netif-naming-scheme.c | 1 +
|
||||
src/shared/netif-naming-scheme.h | 1 +
|
||||
3 files changed, 17 insertions(+)
|
||||
|
||||
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
|
||||
index 690e3d2c27..b2d78c95ab 100644
|
||||
--- a/man/systemd.net-naming-scheme.xml
|
||||
+++ b/man/systemd.net-naming-scheme.xml
|
||||
@@ -592,6 +592,21 @@
|
||||
<xi:include href="version-info.xml" xpointer="rhel-9.4"/>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term><constant>rhel-9.5</constant></term>
|
||||
+
|
||||
+ <listitem><para>Never generate a slot name when a PCI bridge is detected.</para>
|
||||
+
|
||||
+ <para>Since version <constant>"rhel-9.0"</constant>, we have generated slot-based names
|
||||
+ for PCI multifunction devices, because we assumed that it is enough to use function numbers
|
||||
+ to distinguish between devices. However, name conflict can occur if these devices are not
|
||||
+ children of the same PCI bridge, e.g. there are multiple PCI bridges in the same slot.
|
||||
+ </para>
|
||||
+
|
||||
+ <xi:include href="version-info.xml" xpointer="rhel-9.5"/>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
</variablelist>
|
||||
</refsect2>
|
||||
|
||||
diff --git a/src/shared/netif-naming-scheme.c b/src/shared/netif-naming-scheme.c
|
||||
index e4d4c0ba88..149794e926 100644
|
||||
--- a/src/shared/netif-naming-scheme.c
|
||||
+++ b/src/shared/netif-naming-scheme.c
|
||||
@@ -40,6 +40,7 @@ static const NamingScheme naming_schemes[] = {
|
||||
{ "rhel-9.2", NAMING_RHEL_9_2 },
|
||||
{ "rhel-9.3", NAMING_RHEL_9_3 },
|
||||
{ "rhel-9.4", NAMING_RHEL_9_4 },
|
||||
+ { "rhel-9.5", NAMING_RHEL_9_5 },
|
||||
{ "rhel-10.0", NAMING_RHEL_10_0 },
|
||||
/* … add more schemes here, as the logic to name devices is updated … */
|
||||
|
||||
diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h
|
||||
index b0697c141e..a55bb0b1cb 100644
|
||||
--- a/src/shared/netif-naming-scheme.h
|
||||
+++ b/src/shared/netif-naming-scheme.h
|
||||
@@ -80,6 +80,7 @@ typedef enum NamingSchemeFlags {
|
||||
NAMING_RHEL_9_2 = NAMING_RHEL_9_0,
|
||||
NAMING_RHEL_9_3 = NAMING_RHEL_9_0 | NAMING_SR_IOV_R,
|
||||
NAMING_RHEL_9_4 = NAMING_RHEL_9_3,
|
||||
+ NAMING_RHEL_9_5 = NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT,
|
||||
|
||||
NAMING_RHEL_10_0 = NAMING_V255,
|
||||
|
@ -1,197 +0,0 @@
|
||||
From 45fe2e91e4f73c998ff4d29c316cc4fca9d25942 Mon Sep 17 00:00:00 2001
|
||||
From: Etienne Champetier <e.champetier@ateme.com>
|
||||
Date: Tue, 9 Jul 2024 11:53:50 -0400
|
||||
Subject: [PATCH] udev-builtin-net_id: use firmware_node/sun for
|
||||
ID_NET_NAME_SLOT
|
||||
|
||||
pci_get_hotplug_slot() has the following limitations:
|
||||
- if slots are not hotpluggable, they are not in /sys/bus/pci/slots.
|
||||
- the address at /sys/bus/pci/slots/X/addr doesn't contains the function part,
|
||||
so on some system, 2 different slots with different _SUN end up with the same
|
||||
hotplug_slot, leading to naming conflicts.
|
||||
- it tries all parent devices until it finds a slot number, which is incorrect,
|
||||
and what led to NAMING_BRIDGE_MULTIFUNCTION_SLOT being disabled.
|
||||
|
||||
The use of PCI hotplug to find the slot (ACPI _SUN) was introduced in
|
||||
https://github.com/systemd/systemd/commit/0035597a30d120f70df2dd7da3d6128fb8ba6051
|
||||
"udev: net_id - export PCI hotplug slot names" on 2012/11/26.
|
||||
At the same time on the kernel side we got
|
||||
https://github.com/torvalds/linux/commit/bb74ac23b10820d8722c3e1f4add9ef59e703f63
|
||||
"ACPI: create _SUN sysfs file" on 2012/11/16.
|
||||
|
||||
Using PCI hotplug was the only way at the time, but now 12 years later we can use
|
||||
firmware_node/sun sysfs file.
|
||||
Looking at a small selection of server HW, for HPE (Gen10 DL325), the _SUN is attached
|
||||
to the NIC device, whereas for Dell (R640/R6515/R6615) and Cisco (UCSC-C220-M5SX),
|
||||
the _SUN is on the first parent pcieport.
|
||||
|
||||
We still fallback to pci_get_hotplug_slot() to handle the s390 case and
|
||||
maybe some other coner cases (_SUN on grand parent device that is not a
|
||||
bridge ?).
|
||||
|
||||
(cherry picked from commit 0a4ecc54cb9f2d3418b970c51bfadb69c34ae9eb)
|
||||
|
||||
Related: RHEL-44416
|
||||
---
|
||||
man/systemd.net-naming-scheme.xml | 6 ++-
|
||||
src/shared/netif-naming-scheme.h | 5 ++-
|
||||
src/udev/udev-builtin-net_id.c | 72 ++++++++++++++++++++++++++-----
|
||||
3 files changed, 69 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
|
||||
index b2d78c95ab..ea9a9c8d3c 100644
|
||||
--- a/man/systemd.net-naming-scheme.xml
|
||||
+++ b/man/systemd.net-naming-scheme.xml
|
||||
@@ -528,7 +528,7 @@
|
||||
<varlistentry>
|
||||
<term><constant>rhel-10.0</constant></term>
|
||||
|
||||
- <listitem><para>Same as naming scheme <constant>v255</constant>.</para>
|
||||
+ <listitem><para>PCI slot number is now read from <constant>firmware_node/sun</constant> sysfs file</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="rhel-10.0"/>
|
||||
</listitem>
|
||||
@@ -604,6 +604,8 @@
|
||||
children of the same PCI bridge, e.g. there are multiple PCI bridges in the same slot.
|
||||
</para>
|
||||
|
||||
+ <para>PCI slot number is now read from <constant>firmware_node/sun</constant> sysfs file</para>
|
||||
+
|
||||
<xi:include href="version-info.xml" xpointer="rhel-9.5"/>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@@ -798,7 +800,7 @@ ID_NET_NAME_ONBOARD_LABEL=Ethernet Port 1
|
||||
</example>
|
||||
|
||||
<example>
|
||||
- <title>PCI Ethernet card in hotplug slot with firmware index number</title>
|
||||
+ <title>PCI Ethernet card in slot with firmware index number</title>
|
||||
|
||||
<programlisting># /sys/devices/pci0000:00/0000:00:1c.3/0000:05:00.0/net/ens1
|
||||
ID_NET_NAME_MAC=enx000000000466
|
||||
diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h
|
||||
index a55bb0b1cb..229232d452 100644
|
||||
--- a/src/shared/netif-naming-scheme.h
|
||||
+++ b/src/shared/netif-naming-scheme.h
|
||||
@@ -43,6 +43,7 @@ typedef enum NamingSchemeFlags {
|
||||
NAMING_DEVICETREE_ALIASES = 1 << 15, /* Generate names from devicetree aliases */
|
||||
NAMING_USB_HOST = 1 << 16, /* Generate names for usb host */
|
||||
NAMING_SR_IOV_R = 1 << 17, /* Use "r" suffix for SR-IOV VF representors */
|
||||
+ NAMING_FIRMWARE_NODE_SUN = 1 << 18, /* Use firmware_node/sun to get PCI slot number */
|
||||
|
||||
/* And now the masks that combine the features above */
|
||||
NAMING_V238 = 0,
|
||||
@@ -80,9 +81,9 @@ typedef enum NamingSchemeFlags {
|
||||
NAMING_RHEL_9_2 = NAMING_RHEL_9_0,
|
||||
NAMING_RHEL_9_3 = NAMING_RHEL_9_0 | NAMING_SR_IOV_R,
|
||||
NAMING_RHEL_9_4 = NAMING_RHEL_9_3,
|
||||
- NAMING_RHEL_9_5 = NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT,
|
||||
+ NAMING_RHEL_9_5 = (NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT) | NAMING_FIRMWARE_NODE_SUN,
|
||||
|
||||
- NAMING_RHEL_10_0 = NAMING_V255,
|
||||
+ NAMING_RHEL_10_0 = NAMING_V255 | NAMING_FIRMWARE_NODE_SUN,
|
||||
|
||||
EXTRA_NET_NAMING_SCHEMES
|
||||
|
||||
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
|
||||
index 384a1f31cb..d34357fdb2 100644
|
||||
--- a/src/udev/udev-builtin-net_id.c
|
||||
+++ b/src/udev/udev-builtin-net_id.c
|
||||
@@ -566,6 +566,51 @@ static int pci_get_hotplug_slot(sd_device *dev, uint32_t *ret) {
|
||||
return -ENOENT;
|
||||
}
|
||||
|
||||
+static int get_device_firmware_node_sun(sd_device *dev, uint32_t *ret) {
|
||||
+ const char *attr;
|
||||
+ int r;
|
||||
+
|
||||
+ assert(dev);
|
||||
+ assert(ret);
|
||||
+
|
||||
+ r = device_get_sysattr_value_filtered(dev, "firmware_node/sun", &attr);
|
||||
+ if (r < 0)
|
||||
+ return log_device_debug_errno(dev, r, "Failed to read firmware_node/sun, ignoring: %m");
|
||||
+
|
||||
+ r = safe_atou32(attr, ret);
|
||||
+ if (r < 0)
|
||||
+ return log_device_warning_errno(dev, r, "Failed to parse firmware_node/sun '%s', ignoring: %m", attr);
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static int pci_get_slot_from_firmware_node_sun(sd_device *dev, uint32_t *ret) {
|
||||
+ int r;
|
||||
+ sd_device *slot_dev;
|
||||
+
|
||||
+ assert(dev);
|
||||
+ assert(ret);
|
||||
+
|
||||
+ /* Try getting the ACPI _SUN for the device */
|
||||
+ if (get_device_firmware_node_sun(dev, ret) >= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ r = sd_device_get_parent_with_subsystem_devtype(dev, "pci", NULL, &slot_dev);
|
||||
+ if (r < 0)
|
||||
+ return log_device_debug_errno(dev, r, "Failed to find pci parent, ignoring: %m");
|
||||
+
|
||||
+ if (is_pci_bridge(slot_dev) && is_pci_multifunction(dev) <= 0)
|
||||
+ return log_device_debug_errno(dev, SYNTHETIC_ERRNO(ESTALE),
|
||||
+ "Not using slot information because the parent pcieport "
|
||||
+ "is a bridge and the PCI device is not multifunction.");
|
||||
+
|
||||
+ /* Try getting the ACPI _SUN from the parent pcieport */
|
||||
+ if (get_device_firmware_node_sun(slot_dev, ret) >= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ return -ENOENT;
|
||||
+}
|
||||
+
|
||||
static int get_pci_slot_specifiers(
|
||||
sd_device *dev,
|
||||
char **ret_domain,
|
||||
@@ -616,7 +661,7 @@ static int get_pci_slot_specifiers(
|
||||
|
||||
static int names_pci_slot(sd_device *dev, sd_device *pci_dev, const char *prefix, const char *suffix, EventMode mode) {
|
||||
_cleanup_free_ char *domain = NULL, *bus_and_slot = NULL, *func = NULL, *port = NULL;
|
||||
- uint32_t hotplug_slot = 0; /* avoid false maybe-uninitialized warning */
|
||||
+ uint32_t slot = 0; /* avoid false maybe-uninitialized warning */
|
||||
char str[ALTIFNAMSIZ];
|
||||
int r;
|
||||
|
||||
@@ -641,20 +686,27 @@ static int names_pci_slot(sd_device *dev, sd_device *pci_dev, const char *prefix
|
||||
strna(domain), bus_and_slot, strna(func), strna(port),
|
||||
special_glyph(SPECIAL_GLYPH_ARROW_RIGHT), empty_to_na(str));
|
||||
|
||||
- r = pci_get_hotplug_slot(pci_dev, &hotplug_slot);
|
||||
- if (r < 0)
|
||||
- return r;
|
||||
- if (r > 0)
|
||||
- /* If the hotplug slot is found through the function ID, then drop the domain from the name.
|
||||
- * See comments in parse_hotplug_slot_from_function_id(). */
|
||||
- domain = mfree(domain);
|
||||
+ if (naming_scheme_has(NAMING_FIRMWARE_NODE_SUN))
|
||||
+ r = pci_get_slot_from_firmware_node_sun(pci_dev, &slot);
|
||||
+ else
|
||||
+ r = -1;
|
||||
+ /* If we don't find a slot using firmware_node/sun, fallback to hotplug_slot */
|
||||
+ if (r < 0) {
|
||||
+ r = pci_get_hotplug_slot(pci_dev, &slot);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+ if (r > 0)
|
||||
+ /* If the hotplug slot is found through the function ID, then drop the domain from the name.
|
||||
+ * See comments in parse_hotplug_slot_from_function_id(). */
|
||||
+ domain = mfree(domain);
|
||||
+ }
|
||||
|
||||
if (snprintf_ok(str, sizeof str, "%s%ss%"PRIu32"%s%s%s",
|
||||
- prefix, strempty(domain), hotplug_slot, strempty(func), strempty(port), strempty(suffix)))
|
||||
+ prefix, strempty(domain), slot, strempty(func), strempty(port), strempty(suffix)))
|
||||
udev_builtin_add_property(dev, mode, "ID_NET_NAME_SLOT", str);
|
||||
|
||||
log_device_debug(dev, "Slot identifier: domain=%s slot=%"PRIu32" func=%s port=%s %s %s",
|
||||
- strna(domain), hotplug_slot, strna(func), strna(port),
|
||||
+ strna(domain), slot, strna(func), strna(port),
|
||||
special_glyph(SPECIAL_GLYPH_ARROW_RIGHT), empty_to_na(str));
|
||||
|
||||
return 0;
|
@ -1,36 +0,0 @@
|
||||
From f5470e9076138ccf69fb6576e950a75da4b89717 Mon Sep 17 00:00:00 2001
|
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||
Date: Fri, 2 Aug 2024 16:51:15 +0900
|
||||
Subject: [PATCH] man/net-naming-scheme: add missing period
|
||||
|
||||
Follow-up for 0a4ecc54cb9f2d3418b970c51bfadb69c34ae9eb.
|
||||
|
||||
(cherry picked from commit 2bb72aadb8169c9310c8ca0d586d277a4a71e2f8)
|
||||
|
||||
Related: RHEL-44416
|
||||
---
|
||||
man/systemd.net-naming-scheme.xml | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
|
||||
index ea9a9c8d3c..e458b5dd6b 100644
|
||||
--- a/man/systemd.net-naming-scheme.xml
|
||||
+++ b/man/systemd.net-naming-scheme.xml
|
||||
@@ -528,7 +528,7 @@
|
||||
<varlistentry>
|
||||
<term><constant>rhel-10.0</constant></term>
|
||||
|
||||
- <listitem><para>PCI slot number is now read from <constant>firmware_node/sun</constant> sysfs file</para>
|
||||
+ <listitem><para>PCI slot number is now read from <constant>firmware_node/sun</constant> sysfs file.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="rhel-10.0"/>
|
||||
</listitem>
|
||||
@@ -604,7 +604,7 @@
|
||||
children of the same PCI bridge, e.g. there are multiple PCI bridges in the same slot.
|
||||
</para>
|
||||
|
||||
- <para>PCI slot number is now read from <constant>firmware_node/sun</constant> sysfs file</para>
|
||||
+ <para>PCI slot number is now read from <constant>firmware_node/sun</constant> sysfs file.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="rhel-9.5"/>
|
||||
</listitem>
|
@ -1,28 +0,0 @@
|
||||
From 6bec94d825960a39bed6429531e722fd1571664b Mon Sep 17 00:00:00 2001
|
||||
From: Jan Macku <jamacku@redhat.com>
|
||||
Date: Wed, 14 Aug 2024 12:21:59 +0200
|
||||
Subject: [PATCH] Revert "packit: drop the dependency on python3-zstd"
|
||||
|
||||
This reverts commit 43bf3e1a42e2c1a6ecd0ca6fd72c9bc6fe904703.
|
||||
|
||||
rhel-only: ci
|
||||
|
||||
Related: RHEL-36636
|
||||
---
|
||||
.packit.yml | 3 ---
|
||||
1 file changed, 3 deletions(-)
|
||||
|
||||
diff --git a/.packit.yml b/.packit.yml
|
||||
index 48ba210947..03b3aae7d5 100644
|
||||
--- a/.packit.yml
|
||||
+++ b/.packit.yml
|
||||
@@ -39,9 +39,6 @@ actions:
|
||||
- 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec'
|
||||
# Ignore unpackaged standalone binaries
|
||||
- "sed -i 's/assert False,.*/pass/' .packit_rpm/split-files.py"
|
||||
- # Drop the python3dist(zstd) dependency, as it's only in the RHEL buildroot
|
||||
- # repo
|
||||
- - "sed -i '/python3dist(zstd)/d' .packit_rpm/systemd.spec"
|
||||
|
||||
# Available targets can be listed via `copr-cli list-chroots`
|
||||
jobs:
|
@ -1,48 +0,0 @@
|
||||
From a81dc0cad9c24df7c005378fe2c438a98054a7d3 Mon Sep 17 00:00:00 2001
|
||||
From: Mike Yuan <me@yhndnzj.com>
|
||||
Date: Sun, 30 Jun 2024 13:12:45 +0200
|
||||
Subject: [PATCH] systemctl: do not try to acquire triggering units for
|
||||
template units
|
||||
|
||||
(cherry picked from commit 09d6038d833468ba7c24c658597387ef699ca4fd)
|
||||
|
||||
Resolves: RHEL-55132
|
||||
---
|
||||
src/systemctl/systemctl-util.c | 13 +++++++++----
|
||||
1 file changed, 9 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/systemctl/systemctl-util.c b/src/systemctl/systemctl-util.c
|
||||
index 2482b7ccb2..08a3ebe128 100644
|
||||
--- a/src/systemctl/systemctl-util.c
|
||||
+++ b/src/systemctl/systemctl-util.c
|
||||
@@ -327,14 +327,15 @@ int get_active_triggering_units(sd_bus *bus, const char *unit, bool ignore_maske
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
+ if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE))
|
||||
+ goto skip;
|
||||
+
|
||||
if (ignore_masked) {
|
||||
r = unit_is_masked(bus, name);
|
||||
if (r < 0)
|
||||
return r;
|
||||
- if (r > 0) {
|
||||
- *ret = NULL;
|
||||
- return 0;
|
||||
- }
|
||||
+ if (r > 0)
|
||||
+ goto skip;
|
||||
}
|
||||
|
||||
dbus_path = unit_dbus_path_from_name(name);
|
||||
@@ -370,6 +371,10 @@ int get_active_triggering_units(sd_bus *bus, const char *unit, bool ignore_maske
|
||||
|
||||
*ret = TAKE_PTR(active);
|
||||
return 0;
|
||||
+
|
||||
+skip:
|
||||
+ *ret = NULL;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
void warn_triggering_units(sd_bus *bus, const char *unit, const char *operation, bool ignore_masked) {
|
@ -1,24 +0,0 @@
|
||||
From dee8164e2d136efb7bac04775c8bef255f659766 Mon Sep 17 00:00:00 2001
|
||||
From: Mike Yuan <me@yhndnzj.com>
|
||||
Date: Sat, 22 Jun 2024 12:08:39 +0200
|
||||
Subject: [PATCH] core/unit: add one assertion for u->manager
|
||||
|
||||
(cherry picked from commit 8b17371b6185c9829bb21a813aadb2225ccfc4de)
|
||||
|
||||
Resolves: RHEL-55734
|
||||
---
|
||||
src/core/unit.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/core/unit.c b/src/core/unit.c
|
||||
index a5556ba462..c668c45ee9 100644
|
||||
--- a/src/core/unit.c
|
||||
+++ b/src/core/unit.c
|
||||
@@ -6103,6 +6103,7 @@ int unit_test_trigger_loaded(Unit *u) {
|
||||
|
||||
void unit_destroy_runtime_data(Unit *u, const ExecContext *context) {
|
||||
assert(u);
|
||||
+ assert(u->manager);
|
||||
assert(context);
|
||||
|
||||
/* EXEC_PRESERVE_RESTART is handled via unit_release_resources()! */
|
@ -1,88 +0,0 @@
|
||||
From 45d326633b32f4dee739ca38a67347c828c1c136 Mon Sep 17 00:00:00 2001
|
||||
From: Mike Yuan <me@yhndnzj.com>
|
||||
Date: Sat, 22 Jun 2024 12:03:50 +0200
|
||||
Subject: [PATCH] core/service: destroy runtime data when Type=oneshot services
|
||||
exit
|
||||
|
||||
Currently, we have a bunch of Type=oneshot + RemainAfterExit=yes
|
||||
services that make use of credentials. When those exits, the cred mounts
|
||||
remain established, which is pointless and quite annoying. Let's
|
||||
instead destroy the runtime data on SERVICE_EXITED, if no process
|
||||
will be spawned for the unit again.
|
||||
|
||||
(cherry picked from commit c26948c6dae1d2ca13499b36f193b13a0760834c)
|
||||
|
||||
Resolves: RHEL-55734
|
||||
---
|
||||
src/core/service.c | 37 ++++++++++++++++++++++++++-----------
|
||||
1 file changed, 26 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/src/core/service.c b/src/core/service.c
|
||||
index 6e81460ad0..60cc902745 100644
|
||||
--- a/src/core/service.c
|
||||
+++ b/src/core/service.c
|
||||
@@ -1206,13 +1206,12 @@ static void service_search_main_pid(Service *s) {
|
||||
}
|
||||
|
||||
static void service_set_state(Service *s, ServiceState state) {
|
||||
+ Unit *u = UNIT(ASSERT_PTR(s));
|
||||
ServiceState old_state;
|
||||
const UnitActiveState *table;
|
||||
|
||||
- assert(s);
|
||||
-
|
||||
if (s->state != state)
|
||||
- bus_unit_send_pending_change_signal(UNIT(s), false);
|
||||
+ bus_unit_send_pending_change_signal(u, false);
|
||||
|
||||
table = s->type == SERVICE_IDLE ? state_translation_table_idle : state_translation_table;
|
||||
|
||||
@@ -1246,8 +1245,8 @@ static void service_set_state(Service *s, ServiceState state) {
|
||||
SERVICE_DEAD, SERVICE_FAILED,
|
||||
SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_FAILED_BEFORE_AUTO_RESTART, SERVICE_AUTO_RESTART, SERVICE_AUTO_RESTART_QUEUED,
|
||||
SERVICE_DEAD_RESOURCES_PINNED)) {
|
||||
- unit_unwatch_all_pids(UNIT(s));
|
||||
- unit_dequeue_rewatch_pids(UNIT(s));
|
||||
+ unit_unwatch_all_pids(u);
|
||||
+ unit_dequeue_rewatch_pids(u);
|
||||
}
|
||||
|
||||
if (state != SERVICE_START)
|
||||
@@ -1256,15 +1255,31 @@ static void service_set_state(Service *s, ServiceState state) {
|
||||
if (!IN_SET(state, SERVICE_START_POST, SERVICE_RUNNING, SERVICE_RELOAD, SERVICE_RELOAD_SIGNAL, SERVICE_RELOAD_NOTIFY))
|
||||
service_stop_watchdog(s);
|
||||
|
||||
- /* For the inactive states unit_notify() will trim the cgroup,
|
||||
- * but for exit we have to do that ourselves... */
|
||||
- if (state == SERVICE_EXITED && !MANAGER_IS_RELOADING(UNIT(s)->manager))
|
||||
- unit_prune_cgroup(UNIT(s));
|
||||
+ if (state == SERVICE_EXITED && !MANAGER_IS_RELOADING(u->manager)) {
|
||||
+ /* For the inactive states unit_notify() will trim the cgroup. But for exit we have to
|
||||
+ * do that ourselves... */
|
||||
+ unit_prune_cgroup(u);
|
||||
+
|
||||
+ /* If none of ExecReload= and ExecStop*= is used, we can safely destroy runtime data
|
||||
+ * as soon as the service enters SERVICE_EXITED. This saves us from keeping the credential mount
|
||||
+ * for the whole duration of the oneshot service while no processes are actually running,
|
||||
+ * among other things. */
|
||||
+
|
||||
+ bool start_only = true;
|
||||
+ for (ServiceExecCommand c = SERVICE_EXEC_RELOAD; c < _SERVICE_EXEC_COMMAND_MAX; c++)
|
||||
+ if (s->exec_command[c]) {
|
||||
+ start_only = false;
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ if (start_only)
|
||||
+ unit_destroy_runtime_data(u, &s->exec_context);
|
||||
+ }
|
||||
|
||||
if (old_state != state)
|
||||
- log_unit_debug(UNIT(s), "Changed %s -> %s", service_state_to_string(old_state), service_state_to_string(state));
|
||||
+ log_unit_debug(u, "Changed %s -> %s", service_state_to_string(old_state), service_state_to_string(state));
|
||||
|
||||
- unit_notify(UNIT(s), table[old_state], table[state], s->reload_result == SERVICE_SUCCESS);
|
||||
+ unit_notify(u, table[old_state], table[state], s->reload_result == SERVICE_SUCCESS);
|
||||
}
|
||||
|
||||
static usec_t service_coldplug_timeout(Service *s) {
|
@ -1,34 +0,0 @@
|
||||
From 05c29b1e58784c87ecb4ae7b56425af786e1cd05 Mon Sep 17 00:00:00 2001
|
||||
From: Daan De Meyer <daan.j.demeyer@gmail.com>
|
||||
Date: Tue, 30 Jul 2024 11:53:32 +0200
|
||||
Subject: [PATCH] cgroup-util: Ignore kernel threads in cg_kill_items()
|
||||
|
||||
Similar to the implementation of cgroup.kill in the kernel, let's
|
||||
skip kernel threads in cg_kill_items() as trying to kill kernel
|
||||
threads as an unprivileged process will fail with EPERM and doesn't
|
||||
do anything when running privileged.
|
||||
|
||||
(cherry picked from commit 0fbb569de1dcc06118dba006cf7a40caf6cd94d0)
|
||||
|
||||
Resolves: RHEL-55746
|
||||
---
|
||||
src/basic/cgroup-util.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
|
||||
index 553ee6075a..1fc83a656a 100644
|
||||
--- a/src/basic/cgroup-util.c
|
||||
+++ b/src/basic/cgroup-util.c
|
||||
@@ -369,6 +369,12 @@ static int cg_kill_items(
|
||||
if (set_get(s, PID_TO_PTR(pidref.pid)) == PID_TO_PTR(pidref.pid))
|
||||
continue;
|
||||
|
||||
+ /* Ignore kernel threads to mimick the behavior of cgroup.kill. */
|
||||
+ if (pidref_is_kernel_thread(&pidref) > 0) {
|
||||
+ log_debug("Ignoring kernel thread with pid " PID_FMT " in cgroup '%s'", pidref.pid, path);
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
if (log_kill)
|
||||
ret_log_kill = log_kill(&pidref, sig, userdata);
|
||||
|
@ -1,30 +0,0 @@
|
||||
From 418d2192e0e2bcdc7fe10f4f331231a2ad5a5c00 Mon Sep 17 00:00:00 2001
|
||||
From: Daan De Meyer <daan.j.demeyer@gmail.com>
|
||||
Date: Wed, 31 Jul 2024 13:38:50 +0200
|
||||
Subject: [PATCH] cgroup-util: Don't try to open pidfd for kernel threads
|
||||
|
||||
The kernel might start returning -EINVAL when trying to open pidfd's
|
||||
for kernel threads so let's not try to open pidfd's for kernel threads.
|
||||
|
||||
(cherry picked from commit ead48ec35c863650944352a3455f26ce3b393058)
|
||||
|
||||
Resolves: RHEL-55746
|
||||
---
|
||||
src/basic/cgroup-util.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
|
||||
index 1fc83a656a..b0fe0ecbe8 100644
|
||||
--- a/src/basic/cgroup-util.c
|
||||
+++ b/src/basic/cgroup-util.c
|
||||
@@ -149,7 +149,9 @@ int cg_read_pidref(FILE *f, PidRef *ret, CGroupFlags flags) {
|
||||
if (pid == 0)
|
||||
return -EREMOTE;
|
||||
|
||||
- if (FLAGS_SET(flags, CGROUP_NO_PIDFD)) {
|
||||
+ /* We might read kernel thread pids from cgroup.procs for which we cannot create a pidfd so
|
||||
+ * catch those and don't try to create a pidfd for them. */
|
||||
+ if (FLAGS_SET(flags, CGROUP_NO_PIDFD) || pid_is_kernel_thread(pid) > 0) {
|
||||
*ret = PIDREF_MAKE_FROM_PID(pid);
|
||||
return 1;
|
||||
}
|
@ -1,27 +0,0 @@
|
||||
From d41b2bdf876e0d46486c1800d5ee12a6f641a9d4 Mon Sep 17 00:00:00 2001
|
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||
Date: Sat, 3 Aug 2024 05:48:51 +0900
|
||||
Subject: [PATCH] cgroup-util: fix typo
|
||||
|
||||
Follow-up for 0fbb569de1dcc06118dba006cf7a40caf6cd94d0.
|
||||
|
||||
(cherry picked from commit ec4964692ae0e080c596610adee2ddb83008c839)
|
||||
|
||||
Resolves: RHEL-55746
|
||||
---
|
||||
src/basic/cgroup-util.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
|
||||
index b0fe0ecbe8..2c64a54906 100644
|
||||
--- a/src/basic/cgroup-util.c
|
||||
+++ b/src/basic/cgroup-util.c
|
||||
@@ -371,7 +371,7 @@ static int cg_kill_items(
|
||||
if (set_get(s, PID_TO_PTR(pidref.pid)) == PID_TO_PTR(pidref.pid))
|
||||
continue;
|
||||
|
||||
- /* Ignore kernel threads to mimick the behavior of cgroup.kill. */
|
||||
+ /* Ignore kernel threads to mimic the behavior of cgroup.kill. */
|
||||
if (pidref_is_kernel_thread(&pidref) > 0) {
|
||||
log_debug("Ignoring kernel thread with pid " PID_FMT " in cgroup '%s'", pidref.pid, path);
|
||||
continue;
|
@ -1,75 +0,0 @@
|
||||
From c3300ddbcdd138da8bd3fb31d0f35a20f5b6ca13 Mon Sep 17 00:00:00 2001
|
||||
From: Lukas Nykryn <lnykryn@redhat.com>
|
||||
Date: Thu, 22 Aug 2024 13:42:11 +0200
|
||||
Subject: [PATCH] netif-naming-scheme: rename rhel-10.0 to rhel-10.0.beta
|
||||
|
||||
rhel-only: policy
|
||||
Related: RHEL-55728
|
||||
---
|
||||
man/systemd.net-naming-scheme.xml | 6 +++---
|
||||
man/version-info.xml | 1 +
|
||||
src/shared/netif-naming-scheme.c | 2 +-
|
||||
src/shared/netif-naming-scheme.h | 2 +-
|
||||
4 files changed, 6 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
|
||||
index e458b5dd6b..610a05485b 100644
|
||||
--- a/man/systemd.net-naming-scheme.xml
|
||||
+++ b/man/systemd.net-naming-scheme.xml
|
||||
@@ -526,15 +526,15 @@
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
- <term><constant>rhel-10.0</constant></term>
|
||||
+ <term><constant>rhel-10.0-beta</constant></term>
|
||||
|
||||
<listitem><para>PCI slot number is now read from <constant>firmware_node/sun</constant> sysfs file.</para>
|
||||
|
||||
- <xi:include href="version-info.xml" xpointer="rhel-10.0"/>
|
||||
+ <xi:include href="version-info.xml" xpointer="rhel-10.0.beta"/>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
- <para>By default <constant>rhel-10.0</constant> is used.</para>
|
||||
+ <para>By default <constant>rhel-10.0-beta</constant> is used.</para>
|
||||
|
||||
<refsect2>
|
||||
<title>RHEL-9 schemes</title>
|
||||
diff --git a/man/version-info.xml b/man/version-info.xml
|
||||
index 274450d408..c05cebfbe2 100644
|
||||
--- a/man/version-info.xml
|
||||
+++ b/man/version-info.xml
|
||||
@@ -103,6 +103,7 @@
|
||||
<para id="rhel-9.8">Added in rhel-9.8.</para>
|
||||
<para id="rhel-9.9">Added in rhel-9.9.</para>
|
||||
<para id="rhel-9.10">Added in rhel-9.10.</para>
|
||||
+ <para id="rhel-10.0.beta">Added in rhel-10.0-beta.</para>
|
||||
<para id="rhel-10.0">Added in rhel-10.0.</para>
|
||||
<para id="rhel-10.1">Added in rhel-10.1.</para>
|
||||
<para id="rhel-10.2">Added in rhel-10.2.</para>
|
||||
diff --git a/src/shared/netif-naming-scheme.c b/src/shared/netif-naming-scheme.c
|
||||
index 149794e926..cb5f8c5d38 100644
|
||||
--- a/src/shared/netif-naming-scheme.c
|
||||
+++ b/src/shared/netif-naming-scheme.c
|
||||
@@ -41,7 +41,7 @@ static const NamingScheme naming_schemes[] = {
|
||||
{ "rhel-9.3", NAMING_RHEL_9_3 },
|
||||
{ "rhel-9.4", NAMING_RHEL_9_4 },
|
||||
{ "rhel-9.5", NAMING_RHEL_9_5 },
|
||||
- { "rhel-10.0", NAMING_RHEL_10_0 },
|
||||
+ { "rhel-10.0-beta", NAMING_RHEL_10_0_BETA },
|
||||
/* … add more schemes here, as the logic to name devices is updated … */
|
||||
|
||||
EXTRA_NET_NAMING_MAP
|
||||
diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h
|
||||
index 229232d452..2e2023ba5b 100644
|
||||
--- a/src/shared/netif-naming-scheme.h
|
||||
+++ b/src/shared/netif-naming-scheme.h
|
||||
@@ -83,7 +83,7 @@ typedef enum NamingSchemeFlags {
|
||||
NAMING_RHEL_9_4 = NAMING_RHEL_9_3,
|
||||
NAMING_RHEL_9_5 = (NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT) | NAMING_FIRMWARE_NODE_SUN,
|
||||
|
||||
- NAMING_RHEL_10_0 = NAMING_V255 | NAMING_FIRMWARE_NODE_SUN,
|
||||
+ NAMING_RHEL_10_0_BETA = NAMING_V255 | NAMING_FIRMWARE_NODE_SUN,
|
||||
|
||||
EXTRA_NET_NAMING_SCHEMES
|
||||
|
@ -1,43 +0,0 @@
|
||||
From 8da695b27c2620e6410e0b1a4d8dda4747d89b5f Mon Sep 17 00:00:00 2001
|
||||
From: Lukas Nykryn <lnykryn@redhat.com>
|
||||
Date: Thu, 22 Aug 2024 13:47:56 +0200
|
||||
Subject: [PATCH] net-naming-scheme: disable NAMING_FIRMWARE_NODE_SUN
|
||||
|
||||
It seems that virtio devices always have "0" in
|
||||
the firmware_node/sun. And because of that, udev will
|
||||
always name the device ens0, which leads to collisions.
|
||||
So let's disable it for now.
|
||||
|
||||
rhel-only: policy
|
||||
Resolves: RHEL-55728
|
||||
---
|
||||
man/systemd.net-naming-scheme.xml | 2 +-
|
||||
src/shared/netif-naming-scheme.h | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
|
||||
index 610a05485b..8be24e4243 100644
|
||||
--- a/man/systemd.net-naming-scheme.xml
|
||||
+++ b/man/systemd.net-naming-scheme.xml
|
||||
@@ -528,7 +528,7 @@
|
||||
<varlistentry>
|
||||
<term><constant>rhel-10.0-beta</constant></term>
|
||||
|
||||
- <listitem><para>PCI slot number is now read from <constant>firmware_node/sun</constant> sysfs file.</para>
|
||||
+ <listitem><para>Same as naming scheme <constant>v255</constant>.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="rhel-10.0.beta"/>
|
||||
</listitem>
|
||||
diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h
|
||||
index 2e2023ba5b..fb733ba768 100644
|
||||
--- a/src/shared/netif-naming-scheme.h
|
||||
+++ b/src/shared/netif-naming-scheme.h
|
||||
@@ -83,7 +83,7 @@ typedef enum NamingSchemeFlags {
|
||||
NAMING_RHEL_9_4 = NAMING_RHEL_9_3,
|
||||
NAMING_RHEL_9_5 = (NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT) | NAMING_FIRMWARE_NODE_SUN,
|
||||
|
||||
- NAMING_RHEL_10_0_BETA = NAMING_V255 | NAMING_FIRMWARE_NODE_SUN,
|
||||
+ NAMING_RHEL_10_0_BETA = NAMING_V255,
|
||||
|
||||
EXTRA_NET_NAMING_SCHEMES
|
||||
|
@ -1,38 +0,0 @@
|
||||
From 6a8e030c0a8481e42ee60a52e7a91f736537f5e3 Mon Sep 17 00:00:00 2001
|
||||
From: Lukas Nykryn <lnykryn@redhat.com>
|
||||
Date: Thu, 22 Aug 2024 14:31:54 +0200
|
||||
Subject: [PATCH] net-naming-scheme: remove NAMING_FIRMWARE_NODE_SUN from 9.5
|
||||
|
||||
rhel-only: policy
|
||||
Resolves: RHEL-55728
|
||||
---
|
||||
man/systemd.net-naming-scheme.xml | 2 --
|
||||
src/shared/netif-naming-scheme.h | 2 +-
|
||||
2 files changed, 1 insertion(+), 3 deletions(-)
|
||||
|
||||
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
|
||||
index 8be24e4243..246c6509e3 100644
|
||||
--- a/man/systemd.net-naming-scheme.xml
|
||||
+++ b/man/systemd.net-naming-scheme.xml
|
||||
@@ -604,8 +604,6 @@
|
||||
children of the same PCI bridge, e.g. there are multiple PCI bridges in the same slot.
|
||||
</para>
|
||||
|
||||
- <para>PCI slot number is now read from <constant>firmware_node/sun</constant> sysfs file.</para>
|
||||
-
|
||||
<xi:include href="version-info.xml" xpointer="rhel-9.5"/>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h
|
||||
index fb733ba768..b2b2ee648f 100644
|
||||
--- a/src/shared/netif-naming-scheme.h
|
||||
+++ b/src/shared/netif-naming-scheme.h
|
||||
@@ -81,7 +81,7 @@ typedef enum NamingSchemeFlags {
|
||||
NAMING_RHEL_9_2 = NAMING_RHEL_9_0,
|
||||
NAMING_RHEL_9_3 = NAMING_RHEL_9_0 | NAMING_SR_IOV_R,
|
||||
NAMING_RHEL_9_4 = NAMING_RHEL_9_3,
|
||||
- NAMING_RHEL_9_5 = (NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT) | NAMING_FIRMWARE_NODE_SUN,
|
||||
+ NAMING_RHEL_9_5 = NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT,
|
||||
|
||||
NAMING_RHEL_10_0_BETA = NAMING_V255,
|
||||
|
@ -1,33 +0,0 @@
|
||||
From 38623336fb84eb0df1f72ef8d472a36bb5d60822 Mon Sep 17 00:00:00 2001
|
||||
From: Daan De Meyer <daan.j.demeyer@gmail.com>
|
||||
Date: Wed, 21 Aug 2024 11:25:46 +0200
|
||||
Subject: [PATCH] Revert "cgroup-util: Don't try to open pidfd for kernel
|
||||
threads"
|
||||
|
||||
The kernel patch was reverted so let's try again to open pidfds
|
||||
for kernel threads.
|
||||
|
||||
This reverts commit ead48ec35c863650944352a3455f26ce3b393058.
|
||||
|
||||
(cherry picked from commit 1ce69e06615e69692a6d02d447acfd77f5d44631)
|
||||
|
||||
Related: RHEL-52634
|
||||
---
|
||||
src/basic/cgroup-util.c | 4 +---
|
||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
|
||||
index 2c64a54906..a6ad711ac0 100644
|
||||
--- a/src/basic/cgroup-util.c
|
||||
+++ b/src/basic/cgroup-util.c
|
||||
@@ -149,9 +149,7 @@ int cg_read_pidref(FILE *f, PidRef *ret, CGroupFlags flags) {
|
||||
if (pid == 0)
|
||||
return -EREMOTE;
|
||||
|
||||
- /* We might read kernel thread pids from cgroup.procs for which we cannot create a pidfd so
|
||||
- * catch those and don't try to create a pidfd for them. */
|
||||
- if (FLAGS_SET(flags, CGROUP_NO_PIDFD) || pid_is_kernel_thread(pid) > 0) {
|
||||
+ if (FLAGS_SET(flags, CGROUP_NO_PIDFD)) {
|
||||
*ret = PIDREF_MAKE_FROM_PID(pid);
|
||||
return 1;
|
||||
}
|
@ -1,30 +0,0 @@
|
||||
From 65dbacdb67ae94f7481a413dfea651b2d8a74d13 Mon Sep 17 00:00:00 2001
|
||||
From: Daan De Meyer <daan.j.demeyer@gmail.com>
|
||||
Date: Wed, 28 Aug 2024 14:08:30 +0200
|
||||
Subject: [PATCH] ukify: Skip test on architectures without UEFI
|
||||
|
||||
(cherry picked from commit 5121f7c45b37afca53c89f42123b1dd6a04fa80f)
|
||||
|
||||
Related: RHEL-52634
|
||||
---
|
||||
src/ukify/test/test_ukify.py | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/src/ukify/test/test_ukify.py b/src/ukify/test/test_ukify.py
|
||||
index 0e3f932890..15d1578695 100755
|
||||
--- a/src/ukify/test/test_ukify.py
|
||||
+++ b/src/ukify/test/test_ukify.py
|
||||
@@ -35,6 +35,13 @@ except ImportError as e:
|
||||
sys.path.append(os.path.dirname(__file__) + '/..')
|
||||
import ukify
|
||||
|
||||
+# Skip if we're running on an architecture that does not use UEFI.
|
||||
+try:
|
||||
+ ukify.guess_efi_arch()
|
||||
+except ValueError as e:
|
||||
+ print(str(e), file=sys.stderr)
|
||||
+ sys.exit(77)
|
||||
+
|
||||
build_root = os.getenv('PROJECT_BUILD_ROOT')
|
||||
try:
|
||||
slow_tests = bool(int(os.getenv('SYSTEMD_SLOW_TESTS', '1')))
|
@ -1,25 +0,0 @@
|
||||
From d6ed92f6f6bffbf98700002eeed231af3336b40e Mon Sep 17 00:00:00 2001
|
||||
From: Jan Macku <jamacku@redhat.com>
|
||||
Date: Thu, 5 Sep 2024 12:36:01 +0200
|
||||
Subject: [PATCH] ci: rename beta branch to match dist-git name
|
||||
|
||||
rhel-only: ci
|
||||
|
||||
Related: RHEL-57603
|
||||
---
|
||||
.github/tracker-validator.yml | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/.github/tracker-validator.yml b/.github/tracker-validator.yml
|
||||
index 2e858606ff..1226b8a92a 100644
|
||||
--- a/.github/tracker-validator.yml
|
||||
+++ b/.github/tracker-validator.yml
|
||||
@@ -6,7 +6,7 @@ labels:
|
||||
products:
|
||||
- Red Hat Enterprise Linux 10
|
||||
- CentOS Stream 10
|
||||
- - rhel-10.0.beta
|
||||
+ - rhel-10.0-beta
|
||||
- rhel-10.0
|
||||
- rhel-10.0.z
|
||||
- rhel-10.1
|
@ -1,41 +0,0 @@
|
||||
From ab07d071227dd878a7376296ab4baaca4522e4fb Mon Sep 17 00:00:00 2001
|
||||
From: Chengen Du <chengen.du@canonical.com>
|
||||
Date: Mon, 12 Aug 2024 11:41:52 +0800
|
||||
Subject: [PATCH] udev: Handle PTP device symlink properly on udev action
|
||||
'change'
|
||||
|
||||
PTP device symlink creation rules are currently executed only when the
|
||||
udev action is 'add'. If a user reloads the rules and runs the udevadm
|
||||
trigger command to reapply changes, the symlink may be deleted, which
|
||||
can prevent the chronyd service from restarting properly.
|
||||
|
||||
Signed-off-by: Chengen Du <chengen.du@canonical.com>
|
||||
(cherry picked from commit 6bd12be3fa7761f190e17efdbdbff4440da7528b)
|
||||
|
||||
Resolves: RHEL-59871
|
||||
---
|
||||
rules.d/50-udev-default.rules.in | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/rules.d/50-udev-default.rules.in b/rules.d/50-udev-default.rules.in
|
||||
index 9b00c7037e..6f80feeecf 100644
|
||||
--- a/rules.d/50-udev-default.rules.in
|
||||
+++ b/rules.d/50-udev-default.rules.in
|
||||
@@ -30,6 +30,9 @@ SUBSYSTEM=="pci|usb|platform", IMPORT{builtin}="path_id"
|
||||
|
||||
SUBSYSTEM=="net", IMPORT{builtin}="net_driver"
|
||||
|
||||
+SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK+="ptp_kvm"
|
||||
+SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK+="ptp_hyperv"
|
||||
+
|
||||
ACTION!="add", GOTO="default_end"
|
||||
|
||||
SUBSYSTEM=="tty", KERNEL=="ptmx", GROUP="tty", MODE="0666"
|
||||
@@ -116,7 +119,4 @@ KERNEL=="vhost-net", GROUP="kvm", MODE="{{DEV_KVM_MODE}}", OPTIONS+="static_node
|
||||
|
||||
KERNEL=="udmabuf", GROUP="kvm"
|
||||
|
||||
-SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK+="ptp_kvm"
|
||||
-SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK+="ptp_hyperv"
|
||||
-
|
||||
LABEL="default_end"
|
@ -1,121 +0,0 @@
|
||||
From 1fbfcb7d98c95e80e9332770b78613a803c15c20 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||||
Date: Tue, 30 Jul 2024 10:51:21 +0100
|
||||
Subject: [PATCH] Fix detection of TDX confidential VM on Azure platform
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The original CVM detection logic for TDX assumes that the guest can see
|
||||
the standard TDX CPUID leaf. This was true in Azure when this code was
|
||||
originally written, however, current Azure now blocks that leaf in the
|
||||
paravisor. Instead it is required to use the same Azure specific CPUID
|
||||
leaf that is used for SEV-SNP detection, which reports the VM isolation
|
||||
type.
|
||||
|
||||
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
(cherry picked from commit 9d7be044cad1ae54e344daf8f2ec37da46faf0fd)
|
||||
|
||||
Related: RHEL-56144
|
||||
---
|
||||
src/basic/confidential-virt.c | 11 ++++++++---
|
||||
src/boot/efi/vmm.c | 9 ++++++---
|
||||
src/fundamental/confidential-virt-fundamental.h | 1 +
|
||||
3 files changed, 15 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c
|
||||
index b6521cf5bf..8a88a3eb83 100644
|
||||
--- a/src/basic/confidential-virt.c
|
||||
+++ b/src/basic/confidential-virt.c
|
||||
@@ -76,7 +76,7 @@ static uint64_t msr(uint64_t index) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
-static bool detect_hyperv_sev(void) {
|
||||
+static bool detect_hyperv_cvm(uint32_t isoltype) {
|
||||
uint32_t eax, ebx, ecx, edx, feat;
|
||||
char sig[13] = {};
|
||||
|
||||
@@ -100,7 +100,7 @@ static bool detect_hyperv_sev(void) {
|
||||
ebx = ecx = edx = 0;
|
||||
cpuid(&eax, &ebx, &ecx, &edx);
|
||||
|
||||
- if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == CPUID_HYPERV_ISOLATION_TYPE_SNP)
|
||||
+ if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == isoltype)
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -133,7 +133,7 @@ static ConfidentialVirtualization detect_sev(void) {
|
||||
if (!(eax & EAX_SEV)) {
|
||||
log_debug("No sev in CPUID, trying hyperv CPUID");
|
||||
|
||||
- if (detect_hyperv_sev())
|
||||
+ if (detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_SNP))
|
||||
return CONFIDENTIAL_VIRTUALIZATION_SEV_SNP;
|
||||
|
||||
log_debug("No hyperv CPUID");
|
||||
@@ -171,6 +171,11 @@ static ConfidentialVirtualization detect_tdx(void) {
|
||||
if (memcmp(sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0)
|
||||
return CONFIDENTIAL_VIRTUALIZATION_TDX;
|
||||
|
||||
+ log_debug("No tdx in CPUID, trying hyperv CPUID");
|
||||
+
|
||||
+ if (detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_TDX))
|
||||
+ return CONFIDENTIAL_VIRTUALIZATION_TDX;
|
||||
+
|
||||
return CONFIDENTIAL_VIRTUALIZATION_NONE;
|
||||
}
|
||||
|
||||
diff --git a/src/boot/efi/vmm.c b/src/boot/efi/vmm.c
|
||||
index 60e216d54c..3459461390 100644
|
||||
--- a/src/boot/efi/vmm.c
|
||||
+++ b/src/boot/efi/vmm.c
|
||||
@@ -337,7 +337,7 @@ static uint64_t msr(uint32_t index) {
|
||||
return val;
|
||||
}
|
||||
|
||||
-static bool detect_hyperv_sev(void) {
|
||||
+static bool detect_hyperv_cvm(uint32_t isoltype) {
|
||||
uint32_t eax, ebx, ecx, edx, feat;
|
||||
char sig[13] = {};
|
||||
|
||||
@@ -354,7 +354,7 @@ static bool detect_hyperv_sev(void) {
|
||||
if (ebx & CPUID_HYPERV_ISOLATION && !(ebx & CPUID_HYPERV_CPU_MANAGEMENT)) {
|
||||
__cpuid(CPUID_HYPERV_ISOLATION_CONFIG, eax, ebx, ecx, edx);
|
||||
|
||||
- if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == CPUID_HYPERV_ISOLATION_TYPE_SNP)
|
||||
+ if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == isoltype)
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -379,7 +379,7 @@ static bool detect_sev(void) {
|
||||
* specific CPUID checks.
|
||||
*/
|
||||
if (!(eax & EAX_SEV))
|
||||
- return detect_hyperv_sev();
|
||||
+ return detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_SNP);
|
||||
|
||||
msrval = msr(MSR_AMD64_SEV);
|
||||
|
||||
@@ -403,6 +403,9 @@ static bool detect_tdx(void) {
|
||||
if (memcmp(sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0)
|
||||
return true;
|
||||
|
||||
+ if (detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_TDX))
|
||||
+ return true;
|
||||
+
|
||||
return false;
|
||||
}
|
||||
#endif /* ! __i386__ && ! __x86_64__ */
|
||||
diff --git a/src/fundamental/confidential-virt-fundamental.h b/src/fundamental/confidential-virt-fundamental.h
|
||||
index 986923e1c2..618b5800ea 100644
|
||||
--- a/src/fundamental/confidential-virt-fundamental.h
|
||||
+++ b/src/fundamental/confidential-virt-fundamental.h
|
||||
@@ -65,6 +65,7 @@
|
||||
|
||||
#define CPUID_HYPERV_ISOLATION_TYPE_MASK UINT32_C(0xf)
|
||||
#define CPUID_HYPERV_ISOLATION_TYPE_SNP 2
|
||||
+#define CPUID_HYPERV_ISOLATION_TYPE_TDX 3
|
||||
|
||||
#define EAX_SEV (UINT32_C(1) << 1)
|
||||
#define MSR_SEV (UINT64_C(1) << 0)
|
@ -1,76 +0,0 @@
|
||||
From d697ad145aa564aff3ac5cb9b6a63667ce2b391c Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||||
Date: Fri, 2 Aug 2024 16:26:00 +0100
|
||||
Subject: [PATCH] confidential-virt: split caching of CVM detection into
|
||||
separate method
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
We have different impls of detect_confidential_virtualization per
|
||||
architecture. The detection is cached in the x86_64 impl, and as we
|
||||
add support for more targets, we want to use caching for all. It thus
|
||||
makes sense to split caching out into an architecture independent
|
||||
method.
|
||||
|
||||
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
(cherry picked from commit 1c4bd7adcc281af2a2dd40867f64f2ac54a43c7a)
|
||||
|
||||
Related: RHEL-56144
|
||||
---
|
||||
src/basic/confidential-virt.c | 25 ++++++++++++++-----------
|
||||
1 file changed, 14 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c
|
||||
index 8a88a3eb83..0e05ecffbf 100644
|
||||
--- a/src/basic/confidential-virt.c
|
||||
+++ b/src/basic/confidential-virt.c
|
||||
@@ -194,34 +194,37 @@ static bool detect_hypervisor(void) {
|
||||
return is_hv;
|
||||
}
|
||||
|
||||
-ConfidentialVirtualization detect_confidential_virtualization(void) {
|
||||
- static thread_local ConfidentialVirtualization cached_found = _CONFIDENTIAL_VIRTUALIZATION_INVALID;
|
||||
+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
|
||||
char sig[13] = {};
|
||||
- ConfidentialVirtualization cv = CONFIDENTIAL_VIRTUALIZATION_NONE;
|
||||
-
|
||||
- if (cached_found >= 0)
|
||||
- return cached_found;
|
||||
|
||||
/* Skip everything on bare metal */
|
||||
if (detect_hypervisor()) {
|
||||
cpuid_leaf(0, sig, true);
|
||||
|
||||
if (memcmp(sig, CPUID_SIG_AMD, sizeof(sig)) == 0)
|
||||
- cv = detect_sev();
|
||||
+ return detect_sev();
|
||||
else if (memcmp(sig, CPUID_SIG_INTEL, sizeof(sig)) == 0)
|
||||
- cv = detect_tdx();
|
||||
+ return detect_tdx();
|
||||
}
|
||||
|
||||
- cached_found = cv;
|
||||
- return cv;
|
||||
+ return CONFIDENTIAL_VIRTUALIZATION_NONE;
|
||||
}
|
||||
#else /* ! x86_64 */
|
||||
-ConfidentialVirtualization detect_confidential_virtualization(void) {
|
||||
+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
|
||||
log_debug("No confidential virtualization detection on this architecture");
|
||||
return CONFIDENTIAL_VIRTUALIZATION_NONE;
|
||||
}
|
||||
#endif /* ! x86_64 */
|
||||
|
||||
+ConfidentialVirtualization detect_confidential_virtualization(void) {
|
||||
+ static thread_local ConfidentialVirtualization cached_found = _CONFIDENTIAL_VIRTUALIZATION_INVALID;
|
||||
+
|
||||
+ if (cached_found == _CONFIDENTIAL_VIRTUALIZATION_INVALID)
|
||||
+ cached_found = detect_confidential_virtualization_impl();
|
||||
+
|
||||
+ return cached_found;
|
||||
+}
|
||||
+
|
||||
static const char *const confidential_virtualization_table[_CONFIDENTIAL_VIRTUALIZATION_MAX] = {
|
||||
[CONFIDENTIAL_VIRTUALIZATION_NONE] = "none",
|
||||
[CONFIDENTIAL_VIRTUALIZATION_SEV] = "sev",
|
@ -1,90 +0,0 @@
|
||||
From a9da2854f199bb3729b29ea4175858067313659e Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||||
Date: Fri, 2 Aug 2024 11:03:10 +0100
|
||||
Subject: [PATCH] confidential-virt: add detection for s390x target
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The s390x platform provides confidential VMs using the "Secure Execution"
|
||||
technology, which is also referred to as "Protected Virtualization" or
|
||||
just "prot virt" in Linux / QEMU.
|
||||
|
||||
This can be detected through a simple sysfs attribute.
|
||||
|
||||
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
(cherry picked from commit 6c35e0a51cc6a852ce239ea46cd75c133212a68e)
|
||||
|
||||
Resolves: RHEL-56144
|
||||
---
|
||||
src/basic/confidential-virt.c | 30 +++++++++++++++++++++++++-----
|
||||
src/basic/confidential-virt.h | 1 +
|
||||
2 files changed, 26 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c
|
||||
index 0e05ecffbf..c246636c7c 100644
|
||||
--- a/src/basic/confidential-virt.c
|
||||
+++ b/src/basic/confidential-virt.c
|
||||
@@ -11,6 +11,7 @@
|
||||
#include "confidential-virt-fundamental.h"
|
||||
#include "confidential-virt.h"
|
||||
#include "fd-util.h"
|
||||
+#include "fileio.h"
|
||||
#include "missing_threads.h"
|
||||
#include "string-table.h"
|
||||
#include "utf8.h"
|
||||
@@ -209,6 +210,24 @@ static ConfidentialVirtualization detect_confidential_virtualization_impl(void)
|
||||
|
||||
return CONFIDENTIAL_VIRTUALIZATION_NONE;
|
||||
}
|
||||
+#elif defined(__s390x__)
|
||||
+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
|
||||
+ _cleanup_free_ char *s = NULL;
|
||||
+ size_t readsize;
|
||||
+ int r;
|
||||
+
|
||||
+ r = read_full_virtual_file("/sys/firmware/uv/prot_virt_guest", &s, &readsize);
|
||||
+ if (r < 0) {
|
||||
+ log_debug_errno(r, "Unable to read /sys/firmware/uv/prot_virt_guest: %m");
|
||||
+ return CONFIDENTIAL_VIRTUALIZATION_NONE;
|
||||
+ }
|
||||
+
|
||||
+ if (readsize >= 1 && s[0] == '1')
|
||||
+ return CONFIDENTIAL_VIRTUALIZATION_PROTVIRT;
|
||||
+
|
||||
+ return CONFIDENTIAL_VIRTUALIZATION_NONE;
|
||||
+}
|
||||
+
|
||||
#else /* ! x86_64 */
|
||||
static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
|
||||
log_debug("No confidential virtualization detection on this architecture");
|
||||
@@ -226,11 +245,12 @@ ConfidentialVirtualization detect_confidential_virtualization(void) {
|
||||
}
|
||||
|
||||
static const char *const confidential_virtualization_table[_CONFIDENTIAL_VIRTUALIZATION_MAX] = {
|
||||
- [CONFIDENTIAL_VIRTUALIZATION_NONE] = "none",
|
||||
- [CONFIDENTIAL_VIRTUALIZATION_SEV] = "sev",
|
||||
- [CONFIDENTIAL_VIRTUALIZATION_SEV_ES] = "sev-es",
|
||||
- [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP] = "sev-snp",
|
||||
- [CONFIDENTIAL_VIRTUALIZATION_TDX] = "tdx",
|
||||
+ [CONFIDENTIAL_VIRTUALIZATION_NONE] = "none",
|
||||
+ [CONFIDENTIAL_VIRTUALIZATION_SEV] = "sev",
|
||||
+ [CONFIDENTIAL_VIRTUALIZATION_SEV_ES] = "sev-es",
|
||||
+ [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP] = "sev-snp",
|
||||
+ [CONFIDENTIAL_VIRTUALIZATION_TDX] = "tdx",
|
||||
+ [CONFIDENTIAL_VIRTUALIZATION_PROTVIRT] = "protvirt",
|
||||
};
|
||||
|
||||
DEFINE_STRING_TABLE_LOOKUP(confidential_virtualization, ConfidentialVirtualization);
|
||||
diff --git a/src/basic/confidential-virt.h b/src/basic/confidential-virt.h
|
||||
index c02f3b2321..f92e3e883d 100644
|
||||
--- a/src/basic/confidential-virt.h
|
||||
+++ b/src/basic/confidential-virt.h
|
||||
@@ -13,6 +13,7 @@ typedef enum ConfidentialVirtualization {
|
||||
CONFIDENTIAL_VIRTUALIZATION_SEV_ES,
|
||||
CONFIDENTIAL_VIRTUALIZATION_SEV_SNP,
|
||||
CONFIDENTIAL_VIRTUALIZATION_TDX,
|
||||
+ CONFIDENTIAL_VIRTUALIZATION_PROTVIRT,
|
||||
|
||||
_CONFIDENTIAL_VIRTUALIZATION_MAX,
|
||||
_CONFIDENTIAL_VIRTUALIZATION_INVALID = -EINVAL,
|
@ -1,37 +0,0 @@
|
||||
From 776706c0b675a52ea83d1790e3598253592dd6a6 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||||
Date: Fri, 2 Aug 2024 13:07:13 +0100
|
||||
Subject: [PATCH] man/systemd-detect-virt: fix row spanning for VM header
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This fixes
|
||||
|
||||
commit 9b0688f491674b53ef7a52bdf561a430c53673d6
|
||||
Author: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||
Date: Tue Jan 9 10:52:49 2024 +0900
|
||||
|
||||
virt: add Google Compute Engine support
|
||||
|
||||
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
(cherry picked from commit 9ffdfc67c6aedcb66c2b18c2c61bc32e585e6d6e)
|
||||
|
||||
Related: RHEL-56144
|
||||
---
|
||||
man/systemd-detect-virt.xml | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml
|
||||
index 2239294145..6b49e3a519 100644
|
||||
--- a/man/systemd-detect-virt.xml
|
||||
+++ b/man/systemd-detect-virt.xml
|
||||
@@ -62,7 +62,7 @@
|
||||
</thead>
|
||||
<tbody>
|
||||
<row>
|
||||
- <entry valign="top" morerows="16">VM</entry>
|
||||
+ <entry valign="top" morerows="17">VM</entry>
|
||||
<entry><varname>qemu</varname></entry>
|
||||
<entry>QEMU software virtualization, without KVM</entry>
|
||||
</row>
|
@ -1,74 +0,0 @@
|
||||
From 390217689905f0e12f080ddf8bd4fdefefcd38df Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||||
Date: Fri, 2 Aug 2024 13:17:56 +0100
|
||||
Subject: [PATCH] man/systemd-detect-virt: list known CVM technologies
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Add a section which lists the known confidential virtual machine
|
||||
technologies.
|
||||
|
||||
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
(cherry picked from commit a8fb5d21fd6127a6d05757c793cc9ba47f65c893)
|
||||
|
||||
Related: RHEL-56144
|
||||
---
|
||||
man/systemd-detect-virt.xml | 44 +++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 44 insertions(+)
|
||||
|
||||
diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml
|
||||
index 6b49e3a519..a4fcdfbc9d 100644
|
||||
--- a/man/systemd-detect-virt.xml
|
||||
+++ b/man/systemd-detect-virt.xml
|
||||
@@ -217,6 +217,50 @@
|
||||
WSL is categorized as a container for practical purposes.
|
||||
Multiple WSL environments share the same kernel and services
|
||||
should generally behave like when being run in a container.</para>
|
||||
+
|
||||
+ <para>When executed with <option>--cvm</option>, instead of
|
||||
+ printing the virtualization technology, it will display the
|
||||
+ confidential virtual machine technology, if any. The
|
||||
+ following technologies are currently identified:</para>
|
||||
+
|
||||
+ <table>
|
||||
+ <title>Known confidential virtualization technologies</title>
|
||||
+ <tgroup cols='2' align='left' colsep='1' rowsep='1'>
|
||||
+ <colspec colname="id" />
|
||||
+ <colspec colname="product" />
|
||||
+ <thead>
|
||||
+ <row>
|
||||
+ <entry>Arch</entry>
|
||||
+ <entry>ID</entry>
|
||||
+ <entry>Technology</entry>
|
||||
+ </row>
|
||||
+ </thead>
|
||||
+ <tbody>
|
||||
+ <row>
|
||||
+ <entry valign="top" morerows="3">x86_64</entry>
|
||||
+ <entry><varname>sev</varname></entry>
|
||||
+ <entry>AMD Secure Encrypted Virtualization</entry>
|
||||
+ </row>
|
||||
+ <row>
|
||||
+ <entry><varname>sev-es</varname></entry>
|
||||
+ <entry>AMD Secure Encrypted Virtualization - Encrypted State</entry>
|
||||
+ </row>
|
||||
+ <row>
|
||||
+ <entry><varname>sev-snp</varname></entry>
|
||||
+ <entry>AMD Secure Encrypted Virtualization - Secure Nested Paging</entry>
|
||||
+ </row>
|
||||
+ <row>
|
||||
+ <entry><varname>tdx</varname></entry>
|
||||
+ <entry>Intel Trust Domain Extensions</entry>
|
||||
+ </row>
|
||||
+ <row>
|
||||
+ <entry>s390x</entry>
|
||||
+ <entry><varname>protvirt</varname></entry>
|
||||
+ <entry>IBM Protected Virtualization (Secure Execution)</entry>
|
||||
+ </row>
|
||||
+ </tbody>
|
||||
+ </tgroup>
|
||||
+ </table>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
@ -1,3 +0,0 @@
|
||||
# Increase the number of virtual memory areas that one process may request
|
||||
# https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount
|
||||
vm.max_map_count=1048576
|
@ -1,2 +0,0 @@
|
||||
[OOM]
|
||||
DefaultMemoryPressureDurationSec=20s
|
@ -1,3 +0,0 @@
|
||||
[Slice]
|
||||
ManagedOOMMemoryPressure=kill
|
||||
ManagedOOMMemoryPressureLimit=80%
|
@ -1,20 +0,0 @@
|
||||
# SPDX-License-Identifier: MIT-0
|
||||
#
|
||||
# This config file is installed as part of systemd.
|
||||
# It may be freely copied and edited (following the MIT No Attribution license).
|
||||
#
|
||||
# To make local modifications, one of the following methods may be used:
|
||||
# 1. add a drop-in file that extends this file by creating the
|
||||
# /etc/systemd/network/98-default-mac-none.link.d/ directory and creating a
|
||||
# new .conf file there.
|
||||
# 2. copy this file into /etc/systemd/network or one of the other paths checked
|
||||
# by systemd-udevd and edit it there.
|
||||
# This file should not be edited in place, because it'll be overwritten on upgrades.
|
||||
|
||||
[Match]
|
||||
Kind=bridge bond team
|
||||
|
||||
[Link]
|
||||
NamePolicy=keep kernel database onboard slot path
|
||||
AlternativeNamesPolicy=database onboard slot path
|
||||
MACAddressPolicy=none
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user